Forefront Unified Access Gateway

Microsoft Forefront Unified Access Gateway (UAG), formerly known as Microsoft Intelligent Application Gateway (IAG), is a virtual private networking solution that provides secure remote access to corporate networks for remote employees and business partners. It is part of Microsoft Forefront offering. It incorporates various remote access technologies such as VPN, SSL-VPN, DirectAccess and Remote Desktop Services.

History
Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. One of the challenges it tried to solve in the nineties was to develop a remote access solution based on a VPN mechanism but without direct network access from the remote client to the corporate network.

The technology developed was called the Air Gap and the communication between the external network and internal network was managed by two separate machines linked together by a memory bank accessed through a SCSI interface.

On 18 May 2006, Microsoft announced that it will be acquiring Whale Communications. Microsoft completed the acquision on 26 July 2006. Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap was dropped, and the product was unified as a single-server appliance which used Microsoft ISA Server.

In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway. The product was released on 24 December 2009. Update 1 for this product was released on 12 April 2010.

Technical overview
Microsoft IAG 2007 with Application Optimizers provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (For compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.

Included are customized granular access policy and security capabilities for Microsoft Exchange Server, Microsoft SharePoint Portal Server, Microsoft Terminal Services, Telnet, FTP, SAP, Lotus Domino, Citrix Presentation Server and IBM WebSphere. The product is highly customizable, and almost any application can be published on the IAG Server portal.

Out of the box IAG Server is able to work with many authentication vendors such as RSA Security, Vasco, Swivel, ActivCard Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include Single Sign On (SSO), as well as look-and-feel dynamic customization. With the current release of IAG with SP2, the product also offers support for many 3rd party systems such as Linux and Macintosh. The product also fully supports Mozilla Firefox.

IAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (When using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform endpoint compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.

The product is sold mostly in appliance form, from vendors such as IVO Appliance, SecureGuard (Formerly Pyramid), Winfrasoft, Celestix, Portcullis Systems (Formerly NEI), and nAppliance. It's also available to the public directly from Microsoft in the form of a virtual appliance running on Microsoft's Hyper-V server.