Demystifying Forefront EdgeSecurity Technologies –TMG and UAG
Richard Hicks
Director – Sales Engineering
Celestix Networks, Inc.
SIA208
Agenda
Forefront Protection Technologies What is TMG? What is UAG? Typical Deployment Scenarios TMG features UAG features TMG or UAG?
What You Will Learn
High-Level Understanding of Forefront Protection Technologies Understand Features and Capabilities of Forefront TMG 2010 Understand Features and Capabilities of Forefront UAG 2010 Describe the Similarities and Differences Between Forefront TMG and UAG Identify Which Solution Best Meets Deployment Requirements
Forefront Protection Technologies
Server Protection Exchange SharePoint OCS/Lync Identity and Access Identity Manager Edge Security Threat Management Gateway (TMG) Unified Access Gateway (UAG)
What is Forefront TMG?
Forefront Threat Management Gateway (TMG) 2010 Integrated edge security gateway Enterprise-class firewall (Common Criteria EAL4+) Proxy (forward and reverse) Web content cache VPN (remote access, site-to-site) Successor to ISA Server 2006 Standard and Enterprise editions
What is Forefront UAG?
Forefront Unified Access Gateway (UAG) 2010 Premium remote access gateway SSL VPN web portal Reverse proxy Client access VPN DirectAccess gateway Successor to IAG 2007
Common Deployment Scenarios
Forefront TMG Secure web gateway Protect internal clients Basic remote access Forefront UAG Remote access gateway Secure application publishing Advanced remote access DirectAccess
Forefront TMG and UAG
Forefront TMG Keeps the bad guys out Forefront UAG Lets the good guys in
Forefront TMG – Firewall
Stateful Packet Inspection Deep Application Layer Inspection Active Directory Integrated Transparent authentication using NTLM and Kerberos Intrusion Detection and Prevention Behavioral Vulnerability
Forefront TMG – Secure Web Gateway
Advanced Web Protection URL filtering Reputation-based access control Reduced risk, increased productivity Web anti-virus/malware Prevent file-based attacks Network Inspection System (NIS) Prevent protocol attacks HTTPS inspection Eliminates the SSL blind spot
demo
Richard Hicks
Director – Sales Engineering
Celestix Networks, Inc.
Forefront TMG AdvancedWeb Protection
Forefront UAG – SSL VPN
Premium Remote Access Solution SSL VPN Web application portal Support for publishing non-web applications Legacy remote access VPN Fine-grained access control Device type Endpoint health detection UAG policies and NAP integration Session cleanup Prevent residual data loss
demo
Richard Hicks
Director – Sales Engineering
Celestix Networks, Inc.
Forefront UAG WebApplication Portal
Forefront UAG – DirectAccess Gateway
Simplified DirectAccess Deployment Reduced infrastructure requirements No intranet IPv6 No Windows Server 2008/R2 (other than the DA GW) Includes IPv6 transition technologies DNS64 NAT64 Improved scalability Load-balanced arrays
TMG or UAG?
TMG Outbound access Site-to-site VPN Legacy client VPN UAG Web application portal Granular access control DirectAccess gateway
TMG or UAG?
Licensing Considerations TMG – per processor Web protection service subscription CAL UAG – per server Requires client access licenses (CAL) Users or devices (not concurrent) External connector Required for anonymous access Enterprise CAL (E-CAL) includes… TMG web protection service subscription UAG client access license (CAL)
TMG or UAG?
Publishing Exchange or SharePoint TMG – Provides basic remote access UAG – Portal with granular access control Performance Considerations TMG – High performance UAG – Additional hardware requirements
SIA, WSV, and VIR Track Resources
DOWNLOADWindows Server2012 ReleaseCandidate
microsoft.com/windowsserver
C:\Users\chrisw\Desktop\Kinect Hand.png
Talk to our Experts at the TLC
Resources
Connect. Share. Discuss.
ms_Learning_w.eps
Learning
Microsoft logo and tagline
Microsoft Certification & Training Resources
ms_Learning_w.eps
TechNet
Microsoft logo and tagline
Resources for IT Professionals
Resources for Developers
C:\Users\Jordan\Desktop\TechEd_2012\TechEd-logo.png
Evaluations
Submit your evals online
Microsoft logo and tagline
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.