As the PM lead responsible for the UAG DirectAccess, I’m proud to present our solution based on the new and exciting technology introduced by Windows 7 Direct Access. If you want to learn more about this technology click here.
Microsoft Forefront Unified Access Gateway (UAG) utilizes DirectAccess technology built into Windows 7 and Windows Server 2008 R2 to create an enterprise level solution. UAG offers an all in one, end-to-end solution that lets the enterprise open its resources to managed clients in a seamless, painless manner.
In order to support all backend servers, UAG DirectAccess adds a necessary transition technology (NAT64 and DNS64 also known as NAT-PT and DNS-ALG) to also allow clients access to IPv4 only servers – in addition to IPv6 based servers (natively or via ISATAP).
Our solution adds the ability to scale and have multiple Direct Access Servers (DAS) in a cluster for providing high-availability of the service as well as scale-up. As part of ‘all in the box’ paradigm, UAG integrates Windows Network Load Balancing (NLB) support that could be seamlessly activated for the cluster.
We incorporated and augmented the DirectAccess configuration into its Unified Access Gateway management console allowing an easier deployment of the cluster. The console will help you setup, configure, activate and manage the cluster and each node in it from a central location. This console can be used to enforce policies (such as NAP and Smartcard), set IPs, etc.
As its name suggests, Unified Access Gateway provides multiple access scenarios for managed remote clients (via UAG DirectAccess) as well as unmanaged, or even ‘foreign’ remote access clients in a secure way. By utilizing various remote access technologies, UAG can publish business server applications to unmanaged clients enforcing various authentication methods.
Principal Program Manager Lead, UAG product group.
You rock ! This is definitely the most exicting news I have ever heard for the past of months. we are alredying using DA and woulld like to integrate with UAG to extend the functionalities of DA.
Does UAG support other strong auth options for DA in addition to smart cards (e.g. SecurID token...)?
DirectAccess authentication is done is the very low levels of the OS so currently it is not possible to use other types of authentication.
NAT64 and DNS64 (NAT-PT and DNS-ALG) are currently not standardized by IETF and are still in draft (cf. http://tools.ietf.org/html/draft-bagnulo-behave-nat64-03) so is there now known issues of using it (compatibility problems, scaling performances...) ?
Actually NAT-PT is not in draft, it has been made deprecated by RFC 4966. NAT64 and DNS64, however, are fresh Internet Drafts currently, waiting to become RFCs. So, will Microsoft switch to NAT64 and DNS64 after they become standard and let the obsolete NAT-PT go?