First of all, I would like to thank Matthieu Martineau ( matthieu.martineau@piservices.fr ) (Gold Partner, MCSE and MCT) with whom I had the opportunity to investigate some of the breaking scenarios I mention at the end of this post In the wide...

  This year, I will be at Tech Ready - a Microsoft internal event - giving a few sessions about Unified Access Gateway. One of them will be about Web Single Sign on , especially how UAG – using the internal engines and   customization – can...

Introduction Since IAG SP2, Kerberos Constrained Delegation (KCD) it handled at IAG level (not anymore at ISA level). Even if KCD logic remains the same, the approach to trace and troubleshoot is now different. The purpose of this document is to give...

When you connect an application through UAG, all the user activity will be logged by the system. The reason is that it is not only a “technical” gateway (that will pass back and forth the HTTP requests), but an “application layer” one (that will also...

The context/purpose of this blog It is always interesting to use real world example s to explain security, especially how “bad guys” manipulate people to steal information. This is a true story, “My” True story. This morning, I was listening to a very...

Tracing a product is always a good thing. First , it helps you to understand how it works internally and so enhance your own skills… second , it helps you to understand why such expected feature or configuration is not working fine. With IAG (previous...

    Part 1: the problem. With UAG, you can provide remote access towards many types of applications:   ·          Web applications : The “client” is in this case a simple browser, and dialog with...

Note from Fred ESNOUF : This article has been written by Hicham Bardawil ( Hicham.Bardawil@vNext.fr ) UAG expert working for Vnext. I am just hosting his article since he used some of my previous posts to finalize his configuration. Congratulations Hicham...

By Lucimara Desiderá (MS Consultant, São Paulo) & Frédéric ESNOUF (MS Pre-sales IDA, Paris) Introduction Intelligent Application Gateway is a very powerful remote access solution which provides a wide range of technologies such as VPN...

Gridsure, a UK company, has created a very nice way to provide strong authentication. Strong authentication combines what you know (login, password) and what you have (something physical). In the long list of strong authentication mechanisms we know Smartacards...

Lucky me, I have the chance to use 2 machines for my work. The big one (heavy, powerful) is a lenovo T61P laptop running windows 2008/HyperV. So far my 4 Go or RAM were sufficient to play with the different products. The biggest problem I am facing on...

Most of the time, when running a demo or POC, your environment is not connected to the internet. Maybe you have noticed that in this case, the demo is a bit slow . As an example, the first connection to UAG (after a long period or inactivity, or reboot...

As a step 1 in my lab, I had to install windows 2008 on my physical machine and also activate the HyperV role. First of all, I wanted to have a very stable machine so started Windowsupdate. After a few updates, my OS was not that good : As a matter of...

Recently, I have decided to evaluate BPOS (Business Productivity Online Services), the Hosted offer of Microsoft. Basically, I want to use Exchange to host my personnal mail (OWA and Antivirus/Antispam) and also use Sharepoint/MOSS. With BPOS, you “rent...

Last year I had a lot of pleasure to work for the Central and Eastern Europe Region. I had the opportunity to visit several countries and collaborate with partners and customers. What a great experience. This year I will be working for Middle East and...

GEMALTO authentication server is called Protiva. It is a global authentication solution which can especially provide OTP (One Time Password) authentication.   The integration is very simple since the protocol used between IAG and Protiva server is...

  IAG is able to inspect your workstation and then later, per application, verify if you are compatible with the security policy.   For example, you want to make sure that only “corporate” machine can access ApplicationA, but everybody (of course...

Before even working on VMs, we need to configure the network properly. The big challenge here is to understand the interaction between the physical machine and the HyperV environment. For my LAB, I have 1 Laptop with 2 NICs : an Ethernet one, and a Wifi...

Workstation analysis and security policy are the key features proposed by UAG to provide security at the application layer. Whereas firewall will operate at the network layer (filter by IP or TCP Port range), the application layer will look at “what”...

A few weeks ago, I had the opportunity to write a blog about a very nice experience I had – during a presentation in Copenhagen – where hacker tried to fake an identity and tried to force me via communicator to install a malware on my machine. I wrote...

For all the good moments we had together. Steve Ballmer support Microsoft emplyees bone marrow registration drive video :

  Merry Christmas !!

This December, a lot of changes happened in the Microsoft security portfolio. After more than 1 year of strong investments, Microsoft launched the “2010” versions of both “ISA” and “IAG” : * IAG Server becomes now “Forefront Unified Access Gateway...

Hi all,   This is a very frequent question from customers and partners. How can I discover and train myself on IDentity and Access (IDA)products ? Here is a link of books and online training for that. Hope this helps !   ForeFront Identity Manager...

Microsoft IAG (Intelligent Application Gateway) is a powerful “mobility” gateway capable of providing remote access to different kind of people: employees, partners, customers, … It introduces several approaches to provide this mobility: ·        ...