Direct Access and UAG Better Together - Forefront Experts - Site Home - TechNet Blogs

Direct Access and UAG Better Together

Direct Access and UAG Better Together

  • Comments 5
  • Likes

Direct Access (DA) is a game-changing technology for remote access in your company; removing the need for a VPN all together.  Within Microsoft, we've seen great productivity benefits to end users.  We surveyed users from our DA pilot and over 87% saw instant productivity gains, overall resulting in net benefit of ~1 hour each day for users.  Furthermore, Microsoft operations is saving costs by things such as not having to convert internet connected sites to dedicated lines.  For more information on the business value of DA and Microsoft's implementation, watch the Direct Access MSIT video.

Ok, you know you want to implement the DA functionality which comes with Windows Server 2008 R2 and Windows 7 - but now why would you want to have Unified Access Gateway (UAG) along with it?

As discussed in the video below, here are some of the key reasons you would want to run UAG with DA:

  • Access to IPv4 resources - If you have any machines inside your corporate environment which are not capable of running IPv6 or you do not want to put forth the effort to add the IPv6 stack, UAG will enable this scenario to work.  This will make the transition to have full access to all of the internal resources quicker and easier.
  • Scalability - DA by itself has scaling limitations.  UAG works with NLB in Windows, allowing multiple UAG servers working with DA to scale your implementation of DA.  Specific numbers for scalability have not been released, but are in the works.
  • Central management - there is one console to control an entire array of UAG servers.  Furthermore, there is a SCOM management pack for UAG to help keep central management of the product.

To hear more about the business value for UAG with DA and to learn the technical information behind how DA and UAG work, watch this video:
Get Microsoft Silverlight

You can also see the breakdown of what is played when by going to the original post on TechNet Edge.

  • This is great but what about DA and ISA Server/Forefront TMG? What are the implications? Do we still need to have an ISA is place if we have Win 2k8 R2 DCs and Win 7 clients? Right now, I'm publishing OWA, OA, MOSS 2007, OCS 2007 to my remote users via ISA. What would happen if I upgrade my DCs to Win 2k8 R2 and deploy Win 7 to my end users?

  • If everyone in your entire corporation is using direct access and you don't want to enable connectivity when those people are not using their DA-enabled machines, then you could eliminate the need to publish specific services via ISA/TMG since they have access through DA/UAG.  Another explanation of the relationship between TMG and UAG can be found in this interview, which should help:

  • Currently reading

  • Good video.  And it is also good to see products such as Centrify's DirectSecure product out there that can extend DirectAccess to securely communicate with UNIX and Linux systems via end-to-end (versus just end-to-edge) IPsec authentication and encryption of network traffic.  So a nice ecosystem is evolving for DirectAccess.

  • I just saw that Portcullis announced the release of their appliance based UAG.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment