I’m really pleased to announce that my friend Ben Ben Ari from IAG Team is going to be the moderator of the new IAG/UAG Public Forum available at Microsoft Technet http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag Make sure to post your questions about IAG/UAG there and our IAG Team...

1. Introduction IAG 2007 SP2 hits the ground running with many customers applying it and realizing that not only this service pack introduces lots of changes but it also has some UI changes. It’s all about having a better experience for the end user / administrator. In this post I’m going to talk...

One last Christmas present for IAG administrators!! It was launched this month the IAG TechNet Library which will be the main source of documentation for IAG. This means that old PDFs for IAG will be retired of updates, those PDFs are still valid for reading and understanding the core concept of IAG...

This week at TechEd EMEA in Barcelona there will be lots of news about TMG and IAG/UAG. But one of that upcoming news was already announced yesterday, which is the new IAG SP2. For more information about that access the IAG Team blog at web site: http://blogs.technet.com/edgeaccessblog/archive/2008...

Who went to TechEd Brazil last week will be able to access the content through the website www.teched.com.br . All the sessions will be available for download, but it will take a couple of weeks to do that happen. My friend Danilo Bordini from Microsoft Brazil already published on his Blog the slides...

I will be delivering two sessions at TechEd Brazil this year, one about TMG and another one about IAG 2007. Steve Riley also is going to deliver four sessions and Steve Ballmer will present the keynote. It is going to be an amazing event and if you did not register yet it is better do it quickly at http...

After writing the post SQL Injection, the threat beyond the perimeter I received some emails with this question. If you company also has the same dilemma you need to leverage this to upper management and show the real risk that they are running in to. Neil Carpenter from CSS Security (IR) Team wrote...

1. Introduction The IAG 2007 allows you to granular control for the URLs that are used for the applications that are published through the portal. Such flexibility and robustness can also cause problems if the administrator doesn’t know exactly how to make the appropriate restrictions. First thing...

Without a doubt IAG is keeping us busy on the content creation side. This week the second wave of IAG KB articles were released and TODAY we are announcing the new IAG Team Blog site. We now have an official communication channel with the community! The URL for the IAG Team Blog Site is: http:...

1. Introduction One common problem that is happening these days when customers start to deploy IAG Portal is due one simple fact called “certificate”. There are many mistakes that can happen while implementing a new certificate to assign to an IAG Portal. This post will explain the symptom, how...

I'm really glad that after two weeks of long work writing, reviewing, testing and diving into this project the result pays off. The list of IAG KBs is growing at support.microsoft.com as a result of this huge team effort that we have here at Microsoft. It was an amazing work done from all team members...

The endpoint drive mapping feature on IAG is a functionality that a lots of administrators wants to use when configuring the IAG Portal due the transparency to the end user. However this functionality still not supported for Windows Vista users, even with IAG 2007 SP1. For more information on this read...

When the client workstation connects to IAG Portal and the endpoint detection is done, the IAG needs to do some inbound queries to validate client components. The Whale components that are used during the incoming test on IE are called “Whale Add ons”. They are: WhlClnt3.exe, WhlClnt3.WhlCach3.exe, WhlDetect...

1. Introduction Last article about authentication repository I explained how to create a LDAPS repository and how to troubleshoot LDAPS authentication repository. This post is pretty much a complement to that because here we will move the troubleshooting further and enables the lower level trace...

Last week Michael Riva wrote and article to ISASERVER.ORG about IAG 2007 that explains in details and in a didactic manner hwo to customize the IAG Portal. The article was edited by Tom Shinder and it is now available in the link below: http://www.isaserver.org/tutorials/Customizing-IAG-2007-Portal...

1. Introduction The IAG Server 2007 is known for the flexibility to allow access from anywhere to the internal resource in a secure manner. However, if you are really thinking about security there is a key pillar called “Authentication”. The good part about the IAG is that it allows all this flexibility...

1. Introduction The first part of this article explained how to configure the IAG Server to allow full network access using the Network Connector. Now it comes the time to connect the external computers to the network. This second part will focus on what needs to be done on the client side to allow...

Last Tuesday Microsoft announced the new generation of IAG, now called UAG (Unified Access Gateway). For more information check the Forefront Team Blog site: http://blogs.technet.com/forefront/archive/2008/04/29/microsoft-announces-its-next-generation-secure-remote-access-solution-the-forefront-unified...

1. Introduction Without a doubt one of the most powerful features that IAG 2007 has is the capability to allow full VPN access using a pure SSL connection. This feature is not available on ISA Server and the only other product that Microsoft has to enable this technology is the SSL VPN that comes...

There are many people that still having doubts about IAG and why IAG 2007 has the ISA Server 2006 on the same box. To understand that let’s see the diagram below: Figure 1 – Software layer that involved on the way that IAG 2007 Server handles the traffic. This figure shows the main components...

1. Understanding the Traffic One of the main things that you need to be aware prior to start monitoring your session is how the traffic works. On the part 1 of this walk through I showed you (on figure 1) a brief explanation of the traffic. The following netmon traffic was taken from the internal...

1. Endpoint Policy The Endpoint Policy concept is pretty straight forward: are you compliant with company’s security policy or not? If yes, then access the resource, if not then your access will be denied. There is no “maybe I’m compliant”, the endpoint policy is a mechanism that will assure that...

1. Growing the Application Portal The Application Portal that we configured on the last three sessions will grow now. This fictitious company wants to publish their Terminal Server to the authorized users be able to access from anywhere. This article will be split in two parts, where each...

1. Reviewing the Configuration Last session was finished showing that the default policy blocks upload for computers that are not compliant with guidelines that were defined in the policy. You might be wondering how to see this policy and how to change it, so let’s access this option. Follow the...

1. Reviewing the Configuration Last session was finished showing some of the advantages of using IAG to publish OWA 2007. The last feature that was covered was the automatic logoff for idle session. The options that manage the session timeout can be accessed by clicking in the Advanced Trunk Configuration...