demystifying forefront edge security technologies – tmg and uag richard hicks director – sales...
TRANSCRIPT
Demystifying Forefront Edge Security Technologies – TMG and UAGRichard HicksDirector – Sales EngineeringCelestix Networks, Inc.
SIA208
Agenda
Forefront Protection TechnologiesWhat is TMG?What is UAG?Typical Deployment ScenariosTMG featuresUAG featuresTMG or UAG?
What You Will Learn
High-Level Understanding of Forefront Protection TechnologiesUnderstand Features and Capabilities of Forefront TMG 2010Understand Features and Capabilities of Forefront UAG 2010Describe the Similarities and Differences Between Forefront TMG and UAGIdentify Which Solution Best Meets Deployment Requirements
Forefront Protection Technologies
Server ProtectionExchangeSharePointOCS/Lync
Identity and AccessIdentity Manager
Edge SecurityThreat Management Gateway (TMG)Unified Access Gateway (UAG)
What is Forefront TMG?
Forefront Threat Management Gateway (TMG) 2010Integrated edge security gateway
Enterprise-class firewall (Common Criteria EAL4+)Proxy (forward and reverse)Web content cacheVPN (remote access, site-to-site)
Successor to ISA Server 2006Standard and Enterprise editions
What is Forefront UAG?
Forefront Unified Access Gateway (UAG) 2010Premium remote access gateway
SSL VPN web portalReverse proxyClient access VPNDirectAccess gateway
Successor to IAG 2007
Common Deployment Scenarios
Forefront TMGSecure web gatewayProtect internal clientsBasic remote access
Forefront UAGRemote access gatewaySecure application publishingAdvanced remote access
DirectAccess
Forefront TMG and UAG
Forefront TMGKeeps the bad guys out
Forefront UAGLets the good guys in
Forefront TMG – Firewall
Stateful Packet InspectionDeep Application Layer InspectionActive Directory Integrated
Transparent authentication using NTLM and KerberosIntrusion Detection and Prevention
BehavioralVulnerability
Forefront TMG – Secure Web Gateway
Advanced Web ProtectionURL filtering
Reputation-based access controlReduced risk, increased productivity
Web anti-virus/malwarePrevent file-based attacks
Network Inspection System (NIS)Prevent protocol attacks
HTTPS inspectionEliminates the SSL blind spot
demo
Richard HicksDirector – Sales EngineeringCelestix Networks, Inc.
Forefront TMG Advanced Web Protection
Forefront UAG – SSL VPN
Premium Remote Access SolutionSSL VPN
Web application portalSupport for publishing non-web applicationsLegacy remote access VPN
Fine-grained access controlDevice type
Endpoint health detectionUAG policies and NAP integration
Session cleanupPrevent residual data loss
demo
Richard HicksDirector – Sales EngineeringCelestix Networks, Inc.
Forefront UAG Web Application Portal
Forefront UAG – DirectAccess Gateway
Simplified DirectAccess DeploymentReduced infrastructure requirements
No intranet IPv6No Windows Server 2008/R2 (other than the DA GW)
Includes IPv6 transition technologiesDNS64NAT64
Improved scalabilityLoad-balanced arrays
TMG or UAG?
TMGOutbound accessSite-to-site VPNLegacy client VPN
UAGWeb application portalGranular access controlDirectAccess gateway
TMG or UAG?
Licensing ConsiderationsTMG – per processor
Web protection service subscription CAL
UAG – per serverRequires client access licenses (CAL)
Users or devices (not concurrent)
External connectorRequired for anonymous access
Enterprise CAL (E-CAL) includes…TMG web protection service subscriptionUAG client access license (CAL)
TMG or UAG?
Publishing Exchange or SharePointTMG – Provides basic remote accessUAG – Portal with granular access control
Performance ConsiderationsTMG – High performanceUAG – Additional hardware requirements
SIA, WSV, and VIR Track Resources
DOWNLOAD Windows Server 2012 Release Candidate
microsoft.com/windowsserver
#TESIA208 DOWNLOAD Microsoft System Center 2012 Evaluation
microsoft.com/systemcenterHands-On Labs
Talk to our Experts at the TLC
Resources
Connect. Share. Discuss.
http://europe.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Evaluations
http://europe.msteched.com/sessions
Submit your evals online
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.