Demystifying Forefront Edge Security Technologies – TMG and UAGRichard HicksDirector – Sales EngineeringCelestix Networks, Inc.

SIA208

Agenda

Forefront Protection TechnologiesWhat is TMG?What is UAG?Typical Deployment ScenariosTMG featuresUAG featuresTMG or UAG?

What You Will Learn

High-Level Understanding of Forefront Protection TechnologiesUnderstand Features and Capabilities of Forefront TMG 2010Understand Features and Capabilities of Forefront UAG 2010Describe the Similarities and Differences Between Forefront TMG and UAGIdentify Which Solution Best Meets Deployment Requirements

Forefront Protection Technologies

Server ProtectionExchangeSharePointOCS/Lync

Identity and AccessIdentity Manager

Edge SecurityThreat Management Gateway (TMG)Unified Access Gateway (UAG)

What is Forefront TMG?

Forefront Threat Management Gateway (TMG) 2010Integrated edge security gateway

Enterprise-class firewall (Common Criteria EAL4+)Proxy (forward and reverse)Web content cacheVPN (remote access, site-to-site)

Successor to ISA Server 2006Standard and Enterprise editions

What is Forefront UAG?

Forefront Unified Access Gateway (UAG) 2010Premium remote access gateway

SSL VPN web portalReverse proxyClient access VPNDirectAccess gateway

Successor to IAG 2007

Common Deployment Scenarios

Forefront TMGSecure web gatewayProtect internal clientsBasic remote access

Forefront UAGRemote access gatewaySecure application publishingAdvanced remote access

DirectAccess

Forefront TMG and UAG

Forefront TMGKeeps the bad guys out

Forefront UAGLets the good guys in

Forefront TMG – Firewall

Stateful Packet InspectionDeep Application Layer InspectionActive Directory Integrated

Transparent authentication using NTLM and KerberosIntrusion Detection and Prevention

BehavioralVulnerability

Forefront TMG – Secure Web Gateway

Advanced Web ProtectionURL filtering

Reputation-based access controlReduced risk, increased productivity

Web anti-virus/malwarePrevent file-based attacks

Network Inspection System (NIS)Prevent protocol attacks

HTTPS inspectionEliminates the SSL blind spot

demo

Richard HicksDirector – Sales EngineeringCelestix Networks, Inc.

Forefront TMG Advanced Web Protection

Forefront UAG – SSL VPN

Premium Remote Access SolutionSSL VPN

Web application portalSupport for publishing non-web applicationsLegacy remote access VPN

Fine-grained access controlDevice type

Endpoint health detectionUAG policies and NAP integration

Session cleanupPrevent residual data loss

demo

Richard HicksDirector – Sales EngineeringCelestix Networks, Inc.

Forefront UAG Web Application Portal

Forefront UAG – DirectAccess Gateway

Simplified DirectAccess DeploymentReduced infrastructure requirements

No intranet IPv6No Windows Server 2008/R2 (other than the DA GW)

Includes IPv6 transition technologiesDNS64NAT64

Improved scalabilityLoad-balanced arrays

TMG or UAG?

TMGOutbound accessSite-to-site VPNLegacy client VPN

UAGWeb application portalGranular access controlDirectAccess gateway

TMG or UAG?

Licensing ConsiderationsTMG – per processor

Web protection service subscription CAL

UAG – per serverRequires client access licenses (CAL)

Users or devices (not concurrent)

External connectorRequired for anonymous access

Enterprise CAL (E-CAL) includes…TMG web protection service subscriptionUAG client access license (CAL)

TMG or UAG?

Publishing Exchange or SharePointTMG – Provides basic remote accessUAG – Portal with granular access control

Performance ConsiderationsTMG – High performanceUAG – Additional hardware requirements

SIA, WSV, and VIR Track Resources

DOWNLOAD Windows Server 2012 Release Candidate

microsoft.com/windowsserver

#TESIA208 DOWNLOAD Microsoft System Center 2012 Evaluation

microsoft.com/systemcenterHands-On Labs

Talk to our Experts at the TLC

Resources

Connect. Share. Discuss.

http://europe.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn

Evaluations

http://europe.msteched.com/sessions

Submit your evals online

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.