Remote Access Technologies of the World – Unite!

When the design of UAG began a few years ago we noticed that our customers had multiple boxes on their network edge providing remote access. They had IP VPNs, SSL VPNs, E-Mail relays, mobile gateways, terminal services gateways - but there was no remote access solution. This is exactly what we set out to solve with the Unified Access Gateway: provide one, unified solution to all the remote access needs of the organization, regardless of the technology.

For years, vendors created and sold remote access technologies, claiming that they were the remote access panacea, the single remote access technology that would solve all of the organization’s remote access needs. Today it is clear that there is no magic solution. Modern organizations need a variety of technologies for a variety of audiences, applications and user scenarios. The technology that fits the needs of the CEO reading her e-mail on her laptop will not be useful to a sub-contractor who works with the organization but also with its competitors, a sales person working from his home PC or even the same CEO when reading her mail from an Internet kiosk or mobile device. The technology that is ideal for SharePoint access is the wrong tool when using CAD or call center applications.

In UAG Beta we introduce four types of remote access technologies:

  1. Web Application Publishing / SSL-VPN – Application aware publishing of HTTP/HTTPS applications.
  2. Layer 3 VPN / Tunneling – Various networking protocols and tunnels to provide full networking connectivity. On top of the IAG technologies we added SSTP, L2TP and PP2P.
  3. Terminal Services – Incorporating Terminal Services / Remote Desktop Gateway into UAG to provide application level publishing of remote applications.
  4. DirectAccess – Integrating Windows DirectAccess technology for always-on connectivity.

UAG brings these technologies together while adhering to two major principles:

Show Me the Money

Saying “in today’s tough economy” is a cliché, but when we talk to any of our customers we hear that they are under enormous pressure to cut budgets and to show how their infrastructure is more efficient. We must enable our customers to dramatically cut their costs, and in UAG we are doing this by:

Unified Management

Every system that is introduced to the organization has its cost even before the first user logs on. Looking at our customers’ TCO we see that they spend lots of money on educating their IT staff, integratingeach system into the NOC, creating backup and restore procedures, etc. UAG reduces most of this spending by providing unified management for all the remote access technologies. This includes:

  • Single management console
  • Consolidated setup that installs and configures all the components
  • Unified SCOM Management Pack
  • Out of the box cluster and load balancing integration
Hardware consolidation

We see remote access vendors marketing an appliance for remote access technology X, an appliance for technology Y, another appliance for load balancing and another appliance for managing the rest of the appliances. UAG not only have all remote access technologies on the same box but also allows to choose how to deploy it:

  • Hardware appliance – UAG is offered as HW appliance by our OEM partners. Some use standard hardware, others offer specialized hardware.
  • Virtualization – Plugging UAG into the organization virtualization infrastructure.
  • Software installation – Gives IT full control of the deployment.


Good, Better, Best

Unifying remote access technologies doesn’t mean giving the same experience to everyone but rather providing multiple experiences, each with its own tradeoffs between user experience, possible risk to corporate resources and availability. Here are some examples:

Full network connectivity:

  • Good: SSL based layer 3 network tunneling – the good old SSL tunneling technology originating from IAG that works on almost any version of Windows.
  • Better: Secure Socket Tunneling Protocol (SSTP) – SSL Tunneling technology that is part of Windows Vista and above.
  • Best: Windows 7 DirectAccess provides a seamless, always connected experience exclusively for domain joined managed Windows 7 clients.

SharePoint publishing:

  • Good: SharePoint browsing from mobile devices – always available but limited by the mobile devices’ screen size and input.
  • Better: Publish SharePoint on the remote access portal.
  • Best: User accessing SharePoint via DirectAccess.


Meir Mendelovich

Senior Program Manager, UAG Product Group

Comments (6)

  1. MeirM [MSFT] says:

    Hi Lain ,

    We will do another blog post on UAG and TMG in the upcoming weeks

    UAG uses TMG for its own protection. When installing UAG, TMG is automatically installed and configured to protect the machine. UAG provides a wide range remote publishing capabilities that are not available through ISA.

    Meir :->

  2. MeirM [MSFT] says:

    Yes Gary, UAG will be available as a software-only installation like any other Microsoft product. You can see it yourself with our publicly available Beta.

    There is a small "no": UAG will run on top of Windows Server 2008 R2, not 2008.


         Meir :->

  3. Hi Mier,

    I’m just curious as to how this integrates with TMG. Do you have any information (or even a diagram illustrating how particular solutions might look) on any potential overlap, or product dependancies?

    As you can tell, I’m a little uninformed about the IAG/UAG line, though I’m quite familiar with ISA Server (or TMG, if you will).



  4. Thanks, Mier. Looking forward to that particular blog, then.



  5. Lionel says:

    Hi Mier,

    UAG/TMG and Direct Access sounds thoroughly fascinating and it would make major strides in connecting up remote workers and securing our Head Office. Integration with Windows 7 and its ability to cascade to other forms of secure connection will also save considerable costs in licensing other VPN and security solutions.

    I look forward to hearing more about your tour and wish you the very best.

    Lionel Wilson

    Woodland Trust

  6. Gary G says:

    Please clarify on deploying as "software", this is a major departure from IAG. Will customers be able to install UAG as a software only solution on their corporate Win2K8 image?

Skip to main content