When the design of UAG began a few years ago we noticed that our customers had multiple boxes on their network edge providing remote access. They had IP VPNs, SSL VPNs, E-Mail relays, mobile gateways, terminal services gateways - but there was no remote access solution. This is exactly what we set out to solve with the Unified Access Gateway: provide one, unified solution to all the remote access needs of the organization, regardless of the technology.
For years, vendors created and sold remote access technologies, claiming that they were the remote access panacea, the single remote access technology that would solve all of the organization’s remote access needs. Today it is clear that there is no magic solution. Modern organizations need a variety of technologies for a variety of audiences, applications and user scenarios. The technology that fits the needs of the CEO reading her e-mail on her laptop will not be useful to a sub-contractor who works with the organization but also with its competitors, a sales person working from his home PC or even the same CEO when reading her mail from an Internet kiosk or mobile device. The technology that is ideal for SharePoint access is the wrong tool when using CAD or call center applications.
In UAG Beta we introduce four types of remote access technologies:
- Web Application Publishing / SSL-VPN – Application aware publishing of HTTP/HTTPS applications.
- Layer 3 VPN / Tunneling – Various networking protocols and tunnels to provide full networking connectivity. On top of the IAG technologies we added SSTP, L2TP and PP2P.
- Terminal Services – Incorporating Terminal Services / Remote Desktop Gateway into UAG to provide application level publishing of remote applications.
- DirectAccess – Integrating Windows DirectAccess technology for always-on connectivity.
UAG brings these technologies together while adhering to two major principles:
Show Me the Money
Saying “in today’s tough economy” is a cliché, but when we talk to any of our customers we hear that they are under enormous pressure to cut budgets and to show how their infrastructure is more efficient. We must enable our customers to dramatically cut their costs, and in UAG we are doing this by:
Every system that is introduced to the organization has its cost even before the first user logs on. Looking at our customers’ TCO we see that they spend lots of money on educating their IT staff, integratingeach system into the NOC, creating backup and restore procedures, etc. UAG reduces most of this spending by providing unified management for all the remote access technologies. This includes:
- Single management console
- Consolidated setup that installs and configures all the components
- Unified SCOM Management Pack
- Out of the box cluster and load balancing integration
We see remote access vendors marketing an appliance for remote access technology X, an appliance for technology Y, another appliance for load balancing and another appliance for managing the rest of the appliances. UAG not only have all remote access technologies on the same box but also allows to choose how to deploy it:
- Hardware appliance – UAG is offered as HW appliance by our OEM partners. Some use standard hardware, others offer specialized hardware.
- Virtualization – Plugging UAG into the organization virtualization infrastructure.
- Software installation – Gives IT full control of the deployment.
Good, Better, Best
Unifying remote access technologies doesn’t mean giving the same experience to everyone but rather providing multiple experiences, each with its own tradeoffs between user experience, possible risk to corporate resources and availability. Here are some examples:
Full network connectivity:
- Good: SSL based layer 3 network tunneling – the good old SSL tunneling technology originating from IAG that works on almost any version of Windows.
- Better: Secure Socket Tunneling Protocol (SSTP) – SSL Tunneling technology that is part of Windows Vista and above.
- Best: Windows 7 DirectAccess provides a seamless, always connected experience exclusively for domain joined managed Windows 7 clients.
- Good: SharePoint browsing from mobile devices – always available but limited by the mobile devices’ screen size and input.
- Better: Publish SharePoint on the remote access portal.
- Best: User accessing SharePoint via DirectAccess.
Senior Program Manager, UAG Product Group