ISA ? TMG ? IAG ? TMG ?

This December, a lot of changes happened in the Microsoft security portfolio. After more than 1 year of strong investments, Microsoft launched the “2010” versions of both “ISA” and “IAG” :

* IAG Server becomes now “Forefront Unified Access Gateway” (UAG) with strong investment on mobility and application publishing.

* ISA Server becomes now “Forefront Threat Management Gateway” (TMG) with strong investment on network and proxy security.

One of the most common questions I get from everybody (MS employees, partners, customers) is which product to choose, especially when mobility is one of the key scenario (ISA use to be the mobility gateway for Microsoft).

I think that the first approach to use to answer this question is to understand where (on which product) Microsoft has invested depending on the scenario you want to address.

TIP : The best way to present this positioning between TMG (Ex ISA) and UAG (Ex IAG) is this say : “TMG is to keep the bad guys OUT, and UAG is to bring the good guys IN”.

· Bad guys (hackers, cybercriminals) are the threat coming from the internet (Through network and proxy).

· Good guys (employees, partners and customers) who need to access applications and data, in order to accelerate the business.

The “ForeFront” product team (yes, TMG and UAG are done by the same team) created a nice blog POST in order to describe the positioning of the two products. This is just a 3 mn read! You can find this post here: https://blogs.technet.com/forefront/archive/2009/12/03/new-forefront-enterprise-security-solutions-for-safe-productive-web-surfing-and-remote-access.aspx.

A short extract of this blog POST : These solutions address two key endpoint security challenges. TMG, … helps companies provide safe employee web browsing. UAG, … enables organizations to give employees (and trusted partners and vendors) secure remote access to corporate resources ”.

In your day to day activity, you may have some situations where the customer wants to implement a mobility scenario (for example web publishing) where TMG could be the answer. If TMG is covering the customer’s need, then “go ahead” this is the product they need ! and this is supported.

My best advice is then to show the customer – then he will make his own choice – the long list of extra features that he will get with UAG on this particular scenario compared with TMG (no specific investment between ISA/TMG on this scenario).

Short answer: workstation analysis, security policy, managed/non managed machines, Portal, Single Sign on, Strong Authentication (1), etc. The key message with UAG is that these products support all mobility technologies, and cover all kind of mobility scenario.

Do you want do investigate more the two products? check these links :

https://www.microsoft.com/UAG

https://www.microsoft.com/TMG

Welcome UAG and TMG !!