This December, a lot of changes happened in the Microsoft security portfolio. After more than 1 year of strong investments, Microsoft launched the “2010” versions of both “ISA” and “IAG” :   * IAG Server becomes now “Forefront Unified Access Gateway” (UAG) with strong investment on mobility and application publishing. * ISA Server becomes now…


Strong authentication using your Brain : IAG and Gridsure.

Gridsure, a UK company, has created a very nice way to provide strong authentication. Strong authentication combines what you know (login, password) and what you have (something physical). In the long list of strong authentication mechanisms we know Smartacards, tokens, and more recently we have seen products capable of using the “mobile phone” as a…


BPOS and DNS Configuration : warning if your domain is at Gandi

Recently, I have decided to evaluate BPOS (Business Productivity Online Services), the Hosted offer of Microsoft. Basically, I want to use Exchange to host my personnal mail (OWA and Antivirus/Antispam) and also use Sharepoint/MOSS. With BPOS, you “rent” this strong service online, via Microsoft infrastructure. Once your subsciption is ok, you need to add a…


IAG KCD breaking due to missing “keep-alive” header. Why ?

A few days ago, I was working with Fadhel Ben Brahem, one of our IAG experts working for Dictao, a Microsoft Partner. IAG was implemented in a very complex LAN/Switches/LoadBalancer environnent. The goal, the failure The goal of our Proof Of Concept was to implement IAG and demonstrate SSO capabilities, especially Kerberos Constrained Delegation (KCD)….


Hello Middle East and Africa, bye bye CEE

Last year I had a lot of pleasure to work for the Central and Eastern Europe Region. I had the opportunity to visit several countries and collaborate with partners and customers. What a great experience. This year I will be working for Middle East and Africa (MEA). What a great news ! If you are…


H1N1 and mobility : how to quickly implement a remote access solution

In my day to day activity, I frequently have to discuss with customers and partners about technology around mobility and security. In the last 4 weeks I had a lot of requests from customers in the context of H1N1 disease, this is why I created this post. The main concern about this disease (I would…


Introduction to application reverse engineering : The CWA (Communicator Web Access) R2 case.

By Lucimara Desiderá (MS Consultant, São Paulo) & Frédéric ESNOUF (MS Pre-sales IDA, Paris)   Introduction   Intelligent Application Gateway is a very powerful remote access solution which provides a wide range of technologies such as VPN, VPN/SSL, Port forwarding and Reverse Proxy for application publishing. It also provides endpoint access controls including mechanisms for…


Publishing web applications though IAG : what if it fails ?

Microsoft IAG (Intelligent Application Gateway) is a powerful “mobility” gateway capable of providing remote access to different kind of people: employees, partners, customers, … It introduces several approaches to provide this mobility: ·        “Reverse proxy”: this is the most common scenario, for Web applications. This is the strongest approach since IAG can do a lot…