This topic is intended to help customers currently using Intelligent Application Gateway (IAG) 2007.

The following table provides a comparison of the features that are supported in Forefront Unified Access Gateway (UAG) but not supported in Intelligent Application Gateway (IAG) 2007 SP2, and those features that are supported in IAG 2007 with SP2 but not supported in Forefront UAG.

Feature Supported in Forefront UAG Supported in IAG with SP2 Details

Software installation

Yes

No

Forefront UAG is installed as a software application on Windows Server 2008 R2

Virtual machine or hardware appliance

Yes

Yes

IAG 2007 with Service Pack 2 is available as a virtual machine and as a hardware appliance. Forefront UAG is available as a hardware appliance.

ActivePerl installation

No

Yes

ActivePerl installation is not required during Forefront UAG setup.

Inbuilt firewall

Yes

Yes

Forefront UAG installs Forefront TMG for firewall protection. IAG 2007 installs ISA Server 2006.

Client endpoint components

Yes

Yes

There are a number of differences in endpoint requirements between Forefront UAG and IAG 2007; for Forefront UAG endpoint requirements, see System requirements for Forefront UAG client devices.

Multiple server array deployment

Yes

No

Multiple Forefront UAG servers can be deployed in a load-balanced array. For more information, see the Array planning guide.

Remote network access with Network Connector

Yes

Yes

Forefront UAG provides Network Connector support for 64-bit clients.

Remote network access with SSTP

Yes

No

In addition to the legacy Network Connector application, Forefront UAG provides support for endpoints connecting to the internal network over SSTP.

Publishing non-Web applications

Yes

Yes

Forefront UAG does not provide application templates for the following applications:

  • FTP (Passive Mode).

  • iSeries Access for Windows (V5R3)

  • Telnet Microsoft

  • Microsoft Windows 2000 Terminal Services Client

  • Domino Offline Services; Domino Offline Services 7.0 (Single/Multi Servers)

  • Outlook (Internet Mail Only Mode)

  • Outlook Express 5.x/6.x

  • Windows Mail

  • Native Notes Client (Multi Servers);Native Notes Client (Single Server)

  • Logon Server

  • Sametime Native (Chat Only); Sametime Native Relay (Chat Only)

  • Generic Mac OS X Carbon App (hosts required/optional/disabled)

Publishing browser-enabled applications

Yes

Yes

Forefront UAG does not provide application templates for the following applications:

  • Generic Browser-Embedded App

  • Domino iNotes (single/multiple)

  • Citrix NFuse FR3 (Direct)

  • Citrix Presentation Server (Web Interface 3.0/4.0/4.5)

  • Citrix Secure Access Manager (Direct / Via Secure Gateway)

  • Sametime Native/Plugin

  • IBM Host-On-Demand 8.0

  • Terminal Services Web Client (Single Server)

  • NetManage Rumba Web-to-Host 4.2

Publishing Web applications

Yes

Yes

Forefront UAG does not provide application templates for the following applications:

  • Exchange 2000

  • Lotus Domino iNotes 8.0

  • Lotus Domino Web Mail (4.x’ 5.x, 6.x, 7.x)

  • Microsoft CRM 3.0

  • PeopleSoft 8.9

  • WebSphere Portal 5.02

  • SAP Enterprise Portal 6.0

Publishing Exchange services with dedicated wizard

Yes

No

Forefront UAG provides a dedicated wizard for publishing Exchange services. Using the wizard, you can publish Microsoft Office Outlook® Web Access, Exchange ActiveSync®, and Outlook Anywhere (RPC over HTTP) in a single portal, providing secure access to Exchange services on a single IP address. For more information, see the Exchange services publishing solution guide.

Publishing Exchange 2010; SharePoint 2010

Yes

No

You can publish Exchange 2010 and SharePoint 2010 using Forefront UAG. For more information, see the Exchange services publishing solution guide and the SharePoint publishing solution guide.

Publishing Outlook Mobile Access for Exchange 2003

No

Yes

Not supported in Forefront UAG.

Publishing Remote Desktop Services (RDS)

Yes

No

Forefront UAG provides access to published RemoteApps and Remote Desktops, by integrating a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for RDS services and applications. For more information, see the Remote Desktop Services publishing solution guide.

Internal publishing using integrated Windows authentication

No

Yes

The use of Integrated Windows Authentication to authenticate corporate users accessing internal applications is not supported in Forefront UAG.

Publishing a farm of Web servers or application servers

Yes

No

You can publish a farm of Web servers or application servers that perform the same role or host the same content. You can load balance requests to farm members to distribute requests evenly among available nodes, detect offline servers and implement failover, and maintain farm servers without disrupting current endpoint connections.

Client authentication with Active Directory

Yes

Yes

Forefront UAG allows you to use all available Active Directory domain controllers when configuring user authentication against Active Directory Domain Services; there was a limit of two domain controllers in IAG 2007.

Verifying endpoint health with Network Access Protection (NAP) policies

Yes

No

In addition to evaluating client endpoint health using Forefront UAG endpoint policies, Forefront UAG integrates Windows Server 2008 NAP technology, allowing you to verify client endpoint compliance against NAP policies defined on a Network Protection Server (NPS). For more information, see Planning for endpoint health checking.

SQL Server logging

Yes

No

Forefront UAG allows you to log to a local or remote SQL Server. For more information, see Logging to a SQL Server.

Web portal

Yes

Yes

The default Forefront UAG portal was redesigned to enhance the client endpoint experience. The portal provides an application tree for easier navigation, and the ability to search and sort applications published in the portal.

Portal with Outlook Web Access look and feel

Yes

No

Forefront UAG provides a streamlined logon experience for Outlook Web Access users. You can apply an Outlook Web Access theme to a portal; authentication logon and logoff pages have been redesigned with an Outlook Web Access look and feel.

Customizing the portal

Yes

Yes

The Forefront UAG portal is now in asp.net, not .asp.

Application wrapper (AppWrap) files

Yes

Yes

AppWrap files enable (the manipulation of HTTP responses from backend Web servers to clients. In IAG 2007, there were approximately 30 AppWrap files. Each one was used by a different type of application trunk, as well as for portal trunks.

Application trunks are not used in Forefront UAG and thus only one main AppWrap file exists. Two versions of this file are used, one for HTTP trunks, and the other for HTTPS trunks.

Activation Monitor

Yes

No

Forefront UAG provides an Activation Monitor that shows configuration activation activity. This is useful for monitoring the status of array members when activation occurs on the array manager. Activation Monitor is available from the Forefront UAG option in the Start menu.

Policy Manager

No

Yes

The Policy Manager console is not available in Forefront UAG.

Session Manager Utility

No

Yes

The Session Manager Utility is not supported in Forefront UAG. IAG 2007 provided the Session Manager Utility in the \whale-com\e-gap\utils\sessionmgr folder.

Web mail trunk

No

Yes

Forefront UAG provides portal trunks only.

Basic trunk

No

Yes

Forefront UAG provides portal trunks only.

Rule set enforcement

Yes

Yes

Some rule set enforcement levels were removed in Forefront UAG.

User defined UniqueSignature global host address translation parameter

No

Yes

IAG 2007 uses URL signing to enable communication with multiple internal published servers while using a single external IP address and portal. IAG recognizes the internal server required in an endpoint request by means of a unique signature field. This field is configurable in IAG 2007, but not in Forefront UAG.

Changes introduced by IAG Service Pack 2 Update 1

Yes

Yes

The following features introduced in IAG SP2 Update 1 are included in Forefront UAG RTM:

  1. Citrix XenApp5 support

  2. Enhanced client detection with WMI SecurityCenter2 namespace

  3. Support for endpoint component unattended installation and removal

  4. Publishing SharePoint AAM team sites

  5. Increased default size for Web Monitor reports and other Web Monitor issues

  6. Automatic scheduled logoff in ADFS portal trunk

  7. Various fixes

The following Update 1 issues are not included in Forefront UAG RTM:

  1. Issue with Windows 2000 client support

  2. ActiveSync issues

  3. Client certificate retrieval using SAN field

  4. Logging application events to Syslog servers

Changes introduced by IAG Service Pack 2 Update 2

Partial

Yes

The following features introduced in IAG SP2 Update 2 are included in Forefront UAG:

  1. Internet Explorer 8.0 support

The following Update 2 features are not included in Forefront UAG RTM:

  1. Cookie modification for non AAM-publishing