Forefront Unified Access Gateway (UAG) DirectAccess extends the benefits of Windows DirectAccess across your infrastructure, enhancing scalability, and simplifying deployments and ongoing management.
Forefront UAG DirectAccess features include the following:
- Improved manageability of remote
users—Forefront UAG DirectAccess enables IT professionals to
manage mobile computers, by updating Group Policy settings, and
distributing software updates any time the mobile computer has
Internet connectivity, even if the user is not logged on. This
flexibility allows IT professionals to manage remote computers on a
regular basis, and ensures that mobile users stay up-to-date with
security and system health policies.
- More secure and flexible network
infrastructure—Forefront UAG DirectAccess takes advantage of
technologies such as Internet Protocol version 6 (IPv6) and
Internet Protocol security (IPsec), providing a more secure and
flexible network infrastructure for enterprises, by using:
- Authentication—Forefront UAG
DirectAccess authenticates the client computer, enabling the
computer to connect to the intranet before the user logs on.
- Encryption—Forefront UAG DirectAccess
uses IPsec to provide encryption for communications across the
For more information on IPsec, see IPsec (http://go.microsoft.com/fwlink/?LinkId=154708).
For more information on NAP, see Network Access Protection (http://go.microsoft.com/fwlink/?LinkId=154709).
- Authentication—Forefront UAG DirectAccess authenticates the client computer, enabling the computer to connect to the intranet before the user logs on.
- IT simplification and cost
reduction—Forefront UAG enables you to reduce your costs
- Providing unified management—Forefront
UAG provides unified management for all the remote access
- Hardware consolidation—Forefront UAG
manages remote access technologies, load balancing and array
functionality, NAT64 and DNS64 on the same server, and using the
same management console.
- Providing unified management—Forefront UAG provides unified management for all the remote access technologies.
- Extended access to IPv4-only
resources—Forefront UAG DirectAccess uses integrated NAT64 and
DNS64 to enable clients to access IPv4-only resources, in addition
to IPv6-based resources.
- Simplified deployment and
administration—The Forefront UAG DirectAccess configuration is
incorporated into the Forefront UAG Management Console, and is
configured using interactive wizards, providing simpler deployment
The wizard supports the following new features:
- Management only—You can configure
Forefront UAG DirectAccess for remote client management only,
enabling DirectAccess clients to be managed without giving them
access to the intranet.
- Two-factor authentication—Forefront
UAG DirectAccess supports two-factor authentication using smart
cards and RSA SecurID and RADIUS authentication servers.
- Organizational units (OUs)— Forefront
UAG DirectAccess supports the use of OUs when configuring client
and server groups in the Forefront UAG DirectAccess Configuration
- Group Policy object (GPO)
provisioning—Forefront UAG DirectAccess provides a flexible
solution for DirectAccess GPO provisioning.
- DirectAccess Connectivity Assistant
(DCA)—DCA policy can be created in the Forefront UAG
DirectAccess Configuration Wizard to be distributed to DirectAccess
clients as part of the client GPO.
- Force tunneling—DirectAccess clients
can be configured to work using force tunneling, so that all
Internet traffic from a DirectAccess client is channeled through
the Forefront UAG DirectAccess server.
- Network Access Protection (NAP)—NAP
can be automatically deployed and configured on the Forefront UAG
DirectAccess server. Existing NAP deployments are also
- Management server
auto-discovery—Forefront UAG DirectAccess supports the
auto-discovery of management servers, including domain controllers,
SCCM servers and HRA servers.
- Management only—You can configure Forefront UAG DirectAccess for remote client management only, enabling DirectAccess clients to be managed without giving them access to the intranet.
- Enhanced scalability, high availability
and management—By utilizing its array management capabilities
and network load balancing, Forefront UAG enables you to set up
multiple DirectAccess servers in an array, providing high
availability and scalability.
- Monitoring—Forefront UAG DirectAccess
enables you to monitor DirectAccess client sessions and Forefront
UAG DirectAccess server’s health, using Web Monitor, and a
PowerShell snap-in cmdlet.