When using Forefront Unified Access Gateway (UAG) with Active Directory Federation Services (AD FS) 2.0, there are a large number of possible topologies. You can use the following table to determine the topology required to deploy Forefront UAG and AD FS 2.0 based on your deployment goal and your application publishing requirements. You can combine topologies if you have more complex deployment requirements.

Deployment goal Published application supports claims-based authentication Trunk authentication requirements Topology

Provide access to an internal application to employees in a partner organization.

Yes

Federated authentication

Partner employee access using claims

No

Federated authentication

Partner employee access with non-federated application authentication

Provide access to an internal application to your remote employees and employees in a partner organization.

Yes

Federated authentication

Remote employee access using claims

No

Federated authentication

Remote employee access with non-federated application authentication

Provide access to an internal application to your remote employees using strong authentication.

Yes

Non-federated authentication

Remote employee access using non-federated trunk authentication and federated application authentication

Provide access to a partner’s internal application to your remote employees using strong authentication.

N/A

Non-federated authentication

Remote partner employee access using claims