When using Forefront Unified Access Gateway (UAG) with Active Directory Federation Services (AD FS) 2.0, there are a large number of possible topologies. You can use the following table to determine the topology required to deploy Forefront UAG and AD FS 2.0 based on your deployment goal and your application publishing requirements. You can combine topologies if you have more complex deployment requirements.
| Deployment goal | Published application supports claims-based authentication | Trunk authentication requirements | Topology |
|---|---|---|---|
|
Provide access to an internal application to employees in a partner organization. |
Yes |
Federated authentication |
|
|
No |
Federated authentication |
Partner employee access with non-federated application authentication |
|
|
Provide access to an internal application to your remote employees and employees in a partner organization. |
Yes |
Federated authentication |
|
|
No |
Federated authentication |
Remote employee access with non-federated application authentication |
|
|
Provide access to an internal application to your remote employees using strong authentication. |
Yes |
Non-federated authentication |
|
|
Provide access to a partner’s internal application to your remote employees using strong authentication. |
N/A |
Non-federated authentication |