Forefront Unified Access Gateway (UAG) enables you to provide remote access to corporate applications and resources for remote employees, mobile workers, partners, and other third-parties. However, providing remote access to applications and resources that are located on your corporate network could potentially lead to security breaches. Forefront UAG helps you to provide secure remote access only to the users and endpoints that you want to allow access to your applications and resources, by using a combination of endpoint health policies, authentication servers, and application access authorization.
- Health policies—Forefront UAG provides
inbuilt policies that check the health of endpoint devices by
checking for system settings and features on the endpoint. Each of
the policies can be edited to check for specific settings or
features, as required. You can also define your own policies. When
checking the health of endpoint devices, you must try to find the
correct balance between using strict policies or more permissive
policies, for a wide range of end users using different endpoints
devices and requiring access to many different applications.
- Authentication servers—You can require
users to authenticate for access to the Forefront UAG portal and
application sessions. Forefront UAG supports a number of predefined
authentication schemes; you can also create custom schemes.
Configuring authentication requires you to set up authentication
servers against which user credentials are verified.
- User authorization—In addition to user
authentication, you can configure authorization settings for
specific applications published in a portal. You specify which
users and groups can access specific applications, based on users
and groups defined on user and group servers that are used for
authorization. You can configure users and groups on the same
server you use for authentication, or you can combine
authentication against one type of authentication server, with the
authorization of users and groups in a different authentication
scheme.