Microsoft's Forefront Unified Access Gateway 2010 addresses many of the enterprise networking shortcomings of DirectAccess, providing sorely needed performance and availability scaling, global management, and backward compatibility. UAG will also interoperate with third-party solutions to further extend the reach and scale of DirectAccess.
Microsoft's Forefront Unified Access Gateway 2010 addresses many of the
shortcomings of the company's new always-on remote connectivity solution,
DirectAccess, providing sorely needed measures of performance and availability
scaling, global management, and backward compatibility to help move
DirectAccess beyond mere pilot projects to actual deployment on real networks.
While Forefront UAG 2010 has its own
shortcomings and limitations, an ecosystem of products and vendors is appearing
around DirectAccess to further extend its functionality and reach.
When I tested DirectAccess in October 2009, I found that DirectAccess (which is baked into Windows 7 Enterprise and
Ultimate on the client side as well as Windows Server 2008 R2) made for an
interesting and effective pilot project. However, its lack of scale, global
manageability and backward OS compatibility on both the client and server sides
would effectively limit its usefulness on most live domains and networks.
Into the breach steps UAG, which
addresses each of those concerns. Administrators who install UAG
on each DirectAccess server in the network (thereby creating UAG
DirectAccess servers) can scale DirectAccess management and performance beyond
a single server by creating an array to aggregate all the servers. UAG's
NAT64 and DNS64 implementations provide
DirectAccess connectivity to IPv4-only intranet servers and applications, while
SSL (Secure Sockets Layer) VPN functionality
provides access to remote clients using older operating systems or to those not
joined to the domain.
For the purposes of this test, however, I concentrated specifically on the
enhancements to DirectAccess that UAG
affords, and therefore did not look at UAG's
SSL VPN implementation.
Forefront UAG 2010, which started
shipping in December, is licensed through Microsoft's volume licensing program
and requires both per-server licenses and CALs (Client Access Licenses). Each
Forefront UAG server license costs $6,341
(which does not include the license cost for the underlying Windows Server 2008
R2 OS), while CALs (which can be purchased per user or per device) are $15
each. Large customers ordering over 10,000 access licenses are eligible for a
Corporate buyers should note, however, that Microsoft has announced plans to
add the UAG CAL
to the Enterprise CAL Suite sometime in the
first half of 2010, so the UAG client
licenses may be available without additional charge to those with up-to-date
Software Assurance coverage at that time.
Microsoft's Website also lists several hardware partners that may soon be
shipping turnkey appliances running Forefront UAG
2010, although nAppliance Networks appears to be the only partner presently
offering such an appliance.
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at email@example.com.