Microsoft Forefront UAG 2010 Makes DirectAccess Feasible

Microsoft's Forefront Unified Access Gateway 2010 addresses many of the enterprise networking shortcomings of DirectAccess, providing sorely needed performance and availability scaling, global management, and backward compatibility. UAG will also interoperate with third-party solutions to further extend the reach and scale of DirectAccess.

Microsoft's Forefront Unified Access Gateway 2010 addresses many of the shortcomings of the company's new always-on remote connectivity solution, DirectAccess, providing sorely needed measures of performance and availability scaling, global management, and backward compatibility to help move DirectAccess beyond mere pilot projects to actual deployment on real networks.

While Forefront UAG 2010 has its own shortcomings and limitations, an ecosystem of products and vendors is appearing around DirectAccess to further extend its functionality and reach.

When I tested DirectAccess in October 2009, I found that DirectAccess (which is baked into Windows 7 Enterprise and Ultimate on the client side as well as Windows Server 2008 R2) made for an interesting and effective pilot project. However, its lack of scale, global manageability and backward OS compatibility on both the client and server sides would effectively limit its usefulness on most live domains and networks.

Into the breach steps UAG, which addresses each of those concerns. Administrators who install UAG on each DirectAccess server in the network (thereby creating UAG DirectAccess servers) can scale DirectAccess management and performance beyond a single server by creating an array to aggregate all the servers. UAG's NAT64 and DNS64 implementations provide DirectAccess connectivity to IPv4-only intranet servers and applications, while SSL (Secure Sockets Layer) VPN functionality provides access to remote clients using older operating systems or to those not joined to the domain.

For the purposes of this test, however, I concentrated specifically on the enhancements to DirectAccess that UAG affords, and therefore did not look at UAG's SSL VPN implementation.

Forefront UAG 2010, which started shipping in December, is licensed through Microsoft's volume licensing program and requires both per-server licenses and CALs (Client Access Licenses). Each Forefront UAG server license costs $6,341 (which does not include the license cost for the underlying Windows Server 2008 R2 OS), while CALs (which can be purchased per user or per device) are $15 each. Large customers ordering over 10,000 access licenses are eligible for a volume discount.

Corporate buyers should note, however, that Microsoft has announced plans to add the UAG CAL to the Enterprise CAL Suite sometime in the first half of 2010, so the UAG client licenses may be available without additional charge to those with up-to-date Software Assurance coverage at that time.

Microsoft's Website also lists several hardware partners that may soon be shipping turnkey appliances running Forefront UAG 2010, although nAppliance Networks appears to be the only partner presently offering such an appliance.