You can publish SharePoint via Forefront UAG with the following templates:

  • Microsoft SharePoint Server 2010—Provide access via UAG to your SharePoint Server 2010 using alternate access mappings to allow the SharePoint server to perform URL changes on its own. This ensures that reverse proxies, such as Forefront UAG, do not have to change the content of the pages they serve to external sources.
  • Microsoft Office SharePoint Server 2007—Provide access via UAG to your SharePoint Server 2007 using alternate access mappings to allow the SharePoint server to perform URL changes on its own. This ensures that reverse proxies, such as Forefront UAG, do not have to change the content of the pages they serve to external sources.
    Office SharePoint Portal Server 2003—Provide access via UAG to your SharePoint portal server using UAG host address translation (HAT).

Why publish SharePoint via UAG?

  • Anywhere access—Users can access SharePoint sites and edit their documents from virtually anywhere: managed laptops, home computers, kiosks, and mobile devices.
  • Information leakage prevention—When users open or edit a document from a SharePoint library via Forefront UAG, no information is left on the client computer; UAG deletes all cached files, temporary files, and cookies.
  • Endpoint health-based authorization—UAG allows administrators to define an access policy that is based not only on the identity of the user and the information that is exposed, but also on the condition of the client computer; for example, basing the policy on the computer's operating system, on the browser that is used to access the site, or on whether or not an up-to-date antivirus is running on the computer. Typical implementations of this type of authorization prevent users that don’t run an antivirus from uploading files to the SharePoint site, and they also prevent access to sensitive information from public computers.
  • Web farm load balancing (WFLB)—In a large organization with many SharePoint servers, using load balancing can ensure that traffic is distributed evenly between the servers. UAG uses a round-robin mechanism to ensure that user requests to a Web application serviced by a Web farm are distributed fairly among farm members that are online, by spreading requests from different IP addresses evenly among the Web farm members. This even spread is preserved during failover. When failover occurs, servers that are not responding are detected, and the load is distributed among the available servers.UAG uses affinity to ensure that, after a user has been routed once to a particular SharePoint server, the user continues to be routed to that server. To keep this persistency, Forefront UAG supports session affinity and IP affinity.
  • Advanced authentication schemes—Forefront UAG implements many authentication schemes, ranging from simple username and password forms to smartcard-only authentication, one-time passwords, and partner integration via Active Directory Federation Services (AD FS).
  • Enabling access to SharePoint sites from Microsoft Office Outlook Web Access—When Outlook Web Access is also published via the Forefront UAG portal, Forefront UAG makes sure that if an e-mail message contains a link to a published SharePoint site (for example,, the link works properly even if it contains Intranet domain names (for example, http://intranet/).
    Single sign on—Users need to sign on only once during a session. After they do, Forefront UAG saves their credentials, and they are automatically signed on to any system they want to access during the session. This is very useful when publishing several SharePoint sites or additional applications.
  • Unified portal—After a user logs on, Forefront UAG presents the user with a list of SharePoint sites and other applications that are available and for which the user is authorized. The list is dynamic and reflects the current client health and Forefront UAG server configuration.
  • Automatic timeout—Forefront UAG detects whether or not users are active, and automatically logs off users that are not active for a predefined amount of time. This is very important in remote-access scenarios, where users might leave their computer unattended in a public location.
  • Internet-ready appliances—Forefront UAG was developed and designed as an Internet and perimeter network appliance, and it is hardened and secured according to industry standards.
  • Secure Sockets Layer (SSL) termination—Forefront UAG can terminate SSL connections and mitigate the load off Office SharePoint Server, while providing a single point of management for certificates.
  • Application protection—Not only does Forefront UAG act as an HTTP proxy and buffer the internal servers from the Internet, it also incorporates several application-level technologies to protect computers running Office SharePoint Server from malicious attacks.
  • Policy-based access—Forefront UAG provides integrated security by ensuring compliance with predefined rules and policies.

Where can I get more information?

In the SharePoint solution guide on TechNet - a downloadable solution guide on the Microsoft Download Center -