none
UAG, DirectAccess and Window2012 Future RRS feed

  • Question

  • Hi All,

    As i can see, DirectAccess is implemented in Windows 2012, so there will be no more reason of UAG DA.

    Is UAG even going to be reissued with a diferent name, or is UAG 2010 the last version. It seems like Microsoft if giving up on it.

    Thanks

    Zarko

    Tuesday, June 12, 2012 12:52 PM

All replies

  • Hi,

    Yes, the DirectAccess part of UAG is moving into the mainstream Windows 2012 feature set (including a few new nice features too!). With Windows 2012 you will not need UAG to provide DirectAccess and will have access to native features like NAT64 and DNS64 that were not available in Windows 2008 Native DirectAccess...

    The future plans for UAG are still unknown and there is very little roadmap information at this time...

    Personally, I think there is still a place for reverse proxy in the Microsoft product set and applications like Exchange, SharePoint and Lync all have a strong reliance on that role at this time...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    • Proposed as answer by Aaron Paul Rykhus Wednesday, May 1, 2013 2:56 PM
    • Unproposed as answer by ZarkoC Wednesday, May 1, 2013 2:58 PM
    Tuesday, June 12, 2012 8:14 PM
    Moderator
  • Hi

    I too would think so, why has MS been so quiet about UAG certification? There was to be news about it which hasn't been forthcoming next thing I understand is DA being integrated in Server 2012-I don't see much of a future. Seems like too short a lifespan to me, having just committed to invest in UAG/TMG.

    Jason what are your thoughts regarding the future of reverse proxy in Exchange, Sharepoint etc? Are you aware of any product in the offing? I wonder what the next incarnation of UAG will look like minus DA if there will be one...

    Tuesday, August 21, 2012 9:18 PM
  • Keep in mind that Windows Server 2012 is not an edge server like Forefront UAG/TMG. Although Windows Firewall with Advanced Security is included, you have to put your DirectAccess Server behind a 3rd party firewall or publish with Forefront TMG.

    I would be really nice if Microsoft would shine a light on this soon. It get this question way to often, and we just can't answer them.


    Boudewijn Plomp, BPMi Infrastructure & Security


    Thursday, August 23, 2012 10:52 AM
  • Keep in mind that Windows Server 2012 is not an edge server like Forefront UAG/TMG. Although Windows Firewall with Advanced Security is included, you have to put your DirectAccess Server behind a 3rd party firewall or publish with Forefront TMG.

    I would be really nice if Microsoft would shine a light on this soon. It get this question way to often, and we just can't answer them.


    Boudewijn Plomp, BPMi Infrastructure & Security


    Interestingly, I also asked that question and was told that Windows Firewall has been certified to EAL4 level, hence you don't necessarily *have* to rely on other firewalls...

    I think most people will still want to place the server behind a network or edge firewall though...however, bear in mind that if using an IPv6 Internet connection, you will obviously need an IPv6 firewall which unfortunately rules out TMG :(

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    Friday, August 24, 2012 11:47 PM
    Moderator
  • Windows 7 and Windows Server 2008 R2 EAL4+: http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-vr.pdf

    Windows Firewall is specifically included and tested against...

    How this extends to Windows Server 2012 I am not sure; it will also need to be tested I guess...

    Cheers

    JJ

     

    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Friday, August 24, 2012 11:56 PM
    Moderator
  • I think most people will still want to place the server behind a network or edge firewall though...however, bear in mind that if using an IPv6 Internet connection, you will obviously need an IPv6 firewall which unfortunately rules out TMG :(

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Not fully true. TMG does not support IPv6 except for DirectAccess. Please refer tot the following link and search for "IPv6"...

    Unsupported configurations
    http://technet.microsoft.com/en-us/library/ee796231.aspx


    At that link the following statement can be found...

    Forefront TMG does not support IPv6 traffic

    Issue: IPv6 traffic is not supported by Forefront TMG (except for DirectAccess).

    And if you look at the TMG Firewall Policy you will see Computers Sets related to IPv6. It meant to publish an internal DirectAccess Server. Hope that makes sence. Correct me if I'm wrong, because I have never used it though ;-)


    One interesting other thing I have found is this...

    Forefront TMG and DirectAccess Server on the same Box
    http://www.itpros.de/operating-systems/forefront-tmg-and-directaccess-server-on-the-same-box/

    So apparently, TMG can configure itself to support IPv6 when it is acting as a DirectAccess Server as well. That makes more sence. Now the only question remains. Can you install TMG on Windows Server 2012 ;-)


    Boudewijn Plomp, BPMi Infrastructure & Security

    Saturday, August 25, 2012 8:55 AM
  • Hey Boudewijn,

    Yeah, I follow your logic, but not sure that TMG could cope with a native IPv6 Internet connection though (e.g. with transition technologies). I always assumed the "(except for DirectAccess)" was a by product of TMG being installed on UAG and "just enough IPv6" for the on-box TMG to function. Can't argue with your quotes though :P 

    TMG on 2k12, not tried that, but I can guess the answer is no ;)

    Sounds like a fun lab...add TMG to my W2k12 DA lab and try it...probably the only way to really know!

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Saturday, August 25, 2012 10:55 PM
    Moderator
  • With UAG SP3 and the features that are deprecated, is there someone form the product team that can shed a lite on the future of UAG.

    Will there be a new version for Windows 2012?

    Thanks

    Zarko

    Thursday, March 21, 2013 12:00 PM