This article describes features and fixes that are included in Service Pack 1 (SP1) for Forefront Unified Access Gateway (UAG) 2010. Forefront UAG 2010 SP1 provides the following:
SharePoint 2010 support: You can publish SharePoint 2010 via Forefront UAG.
RMS support: SharePoint libraries that use Active Directory Rights Management Services (AD RTM), and have Information Rights Management (IRM) enabled, can be accessed via Forefront UAG.
AD FS 2.0 support: You can provide remote and partner employees with access to published applications that have Active Directory Federation Services (AD FS) 2.0 enabled.
DirectAccess simplified deployment: You can configure Forefront UAG DirectAccess using the DirectAccess Wizard in the Forefront UAG Management Console. Use the wizard to set up your core DirectAccess deployment, and then complete optional tasks as required.
Remote access and management: You can deploy Forefront UAG DirectAccess to remotely manage DirectAccess clients, and enable DirectAccess clients to connect to internal networks. Alternatively, you can deploy Forefront UAG DirectAccess for remote client management only.
Force tunneling: By default Internet requests from DirectAccess clients are routed directly to the Internet. Alternatively you can enable force tunneling, to route client Internet requests via the Forefront UAG DirectAccess server.
Client health: The health of DirectAccess clients can be verified using Network Access Protection (NAP) policies. NAP policies can be implemented in enforcement mode that allows only compliant clients to connect, or in monitoring mode that monitors client health, but allows both compliant and non-compliant DirectAccess clients to connect.
Two-factor authentication: In addition to using the Kerberos protocol to authenticate DirectAccess clients, you can require clients to authenticate with a smart card or a one-time password (OTP).
DCA 1.5: SP1 includes a new version of the DirectAccess Connectivity Assistant (DCA). Run this application on Forefront UAG DirectAccess client computers to provide DirectAccess status information and troubleshooting options. You can configure settings for the DCA application in the DirectAccess Wizard. These settings are stored in the client group policy object (GPO), and applied to client computers with DCA installed.
GPOs: DirectAccess settings are applied to the DirectAccess server, DirectAccess clients, and infrastructure servers using GPOs. In SP1, you can specify that GPOs are created automatically when you run the DirectAccess Wizard, or use predefined GPOs.
DirectAccess OUs: Prior to SP1, computers that should receive the client GPO were identified using Active Directory security groups. In SP1 you can identify DirectAccess clients using organizational units (OUs), in addition to security groups.
Automatic discovery of management server: SP1 supports the automatic discovery of DirectAccess management servers, including domain controllers, System Center Operations Manager servers, and Health Registration Authority (HRA) servers.
Monitoring: Using SP1 you can log and monitor Forefront UAG servers and arrays, to assess the state of Forefront UAG DirectAccess servers and clients. You can monitor DirectAccess using the in-built Web Monitor, SQL Server logs, PowerShell, or the Forefront UAG Systems Center Operations Manager management pack.
Additionally, SP1 includes the following:
- A number of internal fixes.
- The ability to change internal IP addresses.
- A fix for issues that are listed in Microsoft article 2316074.
Note: Forefront UAG SP1 is cumulative and includes Forefront UAG Update 1, Forefront UAG Update 2, and the security fixes that are listed in article
2316074.