Forefront UAG EOL Announcement

ForeFrontAlmost one and a half year after the End of Life announcement of TMG (and other products in the Forefront product line), Microsoft yesterday announced the End of Life of one of the other Forefront products, Unified Access Gateway or UAG as we all know it. To be honest, this announcement didn’t come as a big surprise.

The TMG EOL notice in September 2012 said, “It is important to note that there are no significant changes to the Forefront Identity Manager or Forefront Unified Access Gateway roadmaps”. Apparently Microsoft changed its mind somewhere over the last 15 months. Forefront UAG won’t be available anymore per July 1st, 2014; mainstream support ends April 14th, 2014 and extended support ends April 14th, 2020.

Suggested alternative is Windows Server 2012 R2 with its Web Application Proxy (WAP) role. Though not being on par with UAG or TMG, WAP can provide DirectAccess capabilities and application publishing. Other vendors offer alternative products like KEMP load balancers equipped with their Edge Security Pack (ESP) or F5 with their BIG-IP Local Traffic. Manager (LTM) products.

Customers with Software Assurance utilizing UAG are granted a Windows Server 2012 R2 Standard license. As of December 1st, those customers are also exempt from ordering additional UAG licenses.

Forefront TMG 2010 EOL Announcement

Today, Microsoft finally announced the discontinuing of most of it’s ForeFront products, including the retirement of products used in many Exchange deployments, ForeFront Threat Management Gateway (TMG) 2010 and ForeFront Protection for Exchange (FPE).

The products to be discontinued are:

  • ForeFront Threat Management Gateway (TMG), including Forefront TMG Web Protection Services (TMG WPS);
  • ForeFront Protection for Exchange (FPE);
  • ForeFront Protection for SharePoint (FPSP);
  • ForeFront Security for OCS (FSOCS);
  • ForeFront Protection Server Management Console (FPSMC).

This announcement is not a real surprise; rumors TMG would cease to exist circulated for months. Using this official statement companies can start adapting their strategies, when they have not already done so, when using one of the products mentioned. When companies were planning to use them in the (near) future, they need to turn to alternative solutions as well, since the these ForeFront offerings will no longer be available for purchase as of December 1st, 2012!

As it stands, mainstream support for TMG will end on April 14th, 2015; extended support for TMG will end on April 14th, 2020. Forefront Online Protection for Exchange (FOPE) will be rebranded as Exchange Online Protection.

First, the hygiene products. This is clearly a move these shift these layers of protection to “the cloud”, which has clear benefits like filtering incoming messages before they enter the organization which is also nice from a bandwidth perspective. However, that’s no solution for the many customers still requiring an on-premise solution which, for example, does store scanning; these customers are forced to tend to to 3rd parties, like McAfee or Symantec. Note that Exchange 2013 will contain basic anti-malware functionality, but I doubt this will meet any customer’s demands and certainly isn’t a very manageable solution.

Next, there’s the firewall, reverse proxy, load balancing and VPN functionality offered by TMG. Currently, many organizations use TMG to publish Exchange and as like many say and know, Exchange and TMG go very well together. For example, TMG can offer pre-authentication or SSL offloading for your Exchange boxes.These customers need to look into VPN like solutions like ForeFront UAG, which is a totally different concept and less straightforward than implementing a TMG in front of your Exchange boxes, or check for 3rd party solutions, like F5 BIG-IP with the Access Policy Manager add-on. Of course, your revised strategy and eligible solutions depend on your business requirements.

Roadmaps of ForeFront Identity Manager (FIM) and ForeFront Unified Access Gateway (UAG) remain unchanged, so publishing Exchange using UAG remains a future-proof possibility.

Publishing Exchange 2010 with UAG & TMG

Today Microsoft released a white paper by Greg Taylor (Sr. Program Manager, Exchange Server Customer Experience Team) on publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010.  This white paper contains information and guidance on publishing Exchange Server 2010 using Forefront UAG and  Forefront TMG. This includes information on how to choose between UAG and TMG for different scenarios as well as steps on how to configure thos products in order to publish Exchange 2010.

You can download the white paper here.

ForeFront UAG Exchange Publishing Guide

The ForeFront Unified Access Gateway (UAG) team published an update on ForeFront UAG content series. One of these guides is the Forefront UAG Content Series- Exchange Services Publishing Solution Guide, which can be downloaded here.

For those interested, the other ForeFront UAG guides are:

Forefront Unified Access Gateway 2010 RTM

A few days ago, Forefront Unified Access Gateway 2010 (UAG) reached RTM status. UAG is the successor to Intelligent Application Gateway (IAG), and provides remote access to remote resources through (SSL) VPN or DirectAccess, providing a Single Sign-On (SSO) portal and making more granular control over publishing of applications, such as Exchange, possible.

For more information follow on of the provided links below: