Microsoft's Intelligent Application Gateway (IAG) is a hardware appliance that integrates technology purchased from Whale Communications in the summer of 2006 and the vendor's own Internet Security and Acceleration (ISA) Server. The appliance itself is available from 3rd party manufacturers; Microsoft notes both Celestix Networks and Network Engines as current partners.

IAG combines an SSL VPN with endpoint security checks and firewall features, enabling the creation of policy-based remote access controls to the network and its individual applications. The platform features three levels of policy-based traffic filtering; at the packet (circuit), state, and application layers. End users access the platform through their Web browsers (more below), with their communications protected via SSL encryption; and policies can be defined specifying which users and/or machines are enabled access to which network resources.

As noted above, access to the IAG appliance from remote locations is via Web browser. Microsoft lists multiple browsers as compatible, including IE, Firefox, Safari, and Netscape. However, many of the components that enable specific features of the gateway are available only as ActiveX controls; therefore full functionality requires a Windows and Internet Explorer based endpoint.

The platform provides a means to create an access portal to corporate network applications, accessible by Web browser, which allows the end user to authenticate themselves (Active Directory, RADIUS, Client Certificates, Novell or Notes directories are supported; as are RSA's SecureID or combinations of authentication sources) and access only those applications and features that their administrator-defined policy allows. According to Microsoft, each IAG supports an unlimited number of users, and up to 64 IAG nodes can be combined in a high-availability configuration.

Access to corporate applications is assisted through the use of specialized Application Optimizers, which are available for several Microsoft and 3rd party software offerings including Exchange, SharePoint, SAP, IBM Domino, and Lotus Notes. These Application Optimizers consist of integrated software modules with pre-configured settings designed for allowing access to the target applications through the IAG portal. Features provided by the optimizers to the target applications include single-sign-on support, support for the "Attachment Wiper" (more below), and the ability to apply certain granular rights assignments per user policy; such as blocking file uploads if an approved virus scanner is not present on the endpoint machine.

Individual client tools that can be downloaded to the endpoint enabling additional features of the portal (again, many of these require a Windows based endpoint and browser), include:

- End Point Detection, with the ability to examine the endpoint's anti-virus checking capabilities (can also be extended to detect "virtually every aspect of a client PC," including registry settings or specific files). End point detection can work in combination with policy-based access; i.e., a user can be allowed or disallowed to perform certain functions depending on their endpoint posture.

- SSL Wrapper, which allows the transport of certain network protocols (terminal services, RPC, terminal emulation) over an SSL connection via port forwarding or socket forwarding models

- Network Connector, enabling full network connectivity from the client via a bi-directional VPN tunnel. The Network Connector provides remote users with a local IP address, as if they were directly connected to the corporate network.

- The Attachment Wiper component automatically removes and scrubs temporary session data from the client endpoint (browser history, submitted forms, temp files, etc.) at the end of the user session (logoff or browser failure).

Microsoft IAG is available now. Licensing is via the MS CAL scheme (a CAL must be purchased for each named, authenticated user). Individual CALs start at $22 with volume discounts available.

Contact Microsoft or their partners for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about Intelligent Application Gateway

Suggest a link
for the Intelligent Application Gateway fact sheet