How we tested Microsoft Forefront UAG
We tested Forefront UAG using Microsoft's virtualization technology. Microsoft brought in a set of virtual machines which included the UAG server itself, as well as a set of pre-installed Microsoft business applications, including Exchange (2007 and 2010) and Sharepoint.
We tested Forefront UAG using Microsoft's virtualization technology. Microsoft brought in a set of virtual machines which included the UAG server itself, as well as a set of pre-installed Microsoft business applications, including Exchange (2007 and 2010) and SharePoint.
We followed the same rough methodology in testing that we used in our 2005 test of SSL VPNs (see the methodology, and for the actual test results), which broke testing up into seven key areas.
We started by examining how well Forefront UAG worked with our different authentication services, including Windows Active Directory, a RADIUS server, an LDAP server and RSA's SecurID authentication server. We looked at both the ability of Forefront UAG to actually authenticate against the services, as well as pull authorization information (such as group membership) during authentication.
Next, we pushed a security policy into Forefront UAG. We developed a fairly simple policy based on three types of users and access controls centered on those users. Then we modified the policy to include end-point security checking. For example, someone in the "HR" users group would have different access controls depending on whether their desktop or laptop passed the end-point security check.
With the policy in place, we moved to interoperability testing. We wanted to see how well the SSL VPN worked with various types of Web sites. We also tried port forwarding and network extension, two common features of SSL VPNs. We used both Microsoft-provided Web servers and our own Web applications, which included both standard HTML, typical AJAX-type applications including Javascript, and a Web site that used Adobe's Flash technology very heavily.
We also tested protocol translation by asking the UAG server to talk to a CIFS file server running Windows Server 2003, and translate the file service into an HTML Web page.
Our testing also looked at clients. We tried standard Microsoft operating systems, including Windows 7 and Windows XP, using the Internet Explorer browser. Then we threw into the mix Firefox, Safari and Google Chrome browsers running on Apple OS X 10.6 ("Snow Leopard") clients.
Finally, we looked at the GUI and associated product configuration tools to analyze and summarize management, accounting, auditing, reporting, and other aspects of product operation and configuration. We also looked at user workplace and portal functionality as well as ease of customization.
Copyright © 2010 IDG Communications, Inc.