Q. What is Celestix WSA appliance (Intelligent Application Gateway 2007)?
A. Celestix WSA is a ready to deploy IAG 2007 appliance. IAG 2007 with Application Optimizers provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management that enable access control, authorization, and content inspection for a wide variety of line-of-business applications. Together, these technologies provide mobile and remote workers with easy and flexible secure access from a broad range of devices and locations including kiosks, PCs, and mobile devices. IAG also enables IT administrators to enforce compliance with application and information usage guidelines through a customized remote access policy based on device, user, application or other business criteria. In particular, IAG 2007 provides:
• Access solutions that are better integrated with business applications
• Application-centric, policy based access with granular Web application firewall security and controls
• Easy to use, secure network and application access
• To more business resources and data from more locations
• From more devices, managed and unmanaged (for example, Smartphones, PDAs, and kiosks)
• Automated tools that simplify configuration while helping maintain a secure deployment
• Integrated security with application protection
• Helps IT administrators ensure the integrity and safety of network and application infrastructure
• Blocks malicious traffic and attacks, with client-side security checks and clean-up
• Comprehensive policy enforcement
• Provides the IT group greater asset and access control
• Enables businesses to comply with legal and regulatory guidelines on information usage to limit exposure and liability

Q. What’s new in IAG 2007?
A. Integrated with Microsoft Internet Security and Acceleration (ISA) Server 2006, IAG 2007 delivers a single, consolidated appliance for network perimeter defense, remote access, and application-layer protection over both SSL and IPsec connections, providing businesses with a broader set of choices for their remote access requirements. Integration of SSL VPN into existing Microsoft infrastructure supports secure access to both Microsoft and non-Microsoft applications and services from a single appliance.

IAG 2007 features a new streamlined and cost-effective design that can help lower cost of ownership and removes the need for multiple devices from multiple vendors for different access methods. In addition, all Intelligent Application Optimizers and Connectivity Modules are now included with the base product offering, further simplifying the purchase and deployment process. Your corporate IT group can adopt a consolidated security appliance solution that is flexible and easy to deploy.

Q. Who should consider WSA (IAG 2007), and when should I choose WSA (IAG 2007) instead of MSA (ISA Server 2006)?
A. Your choice of access mechanism should be dictated by both business and security needs. Microsoft’s goal is to provide a broad solution that can easily adapt to a variety of usage and deployment scenarios. For example, if you are looking for a network-edge gateway that provides fast and secure access with both IP-level filtering, domain-independence and IPsec VPN granular access policy and quarantine, you may choose to deploy ISA Server alone. If, however, you need to improve remote worker productivity by providing access to a range of line-of-business applications from behind existing security infrastructure, or if you need to provide business partners and customers access to applications and resources from unmanaged endpoints and networks, then IAG 2007 plus ISA Server 2006 should be your choice. For more detailed information on differentiating between ISA Server and IAG, read the secure remote access scenario.

Buy MSA (ISA Server) when you need:
• Branch office gateway for site-to-site connectivity and security
• Data center Internet access control and Web caching
• Advanced security with inbound and outbound firewall
• Publishing, securing, and pre-authenticating access to specific Web services such as Microsoft Exchange Server and Microsoft SharePoint Server (when more advanced client options aren’t required)
• Full network connectivity for managed PCs (via VPN)
• High-security client access via Windows 2000 or Windows XP that needs host checking and quarantine and IPsec (or other) encryption and authentication

Add the Intelligent Application Gateway when you need:
• Browser-based clientless access with granular policy control of data and application components
• More advanced security and manageability control over the client when accessing Web- and non-Web–based resources
• Remote access to a broader range of third-party and line of business applications
• Access from unmanaged PCs or mobile devices on unknown networks
• Strong end point security verification
• No IPsec VPN clients available for the target host platform
• Extend policy-based access to partners and customers

Q. How does IAG 2007 compare with other similar solutions on the market today?
A. IAG has been recognized by industry analysts and the press as possessing a market-leading design by combining broad access capabilities, comprehensive Web application security, and endpoint security management into a single solution. Features such as Intelligent Application Optimizers, which include predefined application-specific policies and security for many enterprise applications (such as Exchange Server, SAP, Lotus Domino, and others) enable IAG 2007 to provide a level of protection and customization that no other solution on the market currently offers. With the integrated network-layer firewall services of ISA Server 2006, IAG 2007 delivers a single, consolidated appliance for network perimeter defense, remote access and application-layer protection, providing customers with a broader set of choices for their remote access requirements.

Q. How do I license IAG 2007?
A. IAG 2007 is licensed under the server/CAL licensing model. Under this model, a server license (included in every Celestix WSA appliance) is required for each operating system environment running IAG software, as well a CAL for each user or client device that accesses a server running IAG software.

Q. Where do I obtain an IAG 2007 server license and CAL?
A. Celestix WSA IAG 2007 appliances include the server license. IAG 2007 CALs can be obtained either from Microsoft Volume Licensing or Celestix.

For more FAQs on Microsoft IAG 2007 Pricing and Licensing, please click here.

Q. What happened to AirGap?
A. ISA Server, combined with IAG 2007, serves the need for network separation and full control of inbound and outbound content and adds significant edge security functionality to address a broad set of customer requirements. The consolidated appliance provides a flexible software-driven solution that is responsive to the need for performance, management, and scalability in addition to comprehensive security. The blending of stateful packet filtering, circuit filtering, application-layer filtering, Web proxy, and endpoint security into a single appliance affords the administrator with a variety of options for configuring policy-driven solutions for access to applications and network resources.

ISA Server delivers the ability to filter traffic rather than rely on a mechanistic solution, providing three types of firewall functionality: packet filtering (also called circuit-layer), stateful filtering, and application-layer filtering. The ability to apply rule-based filtering to all traffic that traverses the network boundary enables the combined solution to directly address threats such as worms or malware that may originate from authenticated users.

The solution combines ISA’s robust IPsec and firewall security features, content inspection capabilities and Web caching features with IAG’s full-featured application-layer SSL VPN, endpoint compliance, and application security functionality to provide a cost-effective integrated network protection and remote access solution providing superior inbound and outbound security.