UAG's core functionality is as an ISAPI filter and extension, as well as various mechanisms to control other parts of Windows. ISAPI (Internet Server Application Programming Interface) is a technology that allows programmers to build add-ons for websites, enriching their functionality. UAG is heavily reliant on ISAPI to do its job, and integrates itself into Internet Information Services (IIS), Microsoft's Web server components that ships with Windows. This integration gives UAG its "face"—users logging in see a website that is generated by UAG, and UAG's ISAPI filter and extension are the components that fetch data from internal servers and show it to the user.

To do this, UAG has a mechanism that allows it to manipulate the IIS configuration directly. It creates one or more sites in IIS, and integrates itself into them by registering its ISAPI filter. Since the UAG ISAPI components are integrated into the IIS website, content going to and from the site goes through these, and they can manipulate the data directly and efficiently. To learn more about ISAPI, read the following article: http://msdn.microsoft.com/en-us/library/at50e70y(VS.80).aspx

If you take a look at IIS on a fresh UAG installation, you will notice that the Default Website contains some new virtual directories, such as " InternalSite", which has been created by UAG. This virtual directory hosts the login screen that users see, as well as other pages like the log-off page, error pages, and others. "InternalSite" also includes the various authentication mechanisms, the client detection and installation system and more. It looks darn good, if you ask us. As you'll start configuring portals on UAG, new virtual directories will appear under the Default Web Site of IIS running on the UAG server, the PortalHomePage virtual directory. This directory hosts, as its name suggests, the web resources that together compose the homepage or landing page of the portal, which end-users reach after successfully authenticating to UAG. This page displays links to all the published applications through this portal, as well as a UAG-specific toolbar.

The building blocks of UAG are Trunks and Applications. You can think of trunks as an organizational unit that can contain multiple applications. Depending on an organization's needs, the server can publish a single application, several applications within a trunk, or multiple applications within multiple trunks. An application is typically an internal server that is published through UAG, although the term can also be used to describe something that is not a website. For example, UAG has a "SSL-VPN tunneling" application, which creates a VPN connection from the user's computer to the organizational network, and allows direct access to internal resources.

If you have never seen a UAG server at work, the following screenshots offer a quick peek. Home users type into their browser a URL they are given by the networking team, and reach the illustrated login page. Even before reaching this page, their computer is checked to see if it meets the organization's security policy. For example, the organization might require that the computer is running an updated copy of Norton Anti-Virus as one of the conditions for entry:

Once users enter their password and it has been successfully verified, they are taken to the "portal" page, which lists the applications that have been published by the networking team. The middle section of the screen shows the icons, and there is also a frame on the left of the screen that shows the same applications. The top of the portal shows additional action buttons:

Users may select to launch the SharePoint application. This looks like any ordinary SharePoint page, but it's actually being displayed by UAG. Users get to it without having to type in their username and password again, since UAG has performed single-sign on to the SharePoint server, using the credentials that it has already collected from the users. On the left, the application tool bar remains, although it can be collapsed to free up screen real-estate. The top bar also stays there and contains the Log Off button, the Home button and more:

When finished, users click on the Log Off button on the right-hand side of the portal bar, and disconnect from the portal. This not only disconnects them, but also wipes clean temporary files that have been downloaded to their computer while working. For example, if they opened Office document attachments from the site, these will be wiped securely, so even if their computer is stolen, that data will not be recoverable by the thief:

When working with some services, such as OWA and SharePoint, UAG has the ability to manipulate the data stream received from the backend server, and add functionality to it. For example, in the case of SharePoint, as seen above UAG rewrites the functionality behind the Log Off button, so that when a user clicks on it, it not only logs off from SharePoint, but also from the UAG portal itself. This is designed for convenience, of course, this way the user does not have to press Log Off multiple times. In fact, for SharePoint and OWA, UAG also rewrites the data that comes in from the server and hides the log-off buttons that these servers normally show, so that the user can have only one button to click. This manipulation is called Application Wrapping, and it's also customizable by the server's administrator. With a good understanding of HTML and other web development technologies, as well as careful planning, an administrator can affect the way anything that goes through UAG looks. For example, the organization's logo can be added to pages, or specific text messages can be shown. Some customers have even used this technique to replace whole pages with others, to "cover up" information that they wanted to keep confidential.