In Sept 2012, Microsoft dropped support for TMG and in Dec 2014 (or was it 2013?) said:
“We will continue to provide maintenance and support for Forefront UAG through the standard Microsoft support lifecycle, with mainstream support continuing through April 14, 2015 and extended support continuing through April 14, 2020. “
Probably fine to continue using it but perhaps not the best choice for a new implementation?
did you find a vpn client for the ipad that works with Collector?
We use NetMotion in Hamilton County. They have clients for iOS and Android. I have tested them on my iPhone 6 and on an older iPad and they work well.
Larry, thanks for answering.
can you describe the policy you have setup for vpn
right now our policy limits vpn to remote desktop connection.
so I can't use the vpn to connect to our internal esri portal site.
I am guessing that would have to allow access via 443 (https).
but I don't know much about this network/vpn stuff.
I'm in the same boat. Nearly everything I know about networking is what I've heard over the cube wall from our network guys.
NetMotion requires its own server. We initially got it so that people with laptops would be restricted to our network whenever they have an Internet connection. They still have access to the Internet, but not to sites that are blocked by our filters. I won't name names, but we have lots of people who wear uniforms and drive county vehicles with laptops.
Our policy is (I think) to have NetMotion on all county laptops. Early on, I discovered I couldn't get on a lot of hotel, airport, and other public sites because NetMotion would not let my browser open their page as my home page. I'll leave out the ugly details, but the eventually gave me permissions through the NetMotion Server to bypass NetMotion. As soon as I agree to terms and conditions, I can reconnect to NetMotion and be on our county network.
Our Flex Viewer and WAB Viewer point to both our public and non-public ArcGIS Servers. When I connect to NetMotion with my iPhone, I can see the layers on our non-public server. Otherwise, I can't. Magic.
VPN is the preferred way to tunnel into the firewalls from the DMZ.
I'm having trouble figuring out how your security guys would say they have security concerns over VPN unless they just don't want any holes punched in the firewalls period. (Or don't want the headaches of running a VPN server.)
Obviously any route from the DMZ past the firewalls is a potential security breach.
If you can avoid DMZ <-> Intranet then you're lucky but good luck with that in today's world!
The more recent VPN connections that I've used that acceptable or better performance were done using VPN devices that came from the same company used in our network. I.e. Using Cisco switches, etc... use a Cisco VPN product. I don't know if that's a requirement or just that with enterprise stuff it's way easier and less of a headache to stay single solution as much as you can.
We have a lot of iPads & iPhones with Cisco's AnyConnect on them and it seems to work fine.
However, we have not used Collector (yet.) Just the stock Esri ArcGIS iOS app and Esri Explorer.