1

BISG Test Report "exxWeb-IT 3.1 and extension test report "pinRemote 4.0“ Pintexx GmbH Schindersgrube 1 74388 Talheim

Contact Person: Hans- Peter Burk (CEO)

creation date: 04-04-2017

test report creator: Serach Epstein

responsible: Holger Vier

2

Content

Preface ................................................................................................... 4

Particularities of the Application .............................................................. 4

Initial Situation ......................................................................................... 4

Audit Report ............................................................................................ 5

Setup exxWeb-IT .................................................................................................... 5

exxWeb-IT Administrator (admin tool) ..................................................................... 6

Usability for administrators .................................................................................. 6

Usability for End Users ........................................................................................ 7

exxWeb-IT Portal .................................................................................................... 7

Usability for Administrators .................................................................................. 8

Usability for end users ......................................................................................... 8

Remote Apps .........................................................................................................10

Remote Desktops ..................................................................................................11

Mobile Usability ......................................................................................................12

Performance ..........................................................................................................12

Security ..................................................................................................................12

Further Features ................................................................................... 13

Prospect ................................................................................................ 14

Conclusion ............................................................................................ 14

3

BISG extension test report, "pinRemote 4.0" ......................................... 15

Foreword ................................................................................................................15

Initial situation ........................................................................................................15

Test report............................................................................................. 16

Installation of "pinRemote" .....................................................................................16

Groups ...................................................................................................................16

Direct access .........................................................................................................19

RADIUS authentication ..........................................................................................20

4

Preface

This audit report represents an expert evaluation of the Remote Access software “exxWeb-IT“, a Pintexx GmbH product, and comprises the following main topics:

Security

performance

usability (user/admin)

configuration possibilities

remote desktop

remote apps

active directory

integration

mobile usability

Particularities of the Application

According to OEM indications, the application is smoothly integrable in a Microsoft server 2008 or Server 2012 environment. Client access is possible to establish via any abitrary HTML 5-Browser platform independently and it supported by all current mobile operation systems. The manufacturer rate their access system very secure. The security features will be outlined in detail in the report.

Initial Situation

The product assessment was conducted via a virtual Microsoft Server 2012 R2 test environment of the then latest version 3.1, which had been made available by the company Pintexx GmbH as full version. The utilized test system fulfilled all hard- and software minimal requirements that were essential for the establishment and the application.

5

Audit Report

Setup exxWeb-IT During the setup of the application no problem whatsoever occured. The step-by-step setup windows are self-explainatory and comprehensible. A server reset was not required. After a successful setup, three links were established on the desktop

(“exxWeb-IT Administrator“, an HTML-Link to the portal as well as

“manual“).

Notice: According to the manufacturer, problems during the application of

proxy servers may occur.

6

exxWeb-IT Administrator (admin tool) By means of the admin tool, various settings and parameters are accessible which affect the portal´s performance, access and security. Notice: The admin tool is in English and cannot be changed to another language.

Usability for administrators The administrator has the possibility of controlling a variety of important system processes. For instance:

- gateway reachability - port definition (internal, external) - cluster operation / load-balancing through self-developed

architecture.

7

- SSL & security certification coverage

- IP adress and session boundaries

- profile and access right definition

- authentification mechanisms

- printer and remote app connections

- e-mail and SMS notification settings

- evaluation and reporting functions for error analysis

Usability for End Users The admin tool is only accessible for administrators.

exxWeb-IT Portal The exxWeb-IT Portal represents the connection between admin tool and the actual remote gateway and therefore the central access point for end users, accessing all resources. Corresponding to the beforehand-set profiles in the admin tool, these profiles are activated and the users are matched accordingly to their resource access requirements.

8

Usability for Administrators Here, the administrator also has access to many settings and useful tools:

- Access to the system information dashboard (amount of connections, userlogging, version info, workload, etc.)

- gateway settings - activate and deactivate profiles (correspondingly to profile creation

in the admin tool) - user management (name, password, profil allotment, RDP IP

definition, up and download)

- active directory integration

- portal setting editing (global user settings, RDP settings, mail, etc.)

- system evaluation through various test routines between all

instances and processes.

- password changing

- portal design modifier (URL link and Web color code)

Notice: Altered profiles must be saved in order for the alterations come into effect!

Usability for end users The respective functions and resources which are accessible for the end users generally depend the profile´s allocation. One user may be allocated to several profiles.

9

The following resources are applicable for end users (depending on profile allocation):

- opening remote desktops via RDP

- application access (remote apps) such as MS Paint

- discrete Office remote apps such as Word, Excel and PowerPoint

- the possibility to connect existing sessions via access codes

(notice: the support tool application is only possible if both system

operate in the same environment, respectively within the same

portal)

- user-specific settings, such as language, keyboard, contact data,

etc.

- password changes

- a help section

10

Remote Apps In the portal, all remote apps (depending profile) are available for the end user. Within this testing environment, the application Microsoft Paint could be initiated without problems. It should be positively mentioned that accessing remote apps can also be achieved without a remote desktop system. This implies accessing the remote app resource through another browser tab automatically. Another advantage may be that several app tabs can be opened simultaneously.

By moving the mouse cursor to the upper screen margin, a small tool bar blends in. There, functions such as up/download, a virtual keyboard, request control and a session code for remote support can be retrieved. The Office remote apps are located in their own remote app section “My Office“.

11

Remote Desktops Another end user feature is establishing a remote desktop connection through the section “My PC“. Required for this is the user´s profile allocation to the respective authorization.

Active Directory Authenfication is optional within the login scope. This way, one step is skipped as the Windows login immediately appears.

12

Mobile Usability According to the manufacturer, exxWeb-IT can be used with any HTML-5-supporting device. Unlike with regular VPN technology, there is no need to install further client software for using exxWeb-IT.

Performance Activating functions, altering profile settings as well as authorization management and initiating remote apps via a PC could be processed without complications in a fast and smooth manner. Difficulties however were attuning during the mobile usage. In the scope of the evaluation, an iPhone 6 with the then current iOS system, Google Chrome and Safari were made use of, resulting in the login to fail within the portal. Logging into the remote desktop system and the remote apps were also not possible. Here, the login to the portal went well but all tabs crashed when trying to access any of the before-mentioned functions. In order to have this problem addressed and solved, a service inquiry was communicated via phone call. This inquiry was immediately handled. The solution for the occuring problems with the mobile devides was changing Windows firewall settings.

Security The topic security plays an essential role in this evaluation. The following security mechanisms were integrated:

- Any gateway and portal configurations can only be done in the admin tool environment, which is again secured by a password. External changes are therefore not possible.

- Gateway usage is only possible against gateway authentification. Required for this, a password-secured profile embedded in the admin tool.

- token-based authentification process with validity duration of 20 seconds.

13

- client IP-blocking after the 5th unsuccessful login try.

- portal authentification constraint based on IP addresses

- encrypted gateway access via WWS (Web Sockets Secure Layer,

conform to SSL) requires server certificate.

- 2 factor authentification (optional): here, a disposable One Time

Password (OTP) is generated and sent via mail or SMS to the end

user. After correct password input, the RDP connection is

established. The OTP has validation duration of 2 minutes.

- portal login secured against SQL injection (OWASAP Top10) and

can only occur via SSL selection.

Important Notice: All mentioned security measures do not replace a firewall!!!

Further Features

According to the OEM, further features are supported:

- smart card support for authentification (e.g. for DATEV)

- Microsoft Share Point integration

- Webdav interface, e.g. for Microsoft Office

- seperate SDK (Software Development Kit) for user-specific

programming.

14

Prospect

The company Pintexx will further develop the application and, by that, they will implement more features. This is a short prospect on these planned features (subject to change):

- exxWeb-IT for admins

- Integration of Google Authenticator

- Wake Up Lan function

- chat function

- Info Messaging System

- Cloud Storage access

Conclusion

With its many useful and efficient features, its flexible and fast integration and, last but not least, the user-friendly handling, the application “exxWeb-IT“ could convince in our evaluation. The BISG e.V. therefore recommends “exxWeb-IT“ as an alternative access solution for companies of all kind that are willing to relinquish traditional solutions (e.g. VPN). “exxWeb-IT“ Version 3.1 is therefore awarded with five stars.

15

BISG extension test report, "pinRemote 4.0"

Foreword

This test report is an extension to the already created test report from 14.04.2016. The product was renamed "pinRemote" as of version 4.0, and new functions were implemented. This report only refers to the following new features of "pinRemote 4.0": - Groups - Direct access - RADIUS authentication

Initial situation

This product test was performed within a virtual Microsoft Server 2012

R2 test environment with the latest pinRemote version 4.0.17.0327,

which was made available by Pintexx GmbH as a pro version.

The utilised test system satisfied all hardware and software minimum

requirements necessary for installation and operation of the application.

16

Test report

Installation of "pinRemote"

No problems or errors occurred during installation of the application. The

individual setup windows are self-explanatory and understandable. A

reboot of the server was not necessary.

After successful installation, three shortcuts are created on the desktop

(pinRemote Administrator, an HTML link to the portal, and the manual).

Groups

Groups can be used to define functions for more than one user. This has

the advantage that you do not have to change each user individually, but

can transfer the desired functions to several users simultaneously. This

makes administrative work easier.Groups are created in the pinRemote

portal in the "Groups" area, via the "Create new Group" button. An input

screen appears, where you can define the group name, language, profile

settings, and other parameters for the group. Once you have made all

the desired settings, the screen is closed with the "Save" button, and the

group will have been created.A user is assigned to a group via user

management in the pinRemote portal.

17

18

A user is assigned to a group via user management in the pinRemote

portal.

Note

The group settings override the global settings.

Optionally, groups can also be linked to Active Directory Groups. To this

end, an appropriate Active Directory must be available, and the "AD

login" function must be activated.

19

Direct access

This function can be used to define so-called shortcuts (short accesses)

to any target, such as desktops or applications. The function is activated

in the "Direct Access" area of the pinRemote portal.

For activation, it is necessary to create a so-called "Secret", so that the

users can be identified.

Optionally, the "Show Users" function can be activated. This means that

the menu item "Direct Access" appears in the user portal. The user will

then see all the direct access links.

20

RADIUS authentication

PinRemote supports RADIUS authentication. This function was not

tested in detail, since there was no RADIUS server in the test

environment. Therefore, this point is only superficially explained.

To enable RADIUS authentication, you need to open the pinRemote

Administration Tool. This authentication is controlled for the profiles. You

can reach the profile settings by selecting a profile and clicking on the

"Edit" button. You can select the "Radius Authentication" item here, and

then enter the RADIUS parameters.

21