RD VPN 1.4 newest version

HOB RD VPN 1.4Central Data and Applications on Demand

Flexible, Secure, Cost-Effective

Secure Business Connectivity

Edition 09/10

2

HOB RD VPN 1.4 – Central Data and Applications on Demand Flexible, Secure, Cost-Effective .......................... 3

Secure Remote Access – Why? ........................3Secure Remote Access with HOB – Your Competitive Advantage! ...................................3HOB RD VPN: Work Where You Want, When You Want – All You Need is a Browser! ................................3Worldwide Flexibility! ........................................3Technical Excellence! .......................................4Excellent Cost Savings! ....................................4Common Criteria Certified! ................................4

HOB RD VPN 1.4 – Key Components for Secure Remote Access ...................................... 7

Advantages at a Glance ...................................7WTS Computing – Windows Terminal Server Access ..........................................................7Web File Access – File Access via Web Browser .........................................................7HOB Web Server Gate – Intranet Access ............7HOB PPP Tunnel – Access to the Corporate Network ............................... .........................7Universal Client – Access for Remotely Installed 3rd Party Applications ..........................8

Optional Products .................................. 8

HOB Desktop-on-Demand – Remote Access to Workstation PC’s .........................................8HOB VDI-Business – Access to Virtual Windows Desktops .........................................8Legacy Access – Dialog-Oriented/Host Application Access ..........................................8Enhanced Terminal Services .............................8True Windows ................................................9Enhanced Load Balancing ................................9Enhanced Local Drive Mapping .........................9HOB SCS – Unix-based Operating System ........9HOB X11 Gate – Gateway for Access to Graphical Unix/Linux Applications ....................10

HOB MacGate – Access to Apple Mac OS X .............................10

Background Technology ....................... 11

HOB WebSecureProxy – The Central Server Component ................................................ 11Advantages at a Glance ................................11Security and Performance ..............................11High Performance on Standard Hardware .........11Supports Tokens for Authentication ..................11Supports Client-Side SSL Certificates, e.g., on SmartCards ..................................................11Secure E-Mail on Mobile Devices .....................11Central Administration via HOB Enterprise Access Administration ....................................12Only One TCP Port is Required .......................12Anti Split Tunneling ........................................12Supports IPv6 ...............................................12

HOBLink JWT – The Java RDP Client .......... 12Advantages of HOBLink JWT at a Glance .........12Virtual Channel Support for Third Party Applications ......................... .......................13Immediately Online Again! ...... .......................13Universal Printer Support with EasyPrint ...........13Enhanced Local Drive Mapping .......................13Supports International Keyboard Layouts ..........13Technical Details ................... .......................13

Product Assortment ................................... 14

System Requirements ................................ 15

Things To Come ........................................ 15

Company Profile ................................... 16

Contact Information ............................. 16

3

HOB Remote Desktop VPN 1.4

J Secure Remote Access – Why?Today’s enterprises are facing a bigger challenge than ever before: Highest possible efficiency in all areas. In the area of IT, this is done primarily through the implementation of two measures: Centralization of the applications while at the same time de-centralizing the workstations.

Especially the supplementation or even partial replacement of traditional office workplaces with home offices helps not only the enterprise, but also accommodates the workforce: According to a recent survey, around two-thirds of a country’s workforce prefer to work at home on a regular basis. Managers on business trips and sales representatives or service personnel also have to work outside of the company premises. In addition to this, many enterprises want or need to integrate customers or partners into their corporate networks in order to ensure even faster and better service performance.

J Secure Remote Access with HOB – Your Competitive Advantage!The ability to securely, economically, and reliably access all of the most widely varying enterprise resources from diverse platforms and terminals is, now and in the future, a not-to-be underestimated competitive advantage.

J HOB RD VPN: Work Where You Want, When You Want – All You Need is a Browser!

Turn this challenge to your advantage - with HOB RD VPN!

This innovative software solution enables fast and secure access to all your business data and applications. It delivers to you and your employees – at the push of a button – your Intranet, enterprise servers or office PC to your house, hotel or airport. And if your com-puter is turned off?- No problem: This HOB software lets you start it remotely!

J Worldwide Flexibility!The HOB RD VPN software solution is specially designed for secure remote access over TCP/IP networks, i.e., Internet, WiFi / WLAN or UMTS, to diverse resources in enterprise networks. This is a universal software-based solution for secure remote access from the corporate network all the way through to the front end.

It makes absolutely no difference whether your data and applications are on a Windows Terminal Server, virtualized windows systems, Unix/Linux servers, a traditional host, or even a personal computer. Depending on the configuration and the user‘s authorization level, you and your staff can access and edit files, exchange them with the target system and print them. And they can do this anywhere, just as if they were sitting in the office at their company PC! With HOB RD VPN you can also secure all communication over WLAN/WiFi or within the enterprise network.

HOB RD VPN 1.4 – Central Data and Applications on Demand Flexible, Secure, Cost-Effective

4

J Technical Excellence!HOB RD VPN can be used to replace traditional, rather inflexible hardware appliance solutions with a flexible and quickly adaptable „software appliance“ – in light of increasing virtualization, this advantage is not to be underestimated!

HOB has in HOB RD VPN a first-rate technical achievement: On standard mid-sized servers this solution has been tested successfully with 10,000 concurrent sessions.

J Excellent Cost Savings!One unique aspect of HOB RD VPN is that it only needs to be installed once on a central server in the enterprise network. Once this is done, any authorized user can use virtually any Internet-capable client machine (PC, Laptop, etc.) to access their data via an Internet browser. Printing, with remote solutions often a source of aggravation, is no problem with HOB RD VPN. Users can simply print remotely-accessed files from their local printer. There is no need to have each individual printer‘s driver installed on the server.

High administration costs and the necessity of constantly updating clients are now a thing of the past!

J Common Criteria Certified!HOB has merged the advantages of conventional SSL- and IPSec-VPN’s and created a solution that fulfils the highest security and compliance requirements. This is done through encrypted connections and accepted authentication methods such as tokens, SmartCards (also via PKCS#11) and SSL client certificates. Furthermore, HOB RD VPN can be so con-figured that a connection to the enterprise network is only established after it has detected that the connecting terminal has active and up-to-date antivirus software.

In light of this comprehensive security design, it is no wonder that HOB RD VPN has been certified in accordance with the Common Criteria by the German Federal Office for Informa-tion Security (BSI Certificate BSI-DSZ-CC-0260-2004).

HOB RD VPN – Key Components for Remote Access

• WTS Computing Access to Windows Terminal Servers

• Web File Access For remote access to file servers

• Web Server Gate For access to Web applications

• PPP Tunnel For remote access to the complete enterprise network

• Universal Client Enables remote access for locally installed “third party applications”

5


SSL

HOB RD VPN 1.4

HOB Remote Desktop Virtual Private Network

Clients with Internet Access

Enterprise Network

Company PC

VirtualizedWindows

Windows Terminal Server

MainframeMidrange

Mail ServerWeb Server

File Server

Unix/LinuxMac

6

Optional Products

• Desktop on Demand For remote access to personal workstation computers

• VDI Business Remote access to virtual Windows machines

• Legacy Access For remote access to all Host-based data and applications

• Enhanced Terminal Services Enhanced Load Balancing Enhanced Local Drive Mapping incl. Virus scanning, True Windows

• HOB SCS (Secure Communication Server) Hardened operating system with HOB RD VPN as a software appliance

• HOB X11 Gate Gateway for remote access to graphical systems under Unix/Linux

• MacGate For remote access to Apple Mac OS X

7


HOB RD VPN 1.4 – Key Components for Secure Remote Access

Advantages at a Glance

• Browser-based solution • Neither software installation nor administrator rights are needed on the client • Three authentication methods: User-ID/Password, Token, Client SSL certificate • High security via an integrity-check on the client • Centralized solution: Updates are only installed in the computer center

J WTS Computing – Windows Terminal Server AccessHOB WTS Computing is the solution for remotely accessing Microsoft Remote Desktop Services (RDS) via a browser and the Internet. This platform-independent solution enables you to use the full range of Windows applications on the RDS server, regardless of the software on the client computer.

J Web File Access – File Access via Web BrowserRegardless from which client platform access is being made: With this functionality, files can be exchanged with the enterprise network over a Web browser. Windows networks and SAMBA shares can be accessed.

J HOB Web Server Gate – Intranet AccessWith HOB Web-Server-Gate (WSG) internal company Web servers and Web services can be securely accessible from outside over HTTPS. The company’s internal Web servers are thus protected. Access to these servers can only be granted after successful authentication with HOB RD VPN.

All links on the Web pages (HTML or Javascript-generated links) are converted by the HOB WSP Web-Server-Gate automatically. The target filter integrated into the HOB WSP Web-Server-Gate allows users to access only those Web servers for which they are authorized. To increase security, caching data in the browser cache can be blocked.

J HOB PPP Tunnel – Access to the Corporate Network This HOB solution combines the advantages of IPSec VPN access with the simplicity of an SSL-VPN. The new procedure (patent pending) developed by HOB on the basis of the Point-to-Point-Protocol (PPP) enables complete network access over all protocols, such as TCP, UDP, and ICMP, to all resources in the internal network. No drivers nor any additional software need be installed on the client device in order to get this access.

The PPP Tunnel is currently available for clients running Microsoft Windows Vista, Windows 7, Linux/Unix, Mac OS X, FreeBSD and Solaris.

8

J Universal Client – Access for Remotely Installed 3rd Party ApplicationsHOB WebSecureProxy Universal Client (HOB WSP UC) is a gateway. It enables locally installed third party applications, e.g., SAP-GUI, to exchange data securely (SSL-encrypted) over the Internet. It is currently available in Java and .NET technology.

Optional Products J HOB Desktop-on-Demand – Remote Access to Workstation PC’s

HOB Desktop-on-Demand stands for access to Windows XP/Vista/Windows 7 worksta-tions over the Internet — the ideal solution for remote users wanting to access data and applications in the office, whether from a home office or anywhere else with an Internet connection.

A computer can even be accessed if it is shut off. To do this, the Windows PC’s “Wake-on-LAN” function is called into action, enabling a remote booting.

J HOB VDI-Business – Access to Virtual Windows DesktopsHOB VDI provides the user with access to a virtualized remote Windows Desktop. The user can work with all applications installed on the virtual Windows machine. If a connection is inadvertently interrupted, the OS remains for a specified time in a “disconnected” state and when the connection is re-established, the user is returned to the same session. Supported VMware guest systems include Windows XP, Windows Vista and Windows 7.

This solution also enables you to run applications that require enormous resources or that can’t run on the WTS itself, for example, CAD applications. Differently than with the WTS, the user always has 100% of the virtual machine’s capacity at his/her disposal.

J Legacy Access – Dialog-Oriented/Host Application AccessAs an option, HOB RD VPN 1.4 provides SSL-encrypted remote access to host or “legacy” applications. It supports the following protocols: 3270, 5250, VT, HP-700, Siemens 9750, Siemens 97801, SSH.

J Enhanced Terminal ServicesThe HOB Enhanced Terminal Services, in short, HOB ETS, are a software component from HOB that enhance the Microsoft Terminal Server functionality with more granular configura-tion possibilities and features that Microsoft does not provide. HOB ETS consists of several modules that have to be installed on the terminal server in order to obtain these functions:

• True Windows • Enhanced Load Balancing • Enhanced Local Drive Mapping

9


J True WindowsTrue Windows enables you to completely integrate remote applications into the client machine. The user sees no difference between locally installed applications and those residing on the Windows Terminal Server. Even the user-specific tray icons are displayed on the client machine. Session-sharing is supported, which spares resources by letting several server applications run in a single session.

With the True Windows Application Manager all applications in a WTS farm can be dis-played and, if desired, terminated – just as with the Windows Task Manager.

With Application Serving, when the user logs on to the Terminal Server a specific applica-tion is started automatically, so that only this application and not the entire Windows desktop is available to the user.

Application Publishing enables you to “publish” individual applications, i.e., make them available to all users. Hereby, each Windows Terminal Server can be configured individually.

J Enhanced Load BalancingThe load balancing function included in the standard scope of delivery distributes the load evenly to all machines in a server farm.

With the “Enhanced Load Balancing” component, the administrator can more finely distribute the load and set criteria with which the load is calculated, e.g., CPU and network load, swap activity and memory utilization, or the number of active sessions.

J Enhanced Local Drive MappingWith Local Drive Mapping, Terminal Server applications can access the client’s local drives.

Access can be made to local drives such as hard disks, memory cards, CD ROM drives, USB storage devices, etc. To protect the remote system from being contaminated by a virus from the client, HOB RD VPN also has an interface to a virus scanner.

J HOB SCS – Unix-based Operating SystemHOB SCS (Secure Communications Server) is a hardened, stabile Unix-based operating system using tried and proven Open Source Technology. When used as the platform for HOB RD VPN, HOB SCS is a full-fledged software appliance. Installation, maintenance and administration are minimal.

When used as a software appliance in conjunction with the HOB SCS platform, HOB RD VPN benefits from real advantages in security, stability, performance and scalability.

10

J HOB X11 Gate – Gateway for Access to Graphical Unix/Linux ApplicationsUp until now, X11-based applications could only be used remotely with restricted function-ality and under considerable performance limitations. The HOB X11 Gate revolutionizes remote access to graphical Linux and Unix applications. The HOB X11 Gate, in connection with the Remote Desktop Protocol (RDP), enables full Web-based access over a lean protocol with maximum performance.

J HOB MacGate – Access to Apple Mac OS XWith the HOB MacGate users can easily and securely remotely access a Mac desktop, even over the Internet. This can be done over any Java-capable browser, even when the connection is started from a Windows PC.

11


Background Technology

HOB WebSecureProxy – The Central Server Component

Advantages at a Glance

• Highly scalable • Successfully tested with 10,000 concurrent sessions • Interfaces to Radius and OCSP • 10 platform-specific versions

J Security and PerformanceThe HOB WebSecureProxy (WSP) is the core security component of the HOB RD VPN solution. It is installed on a server in the DMZ and enables the SSL-encrypted client-queries to the servers and applications inside the corporate network. All current encryption meth-ods are supported, including AES with up to 256-bit key lengths.

The HOB WSP has an integrated Web server, which provides HTML logon pages and the access software for the client machine (e.g. HOBLink JWT, see below) as a Java applet. Authentication is already carried out before the applet is loaded, further increasing security.

The HOB WSP can be deployed on many platforms, is highly scalable and thus well-suited for small and large installations. Even in very large and comprehensive IT infrastructures only a few performant servers are required. This reduces the susceptibility to failure as compared to conventional SSL appliances and is also cost-effective.

J High Performance on Standard HardwareHigh performance is guaranteed even for very large numbers of users: Tests with up to 10,000 concurrent sessions on a mid-sized server have proven this.

J Supports Tokens for AuthenticationAdditional security can be achieved through the use of authentication systems, so-called tokens. A system with RADIUS interfaces are supported, e.g., RSA SecurID, SafeWord PremierAccess and Vasco Digipass.

J Supports Client-Side SSL Certificates, e.g., on SmartCardsHOB RD VPN supports the use of client certificates that are read-out during the establish-ment of an SSL connection.

J Secure E-Mail on Mobile DevicesThe HOB WebSecureProxy can also be used to shield an e-mail server from direct access over the Internet. Communications between the e-mail client and the HOB WSP travel over POP3S, IMAPS and/or SMTPS.

12

J Central Administration via HOB Enterprise Access AdministrationWith HOB Enterprise Access, the central user administration program, the administrator can centrally manage all user and configuration data. HOB Enterprise Access supports LDAP or uses this interface to access directory services such as Microsoft Active Directory or OpenDS.

J Only One TCP Port is RequiredAll communications into the enterprise network can be directed over just one TCP port; usually the standard HTTPS port 443.

J Anti Split TunnelingWith HOB Anti Split Tunneling, you can prevent a user from accessng unauthorized networks while working with HOB RD VPN. This greatly increases system security.

J Supports IPv6The HOB WebSecureProxy supports connections with the client over IPv6.

HOBLink JWT – The Java RDP Client

Advantages of HOBLink JWT at a Glance

• Browser-based access to Windows applications • Connection of all clients, e.g., Windows, Linux, Unix, Apple Macintosh,

NC’s, handheld PC’s, etc. • No additional server components required (in the basic configuration) • No software installation on the clients • Windows applications can be used on all platforms • Optimal utilization of the existing network infrastructure • Scalable solution for central installation and administration • Access to local drives via Enhanced Local Drive Mapping • Flexible functions for printing on all network printers as well as local printers

HOBLink JWT is a Java-based RDP client, which provides platform-independent remote access from anywhere to applications via Remote Desktop Services. HOBLink JWT is installed on the Web server integrated in HOB RD VPN.

No local installation of any HOB remote client system on the client machine is required. The first time a client machine makes access, the client’s browser downloads the Java applet and starts the application.

With this RDP client people can use all the advantages of server-based computing for Windows applications. This innovative solution provides enterprises, specifically their IT administration, with numerous additional advantages in installation, administration, oper-ability and security.

13


J Virtual Channel Support for Third Party ApplicationsVirtual Channel Support enables 3rd party applications to communicate with the WTS over the RDP connection. Additionally, specific channels can be prioritized.

J Immediately Online Again!Client sessions that have been disconnected – e.g., by the user or due to network problems – can be re-established immediately. This can also be done when accessing a server farm. The user can continue working at the place where the session was disconnected.

J Universal Printer Support with EasyPrintIn addition to the usual Terminal Services print functionalities, HOBLink JWT with EasyPrint delivers a definite added value. Regardless whether you want to print to local or network printers, you do not need to have the specific printer driver installed, nor is a manual intervention required.

Advantage: There are no performance or stability problems on the server side and adminis-trative work is greatly simplified.

J Enhanced Local Drive MappingVia the HOB Local Drive Mapping the WTS can access files on the client.

The “Enhanced Local Drive Mapping” ensures access to local drives such as hard disks, memory cards, CD ROM drives, USB storage devices, etc. To protect the remote system from being contaminated by a virus from the client, HOB RD VPN also has an interface to a virus scanner.

J Supports International Keyboard LayoutsIn addition to supporting US English keyboards, many other keyboard layouts are sup-ported. The following languages/keyboard layouts are supported: US English, French, Dutch, Spanish, Portuguese and as new additions, Japanese and Chinese.

Under Windows HOBLink JWT has a native keyboard support, i.e., independent of Java.

J Technical Details • No HOB software need be installed on the WTS to get the connectivity functionalities

(in the basic configuration) • Dual monitor support • Supports the protocols RDP 4 to RDP 7 • Flexible printer functions for local and network printing • Supports wheelmouse use (w. non-Windows clients, only from Java 1.4 up) • Client-connection over LAN and WAN, Dial-up, ISDN, xDSL, UMTS, VPN possible • “Copy and Paste” between client and server • Keypad for the definition of Windows hotkeys • Access to locally connected devices (e.g., scanners) via TWAIN ports • Automatic reconnect after a disconnected session • Application Serving: direct connection to an application

14

• Virtual Channel Support • Automatic version control (Smart Update) • Java Web Start • Full Screen Mode • Session Shadowing: Administrator can monitor all current client sessions • Supports Microsoft encryption with key lengths of up to 128 bits • SmartCard Redirection supports logging in to WTS • Clients can be pre-configured with IP addresses, server names and

other connection settings • Configurable RAM- and hard-disk-cache • XML-based storage of configuration data

The following features require optional components:

• Access to local drives via “Enhanced Local Drive Mapping” (under Windows 2000 Server or Windows Server 2003/2008/2008 R2)

• True Windows • Application Publishing • Enhanced Load Balancing

The following features are possible under Microsoft Windows Server 2003/2008/2008 R2:

• Configurable color depth: 8-, 15-, 16-, 24- or 32-bit • Streaming support • Local Port Mapping: locale COM and LPT ports

Product Assortment

HOB RD VPN is also available ain a compact version. In HOB RD VPN Compact, HOB provides a product that is especially well-suited for smaller installations. Enterprise Access is not a part of this – the configuration data and user credentials are stored in the WebSe-cureProxy’s XML configuration file.

Another product variant is HOB RD VPN NetAccess. Usually, SSL VPN solutions are much more expensive to purchase than IPsec VPNs. SSL VPNs more than compensate for this disadvantage with cost-savings in operation.

HOB RD VPN 1.4 NetAccess, however, is available at a price similar to that of IPsec VPNs. Thus, companies that deploy HOB RD VPN 1.4 NetAccess profit greatly from this solution’s lower total cost.

HOB RD VPN 1.4 NetAccess has the full performance of IPsec VPNs, but contains no drivers and is much easier to install, maintain and use.

15


System Requirements

The HOB WebSecureProxy is available for:

• Windows (x86, EM64T, Itanium) • Sun Solaris (Sparc, x86-EM64T) • IBM AIX • HP-UX (Itanium) • Linux (x86, EM64T, Itanium)

Any ClientsOn the client side any browser with full Java support (1.4.2 or higher) can be used.

Things To Come

User RolesThe user receives privileges that are dependent on certain conditions. Example: If the client‘s virus definitions are out of date, the user can only obtain access to specific applcations.

Support for Complex NetworksThe administrator can define realms for Kerberos/LDAP, so that complex networks,e.g., in which there are several Active Directory Domains, are supported.

High Availability Through ClusteringTo increase fail-safety, several HOB WebSecureProxies can be grouped into a cluster. Every active session is known to each WSP, so that in the event that one should fail, smooth continued operation is still ensured. To the remote user the cluster appears as a single object.

HOBPhoneThis Java-based SIP client enables the user to call into the enterprise telephone central using a Voice-over-IP connection.

16

Company Profile

HOB GmbH & Co. KG is a mid-sized German software enterprise that develops and markets innovative network solutions worldwide.

The core competencies of this successful company, founded in 1964, comprise server-based computing, secure remote access as well as VoIP and virtualization solutions, which are deployed in small-, mid- and large-scale enterprises. Products are certified by the German BSI (Bundesamt für Sicherheit in der Informationstechnik = German Federal Office for Information security) in acc. w. the Common Criteria.

HOB currently employs in its central offices in Cadolzburg, Germany and in its branch offices approx. 120 people, half of them in the development departments. HOB has branch offices in France, Malta, the Netherlands, the USA and Mexico.

Information in this document is subject to change without notice. HOB is not liable for any omissions or errors which may be contained in this document. Product information contained herein is from Sept. 2010.Any trademarks in this document are the property of their owners.

Contact Information

HOB GmbH & Co. KG

Schwadermuehlstr. 3 90556 Cadolzburg Phone +49 9103 715 0 Telefax +49 9103 715 271

E-mail [email protected] [email protected]

Phone hotline +49 9103 715 161

Fax hotline +49 9103 715 299

Branch offices abroad

Eindhoven, Malta, New York, Paris, Vienna

Visit us on the World Wide Web: http://www.hob.de http://www.hobsoft.com

HOB Inc.

NY Headquarters 245 Saw Mill River Road Suite # 106 Hawthorne, NY 10532 USA

E-mail [email protected] [email protected]

Phone (Toll free) (866) 914-9970

Phone (646) 465-7650

Fax (646) 437-3448

RD VPN 1.4 newest version

Documents

Transcript of RD VPN 1.4 newest version