HOB Solutions at Work

Secure Remote Access and Remote Administration over the Internet

For users with remote access to the enterprise network, security means that they must be sure not to be getting any obsolete data. And for the enterprise, security means that it must be able to trust that the remote user actually is the person that his computer claims him to be. For this, one needs a solution that uses encryption to make eavesdropping on the transferred data impossible.

That the Internet is, in itself, not secure has become common knowledge. Especially confidential business data is a prized target for hackers and other unfriendly people. A proven and, in the meantime, widely accepted  method to prevent eavesdropping is a virtual private network (VPN), which is primarily used to protect communications between routers in various corporate locations.
 


 

The situation becomes more problematic when, for example, home offices or mobile workers are to be connected. From this, multiple threats to data security arise: One of these is that laptops are, in the worst sense of the word, portable devices and often stolen, e.g., in care break-ins. Confidential data on the hard drive falls easily into the wrong hands. Additionally, these devices are often used in environments where the enterprise network administrator has no influence: eavesdroppers and potential data thieves have an easy time of it when a third-party's LAN is used for Internet access.

Secure Remote Access

The sales team from Hiller Objektmöbel, a successful German furniture manufacturer, has run into this situation often, for example when they are in newly built offices or customer's conference centers. In this branch, quick delivery is often more of a decisive sales factor than even price. Thus, a visiting salesperson needs to have reliable and real-time information on stock availability, delivery time, pricing, etc. on the relevant articles.

The company headquarters in Kippenheim has a vital interest to reliably inform their employees of purchase orders and of potential customers. Because only then can the sales team generate increased turnover. This is why, at the end of 2003, that they began to discuss how they could provide a secure and reliable system to provide outside access to the company network. They wanted to have remote access to their database "Sivas," and also enable remote access from Outlook to their Exchange Server. Also, application management was to be improved ; it is simply not good that the sales team had to come into the central office to install every patch, software update or upgrade. That is why Hiller decided to deploy the Windows Terminal Server, which can be centrally managed and maintained.

At the beginning of March Hiller and HOB had agreed upon a project framework that was to guarantee secure remote access for laptops. HOBLink JWT licenses for 25 laptops was purchased to provide encrypted access to the enterprise network. This software is a modern solution for providing access to Windows Terminal Servers (WTS) that goes one step further than, e.g., the proprietary Microsoft solution: Central installation and administration using Java.

This platform independent solution enables you to use the whole range of Windows program on the WTS, regardless of the client machine's OS. Total Cost of Ownership is therefore greatly reduced, as not only all programs, but also HOBLink JWT can be centrally installed and administrated.
HOBLink JWT, together with HOB Enterprise Access give the administrator the ability to centrally administrate all users and configuration data. Users can be displayed in a group and tree structure, which tremendously simplifies administration, especially in installations with numerous users. HOB Enterprise Access supports, over the LDAP interface, all important directory services, e.g., Novell NDS and Microsoft ADS.

Client sessions that were disconnected, for example by the user or due to network outages, can be reconnected. This can also be done when accessing a server farm. The user can continue working from exactly where he was when the interruption occurred. The flexible print functions - Universal Printer Support - in HOBLink JWT also support many different methods of printing, either on  a local or network printer.
HOBLink JWT is based on TCP/IP and is thus Internet capable. Comprehensive encryption methods provide the security required for this. For consistent data security with the WTS, HOBLink Secure (optional) provides strong encryption (SSL up to 256 bit) and authentication.

The Application Serving function is used to automatically start a specific program when logging on to the terminal server, so that the entire Windows desktop need not be made available to the user. Configuration is carried out centrally by the administrator.

HOBLink JWT is available in two different versions: HOBLink JWT Enterprise Access comes with the full support from HOB Enterprise Access with all of its advantages, such as LDAP support, central administration and convenient access to all enterprise servers. HOBLink JWT standalone is a "thin" version conceived for users who do not need central user management.

Hiller Objektmöbel chose the thin version. For their needs, this was a logical choice: The software on the laptops for the sales team had to be reconfigured and installed anyway, and thus had to be brought into corporate headquarters.  The introductory phase is in the meantime concluded and the company's administrators consider it to be a complete success.

Especially the cross-platform functionality, thanks to Java technology, is greatly appreciated by the administrators, because it gives them the chance to use systems other than Windows on the client machines and yet still give the users that "Windows feeling" on the monitor. Also,  JWT's compression algorithm is so well designed, that one can work over DSL with almost no noticeable latency. And, due to the encryption algorithms, at Hiller they are also sure that the data being transferred over the Internet with this system are secured from hackers and any other attackers.

 

14.09.15 JR