HOB RD VPN (Remote Desktop Virtual Private Network) is a pure software solution, not an appliance, which makes it highly scalable and flexible. HOB RD VPN provides you with much more than just SSL-secured remote computing capability: it is a comprehensive software solution that enables enterprises to secure their server-based computing environment with strong SSL encryption and strong authentication. HOB RD VPN surpasses the usual SSL/VPN approach, as it provides not only strong security, but also the connectivity clients (HOBLink JWT, HOBLink J-Term) for Windows Terminal Servers, Windows XP Professional, Windows Vista and legacy applications on IBM Mainframes, ISeries and Unix Servers.
HOB RD VPN provides secure remote access to all applications and data in your enterprise network via powerful SSL-encryption technology and supports strong authentication, for example, via hardware tokens (Vasco DigiPass, RSA SecurID, SafeWord PremierAccess, etc.); via an X.509 certificate, e.g. in chip card or USB token form; or certificate validity verification via OCSP (Online Certificate Status Protocol) in acc. w. RFC 2560, among others. However, the high level of security you can achieve with HOB RD VPN is only one of the major advantages speaking for this solution.
Flexible, secure, dependable, and highly performant access for your clients, regardless of the client platform, is guaranteed through the use of the communication / encryption standards TCP/IP, RDP (Remote Desktop Protocol) and SSL. The cross-platform capability is made possible through the use of Java technology. The Windows desktop of the remote system appears on the client machine as if it were running locally, giving the user the look and feel of working on a local PC. Flexible access, with HOB RD VPN, means more than just having various configuration possibilities: When we say HOB RD VPN gives you flexible access, we mean that you can access your Windows Terminal Servers, or Blade servers, or Windows XP Professional Workstation from any Internet-capable client computer in the world and, as long as there is a browser with a JVM installed on this computer, as is the case with the vast majority, no local software installation on the client is required.
HOB RD VPN provides you with several possible solution scenarios for secure remote access to the Windows environments most often found in corporate networks:
 |
HOBLink JWT has been tested by VeriTest and is certified as "Designed for Windows XP" |
HOB RD VPN deploys the software HOBLink JWT to
access the workstations. This client software is programmed in Java, enabling it
to work with the most widely used operating systems, e.g., Windows and Mac OS X.
In the first case, HOBLink JWT runs in a browser, therefore no software need be installed on the client. The Web browser loads all the required components for remote access. The only requirement on the client is that it have a Web browser with a Java Virtual Machine, which is usually already installed on most systems.
Strong encryption of the communication data protects all data transferred between the client and the gateway to the enterprise network. This enables you to have high security even when communicating over networks that are in themselves not secure, for example, WLAN's, the Internet, etc. All TCP/IP networks can be used for this secure communication, i.e., the Internet, WiFi or UMTS. As it also supports IPV6, your investment in HOB RD VPN is secure far into the future.
Secure remote access to your enterprise network is available from anywhere at anytime!
Easy access to internal corporate resources also enables you to provide your business partners or customers with fast and uncomplicated access to those resources, or only the parts of them you want to make accessible. The user only needs to call up a Web address (URL) and identify him- or herself. After identification is confirmed, access is granted according to the policy you define.
Files transferred from the client to the remote system could be infected with viruses. HOB RD VPN includes an interface for anti-virus programs, enabling you to prevent your systems from becoming contaminated.
HOB WTS Computing is the access solution for Microsoft Windows Terminal Servers. This platform-independent solution allows your client computers to work with the full range of Windows applications on the WTS, no matter what OS the client computers are running.
By deploying HOB WTS Computing together with HOB Enterprise Access, the administrator can centrally manage all user and configuration data. HOB Enterprise Access can administrate this data itself or it can use its LDAP interface to access directory services such as Microsoft Active Directory.
The flexible printer functions provide you with a multitude of options for printing to locally installed or network printers.
This function (printing on local or network printers via PCL) gives you support for virtually any printer on the market, without having to install the driver for each printer on the WTS. Print data is processed on the server using standard drivers and converted by HOBLink JWT for output on a local or network printer. You cut administration to a minimum and avoid hassles with unstable drivers on your WTS! The local system's standard printer with the local driver can be used as the deflt. This way, the select printer dialog does not appear every time you print. Easy Print can also be used under Mac OS X.
Client sessions that were disconnected, for example, by the user or through network malfunctions, can be reconnected at the exact same place where they were interrupted. This can also be done when connections are made to a server farm. The HOB RD VPN software reconnects the session to the same server and application from which it was disconnected.
This function allows you to define a specific application to be opened at the start of a session. For this session, only this application will be available; the user will not have access to the entire Windows desktop. This way, the administrator can control precisely which applications will be available to which users.
Via HOB Local Drive Mapping, data can be sent from the client to the remote PC and vice versa. This data exchange is anti-virus protected and can be SSL-encrypted, i.e., highly secure!
Access to local drives, for example, CD-ROM, Diskette, or hard disk, is ensured by HOBLink JWT's "Enhanced Local Drive Mapping" feature. This feature can be used with Windows 2000 Servers and with Windows Server 2003. HOB also offers with the Enhanced Local Drive Mapping a strong, optional virus protection, protecting your servers from becoming contaminated with potentially destructive viruses.
There are several reasons why a company might supplement a classical TS farm with a blade server solution. One of these, for example, would be to reduce the total cost of ownership and benefit from the potentially great savings on administration and maintenance. There are other, often overlooked reasons to go with this solution: A major advantage of using a blade server farm is that older applications, or custom-written (home-grown) applications that could not be effectively deployed in a Terminal Server multi-user environment can be used in a multi-user environment based on blade servers. This saves the costs associated with reprogramming older/custom applications or having to replace them entirely.
The VDI Business feature is an optional add-on of the HOB RD VPN solution. It is used to access blade centers running MS Windows XP Professional or MS Vista. This solution also uses the Microsoft standard Remote Desktop Protocol (RDP). HOB VDI Business provides the user with similar functionality as the WTS solution, i.e. access to remote Windows applications. The difference is, that these applications reside on blade servers using the Windows XP Professional operating system or MS Vista, enabling HOB VDI Business users to remotely access applications that, for any number of reasons, would not be suitable for a Windows Terminal Server. In many cases this can result in considerable savings by reducing the number of required software licenses, when the licensing is per client and not per "named user."
The VDI Business principle: After a user establishes a connection, he is assigned his own blade, to which nobody else has access as long as the session remains active. For every connection attempt, any blade from a pool of blades (the blade server) can be selected freely. The HOB Blade Balancer ensures that only one user at a time can connect to any one blade. If a user has been disconnected, but the session is still open, when a reconnect is made, he will be reconnected to the same blade on which the application he was using is running.
The HOB VDI Business solution enables you to run high performance applications that require tremendous resources or cannot be run on a WTS , e.g., CAD applications. Differently than with WTS, the connected user always has 100% of the blade's capacity at his sole demand.
HOB VDI Business can also be deployed on virtual PC's.
The main advantages of HOB VDI Business:
 |
HOB WebSecureProxy has been tested by VeriTest and is certified for Microsoft Windows Server 2003 |
HOB WebSecureProxy (WSP), a secure proxy server, is the central security element of HOB RD VPN, ensures the security of all communications between the HOBLink JWT client and the remote Windows system. The strong SSL encryption provides you with a level of security not surpassed by any other commercially available solution! It can be deployed on numerous platforms: there are versions available for Windows and diverse Unix derivatives.
HOB WSP also has an Enhanced Load Balancing component, with which the load balancing function can be fine-tuned to your exact requirements. HOB WSP also enables you to reconnect to disconnected sessions.
Secure remote access is even possible when the remote Windows system is in an enterprise network that is protected by firewalls. HOB WebSecureProxy provides the HOB RD VPN solution with many important features and functionalities. Below, you can find a brief description of some of the most interesting ones.
The HOB WSP Web Server Gate provides secure remote access to enterprise-internal Web servers and Web services via HTTPS and protected by the HOB WebSecureProxy. The HOB WSP Web Server Gate presents itself to the target server as a Web browser. Links on the Web pages (HTML links or those generated by Java Script) are correspondingly adapted by the HOB WSP Web Server Gate.
Client-side SSL enables secure connections to Web servers via HTTPS. The target filter integrated into the HOB WSP Web Server Gate allows you to restrict access to authorized Web servers or Websites.
The Load Balancing component, included in the scope of delivery, enables you to distribute the load over all servers in the farm, optimally using all available hardware. The optional Enhanced Load Balancing component gives the administrator the power to even more finely control load distribution. Many criteria can be defined to calculate load, e.g., CPU-load, swap activity, memory utilization, number of active sessions, network load, etc.
With HOB Desktop-on-Demand, you can do more than just access remote computers running the Windows XP Professional operating system or MS Vista, you can also benefit from the Wake-on-LAN function to remotely switch them on. This is an ideal solution for deployment in a home office or on a laptop, as all data remain on the computers in the enterprise network, eliminating the need to collate different data stocks: a resource-consuming task that can also be a considerable source of errors. In addition to this, HOB Desktop-on-Demand is also suitable for the remote administration of Windows 2000 Servers or Windows Server 2003.
The Windows computer can be accessed even if it has been shut off. This is done by addressing the Wake-on-LAN function of the PC in the enterprise network, which enables a remote booting.
HOB WSP is also very flexible when it comes to authentication. The following methods can be used:
HOB WSP, by communicating with HOB Enterprise Access, can also access user data stored in directory services (LDAP), for example, Microsoft Active Directory.
It is also possible to carry out file collation with Radius servers, which offer strong authentication via hardware tokens.
For the connection between the client and HOB WSP only one open port is required – this means, no extra port in the corporate firewall has to be opened, as the https-default port 443 can be used.
The HOB WSP has its own integrated Web server. It is used to load the HOBLink JWT applet, eliminating the need to set up a separate Web server. An additional benefit: Increased security, because authentication is done before the applet is downloaded.
High performance is guaranteed even for large numbers of connected users – this has been demonstrated by tests with up to 10,000 concurrent sessions (on a 32-bit Windows Server 2003 with two 2.86 GHz processors and 2 GB RAM, of which 512 MB RAM were used).
To avoid a single-point-of-failure, several HOB WebSecureProxies can be deployed in parallel. If for any reason one of them fails, the others take up the load.
HOBLink Secure 3.1 was awarded the German IT Security Certificate by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). This certification was carried out in full compliance with the internationally recognized Common Criteria Evaluation.
Any Java-capable platform from JRE 1.1 up can be used on the client side. On Unix platforms a JVM with the Java 1.2 standard should be used. The client must have a JVM, these are usually installed on a browser. We recommend a JVM with JIT compiler.
The Beta versions can be delivered on request.
White paper: HOB RD VPN (PDF)
White paper: HOB WebSecureProxy (PDF)
White
Paper: HOB WebSecureProxy Web Server Gate (PDF)
White paper: HOB RD VPN - Windows® in a Browser (PDF)
White paper: HOB RD VPN - Secure Access (PDF)
HOB RD VPN on Windows Vista Clients
HOB RD VPN
Quick Info (PDF)
HOB RD VPN
data sheet (PDF)
The
HOB WebSecureProxy as SSL terminal for secure e-mail (PDF)
Why
WTS solutions should avoid BigIP Load Balancing
For technical information please contact our support department.
webmaster@hobsoft.com, Last Updated: 05-May-10
