HOB RD VPN Compact - The Secure Remote Access Solution

Using the software solution HOB RD VPN Compact you can access all applications and data in your enterprise, regardless of whether these are on Windows Terminal Servers, your own workstation PC or on Web servers. The SSL-encrypted access can be made over the Internet from any computer, with any operating system. The RDP client from HOB (included within the scope of delivery) allows you to work remotely with centrally provided Windows applications with the same high performance as if you were working locally. HOB RD VPN Compact is a simple, economical solution for all smaller installations.

Difference Between HOB RD VPN and HOB RD VPN Compact

In any event, all external connections go over only one open port and only if the connecting party has first authenticated itself. All target systems are secured against anonymous connections from the Internet.

The HOB RD VPN Compact software solution consists of the components:

• HOBLink JWT
• HOBLink J-Term (VT) incl. SSH
• HOB PPP Tunnel
• HOB Web Server Gate
• HOB WebSecureProxy Universal Client
• HOB WebSecureProxy

HOB RD VPN Compact - Remote Access with Many Possibilities

HOB RD VPN has solutions for Windows deployment scenarios that are often found in many businesses:

• HOB WTS Computing Compact
• HOB Desktop-on-Demand Compact
• HOB Web Server Gate and Universal Client Compact

The Client Software: HOBLink JWT / J-Term

HOB RD VPN Compact provides the above-mentioned Windows operating systems with Web-based access, i.e., the client computer only needs to have a Java-capable browser installed. With HOBLink J-Term you can access all systems that offer the corresponding functionality with a  VT emulation. This is secured via SSH.

Access to All Network Resources with the HOB PPP Tunnel

With the PPP Tunnel,  the user gets full network access to all the resources in the enterprise network - similar to a classic IPsec VPN. The difference is, that with the PPP Tunnel, you don't have to install any software or drivers on the client machine. The tunnel is started with a simple click in the browser. This provides a platform-independent connection not only from Windows clients, but also with clients running on Linux, Solaris, Mac OS X or FreeBSD.

Intranet Access with the HOB Web-Server-Gate

With the HOB WSP Web-Server-Gate enterprise-internal Web servers and Web services can be securely accessed from outside over HTTPS and protected by the HOB WebSecureProxy. The HOB WSP Web-Server-Gate presents itself to the target Web server as a Web browser. All links contained in the Web pages (HTML links or those generated by JavaScript) are converted automatically by the HOB WSP Web-Server-Gate upon access.

Client-side SSL also enables the connection to Web servers via HTTPS. The target filter integrated into the HOB WSP Web-Server-Gate will allow users to access only those Web servers for which they have authorization.

HOB WebSecureProxy Universal Client

The HOB WebSecureProxy Universal Client (HOB WSP UC) is a gateway. It enables locally installed third party to exchange data securely over the Internet, thanks to SSL-encryption (SSL tunnel). The HOB WSP UC is Web-based, and the user doesn't need to have any administrator rights. If desired, a local installation can also be made. The HOB WSP UC is currently available in Java and will soon be available in .NET technology as well.

For further information on the HOB WSP UC, please see: Whitepaper "HOB WSP Universal Client"

The Connection: Secured with SSL

Strong encryption of communication data ensures data security for the connection between the client and the entrance to the enterprise network. Thus the connection can also be made over networks that do not themselves have sufficient security. The connection can be made over any TCP/IP network, e.g., the Internet, WiFi or UMTS. This solution is also future oriented: it already supports IPV6.

Authentication

HOB RD VPN Compact supports the following authentication methods

• Username/Password
• Token (e.g., Vasco DigiPass, RSA SecurID, SafeWord PremierAccess)
• SSL client certificate

Access Anywhere, Anytime

Access to the corporate network can be made from anywhere, for example:

• from home
• from a hotel
• when you are traveling
• from an Internet café
• from an Internet kiosk

And there is no need to install any of the HOB software on the client machine, nor does the user need to have administrator rights.

Supports Virus Scanners

Files that are transferred from a client to the remote system could be virus-infected. HOB RD VPN Compact has an interface for virus scanners, helping secure the remote system from contaminated data.

HOB WTS Computing Compact

HOB WTS Computing Compact is the access solution for Microsoft Windows Terminal Servers. Through the use of this platform-independent solution, the entire range of Windows applications on a WTS can be used, regardless of the client computer's OS.

Flexible Print Functionality via Universal Printer Support

The flexible printer functions provide you with a multitude of options for printing on either local printers or network printers.

• Local Print (print locally or over a network with a driver on the WTS)
• Easy Print (print on locally available printers with locally installed drivers)
• LPR/LPD Print
• IP Print (printing on a network printer's IP port)
• With Windows clients: automatic printer mapping

Application Serving/Publishing

With this function, when a user logs on to a terminal server, a specific application will start automatically, preventing the user from having access to the entire Windows desktop. The network administrator can configure this locally.

HOB Desktop-on-Demand Compact

HOB Desktop-on-Demand is the solution from HOB that enables secure remote access to computers within the corporate network and equipped with Windows XP/Vista. The ideal solution for use in a home office or from a laptop, as all data remain on the computer in the enterprise network and thus no data reconciliation, which can be a significant source of errors, between different data stocks need be carried out. Also, a lost or stolen laptop will not mean lost or stolen data, a major security improvement. Additionally, HOB Desktop-on-Demand is also well-suited for remote administration of Windows 2000 Server or Windows Server 2003.

Wake-on-LAN

The Windows computer can also be accessed if it has previously shut off. To do this, the target PC's Wake-on-LAN function is utilized; this enables the computer to be booted remotely.

Local Drive Mapping

With HOB Local Drive Mapping data can be copied from the client PC to the target PC and vice versa.

HOB WebSecureProxy

To secure the connection, HOB RD VPN relies on the HOB WebSecureProxy (WSP), the solution's central element. This provides SSL encryption for the connection between the client, HOBLink JWT, and the remote Windows system.

The HOB WSP can be deployed on various platforms. There are versions available for Windows and diverse Unix derivates. With the HOB WSP enhanced load balancing and the reconnection of disconnected sessions is also possible. Access is also possible even when the remote Windows system is in an enterprise network protected by a firewall.

Data Compression

HOB RD VPN Compact enables compression of the SSL-encrypted communication data. This allows for higher performance and/or saving bandwidth.

Authentication Methods

The HOB WSP is very flexible when it comes to user authentication. The following methods can be used:

• User name/Password in the WSP configuration
• User data in the HOB Enterprise Access Server or over LDAP
• Logon via Radius Server, therefore also with a hardware token, e.g., Vasco DigiPass, RSA SecurID, SafeWord PremierAccess
• X.509 certificate, e.g., in chip card or USB token
• Verification of certificate validity via OCSP (Online Certificate Status Protocol) in acc. w. RFC 2560

The HOB WSP can, by communicating with HOB Enterprise Access, also access user data stored in directory services (via LDAP) for example, Microsoft Active Directory.

Collation with Radius servers that offer strong authentication via hardware tokens is also possible.

Only One Port Required

Only one port is required for the connection of a client to the HOB WSP. No additional port in the enterprise firewall has to be opened, as port 443 (standard port for https) can be used, which is usually available.

Integrated Web Server

A Web server is integrated into the HOB WSP. This is used to load the HOBLink JWT applet, thus no separate Web server need be used. A further advantage: Increased security, because authentication has to be performed before the applet is loaded.

High Performance on Standard Hardware

Even with large numbers of users, high performance is assured – this has been demonstrated by tests with up to 10,000 concurrent sessions (on a  32-bit Windows Server 2003 with two 2.86 GHz processors and 2 GB RAM, of which 512 MB RAM were used).

Fail-Safety

To avoid having a single-point-of-failure, several HOB WebSecureProxies can be installed in parallel. If for any reason one fails, the others can take over its functions.

BSI Certified

HOBLink Secure 3.1 has been certified by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI). The certification is in accordance with the Common Criteria Evaluation Level EAL2.

BSI Security Certificate in PDF Format

System Requirements

Client:

On the client side, any Java-capable platform as of JRE 1.1 can be used. On Unix platforms a JVM with Java 1.2 standard is recommended. Further recommended is a JVM with JIT-Compiler (e.g., Microsoft jview).

  Using HOB RD VPN on Windows Vista Clients

HOB WebSecureProxy

• Windows (x86, EM64T)
• Linux (x86, EM64T)