HOB RD VPN Compact - The Secure Remote Access Solution
Using the software solution HOB RD VPN Compact you can access all applications and data in your enterprise, regardless of whether these are on Windows Terminal Servers, your own workstation PC or on Web servers. The SSL-encrypted access can be made over the Internet from any computer, with any operating system. The RDP client from HOB (included within the scope of delivery) allows you to work remotely with centrally provided Windows applications with the same high performance as if you were working locally. HOB RD VPN Compact is a simple, economical solution for all smaller installations.
In any event, all external connections go over only one open port and only if the connecting party has first authenticated itself. All target systems are secured against anonymous connections from the Internet.
The HOB RD VPN Compact software solution consists of the components:
HOB RD VPN Compact - Remote Access with Many Possibilities
HOB RD VPN has solutions for Windows deployment scenarios that are often found in many businesses:
The Client Software: HOBLink JWT / J-Term
HOB RD VPN Compact provides the above-mentioned Windows operating systems with Web-based access, i.e., the client computer only needs to have a Java-capable browser installed. With HOBLink J-Term you can access all systems that offer the corresponding functionality with a VT emulation. This is secured via SSH.
Access to All Network Resources with the HOB PPP Tunnel
With the PPP Tunnel, the user gets full network access to all the resources in the enterprise network - similar to a classic IPsec VPN. The difference is, that with the PPP Tunnel, you don't have to install any software or drivers on the client machine. The tunnel is started with a simple click in the browser. This provides a platform-independent connection not only from Windows clients, but also with clients running on Linux, Solaris, Mac OS X or FreeBSD.
Intranet Access with the HOB Web-Server-Gate
Client-side SSL also enables the connection to Web servers via HTTPS. The target filter integrated into the HOB WSP Web-Server-Gate will allow users to access only those Web servers for which they have authorization.
HOB WebSecureProxy Universal Client
The HOB WebSecureProxy Universal Client (HOB WSP UC) is a gateway. It enables locally installed third party to exchange data securely over the Internet, thanks to SSL-encryption (SSL tunnel). The HOB WSP UC is Web-based, and the user doesn't need to have any administrator rights. If desired, a local installation can also be made. The HOB WSP UC is currently available in Java and will soon be available in .NET technology as well.
For further information on the HOB WSP UC, please see: Whitepaper "HOB WSP Universal Client"
The Connection: Secured with SSL
Strong encryption of communication data ensures data security for the connection between the client and the entrance to the enterprise network. Thus the connection can also be made over networks that do not themselves have sufficient security. The connection can be made over any TCP/IP network, e.g., the Internet, WiFi or UMTS. This solution is also future oriented: it already supports IPV6.
HOB RD VPN Compact supports the following authentication methods
Access Anywhere, Anytime
Access to the corporate network can be made from anywhere, for example:
And there is no need to install any of the HOB software on the client machine, nor does the user need to have administrator rights.
Supports Virus Scanners
Files that are transferred from a client to the remote system could be virus-infected. HOB RD VPN Compact has an interface for virus scanners, helping secure the remote system from contaminated data.
HOB WTS Computing Compact
HOB WTS Computing Compact is the access solution for Microsoft Windows Terminal Servers. Through the use of this platform-independent solution, the entire range of Windows applications on a WTS can be used, regardless of the client computer's OS.
Flexible Print Functionality via Universal Printer Support
The flexible printer functions provide you with a multitude of options for printing on either local printers or network printers.
With this function, when a user logs on to a terminal server, a specific application will start automatically, preventing the user from having access to the entire Windows desktop. The network administrator can configure this locally.
HOB Desktop-on-Demand Compact
HOB Desktop-on-Demand is the solution from HOB that enables secure remote access to computers within the corporate network and equipped with Windows XP/Vista. The ideal solution for use in a home office or from a laptop, as all data remain on the computer in the enterprise network and thus no data reconciliation, which can be a significant source of errors, between different data stocks need be carried out. Also, a lost or stolen laptop will not mean lost or stolen data, a major security improvement. Additionally, HOB Desktop-on-Demand is also well-suited for remote administration of Windows 2000 Server or Windows Server 2003.
The Windows computer can also be accessed if it has previously shut off. To do this, the target PC's Wake-on-LAN function is utilized; this enables the computer to be booted remotely.
Local Drive Mapping
With HOB Local Drive Mapping data can be copied from the client PC to the target PC and vice versa.
To secure the connection, HOB RD VPN relies on the HOB WebSecureProxy (WSP), the solution's central element. This provides SSL encryption for the connection between the client, HOBLink JWT, and the remote Windows system.
The HOB WSP can be deployed on various platforms. There are versions available for Windows and diverse Unix derivates. With the HOB WSP enhanced load balancing and the reconnection of disconnected sessions is also possible. Access is also possible even when the remote Windows system is in an enterprise network protected by a firewall.
HOB RD VPN Compact enables compression of the SSL-encrypted communication data. This allows for higher performance and/or saving bandwidth.
The HOB WSP is very flexible when it comes to user authentication. The following methods can be used:
The HOB WSP can, by communicating with HOB Enterprise Access, also access user data stored in directory services (via LDAP) for example, Microsoft Active Directory.
Collation with Radius servers that offer strong authentication via hardware tokens is also possible.
Only One Port Required
Only one port is required for the connection of a client to the HOB WSP. No additional port in the enterprise firewall has to be opened, as port 443 (standard port for https) can be used, which is usually available.
Integrated Web Server
A Web server is integrated into the HOB WSP. This is used to load the HOBLink JWT applet, thus no separate Web server need be used. A further advantage: Increased security, because authentication has to be performed before the applet is loaded.
High Performance on Standard Hardware
Even with large numbers of users, high performance is assured – this has been demonstrated by tests with up to 10,000 concurrent sessions (on a 32-bit Windows Server 2003 with two 2.86 GHz processors and 2 GB RAM, of which 512 MB RAM were used).
To avoid having a single-point-of-failure, several HOB WebSecureProxies can be installed in parallel. If for any reason one fails, the others can take over its functions.
Strong Performance with RDP
RDP is the leading industry standard for the transmission of graphical user interfaces. RDP is very powerful and offers a multitude of useful functions.
In a large-scale benchmark test, none of the many other protocols being tested against the latest version of RDP were superior or even comparable in functionality or performance.
In realistic benchmark tests between RDP and VNC protocol (RFB – Remote Framebuffer Protocol), VNC exchanged seven-times the amount of data. Also the comparison of RDP to the proven X-Protocol (X11, MIT) delivered results of a similar magnitude. The comparison of the exchanged data volume corresponds approximately to the ratio of the response-times, i.e., the amount of time the user waits, e.g., for the image to be refreshed.
HOBLink Secure 3.1 has been certified by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI). The certification is in accordance with the Common Criteria Evaluation Level EAL2.
On the client side, any Java-capable platform as of JRE 1.1 can be used. On Unix platforms a JVM with Java 1.2 standard is recommended. Further recommended is a JVM with JIT-Compiler (e.g., Microsoft jview).