|
HOB WebSecureProxy Universal Client
- secure access from client applications over the Internet
Overview
The HOB WebSecureProxy Universal Client (in short: HOB WSP UC) is part of the comprehensive secure remote access solution HOB RD VPN.
The HOB WebSecureProxy Universal Client provides locally installed third party applications with a secure, SSL-encrypted data access over the Internet.
The HOB WSP UC from the User's Point of View
To run the HOB WSP UC, the user simply starts his or her browser and connects to HOB RD VPN in the company network. First the user authenticates himself and then sees the HOB RD VPN starting page. On this page there is a link for starting the HOB WSP UC.
After clicking on this link, the user is sent a Java-Applet, which sets up an ssl_encyrpted connection. Now the user can run his application and establish a secure connection over HOB RD VPN to the target system.
The HOB WSP Universal Client can be used without making any installation on the client system. The user doesn't need any administrator rights.
User Authentication
User authentication is done first over HOB RD VPN. Depending on the installation type, this can be done in one of several ways:
- UserID and password
- Token with a one-time-password, e.g., RSA SecurID, Secure Computing Premier Access or Vasco Digipass
- Client-side certificate for authentication over SSL (e.g., stored on a smartcard).
The logon to HOB RD VPN is done by the browser over an SSL/HTTPS-secured connection, i.e., authentication takes place on an already secured line and is safe from step one.
The second authentication is done on the company network. Hereby, the user logs on to a specific domain. Access rights for the domain user are set on the corresponding server.
User Settings in HOB RD VPN
HOB WSP UC is configured in the HOB RD VPN user management module. The administrator creates a configuration for the HOB WSP UC, which can be assigned to a user, a user-group or the entire firm.
The administrator can deterömine how the user login is to be made:
- by entering the domain, user name and password
- by using the login data from HOB RD VPN
- by using login data saved in the configuration
The administrator determines which TCP ports and protocols are SSL-encrytped.
All settings can be inherited from a superordinated element, e.g., all users in a group inherit their settings from that group. This way, the administrator need not make seperate settings for each indivicual user.
Benefits of the HOB RD VPN WSP Universal Client
Users with locally installed programs can now use the HOB WSP UC and SSL encryption to securely access enterprise servers. This is especially interesting if the applications themselves haven't implemented any secure communications methods. For all applications that establish connections over the HOB WSP UC , only one SSL port is used (e.g., 443). No additional ports need be opened int he company firewall.
Advantages of the HOB RD VPN WSP UC
- Strong, secure authentication
- Centralized, user-specific settings
- Works without administrator rights or installation on the client system
- Communication over HOB RD VPN in the enterprise DMZ
- Connections can be easily configured in the central user management
- Only one SSL port required for the connections of all configured applications
Preferred Applications for the HOB WSP UC
- E-mail programs, e.g., Mozilla Thunderbird
- Browsers such as Mozilla Firefox, Opera, etc. (deployment of the HOB WSP UC as a Socks 5 proxy)
- SAP GUI's and other enterprise and resource planning systems
- Terminal emulations, e.g., HOBLink Terminal Edition
- Remote desktop clients, e.g., Microsoft RDC client
- Remote maintenance software, e.g., RealVNC
- Database applications
The HOB WSP UC is also available for Windows mobile clients in .NET.
Alternative: Access to All Network Resources
For complete and secure network access, HOB offers the HOB RD VPN PPP Tunnel. This solution is available in the product HOB RD VPN NetAccess. This can use other protocols in addition to TCP.
01.06.11 KUA
Tr. 09.01.12 JR
|
|
|
|
