Information
Access Scenarios for:
What Does HOB RD VPN Do?
With HOB RD VPN (Remote Desktop Virtual Private Network), you get a solution for performant and secure remote access to all applications and data in the enterprise network. Connections are made over the standards SSL und RDP (Remote Desktop Protocol).
Windows Terminal Server Computing
Secure access to business-critical data and applications.
HOB RD VPN Whitepaper (PDF)
HOB RD VPN Data Sheet (PDF)
Desktop on Demand
Universal access to your workstation - Anywhere, anytime!
Whitepaper (PDF)
Desktop on Blade
Enables enterprises to integrate non-multi-user capable, business-critical data and applications into a server-based computing environment.
Whitepaper (PDF)
What Makes HOB RD VPN Different?
WebSecureProxy (WSP)
The central security element in HOB RD VPN, the HOB WebSecureProxy (WSP) provides security for connections from the client to the server. The WSP is a central component of our remote access solution and distinguishes itself from conventional SSL-VPN approaches through:
- Access: For the connection between the client and HOB WSP you need only one port – thus no additional port in the company firewall need be opened, as the WSP can use the standard HTTPS port 443.
- Powerful performance: Even with a large number of users, high performance is guaranteed – this is demonstrated by tests with up to 10,000 concurrent sessions (on a 32-bit Windows Server 2003 with two 2.86 GHz processors and 2 GB RAM, of which 512 MB RAM was used).
- Fail safety: a parallel deployment of two WSP's provides high failsafe protection at a minimum expense.
- Load Balancing: enables load balancing for connections to WTS farms or Blade Servers - all hardware is optimally utilized.
- Currently runs on Windows Coming soon: Compatibility with a wide array of platforms – Sun Solaris, AIX, HP UX, open Unix, Linux: all under development.
Clientless access
Nothing need be installed on the client. No SSL adapter or Active X is required to establish an SSL-encrypted connection. This ensures the utmost in access flexibility, as end users usually have no administration rights - especially not when they are accessing the enterprise network from an Internet café, or from a customer's or business partner's location.
No protocol conversion
Conventional SSL-VPN solutions have to convert the protocols used. Connections are established in the browser in http, e.g., RDP or ICA are converted to http. HOB RD VPN has its own clients in Java, which establish a direct SSL connection to the WTS, zSeries, iSeries, etc. This gives you increased performance, while at the same time minimizing possible sources of errors.
Certified by the German Federal Office for Information Security
The HOBLINK Secure software, of which the WSP is a component, has been inspected by the German Federal Office for Information Security (BSI) and awarded a security certification. This certification is in full compliance with the Common Criteria Evaluation Level EAL2.
Ethical Hack
"Ethical Hackers" are hired by enterprises to discover security gaps in computer systems and then to close them. In our case, the WSP successfully withstood all hacking attacks.
Compression: V42.bis
With HOB RD VPN you can compress your SSL-encrypted communications data. This can increase performance and/or reduce the required bandwidth.
Authentication methods
The HOB WSP is also very flexible when it comes to user authentication. The following methods can be used:
-
Username/Password in the WSP configuration
-
User data in the HOB Enterprise Access Server or via LDAP
-
Logon over a Radius Server, enabling the use of hardware tokens, e.g. Vasco DigiPass, RSA SecurID, SafeWord PremierAccess
-
X.509 Certificate, e.g. in a chip-card or USB token
-
Verification of certificate validity via OCSP (Online Certificate Status Protocol) in acc. w. RFC 2560
Integrated Web server
A Web server is integrated into HOB WSP. It is used to load the HOBLink JWT applet, so that no separate Web server need be set up. Another advantage: Increased security, because authentication must be successfully performed before the applet can be downloaded.