Applications
Overview
Accops HySecure supports a wide range of multi-port TCP/UDP applications. You can register the services manually or with Auto Configuration of Standard Applications. Accops HySecure can automatically detect standard services running on machines within a given subnet range and list them for service configuration.
Till last release, for supporting name resolution in 64bit applications, hosts file-based name resolution is to be used, which required additional setting on end user PC (enable option "Use hosts file for name resolution" from client preferences). From version 5035, 64bit applications will have same capability support as with 32bit applications.
When creating applications, HySecure will check if the hostname specified as Application Server hostname and the hostname/domain name in the Web URL is resolvable from gateway or not. An error is displayed if the name cannot be resolved. The Administrator can fix the hostname or they can create a host file entry for the hostname. This can happen if either the hostname typed is not correct or the DNS server is not configured correctly or there is no DNS server at all.
The APPLICATIONS page provides List of Applications created including the Application creation. To get the list of created Applications, perform the following steps:
- Open the Management console and expand ACCESS MANAGEMENT
- Select Applications from the sub menu
- All the created Applications, will be visible on this page in a tabular manner with the following information of each Applications:
| # | Field | Description |
|---|---|---|
| 1 | Application Name | This represents the name of the configured Application |
| 2 | Application Address | This represents the Application Server's Hostname or IP Address |
| 3 | Port | This represents the TCP/UDP port on which the application server listens |
| 4 | Dynamic Port | If the application server accepts connections on dynamic ports, then this cell would contain "Yes" and "No", otherwise. |
| 5 | Protocol | This represents the layer 4 protocol (TCP/UDP etc.) on which the application runs |
| 6 | Application Type | This represents the Application Type which is used for categorization of the configured application. The Type can be http/https/ssh/ftp/vnc etc |
| 7 | URL | This represents the Web URL if the application is a browser based application. |
| 8 | Chained to | This represents Remote HySecure Server name if the application is a site-to-site application. |
Add Applications
On the APPLICATIONS page, click on the Add button to create an Application and provide the information indicated under the below mentioned Tables. Once the information is filled, click on Submit button.
Basic Options
| Option | Description | Importance |
|---|---|---|
| Type: | Type of application. | This is used to categorize the application under different section when displaying the application list to users. (See Application Templates table below) Depending on the Application Type chosen the following fields may change. |
| Name: | Application Identifier. | Application Name with spaces will be displayed to the user. Application Name with spaces removed will be used as application identifier. |
| Description: | Application description to be displayed on VPN portal to user. | |
| Application Server Address: | Hostname of IP address of the application server. | Make sure HySecure can resolve the hostname of the application server. Specify a comma separated list if multiple application servers exists for same application, along with clustered application option as described below. |
| Application Port: | TCP/IP port on which application server is listening for connections. | An application can have comma separated multiple ports (e.g. 80,100,200) or hyphen separated range of ports (e.g. 80-100). |
| Protocol: | Select application protocol TCP or UDP from the list. | |
| Web URL: | Full URL of the target web server in case the application is a web application. | If the URL is specified, the application will be listed on the HySecure Web Portal and HySecure Application Launcher opened on user\'s machine. |
| Hidden Application: | Hide application listing on Web Portal and in Desktop Client. | In this case, the url of the application is expected to be known to the user and s/he will need to enter the url manually to access it as an application |
| Hide Access Pop-up: | Hide pop-up from client system tray when the application is accessed first time. | |
| User Mapping Information: | Used only in My Desktop Application. | A list of entries containing username, IP address and port numbers are to be pasted in, separated with commas. |
| Application to Use: | Used only in My Desktop Application. | Select the application protocol to use. Accordingly the relevant Java application will be used on Web Portal. |
Advanced Options
| Option | Description | Importance |
|---|---|---|
| Show Real IP Address of Server: | Show Real IP address of server to applications on user machine. | This will disable IP address mangling for this application. |
| Enable Compression: | Enable data compression for this application. | |
| Clustered Application: | Select this option if there are multiple application servers present in LAN to serve remote users and HySecure should do round robin based load balancing among the application servers for this application. | Multiple application servers can be specified as a comma separated list in \"Application Server Address\" field. |
| Enable Session Caching: | Select this option to enable sticky session feature when the application is running in clustered mode. | |
| Site to Site Application: | Select if the application exists behind a remote HySecure gateway and is available over a site-to-site connection. | |
| Remote Server Name: | In case of site to site application, enter hostname/IP address of remote HySecure gateway. | |
| Auto Launch: | Application will auto launch after user signs in. |
User Options
Certain application types like http, https, RDP, FTP, VNC, Microsoft Fileshare, NFS, My Desktop and Files, HyWorks - Controller (Primary & Secondary), Microsoft OWA etc have user configurable options available.
| Option | Sub-option | Description |
|---|---|---|
| Enable Single Sign-on: | Enables single sign-on functionality from VPN Portal. Select this option for further configuring additional information related to SSO | |
| Authentication Type | This option is available for the following applications: HTTP / HTTPS / Citrix Web / Microsoft OWA Select from the drop down list, as appropriate |
|
| Form Based Authentication | ||
| Single Sign-On URL | This field is displayed on selecting "Authentication Type" as "Form Based". Enter the url which should get used for a form based authentication |
|
| Request Type | This field is displayed on selecting "Authentication Type" as "Form Based". Enter the request type as "GET" or "POST" as is supported by the url entered for single sign-on |
|
| Request Format | This field is displayed on selecting "Authentication Type" as "Form Based". Enter the request format |
|
| NTLM Based Authentication | ||
| Use HySecure Credentials | This field is displayed in situations when "Authentication Type" is selected as "NTLM based" OR the application type is selected as "Microsoft Fileshare"/RDP/FTP/VNC/NFS/"MyDesktop and Files" etc. Check this box to use the HySecure Credentials for accessing application. |
|
| Use a Common Account | This field is displayed in situations when "Authentication Type" is selected as "NTLM based" OR the application type is selected as "Microsoft Fileshare"/RDP/FTP/VNC/NFS/"MyDesktop and Files" etc. Check this box to use a common account (as listed in the next fields for configuration) for accessing application. As a result of this configuration, the actual credentials used for accessing the application are different from the one used for HySecure authentication |
|
| Username | This field is displayed on checking "Use a Common Account" Enter the Username for common account. |
|
| Password | This field is displayed on checking "Use a Common Account" Enter the Password for common account. |
|
| Domain | This field is displayed on selecting "Authentication Type" as "NTLM based" Enter the Domain name or workgroup. |
|
| SAML Based Authentication | ||
| Preconfigured Service Provider |
Select one of preconfigured Service Provider from the drop down list | |
| 1. Service Provider Login URL 2. Service Provider Logout URL 3. Audience 4. Issuer |
These values are available from the selected Service Provider's site | |
| The fields indicated below are visible when Application type is selected as "Microsoft Fileshare"/RDP/FTP/VNC/NFS/"MyDesktop and Files" etc. | ||
| Use HySecure Credentials | Check this box to use the HySecure Credentials for accessing application. | |
| Use a Common Account | Check this box to use a common account (as listed in the next fields for configuration) for accessing application. As a result of this configuration, the actual credentials used for accessing the application are different from the one used for HySecure authentication | |
| Username | This field is displayed on checking "Use a Common Account" Enter the Username for common account. |
|
| Password | This field is displayed on checking "Use a Common Account" Enter the Password for common account. |
|
| Domain | Enter the Domain name or workgroup in which the common account's user would fall | |
| User Home Directory | Specify the user's home directory for "Microsoft Fileshare" / "NFS" access. This will also restrict the user to navigate beyond the home and underlying folders. | |
| User can reboot VM | Applicable for "Accops VDI" type of application. Check the box to allow the user to reboot the Virtual desktop. |
Remote Display Options
Remote Display options are available for My Desktop, RDP and Accops VDI application types.
| Option | Description |
|---|---|
| Let User Choose: | Enables user to choose display options, local resources and program options while accessing application. |
| Display Options: | Choose color, screen resolution and performance options. |
| Local Resources: | Remote Desktop Protocol local resources options for application access. |
| Program Name: | Program to be executed while accessing application. |
Add Applications to Application Group
An administrator can organize applications into Application Groups. In the CREATE APPLICATION" screen, click on the Add Application to Application Group link. The Add/Delete Application Group to Application screen appears.
To add the Application to High Security Application Groups:
- Select the Application Group(s) in the High Security Application Groups table to which this application should belong.
- Click Add. The selected Application Group(s) move from High Security Application Groups table to the Application Groups table on the opposite side of the screen.
- To add the Application to Basic Security Application Groups, select the Application Group(s) in the Basic Security Application Groups table to which this application should belong,
- Click Add. The selected Application Group(s) move from Basic Security Application Groups table to the Application Groups table on the opposite side of the screen.
-
Click Submit to update the list of selected Application Groups or click Cancel to abort. The Application Group name(s) will be listed in the Selected Application Groups list on this application's Create Application and Modify Application screens.
Note
Subscription to Application Groups is not applied until after you have clicked the Submit button on the Create Application or the Modify Application screen.
Application Templates
Application templates are included in the management console to help administrator create standard applications as well as define additional parameters.
| Application Type | Description | Listed on HySecure Portal | Listed on Client App Launchpad | Show in Client Activity List |
|---|---|---|---|---|
| HTTP, HTTPS | Web applications. A URL must be entered. If URL is not entered, application will not be listed on application portal. Domain name in the URL must match either the application name or “server address”. | X | X | X |
| FTP | File Transfer Protocol application accessible via browser. A URL must be entered. If URL is not entered, application will not be listed on application portal. Domain name in the URL must match either the application name or “server address”. | X | X | X |
| FTP-java, SSH, Telnet, VNC,RDP, Microsoft Fileshare, NFS | Java based application applets for accessing VPN applications without client software. | X | X | X |
| Network | Publish multiple IP addresses or a range of network IP addresses | |||
| Microsoft Exchange | Access to Microsoft Exchange Server. | - | - | X |
| My Desktop and Files | MyDesktop is a direct desktop access via Accops HySecure. Administrator can create an application with application type as MyDesktop and upload a list of username along with their desktop hostname/IP address. This application can be then assigned to the groups. When users login into HySecure an application with name My Desktop is displayed on the Web Portal. User can access her desktop using hostname “mydesktop” or the IP address of her desktop. Upload a list of usernames and their corresponding desktop ipaddress/hostname. The format of the data is: Username, desktop ip address/hostname , port no Choose from RDP and VNC based on what protocol users will use to connect to their desktop. | X | X | X |
| HyWorks - Controller (Primary) | ||||
| HyWorks - Controller (Secondary) | ||||
| HyWorks - Application Server | ||||
| Citrix Web | Citrix Web Interface Application. A URL must be entered. | X | X | X |
| Citrix ICA | Citrix ICA Application. | - | - | X |
| Accops TSE - Web | Accops TSE LaunchPad Portal. A URL must be entered. If an application is published with this type and URL, “TSE Applications” tab will be enabled on Web Portal. Single sign-on will be enabled for this application. On Web Portal, the applications will be fetched from Accops TSE Web server and displayed on VPN Portal. VPN Client will also fetch the TSE published applications and show them on VPN Application LaunchPad. | X | X | X |
| Accops TSE – Application Server | Application to publish RDP access to Accops TSE Application servers. Create applications with this type for Accops TSE Application servers. | Under TSE tab | As TSE Applications | X |
| As TSE Applications | Application to publish TSE – IFS and Printing access to Accops TSE Application servers. Create applications with this type for Accops TSE Application servers. | - | - | X |
| Accops VDI | Application for publishing Virtual Desktops from Accops VDI. Create this application with server address as Accops VDI connection broker for port 80. The user’s virtual machine access will be provided Dynamically. | X | X | X |
| Microsoft OWA | Application to publish Outlook Web Access. | X | X | X |
| Remote Meeting | HySecure desktop sharing, file sharing and chat | X | X | X |
| Others | Any supported service not of the types described above |
Thin Applications on HySecure Portal
HySecure Web Portal comes with a set of Java applications which helps user access applications without requiring client software. The following Java applications are available on the portal:
| Application | Description |
|---|---|
| Remote Desktop | Remote desktop Java application is a Java application to launch remote desktop protocol session with a windows machine. Remote desktop Java application has two modes: |
| 1. When launched it tries to access the native Microsoft terminal services client. If the Microsoft terminal services client is found and can be launched, it launches the client with required parameters to establish a connection. | |
| 2. If the Microsoft terminal services client is not found or cannot be launched, the Java based remote desktop client is launched with required parameters. When remote desktop java application is launched, it prompts user for remote desktop protocol specific options. All options can be controlled and specific by administrator. Following options are configurable: | |
| 1. Display settings | |
| 2. Local Resources settings | |
| 3. Program Name | |
| The remote desktop application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the terminal server. The single sign-on settings can be forced by administrator also. | |
| FILE TRANSFER | File transfer is a Java application to launch FTP session with a FTP server. The FTP application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the server. The single sign-on settings can be forced by administrator also. |
| SECURE SHELL | Secure Shell is a Java application to launch SSH session with a SSH server. |
| VNC | VNC Application is a Java application for VNC protocol sessions. The VNC application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the VNC server. The single sign-on settings can be forced by administrator also. |
| FILE SHARE | File Share application is a Java application for Microsoft File Share protocol SMB and open protocol NFS. When run by user, the application browses the shared files and folder on the target server. The File Share application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the target server. The single sign-on settings can be forced by administrator also. Administrator can also force a home directory for the user. If specified, user can only browse the child directories of the home directory and cannot access any other root directory. |
Modifying Applications
- In the management console, click ACCESS MANAGEMENT \ APPLICATIONS.
- Click on the check box for the application you want to edit and click Modify. The Modify Application screen appears.
- Modify application details as needed. Refer to Create Application section while making the entries.
- Modify Application Groups by clicking on the Add/Delete Application Group to Application (please see the Adding Application to Application Group section that follows).
- Click Submit to save changes or click Reset to cancel the changes made.
Deleting Applications
- In the APPLICATIONS screen described above, select the Application(s) you want to delete. To select all applications, select the Check all check box below the table.
- Click Delete to delete the selected application(s).
- When prompted for deletion confirmation, click OK to delete the application(s) or click Cancel to abort.