HySecure Features
Accops HySecure has a large set of features focusing on different modules. A comprehensive list grouped at the module level is provided here.
Gateway Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | Hardened Gateway OS | Runs on hardened Linux based platform |
| 2 | Menu driven OS configuration | Menu driven console interface for easy initial network configuration of the OS |
| 3 | Hardware Independent OS | Runs on any standard or custom hardware |
| 4 | Multiple Form factors | Runs on virtualization platforms like VMWare, XenServer, Hyper-V and Nutanix. Support is also available on Azure and AWS platforms |
Access Modes Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | Multiple Access Modes | Gateway can be accessed in the following ways 1. Clientless Web Portal 2. Hybrid Mode 3. Client for Windows, Linux, MAC 4. Client for iOS, Android 5. Kiosk based access mode for non-admin access |
| 2 | No Configuration on Clients | Clients do not need any configuration. All they need is the Gateway IP and their credentials |
| 3 | Multiple Client Platform Supported | Win98/XP/Vista/Win7/Win8 Windows Server 2003/2008/2012 Linux OS MAC OS X PPC/Intel 10.4 and above iPad / Android |
Access Security Features
| # | Feature | Explanation |
|---|---|---|
| 1 | Access over Secure Protocols | Gateway can be accessed over SSL 3.0 or TLS 1.0/1.1/1.2 |
| 2 | Multiple Data-Encryption standards supported | Following Data encrytion standards are supported for transmitting data over the secure channel DES, 3DES, AES(256), RC4 |
| 3 | Multiple Authentication supported | MD-5, SHA-1, RSA 1024, RSA 2048 |
| 4 | CA certificate support | 4096-bit RSA key CA certificate support |
| 5 | Internet network masking and IP address/hostname mangling | The actual IP address or hostname of the published application server can be masked to achieve security |
| 6 | Application level gateway and not layer 2 bridging | HySecure acts as an application level gateway allowing control specific to the application published providing more security as compared to L2 bridging |
| 7 | Hardened Gateway OS | The OS forming part of the iso is hardened leading to better security |
Deployment Scalability Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | HA Active-Passive | HySecure supports an always ON support |
| 2 | HA Active-Active N+1 clusters | The HySecure solution can be scaled to support thousands of users with the help of High Availability mode in Active-Active cluster form |
| 3 | VPN connection load balancing algorithms (Roundrobin etc) | Multiple load balancing algorithms are supported, to suit the deployment needs. E.g. round robin algorithm |
| 4 | Application Server Load Balancing | Application connection load balancing can distribute the connection for a specific application across multiple app servers in the LAN based on round robin function |
| 5 | Session Persistence | Users do not need to re-authenticate to HySecure in case of a cluster node going down |
| 7 | Client side failover using alternate gateways | In case HA functionality is not being used, then the user can connect to alternate gateway in case the first gateway goes down |
| 8 | 64-bit hardware support | For better performance |
Application Support Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | Publish Web based applications | All web based, TCP and UDP based client-server applications |
| 2 | Publish Windows Fileshare | Windows file shares and drive mapping |
| 3 | Publih Dynamic Port based applications | Applications which use dynamic ports can also be published |
| 4 | Publish Network based Application | A whole Subnet or IP Range can be published for network access |
| 5 | RDP virtual channels | Special support for RDP virtual channels |
| 7 | Cached Sessions | Session caching for load balanced applications |
| 8 | Per application based compression switch | Data can be compressed between Client and the HySecure Gateway to achieve faster transfer |
| 9 | My Desktop and Files for direct personal desktop and file access | A single "My Desktop" type of application (for RDP & fileshare only) can be used to publish applications for different users |
| 10 | SSO with SAML based applications | SSO can be achieved with SAML based application like: Office 365, SalesForce, GSuite Apps |
| 11 | Accops VDI hosted desktops | Desktops delivered by HyWorks can be published on HySecure as well |
| 12 | Clientless VPN | Web based applications can be accessed from HyLite |
| 13 | Domain Joining over HySecure | Full UDP and TCP application support over SSL VPN for AD Domain Joining |
Authentication Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | User / Endpoint Authentication | Authentication based on user identity, endpoint identity, endpoint trust level |
| 2 | User Authentication | Multiple user authentication options: static passwords, client certificates |
| 3 | Multi-factor Authentication | Supports external two factor authentication solutions like SMS, Email etc. |
| 3 | Local User Database for Authentication | Database of local users with full customization per user, password policies, password reset support |
| 4 | Certificate Authentication with password | Fully integrated client-certificate based two factor authentication server with automatic CA and certificate provisioning |
| 7 | Integrates with AD/LDAP/RADIUS | Integrate various authentication servers like AD, LDAP, RADIUS for authenticating users. Group information also gets fetched from AD/LDAP/RADIUS so that policies at group level can get applied |
| 9 | Support for multiple authentication servers with cascading mode | Multiple Authentication servers can be configured for authentication so that if user is not matched for authentication in the first server then the next configured server can be checked for. |
| 10 | Support for external authorization servers | External servers can be configured for Authorization of users |
| 11 | Two Factor Authentication | Integrated OTP based Two factor authentication solution based on SMS/Email/Hardware/Voice/PKI tokens |
| 12 | Identity / Service Provider | Ability to work as Service Provider or Identity Provider (IDP) |
Authorization Features
| # | Feature | Explanation |
|---|---|---|
| 1 | Application publishing | Publish applications rather than subnet or network |
| 2 | Access Control Mechanism | Simple access control mechanism to provide access to users |
| 3 | Access control | Access control based on Device Identity and profile User Authentication method User Group |
| 4 | Dynamic Policy Evaluation | Dynamic policy evaluation based on run time information about device, authentication method and user role (change of device parameters post login) |
| 5 | Dashboard of Allowed Applications | Display of allowed applications and availability of the application server to users |
| 6 | Time based restriction | Time based restriction policies can be applied for published applications |
| 7 | Auto-detection of applications running in corporate network | Specific application can be checked for its existence on the client machine |
| 8 | Account expiry | Account expiry can be scheduled for a configured duration post first/last login |
| 9 | Geo-location support | Geo-location based authorization and application access |
Auditing Features
| # | Feature | Explanation |
|---|---|---|
| 1 | Complete reporting of user logons and activity | A detailed view of user's activity like login etc. is available |
| 2 | Detailed Logging | Logging of Time of access, username, MAC address, IP address of end-point, Application accessed and device profile etc. |
| 3 | Detailed Logging of endpoint security scan results | Detailed logging of the Endpoint security scanning are available for each connected endpoint can be viewed |
| 4 | Log extraction | Extract logs in csv format for importing them in the third party report generation tools |
| 5 | Log searching | Logs can be searched on specific field types |
| 6 | Auto archiving of logs | Logs can be configured for auto archiving based on size/time |
| 7 | Monitor and Disconnect live users | All live users can be monitored and specific user(s) can be disconnected from HySecure Gateway |
Endpoint Management Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | Endpoint Scanning | Endpoints can be scanned for existence of antivirus, firewall and antispyware products and specific products can be enforced |
| 2 | Realtime status check | Realtime status involving Last update time etc of connected endpoint can be monitored |
| 3 | Endpoint policyfor specific MAC andIP | Support for checking & enforcing MAC ID and IP Address of connecting endpoint |
| 4 | Device Profile | Application control can be enforced based on device profile |
| 5 | Mandatory Policy Checks | Mandatory profile for non-avoidable policy checks can be enforced on all endpoints connecting to the Gateway |
| 6 | Minimum Quarantine profile Check | Quarantine profile for devices that fails all other profile can be enforced for connecting endpoints |
| 7 | Default Behavior for Failing to comply Endpoint connecting policies | Option to block endpoints that fails to comply to required policies or option to allow them to login by putting them in quarantine profile |
| 8 | Device Signature | Login control based on device signature |
| 9 | Endpoint Sanitization | Kill existing TCP connections on user machine before login |
| 10 | Connection Block post login | Block Internet and restrict incoming connection policy post login to the Gateway |
| 11 | Gateway login through Proxy | Block access to HySecure Gateway via proxy |
Management Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | Web based management console | Web interface for configuring and managing the HySecure Gateway |
| 1 | Policy Management | Comprehensive management of all policies through the management console |
| 3 | Dashboard with graphical reporting | Availability of Graphical reports for key events on the management console dashboard |
| 6 | Self-signed certificate generation | Support for generation of Self signed certificate |
| 7 | CLI | Command line interface for configuration of basic setup |
| 8 | Delegated administration | Explanantion |
| 9 | Certificate based strong authentication for administrators | Certificate based authentication for high Security users |
| 11 | Online License service | Online License Activation from the Management console |
| 12 | Inline Help | Inline help to resolve basic queries on the configuration items |
Miscellaneous Features
| # | Feature | Explanantion |
|---|---|---|
| 1 | Remote Meeting | Remote meeting is available for session sharing or remote debugging |
| 2 | Reverse Proxy | HySecure Gateway can act as a reverse proxy for web application access |
| 3 | BYOD Support | Any device can be connected to HySecure Gateway provided a bare minimum expectations from the device is set |