HySecure Features
Accops HySecure has a large set of features focusing on different modules. Following is a Module-wise comprehensive list of features.
Gateway
| Feature | Description |
|---|---|
| Hardened Gateway OS | Runs on a hardened Linux based platform. |
| Menu driven OS configuration | Menu driven console interface for easy initial network configuration of the OS. |
| Hardware Independent OS | Runs on any standard or custom hardware. |
| Multiple Form factors | Runs on virtualization platforms like VMWare, XenServer, Hyper-V and Nutanix. Support is also available on Azure, and AWS platforms. Also, ISO image can be provided as per requirement on the GCP and OCI platform. |
Access Modes
| Feature | Description |
|---|---|
| Access methods | Gateway can be accessed through: 1. Clientless Web Portal 2. Hybrid Mode 3. Client for Windows, Linux, MAC 4. Client for iOS, Android 5. Kiosk-based access mode for non-admin access |
| No Configuration on Clients | Clients do not need any configuration. All they need is the Gateway IP and their credentials. |
| Client Platform Supported | Windows 8/10/11 Windows Server 2016/2018/2022 Ubuntu 18/22/24 Sonoma Mac OS 14 and above /Intel 10.4 and above iOS 17 and above / Android |
Access Security
| Feature | Description |
|---|---|
| Access over Secure Protocols | Gateway can be accessed over SSL 3.0 (Disabled by fault) or TLS 1.1 (Disabled by fault). Only TLS 1.2/1.3 are enabled for security reasons. |
| Data Encryption standards supported | Following Data encryption standards are supported for transmitting data over the secure channel: DES, 3DES, AES(256), RC4. |
| Authentication algorithms supported | MD-5, SHA-1, RSA 1024, RSA 2048. |
| CA certificate support | 4096-bit RSA key CA certificate support. |
| Internet network masking and IP address/hostname mangling | The actual IP address or hostname of the published application server is masked to achieve security. |
| Application level gateway | HySecure acts as an application level gateway allowing control specific to the application published providing more security as compared to L2 bridging. |
| L3 Level Turbo Tunnel Gateway | Turbo provides better performance for VDI users. Applications that need reverse connection can be supported by the Turbo tunnel feature. It can be enabled for a specific application or specific users. |
| Hardened Gateway OS | The OS forming part of the ISO is hardened leading to better security. |
Deployment Scalability
| Feature | Description |
|---|---|
| HA Active-Passive | HySecure supports an always-ON. |
| HA Active-Active N+1 clusters | The HySecure solution can be scaled to support thousands of users with the help of High Availability mode in Active-Active cluster form. |
| HySecure gateway load balancing algorithms | Multiple load balancing algorithms and external load balancer integration are supported with HySecure to suit the deployment needs. E.g. round robin algorithm. |
| Application Server Load Balancing | Application connection load balancing can distribute the connection for a specific application across multiple app servers in the LAN, based on the round robin function. |
| Session Persistence | Users do not need to re-authenticate to HySecure in case a cluster node goes down. |
| Client side failover using alternate gateways | In case HA functionality is not being used and the first gateway goes down, the user can connect to the alternate gateway. |
| 64-bit hardware support | For better performance. |
Application Support
| Feature | Description |
|---|---|
| Publish Web based applications | All web based, TCP, and UDP based client-server applications. |
| Publish Windows Fileshare | Windows file shares and drive mapping. |
| Public Dynamic Port based applications | Applications which use dynamic ports can also be published. |
| Publish Network based Application | A whole subnet or IP range can be published for network access. |
| RDP virtual channels | Support for RDP virtual channels. |
| Cached Sessions | Session caching for load balanced applications. |
| Per application based compression switch | Data can be compressed between the Client and the HySecure Gateway to achieve faster transfer. |
| My Desktop and Files for direct personal desktop and file access | A single My Desktop type of application (for RDP & file share only) can be used to publish applications for different users. |
| SSO with SAML based applications | SSO can be achieved with SAML based applications like Office 365, SalesForce, GSuite Apps. |
| Accops VDI hosted desktops | Desktops delivered by HyWorks can be published on HySecure as well. |
| Clientless VPN | Web based applications can be accessed from HyLite. |
| Domain Joining over HySecure | Full UDP and TCP application support over SSL VPN for AD Domain Joining. |
Authentication
| Feature | Description |
|---|---|
| User / Endpoint Authentication | Authentication based on user identity, endpoint identity, and endpoint trust level. |
| User Authentication | Multiple user authentication options are available such as static passwords, client certificates, and QR codes for password-less authentication. |
| Multi-factor Authentication | Supports external 2FA authentication solutions like FIDO tokens, Push notifications, mobile tokens, SMS/E-mail tokens, and biometric authentication such as fingerprint, facial authentication, etc. |
| Local User Database for Authentication | Database of local users with full customization per user, password policies, and password reset support. |
| Certificate Authentication with password | Fully integrated client-certificate-based 2FA authentication server with automatic CA and certificate provisioning. |
| Integration with AD/LDAP/RADIUS/SAML | Integrate various authentication servers like AD, LDAP, RADIUS, and SAML for authenticating users. Group information also gets fetched from AD/LDAP/RADIUS so that policies at the group level can be applied. |
| External Authentication | Support for device approval through a Mobile Device Management (MDM) server. This enables devices to be automatically approved for logging into the HySecure Gateway using an external server, such as VMware. |
| Support of multiple authentication servers with cascading mode | Multiple Authentication servers can be configured for authentication so that if a user is not matched for authentication in the first server then the next configured server can be checked for. |
| Support of external authorization servers | External servers can be configured for Authorization of users. |
| Identity / Service Provider | Integration of SAML identity provider and SAML service provider. Service Provider or Identity Provider (IDP). |
Authorization
| Feature | Description |
|---|---|
| Application publishing | Allows publishing applications over Subnetting or Networking. |
| Access Control Mechanism | A simple access control mechanism can be applied on the user level, user groups, or all users. |
| Access control | Access control based on Device Identity and profile User Authentication method User Group.. |
| Time-based restriction | Time-based restriction policies can be applied to published applications to allow the application to the user for a specific time duration. |
| Dynamic Policy Evaluation | Dynamic policy evaluation based on run-time information about the device, authentication method, and user role (change of device parameters post login). |
| Auto-detection of applications running in the corporate network | A specific application can be checked for its existence on the client machine. |
| Account expiry | Account expiration can be set for a specific period of time after the first or last login. |
| Geo-location support | Geo-location-based authorization and application access. |
Auditing
| Feature | Description |
|---|---|
| Complete reporting of user logins and activity | A detailed view of the user's activity like login etc. is available. |
| Detailed Log reports | Logs Time of access, username, MAC address, IP address of end-point, Application accessed and device profile, etc. |
| Detailed Logging of endpoint security scan results | Detailed logs of the Endpoint security scanning are available for each connected endpoint can be viewed. |
| Log extraction | Extract logs in CSV format for importing them into the third-party report generation tools. |
| Log searching | Logs can be searched on specific field types. |
| Auto archiving of logs | Logs can be configured for auto-archiving based on size/time. |
| Syslog Support | Specific categories of logs like INFO, WARN, ERROR, etc. can be configured to be sent to a Syslog server. By default, sending logs to a syslog server is disabled. |
| ARS Server | All the detailed activity logs for audit purposes can be maintained on the HySecure Server. |
//Review done till Auditing.//
Endpoint Management
| Feature | Description |
|---|---|
| Endpoint Scanning | Endpoints can be scanned for the existence of antivirus, firewall and antispyware products and specific products can be enforced. |
| Realtime status check | Realtime status involving Last update time etc of connected endpoint can be monitored. |
| Endpoint policyfor specific MAC andIP | Support for checking & enforcing MAC ID and IP Address of connecting endpoint. |
| Device Profile | Application control can be enforced based on device profile. |
| Mandatory Policy Checks | Mandatory profile for non-avoidable policy checks can be enforced on all endpoints connecting to the Gateway. |
| Minimum Quarantine profile Check | Quarantine profile for devices that fails all other profile can be enforced for connecting endpoints. |
| Default Behavior for Failing to comply Endpoint connecting policies | Option to block endpoints that fails to comply to required policies or option to allow them to login by putting them in quarantine profile. |
| Device Signature | Login control based on device signature. |
| Endpoint Sanitization | Kill existing TCP connections on user machine before login. |
| Connection Block post login | Block Internet and restrict incoming connection policy post login to the Gateway. |
| Gateway login through Proxy | Block access to HySecure Gateway via proxy. |
Management
| Feature | Description |
|---|---|
| Web based management console | Web interface for configuring and managing the HySecure Gateway. |
| Policy Management | Comprehensive management of all policies through the management console. |
| Dashboard with graphical reporting | Availability of Graphical reports for key events on the management console dashboard. |
| Self-signed certificate generation | Support for generation of Self signed certificate. |
| CLI | Command line interface for configuration of basic setup. |
| Delegated administration | Explanantion. |
| Certificate based strong authentication for administrators | Certificate based authentication for high Security users. |
| Online License service | Online License Activation from the Management console. |
| Inline Help | Inline help to resolve basic queries on the configuration items. |
Miscellaneous Features
| Feature | Description |
|---|---|
| Remote Meeting | Remote meeting is available for session sharing or remote debugging. |
| Reverse Proxy | HySecure Gateway can act as a reverse proxy for web application access. |
| BYOD Support | Any device can be connected to HySecure Gateway provided a bare minimum expectations from the device is set. |