Skip to content

New Features (AHS-HF-5427-GU0005)

Web VPN (Reverse Proxy)

The support to publish HTTP/HTTPS based applications which could be accessed over a browser without the need for any Accops client installation has been restored. This feature is called Web VPN or alternatively as Reverse Proxy support

Web VPN offers browser based secure access with MFA, to HTTP/HTTPS applications without directly exposing them on the internet. It does not require installation of any client software or tool on the enduser machine. Published application can be accessed over any web browser if the application supports it.

To publish Web VPN supported HTTP/HTTPS, select Application Type as HTTP or HTTPS as required and enable Use Web VPN.

Default Templates

There are typically similar HTTP/HTTPS based applications that need to be published in Web VPN. To facilitate a quick and error free mechanism of creating such applications, templates support has been introduced.

Any application can be saved as a template in HySecure gateway and the saved templates can be used to create similar types of HTTP/HTTPS application with Web VPN enabled thus avoiding reconfiguration.

Besides the ability to save templates, there are default templates available for HTTP and HTTPS based applications as well as for “HyWorksPortal” and “ARS”.

Decoupled Virtual IP address and Database IP address

Till the previous versions, the HySecure Virtual IP was tightly coupled with the Database IP address. So, any failure of the Virtual IP used to result in the Database connection issues and resulted in the user requests not getting served.

In this version, the two IP addresses are de-coupled resulting in the normal functioning of the gateway even if the Virtual IP goes down for any reason. However, this change will help serve the user requests, only if the real IP address of the HySecure Gateway node is being used for connections, rather than the virtual IP.

If Public IP address is mapped to HySecure gateway’s Virtual IP then all users connecting to Public IP address will be disconnected in case of Virtual IP going down.

HA Failover for DB service

All database transactions are done on the active node. If for some reasons, the database service on the active node goes down, then the inability of the Gateway to perform database transactions will lead to the Gateway failure. This issue is addressed from this version. From now on, in such situations, the database transactions are switched to the standby node, provided the standby node is healthy.

This functionality is disabled by default and needs to be enabled from backend.

HySecure Database Auto Backup

Till the previous version, the responsibility of keeping backups used to lie with the HySecure administrator. However, in case of absence of any backup, an un-towards failure used to lead to a total re-configuration of the gateway.

To avoid such situations, database backup is enabled by default with 5 last backups being kept and which are taken at an interval of 24 hours.

It can be configured from HySecure Management console under Auto Backup in General Settings.

Database IP configuration through Management console

In cloud-based deployments (for e.g., AWS, Microsoft Azure) of HySecure gateway, external load balancers are configured instead of HySecure internal load balancer. Till previous version, this configuration could only be done from backend via ssh, but from this version it is available through HySecure management console. Administrator must enable “Allow access for public IP” from global settings.

Steps:

  1. Put gateway in configuration state and access database configuration
  2. Select the database as FESDB
  3. Enable change IP address.
  4. Add cloud computing-based load balancer IP address in new IP address and then submit.

Auto archival and purging of User reporting data

Till the previous version, there was no check on the size of user reporting database having logs related to user login and application access. This used to affect the gateway operations when the size used to increase significantly.

To address this issue, periodic archival is performed from this version and old records are purged. The default configuration is to run the archiving at 2300 hrs daily and truncate records older than 30 days and can be customized if required.

Reporting data older than a month will be removed immediately after applying this Hotfix.