Skip to content

Apps

Overview

Accops HySecure supports a wide range of multi-port TCP/UDP applications. You can register the services manually or with Auto Configuration of Standard Applications. Accops HySecure can automatically detect standard services running on devices within a given subnet range and use them for service configuration.

When adding applications, HySecure will check whether the hostname specified as the Application Server hostname and the hostname/domain name in the Web URL are resolvable from a gateway. An error is displayed if the name cannot be resolved. The Administrator can fix the hostname, or they can create a host file entry for the hostname. This can happen if either the hostname typed is incorrect, the DNS server is not configured correctly, or there is no DNS server.

View Application list

  1. Log on to the Management console.
  2. Navigate to Apps > Apps.
  3. The page lists all the applications along with their details in a tabular manner:

Field Description
Display Name The application name.
ID The application ID.
App Type Type of Application, which is used for categorization of the configured application. The Type can be http/https/ssh/ftp/vnc etc..
Server/Network Address Application Server's Hostname or IP Address.
Port TCP/UDP port on which the application server listens.
Protocol Layer 4 protocol (TCP/UDP etc.) on which the application runs.
Tunnel App traffic routed through App tunnel or Turbo tunnel.
URL Web URL if the application is a browser-based application.

Add Applications

  1. Log on to the Management console.

  2. Go to Apps > Apps and click Add. Provide the following information and click Submit to save.

  3. Under Basic Settings, configure following parameters:

    1. Specify Application Identifier. It is used to categorize the application when displaying the application list to users.
    2. Set display name. It is the application name that will be displayed to the user.
    3. Provide description if required.
  4. Under Aplication Settings. configure:
    1. Select the type of application that you want to add.
    2. Choose Tunnel Type. HySecure Turbo tunnel is works as L3 level to route IP traffic from end user machine to corporate network over a UDP based tunnel. When enabled, a virtual IP address will be assigned to end user PC so that TCP, UDP or ICMP traffic can be exchanged between end user PC and corporate network. Turbo tunnel will provide enhanced support for real time applications like VOIP apps and heavy graphics apps over VDI. Applications that needed reverse connection (connection originated by server side application towards end users) are also supported by Turbo tunnel. Turbo tunnel can be enabled for specific application and specific users.
    3. For Tunnel Type as App - provide hostname of IP address of the application server. Make sure HySecure can resolve the hostname of the application server. Specify a comma separated list if multiple application servers exists for same application, along with clustered application option as described below. For Tunnel Type as Turbo Tunnel, - provide network address.
    4. Provide TCP/IP port on which application server is listening for connections. Specify multiple ports separated by comma e.g. 80,100,200 or range of ports separated by hyphen e.g. 80-100.
    5. Select application protocol TCP or UDP from the list.
    6. To enable traffic routing through app tunnel, select Allow.
    7. Specify full URL of the target web server in case the application is a web application. If the URL is specified, the application will be listed on the HySecure Web Portal and HySecure Application Launcher on user machine.
    8. Select the Access Site Group if HySecure is deployed behind WAF.
    9. Click to enable Desktop shortcut and provide name.
    10. Click Hide Applications if you want to hide application listing on Web Portal and in Desktop Client. In this case, the url of the application is expected to be known to the user and they will need to enter the url manually to access it.

    11. Enable Reverse Proxy to allow access of HTTP/HTTPS applications via the HyLite portal.

      1. Choose access method from URL rewriting or DNS-based. Choose URL rewriting if access is provided through web vpn. Choose DNS-based if Hostname-Based Reverse Proxy (HBRP) applications i.e., access to HTTP/HTTPS applications via the HyLite portal.
      2. For DNS-based access mentod, choose Application FQDN and provide the required web application hostname as Application FQDN. This Application FQDN must be mapped with the HySecure gateway’s IP address in the DNS server or choose Sub Domain and configure a prefix with the HySecure gateway’s Authentication Site’s FQDN. The application will resolve to the final FQDN created by adding a subdomain prefix and HySecure gateway’s Authentication site FDQN.

      Notes

      1. The Gateway will not use the application server’s SSL certificate. Security officer or Administrator must configure a valid SSL certificate on the HySecure Gateway which should have SAN (subject Alternate Name) entries of all the FQDN or sub-domain used in reverse proxy applications.
      2. Every application administrator must have a separate FQDN pointing to the HySecure Gateway.
      3. If WAF is configured, FQDN should be able to resolve on the WAF Server instead of the HySecure Gateway.
      1. Under Client Setting:
        1. Click Hide Access Pop-up to hide pop-up from client system tray when the application is accessed first time.
        2. Click Show Real IP Address of Server. This will disable IP address mangling for this application.
      2. Under Advance Settings:
        1. Click Enable Compression if you want to compression data for this application.
        2. Click Clustered Application when multiple application servers are deployed in LAN to serve remote users and HySecure is performing round robin based load balancing among the application servers for this application.
        3. Click Enable Session Caching to enable sticky session feature when the application is running in clustered mode.
      3. Under Application to Application Group Mapping
        1. Select application group. You can also click Add Application to Application Group and add application to the application group if required.
      4. Click Submit to save application.

User Options

Certain application types like http, https, RDP, FTP, VNC, Microsoft Fileshare, NFS, My Desktop and Files, HyWorks - Controller (Primary & Secondary) Microsoft OWA etc. have user configurable options available.

Option Description
Enable Single Sign-on (SSO) Enables single sign-on functionality from VPN Portal. Select this option to further configure additional information related to SSO
Authentication Type (Only for HTTP, HTTPS, Citrix Web, Microsoft OWA applications) Form Based Authentication - Single Sign-On URL - Enter the URL which should be used for a form based authentication
Form Based Authentication - Request Type - Enter the request type as "GET" or "POST" as is supported by the url entered for single sign-on
Form Based Authentication - Request Format - Enter the request format
NTLM Based Authentication - Use HySecure Credentials - Check this box to use the HySecure Credentials for accessing application.
NTLM Based Authentication - Use a Common Account - Check this box to use a common account for accessing application. As a result of this configuration, the actual credentials used for accessing the application are different from the one used for HySecure authentication. Enter the Username and password for common account.
NTLM Based Authentication - Domain - Enter the Domain name or workgroup.
SAML Based Authentication - Select one of preconfigured Service Provider from the drop down list. Enter Service Provider Login URL, Service Provider Logout URL, Audience, Issuer. These values are available from the selected Service Provider's site.
User Home Directory Specify the user's home directory for "Microsoft Fileshare" / "NFS" access. This will also restrict the user to navigate beyond the home and underlying folders.
User can reboot VM Applicable for "Accops VDI" type of application. Check the box to allow the user to reboot the Virtual desktop.

Remote Display Options

Remote Display options are available for My Desktop, RDP and Accops VDI application types.

Option Description
Let User Choose Enables user to choose display options, local resources and program options while accessing application.
Display Options Choose color, screen resolution and performance options.
Local Resources Remote Desktop Protocol local resources options for application access.
Program Name: Program to be executed while accessing application.

Application Templates

Application templates are included in the management console to help administrator create standard applications as well as define additional parameters.

Application Type Description Listed on HySecure Portal Listed on Client App Launchpad Show in Client Activity List
HTTP, HTTPS Web applications. A URL must be entered. If URL is not entered, application will not be listed on application portal. Domain name in the URL must match either the application name or “server address”. X X X
FTP File Transfer Protocol application accessible via browser. A URL must be entered. If URL is not entered, application will not be listed on application portal. Domain name in the URL must match either the application name or “server address”. X X X
FTP-java, SSH, Telnet, VNC,RDP, Microsoft Fileshare, NFS Java based application applets for accessing VPN applications without client software. X X X
Network Publish multiple IP addresses or a range of network IP addresses
Microsoft Exchange Access to Microsoft Exchange Server. - - X
My Desktop and Files MyDesktop is a direct desktop access via Accops HySecure. Administrator can create an application with application type as MyDesktop and upload a list of username along with their desktop hostname/IP address. This application can be then assigned to the groups. When users login into HySecure an application with name My Desktop is displayed on the Web Portal. User can access her desktop using hostname “mydesktop” or the IP address of her desktop. Upload a list of usernames and their corresponding desktop ipaddress/hostname. The format of the data is: Username, desktop ip address/hostname , port no Choose from RDP and VNC based on what protocol users will use to connect to their desktop. X X X
HyWorks - Controller (Primary)
HyWorks - Controller (Secondary)
HyWorks - Application Server
Citrix Web Citrix Web Interface Application. A URL must be entered. X X X
Citrix ICA Citrix ICA Application. - - X
Accops TSE - Web Accops TSE LaunchPad Portal. A URL must be entered. If an application is published with this type and URL, “TSE Applications” tab will be enabled on Web Portal. Single sign-on will be enabled for this application. On Web Portal, the applications will be fetched from Accops TSE Web server and displayed on VPN Portal. VPN Client will also fetch the TSE published applications and show them on VPN Application LaunchPad. X X X
Accops TSE – Application Server Application to publish RDP access to Accops TSE Application servers. Create applications with this type for Accops TSE Application servers. Under TSE tab As TSE Applications X
As TSE Applications Application to publish TSE – IFS and Printing access to Accops TSE Application servers. Create applications with this type for Accops TSE Application servers. - - X
Accops VDI Application for publishing Virtual Desktops from Accops VDI. Create this application with server address as Accops VDI connection broker for port 80. The user’s virtual machine access will be provided Dynamically. X X X
Microsoft OWA Application to publish Outlook Web Access. X X X
Remote Meeting HySecure desktop sharing, file sharing and chat X X X
Others Any supported service not of the types described above

Thin Applications on HySecure Portal

HySecure Web Portal comes with a set of Java applications which helps user access applications without requiring client software. The following Java applications are available on the portal:

Application Description
Remote Desktop Remote desktop Java application is a Java application to launch remote desktop protocol session with a windows machine. Remote desktop Java application has two modes:
1. When launched it tries to access the native Microsoft terminal services client. If the Microsoft terminal services client is found and can be launched, it launches the client with required parameters to establish a connection.
2. If the Microsoft terminal services client is not found or cannot be launched, the Java based remote desktop client is launched with required parameters. When remote desktop java application is launched, it prompts user for remote desktop protocol specific options. All options can be controlled and specific by administrator. Following options are configurable:
1. Display settings
2. Local Resources settings
3. Program Name
The remote desktop application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the terminal server. The single sign-on settings can be forced by administrator also.
FILE TRANSFER File transfer is a Java application to launch FTP session with a FTP server. The FTP application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the server. The single sign-on settings can be forced by administrator also.
SECURE SHELL Secure Shell is a Java application to launch SSH session with a SSH server.
VNC VNC Application is a Java application for VNC protocol sessions. The VNC application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the VNC server. The single sign-on settings can be forced by administrator also.
FILE SHARE File Share application is a Java application for Microsoft File Share protocol SMB and open protocol NFS. When run by user, the application browses the shared files and folder on the target server. The File Share application supports single sign-on. User can choose to use the HySecure username and password for authenticating with the target server. The single sign-on settings can be forced by administrator also. Administrator can also force a home directory for the user. If specified, user can only browse the child directories of the home directory and cannot access any other root directory.

Modify Applications

  1. Log on to the Management console.
  2. Navigate to Apps > Apps.
  3. Click the check box against the application you want to edit and click Modify.
  4. The Modify Application screen appears. Update application details as required.
  5. Modify Application Groups by clicking the Add/Delete Application Group to Application.
  6. Click Submit to save changes.

Delete Applications

  1. Log on to Management console.
  2. Navigate to Apps > Apps.
  3. Click the check box against the applications you want to delete and click Delete.
  4. Click OK to confirm.