 |
AnywhereClient
Some employees may need to use local applications which are already installed on their local computers that need to connect to server resources behind the corporate firewall. This could include servers such as: e-mail, database, terminal services, legacy hosts, ERP, and system management. These types of applications often reside on company-owned PC's and are managed by MIS staff. In these cases, remote access for these rich client applications can be provided via SSL tunnelling technology provided in the AnywhereClient component of AccessAnywhere.
AnywhereClient enables a secure connection between an arbitrary desktop application on a system that is running a Java enabled browser and a network resource behind a corporate firewall. All traffic is encrypted and sent through an SSL datastream over port 443 to the AccessAnywhere appliance. This approach specifically, permits the remote client to be behind a firewall and/or HTTP proxy or on a translated address (NAT).
AnywhereClient is a single lightweight rules-based Java applet that provides secure access for virtually any TCP-based client application to protected servers. It is downloaded to the client browser and dynamically configured to listen and accept requests on administrator determined ports. Furthermore it requires no special configuration of the client or server application to run over the SSL tunnel.
AnywhereClient rules drive the port forwarding behaviour within the browser. These rules can be either statically or dynamically defined, and can include downloading the required client upon instantiation of a connection if required.
- Subject to overriding access control rules, dynamic rules allow the end user to determine the host destination on the LAN.
Once a request has been accepted, AnywhereClient will route the traffic to the AccessAnywhere appliance where the connection is terminated and access control rules are enforced. Having passed all ACL's the request is passed onto the LAN in native format.
AnywhereClient supports mapping any TCP port to any TCP port, including support for protocols that use dynamic ports (i.e. Exchange RPC, and FTP).
The confidential nature of the information being passed over a client-server connection can vary greatly, and all encryption comes with a price. To address this, AnywhereClient can be configured to use specific encryption algorithms and key sizes on a rule by rule basis. As this implies, each connection results in different keys, providing significantly better security over single session key implementations.
As a additional security feature against trojans and worms, AnywhereClient can request acknowledgment and acceptance from the user anytime a new connection attempt is made, furthermore, this acceptance can be protected by a password.
AnywhereClient is well-suited for remote client to protected server connection scenarios and provides key benefits over a traditional IPSec approach:
| AnywhereClient |
|
IPSec VPN |
| |
| Provides proxied, application-layer access for a remote user to specific corporate hosts and application services. Remote applications never communicate directly with internal servers and the remote devices are not given an IP address on the corporate network. |
|
Creates network-layer connections between remote devices and the corporate network. Typically access is granted to the entire network and all services, and remote client communicate directly to internal servers. |
| |
| All traffic from the remote client to the termination point is tunnelled over HTTPS...port 443 making firewall and proxy traversal virtually guaranteed |
|
Will not traverse web proxies, and requires special ports be open on any remote firewalls. |
| |
| No client software or configuration required beyond a standard Java enabled web browser |
|
Special VPN client software to install, configure, and manage |
|
