Forside Giritec... / Products / G/On™ - In Detail / The G/On Server

 
 

Products
Quotes
"Giritech’s G/On USB is extremely flexible. It ensures a high level of security"
Jens Otto Sternkopf, IT Consultant, New Energy Foundation
 

 

The G/On Server

The G/On Server consist of one or more G/On Gateway Servers and the G/On Management Server and provides the core of all G/On functionality. It is the G/On Server that implements the functionality required for secure access from users to applications without the complexity of multiple firewalls, DMZ’s, authentication, traffic inspection etc. as normally required by VPN based infrastructures. Thus, it is the G/On Server that provides the opportunity for achieving infrastructure simplification and cost savings of secure access.

Technically speaking the G/On Server is a port forwarding proxy with built in application level firewall supporting an application level protocol for communication with the G/On Clients.

From a traditional networking perspective the G/On Server implements:

Application level firewall. The G/On Gateway Server and the G/On Client makes detailed inspection of all traffic and uses it to make decisions on what to allow and what to reject. This is similar to what can be done with other application level firewall solutions, but G/On is not just a standalone firewall as it controls the entire end-to-end communication and only allows traffic from authenticated users to authorized applications. G/On knows the user, knows the application client and knows the application server for each and every package transported and is using this information to make decisions on what to forward and what to reject.

Proxy functionality. The G/On Gateway Server implements the G/On proxy functionality of separating external application client connections from the internal application server connections. The Gateway Server is key to the establishment of the virtual end-to-end connections essential to the G/On architecture. The external TCP connections terminate on the external side (interface) of the G/On server while G/On forwards the traffic to the application servers on the internal side (interface) of the G/On server.

Application Access Control (AAC). As opposed to standard Network Admission Control (NAC), G/On provides no access to the network. Instead the G/On architecture is designed to enable detailed information about end-user devices to be collected and used as part of a complete authorization decision (device authentication). Only connections from authenticated users and from authenticated user devices can be authorized to access specific applications using specific application client software. Where classical NAC decides which devices are allowed access to the complete network (and what state these machines have to be in), the G/On AAC functionality instead focuses on the user and the application and using that information decides if the device the user happens to use is known by the G/On server or not. This is a simpler authorization decision, due to the understanding of what action the user is trying to perform instead of merely examining the device with no consideration of what the user does after being provided access.

Authentication of users. Verifying remote users’ identity via different multi-factor authentication solutions is a fundamental pre-requisite for meaningful security policies. The complexity arises when the company policies require different security levels and often require the use of different technologies to implement strong authentication. G/On provides the foundation of consolidating a wide range of different authentication technologies and policies on one easily managed platform.

Security policy implementation and enforcement. The G/On Management Server offers a Single Point of Management for implementing, documenting and enforcing access security policies. XML formatted logging of the traffic provides event alerts as well as reporting capabilities for internal and external auditing for compliance and regulatory purpose. The G/On server knows the user, the device, the connection, the application and the enforced authentication and authorization rules. Conveniently, G/On offers a central point of auditing capabilities and reporting.

A G/On installation consists of one or more Gateway servers and typically a single Management server depending on failover, load and administrative processes of the specific G/On customer thus avoiding “single point of failure” in G/On installations. For smaller installations, the Gateway servers and the Management server are typically installed and run on the same physical or virtual server.

The G/On Gateway Server allows or blocks individual connections between users and resources based on configurable authentication and authorization policies. The Gateway Server implements the server side of the connections between individual G/On Clients (forwarding traffic from application clients) and the application servers at the backend. The Gateway Server enforces all decisions regarding:

Authentication and Authorization: the real-time communication with the authentication server, e.g. LDAP/AD, validation of tokens and devices and making the resulting authorization decision on what the user is allowed to access and how.

Launch & Traffic: switching traffic and communicating with application servers, e.g. Terminal Servers, Exchange or Citrix farms. The Gateway Server decides what application client software to launch on the user device and instructs the G/On Client accordingly. When receiving traffic from the G/On Client on user devices the Gateway Server forwards the traffic to the specific application server.

User dialog: The G/On Client presents the results of authorization decisions to the end-user and responds to user actions about which applications to access. This functionality supports the existing end user experience of the client platform and generates the specific menus helping and guiding the user to the most relevant applications.

Deployment: Distribution of the client software packages to G/On Client devices when requested by the user and/or the Management Server. The package based software deployment system provides configurable packages of software modules to be deployed to the client devices. The deployment features are used for the G/On client software but can be used for any software that needs to be deployed to client PCs.

All decisions are made by the G/On Gateway Server according to policies, rules and configurations established by the G/On administrator in the G/On Management Server (see below).

G/On’s Single Point of Management (SPM) is a client/server solution based on a G/On Management Server and a G/On Management Client. The G/On Management Server manages all configuration and setup of a G/On installation and is coupled to the G/On Gateway Server(s) to allow one management server to handle multiple Gateway servers. Consequently, G/On offers maximum flexibility for configuration of gateway servers, management server and management clients across multiple physical and virtual server environments. The G/On Management Client can connect through G/On itself to the G/On Management Server offering IT administrators secure remote access for G/On administration and reporting.

Furthermore, the G/On Management Server can be accessed via web services which enable the integration of the G/On management into existing administrative tools typically deployed in large IT operations. Giritech’s own management client also uses that web services interface.

Top of Page
 
 
sitemap keywords Register Login  
 
Copyright © Giritech. All rights reserved.