Objec Tvalu E Rendezvous a DIY VPN profiting

Objec. Tvalu. E Rendezvous – a DIY VPN (profiting from mobile access to the enterprise) Rendezvous Server

App. Gate Network Security specialises in providing extremely secure network solutions, such as application VPNs, personal firewalls and application access control systems. App. Gate Network Security ties together all the pieces of security technology in one easy-to-use system. App. Gate solutions work in both fixed and wireless network environments, with a broad range of client systems. It scales from small organisations up to enterprise-level customers, supporting thousands of users. That is why App. Gate Network Security has customers among the largest and most prestigious corporations in the world. 9/17/2020 2

Zühlke Engineering Genuine Breadth and Depth in IT & Technology Consultancy § Bespoke Systems Developments Services § Coaching and Mentoring § Project Resources § Consulting § Training Disciplines § Iterative Development Methods § § § § System Architecture Design & Realisation Enterprise Application Integration (EAI) Web Services Mobile Computing Information Security Technical Reviews Software Audits Evaluation of Methods, Tools and Components 9/17/2020 3

Object. Value Ltd. • One-man wireless and IT consultancy • Worked as a partner of App. Gate to develop and test the Rendezvous concept • Company still exists, but staff working full-time for Zühlke • http: //www. objectvalue. com/ 9/17/2020 4

The Problem • Hypothesis: equipping knowledge workers with mobile access to enterprise applications leads to better productivity § § § § E-mail Scheduling Contacts Intranet Web servers ERP CRM Custom applications etc. • People need proof: a user trial lasting at least a few weeks provides the clearest evidence of Return on Investment (ROI) • Technology trailblazers depend on expensive infrastructure upgrades to connect their mobile devices to the company network • How can users be empowered to try the technology without having to justify the business case in advance and wait for the IT dept. ? 9/17/2020 5

Rendezvous concept § Using an App. Gate, companies can already give their mobile workers secure, always-on, remote access to services such as corporate email, CRM systems, etc. § The Rendezvous concept takes a standard App. Gate server and re-uses it in a new way to give smaller companies/teams the same benefits, but without the need to invest in an App. Gate server themselves. § The rendezvous software has been developed by one of App. Gate’s partners, Object. Value Ltd. , and supports the same range of platforms as the App. Gate client (Windows, Mac. OS, Linux, etc. ) 9/17/2020 6

App. Gate Rendezvous Server § Hosted outside a company’s firewall, the Rendezvous Server gives individual users working outside the office secure access to chosen services within the office. Rendezvous Server app. GATE server Remote Worker Protected Network GPRS Secured connection Data Application servers Secured connection 9/17/2020 7

App. Gate Rendezvous Server § Typical office user connected to office services (such as email server) Data xxxx Protected Network 9/17/2020 Application servers 8

App. Gate Rendezvous Server § User opens connection to App. Gate using the normal client (via proxy if required), selected ports are forwarded and the Rendezvous client is started automatically app. GATE server Data xxxx Protected Network 9/17/2020 Application servers 9

App. Gate Rendezvous Server § Ports in the range 2 xxxx on the client are forwarded to the same port number on the App. Gate itself. This is the port number on which the Rendezvous Server listens for connections from its office client. Rendezvous Server app. GATE server Data xxxx Protected Network 9/17/2020 Application servers 10

App. Gate Rendezvous Server § Rendezvous Server and client together act as a virtual firewall router, relaying connection requests from the mobile device to office services (such as the email server) Rendezvous Server app. GATE server Data xxxx Protected Network 9/17/2020 Application servers 11

App. Gate Rendezvous Server § Leaving the office client running, the user later connects to App. Gate from a remote location with the same ID, and so establishes the second of a pair of connections § Ports in the range xxxx on the client are forwarded to 1 xxxx on the App. Gate itself – so for sending mail via SMTP, local port 25 on the mobile device would be forwarded to port 10025 on the App. Gate app. GATE server Remote Worker GPRS 9/17/2020 12

App. Gate Rendezvous Server § The Rendezvous Server associates the corresponding 1 xxxx and 2 xxxx ports internally based on the user ID, establishing a fully secured end-to-end tunnel from the mobile user via the PC in the office to the application server. Rendezvous Server app. GATE server Data xxxx Remote Worker xxxx GPRS 1 xxxx 2 xxxx 9/17/2020 Protected Network Application servers 13

Demonstration If you cannot see the movie above, make sure you have the free Quick. Time player installed (see www. apple. com) and then click here. 9/17/2020 14

Working at the application layer § App. Gate client opens just one secure tunnel through the firewall to the server on port 22 (normally) § The connections for each service are Application tunneling multiplexed through this tunnel – by default pop 3 5 connections are allowed § Each connection simply lets the client see smtp Port 22 a remote port on the App. Gate server – The App. Gate server can not look back into the intranet network § The App. Gate client can link only the 5 default connections to the App. Gate server, e. g. 20025 to 20025, 20110 to 20110 etc. § Using the Rendezvous client, users choose which of the default connections they need 9/17/2020 15

Accessing intranet Web servers § To resolve intranet URLs, DNS lookups must be made within the office network, so a proxy server is used. § The mobile browser is configured to use localhost: 8080 as its proxy. Rendezvous relays HTTP requests to the real proxy server in the office. Rendezvous Server 8080 Proxy server app. GATE server 8080 Remote Worker 80 GPRS 18080 28080 9/17/2020 Protected Network Web servers 16

Sharing a Rendezvous Client § Where it is not desirable to leave the office PC switched on, the Rendezvous Client and Appgate Client can be set up to run on an office server (e. g. NT, Linux) § Multiple mobile users from the same office can connect to the same Rendezvous Server and hence Rendezvous client using the same App. Gate user ID § All will access the same set of services, but because they will sign in with different network user IDs they will not receive identical information or gain unauthorised access to data § Users sharing a single instance of the Rendezvous client can connect consecutively or at the same time without interfering with each other 9/17/2020 17

Security – wherever your business needs it App. Gate Network Security AB www. appgate. com jamie@appgate. com

Security – wherever your business needs it