Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)



Similar documents
Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

Platform Guide. SA Supported Platforms. Service Package Version 7.3R1

Platform Guide. SA Supported Platforms. Service Package Version 7.4R1

Juniper SSL VPN Notes Page 1

Platform Guide. SA Supported Platforms Service Package Version 7.4R7

Platform Guide. SA Supported Platforms. Service Package Version 7.3R1

Java Secure Application Manager

Platform Guide. SA Supported Platforms. Service Package Version 7.2R1

SA Supported Platforms

SA Supported Platforms

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.0. Document Revision 2.0 Published:

SA Supported Platforms

SA Supported Platforms

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.1. Document Revision 3.0 Published:

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.1. Document Revision 9.0 Published:

KAIST SSL VPN USER MANUAL

Access Your Cisco Smart Storage Remotely Via WebDAV

SSL VPN A look at UCD through the tunnel

Citrix Access on SonicWALL SSL VPN

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Host Checker. Configuration Guide

MyAccess installation guide for non-myplace clients

Dell SonicWALL SRA 7.5 Citrix Access

Accessing Restricted University Online Resources Using Network Connect. on the Secure Remote Access Service

NetSupport Manager v11

Novell Access Manager SSL Virtual Private Network

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

SSL VPN User Guide Access Manager 3.1 SP5 January 2013

Access the TCNJ Palo Alto Networks VPN using the GlobalProtect VPN client

MRU Secure Remote Access Service (SRAS) External User Guide

Junos Pulse Supported Platforms Guide

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Baltimore County Public Schools Department of Information Technology Network Support Services System Engineering Document

SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Clientless SSL VPN Users

SeeTec ExpansionPackage

SRA 6.0 User s Guide 1

Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document

SSL-Based Remote-Access VPN Solution

Using Access.Centegra.Com (Physician Access) Secure Remote Access from the Internet

BT Lancashire Services

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Accessing TP SSL VPN

Campus VPN. Version 1.0 September 22, 2008

VIRTUAL SOFTWARE LIBRARY REFERENCE GUIDE

BlackBerry Enterprise Server for Microsoft Office 365 preinstallation checklist

ZyWALL SSL 10. User s Guide. Integrated SSL-VPN Appliance. Version /2008 Edition 1

Cisco Adaptive Security Appliance Smart Tunnels Solution Brief

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

VPN User Guide. For Mac

Henry Ford Health System Citrix Access Gateway Support Details

Proof of Concept Guide

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

SSL VPN User Guide. Access Manager 4.0. November 2013

How to Set Up SSL VPN for Off Campus Access to UC eresources

How To Use The Sonicwall Sra User Guide

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Hosted Microsoft Exchange Client Setup & Guide Book

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

WATTLE. Adobe Connect 9.4 Upgrade Key Differences. Author: Jo Jo Maung, Business Analyst, ITS Version: 1.3 Date: 16 September 2015.

FortiClient SSL VPN Client User s Guide

Remote Access End User Reference Guide for SHC Portal Access

SSL VPN Server Guide. Access Manager 4.0. November 2013

Install and End User Reference Guide for Direct Access to Citrix Applications

Pulse Secure Desktop Client

Network Connect Installation and Usage Guide

Remote Access for LAPD Users Using Aventail SSL VPN

SonicWALL SSL VPN 5.0 User s Guide

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Citrix Remote Access Portal U s e r M a n u a l

Juniper Networks Secure Access Release Notes

SSL VPN INSTALLATION, UPGRADE, USAGE INSTRUCTIONS Windows XP

Chapter 6 Virtual Private Networking Using SSL Connections

Hosted Microsoft Exchange Client Setup & Guide Book

Pulse Policy Secure. Supported Platforms Guide. Product Release 5.1. Document Revision 1.0 Published:

Sophos Mobile Control Installation guide. Product version: 3.5

Junos Pulse Secure Access Service

Minimum Requirements for Web Based Applications

AnyConnect VPN Client FAQ

Carroll Hospital Center

Stealth OpenVPN and SSH Tunneling Over HTTPS

ReadyNAS Remote. User Manual. June East Plumeria Drive San Jose, CA USA

Remote Access Services Apple Macintosh - Installation Guide

Junos Pulse Supported Platforms

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

VPN Web Portal Usage Guide

Clientless SSL VPN End User Set-up

PRODUCT CATEGORY BROCHURE

What s New in Juniper s SSL VPN Version 6.0

What s New. Remote Support For Any Environment.

Citrix XenApp 6 Fundamentals Edition for Windows Server 2008 R2 Administrator's Guide

Media Server Installation & Administration Guide

Quick Startup Installation Instructions. Overview. Important Information

Citrix Access Gateway Plug-in for Windows User Guide

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

Junos Pulse VPN Client Installation

Transcription:

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6) Content Page Introduction 2 Platform support 2 Cross Platform support 2 Web and file browsing 2 Client-side Applets 3 Secure Terminal Access 3 -Secure Application Manager (J-SAM) 3 Network Connect, NC 3 Junos Pulse 3 Host Checker 4 Cache Cleaner 4 only support 6 Secure Application Manager (W-SAM) 6 Terminal Services 6 Secure Virtual Workspace 6 Adaptive delivery for client applications 8 Juniper Installer Service 8 Mobile Devices 9 Web and file browsing (SSL-VPN) 9 Junos Pulse for iphone (VPN-client) 9 Host Checker 10 Network requirements 11 Required rights to run and install applications 12 Secure Application Manager (WSAM) 12 Secure Application Manager (JSAM) 13 Network Connect 14 Terminal Services Component 14 Citrix Terminal Services Component 15 Host Checker (includes Secure Virtual Desktop) 15 Cache Cleaner 15 TSP-2657_1-1010

2 (15) Introduction In this document we describe requirements on terminals that are to be used together with the service Telia Secure Remote User, TSRU. The document also describes requirements regarding the customer s network that must be fulfilled to be able to use different types of functions and clients in Telia Secure Remote User. There is also a chapter focusing on required rights to run and install applications on different platforms. Platform support All browsers are 32-bit browsers unless otherwise specified. Vista or Vista refers to Vista Enterprise/Ultimate/ Business/Home Basic/Home Premium 7: Refers to 7 Enterprise/Ultimate/Business/Home Basic/Home Premium 8: Refers to 8 normal-edition/pro/enterprise/ RT Cross Platform support In this section we describe technical requirements that must be supported to use different functions and client softwares in Telia Secure Remote User. In this chapter we give a short description of each function and in the end you ll find a chart that describes supported platforms for: Web and File Browsing Secure Client-side Applets Secure Terminal Access -Secure Application Manager (J-SAM) Network Connect Junos Pulse Host Checker and Cache Cleaner Web and file browsing This function is SSL-VPN using your web browser to access local resources on your network after a successful login via Telia Secure Remote User to the company s intranet. (No specific VPN-client is needed by the user). The user will end up on a web portal from which different services can be reached like e.g. web applications and files.

3 (15) Client-side Applets If you want to enable users to browse to Web pages containing client-side applets. Telia Secure Remote User appears to the application server as a browser over SSL. Telia Secure Remote User transparently handles any HTTP requests and TCP connections initiated by a applet and handles signed applets. Secure Terminal Access This function is used mainly to establish terminal access for e.g. VT100 and can only establish Telnet or SSH connection into the local network. The Telnet/SSH option enables users to connect to internal server hosts in the clear using Telnet protocols or to communicate over an encrypted Secure Shell (SSH) session through a Web-based terminal session emulation. This feature supports the following applications and protocols: Network Protocols Supported network protocols include Telnet and SSH. Terminal Settings Supported terminal settings include VT100, VT320, and derivatives and screen buffers. Security Supported security mechanisms include Web/client security using SSL and host security (such as SSH if desired). -Secure Application Manager (J-SAM) The version of the Secure Application Manager provides support for static TCP port client/server applications, including enhanced support for Microsoft MAPI, Lotus Notes, and Citrix NFuse. JSAM also provides NetBIOS support, which enables users to map drives to specified protected resources. JSAM works well in many network configurations but does not support dynamic port TCP-based client/server applications, server-initiated connections, or UDP traffic. Network Connect, NC Network Connect is a VPN-client available for, Mac and Unix computers. The standard to handle the delivery of this client in Telia Secure Remote User is that it is automatically distributed and installed on the users terminal when it is required from the user (this automated provisioning requires that the user has admin rights in the terminal). This automated feature is also used to upgrade installed VPN-clients. In a seamless way for the user. The client can also as an option be distributed by the IT department separately or packaged together with other applications that are to be used by the user. Junos Pulse Junos Pulse is next generation VPN client for and Mac OS computers. Pulse client is also available for mobile devices (smartphones). Users of mobile device can install the Pulse client app from the respective app stores.

4 (15) Host Checker Host Checker is an optional component in Telia Secure remote User that you can use to perform endpoint checks on hosts that connect to the Telia Secure Remote User. Host Checker checks for third party applications, files, process, ports, registry keys, and custom DLLs as well as the NetBIOS name, MAC address, or certificate of the client machine and denies or enables access based on the results of the checks. When a user s computer does not meet the requirements you specify, you can display remediation instructions to users so they can bring their computers into compliance. For example, you may choose to check for virus detection before allowing a user access to any of the IVE realms, launch the software on the user s system if necessary, map the user to roles based on individual policies defined in your own DLL, and then further restrict access to individual resources based on the existence of spyware detection software. To implement Host Checker Consultancy time from Telia is needed. There is also a specific document which lists the different security software s that are supported and which can be used. No other security software is supported by Telia. You can download this document at www.telia.se/supportsecureremoteuser. Cache Cleaner Cache Cleaner is a client-side agent that removes residual data, such as temporary files or application caches, left on a user s machine after the SSL- VPN session (web browser based session). For example, when a user signs in to Telia Secure Remote User from an Internet kiosk and opens a Microsoft Word document using a browser plug-in, Cache Cleaner can remove the temporary copy of the Word file stored in the browser cache ( folder) when the session terminates. By removing the copy, Cache Cleaner prevents other kiosk users from finding and opening the Word document after the user concludes the session. Cache Cleaner can also prevent Web browsers from permanently storing the usernames, passwords, and Web addresses that users enter in Web forms. By preventing browsers from improperly caching this information, Cache Cleaner keeps confidential user information from being stored on untrusted systems.

5 (15) Supported platforms: Platform Operating System Browsers and Environment 8 on 32-bit or 64- bit platforms. 8 Enterprise on 32-bit. 7 on 32-bit or 64- bit platforms 7 SP1 Enterprise on 32-bit Vista on 32-bit or 64-bit platforms XP with SP3 on 32 bit Internet Explorer 10 (Only Desktop mode) Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and above including FF10 Oracle JRE 6 and above Mac Mac OS X 10.6.x, 32 bit and 64 bit Mac OS X 10.7.x, 32 bit Mac OS X 10.8.x, 32 bit Safari 6.0 Sun JRE 6 Safari 5.1 Sun JRE 6 Safari 5.0 Sun JRE 6 Platform Operating System Browsers and Environment Linux OpenSuse 10.x and 11.x Ubuntu 9.10, 10.x and 11.x Firefox 3.0 and above Oracle JRE 6 and above Red Hat Enterprise Linux 5 Solaris* Solaris 10, 32 bit only Mozilla 2.0 and above * Only for J-SAM For Mac, Linux, and Solaris J-SAM implementations: Automatic editing of hosts file is only available for root users Ports less than 1024 are only available for root users

6 (15) only support In this section we describe technical requirements on features and software that only is possible to run on operating system. In this chapter we give a short description of each function and in the end you ll find a chart that describes supported platforms for: Secure Application Manager WSAM Terminal Services Enhanced Endpoint Security o Note: Requires administrator privileges or Juniper Installer Service o Note: EES is not supported only on 64bit XP and 8 Secure Virtual Workspace o Note: Secure virtual workspace is supported only on 32bit Operating systems and is not supported on 8 Secure Application Manager (W-SAM) WSAM is a -based solution that enables you to secure traffic to individual client/server applications such as Lotus Notes, Microsoft Outlook, Citrix, and NetBIOS file browsing as well as application servers. You can download and launch WSAM using an ActiveX control hosted by Telia Secure Remote User, a delivery mechanism, or the WSAM launcher pre-installed on the client. Terminal Services Use the Terminal Services feature to enable a terminal emulation session on a terminal server, Citrix NFuse server, or Citrix Metaframe server. You can also use this feature to deliver the terminal services through Telia Secure remote User, eliminating the need to use another Web server to host the clients. Secure Virtual Workspace Secure Virtual Workspace makes it possible to connect to the company network securely from a not secured computer from e.g. an Internet café or other places with none trusted computers. On the actual computer a secure workspace is created and everything that thereafter is done on the computer is then protected and erased when the session is ended. All work is encrypted and not traces are to be found (American standard 5220.M).

7 (15) Supported platforms: Platform Operating System Browsers and Environment 8 Enterprise 32-bit. 8 on 32-bit or 64-bit Platforms. 7 on 32-bit or 64-bit platforms 7 SP1 Enterprise on 32-bit Vista on 32-bit or 64- bit platforms XP with SP3 on 32 bit Internet Explorer 10 (Only Desktop mode) Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and above, including FF10 Oracle JRE 6 and above

8 (15) Adaptive delivery for client applications Adaptive delivery of client applications means that Telia Secure remote User is able to recognise which terminal type that is trying to use a certain function and deliver a Mac OS version of e.g. Network Connect if the user wants to use that function for the first time. In case where ActiveX is disabled or is nor available due to platform or privilege limitations, the client application is installed using. Adaptive delivery is available for Host Checker, Enhanced Endpoint Security, WSAM, Network Connect and Terminal Services. Installing Sun JRE 6 or greater might improve the user experience for adaptive delivery for Juniper client applications. Juniper Installer Service Juniper Installer Services enables easy installation of client applications on computers that requires administrator rights on the actual computer. It enables Telia to easily initiate upgrades when agreed with the customer. Juniper Installer Service is supported for the following client applications: Network Connect, Secure Application Manager (W-SAM), Host Checker, Cache Cleaner and Terminal Services. Supported platforms - Juniper Installer Services: Platform Operating System Browsers and Environment 8 on 32-bit or 64-bit Platforms. 8 Enterprise 32-bit. 7 on 32-bit or 64-bit platforms 7 SP1 Enterprise on 32-bit Vista on 32-bit or 64- bit platforms XP with SP3 on 32 bit Internet Explorer 10 2 Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and above including FF10 Oracle JRE 6 and above

9 (15) Mobile Devices Web and file browsing (SSL-VPN) Supported platforms: Mobile OS Qualified Versions Compatible Android 2.3, 3.1, 3.2 and 4.0 2.1, 2.2 ios (iphone, ipad and ipod) 5.1.1 4.3.1, 4.3.3, 4.3.5* and 5.0.1 6.5 6.1 and 6.0 Supported Features for IPv4: Feature Android ios VPN Yes (ICS)** Yes Yes(WSAM) HC Yes Yes Yes Secure No Yes No meeting Active Sync Yes Yes Yes Rewriting Yes Yes Yes ** VPN support is available for Android ICS 4.0 version. For supported versions prior to ICS, Android platform build should be used or VPN drivers should be installed. Junos Pulse for iphone (VPN-client) Junos Pulse can create an authenticated Layer 3 SSL VPN session between an Apple iphone or Apple ipod Touch and Telia Secure Remote User. Junos Pulse enables secure connectivity to corporate applications and data. Junos Pulse is available for download from the itunes App Store. Junos Pulse for iphone (and ipod Touch) requires Apple ios 4.1 or higher. The Junos Pulse VPN app supports the following features: Full Layer 3 tunneling of packets UDP/ESP and NCP/SSL modes All types of authentication, including client certificate authentication Split tunneling modes: o Split tunneling disabled with access to local subnet o Split tunneling enabled Platform Qualified Compatible Version Devices Version Devices ios 7.0, 6.0 iphone 5, iphone 4 and 4S ipad2, ipad3, ipad 4, ipad Mini ipod Touch (running ios6 and above)

10 (15) Android 2.3.3, 3.0, 4.0, 4.1, 4.2, 4.3 Kindle Fire HD, HTC Thunderbolt, Samsung Galaxy S, S2, S3, 10 Tablet, Galaxy Note Google Nexus (S), HTC Incredible S710, Motorolla Atrix 3.1, 2.3.5,2.3.4 Various Host Checker Host Checker is an optional component in Telia Secure Remote User that you can use to perform endpoint checks on hosts that connect to the Telia Secure Remote User. To implement Host Checker Consultancy time from Telia is needed. Note: For non-qualified mobile platforms, customers may need to provide Telia with an activated device if the issue is not reproducible on any of the qualified platforms. WSAM supports TCP-based, client-initiated applications only

11 (15) Network requirements General requirements to use and access the customer s internal network via Telia Secure Remote User. General requirements are: Terminal must have access to Internet. Terminal must have access to a DNS server so that domain names can be translated to IP-addresses. TCP port 443 (https) must be open in the firewall if there is a firewall between the user and Internet. Network Connect Optimized mode requires UDP port 4500 to be open but works also with reduced performance if only TCP port 443 is open.

12 (15) Required rights to run and install applications The following tables outline the rights that are required to install and run the following client-side components in Telia Secure remote User using ActiveX, ActiveX installer service, and mechanisms: Secure Application Manager (WSAM) Secure Application Manager (JSAM) Network Connect Junos Pulse Terminal Services Component Citrix Terminal Services Component Host Checker (includes Secure Virtual Workspace) Cache Cleaner Secure Application Manager (WSAM) Client/Action ActiveX ActiveX: Installer Service Mac/Linux More Information Install Power User, or Not Applicable Run Standard User Standard User Standard User NOTE: Restricted users can perform the initial installation of WSAM with the installer service only if they start the installation by clicking the WSAM link in the user's portal page. The ActiveX installer requires users to reboot their systems after an installation or upgrade ( Mobile only). Users must have ActiveX components or enabled through their browsers to use the WSAM installers.

13 (15) Secure Application Manager (JSAM) Client/Action ActiveX ActiveX: Installer Service Mac/Linux Run User Power User, or Run /Root NOTE: Client system asks for the administrator password when JSAM launches. NOTE: JSAM XP/2000: o Automatic host mapping: you must have the rights to run regedit.exe in read-only" mode, and the rights to modify the hosts file. o Outlook and NetBIOS applications: you must have the rights to run regedit.exe in "read/write" mode. JSAM Vista and 7: o Automatic host mapping: you must have the rights to install jsamtool.exe on the system and run it. o Outlook and NetBIOS applications: you must have the rights to install jsamtool.exe on the system and run it. JSAM Mac OS X: o Automatic host mapping: you must provide the administrator password when JSAM prompts for it at launch. o Any applications that listen on ports below 1024: you must provide the administrator password when JSAM prompts for it at launch. JSAM Linux: o Automatic host mapping: you must be the root user. o Any applications that listen on ports below 1024: you must be the root user.

14 (15) Network Connect Client/Action ActiveX ActiveX: Installer Service Mac/Linux Install Power User, or Run Standard Standard User User Standard User * Standard User * Linux also requires rights to upgrade or downgrade Network Connect. Macintosh does not have this restriction. NOTE: Restricted users can perform the initial installation of Network Connect with the installer service only if they start the installation by clicking the Network Connect link in the user's portal page. (Mac only) When Network Connect is first installed (before ncinstallhelper exists on the system), you must provide the administrator password when prompted during the installation. On subsequent launches no special privileges are required. When the installer service is running, uninstalling Network Connect as a restricted user should be done from the user browser s preference page. Terminal Services Component Client/Action ActiveX ActiveX: Installer Service Mac/Linux Install Run Power User, or Power User, or Power User, or Power User, or Power User, or Power User, or

15 (15) Citrix Terminal Services Component Client/Action ActiveX ActiveX: Installer Service Mac/Linux Citrix Client Install Run Power User, or Power User, or Power User, or Power User, or Power User, or Power User, or Power User, or Power User, or Host Checker (includes Secure Virtual Desktop) Client/Action ActiveX ActiveX: Installer Service Mac/Linux Install Run Power User, or Power User, or Power User, or Power User, or Power User, or Power User, or NOTE: If you implement Secure Virtual Workspace (SVW) through Host Checker, note that restricted users, power users, and admins all have adequate rights to install and run SVW. Cache Cleaner Client/Action ActiveX ActiveX: Installer Service Mac/Linux Install Run Power User, or Power User, or Power User, or Power User, or Power User, or Power User, or

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information