2X Remote Application Server Taking Network Security to the Next Level!

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someonePrint this pagePin on PinterestShare on TumblrBuffer this pageShare on RedditShare on StumbleUpon

At 2X, our main concern is making your environment secure, reliable, and free from nonsense glitches in the daily running of your network, whenever possible. We constantly work hard to improve our products and make them even faster, reliable, and easy to use. In this article, we will take a look at the way the 2X ApplicationServer XG helps you provide a secure, reliable and organized infrastructure.

With 2X Remote Application Server, we provide network administrators features for extra layers of filtering and security. The main scope of doing so, is not only to make it easier for administrators – as in not having to configure thousands GPO’s every day – but also to let the administrator decide what the users will be able to see, access, and do.

In order to achieve this, there are a few possible ways combinable together that will help you in organizing access for users, user groups, or even specific machines. Let us take a look at the many options and let me give you a short explanation about their functionalities:


1.     Publishing:

The main concept of 2X Remote Application Server is to provide an easy-to-use application access solution. We made it possible for you to publish Applications, Folders and Desktops in a seamless way. The filtering on Publish is simply done on the Filtering tab; On the “Select Filtering Type” dropdown box you are able to select an item to a particular user, groups, clients or IP addresses. From here you can also set the filtering on either LDAP or WinNT.

2.     Gateways properties:

The Security tab also very important: it allows you to filter connections through your gateway by matching MAC addresses. Therefore, Administrators are able to block out MAC addresses or allow only the specified entries to run published application. In my opinion the best security option is to allow known Mac addresses only here!

From Farm>Gateways>Gateways>properties>network, you are able to configure the specific ports needed for your connections, which includes the 2X Secure Client Gateway Port (meaning that the 2X Clients will connect to 2X ASXG on this port and/or SSL port if needed), the RDP, the Citrix, and also the TFTP ports (TFTP for PXE booting).

Also from the properties>advanced tab there is a tick box (right at the end of this small window on your bottom left) called: “Enable RDP DOS Attack Filter”. This option is extremely helpful but could also be very tricky, depending on your environment. Enabling the ‘RDP DOS Attack Filter’ checkbox protects the Gateway from ‘Denial of Service’; this means that you have a storm of connections in one go, they will just get rejected, as this normally leads to a denial of services attacks that you get from bad hackers. Bear in mind though, if you are a massive company with over 300 users and they all start working at 9:00 am sharp, and they all login at the same time, you might want to do a couple of test with this one on or off to see if the result is your desired one.

On the properties>SSL/TLS tab, you can enable Secure Sockets Layer which provides end-to-end SSL encryption to your terminal servers, and assign to it the respective ports and certificates. Enabling ‘Allow only strong ciphers’ checkbox, will set the gateway from medium to a higher level of encryption. Keep in mind however that the 2X Secure Client Gateway offers the ability to tunnel SSL traffic over port 80!

3.     Connection:

Connection field>2x Publishing Agent tab: from here you will be able to configure the ports to use for the publishing agent service, and the authentication options. From here, you will also be able to enforce from which domain/s your users will be able to connect.

Connection field>Second Level authentication tab: from here you can configure your second level authentication options, and exclusions rules, not to set everyone to second level authentication.

Connection field>Published item listing: from here you can select which type and/or version of the 2X Client will be able to connect. This is very helpful when you need ‘lazy users with admin rights’ to upgrade to the latest and greatest version of the 2X Client.

4.     Tunneling policies

On the Tunneling Policies tab you can set specific filters so that native RDP & ICA connections can be redirected to specific terminal server(s). Load balancing rules are useful when assigning a group of terminal servers or a specific terminal server with a 2X Secure Client Gateway IP. Therefore connections initiated from that particular IP will be load balanced to a corresponding group or a particular terminal server. Remember that Load Balancing Rules are applicable only to non-published desktop sessions. Such kind of settings are useful when you want to allow connections from a certain interface.

5.     Client policies:

The client filtering helps you in setting up and customizing Client policies. In plain English, this is the function that controls connection properties and client options (to note that at present this is only available for 2X Clients installed on Windows, including Windows CE and XP Embedded).

To add a 2X Client Policy, all you need to do is to open the console, go to Client>2X Client Management Tab, and click on “Add”. You can then start by giving the new policy a name in the policy field, decide whether to use LDAP, or WinNT, when adding Users or Groups. Next, you can configure both ‘Connection Properties’ and the ‘Options’ that will be pushed to the users‟ 2X Client.

(for more about how to configure the Connection Properties for 2X Client, kindly refer to the following link: http://www.2x.com/downloads/docs/en/manuals/pdf/2XClientForWindows.pdf)

Your filtering and security couldn’t be any easier!


Giorgio Bonuccelli is a Marketing and Communications Director at Parallels. Giorgio has extensive experience in cloud computing and virtualization, with a background of many years in multinational corporations (Dell, EMC and McAfee). In his career he has filled different roles, from sales to training and marketing. This wide-ranging experience and flexibility helps him simplify concepts and write content that is easy to read and understandable even by newcomers to the subject. As a blogger and technical writer he has published more than 1000 papers.

  • papazian


    All theses features help us secure 2X access.
    But 1 feature doesn’t work for public IP filtering :

    When you decide to filter on local IP Adresses to authorize them you have a problem :

    If you have some users who connect from Internet behind a gateway they may have local ip adress and the 2x client Ip filter is based on loacl adresses.

    So, the risk is internet user can access ressources ( for LAN users ) whereas they are outside your LAN !

    Can 2X Software plan to fix this feature ?


  • http://www.2x.com Gino Dalcielo

    Hi Papazan,

    Thank you very much for your comment!

    I am happy to inform you that we are already working on implementing a filtering level depending on which gateway IP the user connects to (similar to the exclusion filter when second level authentication is enabled).

    Stay tuned for more updates!


  • Pingback: A Closer look at 2X Publishing Filters - 2X Blog()