At 2X, our main concern is making your environment secure, reliable, and free from nonsense glitches in the daily running of your network, whenever possible. We constantly work hard to improve our products and make them even faster, reliable, and easy to use. In this article, we will take a look at the way the 2X ApplicationServer XG helps you provide a secure, reliable and organized infrastructure.
With 2X Remote Application Server, we provide network administrators features for extra layers of filtering and security. The main scope of doing so, is not only to make it easier for administrators – as in not having to configure thousands GPO’s every day – but also to let the administrator decide what the users will be able to see, access, and do.
In order to achieve this, there are a few possible ways combinable together that will help you in organizing access for users, user groups, or even specific machines. Let us take a look at the many options and let me give you a short explanation about their functionalities:
The main concept of 2X Remote Application Server is to provide an easy-to-use application access solution. We made it possible for you to publish Applications, Folders and Desktops in a seamless way. The filtering on Publish is simply done on the Filtering tab; On the “Select Filtering Type” dropdown box you are able to select an item to a particular user, groups, clients or IP addresses. From here you can also set the filtering on either LDAP or WinNT.
2. Gateways properties:
The Security tab also very important: it allows you to filter connections through your gateway by matching MAC addresses. Therefore, Administrators are able to block out MAC addresses or allow only the specified entries to run published application. In my opinion the best security option is to allow known Mac addresses only here!
From Farm>Gateways>Gateways>properties>network, you are able to configure the specific ports needed for your connections, which includes the 2X Secure Client Gateway Port (meaning that the 2X Clients will connect to 2X ASXG on this port and/or SSL port if needed), the RDP, the Citrix, and also the TFTP ports (TFTP for PXE booting).
Also from the properties>advanced tab there is a tick box (right at the end of this small window on your bottom left) called: “Enable RDP DOS Attack Filter”. This option is extremely helpful but could also be very tricky, depending on your environment. Enabling the ‘RDP DOS Attack Filter’ checkbox protects the Gateway from ‘Denial of Service’; this means that you have a storm of connections in one go, they will just get rejected, as this normally leads to a denial of services attacks that you get from bad hackers. Bear in mind though, if you are a massive company with over 300 users and they all start working at 9:00 am sharp, and they all login at the same time, you might want to do a couple of test with this one on or off to see if the result is your desired one.
On the properties>SSL/TLS tab, you can enable Secure Sockets Layer which provides end-to-end SSL encryption to your terminal servers, and assign to it the respective ports and certificates. Enabling ‘Allow only strong ciphers’ checkbox, will set the gateway from medium to a higher level of encryption. Keep in mind however that the 2X Secure Client Gateway offers the ability to tunnel SSL traffic over port 80!
Connection field>2x Publishing Agent tab: from here you will be able to configure the ports to use for the publishing agent service, and the authentication options. From here, you will also be able to enforce from which domain/s your users will be able to connect.
Connection field>Second Level authentication tab: from here you can configure your second level authentication options, and exclusions rules, not to set everyone to second level authentication.
Connection field>Published item listing: from here you can select which type and/or version of the 2X Client will be able to connect. This is very helpful when you need ‘lazy users with admin rights’ to upgrade to the latest and greatest version of the 2X Client.
4. Tunneling policies
On the Tunneling Policies tab you can set specific filters so that native RDP & ICA connections can be redirected to specific terminal server(s). Load balancing rules are useful when assigning a group of terminal servers or a specific terminal server with a 2X Secure Client Gateway IP. Therefore connections initiated from that particular IP will be load balanced to a corresponding group or a particular terminal server. Remember that Load Balancing Rules are applicable only to non-published desktop sessions. Such kind of settings are useful when you want to allow connections from a certain interface.
5. Client policies:
The client filtering helps you in setting up and customizing Client policies. In plain English, this is the function that controls connection properties and client options (to note that at present this is only available for 2X Clients installed on Windows, including Windows CE and XP Embedded).
To add a 2X Client Policy, all you need to do is to open the console, go to Client>2X Client Management Tab, and click on “Add”. You can then start by giving the new policy a name in the policy field, decide whether to use LDAP, or WinNT, when adding Users or Groups. Next, you can configure both ‘Connection Properties’ and the ‘Options’ that will be pushed to the users‟ 2X Client.
(for more about how to configure the Connection Properties for 2X Client, kindly refer to the following link: http://www.2x.com/downloads/docs/en/manuals/pdf/2XClientForWindows.pdf)
Your filtering and security couldn’t be any easier!