How It Works
SSL-Explorer is an application written in Java and contains its own database and web server that is used to serve secure web pages in order to access back-end network resources. While the product is ideally installed upon a standalone server, it may be installed as a service and run in the background to other processes if desired.
The product acts as a web-based proxy that mediates requests for resources from external users while also providing a means of authenticating these users' identities by querying a number of user databases including Microsoft's Active Directory. Access rights are enforced by the principle of role based access control and other secondary access control measures such as NTFS filesystem permissions can also affect the resources that a user may access.
Some resources (e.g. remote desktop access) require the use of port forwarding to operate successfully. For this purpose a lightweight Java applet known as the 'SSL-Explorer Agent' is downloaded and launched by the client browser. The applet intercepts TCP/IP requests on certain configurable ports and forwards them to the SSL-Explorer server which in turn routes them to the appropriate endpoint on the network.
Using a combination of various techniques such as web proxying and port forwarding, most corporate applications can continue to function unimpeded with their data tunneled transparently between the end point and the client (via SSL-Explorer) using the HTTPS protocol.
Network resources that may be externalized by SSL-Explorer include the following:
- Intranet websites
- Rich web-based applications such as Microsoft Outlook Web Access
- Access to workstation desktops
- File resources published on FTP/SFTP/SMB file mounts
- Other company resources accessible by TCP/IP, e.g. databases and other custom applications
The actual VPN server itself may be placed inside either the DMZ or within the trusted network itself with incoming connections on port 443 forwarded directly to SSL-Explorer by firewall rules. One of the main advantages associated with SSL VPN products lies in the fact that when correctly set up it should be technically possible to close all other firewall ports apart from the HTTPS/SSL port 443.
While often lumped together as similar solutions, SSL-Explorer is conceptually different from OpenVPN in that it provides controlled and authenticated access to services and applications within a network rather than full, unchallenged network access .
Read more about this topic: SSL-Explorer: Community Edition
Famous quotes containing the word works:
“He never works and never bathes, and yet he appears well fed always.... Well, what does he live on then?”
—Edward T. Lowe, and Frank Strayer. Sauer (William V. Mong)