Simplified Control for IT

The Thinspace OneGate solution has an intuitive, easy to use web interface with graphical dashboard allowing administrators to deploy, configure and monitor the OneGate server from any web browser. Administrators can login using high-security, certificate based authentication providing an extra level of security.

OneGate Web Portal

Users login to a customized Web Portal which displays the applications available to them along with admin messages, OneGate client status, endpoint security result and change password options. Administrators can now customize the OneGate web portal directly from the management console.

OneGate Access Clients

Thinspace OneGate supports Windows, Mac OS X and Linux platforms. Users can access OneGate either through a Web Portal (Java) or locally installed Desktop Client. The Thinspace HTML5 RDP Client enables browser based access to SkyDesk and RDP applications.

Today, organizations of all sizes face the pressure to be able to deliver applications and data to ever increasing numbers of mobile workers. Whether this is home users, roaming users, customers or even business partners the need for a Remote Access solution that is easy to use and yet secure is the key requirement; this is where Thinspace OneGate (SSL VPN) can help.Organizations which are looking at secure remote access will often engage with current VPN solutions, whether IPsec or SSL VPN, which rely on layer 2 VPNs to provide seamless access to applications. This creates a security hole in perimeter security deployed at the corporate network level and opens up the network to unknown vulnerabilities generated from unmanaged desktop machines. It should be noted that the requirement is to deliver the application and network services to end-users rather than necessarily bridging unknown endpoints to corporate networks at untrusted locations.
ThinSpace Diagram Flow1_v2

SPAN Technology

Thinspace SPAN (Secure Private Application Network) technology enables a completely secure access method over any kind of network and devices. With SPAN technology, Thinspace OneGate can make applications available without bridging client device’s network with the corporate network. Other VPN solutions require a network adaptor with virtual IP Address for full functioning of client-server applications. SPAN technology has the following salient features:

  • Secure remote access without creating unsecured holes in the network’s perimeter security.
  • Makes application access possible without a virtual adaptor or routing changes on endpoint machine.
  • Hide complete network information obfuscation. User can never find the actual IP address of hostname of the internal servers.
  • Administrator can control each application available over VPN rather than opening up the whole network/subnets.

Secure Authentication

Thinspace OneGate uses standards-based SSL/TLS Security. Users can be authenticated by methods such as Active Directory, LDAP, and RADIUS or local database. Fully integrated client-certificate based two factor authentication with automatic certificate provisioning is in built in to OneGate. Configurable Authentication and Authorization servers mean that users can login using multiple methods and still have resources assigned by group or role.

Access Your Applications

Access all of your Applications, including all TCP and UDP applications such as HTTP/S and FTP based apps, RDP, Email, Windows File sharing and Propalms TSE and VDI. Even custom or proprietary applications and protocols are supported by Thinspace OneGate. In-built application templates help administrator create standard applications as well as define additional parameters.

Hardened Propalms OS

The OneGate application runs on Thinspace OS 4 which is a security hardened, enterprise class Linux Distribution derived from CentOS. Propalms OS hosts the required services for running Propalms OneGate and is maintained by Thinspace Development Team.

OneGate Application Launcher

The OneGate Application launcher is a simple user interface for users to launch their applications when logging in through the OneGate desktop client. After login, the Application Launcher is shown to the user with the list of applications the user has access to. The following applications can be displayed:

  • Thinspace SkyDesk Applications
  • Virtual Desktops from Thinspace SkyDirect VDI.
  • Web Applications.
  • Remote Desktop Connections including “My Desktop and Files”.
  • Remote Meeting.

Site to Site Access

Thinspace OneGate provides a unique Site-to-Site access feature where it is possible to chain Thinspace OneGate servers and access applications across sites. Other VPN solutions either provide IPsec based site to site or their SSL based Site-to-Site is layer 2 tunnel which suffer from poor performance because of too much packet loss. (Read “TCP-over-TCP” meltdown).

Simplified Control for IT

The Thinspace OneGate solution has an intuitive, easy to use web interface with graphical dashboard allowing administrators to deploy, configure and monitor the OneGate server from any web browser. Administrators can login using high-security, certificate based authentication providing an extra level of security. Administrators can perform tasks such as:

  • Specify authentication services (native, LDAP, Active Directory, RADIUS, ProID).
  • Create applications rules for remote access.(App templates included)
  • Create user and application groups for defining access to applications.
  • Control device access using endpoint policies and zones.
  • Enable high availability.
  • Configure remote meeting and view live sessions.
  • Specify time-based access restrictions.
  • View reports and manage current sessions plus much more…

Web Portal

Users login to a customized Web Portal which displays the applications available to them along with admin messages, OneGate client status, endpoint security result and change password options. Administrators can now customize the OneGate web portal directly from the management console. It is possible to upload a custom logo and company name and set login and welcome messages to be displayed on OneGate web portal.

32-bit & 64-bit Versions

The OneGate ISO based on CentOS is available for both 32bit as well as 64bit hardware platforms. The ISO for 32bit hardware can be installed on 64bit hardware. With support for 64bit platform a large amount of RAM and CPU power can be made available to OneGate server for scalable deployments.

iPad and Android Support

Thinspace OneGate provides access to business applications and desktops from iPad and Android based tablet devices. The Thinspace Universal Client available from the Apple App Store and Android Market allows access to both SkyDesk and  SkyDirect VDI applications via OneGate.

OneGate Portal – Kiosk Mode

Kiosk mode allows users to access certain applications without requiring any client software. Thinspace OneGate web portal delivers a set of Java applications enabling access to:

  • Remote Desktop Connnections.
  • FTP Applications.
  • VNC Applications.
  • File Share.
  • SSH/TELNET Applications.
  • Thinspace SkyDirect/SkyDesk.
  • Citrix Web/ICA.
  • My Desktop and Files.
  • Remote Meeting.

Thinspace SkyDesk Integration

Thinspace OneGate works in conjunction with Thinspace SkyDesk solution to deliver a highly efficient application delivery solution to enterprises. Thinspace SkyDesk provides presentation virtualization and OneGate provides secure remote access. Thinspace OneGate enables single sign-on, Web Portal & Desktop integration features for Thinspace SkyDesk enabled applications.

Thinspace VDI Integration

Thinspace OneGate integrates with Thinspace VDI to deliver a seamless access mode to VDI managed virtual desktops. OneGate administrator can publish the Thinspace VDI setup for roaming users by simply creating an application with a target as the Thinspace VDI connection broker. Thinspace OneGate talks to the Thinspace VDI connection broker and publishes users allocated virtual desktop on Thinspace OneGate portal.

My Desktop and Files

My Desktop and Files feature provides direct access to your office PC and file shares via Thinspace OneGate. Administrator can create a My Desktop and Files application type and upload a list of usernames along with their desktop hostnames/IP addresses/fileshares to be made available to them when they log in to OneGate.

Remote Meetings

The remote meetings feature offers authorized OneGate users the ability to perform remote web meetings for the purpose or sharing presentations, text chat, file transfer or just use as a Helpdesk facility. Remote meeting feature is available in both OneGate Portal and OneGate Desktop Client. A user can select “give support” to connect to another OneGate user. User can select “get support” to request support from another OneGate user.

Online License Service

Thinspace Online licensing portal allowing customers to login and manage their licenses and activate them. Activation can also be performed directly from the OneGate management console further simplifying the whole licensing process.

Deployment

Install OneGate in minutes using a simple, integrated installer or save even more time by downloading the Thinspace OneGate Virtual Appliance and import it directly into your VMware infrastructure or your other chosen virtualization platforms.

Client Access

Propalms VPN supports Windows, Mac OS X and Linux platforms. Users can access OneGate either through a Web Portal (Java) or locally installed Desktop Client.

EndPoint Security

Enforces access restrictions based on customizable policies such as Anti-virus, Anti-spyware and firewall status ensuring devices are ‘safe’ for connection to the network. IP and Mac address restrictions can also be enforced.

The Thinspace OneGate solution has an intuitive, easy to use web interface with graphical dashboard allowing administrators to deploy, configure and monitor the OneGate server from any web browser. Administrators can login using high-security, certificate based authentication providing an extra level of security.

The Web Management console is organized into a navigation tree which is logically grouped into the following management sections:

  • VPN STATUS – Displays real-time information about the OneGate server.
  • ACCESS MANAGEMENT – Provides User, Group and Authentication configuration options.
  • ENDPOINT MANAGEMENT – Configure Endpoint Security control and enforcement.
  • RESOURCES – Miscellaneous settings for use with other admin tasks.
  • HOST CONFIGURATION – Server specific settings and configuration.
  • HOST MAINTENANCE – OneGate backup, upgrade and licensing options.
  • MONITORING & REPORTING – Reports on User, Admin and Endpoint activities.
  • HIGH AVAILABILITY – OneGate Clustering Options.
  • REMOTE MEETINGS – OneGate Remote Meeting and Support Configuration.

Throughout the console, administrators can use the in-line help feature to assist them with their configuration.

Common administration tasks would consist of:

  • Creating/Adding Users (native, LDAP, Active Directory)
  • Creating User and Application Groups for defining access to applications.
  • Controlling device access using Endpoint Policies and Zones.
  • Specifying time-based access restrictions to applications and resources.
  • Viewing Reports and managing current user sessions.
SkyDesk Integration Thinspace OneGate seamlessly integrates with Thinspace SkyDesk allowing secure remote access to SkyDesk applications through the gateway. OneGate can be used as a replacement for the Single Port Relay service that is built into SkyDesk allowing greater scalability, security and stability.Once a user logs into OneGate, if SkyDesk access has been assigned to them by OneGate Administrator then they are authenticated to SkyDesk using their OneGate credentials and seamlessly delivered access to their authorized SkyDesk applications. This single sign-on feature creates an intuitive user experience where the user only has to enter their domain credentials once and can immediately access the applications that he/she has been assigned.
How this is presented to the user is dependent on the method of access:

OneGate Web Portal

Thinspace OneGate Web Portal is a browser based access mode. Users simply browse to https://OneGate_FQDN and enter their domain credentials. These credentials will be used to sign you in to SkyDesk also. When logging in through the OneGate Web Portal with SkyDesk application assigned, the user will see an extra tab on the portal named SkyDesk Applications. This page will display the TSE applications that have been published to this user from the SkyDesk Management Console. If the OneGate and SkyDesk client software is not installed or a newer version is available then this is downloaded on demand.

Thinspace Universal Client

Thinspace Universal Client provides access to applications and windows desktops from your iPad/iPhone or Android tablet device whether you are in the office, at home or mobile. The universal client connects to Thinspace OneGate and SkyDesk/SkyDirect VDI solutions enabling Bring Your Own Device services by offering the ability for the users to access business applications such as Microsoft Office from their tablet device or smartphone.

OneGate Desktop Client

Thinspace OneGate Desktop Client has a built-in application launcher to enhance the user experience for access to SkyDesk Applications. Users can simply launch the client and login using their domain credentials. Rather than users having to open a seperate web browser once connected to access their SkyDesk apps, the OneGate desktop client presents their published SkyDesk applications in a user friendly Application Launcher window on the desktop.

The primary driving factor for wide adoption of SSL VPNs is ubiquitous secure access from any device without any pre-requisites. However this opens up a new challenge for organizations as unknown and unmanaged devices including potentially harmful devices can connect to the corporate network. Moreover compliance becomes a challenge as it becomes impossible to enforce corporate policies to end users. Next generation SSL VPNs like Thinspace OneGate bring strong device profiling features that measure and calibrate each endpoint connecting to VPN against the corporate policies.

Thinspace OneGate provides a flexible policy framework for administrators to keep the corporate network safe from unclean devices by either keeping such devices out of network, restricting them to a part of network or remediate them to be able to access network services.

As part of device profiling, Thinspace OneGate can check for status of endpoint security software like antivirus, firewall and anti-spyware, OS and software updates and compliance to endpoint configurations. An intelligent cache wiper can clean the files and cache stored on the local hard disk by browsers or by users, whether residing in temporary folders or any of the drives.

Although SSL VPNs provide broader access capability which clearly enhances productivity, it also inherently widens network exposure to uncontrolled environments.

For Example: If a remote client machine is infected with virus/worms/Trojans/spy-wares, this un-wanted traffic is also sent to private network over secured connection. To effectively control these risks, it is no longer enough to manage access by user identity alone. The safety of the user’s endpoint environment must also be ensured by enforcing access policies based upon solid endpoint security.

Thinspace OneGate Administrators can create 3 types of product policies:

  • Antivirus
  • Antispyware
  • Firewall

Thus ensuring the most recent versions are installed and active on the user’s device before they can connect to the network. Further to this, Administrator’s can create Endpoint Zones which override Application Groups limiting access to applications based on the result of the user’s device profile from the Endpoint scan. For example, a ‘Quarantine’ Zone can be set to provide minimal access for non-compliant devices connecting to OneGate.

OneGate access can be further secured by enforcing MAC address and IP address policies on the gateway. The administrator can define a list of allowed or blocked addresses that are checked when the device scan occurs.

New User Interface

Propalms OneGate comes with a brand new user interface. This interface is both modern and light on the web browser.

Auto-Launch Applications

Administrator can select applications to start automatically (only applications which supports portal based access) when end user logs in.

New Access Controls

In previous versions of VPN, access controls were only based on application groups – Allowing application group access to user groups. OneGate’s new improved access control management interface will allow creating access controls with added access control methods. Newly added methods are Device ID and EndPoint Connectivity based controls.

Desktop Client – Alternate Gateways

OneGate client can access multiple gateways and will automatically connect to alternate gateways if primary gateway is not available.

Desktop Client – User Preferences

In the latest OneGate Desktop Client users can change a number of preferences such as start on logon, app auto-launch on/off, alternate gateway setup etc…

Multiple Domain Configuration

OneGate administrators can now configure multiple VPN Domains for user authentication. Admins can specify different authentication systems in these domains and enable/disable endpoint security. If multiple VPN domains are configured on OneGate server then at the time of login a new option will be shown to choose VPN domain in desktop client and web portal.

SMS Gateway Integration for Passphrase

Administrator can configure SMS gateway details in OneGate server so that users can get their passphrase via SMS during successful user creation or if administrator resets the passphrase. Administrator can also modify the contents of SMS

NTLM Application SSO

Administrator can enable single sign on for NTLM enabled web based applications, for e.g. MS OWA, SharePoint. This option is available only for web based applications. SSO options are available when you add specific web based applications in the console.

NTP Support Improved

Administrator can start or stop NTP server, verify status and check for last update time from this page. Primary and Secondary NTP Servers can be configured.

Two New Options for Sending User Information

Admin can choose to send information relating to user creation, reset passphrase or change password to either email or mobile phone.

Form Based SSO for HTTP and HTTPS Apps

Single sign on option (form and NTLM base) for http/https application type had been added.

New Search Option for Logs

Search option added in Admin, Activity, User and EPS logs.

New App Template – My Desktop and Files

New application type My Desktop and Files had been added. Now administrator can create one file share application in which you can map one user to specific files hare location. Single application can handle up to 300 entries.

Multiple Ports Support for Single App

Multiple ports support had been added for every applications type. Now administrator can publish max 5 ports in a single application.

Edit Email Templates

Administrator can edit the email templates used for new users and passphrase reset automated email generation.

SMTP Authentication

In previous versions, Thinspace VPN had an option for sending Passphrase to users Email IDs. This feature has been enhanced now with support of SMTP Authentication.

Kiosk Mode in OneGate Portal

User can login into OneGate web portal using kiosk mode from a locked down machine. Application proxy support without requiring local administrator rights feature is added in this release. Supported applications are Terminal Services (RDP), VNC, File Share, My Desktop & Files, Telnet, SSH and Web applications (limited).

Client Settings Configuration

The Administrator can now specify certain client configuration settings for the OneGate client and also optionally control deployment of Thinspace SKYDESK client for integration and capability for users to launch applications published on Thinspace SKYDESK Server.

Desktop Client – Save Username and Password

End users can save their user name and password by selecting Remember Me and Remember Password options from Thinspace OneGate Desktop Client.

ISP Load Balancing

Thinspace OneGate now supports inbound connection load balancing. OneGate VPN can be accessible from multiple Internet service providers configured in the management console. When end user connects to OneGate VPN it will check load on the Links and send login requests to less loaded ISP. This feature will be helpful if customers have multiple internet connections and wish that incoming users should be equally distributed across the internet connections.

Integrated ProID based 2 Factor Authentication

Currently customers can use only one type of authentication which is local username/password, domain users or RADIUS users or PROID (OTP) users. In production environments customer would like user to login using their domain credential as well provide another dynamic credential for greater security. For e.g. customer would expect users to enter their domain credentials and an OTP generated by SMS, Email, Hardware token or Software token.

Log File Settings

Newly added Log file settings allows for more flexibility for creating log files. OneGate administrators can select log archiving frequency by Daily, Weekly or Monthly basis. They can also set size of log files and maximum number of archived log files.

NTP Support Improved

Administrator can start or stop NTP server, verify status and check for last update time from this page. Primary and Secondary NTP Servers can be configured.

Custom UI for Authentication

In desktop client, Administrator can change the text message for user and label of user name/password.

CSR Key Length Increased

Now administrator can generate SSL certificate CSR with three different key length options (1024, 2048, and 4096).

Virtual Server

Add Virtual Server to use OneGate server as HTTPS reverse proxy server. Admin can create a unique DNS name and then create a virtual server for this DNS name. This will not require user to download the VPN java client modules.

New Search Filters

New search capability has been added to the management console in the Users, Applications and Access Control screens.

All contents © Copyright Thinspace 2016.