Versions Compared

Old Version 4

changes.mady.by.user Suk-Kyu Frisch-Lee

Saved on

compared with

New Version Current

changes.mady.by.user Silvia Baumgartner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SSL VPN - Use Case Description

This demo use case will demonstrate a

SSL VPN authentication using a Java Card and the wireless card reader AirID

wireless 2-Factor-Authentication with AirID for a SSL VPN, improving both security and usability at the same time.

For this smart card demo use case we are using a third-party WINDOWS VPN client, the HOB RD VPN, to showcase secure remote access to a enterprise network. The smart card, provided by the AirID Evaluation-Kit, has already been

already

initialised and personalized with a demo certificate.


1. Please check before you start:

For this use case of

WINDOWS Smart Card Logon you

WINDOWS VPN client you will require:

  1. A smart card, JCOP 2.4.1 with an applet (provided with the AirID Evaluation-Kit)
  2. An AirID Version 1, wireless smart card reader (provided with the AirID Evaluation-Kit)
  3. A computer running Windows 10 operating system with Bluetooth LE 4.0 enabled (if BLE is not available onboard, a separate USB Bluetooth LE Adapter will be required). Please use a complete fresh system (clean Windows 10 installation) for this demo use case. 
  4. Administrative rights for installing new software on the computer



Tip

Please use this smart card and

PINs

PIN for SSL VPN demo use case:

  • User PIN: 123456

Image Added



2. Initial Installation on Windows 10

This section describes the initial setup and basic configurations on Windows 10 which are required for the Windows based demo use case, provided that no other prior installation has taken place.These steps are not necessary if there is a previous configuration for the document signing or smart card logon use case.

  • AirID Driver and AirID Central Installation
  • Bluetooth Pairing

2.1 AirID Driver and AirID Central Installation

Follow the steps below to install the AirID Windows Driver and the AirID Central App.

The AirID Central is a management App for your AirID. The App provides you with information and settings options for your AirID when your AirID is connected to your Windows device.

    1. Download the AirID Windows Setup. AirIDSetup_x64_1.0.16.0.msi for a 64- bit system or  AirIDSetup_x86_1.0.16.0.msi for a 32-bit system.
    2. Double click on the .msi installer file. 
    3. Follow the instructions in the installation wizard.

The AirID Windows Driver and the AirID Central App have been installed and the next step will be Bluetooth Pairing of the AirID with your computer. 

2.2 Bluetooth Pairing

To pair your Windows device with the AirID reader follow these steps:

    1. Insert your smart card to power on the AirID reader and activate Bluetooth at the AirID reader by navigating to the connection menu and pressing the jog dial control element. The AirID should display:

    2. Open Windows "Settings→ Devices→ BluetoothAdd new device". Your AirID should be listed with its serial number. Press "Pair"


    3. Enter the 6 digit pairing key shown on AirID display
    4. After succesful pairing "Pairing success" will be displayed on the AirID

The AirID has been paired with your computer and the next step will be the connection to HOB RD VPN.





Note

If you already paired AirID with another device, please navigate to "Prefered Device" in the AirID menu press the Jog-Dial and choose "new". Then press the Jog-Dial again to confirm. 


3. Connecting

und

to SSL VPN

3.1 Logging in

to HOB RD VPN


Follow the steps below to connect to the HOB VPN Server.

    1. Open the URL https://certgate.rdvpn.com in a browser of your choice.
    2. A certificate request pops up. Accept the certificate ‘certgate-VPN(issued by 'certgate-root') by pressing the ‘OK’ button.
    3. Enter the smartcard PIN (=123456)

The HOB RD VPN landing page appears. You are now successfully logged in via wireless 2FA with AirID.
[Screenshot]



Tip

The following browsers have been succesfully tested:

  • Chrome
  • Edge
  • Internet Explorer


3.1 HOB RD VPN Features 

The secure remote access suite HOB RD VPN enables secure access to enterprise data over the internet.

Menu Bar

On the upper menu bar, you will find four buttons: ‘Home’, ‘Settings’, ‘Language’, and ‘Logout’.

  • Click on the ‘Home’ button to return to the landing page.
  • With the ‘Settings’ button you can display version information about the HOB RD VPN.
  • The two supported ‘Languages
.
[Screenshot]
  • are English and German.
  • You can logout from HOB RD VPN by clicking the ‘Logout’ button.

Bookmarks

Under ‘Bookmarks’ you will find some preconfigured links.


-

In our demo use case you can access the following links:

  1. certgate Website
:
    • Redirects to the
Certgate
    • certgate website through the secured RD VPN proxy.
    • By clicking the browser’s return button, you will return to the landing page of the HOB RD VPN.
-
  1. HOB Website
:
    • Redirects to the HOB website through the secured RD VPN proxy.
    • By clicking the browser’s return button, you will return to the landing page of the HOB RD VPN.
 - HTML5 RDP:
  1. Windows Server 2016:
    • Opens an HTML5 RDP connection to a remote Windows Server 2016.
-
    • On the desktop of the remote session you will find a document labeled
‘Testdruck’
    • Testdruckwhich can be used for testing printing functionality.
-
    • You can close the session by right clicking on the Windows icon and selecting
‘Sign out’.
    • Sign out’.

    • Click on the

‘Home’

    • Homebutton to return to the landing page

.
- Fileserver:

    • .

      Note

      If the message 'WebSocket Connection Closed: CLOSE_ABNORMAL' appears, please wait a few minutes and try again. The server is being reset periodically into a defined configuration for optimal user experience.

      To minimize waiting times closing the browser and logging in to the VPN Server again before connecting to the remote Windows Server can help.


  2. Fileserver
    • Opens the WebFileAccess interface.
    • Click on ‘\\target-01.nml2.local\SMB-
Share’
    • Shareon the left side to access the files stored on the fileserver.
    • The files will appear in the main window.
    • To open or download a file, first click to enable the respective checkbox next to the file and click on the download icon
[screenshot]
    • in upper menu bar.
  • On the top right corner click on the ‘Home’ button [screenshot] to return to the landing page.
    • Under ‘Applications’

    Applications

    Under ‘Applicationsyou find some of the preconfigured features of HOB RD VPN for this test environment

    . After using an application, you can switch to another application by clicking on the menu on the left bar or by clicking the ‘X’ button

    .

    -
    • Intranet & Web Applications:
     
    • Provides a fast and simple path into the enterprise intranet.
    -
    • Desktops & Applications (Browser): Browser-based client for access to
    company-internal
    • remote desktops and applications.
    -
    • File Systems:
    See Fileserver above
    • Access to enterprise file servers with a web-based file explorer.
    -
    • Network Access: Opens
    an
    • a fully transparent SSL VPN
    fully transparent network
    • tunnel to the
    intranet. Not configured in this test environment.
    • enterprise network (available in the full version).

    After using an application, you can switch to another application by clicking on the menu on the left bar or

    You can logout from HOB RD VPN

    by clicking the ‘

    Logout

    X’ button.

    Note

    The following browsers have been succesfully tested:


    Landing PageImage Added

    Landing Page (Menu Bar, Bookmarks, Applications)


    Remote Windows Server 2016Image Added

    Remote Windows Server 2016


    Web File AccessImage Added

    Fileserver

  • Chrome
  • Edge
    • Internet Explorer