SSL VPN - Use Case Description
This demo use case will demonstrate a wireless 2-Factor-Authentication with AirID for a SSL VPN, improving both security and usability at the same time.
For this smart card demo use case we are using a third-party WINDOWS VPN client, the HOB RD VPN, to showcase secure remote access to a enterprise network. The smart card, provided by the AirID Evaluation-Kit, has already been initialised and personalized with a demo certificate.
1. Please check before you start:
For this use case of WINDOWS VPN client you will require:
- A smart card, JCOP 2.4.1 with an applet (provided with the AirID Evaluation-Kit)
- An AirID Version 1, wireless smart card reader (provided with the AirID Evaluation-Kit)
- A computer running Windows 10 operating system with Bluetooth LE 4.0 enabled (if BLE is not available onboard, a separate USB Bluetooth LE Adapter will be required). Please use a complete fresh system (clean Windows 10 installation) for this demo use case.
- Administrative rights for installing new software on the computer
Please use this smart card and PIN for SSL VPN demo use case:
- User PIN: 123456
2. Initial Installation on Windows 10
This section describes the initial setup and basic configurations on Windows 10 which are required for the Windows based demo use case, provided that no other prior installation has taken place.These steps are not necessary if there is a previous configuration for the document signing or smart card logon use case.
- AirID Driver and AirID Central Installation
- Bluetooth Pairing
2.1 AirID Driver and AirID Central Installation
Follow the steps below to install the AirID Windows Driver and the AirID Central App.
The AirID Central is a management App for your AirID. The App provides you with information and settings options for your AirID when your AirID is connected to your Windows device.
- Download the AirID Windows Setup. AirIDSetup_x64_1.0.16.0.msi for a 64- bit system or AirIDSetup_x86_1.0.16.0.msi for a 32-bit system.
- Double click on the .msi installer file.
- Follow the instructions in the installation wizard.
The AirID Windows Driver and the AirID Central App have been installed and the next step will be Bluetooth Pairing of the AirID with your computer.
2.2 Bluetooth Pairing
To pair your Windows device with the AirID reader follow these steps:
- Insert your smart card to power on the AirID reader and activate Bluetooth at the AirID reader by navigating to the connection menu and pressing the jog dial control element. The AirID should display:
Open Windows "Settings→ Devices→ Bluetooth→Add new device". Your AirID should be listed with its serial number. Press "Pair"
- Enter the 6 digit pairing key shown on AirID display
- After succesful pairing "Pairing success" will be displayed on the AirID
- Insert your smart card to power on the AirID reader and activate Bluetooth at the AirID reader by navigating to the connection menu and pressing the jog dial control element. The AirID should display:
The AirID has been paired with your computer and the next step will be the connection to HOB RD VPN.
If you already paired AirID with another device, please navigate to "Prefered Device" in the AirID menu press the Jog-Dial and choose "new". Then press the Jog-Dial again to confirm.
3.1 HOB RD VPN Features
The secure remote access suite HOB RD VPN enables secure access to enterprise data over the internet.
Menu Bar
On the upper menu bar, you will find four buttons: ‘Home’, ‘Settings’, ‘Language’, and ‘Logout’.
- Click on the ‘Home’ button to return to the landing page.
- With the ‘Settings’ button you can display version information about the HOB RD VPN.
- The two supported ‘Languages’ are English and German.
- You can logout from HOB RD VPN by clicking the ‘Logout’ button.
Bookmarks
Under ‘Bookmarks’ you will find some preconfigured links.
In our demo use case you can access the following links:
- certgate Website
- Redirects to the certgate website through the secured RD VPN proxy.
- By clicking the browser’s return button, you will return to the landing page of the HOB RD VPN.
- HOB Website
- Redirects to the HOB website through the secured RD VPN proxy.
- By clicking the browser’s return button, you will return to the landing page of the HOB RD VPN.
- Windows Server 2016:
- Opens an HTML5 RDP connection to a remote Windows Server 2016.
- On the desktop of the remote session you will find a document labeled ‘Testdruck’ which can be used for testing printing functionality.
- You can close the session by right clicking on the Windows icon and selecting ‘Sign out’.
Click on the ‘Home’ button to return to the landing page.
If the message 'WebSocket Connection Closed: CLOSE_ABNORMAL' appears, please wait a few minutes and try again. The server is being reset periodically into a defined configuration for optimal user experience.
To minimize waiting times closing the browser and logging in to the VPN Server again before connecting to the remote Windows Server can help.
- Fileserver
- Opens the WebFileAccess interface.
- Click on ‘\\target-01.nml2.local\SMB-Share’ on the left side to access the files stored on the fileserver.
- The files will appear in the main window.
- To open or download a file, first click to enable the respective checkbox next to the file and click on the download icon in upper menu bar.
Applications
Under ‘Applications’ you find some of the preconfigured features of HOB RD VPN for this test environment.
- Intranet & Web Applications: Provides a fast and simple path into the enterprise intranet.
- Desktops & Applications (Browser): Browser-based client for access to remote desktops and applications.
- File Systems: Access to enterprise file servers with a web-based file explorer.
- Network Access: Opens a fully transparent SSL VPN tunnel to the enterprise network (available in the full version).
After using an application, you can switch to another application by clicking on the menu on the left bar or by clicking the ‘X’ button.
Landing Page (Menu Bar, Bookmarks, Applications)
Remote Windows Server 2016
Fileserver