Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

NetOp Tech GmbH Remote Control. Education. Security


Published on

  • Be the first to comment

  • Be the first to like this

NetOp Tech GmbH Remote Control. Education. Security

  1. 1. Moving expertise – not people NetOp Remote Control – Desktop Management for OS/2 - eComStation Warpstock Europe 2007 Andreas Kietzmann Managing Director NetOp Tech GmbH
  2. 2. Agenda <ul><li>Introduction of NetOp Tech GmbH </li></ul><ul><li>NetOp Product Pillars </li></ul><ul><li>Remote Control/Management Functionality </li></ul><ul><li>OS-Platforms </li></ul><ul><li>Presentation of NetOp Host for OS/2 - eComStation </li></ul>
  3. 3. NetOp Tech GmbH <ul><li>Subsidary of Danware A/S </li></ul><ul><li>Established October 2006 in Stuttgart </li></ul><ul><li>Location since April 2007: Neu-Isenburg near Frankfurt </li></ul><ul><li>Objectives: Sales, marketing and support of the NetOp solutions </li></ul><ul><li>Number of employees: 9 </li></ul><ul><li>100% indirect sales through channel </li></ul>
  4. 4. NetOp – Product Pillars NetOp Process Control - Scaleable safety solution with central management console for the monitoring of processes and communication on Desktop/Laptop computers NetOp Net Filter – Centrally manageable Web filter. NetOp Learning Center – eLearning Content Management Solution. NetOp School - Solution for education, training and instruction in computer-based classrooms . NetOp Instruct - Solution for computer-based advanced training, teamwork and internal communication in enterprises . NetOp Desktop Firewall NetOp NetFilter NetOp Learning Center NetOp School NetOp Instruct
  5. 5. NetOp – Product Pillars NetOp Remote Control – highly scalable software solution for remote maintenance of heterogeneous, complex IT environments for enterprises of all size . NetOp Mobile - The remote control solution for the remote administration of mobile and industrial devices e.g. mobile phone, PDAs, Windows CE/Mobile was based controls. NetOp On Demand - Web based remote control solution for the flexible employment e.g. for the support of external customers. NetOp Remote Control NetOp Mobile NetOp On Demand
  6. 6. The complete, scalable and secure remote control software for IT professionals <ul><li>Complete - one product covers all Remote control across multiple platforms - Windows, Linux, Mac, OS/2, Sun Remote Management Unrivalled connectivity solutions available for LAN, WAN/Internet </li></ul><ul><li>Scalable – from few to thousands of users Hierarchical, sharable address book Integration with Directory Services Multiple Guest users sharing same screen </li></ul><ul><li>Secure – advanced authentication and unbreakable encryption Authentication by e.g. Smart Card, RSA SecureID and Directory Services NetOp Security Server for extended authentication and authorization Encryption implemented according to the toughest industry standards. </li></ul><ul><li>When quality matters </li></ul>
  7. 7. NetOp Remote Control today <ul><li>NetOp Remote Control is designed specifically to meet the needs of corporate business, and is packed with numerous features to help IT professionals get the most out of remote control technology. </li></ul><ul><li>NetOp is typically used for </li></ul><ul><ul><li>Remote access to the user’s own computer </li></ul></ul><ul><ul><li>Remote server administration </li></ul></ul><ul><ul><li>Remote user support from a corporate Helpdesk </li></ul></ul>
  8. 8. NetOp Modules <ul><li>Guest </li></ul><ul><ul><li>Allows a computer to remote control any computer running the Host module. </li></ul></ul><ul><li>Host </li></ul><ul><ul><li>Allows a computer to be remote controlled by any computer running the Guest module . </li></ul></ul><ul><li>Gateway </li></ul><ul><ul><li>An extended Host module that can route NetOp traffic across different communication protocols. </li></ul></ul><ul><li>Name Server </li></ul><ul><ul><li>An extended Host module that can store NetOp names and resolve them into IP addresses. </li></ul></ul><ul><li>Security Server </li></ul><ul><ul><li>An extended Host module that can control NetOp security management and logging. </li></ul></ul>
  9. 9. Key Features <ul><li>Remote control – superior quality supporting a large range of platforms. </li></ul><ul><li>Remote Management – computer management controlling services, registry, tasks, event log, shares and system state. </li></ul><ul><li>File transfer – split screen, copy, move, sync, clone, crash recovery and delta transfer. </li></ul><ul><li>Scripting – schedule file transfers and other operations like inventory scanning. </li></ul><ul><li>ActiveX components – integrate remote control and file transfer into other applications. </li></ul><ul><li>Chat, Audio Chat, Video Chat – allow users to communicate in text mode or verbally – supported by webcam video. </li></ul>
  10. 10. Key Features … <ul><li>Multi Guest session – allows a number of Guest users to view and control the same Host desktop. </li></ul><ul><li>Run Program – launch programs at the remote computer. </li></ul><ul><li>Send Message – distribute popup messages in Rich Text Format which allows links to e.g. web sites. </li></ul><ul><li>Get Inventory – collect hardware and software information from remote computers. </li></ul><ul><li>Request Help – contact the help desk via NetOp and run an external application to auto-generate trouble tickets. </li></ul><ul><li>Communication devices – TCP/IP (IPv4), TCP/IP (IPv6), IPX, NetBIOS, Serial, TAPI, CAPI, IrDA. </li></ul>
  11. 11. Key Features … <ul><li>Security – local and centralized, Native NetOp, Directory Services, RSA SecurID, Smart Card and Windows-integrated. </li></ul><ul><li>Encryption – implemented according to the toughest industry standards. </li></ul><ul><li>Event logging – local, centralized, Windows-integrated and management-integrated. </li></ul><ul><li>Session recording – save the Host screen activities in a file for later replay. </li></ul><ul><li>Snapshot - save the current Host desktop image as a file. </li></ul><ul><li>Deployment Utility – roll-out a large number of NetOp Hosts unattended. </li></ul>
  12. 12. Remote Control <ul><li>Remote control allows a user to view the desktop of a remote computer from ones computer. </li></ul><ul><li>Take full control of remote keyboard and mouse . </li></ul><ul><li>Host desktops can be displayed in full-screen, optionally auto-scrolling window or fit window mode. Support for full-screen command prompt. </li></ul><ul><li>Remote control windows and the Guest application window are separate. </li></ul><ul><li>Multiple Guest sessions allow multiple Guests to view the same Host desktop. </li></ul><ul><li>Cascade remote control can chain Guest-Host sessions. </li></ul>
  13. 13. File Transfer <ul><li>The File Manager offers: </li></ul><ul><ul><li>Drag-and-drop transfer. </li></ul></ul><ul><ul><li>Copy, Move, Synchronize, Clone. </li></ul></ul><ul><ul><li>Crash recovery and Delta transfer. </li></ul></ul><ul><ul><li>Select/deselect files/directories. </li></ul></ul><ul><ul><li>Invert selections and Hotkeys. </li></ul></ul><ul><ul><li>Local file transfer. Open and edit local and remote files. </li></ul></ul><ul><ul><li>Progress bar with transfer details. </li></ul></ul><ul><ul><li>Log with graphical viewer. </li></ul></ul>
  14. 14. Multi Guest Session <ul><li>The Multi Guest Session allows a number of Guest users to view the same Host desktop and in turn have keyboard and mouse control. Multiple instances of file transfer sessions and a shared text chat are enabled as well. </li></ul><ul><li>A Guest can withdraw keyboard and mouse control from another Guest computer or pass control to a specific Guest. </li></ul>Guest Gateway Host Firewall Internet Guest Guest
  15. 15. Multi Chat <ul><li>This feature allows multiple Guests to communicate online in formatted, line based text mode. </li></ul>
  16. 16. Request Help <ul><li>Host users can request help from multiple help-providing Guest users at the touch of a button or unattended from a command line. </li></ul><ul><li>Optionally, customize help requests by a specified problem description, help service name, unique service tickets, communication profile and/or timeout. </li></ul><ul><li>A help request icon can be added to the tray and will also be available when the Host runs in stealth mode. </li></ul><ul><li>Incoming requests can start an action like send message and/or run an application - e.g. a helpdesk system that auto-generates a trouble ticket. </li></ul>Host Gateway Guest Firewall Internet Guest
  17. 17. Key Features <ul><li>High Performance </li></ul><ul><li>Security </li></ul><ul><li>Stability </li></ul><ul><li>Superior Cross-platform Support </li></ul><ul><li>Multi-protocol Communication </li></ul><ul><li>Scalability </li></ul>
  18. 18. High Performance <ul><li>Among the fastest in the world. </li></ul><ul><li>Only screen changes are transferred. </li></ul><ul><li>Windows version uses GDI-hooking. </li></ul><ul><li>Advanced event-driven region technique. </li></ul><ul><li>Uses bitmap caching. </li></ul><ul><li>Non-polling communication engine. </li></ul><ul><li>Strong compression algorithm. </li></ul>Guest Host
  19. 19. Key Benefits <ul><li>High Performance </li></ul><ul><li>Security </li></ul><ul><li>Stability </li></ul><ul><li>Superior Cross-platform Support </li></ul><ul><li>Multi-protocol Communication </li></ul><ul><li>Scalability </li></ul>
  20. 20. Security Objectives <ul><li>The main security objectives for NetOp are: </li></ul><ul><ul><li>To secure the Host against unauthorized access across the wire. </li></ul></ul><ul><ul><li>To protect the traffic between NetOp modules against eaves-dropping and unauthorized alteration of data. </li></ul></ul><ul><ul><li>To offer a broad range of alerting options. </li></ul></ul><ul><ul><li>To prevent unauthorized change of the Host configuration. </li></ul></ul><ul><ul><li>To offer extensive event logging. </li></ul></ul>Guest Hosts Firewall
  21. 21. Secure the Host from unauthorized access <ul><li>To gain access to the Host, the Guest can be forced to meet up to six access criteria. </li></ul>Guest Host 2 1 3 5 4 6 MAC/IP address check Closed user group Authentication Call back User controlled access Authorization
  22. 22. MAC/IP address check <ul><li>The Host can filter the Guest addresses it communicates with based on: </li></ul><ul><ul><li>IP address (TCP and UDP). </li></ul></ul><ul><ul><li>MAC address (IPX and NetBIOS). </li></ul></ul><ul><li>When enabled, the Host only communicates with Guest computers if their addresses are listed. </li></ul><ul><li>Designed to use the original MAC/IP address (or the NAT address) of the Guest. </li></ul>1
  23. 23. Closed User Group <ul><li>Closed User Group serial numbers are supplied by Danware to: </li></ul><ul><ul><li>Deny any communication with modules not using the same Closed User Group serial number. </li></ul></ul><ul><ul><li>Prevent employees from using the modules outside the organization. </li></ul></ul><ul><ul><li>Prevent outside access to the organization. </li></ul></ul>Host Guest 1234…. 4321…. ? 2
  24. 24. Authentication <ul><li>Authentication is the process of verifying the identity of a user based on a set of logon credentials. </li></ul><ul><li>Local authentication </li></ul><ul><ul><li>The identity information is available in a database on each Host computer. </li></ul></ul><ul><li>Centralized authentication </li></ul><ul><ul><li>The identity information is available in a database on a shared remote computer. </li></ul></ul>3 Centralized Local Host Authentication Service Guest
  25. 25. Centralized Authentication … <ul><li>NetOp Security Server </li></ul><ul><ul><li>Authenticate the Guest identity against NetOp, Windows (via the Host), Directory Services, Microsoft CA (Smart Card) or RSA SecurID Authentication Services. </li></ul></ul><ul><ul><li>Multiple Servers provide fault-tolerance and load-balancing. </li></ul></ul><ul><ul><li>The Security Manager maintains the database service via an ODBC interface. </li></ul></ul>Guest Host Authentication Service Security Servers Database Service Security Manager 3
  26. 26. Centralized Authentication … <ul><li>Smart Card Authentication </li></ul><ul><ul><li>By using a Smart Card and a Smart Card reader at the Windows Guest, the Windows Host is now able to authenticate the identity of the Guest user via the Security Server that communicates with a Windows 2000/2003 Server with Microsoft CA installed. </li></ul></ul>Guest Host Windows Domain Controller Security Server Database Service Security Manager 3
  27. 27. Call Back <ul><li>Access to the Host computer is controlled by the location of the authenticated Guest user . </li></ul><ul><ul><li>For modem, ISDN or TCP. </li></ul></ul><ul><ul><li>Depends on the authenticated identity. </li></ul></ul><ul><ul><li>Can call back to a fixed address or to a Guest controlled address (roving). </li></ul></ul>4
  28. 28. User controlled access <ul><li>Access to the Host computer is manually controlled by the Host user . </li></ul><ul><ul><li>The Host user allows or denies the access request. </li></ul></ul><ul><ul><li>Option to bypass Confirm Access, if no user is logged on to the computer, computer is locked or Guest user already logged on to the Host computer. </li></ul></ul><ul><ul><li>Customize the message appearing on the Host computer. </li></ul></ul>5
  29. 29. Authorization <ul><li>Authorization is the process of determining which actions are allowed for an authenticated user, defined by Security roles. </li></ul><ul><li>Local authorization </li></ul><ul><ul><li>The security roles information is available in a database on each Host computer. </li></ul></ul><ul><li>Centralized authorization </li></ul><ul><ul><li>The security roles information is available in a database on a shared remote computer. </li></ul></ul>6 Centralized Local Host Database Service Guest
  30. 30. Authorization … <ul><li>Security role </li></ul><ul><ul><li>A security role is a set of allowed actions. </li></ul></ul><ul><ul><li>The user can create customized roles in addition to the built-in roles Full access and View only . </li></ul></ul><ul><ul><li>One or more groups and user accounts can be assigned to each Security Role. </li></ul></ul><ul><ul><li>Total allowed actions are calculated by adding actions from each Security Role the user has membership of. </li></ul></ul><ul><ul><li>Confirmed access is required if it’s present in at least one Security Role. </li></ul></ul>6
  31. 31. Authorization … <ul><li>Local authorization – NetOp Host </li></ul><ul><ul><li>Authorize the Guest’s allowed actions against the local NetOp database containing Security Roles. </li></ul></ul><ul><ul><li>Local and centralized Authentication Services are used to check group membership to determine whether a user belongs to a Security Role or not. These includes NetOp, Windows or Directory Services Authentication Services. </li></ul></ul>6 Host Authentication Service Guest Security Roles
  32. 32. Authorization … <ul><li>Centralized authorization – NetOp Security Server </li></ul><ul><ul><li>Authorize the Guest’s allowed actions against a centralized Database Service containing Security Roles. </li></ul></ul><ul><ul><li>Authentication Services are often used to check group membership to determine whether a user belongs to a Security Role or not. This covers NetOp, Windows, Directory Services, Microsoft CA (Smart Card) or RSA SecurID Authentication Services. </li></ul></ul>6 Guest Host Authentication Service Security Manager Security Roles Security Servers Database Service
  33. 33. Protect the traffic <ul><li>Encryption </li></ul><ul><ul><li>Data transmitted between Windows, Linux,Solaris and Mac OS X modules can be encrypted using the Advanced Encryption Standard (AES) with key lengths up to 256-bits. 7 different levels are available including NetOp 6.x/5.x compatible for communication with older NetOp modules. </li></ul></ul><ul><li>Integrity and message authentication </li></ul><ul><ul><li>The integrity and authenticity of encrypted data is verified using the Keyed-Hash Message Authentication Code (HMAC) based on the Secure Hash Standards SHA-1 (160-bit) or SHA-256 (256-bit). </li></ul></ul><ul><li>Key exchange </li></ul><ul><ul><li>Encryption keys for encrypted data transmissions are exchanged using the Diffie-Hellman method with key lengths up to 2048 bits and up to 256-bit AES and up to 512-bit SHA HMAC verification. </li></ul></ul>
  34. 34. Security policies and options <ul><li>Action after exceeding max. invalid logon attempts </li></ul><ul><ul><li>Disconnect, Disable Host or Restart Windows. </li></ul></ul><ul><li>Action after disconnect: </li></ul><ul><ul><li>None, Lock computer, Log off Windows or Restart Windows. </li></ul></ul><ul><li>File Transfer – Disable file transfer before local logon. </li></ul><ul><ul><li>Protect Host computer files. </li></ul></ul><ul><ul><li>Ensure that Host user file rights are enabled. </li></ul></ul><ul><li>Record sessions </li></ul><ul><ul><li>Save session-recordings for documentation. </li></ul></ul><ul><ul><li>Enforce recording and disconnect if it fails. </li></ul></ul><ul><li>Timeouts </li></ul><ul><ul><li>Confirm Access, Authentication and Inactivity. </li></ul></ul>
  35. 35. Security policies and options … <ul><li>Stealth mode </li></ul><ul><ul><li>Host is not displayed on the screen. </li></ul></ul><ul><li>Host name not public </li></ul><ul><ul><li>Host does not respond to broadcast communication and hides its names and addresses. </li></ul></ul><ul><li>User name disabled </li></ul><ul><ul><li>Host does not respond to connection attempts using the logged-on user name. </li></ul></ul><ul><li>Connection notification </li></ul><ul><ul><li>Message and/or sound upon and/or during connection. </li></ul></ul><ul><ul><li>Connection list. </li></ul></ul><ul><ul><li>Balloon tips. </li></ul></ul><ul><ul><li>Animated icon. </li></ul></ul>
  36. 36. Prevent unauthorized change of the Host configuration <ul><li>Host maintenance password </li></ul><ul><ul><li>Protects Guest access security. </li></ul></ul><ul><ul><li>Protects all other configuration. </li></ul></ul><ul><ul><li>Prevents the Host user from unloading the Host and stopping Host communication. </li></ul></ul><ul><ul><li>Protects Host configuration files and disables the Tools menu commands, when the: </li></ul></ul><ul><ul><ul><li>Host is connected. </li></ul></ul></ul><ul><ul><ul><li>Host is communicating. </li></ul></ul></ul>
  37. 37. Extensive event logging <ul><li>Multiple logging destinations: </li></ul><ul><ul><li>Local file – log NetOp events on the local computer. </li></ul></ul><ul><ul><li>NetOp Server – log NetOp events in the database of a central NetOp Security Server group. </li></ul></ul><ul><ul><li>Windows event log – log NetOp events to the local or a remote Windows Event Log. </li></ul></ul><ul><ul><li>Management console – log NetOp events by sending SNMP traps to a SNMP enabled central management console like HP OpenView. </li></ul></ul><ul><li>Large set of events </li></ul><ul><ul><li>More than 100 NetOp events can be logged. </li></ul></ul>
  38. 38. Key Benefits <ul><li>High Performance </li></ul><ul><li>Security </li></ul><ul><li>Stability </li></ul><ul><li>Superior Cross-platform Support </li></ul><ul><li>Multi-protocol Communication </li></ul><ul><li>Scalability </li></ul>
  39. 39. Stability <ul><li>NetOp offers an incredible powerful feature set that interferes very little with the operating system: </li></ul><ul><ul><li>Display device drivers are NOT replaced by a cover driver to capture the Host screen activity. </li></ul></ul><ul><ul><li>On-the-fly configuration check of core settings. </li></ul></ul><ul><ul><li>Recovery mechanism to provide high availability of the Host module. </li></ul></ul><ul><ul><li>Low CPU utilization. </li></ul></ul><ul><ul><li>Unique communication recovery. </li></ul></ul>
  40. 40. Key Benefits <ul><li>High Performance </li></ul><ul><li>Security </li></ul><ul><li>Stability </li></ul><ul><li>Superior Cross-platform Support </li></ul><ul><li>Multi-protocol Communication </li></ul><ul><li>Scalability </li></ul>
  41. 41. Superior Cross-Platform Support <ul><li>By using a unique forwards and backwards compatible design NetOp can offer remote control across different operating systems: </li></ul><ul><ul><li>Windows Server 2003, XP, 2000, NT 4.0, ME, 9x </li></ul></ul><ul><ul><li>Windows CE, Windows Mobile </li></ul></ul><ul><ul><li>Solaris/Linux </li></ul></ul><ul><ul><li>Mac OS X </li></ul></ul><ul><ul><li>OS/2, eComStation </li></ul></ul><ul><ul><li>DOS / Windows 3.1x * </li></ul></ul><ul><ul><li>ActiveX </li></ul></ul><ul><ul><li>Terminal Services / Citrix </li></ul></ul><ul><ul><li>Symbian OS * </li></ul></ul>* Available in other versions
  42. 42. Superior Cross-Platform Support example… <ul><li>OS/2 - eComStation Host </li></ul><ul><ul><li>Remote control. </li></ul></ul><ul><ul><li>Enhanced bitmap mode. </li></ul></ul><ul><ul><li>UDP, TCP, IPX, Serial, CAPI, APPC. </li></ul></ul><ul><ul><li>Default password security. </li></ul></ul><ul><ul><li>Individual Guest ID and password security. </li></ul></ul><ul><ul><li>Security Server authentication. </li></ul></ul><ul><ul><li>Confirm access. </li></ul></ul><ul><ul><li>File transfer. </li></ul></ul><ul><ul><li>Text chat. </li></ul></ul>
  43. 43. Key Benefits <ul><li>High Performance </li></ul><ul><li>Security </li></ul><ul><li>Stability </li></ul><ul><li>Superior Cross-platform Support </li></ul><ul><li>Multi-protocol Communication </li></ul><ul><li>Scalability </li></ul>
  44. 44. Multi-protocol communication … <ul><li>Protocol support </li></ul><ul><ul><li>TCP (IPv4 and IPv6) and UDP including Dial-up networking, IPX, NetBIOS, Gateway (outbound), Serial modem, ISDN CAPI (1.1, 2.0), APPC is available in OS/2. </li></ul></ul><ul><li>Communication profile </li></ul><ul><ul><li>A protocol and its configuration. </li></ul></ul><ul><ul><li>Multiple communication profiles can be enabled at the same time. </li></ul></ul><ul><li>Options </li></ul><ul><ul><li>Protocol-specific options including port numbers. </li></ul></ul>
  45. 45. Multi-protocol communication … <ul><li>NetOp Gateway </li></ul><ul><ul><li>Extended Host module. </li></ul></ul><ul><ul><li>Dial-in (Modem to LAN). </li></ul></ul><ul><ul><li>Dial-out (LAN to modem pool). </li></ul></ul><ul><ul><li>Internal routing (LAN to LAN). </li></ul></ul><ul><ul><li>Terminal Server (LAN ↔ TS) </li></ul></ul><ul><ul><li>WAN enabled (supports NAT, one-to-many routing). </li></ul></ul><ul><ul><li>Multiple device support (e.g. multiple modems). </li></ul></ul>Guest Gateway Host Firewall Internet
  46. 46. Multi-protocol communication … <ul><li>NetOp Name Server </li></ul><ul><ul><li>Extended Host module. </li></ul></ul><ul><ul><li>Stores NetOp names and IP addresses of NetOp modules using NetOp Name Server in separate name spaces. </li></ul></ul><ul><ul><li>Frequent update. Names not updated are deleted. </li></ul></ul><ul><ul><li>Called NetOp names are resolved into IP addresses that are used for connecting. </li></ul></ul><ul><ul><li>Two public NetOp Name Servers are available on the Internet. </li></ul></ul>Guest Name Server Host Internet Register name and IP address Connect by IP address 1 3 Resolve name to IP address 2
  47. 47. Scalability <ul><li>NetOp is designed with scalability in mind to fit any organization. </li></ul><ul><ul><li>The Guest can handle from one Host and upwards. </li></ul></ul><ul><ul><li>Number of phonebook entries is only limited by disk space. </li></ul></ul><ul><ul><li>Number of concurrent connections is only limited by memory and CPU power. </li></ul></ul><ul><ul><li>NetOp generates only a modest amount of network traffic during a session and uses a non-polling communication engine which only transmits if something changes or a command is issued. </li></ul></ul><ul><ul><li>Multiple protocol-support spans from simple point-to-point connections and up to enterprise WAN. </li></ul></ul><ul><ul><li>And finally NetOp can integrate into most management systems. </li></ul></ul>
  48. 48. Technical Support <ul><li>NetOp Tech offers 2nd level support in German language </li></ul><ul><li>Support exclusively to partners </li></ul><ul><li>Knowledgebase </li></ul>
  49. 49. Thank you for your attention. <ul><li>Any Questions? </li></ul>NetOp Tech GmbH, Dornhofstrasse 18, D-63263 Neu-Isenburg Tel: +49-6102-83399-0  Andreas Kietzmann Managing Director NetOp Tech GmbH