G/On creates one access route to the internal applications and uses internal DNS servers. The SecureGateway isolates the remote computer from the internal network. Users can still use their personal applications.
G/On provides two-factor mutual device and user authentication If required, it can connect a user identity to a device.
No complex start-up and login procedures. Insert the G/On USB Token, launch the G/On Client, log in with AD credentials and select the apps needed. Single-sign-on is include and the most used apps can automatically be started after authentication.
G/On is available for Windows, MacOS and Linux (selected distributions).
| SECUREGATEWAY | |
|---|---|
| Platform | Windows |
| Operating systems version | Windows Server 2008, 2008 R2, 2012, 2012 R2* and 2016 |
| Number of users | Up to ~ 2,000 per gateway |
| Supported authentication server | Active Directory, LDAP and local accounts |
| Log output destination | Local file |
| *requires G/On Server 5.7 or later |
| DATABASE (OPTIONAL) | |
|---|---|
| Platform | Windows |
| Operating systems version | Microsoft SQL server 2008, 2012, 2014, 2016 and 2017 (2012 and later requires G/On server 5.7 or later) |
| G/ON CLIENT | |
|---|---|
| Platform | Windows, Mac OS and Linux |
| Operating systems version | Windows 7, 8, 8.1 and 10 Apple Mac OS X 10.6 (Snow Leopard) through OS X 10.13 (High Sierra) Linux Fedora 21 through 27 with GTK+ GUI (64 bit) |
| G/ON TOKEN | |
|---|---|
| Platform | Windows, Mac OS and Linux |
| Token types | USB and Windows G/On USB Token including built-in Smartcard for two-factor mutual authentication SoftToken on any USB, 2 GB or larger Computer User Token installed on Windows platform |
G/On OS is a secure container added to G/On to have a full lock-down in the client side. Other features include:
- G/On OS is a hardened, minimal Fedora Linux image, which is booted directly into memory from the G/On USB Token. It does not include drivers to access hard disks, so there is no way to leave data behind, or transmit data from the computer used.
- G/On OS comes full features with application clients for Citrix, RDP, VNC, Browsers and much more.
- G/On OS is locked down to only allow access to the SecureGateway it was originally enrolled on.
SECURE GATEWAY
Prevents the corporate application servers from having to be Internet-facing.
- Data in transit between the gateway and the remote client is always encrypted using FIPS 140.2 certified AES 256-bit encryption.
- Provides proxy services and DNS name resolving on the internal network to offer full functionality to the applications on the client.
- Offers automatic load-balancing and fail-over functionality and works with third-party load-balancing products.
- Additional gateways are easily created in seconds using a Gateway installer.
G/ON CLIENT
Connects applications on the client to resources inside the corporate network, without a VPN. After mutual two-factor authentication, the gateway server sends a menu-object to the client that contains the start-up configuration for each application the user can use at that device, location and/or time.
Other features include:
- Unavailable applications are not visible and access rights are enforced in the gateway, preventing the user from starting not allowed applications or elevating access rights.
- The G/On-client also provides the automatic launch of applications and single-sign-on (SSO).
- The client can encapsulate all traffic in HTTP and traverse proxies, without sacrificing on security.
- G/On clients are easily created using a G/On Client Installer, either by the admin or an end user and are available for Windows, MacOS and selected Linux-distributions.
G/ON USB TOKEN
A small USB form factor token with a mobile smartcard integrated in the MicroSD-card. End users receive a fully functional G/On client which is either pre-enrolled, or the end user goes through a simple enrolment process to activate the G/On client. During enrolment, the smartcard generates a private/public keypair. The public key is used for smartcard authentication, the private key is protected by the smartcard and can never leave it. The G/On USB-token can therefore be uniquely identified based on the Smartcard private/public keypair during authentication time.
G/ON DESKTOP CLIENT
Runs from a computer instead of a G/On USB-token and uses the computer as a second authentication factor instead of a smartcard. Only available on Windows.
