G/On

Secure access to company resources without VPN

In one integrated solution, G/On features two-factor authentication, data encryption, network protection, and application access and authorization. Compared to a "best of breed" approach where multiple, different products are pieced together, G/On makes it much simpler to implement, manage and control access to company data and applications.

Download Datasheet

NO NEED FOR VPN

G/On creates one access route to the internal applications and uses internal DNS servers. The SecureGateway isolates the remote computer from the internal network. Users can still use their personal applications.

2 FACTOR AUTHENTICATION

G/On provides two-factor mutual device and user authentication If required, it can connect a user identity to a device.

SINGLE SIGN ON

No complex start-up and login procedures. Insert the G/On USB Token, launch the G/On Client, log in with AD credentials and select the apps needed. Single-sign-on is include and the most used apps can automatically be started after authentication.

Try Now

Get your FREE TRIAL license and experience how G/On can benefit you

Download

ACCESS BASED ON PERMISSION RULES OR AD GROUP MEMBERSHIP
Users get application access based on permission rules or Active Directory group membership. Users do not need to remember any URLs or other information to access applications.

G/On includes application clients for RDP, Citrix, VNC, Browsers, File Access and much more.

USAGE LOG
The SecureGateway logs all access attempts including details about which user, when and what resources are accessed by that user.

CENTRAL MANAGEMENT CONSOLE
G/On provides IT full control on settings, users and usage. IT administrators can control the access to other applications, prevent copy/paste/download of files or allow the download of files in a dedicated secure environment.

NO NEED FOR MANAGED DEVICES
G/On separates corporate applications from local applications on the end-user computer. The connection is secured, and the end-user computer is never given any access to the internal network, as all connections are proxied through the SecureGateway.

BUILT-IN PROXIES for CITRIX AND RDP
G/On communicates directly with the broker services on both Citrix and RDP, so there is no need for any of the front-end components, such as NetScaler and RD Gateway. The G/On-client can also include the Citrix- and RDP-clients, in which case there is no need to install these on the remote computer.

White Paper

Download the white paper on the Security Model of G/On

Download

G/On is available for Windows, MacOS and Linux (selected distributions).

SPECIFICATIONS G/ON

Specifications

SECUREGATEWAY
Platform	Windows
Operating systems version	Windows Server 2008, 2008 R2, 2012, 2012 R2* and 2016
Number of users	Up to ~ 2,000 per gateway
Supported authentication server	Active Directory, LDAP and local accounts
Log output destination	Local file
*requires G/On Server 5.7 or later

DATABASE (OPTIONAL)
Platform	Windows
Operating systems version	Microsoft SQL server 2008, 2012, 2014, 2016 and 2017 (2012 and later requires G/On server 5.7 or later)

G/ON CLIENT
Platform	Windows, Mac OS and Linux
Operating systems version	Windows 7, 8, 8.1 and 10 Apple Mac OS X 10.6 (Snow Leopard) through OS X 10.13 (High Sierra) Linux Fedora 21 through 27 with GTK+ GUI (64 bit)

G/ON TOKEN
Platform	Windows, Mac OS and Linux
Token types	USB and Windows G/On USB Token including built-in Smartcard for two-factor mutual authentication SoftToken on any USB, 2 GB or larger Computer User Token installed on Windows platform

Options

G/On OS is a secure container added to G/On to have a full lock-down in the client side. Other features include:

G/On OS is a hardened, minimal Fedora Linux image, which is booted directly into memory from the G/On USB Token. It does not include drivers to access hard disks, so there is no way to leave data behind, or transmit data from the computer used.
G/On OS comes full features with application clients for Citrix, RDP, VNC, Browsers and much more.
G/On OS is locked down to only allow access to the SecureGateway it was originally enrolled on.

G/On Components

SECURE GATEWAY
Prevents the corporate application servers from having to be Internet-facing.

Data in transit between the gateway and the remote client is always encrypted using FIPS 140.2 certified AES 256-bit encryption.
Provides proxy services and DNS name resolving on the internal network to offer full functionality to the applications on the client.
Offers automatic load-balancing and fail-over functionality and works with third-party load-balancing products.
Additional gateways are easily created in seconds using a Gateway installer.

G/ON CLIENT
Connects applications on the client to resources inside the corporate network, without a VPN. After mutual two-factor authentication, the gateway server sends a menu-object to the client that contains the start-up configuration for each application the user can use at that device, location and/or time.

Other features include:

Unavailable applications are not visible and access rights are enforced in the gateway, preventing the user from starting not allowed applications or elevating access rights.
The G/On-client also provides the automatic launch of applications and single-sign-on (SSO).
The client can encapsulate all traffic in HTTP and traverse proxies, without sacrificing on security.
G/On clients are easily created using a G/On Client Installer, either by the admin or an end user and are available for Windows, MacOS and selected Linux-distributions.

G/ON USB TOKEN
A small USB form factor token with a mobile smartcard integrated in the MicroSD-card. End users receive a fully functional G/On client which is either pre-enrolled, or the end user goes through a simple enrolment process to activate the G/On client. During enrolment, the smartcard generates a private/public keypair. The public key is used for smartcard authentication, the private key is protected by the smartcard and can never leave it. The G/On USB-token can therefore be uniquely identified based on the Smartcard private/public keypair during authentication time.

G/ON DESKTOP CLIENT
Runs from a computer instead of a G/On USB-token and uses the computer as a second authentication factor instead of a smartcard. Only available on Windows.

Infrastructure

SOLITON’S VISION OF REMOTE ACCESS

All Soliton’s remote access solutions are designed based on the same principles

Mutual authentication between client and gateway creating a secure connection
Gateway protects the servers and the network from cyber-attacks and from unauthorized access
Gateway separates the client from the network, the remote device is never part of the network
Gateway exchanges information with the network and enables secure access to the network resources
Remote access client can be installed by end-user, no special rights required for PCs or Macs
User access is based on permission rules or Active Directory group membership