Host Access Solutions: Terminal Emulation Software and Host Integration
Host Access Solutions: Terminal Emulation and Host Integration
  
 
customers buy now Host Access News
about us
 Host Access Solutions Home
   
 

Secure Remote Host Access with ISA Server and PASSPORT Host Access Suite

Microsoft ISA Server Fills Security Void for Remote Host Users

PASSPORT WEB TO HOST® can be used in conjunction with the Microsoft® Internet Security and Acceleration (ISA) Server 2004 to provide remote host access to users without the security risks associated with opening TCP port 23 on corporate firewalls. Now, organizations can use TCP port 80 for both HTTP and Telnet traffic, and administrators can use ISA Server to restrict access to terminal emulation sessions from the PASSPORT WEB TO HOST® Server.

How Web-based PASSPORT Host Access Works

PASSPORT WEB TO HOST® is a browser-based host access suite that includes both a thin client and a server component, which offers centralized configuration and administration of host access session profiles. The host session profiles contain host connection information, keyboard mapping information and other attribute configuration information. All software and configuration files reside on the web server.

When a terminal emulation session is started, an ActiveX applet is downloaded from the Web Server to the client desktop and runs inside the IE browser, making a direct connection to the host system. The download occurs only the initial time and is not repeated again until a new version is updated on the server. Further, the server is only used for the deployment and maintenance of PASSPORT and plays no role in direct communications with the host.

Microsoft® ISA Server 2004

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced application-layer firewall, VPN, and Web cache solution that enables customers to easily maximize existing IT investments by improving network security and performance. A member of the Microsoft Windows Server System™, ISA Server is a secure, easy-to-use, cost-effective solution that helps IT professionals combat new and emerging security threats. For more information regarding ISA Server, visit http://www.microsoft.com/isaserver/.

TCP Port Redirection

ISA Server may be configured so that both HTTP network traffic and Telnet traffic are passed through on TCP port 80. Once the Telnet traffic reaches the internal network it is redirected to the actual TCP port of the Telnet host (normally port 23). The steps below should be followed to configure ISA Server 2004:

1. The external interface on the ISA Server computer must have at least two IP addresses assigned to it. This is configured under the Advanced TCP/IP Settings for the operating system.

2. A Web Publishing Rule must be configured on the ISA Server, which listens on one of the assigned IP addresses and directs remote users to the PASSPORT WEB TO HOST® Server HTML documents. This maps TCP port 80 on this external interface to TCP port 80 on the internal web server.

3. A Server Publishing Rule must be configured on the ISA Server, which listens on the other IP address and directs Telnet Server traffic to the host. This map TCP port 80 on this external interface to TCP port 23 on the host.

4. Sessions on the PASSPORT WEB TO HOST® Server should be configured to connect to the same IP address used to configure the Server Publishing rule in step 3 above using TCP port 80.

View the Diagram

Configuring a Web Publishing Rule for HTTP

Follow the steps below to configure the Web Publishing Rule on ISA Server 2004:

1. Start the ISA Server 2004 Management Console.

2. Choose Firewall Policy in the left-hand pane of the console.

3. Select the Tasks tab in the right-hand pane of the console.

4. Choose Publish a Web Server under Firewall Policy Tasks to start the New Web Publishing Rule wizard.

5. Enter a name for your web publishing rule and click Next.

6. Make sure Allow is selected for the action and click Next.

7. Enter the computer name or IP address of the PASSPORT WEB TO HOST® server or Browse to select and click Next.

8. If a domain name has been registered you may enter it under Public Name, otherwise enter one of the IP addresses assigned to the external interface of the ISA Server and click Next.

9. Click the New button to start the New Web Listener Wizard.

10. Enter a name for the Web Listener and click Next.

11. Enable the check box next to the External Interface and click the Address… button.

12. Choose the “Specified IP Addresses on the ISA Server computer in the selected network” radio button, select the appropriate address and then click Add.

13. Click OK to save and then click Next to continue.

14. Make sure Enable HTTP is selected and port 80 is entered for the HTTP port.

15. Click Next, click Finish and then click Next.

16. To allow anonymous access leave the All Users user set in the list and click next. To prompt users for credentials remove All Users and replace with a user set that contains the appropriate network users.

17. Click Finish and then click Apply to save the changes.

18. Test the web publishing rule by typing the IP address or domain name with /pec appended to the end into the Internet Explorer address bar on a PC that is located outside the ISA Server. For example, http://myisaserver.zephyrcorp.com/pec. This should display the PASSPORT WEB TO HOST® Client web page.

Configuring a Server Publishing Rule for Telnet

Follow the steps below to configure the Server Publishing Rule on ISA Server 2004:

1. Start the ISA Server 2004 Management Console.

2. Choose Firewall Policy in the left-hand pane of the console.

3. Select the Tasks tab in the right-hand pane of the console.

4. Choose Create New Server Publishing Rule to start the New Server Publishing Rule wizard.

5. Enter a name for your server publishing rule and click Next.

6. Enter the IP address of the host and click Next.

7. Choose Telnet Server from the Selected Protocol drop-down list and click Ports.

8. Under Firewall Ports, choose the “Publish on this port instead of the default port” radio button, enter 80 for the port number, click OK and then click Next.

9. Enable the check box next to the External Interface and click the Address… button.

10. Choose the “Specified IP Addresses on the ISA Server computer in the selected network” radio button, select the IP address that was not used for the Web Publishing Rule above and then click Add.

11. Click OK to save and then click Next to continue.

12. Click Finish and then click Apply to save the changes.

13. Double-click the new server publishing rule to display the properties page.

14. Select the To tab and choose the “Requests appear to come from the ISA Server computer” radio button.

15. Click OK and then click Apply to save the changes.

16. Test the server publishing rule by choosing the Launch button from the PASSPORT WEB TO HOST® Client page. Select 3270 Display, 5250 Display or VT Display depending on what type of session was created. Type the session name and then click Submit. This should start the session and connect to the host.

Note: this can only be tested after completing the next step.

Configuring a Session from the PASSPORT WEB TO HOST® Administrator

Follow the steps below to configure a session using the PASSPORT WEB TO HOST® Administrator application:

1. Start the PASSPORT WEB TO HOST® Administrator application.

2. Choose 3270 Display, 5250 Display or VT Display depending on what type of session to create.

3. Double-click Sessions in the right-hand pane.

4. Right-click the right-hand pane and choose New from the popup menu.

5. Enter a name for the session and click OK.

6. Enter the IP address that was used to configure the server publishing rule above (step 9).

7. Change the TCP Port from 23 to 80.

8. Make any additional configuration changes then click OK to save.

9. This can only be tested from a PC that is outside the ISA Server (see step 15 above).

Variations

In the above scenario, if HTTPS (port 443) is utilized for accessing the PASSPORT WEB TO HOST® Server, then a single IP address may be used if normal HTTP traffic is not required. With this configuration both publishing rules on the ISA Server would listen on the same IP address. Bridging may be used on the Web Publishing rule to provide SSL encryption from the client to the ISA Server or all the way thru to the WEB TO HOST Server. An SSL certificate must be installed on the ISA Server to utilize SSL.

Internal Network Clients Accessing External Resources

  • HTTP – to allow internal clients access to a remote PASSPORT WEB TO HOST® Server an Access Rule must be configured on the ISA Server, which allows the HTTP protocol from the Internal network to the External network.
  • Telnet – if internal clients require access to a remote host using the PASSPORT WEB TO HOST® Client an Access Rule must be configured on the ISA Server to allow Telnet traffic from the Internal Network to the External Network.
  • FTP – if internal clients will be using the PASSPORT FTP Client to transfer files to and from a remote FTP Server, an Access Rule must be configured on the ISA Server to allow FTP traffic from the Internal Network to the External Network. The PASSPORT FTP Client must also be configured to Use PASV Transfer Mode, which is configured on the Profiles tab of the Communication Setup screen.

Remote Clients Accessing Internal Network Resources

  • HTTP – to allow remote clients to access the PASSPORT WEB TO HOST® Server, a Web Publishing Rule must be added to the ISA Server, which allows HTTP and/or HTTPS traffic from the External Network to the server where PASSPORT WEB TO HOST® is installed.
  • Telnet – allowing Telnet traffic to pass thru the ISA Server for access to an internal host by remote clients requires that the appropriate configuration has been applied to the ISA Server. A Server Publishing Rule must be added that allows Telnet Server traffic from the External network to the IP Address of the internal host. The Server Publishing Rule must be configured so that requests appear to come from the ISA Server computer.
  • FTP – a Server Publishing Rule must be added to allow external clients to access an internal FTP server thru the ISA Server. This rule should be configured to allow FTP Server traffic from the external network to the specific IP Address of the FTP server to publish. The Server Publishing Rule must also be configured so that requests appear to come from the ISA Server computer. The listener should also be configured to use the external interface. External PASSPORT FTP Clients should be configured to connect to the external IP address of the ISA Server using port 21. If a non-standard port was used to configure the Server Publishing Rule, use this port when configuring the FTP Client. The PASSPORT FTP Client must also be configured to Use PASV Transfer Mode, which is configured on the Profiles tab of the Communication Setup screen.

HTTP 407 Proxy Authentication Error

If internal clients require access to an external PASSPORT WEB TO HOST® Server thru the ISA Server, an HTTP 407 – Proxy Authentication error may be returned by the PASSPORT client. This occurs if the Access Rule for Internet access is configured for a specific set of users. To overcome this, you must re-configure the Access Rule or create a specific Access Rule for PASSPORT WEB TO HOST® access, which uses the All Users user set. This issue has been addressed in PASSPORT WEB TO HOST® version 2004-930-2. If specific user sets are required on the ISA Server, this version or later must be used to prevent the HTTP 407 error.

More About PASSPORT Host Access

PASSPORT is a powerful host access software suite that includes VT/100, TN3270, 5250, SCO ANSI and FTP clients. The package offers high quality, reliable host access software that is fully compatible with Windows Vista®.

PASSPORT is also extremely cost effective. Zephyr provides a subscription based licensing program that reduces your acquisition cost and maintenance cost significantly. This makes upgrading from older host access software a very attractive proposition.

As one of the market's very first IP-based connectivity solutions, the mature, feature-rich package is an ideal replacement for older desktop-based emulators. With its competitive pricing and licensing options, you can save 50% to 75% on the amount of money you would normally spend for host access software.

PASSPORT Host Access Highlights

  • Provides access to IBM mainframe, AS/400 and UNIX host applications
  • TN3270, TN3270E, TN5250, TN5250E, VT420, VT100, SCO ANSI and Wyse 60 terminal emulation
  • Standalone FTP client and integrated FTP file transfer within terminal emulation session
  • PASSPORT PC TO HOST® is Certified for Windows Vista®
  • Supports Windows XP and 2000
  • Advanced SSL security available for each host session
  • Advanced SSH security available for each UNIX host session
  • Secure FTP file transfer using SSL and SSH security
  • IND$FILE file transfer to IBM mainframe
  • Supports Citrix Password Manager
  • HLLAPI available to reuse existing screen scraping applications
  • Attachmate-compatible EXTRA! Objects API to reuse existing EXTRA! screen scraping applications
  • VBScript to record, edit and run productivity enhancing macros
  • Host printing supported through the TN3270E or TN5250E client
  • Pass-through printing available for VT or SCO ANSI client
  • Ability to open multiple host sessions, uniquely configure each session
  • Customizable keyboard layout, mouse buttons, keypads, toolbars, hotspots, colors, fonts, cursor and more

PASSPORT Host Access Quicktrial or Download Options

There are two ways to evaluate PASSPORT host access: either download a copy of the software or do a QuickTrial of the PASSPORT WEB TO HOST® application. With QuickTrial, there is no server installation, you simply download the client from our web server. This is a fast and easy way to look at the PASSPORT WEB TO HOST® software. For those that want to install the PASSPORT WEB TO HOST® software on their own web server, you can download the full working copy of the software and complete a full evaluation.

Zephyr has a long history of developing innovative host access solutions. Founded in 1985, Zephyr is a Microsoft Certified Solution Partner, Citrix Premier Alliance Partner, a member of IBM PartnerWorld for Developers, Microsoft Developer Network (MSDN), Cisco Enterprise Associates Program (EAP), and the Internet Engineering Task Force (IETF) TN3270E/TN5250E Working Group.

Complete Access to Everything You Need

Everything you need to fully evaluate PASSPORT as a potential replacement for your existing terminal emulator, or to use or support PASSPORT on an ongoing basis, can be found in this web site, including Technical Requirements, QuickTrial, Pricing, Free Trial Download, Documentation, Knowledge Base, FAQ, Support, and the ability to Order Online.

 
 
host integration datastream

Home | PC-to-Host Emulation | Web-to-Host Terminal Emulator | Host Integration Solutions | Sitemap | Related Host Access Articles
Zephyr specializes in advanced host access, terminal emulation and host integration solutions for Microsoft Windows desktops and servers.
Comments or Suggestions: webmaster@zephyrcorp.com | Legal Information | Privacy Information