Secure Remote Access
Functional description
The HOOC-Gateway (HOOC Connect) in a site (remote network infrastructure) automatically establishes an encrypted VPN connection to the HOOC Cloud. In the HOOC Cloud, a separate, virtual and completely isolated network is created for each site. The HOOC-App in turn establishes an encrypted connection to the HOOC Cloud and the corresponding virtual network in the same way. Once the connections have been established, both connections are linked and a “virtual network cable” (Ethernet, Layer 2) is created between the site and the HOOC-App. All IP protocols are supported when using the HOOC Solution.
HOOC-Gateway
Link
The HOOC-Gateway can be linked after the creation of the site under HOOC-Gateway by entering the 20-digit serial number.
Logs
The connection logs of the HOOC-Gateway can be found under HOOC Connect -> Logs.
Secure Remote Access
Clients
Once the HOOC-Gateway has been linked to the site and connected to the remote network, a connection to this network can be established using the HOOC-App (Windows, iOS, Android). Under Services -> Remote Access -> Client you can find instructions and downloads of the HOOC-App.
Virtual DHCP-Server
The virtual DHCP server function integrated in Secure Remote Access makes it possible to distribute IP addresses to the HOOC App even if there is no DHCP server available in the remote network. This eliminates the tedious configuration of static IP addresses.
The functionality of the virtual DHCP server can be configured under Services -> Remote Access -> Virtual DHCP Server. Click on the icon to enable and configure it.
After configuration, the settings can be Applied by clicking on Save settings.
General settings
| Property | Description |
|---|---|
| DHCP Filter Site | With a filter applied, the virtual DHCP server does not distribute network configurations to devices on the remote site (recommended). Without the filter the virtual DHCP server distributes network configurations to all devices on the remote site (HOOC-Gateway excluded) as well as to the HOOC client. Please be aware that when disabling the filter this might cause e DHCP conflicts wehen two DHCP servers are running. |
Network Interface Virtual Host
| Property | Description |
|---|---|
| MAC address: | MAC address of virtual DHCP server |
| IP address: | IP address of virtual DHCP server |
| Subnet Mask: | Mask |
DHCP Server settings
| Property | Description |
|---|---|
| Start IP address | Start IP address of IP address pool |
| End IP address | End IP address of IP address pool |
| Lease Limit | This time (s) the client keeps the assigned IP address |
| Default Gateway | Default Gateway (optional) |
| DNS Server | DNS server (optional) |
| Domain Name | Domain name (optional) |
Security Network filters
The Network filter function integrated in Secure Remote Access allows access to IP address, port or protocol levels to be precisely enabled. By using these features, increased security requirements can be covered. For example, it is possible to grant access only to individual remote devices and thus protect other devices from direct access from outside.
Under Services -> Remote Access -> Security the functionality of the network filters can be enabled by clicking on the icon .
After switching on the network filters, all network traffic to and from the remote site is blocked.
Management Network Filter Rules
Click the icon to add a new network filter rule. The following settings can be applied:
| Property | Description |
|---|---|
| Status | Activate or deactivate filter rules |
| Name | Internal Description |
| Filter type | Bidirectional, unidirectional from source address, unidirectional to destination address, IP to IP |
| IP address | Address of the remote terminal device (client side) |
| IP range | If this option is selected, entire ranges of addresses can be released |
| Protocol type | All protocols, TCP/IP, UDP/IP, ICMP/PING |
| Port | Single port or dedicated areas |
Management special network filter rulesets
If there is a DHCP server in the remote site and this is to assign an IP address to the HOOC-App, dedicated network filters must be activated. To do this, simply enter the IP address of the DHCP server in the field and use Save settings.
Redirections
The function Redirections integrated in the Secure Remote Access service simplifies the use of the HOOC-App for customers. Redirects are available unsig the HOOC-App once a connection is setup. After a VPN connection to a remote site has been succesfully established, end users can open a web visualization or an additional App by clicking on the corresponding link. This process can also automatically take place if required.
Configuration
Under Services -> Remote Access -> Redirections you can add a new redirections by clicking on the icon. Click on to edit an existing redirection.
| Property | Description |
|---|---|
| Target | Operating system on which the HOOC-App is used |
| Type | cmd (execute command line command), App (open Application), url (open a web page) |
| Name | Name as it appears in the HOOC-App |
| Link / Command / AppID | Command line command for type “cmd”, AppId for type App, Weblink for type “url |
| Arguments (comma separated) | Arguments for type “cmd”, Arguments for type “App” |
Not all types can be used with every device. The list below gives an overview:
| Target | Type url |
Type App |
Type cmd |
|---|---|---|---|
| android | |||
| iOS | |||
| windows |
Usage of type url
This type is typically used to define a link to a Web page in the remote network. When using the windows/ios/android option in the Device field, Web page forwarding is available for all devices.
Usage of type App
This type is used to start another App.
For opening applications on mobile devices there are restrictions, especially with iOS, because the functionality (URL Schema or x-callback-url) has to be implemented with the corresponding iOS Apps. For iOS it is recommended to contact the manufacturer of the App.
The following procedure is recommended to open an app on Android devices:
- Open https://www.Appbrain.com/Apps/popular
- Search for the App that you want to use in the redirects (e.g. vlc)
- Select App from overview list (e.g. VLC for Android)
- Copy App ID from navigation bar org.videolan.vlc
The command or the App-ID for the android App “VLC for Andorid” is org.videolan.vlc It is also possible to find the desired App ID from the internal memory of the device.
Usage of type cmd
This type is used to execute a command line tool on the Windows operating system. Thus, for example, a local program can be opened. Start arguments can be passed.
Usage in the HOOC-App
The defined redirections are available in the HOOC-App under Secure Remote Access depending on the operating system (target). A click on the link executes the defined redirection action. Under Settings -> Redirection management further settings concerning redirections can be made:
- Automatic triggering of redirection action after successful connection to Secure Remote Access
- If the
cmd` type is used, the Secure Remote Access connection can be automatically disconnected after closing the open Application.
Logs
The connection logs of the Secure Remote Access users are listed under Services -> Remote Access -> Logs.
