HOB MacGate Administration Guide

Transcription

HOB MacGate Administration Guide
Administration Guide
HOB MacGate
Software version: 1.5
Issue: December 2014
HOB MacGate Software and Documentation - Legal Notice
Contact: HOB GmbH & Co. KG
Schwadermuehlstr. 3
90556 Cadolzburg
Germany
Represented by: Klaus Brandstätter, Zoran Adamovic
Phone: + 49 9103 715 0
Fax: + 49 9103 715 271
E-mail: [email protected]
Register of Companies: Entered in the Registry of Companies, Registry Court: Amtsgericht Fürth, Registration Number:
HRA 5180
Tax ID: Sales Tax Identification Number according to Section 27a Sales Tax Act: DE 132 747 002
Responsible for content according to Section 55 Paragraph 2 Interstate Broadcasting Agreement: Klaus Brandstätter,
Zoran Adamovic, Schwadermuehlstr. 3, 90556 Cadolzburg, Germany.
Disclaimer
All rights are reserved. Reproduction of editorial or pictorial contents without express permission is prohibited. HOB MacGate
software and documentation have been tested and reviewed. Nevertheless, HOB will not be liable for any loss or damage
whatsoever arising from the use of any information or particulars in, or any error in, or omission from this document. All
information in this document is subject to change without notice, and does not represent a commitment on the part of HOB.
Liability for content
The contents of this publication were created with great care and diligence. While we keep it as up-to-date as practicable, we
cannot take any responsibility for the accuracy and completeness of the contents of this publication. As a service provider we
are responsible for our own content in this publication under the general laws according to Section 7 paragraph 1 of the TMG.
According to Chapters 8 to 10 of the TMG we are not obliged as a service provider to monitor transmitted or stored information
not created by us, or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of
information under the general laws remain unaffected. Liability is only possible however from the date of a specific
infringement being made known to us. Upon notification of such violations, the content will be removed immediately.
Liability for links
This publication may contain links to external websites over which we have no control. Therefore we cannot accept any
responsibility for their content. The respective provider or operator of the website pages to which there are links is always
responsible for the content of the linked pages. The linked sites were checked at the time of linking for possible violations of
the law. At the time the link was created in this publication, no illegal or harmful contents had been identified. A continuous
and on-going examination of the linked pages is unreasonable without concrete evidence of a violation. Upon notification of
any violations, such links will be removed immediately.
Copyright
The contents and works on these pages created by the author are subject to German copyright law. Reproducing, copying,
modifying, adapting, distributing or any kind of exploiting of this material outside the realms of copyright require the prior
written consent of the respective author or creator. The downloading of, and making copies of, these materials is only
permitted for the intended use. Where contents of this publication have not been created by the author, the copyright of the
third parties responsible for these contents shall be upheld. In particular any contents created by a third party are marked as
such. If you become aware of any copyright infringement within this publication, we kindly ask to be provided with this
information. Upon notification of any such violation, the concerned content will be removed immediately.
Trademarks
Microsoft Windows is a trademark of Microsoft Corporation.
Linux® is the registered trademark of Linux Torvalds in the U.S. and other countries.
Mac OS and Apple are trademarks of Apple Inc., registered in the U.S. and other countries.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
All other product names, company names and service names may be trademarks, registered trademarks or service marks of
their respective corporations or owners, even if they are not specifically marked as such.
Issued: December 15, 2014
2
Security Solutions by HOB
Purpose of this Guide
This guide is designed to provide system administrators with detailed information
concerning HOB MacGate and to help them decide where and when this product can be
most effectively deployed in their enterprise network.
This documentation contains descriptions of numerous possible scenarios and explains
required conditions. The procedures for configuring the individual software components are
documented in detail with step-by-step instructions.
Symbols and Conventions
This guide uses certain conventions and abbreviations which are explained here:
This symbol indicates useful tips that can make your work easier.
This symbol indicates additional informative text.
This symbol indicates an important tip or procedure that may have far-reaching
effects. Please consider carefully the consequences of any changes and settings
you make here.




References to program commands, options and buttons are printed in Bold, for example:
select the command Open.
Cross-references to section headings and figures with numbers are marked in color as
follows: Section 5 Information and Support.
File names and text to be entered by the user are printed in Courier New. This input is
– unless otherwise mentioned - case sensitive.
In this documentation, HOB-specific terminology is abbreviated as follows:
HOB-specific Terminology
Abbreviation
HOB WebSecureProxy
HOB WSP
HOBLink Java Windows Terminal
HOBLink JWT
HOB Remote Desktop Virtual Private Network
HOB RD VPN
Security Solutions by HOB
3
4
Security Solutions by HOB
Contents
1
2
3
4
Introducing HOB MacGate
1.1
Features of HOB MacGate ............................................................................. 7
1.2
HOB MacGate running as a Daemon............................................................. 8
Installation
9
2.1
System Requirements .................................................................................... 9
2.2
Installing HOB MacGate ................................................................................. 9
Configuring HOB MacGate
11
3.1
Status Window.............................................................................................. 11
3.2
Connection Tab ............................................................................................ 12
3.3
Printing Tab .................................................................................................. 14
3.4
Access Tab................................................................................................... 16
3.5
Others Tab.................................................................................................... 17
Configuring HOBLink JWT
4.1
5
7
21
Configuring the Connection with HOBLink JWT........................................... 21
Combining HOB MacGate with HOB RD VPN
23
5.1
Configuring HOB MacGate to Work with HOB RD VPN............................... 23
5.2
Configuring a HOBLink JWT Session........................................................... 23
5.3
Configuring HOB WebSecureProxy ............................................................. 25
5.4
Configuring HOB RD VPN Desktop-on-Demand.......................................... 27
6
Configuring Microsoft Remote Desktop Connection
31
7
Printing with HOB MacGate
33
8
9
7.1
Enabling Printing in the Client Session......................................................... 33
7.2
Enabling Printing in HOB MacGate .............................................................. 34
7.3
Choosing the Correct Printer Driver ............................................................. 34
Troubleshooting
37
8.1
The RDP Session Cannot Connect .............................................................. 37
8.2
The RDP Session Reports an Error ............................................................. 37
8.3
Consulting the Logfile for Errors ................................................................... 39
Starting and Stopping HOB MacGate
9.1
41
Starting and Stopping HOB MacGate Using System Preferences ............... 41
10 Uninstalling HOB MacGate
43
11 Supplementary Information
45
Security Solutions by HOB
5
11.1
Limitations ..................................................................................................... 45
11.2
Known Issues................................................................................................ 45
12 Information and Support
6
47
Security Solutions by HOB
HOB MacGate
1
Introducing HOB MacGate
Introducing HOB MacGate
HOB MacGate is the perfect software for remote access to your Mac – anywhere
and anytime. It provides you with access to all centrally stored data and applications
on your Mac. Since the complete GUI is transferred, you can work as comfortably
and productively as if you were sitting directly in front of your Mac. HOB MacGate
can be used from your favorite end device: a Mac, a Windows PC or a Linux PC.
As connectivity software on the end device, you can use either the proprietary RDP
client HOBLink JWT or the Microsoft Remote Desktop Client (RDC). However, to
obtain best performance, HOB strongly recommends using HOBLink JWT or
HOBLink iWT.
With HOB MacGate your comfort and work efficiency are improved. An Internet or
LAN connection is sufficient. There is no need to carry around multiple devices
when all of your data and applications can be accessed through a single device.
This gives you the freedom to create flexible and mobile workplaces with enhanced
productivity potential.
HOB MacGate is very easy to use. You simply install and configure HOB MacGate
on the Mac that you would like to access. It will then continue to run as a background
process. The major advantage: there is no need for installation, administration
rights or additional drivers on the end device. This makes using it so convenient.
Furthermore, HOB MacGate can be used as an extension to HOB RD VPN
(HOB Remote Desktop Virtual Private Network). HOB RD VPN is the HOB software
solution providing secure SSL/TLS encrypted remote access to centrally stored
data and applications. When used together, data transmission between the Mac
and the remote end device is SSL-encrypted - for even higher security.
Figure 1: Access a Mac Remotely from Any Client Platform
1.1
Features of HOB MacGate
HOB MacGate includes the following features:



Single user remote access to Mac desktops
Print locally to printers connected to the client using applications installed on
your Mac host
Extendable printer database using PPD files
Security Solutions by HOB
7
Introducing HOB MacGate

1.2
HOB MacGate
Synchronization of remote and local monitor resolution – the chosen display on
the monitor of one machine is matched on the other

On session startup from client to server

During session only from server to client

Copy and paste of text between remote session and local session

Ability to disable clipboard from the Mac OS side

International keyboard support

Use the keyboard layout of the client (client-oriented)

Use the keyboard layout of the Mac (server-oriented)

User and group permissions to access HOB MacGate

Hidden screen mode

Locked screen mode – run your redirected session in the background

Mouse pointer image synchronization between the two machines

Configurable server port

Configurable terminal server security levels

Installer package in English and German

Login screen redirection
HOB MacGate running as a Daemon
HOB MacGate runs on your Mac as a daemon under Mac OS X. A daemon (disk
and execution monitor) is a computer program that runs invisibly in the background
rather than under the direct control of a user. Daemons are usually initiated as
background processes, so once HOB MacGate is installed it runs permanently and
does not need be individually started. It can of course be configured as desired, as
often and at any time you wish to suit your changing needs.
8
Security Solutions by HOB
HOB MacGate
2
Installation
2.1
System Requirements
Installation
Although HOB MacGate is a relatively small software package, failure to deploy it
on suitable hardware can result in poor performance. Make sure that your system
meets these requirements. The HOB MacGate software only needs to be installed
on the Mac side, with your preferred RDP software on the client side.
Once configuration is completed, the Mac and PC environments are fully integrated.
Mac System
The required operating system is Mac OS X 10.7 (Lion edition) or later (until MAC
OS X 10.10 Yosemite edition). HOB recommends using hardware with a CPU of at
least 1.83 GHz and 2 GB RAM.
Client System
An additional component is necessary on the remote client side. HOB recommends
using either HOBLink JWT, the HOB Java terminal server client component,
HOBLink iWT or HOB RD VPN the HOB secure remote desktop solution.
The Microsoft RDP client, Microsoft Remote Desktop Connection, is also
supported.
Memory Requirements
The following information refers to a typical installation and is only approximate.
The actual values depend on the OS being used.
The installation requires a minimum of 400 MB hard disk space on the Mac.
2.2
Installing HOB MacGate
HOB MacGate 1.5 is delivered as a disk image (.dmg) file.
1.
Copy the file HOB MacGate 1.5.dmg to the Mac desktop.
2.
Double-click the disk image to open it. The image loads as a new volume on
your desktop. This new volume is named HOB MacGate 1.5.
3.
Click the HOB MacGate 1.5 volume to display its contents.
4.
Double-click the file HOB MacGate.pkg, which starts the installation program.
It also includes a .pdf version of the HOB MacGate Administration Guide and
an uninstaller.
The HOB MacGate Administration Guide can be accessed by following the file,
/Library/Documentation/HOB/MacGate/HOB MacGate Administration
Guide.pdf and is also accessible to all users under:
/Users/Shared/HOB/MacGate.
Security Solutions by HOB
9
Installation
HOB MacGate
Figure 2: HOB MacGate Installer
5.
The HOB MacGate installer guides you through the installation process.
Click Continue after each step.
Once the installation is complete, HOB MacGate starts. Once you have entered the
serial number (see Section 3.2 Connection Tab on page 12), you can connect from
your RDP client.
10
Security Solutions by HOB
HOB MacGate
3
Configuring HOB MacGate
Configuring HOB MacGate
For HOB MacGate to run, it must be properly configured on the Mac and on the
client side. HOB recommends taking time to carefully read through these
instructions in order to ensure an optimal installation.
To configure HOB MacGate:
1.
Open System Preferences.
Figure 3: System Preferences
2.
3.1
Click the HOB MacGate icon under Other.
Status Window
Upon starting HOB MacGate, the status window is displayed.
Figure 4: Status Window
The currently installed version of HOB MacGate is shown. The status window
always stays open in the background. You can also disconnect an active remote
session or open the preferences to display the following tabs:

Connection Tab – see Section 3.2 Connection Tab on page 12.

Printing Tab – see Section 3.3 Printing Tab on page 14.
Security Solutions by HOB
11
Configuring HOB MacGate
3.2
HOB MacGate

Access Tab – see Section 3.4 Access Tab on page 16.

Others Tab – see Section 3.5 Others Tab on page 17.
Connection Tab
The Connection tab controls how the connection between the client machine and
your Mac is set up. It also indicates the current status of the HOB MacGate program
with a small colored button and the words On or Off that show if it is currently
running (see the figure below).
Any changes made here take effect when the lock or the panel is closed
unless otherwise specified.
Figure 5: Connection Tab
The following information on licensing can be seen and managed here:
Manage Licensing
Click Manage Licensing to display the following dialog, where you enter your serial
number (for example, 1-1234567ABCDEFG)
Figure 6: Serial Number
Enter the serial number delivered with HOB MacGate here and click OK.
12
Security Solutions by HOB
HOB MacGate
Configuring HOB MacGate
The serial number given to you contains a hyphen. All characters before
the hyphen must be entered in the Serial field. All characters after the
hyphen must go in the Key field. 1-1234567ABCDEFG is how the serial
number in Figure 6 on page 12 looks.
The following settings can be configured on the Connection Tab screen (see
Figure 5 on page 12):
Connection Settings

Port – the port used to access HOB MacGate. Enter a port number. The default
is 3389. This port number and the IP address of the Mac constitutes the target
for the RDP client configuration.
HOB MacGate must be restarted using the Restart button on the
Connection Tab screen for the settings to take effect.

Security Level – your data can be protected by encrypting it on the
communications link between the client and the Mac. Encryption protects against
the risk of unauthorized interception of transmitted data. By default, remote
desktop sessions are encrypted at the highest level of security available
(128-bit). However, some older versions of Terminal Services Client software do
not support such a high level of encryption. If your network contains such legacy
clients, set the encryption level of the connection to send and receive data at the
highest encryption level supported by the client.

Low
This level (40- or 56-bit, RC4) of the data from the client to the server should
only be used if other additional encryption protects your data, for example if
you are using HOB RD VPN.
For even stronger encryption, HOB RD VPN can be used in combination
with HOB MacGate. See Section 5 Combining HOB MacGate with HOB
RD VPN on page 23 for more information.



Client compatible
This level encrypts data sent between the client and the remote computer at
the maximum key strength supported by the client. Use this level if your client
computer does not support 128-bit encryption.
High
This level encrypts data sent from the client to the remote computer and from
the remote computer to the client using 128-bit encryption. Use this level only
if you are sure that your client supports 128-bit encryption (if it is running
Windows XP Professional, for example). Clients that do not support this level
of encryption are not able to connect.
Disable HOB MacGate – when this checkbox is enabled, HOB MacGate is off
and will not accept connection requests from any client machine until it is
enabled. The only way HOB MacGate can be enabled again is by disabling this
checkbox. When HOB MacGate is disabled, the current status will be off.
Security Solutions by HOB
13
Configuring HOB MacGate
3.3
HOB MacGate

Restart – click Restart to restart HOB MacGate after it has been stopped via the
Stop button. This button can also be used to make changes take effect.

Stop – click Stop to temporarily stop HOB MacGate. When the system is
restarted, HOB MacGate will be on again. Clicking Restart will also turn
HOB MacGate back on.
Printing Tab
The Printing tab allows you to configure printing locally on the remote session from
applications installed on your Mac Host. For more information on these settings, see
Section 7 Printing with HOB MacGate on page 33 or click the help button in the
bottom right corner of the screen below
Any changes made here take effect when the lock or the panel is closed
unless otherwise specified.
Figure 7: Printing Tab
Select the Enable printing checkbox to enable printing in HOB MacGate.
Make sure that the Use IPP (Internet Printing Protocol) checkbox is selected.
This protocol is used by HOB MacGate for printing via your connected local
machine.
The Use LPD (Line Printer Daemon Protocol) checkbox can also be used instead
of IPP. Due to its limited functionality, it is recommended that this only be selected
when IPP is not an option.
The same queue name format must be used for both LPD and IPP printing. This is
the name of the printer queue that is automatically created when printers are
mapped to the Mac.
14
Security Solutions by HOB
HOB MacGate
Configuring HOB MacGate
The queue name may consist of the following variables:



#Owner – this is the name of the machine accessing HOB MacGate as well as
the owner of the printer.
#PrnName – this is the printer name of the printer used in the remote session.
#DriverName – this is the name of the driver used in the remote session for that
printer.
Click the Configure Drivers button (see Figure 7 on page 14) to add another
printer. The following dialog is displayed.
Figure 8: Configure Drivers
Clicking Remove on the Configure Drivers screen will temporarily delete the
makes and models from the provided list of Printer Details. Click Cancel and then
return to this screen to restore the full list. Select the Add button to add a printer.
The following dialog appears.
Figure 9: Add Dialog
Select the make and enter the model. You can also select New PPD file and
browse your system or select Already installed PPD to use a previously installed
driver.
Security Solutions by HOB
15
Configuring HOB MacGate
3.4
HOB MacGate
Access Tab
This tab allows you to configure the specific groups and users that will be able to
access the Mac OS using HOB MacGate.
Any changes made here take effect when the lock or the panel is closed
unless otherwise specified.
Figure 10: Access Tab
To allow only specified users access to HOB MacGate, select the Allow access for
the following users & groups option. This enables you to select users and groups
from the list on the left and move them to the allowed access list on the right. To add
a user or group, select the user or group from the list on the left and then click the
> symbol. To delete a user or a group from the allowed access list click the <
symbol.
The list under the Users & Groups tab shows all available local users and groups
associated with the Mac OS. Network users and network groups lists will be
displayed under the tabs Network Groups or Network Users.
Connect your Mac to a network account server to view the Network Users
and Network Groups lists.
To save time, users can also be added by entering the user name into the User
name field and selecting the > symbol.
Make sure you do not remove your own user account when configuring the
allowed access list within a HOB MacGate session.
16
Security Solutions by HOB
HOB MacGate
3.5
Configuring HOB MacGate
Others Tab
This tab contains configuration settings that make it easier to monitor how
HOB MacGate is working.
Any changes made to the HOB MacGate tabs take effect when the lock or
the panel is closed unless otherwise specified.
Figure 11: Others Tab

Enable extended logging
Messages from HOB MacGate are automatically written to the log contained in
the folder /Library/Logs/HOB. The log can be displayed with the console
program contained in the utilities folder of your Mac.
For diagnostic purposes, you can enable the Enable extended logging
checkbox to log even more details about your work. However, this results in
more computing capacity being used, which can slow down your computer.
HOB therefore recommends that this checkbox be disabled.

Use client-oriented keyboard mapping
Enable this checkbox to have keyboard controls like on a Mac system on your
client system. For example, the “~” symbol can be created with the key
combination “SHIFT + <” on Mac and with “SHIFT + `” on Windows. This is only
valid for a keyboard with the U.S. layout.

Disable clipboard
Enable this option if you do not want to share data from your Mac clipboard with
the client system clipboard.

Mirror display
Enable this option when using two monitors to display the same session on
both.
Security Solutions by HOB
17
Configuring HOB MacGate
HOB MacGate
When Mirror display is enabled and you are using monitors of different
size, the HOB MacGate session appears the size of the smaller screen.
To avoid a smaller display than desired, open the HOB MacGate session
in the monitor that displays the bar menu. To do so, open System
Preferences > Displays > Arrangement and drag the bar menu to the
screen preferred.
When Mirror display is disabled, all screens except for the main monitor
are disabled and are no longer a limiting factor.

Force automatic login of the client
Enable this checkbox to have the user sign on via the client before accessing
the Mac logon screen.
If a user is logged on to the console of the Mac that has HOB MacGate
installed on it then this will automatically be the case.

Logout when disconnected after
Enable this checkbox to automatically log the user out whenever the remote
connection is disconnected. This includes voluntary disconnections and any
potential system crash or loss of signal. Applications that were in use prior to the
disconnection will be closed. This option can be used in combination with Lock
when disconnected after.
Enter the number of units and then select the seconds, minutes, hours or days
before the logout is executed following a disconnection.
The default (0 seconds) is recommended here for security reasons.
Data loss can occur in applications running in the session when using this
feature. This is a result of the logout operation initiated by HOB MacGate.

Lock when disconnected after
Enable this checkbox to automatically lock the session whenever the remote
connection is disconnected. This includes voluntary disconnections and any
potential system crash or loss of signal. This option can be used in combination
with Logout when disconnected after.
Enter the number of units and then select the seconds, minutes, hours or days
before the logout is executed following a disconnection.
If Lock session under Local display options has been selected, this
option will appear gray and cannot be selected as they have the same
function in this situation.
18
Security Solutions by HOB
HOB MacGate
Configuring HOB MacGate
Local display options
The following options are for the local display while a remote session is being used.

Lock session
This is the default selection. When this option is selected, the log on screen is
visible on the local Mac display while the HOB MacGate session runs in the
background.
Some OpenGL-related applications do not run in background mode. It is
recommended to select Disable monitor to hide session instead.

Disable monitor to hide session
Select this option to disable the monitor on the remote Mac display. The monitor
of the remote Mac where HOB MacGate is installed will appear to be off.
The session will run in foreground mode; however, the monitor is
deactivated and local mouse and keyboard input is blocked.

Show session
If this option is selected, the HOB MacGate session is visible on the remote Mac
display as well as the local display. This can be helpful when assistance in the
remote session is needed.
If Show session has been selected then Logout when disconnected
after can be used to provide higher security in the event the connection is
interrupted.
Security Solutions by HOB
19
Configuring HOB MacGate
20
HOB MacGate
Security Solutions by HOB
HOB MacGate
4
Configuring HOBLink JWT
Configuring HOBLink JWT
When the installation and configuration on the Mac are complete, the connection to
the client (e.g. Windows PC) must be configured. Configuring with HOBLink JWT is
described in this section; however, Microsoft RDP client software is also suitable.
In this case, refer to the appropriate client software with regards to configuration but
use the settings as described below.
Once these steps have been completed, HOBLink JWT can connect to the Mac to
display the desktop.
4.1
Configuring the Connection with HOBLink JWT
1.
Go to the Start menu and open HOBLink JWT Session Center.
2.
Right-click the session to be configured and select Edit….
3.
Select the Connection scheme.
Figure 12: Connection Scheme
4.
For Connection type, select Direct. This sets up the client to communicate
directly with the server and not go through other proxies.
5.
Disable the Choose RD server at runtime checkbox. This is to make sure that
the Mac running HOB MacGate is selected as the desired server.
6.
For RD server, enter the IP address or the host name of the Mac to be
connected to (e.g. Companyserver1). All servers have names in these two
forms by which they are identified on the network. Either can be used here.
Security Solutions by HOB
21
Configuring HOBLink JWT
7.
HOB MacGate
For Port, enter the number of the port to be used for the connection.
The default port number is 3389. If you have entered a different port number in
the HOB MacGate configuration (see Section 3 Configuring HOB MacGate on
page 11), then that port number must be entered here.
The connection is now configured. If you click Close now, the HOBLink JWT
Session Editor closes and must be reopened to continue.
8.
Click Close to apply the settings and to close the HOBLink JWT Session
Editor. The connection is configured and HOBLink JWT can connect to the
Mac desktop.
9.
You can enable the Use Wake-on-LAN checkbox to allow the client to wake
up the Mac host. This will only work if the Wake for Ethernet network access
in the Energy Saver option of the System Preferences on the Mac host (see
Figure 3 on page 11) has been selected. The address of the Mac OX S desktop
must be entered into the space provided for Mac Address.
Depending on some system configurations of the Mac host, Wake-on-LAN
may not always function properly.
For more information regarding HOBLink JWT, see the HOBLink JWT
administration guide.
22
Security Solutions by HOB
HOB MacGate
5
Combining HOB MacGate with HOB RD VPN
Combining HOB MacGate with
HOB RD VPN
HOB MacGate can be combined with HOB RD VPN to offer a high performance
solution for secure remote access to the applications and data in the Mac network.
The steps described in this section enable RDP communication to take place
between the two computers. The HOB WebSecureProxy (HOB WSP) component
of HOB RD VPN is used for this purpose. This is the secure system proxy that
transmits and receives data between the machines in the network. HOB RD VPN
Desktop-on-Demand can also be used.
5.1
Configuring HOB MacGate to Work with HOB RD VPN
No extra configuration of HOB MacGate is required to communicate with
HOB RD VPN. Please refer to Section 3 Configuring HOB MacGate on page 11 for
all necessary configuration information.
5.2
Configuring a HOBLink JWT Session
The client side software (HOBLink JWT) needs to be configured so that it
recognizes the new Mac that it is connected to.
Configuring the Connection with HOB RD VPN
1.
Start a browser and go to the HOB RD VPN Administration via
https://rdvpn.example.com.
2.
Log on with a Domain Administration account.
3.
Open the HOB EA Administration. Regarding where to find the
HOB EA Administration, see the HOB RD VPN Administration Guide.
Figure 13: Opening HOBLink JWT Session Configuration
Security Solutions by HOB
23
Combining HOB MacGate with HOB RD VPN
HOB MacGate
4.
Select the element of the hierarchy to create a connection for (users, groups,
etc.) and select > > Sessions > HOBLink J-Term/JWT > Configure. You can
also right-click an element and then select Configure > Sessions > HOBLink
J-Term/JWT.
5.
The HOBLink JWT Administration is displayed. Select the item Schemes in the
organizational tree.
Figure 14: Connection Tab
6.
Now select Connection and click New to open the configuration of a new
connection.
7.
Enter an appropriate Scheme Name for the connection to HOB MacGate, such
as MacGate. This should be a name consistent with the sessions you will run
once the program is fully configured.
8.
For Connection Type, select Direct. This sets up the client to communicate
directly with the server and not go through other proxies.
9.
Disable the Choose Terminal Server at runtime checkbox. This is to make
sure that the Mac running HOB MacGate is selected as the desired server.
10. For Terminal Server, enter the IP address or the host name of the Mac to be
connected to (e.g. Companyserver1).
11. For Port, enter the number of the port to be used for the connection.
The default is 3389. If you have entered a different port number in the
HOB MacGate configuration (see Section Section 3 Configuring HOB MacGate
on page 11), then that port number must be entered here.
12. Under WSP Server in case of HOB RD VPN, enter the name of the server to
connect to and leave the Prompt user when connecting checkbox disabled.
24
Security Solutions by HOB
HOB MacGate
Combining HOB MacGate with HOB RD VPN
If you are using HOB WebSecureProxy (see Section 5.3 Configuring HOB
WebSecureProxy on page 25), the Server Name needs to be the same as
the name that will be entered after Name on the Server List tab (see
Figure 17 on page 26).
13. The Proxy configuration should be configured only if your network requires http
proxies in order to connect to the Mac.
14. Click Close to apply the settings and close HOBLink JWT Session Editor.
The connection is now configured and HOBLink JWT can connect to the Mac.
5.3
Configuring HOB WebSecureProxy
When using HOB MacGate with HOB RD VPN, the HOB WebSecureProxy needs
to be configured to allow RDP communications. To do so, proceed as follows:
1.
Start a browser and go to HOB RD VPN Administration via https://
rdvpn.example.com:10000 and log on with your Global Administration account.
Note that example in the browser address above needs to be replaced
with the name of the server where HOB RD VPN is installed.
2.
Start the EA Administration and open the HOB WebSecureProxy configuration.
The following screen is displayed.
Figure 15: HOB RD VPN WebSecureProxy
3.
Select Outgoing Connections > Other Targets > Add to add a server to the
server list. The Server List screen is displayed.
Security Solutions by HOB
25
Combining HOB MacGate with HOB RD VPN
HOB MacGate
Figure 16: Server List
4.
Enter a name for the server (e.g. MacGate) and then click Add.
Figure 17: Server Configuration
26
5.
The Mode must be 1:1 Proxy Gateway. This sets up direct one-to-one
communication with the server.
6.
Under Predefined protocol, select RDP Windows Terminal Server - HOB
EXT-1. This is a default protocol created to ensure that HOBLink JWT connects
correctly to HOB MacGate.
7.
For Host IP Address, enter the IP address or host name of the Mac to be
connected to (e.g. Companyserver1).
8.
For Host port, enter the port number used for the connection to the Mac
(default: 3389). If you have entered a different port number in the
HOB MacGate configuration (see Section 3 Configuring HOB MacGate on
page 11), then that port number must be entered here.
Security Solutions by HOB
HOB MacGate
9.
Combining HOB MacGate with HOB RD VPN
Click File > Save and exit the HOB WebSecureProxy configuration.
There is no need to restart HOB RD VPN. The changes will take effect
automatically. How long this takes depends on the power of your
HOB RD VPN computer and the configuration.
5.4
Configuring HOB RD VPN Desktop-on-Demand
For the HOB RD VPN Desktop-on-Demand configuration, two sides need to be
configured: the HOB RD VPN side and the HOBLink JWT side. The following
sections describe the necessary configuration steps.
5.4.1 HOB RD VPN Configuration
1.
To enable the Wake-on-LAN function, open HOB EA Administration.
2.
Select HOB RD VPN > User Settings > Configure (see Figure 13 on
page 23).
3.
Select Desktop on Demand from the list on the left (see Figure 18 on
page 27). Follow the dialog to RD VPN 2.1 and then User Settings.
Figure 18: HOB RD VPN Desktop-on-Demand
4.
Select Desktop On Demand and then select Add.
Security Solutions by HOB
27
Combining HOB MacGate with HOB RD VPN
HOB MacGate
Figure 19: Wake-on-LAN Configuration
5.
Enter a name for the configuration.
6.
Under Remote PC, enter the information for the remote computer: the host IP
address, the optional MAC address of the remote desktop (by selecting
Retrieve & Apply or by entering it manually) and the port number. Port 3389
is the default.
7.
Under Delay (sec) enter the number of seconds the remote PC has to respond
before the connection attempt will be cancelled. The default setting is 180.
8.
Save by selecting the Save button.
Depending on some system configurations of the Mac host, the
Wake-on-LAN may not always function properly.
Desktop-on-Demand can also be accessed by opening the HOB EA
Administration page and selecting User Settings > Settings >
DesktopOnDemand.
5.4.2 HOBLink JWT Configuration
28
1.
Start a browser and go to the HOB RD VPN Administration via https://
rdvpn.example.com and log on with a Domain Administration account.
2.
Open the HOB EA Administration. See the HOB RD VPN Administration Guide
for where to find the HOB EA Administration.
3.
Select the element to create a connection for (users, groups, etc.) and select >
> Sessions > HOBLink J-Term/JWT > Configure. You can also right-click the
element and then select Configure > Sessions > HOBLink J-Term/JWT.
4.
Select Connection. The following screen is displayed.
Security Solutions by HOB
HOB MacGate
Combining HOB MacGate with HOB RD VPN
Figure 20: HOBLink JWT Administration
5.
Select Schemes in the organization tree, select Connection and click New on
the bottom left to configure a new connection.
6.
Enter a Scheme Name for the new connection scheme, e.g. MacGate.
This must be consistent with the naming convention used before.
7.
Under Connection Type, select WebSecureProxy Socks Mode.
This completes the connection configuration.
8.
Open the HOB WSP tab.
Figure 21: HOB WSP Tab
Security Solutions by HOB
29
Combining HOB MacGate with HOB RD VPN
9.
HOB MacGate
Select the Prompt user when connecting checkbox.If more than one RDP
server is available, the user will be able to choose which to use. If there is only
one, the user will connect to it automatically.
10. Select Sessions and configure a new session to use the new connection
scheme.
Figure 22: Sessions Tab
11. Click Close to save the settings and close the HOBLink JWT Administration.
30
Security Solutions by HOB
HOB MacGate
6
Configuring Microsoft Remote Desktop Connection
Configuring Microsoft Remote
Desktop Connection
When using a standard RDP connection, the following entries will be required.
Microsoft Remote Desktop Configuration is used as an example in this section.
1.
From the Start menu, go to Apps > Windows Accessories > Remote
Desktop Connection.
Figure 23: Microsoft Remote Desktop Connection
2.
Click Show Options to expand the screen.
Figure 24: General Tab
3.
Go to the Advanced tab and make sure that either Connect and don’t warn
me or Warn me (default) is selected.
Security Solutions by HOB
31
Configuring Microsoft Remote Desktop Connection
HOB MacGate
Figure 25: Advanced Tab
4.
Return to the General tab and enter the IP address or the host name of the Mac
in the Computer field.
5.
Enter the User name of the Mac.
6.
Click Connect to establish the connection.
If you cannot connect, edit the remote desktop connection by saving the
file, and editing this same file with an editor. A list will appear.
Locate negotiate security layer:i:1. Now make sure that the last digit is a
1 and not 0.
It is recommended to enable the Allow me to save credentials checkbox.
This is necessary on some systems that require these credentials and
without having them saved, the connection may fail.
32
Security Solutions by HOB
HOB MacGate
7
Printing with HOB MacGate
Printing with HOB MacGate
With HOB MacGate, you can print via a printer configured to the client that is
accessing HOB MacGate or via a printer configured to your Mac. As soon as a
connection is made from your client to your Mac, the printers of the client that is
connected to your Mac are automatically mapped to the Mac. Any application
currently in use on the Mac can use the client printers.
In order to be able to print locally from the client that is accessing HOB MacGate
while using an application on your Mac, the connection needs to be enabled on both
sides beforehand. The steps to enable local printing on the client computer that is
accessing the Mac are described below.
7.1
Enabling Printing in the Client Session
1.
Open the Start menu and select HOBLink JWT Session Center.
2.
Right-click the session to enable printing for and select Edit….
3.
Select Printer from the organizational tree on the left.
Figure 26: Printer Tab
4.
Select the Standard Printer Port Mapping radio button.
5.
Select Include All Local Printers to make all local printers available for use
during your client session using Mac applications (recommended).
If you are using Microsoft Remote Desktop Connection, go to the Local Resources
tab and select the Printers checkbox under Local devices and resources. A
similar procedure will be required for other RDP client software.
Security Solutions by HOB
33
Printing with HOB MacGate
HOB MacGate
Figure 27: Local Resources Tab
7.2
Enabling Printing in HOB MacGate
To access the HOB MacGate preferences, refer to Section 3 Configuring HOB
MacGate on page 11. The steps to enable local printing in HOB MacGate can be
found in more detail in Section 3.3 Printing Tab on page 14.
7.3
Choosing the Correct Printer Driver
When the client session accessing HOB MacGate connects, the local printer (or
printers) is mapped automatically to the Mac.
To print correctly, HOB MacGate uses printer drivers in PostScript Printer
Description (PPD) format. PPD files describe the entire set of features and
capabilities available for their PostScript printers and contain the PostScript code
(commands) used to invoke features for the print job. Thus, PPDs function as
drivers for all PostScript printers by providing a unified interface for the printer's
capabilities and features.
HOB MacGate installs many PPDs for a large list of printers and searches this list
to find the correct driver for your printer. If it cannot find the correct driver, it uses a
default driver that may not work correctly with your printer. In the event that the
default driver does not work, see Section 7.3.1. Adding a Printer Driver on page 35.
To check which printer driver is suitable for your printer, go to the System
Preferences of the connected Mac session and select Print & Fax (see Figure 3
on page 11). Then select the desired printer and read which Kind of printer it is.
The specific name of the printer should be given here. If it is, the Mac has located
the driver required and this printer will be able to be printed to. If it says Generic
Post Script Printer, this is the Mac default printer driver.
To use a specific printer driver, the relevant PPD file may need to be created or
downloaded and added to those included in HOB MacGate.
34
Security Solutions by HOB
HOB MacGate
Printing with HOB MacGate
7.3.1. Adding a Printer Driver
If a printer does not print correctly during the HOB MacGate session, it is highly
likely that an incorrect printer driver is being used. To fix this problem, the correct
PPD file for your printer needs to be installed. There are many ways to do this:

Check your printer manufacturer’s website and download the correct PPD file.

Go to http://www.openprinting.org/ and download the correct PPD file.


If the printer manufacturer offers a printer driver installer for Mac OS X, the
required PPD file might already be in the Mac directory: /etc/cups/ppd.
Write your own PPD file. For more information, see http://www.adobe.com/
devnet/ or http://partners.adobe.com/public/developer/ps/index_specs.html.
Once you have the correct PPD file, it needs to be added to HOB MacGate. To add
the file:
1.
Go to the Printing tab (see Figure 7 on page 14) in the HOB MacGate
Preferences.
2.
Select Configure Drivers and then select Add (see Figure 8 on page 15).
Figure 28: Adding a Printer Driver
3.
Select your printer.
You can also choose Other… from the list and enter the make of the printer being
used. Now enter the name of your local machine as the printer (and driver).
The driver name you enter here must EXACTLY match the name of the
PPD file in terms of characters and spaces, although it need not match for
case sensitivity. This information may have to be entered manually. For
more information, see Section 8.1 The RDP Session Cannot Connect on
page 37.
To check this name under Windows 8, for example, go to the Control
Panel, select Devices and Printers, right-click the printer and go to
Printer Properties. The Advanced tab shows the correct driver name.
4.
Select the PPD file by selecting the New PPD file radio button and browsing
your system or by selecting the Already installed PPD radio button to use a
previously installed driver.
5.
Click OK and restart HOB MacGate for the settings to take effect.
Security Solutions by HOB
35
Printing with HOB MacGate
HOB MacGate
7.3.2 Setting a Default Printer Driver
If HOB MacGate cannot find the correct driver or if none are currently available, it
uses the default driver. To view the currently configured default:
1.
Go to the Printing tab of HOB MacGate Preferences.
2.
Select Configure Drivers.
3.
Select View Default. The PPD file name and printer are shown with a
notification that this Driver is Default.
Figure 29: Setting a Default Printer Driver
If you would like to change the default (once you have made sure the correct PPD
file has been installed, or you have just added it), then:
4.
Select the Maker and Model of your printer driver.
5.
Click Set as Default.
6.
Restart HOB MacGate.
HOB MacGate is ready to print as soon as the system restarts.
36
Security Solutions by HOB
HOB MacGate
8
Troubleshooting
Troubleshooting
In the event that a connection cannot be established, see the information in the
sections below in order to identify and fix the problem.
8.1
The RDP Session Cannot Connect
1.
Make sure that the Mac IP address is accessible from (i.e. can be seen by) the
client system. The best way is to use a ping command. If the client system does
not find the Mac, check the network configuration of your system.
2.
Check the system preferences for the HOB MacGate status to see if the
program is running. Beside the program title, it should say On and show a small
green icon. If it is not currently running (it says Off and shows a red icon), start
the program again. If the program still does not start, check the logfiles for more
information (see Section 8.3 Consulting the Logfile for Errors on page 39).
3.
Check that the IP address and the port in the HOB MacGate configuration
match those configured in the RDP session configuration.
4.
If you are using Microsoft Remote Desktop Connection, ensure that Allow me
to save credentials is enabled and that either Warn me or Connect and don’t
warn me is selected (see Section 5 Combining HOB MacGate with HOB RD
VPN on page 23).
5.
Edit the remote desktop connection by saving the file, right-clicking it and
opening it with a text editor. A list is displayed. Locate negotiate security
layer:i:1. Make sure that the last digit is 1 and not 0.
6.
On the System Preferences/Security/Firewall tab, check whether the firewall
settings of the Mac allow incoming connections.
7.
Should there be problems with printing, ensure that the name of the local printer
driver is mapped properly by HOB MacGate. The name can be found in the
Windows printer preferences. Go to Start > Devices and Printers, right-click
the printer and select Printer properties. The name is displayed next to
Model. The transmitted printer driver can be seen in the HOB MacGate logfiles.
If there is still no connection, contact HOB Software Support (see Section 12
Information and Support on page 47).
8.2
The RDP Session Reports an Error
User is not Authorized to Open a Session
If one of the following screens indicating that the user does not have the correct
authorization to use the HOB MacGate program is displayed, check the user name
and password entered in the RDP session configuration.
Security Solutions by HOB
37
Troubleshooting
HOB MacGate
Figure 30: User Not Authorized Error
Or:
Figure 31: Credentials Error
If the user is authorized to open a session on this computer and one of these dialogs
appears, this indicates the user is attempting to open a second session, which is not
permitted. Make sure that only one RDP session is connected to the Mac. If an RDP
session is currently connected, the following menu icon is displayed on the Mac
desktop menu bar of the computer accessing the Mac OS.
Figure 32: RDP Session Running Icon
If this is the case, the first user must log off (end their session) before the second
user attempting to connect can successfully do so. These dialogs will also be
displayed if the configuration settings have not been correctly made. See Section
8.1 The RDP Session Cannot Connect on page 37 for more information.
Remote Computer not Authenticated
If the following error message is displayed when connecting, the setting Do not
connect has been configured in the Remote Desktop Connection dialog on the
Advanced tab - see Section 5 Combining HOB MacGate with HOB RD VPN on
page 23.
38
Security Solutions by HOB
HOB MacGate
Troubleshooting
Figure 33: Error Message
8.3
Consulting the Logfile for Errors
To see if any errors have occurred in the background even though there is a
connection up and running, consult the system Logfile.
To open the logfile, open Applications/Utilities/Console to open a
terminal window, and then enter /Library/Logs/HOB.
For more information, you can consult the Extended Log (see Section 3
Configuring HOB MacGate on page 11).
Security Solutions by HOB
39
Troubleshooting
40
HOB MacGate
Security Solutions by HOB
HOB MacGate
9
Starting and Stopping HOB MacGate
Starting and Stopping
HOB MacGate
HOB MacGate consists of two processes (a daemon and a user agent) that are
automatically started when the system boots up and when a user has logged in.
These processes are:

HOB MacGate Daemon: macgate

HOB MacGate User Agent: macuserssn
HOB MacGate may be started or stopped either through the system preferences or
by using commands in the Terminal Window.
9.1
Starting and Stopping HOB MacGate Using System
Preferences
Open the system preferences on your computer and select HOB MacGate.
Start or stop the HOB MacGate process by using the Restart and Start/Stop
buttons at the bottom of the HOB MacGate Status Window (see Figure 4 on
page 11).
Security Solutions by HOB
41
Starting and Stopping HOB MacGate
42
HOB MacGate
Security Solutions by HOB
HOB MacGate
Uninstalling HOB MacGate
10 Uninstalling HOB MacGate
There are three ways to uninstall HOB MacGate. Choose from the following:
Option 1
You can uninstall HOB MacGate by opening the HOB MacGate
Uninstaller.pkg that was delivered with the software and by following the
steps.
Option 2
You can also uninstall HOB MacGate by opening the Finder and going to
System/Library/CoreServices/HOBmacgate/HOB MacGate
Uninstaller.pkg.
Option 3
1.
Open Terminal.app
2.
Type the following file name in and execute: /System/Library/
CoreServices/HOBmacgate/mg_uninstall.sh
3.
This following message will be displayed:
"HOB MacGate uninstall script."
"Press a key to continue or Ctrl+C to abort."
"Continue?"
4.
Upon success the following message is displayed:
“HOB MacGate has been uninstalled successfully!”
The script deletes itself on success.
HOB MacGate is now uninstalled.
Security Solutions by HOB
43
Uninstalling HOB MacGate
44
HOB MacGate
Security Solutions by HOB
HOB MacGate
Supplementary Information
11 Supplementary Information
This section provides information on limitations and known issues for
HOB MacGate.
11.1 Limitations
HOB MacGate 1.5 is the fifth published version and contains certain limitations that
can be improved in future releases:




Only one remote session (i.e. user) can connect to HOB MacGate at any time.
When the Hide session on local screen mode is being used, applications using
Open GL will be less graphically enhanced than if they were to be used locally
on the Mac OS.
HOB MacGate does not support all screen sizes possible in RDP sessions.
The session will automatically be resized to one that is supported.
The login screen is not redirected by HOB MacGate while a user session is
active in the foreground. Therefore, it is necessary to authenticate to
HOB MacGate using login in RDP.
11.2 Known Issues
All known issues at the time of completion of this guide can be found on the
following web page:
http://www.hobsoft.com/support/macgate/macgate.jsp
Security Solutions by HOB
45
Supplementary Information
46
HOB MacGate
Security Solutions by HOB
HOB MacGate
Information and Support
12 Information and Support
If you would like further information about HOB MacGate or if you need product
support, please contact us at:
U.S.A. and Canada
General Enquiries:
Phone:
+ 1 866 914 9970
Fax:
+ 49 9103 715 3299
E-mail:
[email protected]
Web:
www.hobsoft.com
Technical Support:
Phone:
+ 1 866 914 9970
Fax:
+ 49 9103 715 3299
E-mail:
[email protected]
Germany
General Enquiries:
Phone:
+ 49 9103 715 0
Fax:
+ 49 9103 715 3271
E-mail:
[email protected]
Web:
www.hob.de
Technical Support:
Phone:
+ 49 9103 715 3161
Fax:
+ 49 9103 715 3299
E-mail:
[email protected]
Other Countries
General Enquiries:
Phone:
+ 49 9103 715 3103
Fax:
+ 49 9103 715 3299
E-mail:
[email protected]
Web:
www.hobsoft.com
Technical Support:
Phone:
+ 49 9103 715 3103
Fax:
+ 49 9103 715 3299
Security Solutions by HOB
47