2X SecureRemoteDesktop. Version 1.1

(1)

2X SecureRemoteDesktop

Version 1.1

(2)

Website: www.2x.com Email: [email protected]

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of 2X Software Ltd.

2X SecureRemoteDesktop is a copyright of 2X Software Ltd.

Last updated: December 5, 2013

(3)

2X SecureRemoteDesktop • 3

Introduction

What is 2X SecureRemoteDesktop and how does it work?

2X SecureRemoteDesktop is an application which allows you to securely access your home Windows desktop machine. 2X SecureRemoteDesktop protects your machine from unauthorized access by giving you full control on who can access your machine and by notifying you of access activity on your machine.

Connect from anywhere

 With 2X SecureRemoteDesktop you are able to connect with various devices running different operating systems.

 2X SecureRemoteDesktop exposes a built in html web service which allows access to your PC using an HTML5 enabled browser from any computer or device. This all occurs from within a secure channel, using the latest HTML5 technology.

Security

 When using 2X SecureRemoteDesktop you can give access to the system only to specific devices and machines; having full control on who can access your machine.

 2X SecureRemoteDesktop adds a higher security layer to the standard remote access products found in the Windows operating system. You can add a second level authentication method using a One Time Password (OTP) which means that the OTP changes for each logon.

 All communication data is tunnelled through a high security communication channel.

 2X SecureRemoteDesktop notifies you of any activity happening on your home desktop machine and gives you a historical log of all the access activity on your machine.

 2X SecureRemoteDesktop provides you with a higher level of security and helps you to configure your machine for remote access.

(5)

Supported Operating Systems

Operating System Supported Comments Windows 8.1 Professional X

Windows 8.1 Enterprise X Windows 8 Professional X Windows 8 Enterprise X Windows 7 Professional X Windows 7 Enterprise X Windows 7 Ultimate X Windows Vista Enterprise X Windows Vista Ultimate X

Windows XP Professional X Service Pack 3 is required for the 32 bit version.

Service Pack 2 is required for the 64 bit version.

Minimum System Requirements

Minimum Requirements Recommended Specifications Operating System Windows® XP (Updated with

the latest Service Packs)

Windows® 7/Windows® 8 (latest service pack)

Memory 500 MB RAM 2 GB RAM

Storage 100 MB available HD space Internet Broadband Internet connection

(6)

L ICENSING

Free Trial Period

2X SecureRemoteDesktop is free to download and use for a period of 7 days from installation. During this trial period, the application is fully functional with all features enabled, as in the paid version. At any time throughout the trial period, the customer may purchase a license key, enabling the application to run beyond the trial period timeframe.

Quantity of Devices Managed

2X SecureRemoteDesktop allows the customer to manage up to five (5) devices with a single license key. If additional devices require management, the customer is required to purchase an additional license.

(7)

I NSTALLING THE SOFTWARE

1. Download the msi package from http://www.2x.com/secure-remote-desktop . 2. Run the downloaded executable. The following dialog will be displayed.

3. Read the license terms and select I agree to the license terms and conditions and click install.

After the installation performs system validation the following dialog is displayed.

(8)

4. Click the Next button.

(9)

This step will configure the 2X SecureRemoteDesktop on your system.

 Create a shortcut on desktop

A shortcut will be automatically created on the desktop allowing easy access to the UI of the application.

 Enable remote access in the windows firewall

This option will add a firewall rule to allow access to the 2X SecureRemoteDesktop from the internet. It is recommended to allow this modification on your system. If you do not allow the setup to change your firewall settings you will need to change it once the software is installed.

 Disable public access to the native RDP service

This option will disable access to the unsecure native remote desktop service which eliminates the risk on your machine to be compromised from the windows native service.

 Add current user to the remote access group

This option will add the current user to the remote access group, giving them access to the machine. It is recommended to allow this modification on your system. If you do not allow the setup to change add the user you need to add the users once the software is installed.

(10)

5. Click the Next button.

You can change the application installation path to any location on your hard drive. Unless required we suggest the path is not modified.

(11)

2X SecureRemoteDesktop • 11 6. Click the Next button and press Install.

(12)

7. Congratulations installation is now complete. Click Finish to terminate the installation. The application will start automatically.

The following message will be displayed on launch of the application to indicate that the firewall is blocking access to the application. If you press ok the application will automatically try to open access on the router. Please make sure that Network Discovery is enabled on the machine and that UPnP is enabled on the home router.

(13)

Recommended Settings

For maximum protection and to avoid connectivity problems we suggest that you enable and configure the following settings.

1.

Use a Dynamic DNS

2.

Open access on Home Router (UPnP)

3.

Second Level Authentication is enabled

4.

Enable Email Alerts is enabled

5. Disable internet access to native RDP service is enabled

6. Device Security Mode set to Allow List (Set this after you have added your devices)

(14)

C ONNECTING USING YOUR DEVICE

You can connect to your machine from various devices. The following is a list of clients that are supported by the 2X SecureRemoteDesktop.

 Windows

 Android

 iOS

 BlackBerry

 Mac

 Linux

 HTML5

 Java

 Facebook

To connect your device to the 2X SecureRemoteDesktop, follow the steps below. (Please note that screenshots are from the Android 2X Client).

1. Launch the 2X Client

2. Select the 2X SecureRemoteDesktop connection

(15)

2X SecureRemoteDesktop • 15 3. Define the connection parameters to the 2X SecureRemoteDesktop

 Alias: Friendly name of the connection

 Server: IP of the machine (Private or Public)

 Port: Port of the machine. (Default is 50001)

 User Name: User name of the machine

 Password: Password of the machine

Although it is highly recommended to install a 2X Client which allows configuration of connections to 2X SecureRemoteDesktop, you can still use previous versions of the client. You need to create a 2X Connection, configure it in Gateway SSL mode and set the port to 50001.

(16)

C ONNECTING USING THE HTML5 C LIENT

The 2X SecureRemoteDesktop utilizes a built-in web client service, which will allow you to access your machine from your web browser.

To access your remote machine, follows the steps below:

1. Launch your browser

2. In the URL field type http://< IP>:<Port> where <IP> is the IP of the machine you want to access (Please note that if you are using Dynamic DNS, you can enter the Domain name) and <Port> is the port being used by the 2X

SecureRemoteDesktop application. Default is 50001

The browser will display the following message if the installed client certificate on gateway is self- signed. Since the certificate was not bought from a Trusted Authority the browser will issue a security warning about this. Security and protection and NOT compromised given that the warning issued by the browser is that of a Self-signed certificate. Please note that the host machine name is set to the Organization in the self-signed certificate. You can either click Continue or Install an SSL Certificate on gateway machine.

(17)

2X SecureRemoteDesktop • 17 If you press continue the browser will display the Warning

Accept the certificate which usually adds an exception rule, so that you don’t get this warning in future connections.

(18)

C ONNECTION D ASHBOARD

In the connection tab, you can determine if your system is configured correctly or not.

The following visual display shows that the machine can be accessed both from the internet (away from your name) and from the private network (while you are at home).

The following visual display will indicate that the machine is not accessible from the internet as the traffic is being blocked by your home router/firewall. To resolve the issue you can enable activate the Open access on home computer option in the Security tab. Please make sure that UPnP is enabled on your home router and that Network Discovery is enabled on your computer.

(19)

2X SecureRemoteDesktop • 19 The following visual display will indicate that the host machine has no connection to the internet so it cannot be accessed from the internet (but can still be accessed from a private network).

Determine 2X SecureRemoteDesktop IP

You can connect to the 2X SecureRemoteDesktop locally from within your home network or remotely from the internet.

Local Access (in your home network)

If you need to access the 2X SecureRemoteDesktop from the home network you need to use the private machine IP. You can determine the private IP of your machine by following the steps below.

1. Launch the 2X SecureRemoteDesktop 2. Go to the Connection Tab.

3. Use IP that is assigned to the computer

Remote Access (out of your home network)

If you need to access the 2X SecureRemoteDesktop remotely you need to use the public machine IP address that has been assigned to your home router. You can determine the private IP of your machine by following the steps below.

1. Launch the 2X SecureRemoteDesktop 2. Go to the Connection Tab.

3. Use IP that is assigned to the computer

(20)

(21)

Determine 2X SecureRemoteDesktop Port

2X SecureRemoteDesktop uses port 50001 by default. If this port is in use the next available port is utilized. To determine the port being utilized by the 2X SecureRemoteDesktop, follow the steps below.

1. Launch the 2X SecureRemoteDesktop 2. Go to the Connection Tab

3. The port being utilized in defined in the Port field

(22)

Configure Dynamic DNS

2X SecureRemoteDesktop supports setup of dynamic DNS. Dynamic DNS can be used to assign a domain name to your machine, removing the need to remember the Public IP address. Additionally, 2X SecureRemoteDesktop keeps track of any changes to your IP address.

To configure Dynamic DNS, follow these steps below.

1. Launch the 2X SecureRemoteDesktop application 2. Select the Connection tab

3. Click on Configure DDNS 4. Select the DDNS provider

5. Enter a valid Username, Password and Domain 6. Press Update

Please ensure that the Status reports a successful message.

(23)

D EVICE M ANAGEMENT

2X SecureRemoteDesktop gives you total control on the devices that connect to the host machine.

You can define three different access mechanisms.

1. Allow All: All the devices have access to your host machine. This is the least secure option since any device will be allowed to connect to your machine.

2. Prompt: The UI will prompt you to give access to the device. Unless you allow access the device will not be able to access your machine.

3. Allow List: Only the devices present in the allow list will be allowed access to the host machine.

This is the recommended option to use after you have added your devices.

(24)

Modify the Access for a device

If you need to deny access to a device (e.g. the device was lost or stolen), you can simply follow these steps. Settings the Permission to deny will not allow the user to log on the machine even if the credentials are valid.

1. Launch 2X SecureRemoteDesktop 2. Select Device Tab

3. Select device 4. Press Edit

5. Change the Permission value.

Allow: To grant access to the device Deny: To block access to the device

Please note that this option is not available if Device Security Mode is set to Allow All.

(25)

Modify the Device Alias Name

1. Launch 2X SecureRemoteDesktop 2. Select Device Tab

3. Select device 4. Press Edit

5. Change the Alias name to any other friendly name.

(26)

S ECURITY AND S ETTINGS

2X SecureRemoteDesktop allows you to configure advanced security settings to better protect your machine. This section helps you to easily configure the system settings needed for remote access.

Enable Second Level Authentication

2X SecureRemoteDesktop provides Second Level Authentication to harden security on your machine. Before a device can be granted access, a One Time Password has to be entered by the device. Email is used to deliver this One Time Password. (OTP’s are valid for a maximum of 5 minutes)

To Enable Second Level Authentication, follow the steps below.

1. Launch 2X SecureRemoteDesktop 2. Select Security Tab

3. Click on Second Level Authentication

(27)

Enable Email Alerts

2X SecureRemoteDesktop can be set to send an email notification when one of the following events occurs.

 A new device is detected

 A device requires user intervention to be granted access

 A device is denied access

 A user logs successfully into the system

 A user fails to login into the system

 The user password has changed

 The IP of the machine is changed To Enable Email Alerts, follow the steps below.

3. Click on Enable Email Alerts

.

(28)

You also need to configure an email account which is used to send the emails. Click on Configure Email Account.

The UI provides the default settings for the main mail providers. Select your email provider.

1. Enter the email address that will receive the notification in the Receiver field.

2. Enter a valid User and Password for the email account.

Note: If the provider is not listed in the provider list select provider Custom and setup the connection settings according to your provider.

(29)

Disable Internet Access to Native RDP Service

Since the RDP protocol is known to be attacked by hackers, it is strongly advised not to allow connection to the RDP service directly from the internet. Use the option Checking “Disable Internet Access to Native RDP Service” to block this access.

Please note that connections from the internal network (within your home) can still be made.

(30)

URL / Mail Redirection

If you are accessing your remote desktop and an application tries to launch a web site or tries to create an email message you can redirect these requests to the device you are connected with. Use the “URL Redirection/Mail Redirection” option will allow you to do so.

Note that not all applications will allow this redirection to happen.

(31)

Network Level Authentication (NLA)

Not all 2X Clients support Network Level Authentication (NLA), and the following error will be displayed

(32)

In order to allow the client to connect to your machine you need to disable NLA. NLA verifies the user credentials before the actual RDP session is started. This is needed to protect the host machine from unnecessary resources wastage. 2X SecureRemoteDesktop does the same process prior to

initializing the RDP layer.

(33)

View the Action Log

You can check past activity on the system by opening the Activity Log. This is useful if you need information about who accessed or did try to access your system.

1. Launch 2X SecureRemoteDesktop 2. Select Security Tab

4. Click on the Action Log button

(34)

Change the 2X SecureRemoteDesktop Certificate

2X SecureRemoteDesktop installs a self-signed certificate which is used to encrypt the data sent and received with the client. Although the data is guaranteed to be secure, if you are connecting via the HTML5 gateway (i.e. using the browser), you will get a security warning that the certificate used is self-signed. You can opt to change this certificate by buying one from a trusted authority, then follow the steps below.

1. Launch the 2X SecureRemoteDesktop Application 2. Select the Security tab

3. Click on Change Certificate

Certificates currently supported by 2X SecureRemoteDesktop are in .cer format.

(35)

Modify User Access

2X SecureRemoteDesktop provides an easy UI interface to add or remove the user that have access to your machine.

To modify User access, follow the steps below.

Press the Add Button >> to add a user to the Allowed Users list. Users in the Allowed Users list are granted access to the machine.

Press the Remove Button << to remote users from the Allowed Users. Users not in the Allowed Users list are denied access to the machine.

(36)

Opening Access on a Home Router

2X SecureRemoteDesktop supports the UPnP protocol allowing easy configuration of the firewall rules on your home router. It is assumed that your device is connected to the router provided by your ISP. The router can be both wired and Wi-Fi.

To enable configuration of your home router, follow the steps below.

1. Launch the 2X SecureRemoteDesktop Application 2. Select the Security tab

3. Click on Open access on home router

Please ensure that your Windows machine has Network Discovery Enabled. Refer to the next sections to determine how to do this depending on the operating system you are using.

(37)

Windows 8 users

On the desktop, right click on the Network system icon in the taskbar notification area, click/tap on Open Network and Sharing Center, and go to step 4 below.

In the left pane of Network and Sharing Center, click/tap on the Change advanced sharing settings link.

Click the chevron to expand Private profile and click on Turn on network discovery, and then click save changes . If you're prompted for an administrator password or confirmation, type the

password or provide confirmation.

(38)

Windows 7 users

Open Advanced sharing settings by clicking the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.

Click the chevron to expand Private profile click and on Turn on network discovery, and then click Save changes . If you're prompted for an administrator password or confirmation, type the

password or provide confirmation.

(39)

Windows Vista Users

To enable Network Discovery in Windows Vista, start by going to the Windows Control Panel. Locate and click the icon for Network and Sharing Center.

In the Sharing and Discovery section, click on the arrow button to the right of the Network discovery option. Select the option for Turn on network discovery and click the Apply button.

(40)

Windows XP users

To make sure that the correct components and services are there so that you can enable Network Discovery, follow the steps below.

1. Click Start, click Run, type appwiz.cpl, and then click OK 2. Click Add/Remove Windows Components

3. In the Components window, click Networking Services, and then click Details

4. Click to select the Internet Gateway Device and UPnP User Interface check boxes in the Subcomponents of Networking Services window, if they are not selected.

5. Follow the instructions that appear on the screen to complete the installation. Or, if you did not make any changes, close the Add or Remove Programs windows and Control Panel.

6. Start the Services MMC snap-in. To do this, click Start, click Run, type services.msc, and then click OK.

7. Locate SSDP Discovery Service in the list of services.

8. If the status is not started, double-click SSDP Discovery Service to open the SSDP Discovery Service Properties dialog box.

9. In the Startup type box, click Automatic, and then click Start under Service status.

Then, close the SSDP Discovery Services Properties dialog box.

(41)

F REQUENTLY A SKED Q UESTIONS

1 Q: My IP address changes every time I connect to the internet. How can I have a constant set of connection settings?

A: You need to register with a Dynamic DNS provider and configure 2X

RemoteDesktopClient to make use of it. Please refer to chapter “Configure 2X SecureRemoteDesktop “for more information.

2 Q: I can successfully connect when I am at home but when I am somewhere else the connection always fails, why?

A: Please go to the connection troubleshooting section to help resolve the issue.

3 Q: Can I use 2X SecureRemoteDesktop to access a Linux machine or Mac?

A: No, 2X SecureRemoteDesktop is designed to be installed or a Windows Operating System.

4 Q: I have a 2X Client already installed which does not provide settings to configure a connection to 2X SecureRemoteDesktop, can I still use it?

A: Although it is highly recommended to install a 2X Client which allows configuration of connections to 2X SecureRemoteDesktop, you can still use previous versions of the client. You need to create a 2X Connection, configure it in Gateway SSL mode and set the port to 50001.

5 Q: I lost my mobile which had a connection to my home machine already configured, what should I do?

A: Ensure that you deny access to the system from that device. If you are using a Dynamic DNS provider consider changing the DNS entry name.

6 Q: Is Windows Home Editions supported?

A: No, the current version does not support the Windows Home Editions.

7 Q: The specified remote 2X Connection could not be found. Verify that you have typed the correct computer name or IP address, and then try to connect again.

A: Make sure that the proper IP address or DNS name is present in the Server Field and check that the application has valid connectivity. Refer to chapter

Connection Dashboard for more information.

8 Q: I get the error “Failed to connect to server. Please Disable Network Level Authentication”. What should I do?

A: Your client does not support NLA or has NLA disabled, please enable NLA from your client or disable NLA from the 2X SecureRemoteDesktop Console. The option is found in the “Security” tab.

9 Q: I get the error “The user and password are incorrect?” What should I do?

A: Make sure that a valid user and password have been entered in the 2X client and/or that the user has a password, User with no passwords are not allowed remote access.

10 Q: I get the error “License has expired. Please update license from the console application?” What should I do?

A: Purchase a new license to reactive the product.

11 Q: I get the error “Maximum number of devices reached?” What should I do?

A: If The maximum number of allowed devices have been reached. Remove

unused devices to grant access to the new devices

(42)

12 Q: I get the error “Sending OTP for user “myusername failed?” What should I do?

A: Check email settings and make sure that the email connection details are valid 13 Q: I get the error “Failed to Update Firewall Rules on router?” What should I do?

A: Make sure that UPnP is enabled on the Home router and that Network Discovery is enabled on your operating system.

14 Q: I get the error “Dynamic DNS is not Updating?” What should I do?

A: Make sure that the status of the DDNS is valid. Make sure you resolve any errors that are displayed in the status field.

15 Q: Can 2X SecureRemoteDesktop be deployed on multiple PCs on the same network?

A: Yes you can install 2X SecureRemoteDesktop on more than one machines on the same network, however you can enable uPnP to only on one machine. If you need more than one machine you should manually configure Port Forwarding to different machine giving public port for each machine.

T ROUBLESHOOTING AND S UPPORT

Introduction

The troubleshooting chapter explains how you should go about resolving issues you may have. The main sources of information available to users are:

 The manual – most issues can be solved by reading and referring to the manual.

 The 2X support site – accessible from the 2X website, it includes a knowledge base with the most frequently asked questions.

 Check for a solution from the online forum.

Knowledgebase

2X maintains a knowledgebase, which includes answers to most commonly asked problems. If you have a problem, please consult the knowledgebase first. The knowledgebase is continuously updated and contains the-most-up-to-date listings of support questions and patches.

The knowledgebase can be found at http://support.2x.com.

(43)

A BOUT 2X

Corporate Overview

2X Software is a global leader in virtual desktop and application delivery, remote access and corporate mobility. Thousands of enterprises worldwide trust in the reliability and scalability of 2X solutions. Cloud computing is shifting from a competitive advantage to an operational necessity. 2X offers a range of solutions to make the transition to cloud computing simple and affordable.

Global Presence

2X Software is a privately held company, with offices in the USA, Germany, UK, Australia, Japan and Malta. 2X holds a Microsoft Gold Competency certification, and partners with IBM, Novell, VMware and many others. Notable 2X customers include Fox News, Harvard University, H&B Foods, McKesson, Advance Auto Parts, Mazda and more.

Software Portfolio

2X Software’s product line includes the award winning 2X ApplicationServer XG providing platform independent virtual desktop, application delivery and integrated thin client management from a single software package; 2XOS for converting desktops PCs into thin clients and the 2X RDP / Remote Desktop Clients for remote access to Windows virtual desktops & applications available for Android, iOS, Chrome OS, BlackBerry and more. Additionally, 2X SecureRemoteDesktop allows you to securely access your home Windows desktop machine, while protecting your machine from unauthorized access.

2X is the first company to offer integrated thin client management for virtual desktop & application delivery with the 2X ClientManager module for 2X ApplicationServer XG and also the first to develop a Facebook Client App for secure access to Windows applications and desktops, transforming Facebook into a powerful business tool.

For more information visit http://www.2x.com

©2013 2X Software Ltd. All rights reserved. The information contained in this document represents the current view of 2X on the issues discussed as of the date of publication. Because 2X must respond to changing market conditions, it should not be interpreted to be a commitment on the part of 2X, and 2X cannot guarantee the accuracy of any information presented after the date of publication. 2X MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. 2X ApplicationServer for Windows Terminal Services, 2X VirtualDesktopServer, 2X LoadBalancer for Terminal Services/Citrix and 2X ThinClientServer and their product logos are either registered trademarks or trademarks of 2X Software Ltd. in the United States and/or other countries. All product or company names mentioned herein may be the trademarks of their respective owners.

2X SecureRemoteDesktop. Version 1.1