Converting Remote Access Portal Win32 to U3 Standards
Business Challenge
Remote Access Portal Win32 U3 allows users to connect to computers within remote LAN via RDP (Remote Desktop Protocol) and run applications according to user permissions level. With this application users can connect to remote personal work environment from any place in the world using any laptop. The only requirement is Internet connection.
Comprehensive security options and connections being established via dedicated gateway helps controlling access to company VDI in LAN from Internet preventing unauthorized access to computers within LAN and applications installed on them.
VDI Solution
The client already had working remote access application, but it had one very significant disadvantage: it was developed with Visual Basic 6.0 and had very many dependencies on ActiveX components and third-party COM libraries, preventing the application from being easily distributed.
The main idea of the project was to rewrite the application in C++ according to U3 standards to eliminate all third-party component dependencies and remove a need to install it. The resulting application had to be self-sufficient and ready to be run from USB flash drives under permission-restricted user accounts. Also the application should not leave any traces of its usage (i.e. no new component registrations, no data in registry, etc.)
During rewriting the application registry storage was reworked to use hidden files in the application folder, UI was completely rewritten in C++, all third-party ActiveX components and COM libraries used by the application were either replaced with standard Windows components or rewritten. For instance, third-party library used for user sensitive data encryption was replaced with Windows crypto API.
A great deal of attention was paid to client-server network communication security. All communication was organized over secure SSL protocol and authentication broker services were used to redirect incoming connections to remote VDI LAN. All user sensitive data was stored in strongly encrypted form.
The application utilizes SSO (Single Sign-On) mechanism for authentication. It passes authentication procedure only once to gain further access to remote servers and services according to account security policy.
In addition to functionality previously existing in Visual Basic 6.0 version of Remote Access Portal, the new C++ based version supports launching remote applications hosted by Citrix servers. To support this function the application uses native Citrix client library (supplied with XenApp), but does not require XenApp to be installed on the client computers.
VDI Architecture
The entire solution consists of the following modules:
Client module is a desktop application with convenient GUI providing user means to work with remote applications and computers.
SSL client library located on client computer providing SSL connectivity to remote computers with optional wrapping of RDP traffic to HTTP(S).
Proxy server used for user authentication and redirection to LAN.
Web based server application storing user account information and security settings associated with accounts such as lists of available remote computers and applications.
Tools and Technologies
- MS Windows 2k, XP, 2003, Vista;
- Visual studio 2005;
- visual C++;
- MFC;
- STL;
- ATL;
- COM technology;
- SSL;
- Windows shell API;
- RDP, using mstscax.dll;
- SSO (Single Sign-On);
- Windows crypto API;
- Citrix PNA.
Benefits
The implemented application duplicates the initial application functionality and matches U3 technology requirements: it does not require installation; can be run from USB flash drives and does not leave any traces of its usage.