Nexus Group

neXus Hybrid Access Gateway 5.2 - Access, security, availability, integration

Blog post   •   Feb 17, 2014 15:39 GMT

I'm proud to announce the availability of neXus Hybrid Access Gateway 5.2.

As a Virtual Appliance neXus Hybrid Access Gateway offers a unique, solution to provide flexible and secure remote-access to web applications and remote desktops. Securing you on-premise applications as well as your cloud applications. In today’s interconnected world, it is more important than ever for businesses to provide flexible and secure remote access to applications. Users demand flexible working solutions, such as working from home on their favorite device, while at the same time the security of the data cannot be compromised.

There are a lot of new features in 5.2, and we have worked hard since the fall and now it's finally time to release it. 5.2 provides access to new applications. New features address security in several ways. APIs are introduced for integration. Deployment and functionality for upgrading are further refined among others.

Accessing Exchange using Outlook is a very common request among our customers. With that in mind we have looked at the possibility to enable access to Exchange through neXus Hybrid Access Gateway. You can now synchronise your Outlook client as well as Apple Mail with Exchange using Hybrid Access Gateway. To enable this we provide access to Exchange using the http based Exchange services “RPC over https” and “Exchange Web Services”. Of course the access can be protected with strong authentication and you don’t need to install or maintain any client software other then the email client. Hybrid Access Gateway will terminate the connections from the email clients on the DMZ and Exchange remain safe on the Application Network, inner DMZ or similar.

Lots of you customers use API:s to integrate their applications. To support you we are introducing Web Services API:s in neXus Hybrid Access Gateway XPI:WS. So now you can integrate your in-house, third party applications identity management systems and so on. Any application can be integrated as long as it can make web services calls using HTTPS. You can integrate our authentication methods in your applications using the authentication service. If you like to implement role based access in your application integrate with the authorisation service. Terminate the user session from your application using the session management service. We have also implemented web services for you identity management system to mange OATH tokens and user accounts.

Distributed Mode is a concept developed to enable a really secure network architecture and to be able to meet high requirements on SLA. You simply deploy several instances of the neXus Hybrid Access Gateway Virtual Appliance. They will work in corporation and you select to enable only certain services on each of them. Why? There are at least two reasons. We call them “split architecture mode” and “high availability mode”. You don’t want to run more services than necessary on the DMZ. Use separate network interfaces for internal and external communication. Don’t make decisions on the DMZ, only enforce them there. Also you don’t want to enable communications from the DMZ directly to you domain controller, databases and so on. Use “this split architecture mode” to solve this. To support high load and ensure availability when maintaining your system you enable several of each critical service. This is “high availability mode”.

There are a lot talk about encryption those days. Maybe we can thank Edward Snowden for that. 5.2 support TLS 1.2 among others, to secure the communication with the end users. TLS 1.2 mitigates BEAST, brings SHA2 and ECDHE. ECDHE brings perfect forward secrecy. To read more about this I can recommend a visit at With the last update to Firefox 27 the other day, the latest versions of all major browsers now support TLS 1.2 You can now seriously consider to abandon TLS 1.0. In 5.2 you can also turn of ssl renegotiation to mitigate renegotiation DoS attacks. Or simply use our built-in renegotiation DoS protection. The protection will detect an attack and disable any ssl client connection performing an attack.

If you a running PortWise Access Manager and consider to migrate to neXus Hybrid Access Gateway, it is now easier to switch over. 5.2 can migrate user accounts from PortWise Access Manager. You simply connect to the user repository and migrates the user accounts. When changing directory service for your Hybrid Access Gateway user accounts 5.2 now can move the users to the new location.

Deploying and upgrading neXus Hybrid Access Gateway is now even easier than before. Just download one single file in OVA, Open Virtualisation Appliance, format and deploy from the template.

Last of all the appliance platform is of course updated as well. Also the Java services in neXus Hybrid Access Gateway now runs on Java 7.

We are proud to announced that neXus Hybrid Access Gateway 5.2 is released and available for download today. If you are upgrading just log on to the Administrators Web GUI, click Upgrade and select to Download 5.2.