Advanced gateway solutions for modern network security: beyond firewalls and jump servers
Businesses apply network segregation between their production (e.g., manufacturing) and general-purpose networks (e.g., administrative). Typically, firewalls are used to make a bridge between those two.
However, that is not desirable from complexity and/or security perspective. For example, when not all networks are routed to each other, when very granular access to networks is required, or when you want to avoid viruses and hackers easily moving from one network into the other, you need a different solution.
This is where Parallels Secure Workspace rises to the challenge and eliminates the need for a Jump Server setup.
Go beyond firewall capabilities
Not all networks are routed to each other, which means that you need a point to switch from one network to the other (typically via Network Address Translation (NAT)). The advantage of Parallels Secure Workspace is that you only need to make a single NAT entry in the network.
Firewall rules can become very complex if you want granular access between the networks. If only a few users can access a few machines in the other network, for example, you’d need to create firewall rules on a per-user basis. That also means that if the source IP address of the user changes, you’ll need to reconfigure those rules. With Parallels Secure Workspace your firewall rules will become a lot less complex, and you can (dis)allow connection on the user-authentication level.
Of course, viruses, hackers or other security threats that migrate from one network to another must be avoided at all costs. Parallels Secure Workspace performs a complete protocol switch (from HTTP to RDP), which means that a single (zero-day) exploit is not sufficient to go from one network to the other: you would need at least two vulnerabilities that can be used together. Solutions like Citrix or RDP perform an end-to-end connection between the guest device and the destination device — Parallels Secure Workspace doesn’t.
How does Parallels Secure Workspace fit in your setup?
It provides controlled and audited access for users on the general-purpose network into the production network without the need to install anything on the end-user device (as it runs 100% HTML5-based in the browser) with additional multi-factor authentication (MFA). Parallels Secure Workspace will enforce a protocol switch from RDP to HTML5, making single (zero-day) exploits across all networks impossible.
Why Parallels Secure Workspace?
Lightweight virtual appliance that can be installed in any network.
All usage is audited and can be recorded.
No need for jump servers and their associated costs.
Set restrictions for copy-pasting, printing, session sharing, etc.
Protocol switch is enforced as Parallels Secure Workspace translates RDP into HTML5 and avoids using an E2E direct connection.
Simplify firewall rules as Parallels Secure Workspace can granularly manage connections based on user authentication.
Nothing to install on endpoint devices or on the general-purpose network(s).
Zero trust context awareness, including built-in MFA.
How does Parallels Secure Workspace work?
It is a secure virtual appliance that can be deployed in your infrastructure of choice. It connects via standard protocols such as RDP, CIFS and LDAP into backend applications, desktops and file servers and renders these services into HTML5 via its proprietary RDP gateway.
As such, users can securely access services that reside in other networks via their browser. Unlike a VPN or traditional VDI, nothing needs to be installed on the end-user device, making the roll-out smooth and free of complexities.