SSH Tectia ConnectSecure can be installed on a gateway host that mediates the connections for example between intranet applications and remote servers. There is no limit to the number of remote servers, and they can be distributed geographically.

SSH Tectia ConnectSecure can connect to any standard Secure Shell server, for example OpenSSH or VanDyke servers.

When SSH Tectia ConnectSecure is installed on the gateway host, no SSH Tectia software is necessarily required on the application hosts, if the intranet between them and the gateway is otherwise secured.

SSH Tectia ConnectSecure can be configured to secure all existing applications the administrators use to connect to the remote hosts, such as Telnet, Virtual Network Connection (VNC), FTP, Remote Desktop (RDP) and others. With the transparent TCP tunneling feature this can be made simply with a single filter rule set in the Connection Broker configuration. In the rule we just define that SSH Tectia ConnectSecure uses the user name and the destination host name directly from the connection-originating application. This saves the effort of defining a separate connection profile for each destination host.

Once the transparent TCP tunneling setup is active, the administrators can keep using the existing tools without any modifications, and all connections from the gateway to the remote servers will be securely tunneled.

Figure 5.4. Securing gateway traffic with SSH Tectia ConnectSecure