HTML Publishing

When providing access to host applications to remote employees or business partners, consideration must be given to the security policies and infrastructure on their networks. For example, policies may enforce that only certain applications may initiate outgoing traffic or firewalls may be configured to allow outgoing traffic only on defined ports. The HTTPS tunneling architecture (see figure 2) takes advantage of the SSL capabilities of client browsers and the web server to achieve secure transport with no changes to existing client-side or corporate network structures or policies.

If HTTP(s) tunneling is selected for the session, the OutsideViewWEB or AppView applet will forward data targeted for the host to its local browser. The browser will encrypt this data through SSL and encapsulate the encrypted data as an HTTP packet (HTTPS). This data packet can easily traverse any intervening web proxies and firewalls since it is a known protocol using a known port (443). Once the packet arrives at the web server, it is decrypted and forwarded to a tunneling servlet. This tunneling servlet is included with AppView and can be executed within most servlet runners (e.g., New Atlanta or Tomcat). The tunneling servlet then sends data to the host application via a standard telnet terminal session.

 

 

Figure 3: HTML Publishing network architecture

The security policies on many private networks may not allow the download of Java applets. AppViewXS resolves this issue by requiring only a compatible browser at the client workstation. If the user’s workstation can establish a HTTPS connection to the web server hosting AppViewXS, a secure session to the host application can be achieved.
AppViewXS has been tested under many standard application servers such as Jakarta’s Tomcat and IBM’s WebSphere.