As of version 2015 R2, SwyxWare will use an authentication service for connections to the new clients. This services establishes connections via RemoteConnector in a simple yet secure way. The required client configuration will be reduced by one step: Within the client settings, users simply enter the public end point (as FQDN or IP Address) of the company network, to which the authentication service is connected.

When a connection is established, the client sends a request to the public endpoint and authenticates itself via HTTPS by using its SwyxWare user name and password. The required configuration data for the TLS tunnel (e.g. the client certificate and server address of the RemoteConnector) is transferred to the client computer (and/or smartphone), saved for further connections and subsequently updated as required.

In order to configure SwyxServer for the connection to new clients, the FQDN or the public IP address and port connected to SwyxRemoteConnector, as well as the authentication service from the Internet must be entered into the configuration wizard. In a standby scenario, the same configuraion has to be made for the standby system.

 

In addition to the port forwarding to the RemoteConnector, which is described in section Port forwarding via router, the port forwarding to the authentication service must also be configured on the company router.

The following table illustrates an example configuration:

The connection to the authentication service is secured by the HTTPS protocol. In case of a new installation or a system update to 2015R2, SwyxWare produces a self-signed SSL certificate, which corresponds to the Windows server name. With this certificate, the server can identitfy itself for the client.

In order to increase the connection security, the SSL certificate can be replaced by a certificate of a certification authority: