How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM Software version: 1.0 Document version: 1.0 Issue: March 2014 HOB GmbH & Co. KG Schwadermühlstraße 3 90556 Cadolzburg Germany Phone: +49 9103 715 0 Fax: +49 9103 715 3271 E-mail: [email protected]Web: www.hob.de HOB, Inc. Headquarters NY 245 Saw Mill River Road Suite # 106 Hawthorne, NY 10532, USA Phone: +1 866 914 9970 Fax: +49 9103 715 3299 E-mail: [email protected]Web: www.hobsoft.com
34
Embed
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM - · PDF fileHOBLink JWT is an advanced RDP Client for F5 BIG-IP Access Policy Manager (APM) deployments. This solution provides all BIG-IP
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Purpose of this GuideThis guide is designed to provide users with detailed information concerning HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM and to help them make the best possible use of the application.
The procedures for configuring the individual software components are documented in detail with step-by-step instructions.
Symbols and ConventionsThis manual uses certain conventions and abbreviations, which are explained here:
Keys or key combinations are displayed in square brackets, e.g. [Space].
References to program commands and dialog boxes are printed in bold type, e.g. Select the command Open….
Cross-references to Section headings and Figures with numbers are marked in color as follows: Section 1 Overview.
Screen displays, file names and text to be entered by the user are displayed in the font Courier New. This input is – unless otherwise mentioned - case sensitive.
In this documentation, product names are abbreviated as follows:
This symbol indicates useful tips that can make your work easier.
This symbol indicates additional informative text.
This symbol indicates an important tip or procedure that may have far-reaching effects. Please consider carefully the consequences of any changes and settings you make here.
Product name Abbreviation
HOBLink Java Windows Terminal HOBLink JWT 3.3 Plug-in
Connectivity Solutions by HOB 3
4 Connectivity Solutions by HOB
Contents
1. Overview 7
1.1. What is HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM?................................. 7
1.3. Advantages at a Glance ................................................................................ 8
1.4. Functions and Way of Operation ................................................................... 8
2. How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM 9
2.1. Configuring HOBLink JWT Single Sign-on Feature ....................................... 9
2.2. Installing and Configuring HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM.... 13
3. Information and Support 33
Security Solutions by HOB 1
2 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM Overview
1. Overview1.1. What is HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM?
HOBLink JWT is an advanced RDP Client for F5 BIG-IP Access Policy Manager
(APM) deployments. This solution provides all BIG-IP APM users a Remote
Desktop Client which enables communication with Microsoft Windows Remote
Desktop Services. HOB’s RDP is platform-independent and requires no client-side
installation, reducing IT admin efforts and TCO. This is a purely software-based
solution allowing you to leverage your existing physical/virtual IT infrastructure
without sacrificing security. No confidential/sensitive data remains on the remote
device.
Figure 1: HOBLink JWT RDP Client Hosted on an F5 BIG-IP
Figure 2: HOBLink JWT RDP Client Hosted on a Web Server
1.2. JWT Exclusive Features
Easyprint built-in technology is used to handle all your local printers (PCL, IP printer, Port Mapping printers, etc.)
Many installation options: On your local computer, Webserver, and BIG-IP APM deployment
Runs on every Java-capable web browser
Scanner devices, Smartcard authentication and application delivery are also supported when used in combination with HOB RD ES
Multi-monitor support
Security Solutions by HOB 7
Overview HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM
Resolution customization (full screen)
Local drive mapping
Small applet (fastest access)
1.3. Advantages at a Glance
HOBLink JWT iApp available for F5 BIG-IP APM
No installation and administration rights needed on client side – easily and quick-ly deployable
Tailor-made solution according to your needs, independent of operating systems used
Access to desktops is also possible
Perfect use of existing infrastructure for long-term protection of your investments
Scalable solution – adaptation to new circumstances made easy
Realizing trends like mobile workplaces is made simple
1.4. Functions and Way of Operation
HOBLink JWT is an HOB-owned RDP client for accessing remote desktop servers, VDI and desktop systems. It does not matter if you are using Windows-, UNIX-, Linux- or Mac OS applications. Due to the integrated load balancing mechanism all server inquiries are optimally distributed to the available hardware; allowing for perfectly distributed resources. By using this, users can easily and securely access central company resources from any client. The advantage: HOBLink JWT is completely platform-independent on the client side. You can flexibly decide which device is used. The users become more independent and can create an individual working environment according to their needs; significantly enhancing performance. Furthermore, HOBLink JWT requires no installation or administration rights on the client side. This saves time and reduces administration effort. So, even BYOD (Bring Your Own Device) becomes child´s play.
8 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
2. How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM
2.1. Configuring HOBLink JWT Single Sign-on Feature
Figure 3: F5 BIG-IP APM Admin WebGUI
On the F5 BIG-IP APM WebGUI select the Main tab (Figure 3). Click the following sequence of options: Access Policy > Application Access > Remote Desktops > Remote Desktops. Then click the Create symbol (Figure 4).
If you would like to enable the Single Sign-on feature for the HOBLink JWT plugin, carefully read the Section 2.1. Configuring HOBLink JWT Single Sign-on Feature on page 9 before installing and configuring the HOBLink JWT for F5 APM. Otherwise, go to Section 2.2. Installing and Configuring HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM on page 13.
Security Solutions by HOB 9
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 4: Access Policy Detail
Please use the parameters described in the picture below. The ACL Order parameter does not affect the final configuration. Enter the parameters at your convenience depending on your needs. The Auto Logon check box in the Auto Logon section must be activated and available on the F5 BIG-IP APM portal to work properly.
Figure 5: General Properties Parameters to Configure Single Sign-on Detail
10 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Once you have entered the parameters go to Access Policy > Policy Profiles > Access Profiles List. Select the policy you would like to update from the list.
Figure 6: Access Profiles List Detail
In the next screen click Access Policy as shown in the figure below.
Figure 7: Access Policy Button Detail
Click on Edit Access Policy for Profile ... next to the Visual Policy Editor field as displayed in the figure below.
Figure 8: Edit Access Policy for Profile Detail
A new browser window will then appear. Select the Full Resource Assign box from the diagram as shown in the figure below.
Figure 9: Access Policy Diagram
Security Solutions by HOB 11
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
From the new window which is displayed select Add/Delete.
Figure 10: Properties of Full Resources Assign
Select the Remote Desktop tab and check the remote desktop resource you have just created.
Figure 11: Remote Desktop
Click the Update button at the bottom of the window in Figure 11.
12 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Click the Save button at the bottom of the window in Figure 10.
You are now back in the browser window you opened previously. Click Apply Access Policy in the upper-left corner of the page (Figure 12).Then click the green Close button in the upper-right corner of the same browser window.
Figure 12: Apply Access Policy Button
The HOBLink JWT Single Sign-on feature has now been configured on F5. A new resource will be displayed in the portal.
Figure 13: F5 Portal
2.2. Installing and Configuring HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM
Download HOBLink JWT plugin for F5 BIG-IP APM.zip file from HOB’s FTP Server. In order to get access to HOB’s FTP Server, please contact your sales representative. This file contains three files.
F5-JWT_Plugin.zip which is the plugin itself.
F5-JWT_Plugin.tmpl, the iApp used to configure the plugin from the F5 BIG-IP APM admin WebGUI.
This guide.
Security Solutions by HOB 13
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Begin by logging into the F5 BIG-IP Admin WebGUI.
Figure 14: F5 BIG-IP APM Log In
You have now been directed to the F5 BIG-IP Admin WebGUI.
Figure 15: F5 BIG-IP APM Admin WebGUI
On the left side of the screen select Access Policy and click Hosted Content (Fig-ure 4). A new section is displayed.
On the upper-right side of the GUI click Upload.
A new dialog box Create New File is displayed. Click the Browse button and then select F5-JWT_Plugin.zip. Uploading starts automatically (see Figure 16).
14 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 16: Create New File Uploading
Once uploaded, type f5jwtplugin in the File Destination Folder field (see Figure 17). Then choose Upload and extract from the File Action menu.
Figure 17: Create New File
For demo purposes, under Secure Level, select public, otherwise select Session or Profile depending on your security needs. Then click OK
The upload and unzip process starts.
Once done, the uploaded files will be displayed in the F5 BIG-IP APM WebGUI.
Security Solutions by HOB 15
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 18: F5 BIG-IP APM WebGUI Hosted Contact
Now it is time to upload the HOBLink JWT iApp template (F5-JWT_Plugin.tmpl) to F5 BIG-IP APM. The HOBLink JWT iApp sets up and configures the HOBLink JWT plugin. Multiple HOBLink JWT options and features can be configured (printers, display, drive mapping, etc).
In the Main tab click iApp and select Templates (see Figure 19 below). On the upper-right side click the Import… button.
Figure 19: Import File
Select the F5-JWT_Plugin.tmpl and click the Upload button (see Figure 19 above).
The F5-JWT_Plugin.tmpl is now displayed on the iApp Template List as shown in the figure below.
16 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 20: Template List
The HOBLink JWT 3.3 Plug-in can now be configured. From iApp, select Application Services and click the Create button. Choose a name for the new service (e.g. example) as shown below and select F5-JWT_Plugin from the Template list.
Figure 21: Template Selection
The HOBLink JWT 3.3 Plug-in iApp configuration form is displayed as below. Now set up the different JWT parameters to fit your requirements.
Security Solutions by HOB 17
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 22: Template Selection Basic
If you have previously configured the HOBLink JWT Single Sing-on feature, go to Logon settings (see Figure 23 below) and set Use HOB Single Sign-On parameter to YES as well as setting the Logon automatically field to YES. Then, type the name of the remote desktop resource you created (e.g my_test) following the steps in Section 2.1. Configuring HOBLink JWT Single Sign-on Feature on page 9. Otherwise, jump to the next step.
18 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Once done, click the Finished button at the end of the page. A new application service has now been deployed (e.g. example).
Figure 24: Application Service
The HOBLink JWT 3.3 Plug-in now needs to be made available on the F5 BIG-IP APM Webtop.
It is assumed that Webtop, Virtual Servers and Policy Profiles were configured previously. For further information, please refer to the Configuration Guide for BIG-IP Access Policy Manager.
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
On the left side of the screen, click Access Policy. A new section is displayed. Click Portal Access. On the upper right side of the screen click Create….
Figure 25: Create Button
A New Resource… form is now displayed as shown in the figure below.
Figure 26: Portal Access
The HOBLink JWT 3.3 Plug-in iApp produces an html configuration page (e.g. example.html, as displayed in the figure below) which is automatically hosted on the F5 BIG-IP APM Sandbox in the /f5jwtplugin directory. Important: make sure the directory matches!
20 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 27: Static File List
In the Item Type parameter Hosted Content must be selected.The html page previously generated (in our case, example.html) by the iApp should be selected in the Hosted Files parameter as displayed below. Click Create to finish.
Files created by the iApp must be deleted manually.
Security Solutions by HOB 21
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 28: Plugin Sandbox
A Resource Items section appears automatically as displayed below. Click the Add button to create a new Item.
Figure 29: Resource Items
Point to the HOBLink JWT applet (jwtwebJ2.jar) hosted in the F5 BIG-IP APM sandbox, as described in the picture below.
22 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 30: New Resource Item Detail
The rest of the parameters should be selected as in the picture below. When you are done click Finished.
Figure 31: New Resource Item Complete Detail
Now the Portal Resource configuration looks like this…
Security Solutions by HOB 23
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 32: Plug-in Sandbox End
Create a rewrite profile to sign the JWT applet as described below.
On the F5 BIG-IP APM menu, select Portal Access then Rewrite.
F5 BIG-IP APM rewrites the HOBLink JWT network API and signs it before it is delivered to the remote client (desktop computer or laptop) so a Portal Access Rewrite Profile must be configured.
24 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 33: Access Policy Rewrite
Now click on Create New Profile to create a new Portal Rewrite Profile (e.g. rewrite-portal). Set General Information section as in the figure below.
Figure 34: Create New Profile Rewrite
Set Portal (Access) section as in the figure below.
Security Solutions by HOB 25
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 35: Create New Profile Rewrite Portal Access
Continue editing the rewrite profile by clicking on Java Patcher Settings to assign the certificates to this profile which will be used to sign the HOBLink JWT applet. A trusted certificate issued by a trusted certificate authority (Verisign, Thawte, etc) must be selected. Signer and Signing Key fields may be self generated.
Under URI Translation, leave Settings as displayed in the figure below.
26 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 37: Create New Profile Rewrite Settings
Now, we must assign this rewrite profile to the virtual server in charge of serving the Portal. Go to Local Traffic > Virtual Servers > Virtual Server List.
Figure 38: Local Traffic
Select a virtual server and go to the Content Rewrite section. Select the rewriting profile you have just created. Leave HTML Profile as None.
Security Solutions by HOB 27
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
From the profile list, choose the one you have previously configured.
Click on Access Policy.
28 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 41: Access Policy Button Detail
Under General Properties section click on Edit Access Policy for Profile as shown above.
The Access Policy editor is displayed in a new window.
Figure 42: Access Policy Diagram
Click Full Resource Assign. A new window overlaps the previous one. Click Add/Delete.
Security Solutions by HOB 29
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 43: Properties of Full Resource Assign
Click Portal Access. The portal objects previously configured are displayed. Check the JWT portal object and then click on Update.
Figure 44: Portal Access Update
The window will then close. Click Save (see Figure 43) to commit changes.
Now, click Apply Access Policy to bring HOBLink JWT 3.3 to life.
30 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM How to Install and Configure HOBLink JWT
Figure 45: Apply Access Policy Button
Figure 46: TMSH
Open a web browser and direct it to the F5 Portal.
Figure 47: F5 BIG-IP APM Log In
Log into the portal. Now the HOBLink JWT link is there. If HOBLink JWT 3.3 Plug-in Single Sign-on feature has been enabled, an additional link (e.g my_test) is also displayed.
Deleting the F5 cache:
F5 caches all previously downloaded HOBLink JWT applets. That means an old version of the HOBLink JWT applet could be downloaded if no Cache deletion is performed. Log into F5 command line as root user. Jump to the tmsh shell and run the command below.This will completely remove all outdated JWT applets hosted on the cache.
Security Solutions by HOB 31
How to Install and Configure HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM HOBLink JWT
Figure 48: F5 Portal HOBLink JWT
Click the JWT_plugin_sandbox link and the application will be automatically launched on your desktop computer or laptop from the F5 BIG-IP APM Sandbox. Now you are ready to reach your corporate remote desktops through an F5 BIG-IP APM appliance.
Figure 49: RDP Window
32 Security Solutions by HOB
HOBLink JWT 3.3 Plug-in for F5 BIG-IP APM Information and Support
3. Information and SupportIf you would like further information about HOBLink JWT Plugin for F5 BIG-IP APM or if you need product support, please contact us at: