Businesses apply network segregation between their production (e.g. manufacturing) and general-purpose networks (e.g. administrative). Typically, firewalls are used to make a bridge between those two. However, that is not desirable from complexity and/or security perspective – for example, when not all networks are routed to each other, when very granular access to networks is required or when you want to avoid viruses and hackers easily moving from one network into the other.
This is where Awingu provides the ideal solution without the need for a Jump Server setup.
Not all networks are routed to each other, which implies that you need a point to switch from one network to the other (typically via Network Address Translation (NAT)) . The advantage of Awingu is that you only need to make a single NAT entry in the network, being your Awingu appliance.
Firewall rules can become very complex if you want to have a granular access between the networks. If only a few users can access a few machines in the other network, for example, you’d need to create firewall rules on a per-user basis. That also implies that if the source IP address of the user changes, you’ll need to reconfigure those rules. With Awingu, your firewall rules will become a lot less complex: via the Awingu appliance, you can (dis)allow connection on the level of user-authentication.
Viruses, hackers or other security threats that migrate from one network to another should be avoided at all costs. Awingu performs a complete protocol switch (from HTTP to RDP), which means that a single (zero-day) exploit is not sufficient to go from one network to the other: you would need at least 2 vulnerabilities that can be used together. Solutions like Citrix or RDP perform an end-to-end connection between the guest device and the destination device, Awingu doesn’t.
Some organizations use Jump Servers as an alternative solution to these issues, allowing access to the second environment only if you pass through that server. In an Awingu-context, you won’t need Jump Servers, saving costs and allowing for more granular usage access controls.
Awingu provides controlled and audited access for users on the general-purpose network into the production network without the need to install anything on the end-user device (as Awingu runs 100% HTML5-based via the browser) with additional MFA. Awingu will enforce a protocol switch from RDP to HTML5, making single (zero-day) exploits across all networks impossible.
Lightweight virtual appliance that can be installed in the any network
Protocol switch is enforced as Awingu translates RDP into HTML5 and avoids using an E2E direct connection; (making singled (zero-day) exploits impossible cross-network)
Simplify firewall rules as Awingu can granularly manage connections based on user authentication.
Set restrictions for copy-pasting, printing, session sharing, etc.
All usage is audited and can be recorded.
No need for jump servers and its associated cost.
Nothing to install on endpoint devices or in general purpose network.
Zero trust context-awareness, incl. built-in MFA.
Awingu is a secure virtual appliance that can be deployed in your infrastructure of choice. It connects via standard protocols such as RDP, CIFS and LDAP into backend applications, desktops and file servers and renders these services into HTML5 via its proprietary RDP gateway. As such, users can securely access services that reside in other networks via their browser. Unlike a VPN or traditional VDI, nothing needs to be installed on the end-user device, making the roll-out smooth and complex less.
Secure by design with many capabilities built-in (SSL, MFA, Auditing,..)
Easy and fast to deploy
Runs with what you have in place today in terms of apps, cloud or endpoint. No drastic changes needed.
Do you have any more questions about Awingu? Reach out to our Awingurus!