G/On

A Non-Intrusive Approach to Zero Trust Adoption

Instant, Zero Trust access to your network, applications and data


G/On is a scalable, Zero Trust based solution that connects all your users to internal and on-premise resources — regardless of device or location. Decrease your attack surface, enhance security and reduce complexity. Stop managing devices and empower IT to focus on innovation, not threat mitigation. It’s simplicity without compromise.

 

 

It’s G/On - only even more flexible

Authenticate user access to remote applications on a zero trust basis, with all the flexibility your customers’ needs.

Providing Secure Outbound Facing Connections


Ideally, resources are remotely available - but only to those users you know and trust, whether that's internal employees, third party suppliers or external contractors. The only way forward is:

Group 1066

Always hide


Ensure services, applications, networks, and devices are always hidden from the Internet

Group 1023

Continuous verification


Continuous verification without the need for re-authentication

Group 816

Enable users


Resources become available on a never trust always verify approach

Screenshot 2021-10-19 at 16.22.46

Your guide to easy, fast and non-intrusive Zero Trust security

Like many companies, you’re likely already exploring how you can transition to Zero Trust security to decrease your attack surface, enhance security and reduce complexity.

We recently put together a new guide How G/On provides a giant leap into the Zero Trust era.

It covers the reasons companies are turning to Zero Trust, why the time for action is now and shares our Zero Trust success roadmap.

Download your copy now. 

G/On: designed on three pillars


Group 1004

Software Defined Perimeter


  • Network resources are made inaccessible by default
  • Makes the application infrastructure invisible from the internet
  • Immediate reduction of attack surface
  • Mitigates breach risks and prevents threats
Group 808

Identity Centric


  • No device authentication
  • Authentication before access
  • Embedded mutual multi-factor authentication 
  • The principle of least privilege
  • All data is encrypted and protected. End-to-end encryption provides the gold-standard for protecting communication
Group 816

Non-Intrusive


  • No need to change the existing IT infrastructure (site-to-site VPN and networks)
  • No installation and no configuration required, no elevated rights to run
  • Supports BYOD policy
  • No endpoint checking required - policies built-in solution
  • Scalable, promotes data protection and prevents access to personal data

How G/On enables business

Mobile-ready solution: it takes one physical token

No dependency for access management processes

Streamlines the user application login experience

Permission control at the individual application level

Mobile use policies (user and enterprise responsibilities) are redundant

The client can automatically find its way to the company network

No client installation, no intrusion on private devices and leaves no traces

Instant respond to an increase in client & staff demand

As more privacy and data sovereignty laws are introduced, G/On immediately meet those needs

Screenshot 2021-10-19 at 16.12.02

Enable a non-intrusive approach to Zero Trust at your organisation


 Start your G/On journey today.
Group 1018

Central management console

G/On provides full control over settings, users and usage. IT admins can control application access, prevent copy/paste/downloads and allow file downloads in a dedicated secure environment.

Group 807

Strong mutual two-factor authentication

Remove the risk of man-in-the-middle attacks with mutual strong two-factor authentication – the client authenticates the server, and the server authenticates the client.

Group 808

Access based on permission rules

Users have application access based on permission rules or Active Directory group membership. No need to remember URLs or other information to access applications.

Specifications G/On


1. G/On General specifications

G/On Gateway Server

Platform

Windows
Operating systems version Windows Server 2022, Windows Server 2019 or Windows Server 2016*
Number of users Up to 2.000 per gateway, depending on application load
Supported authentication server Active Directory, LDAP and local accounts

* Even though G/On Server will install and run on Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2 these platforms are not anymore supported from G-On version 7.0 or above

 

G/On Database (optional)

Platform Microsoft SQL Server
Operating systems version • Microsoft SQL Server 2012, 2014, 2016, 2017 and 2019,
• Microsoft SQL Server Express 2012, 2014, 2016, 2017 and 2019
*G/On comes with a built-in SQL-lite database. It is possible to integrate G/On with an external SQL-database. This is mandatory for multiple G/On Gateway server installations

 

 

 

 

 

G/On Client

Platform Windows, macOS and Linux
Operating systems version
  • Windows 11 64-bit only
  • Windows 10 64-bit only*
  • macOS 10.15 Catalina, macOS 11 Big Sur or macOS 12 Monterey, both Intel and Apple silicon

* G/On client also works on Windows 7 and Windows 8.1, however, these platforms are not supported anymore

 

G/On Token

Platform Windows, macOS and Linux
Token types
  • G/On MicroSmart token: USB Token with Smartcard for strong two-factor mutual authentication
  • G/On Desktop token (ComputerUser token): stored in the user profile in Windows or macOS
  • Soft token: stored on any USB-key of 2 GB and larger
External authentication factors

External authentication with authenticator app*
Google Authenticator (OTP authentication)
DUO Authenticator (OTP, SMS and push authentication)

* G/On can be integrated with any other external authentication system using the RADIUS-protocol and if necessary by changing the plug-in based authentication architecture

2. G/On OS

Add G/On OS to G/On for a full lock-down of the client, resulting in additional security while maintaining mobility and client independence.

G/On OS, based on Fedora Linux, is booted directly from the G/On USB Token into the computer's memory*. The operating system is hardened and only allows information to flow to and from the G/On Gateway Servers - all other traffic is blocked. Also, there are no drivers to access the computer's hard drive, so no data is ever left behind. G/On OS comes with full features for application clients for Citrix, RDP, VNC, Browsers and much more.

* G/On OS is lean and mean, making it fast, stable and safe. This choice results in hardware support limited to the most common types of laptops (chipsets, network cards and modems). G/On OS runs on most Intel-based hardware but not on Apple Silicon. It is recommended to test hardware compatibility before deploying G/On OS. Support for specific hardware can be added upon request. Contact G/On Support for more information about the possibilities.

3. G/On Components

G/On Management

Is the central web-based management console that controls one or more G/On Gateways and the behaviour of the clients.

  • Full control on users, applications, authentication levels and access authorization policies.
  • Granular application access based on individual permission rules or group membership.
  • Ability to control the behaviour of client applications. IT administrators can control the settings of client applications, e.g. to prevent copy/paste/download of files or allow the download of files in a dedicated secure environment.
  • Usage log. The SecureGateway logs all access attempts including details about which user, when and what resources are accessed by that user.

G/On Gateway

Hides the internal network and its resources from the Internet.

  • Data in transit between the gateway and the remote client is encrypted using FIPS 140.2 certified AES 256-bit encryption.
  • Full application functionality at the client is created by using Proxy and DNS services from the internal network.
  • Built-in load-balancing and fail-over functionality, also works with third-party load-balancing products.
  • Additional G/On gateways are easily created in seconds.

G/On Client

Connects applications on the client to resources inside the corporate network - without a VPN. After mutual two-factor authentication, the gateway server sends a dynamic menu to the client. This menu contains the specific applications available to the user, based on the device, authentication level, location, time and more.

Other features include:
  • The G/On client does not need to be installed.
  • No elevated rights are needed to run the application.
  • Users do not need to remember any URLs or other information to access applications.
  • Access rights are enforced in the gateway, preventing the user from starting not allowed applications or elevating access rights. Unavailable applications are not visible.
  • User menus can be adjusted in real time, even during active user sessions.
  • Automatic application launch and Single-Sign-On (SSO).
  • Ability to encapsulate all traffic in HTTP and traverse proxies without sacrificing security.
  • Includes application clients for RDP, Citrix, VNC, Browsers, File Access and much more.

G/On Desktop Client

Runs from a computer instead of a G/On USB-token and uses the computer as a second authentication factor instead of a smartcard. Only available on Windows.

4. G/On Infrastructure

On_diagram-03

 

G/On is Easy to Use

But there’s no need to figure it out all on your own.

Group 1014

Service Desk Support

Need technical support? Log in to the ServiceDesk or email your query.

Group 1019

Documentation

The one-stop shop for all technical documentation.

Discover how G/On can help: