login about faq

I don't seem to be able to find a direct answer anywhere in the documentation -- what is the difference between Tectia Client and Tectia ConnectSecure? Is the latter basically the former with additional capabilities, and if so, what can you do in ConnectSecure that you can't do in Client?

(Or point me to the documentation -- I did try to find the answer there first.)

asked Sep 13 '12 at 16:25

Kevin%20Vail's gravatar image

Kevin Vail

That is an excellent question!

Please find information from below:

Tectia ConnectSecure is a client component (“Advanced Client”), available for Windows/Unix/Linux operating systems.

Tectia ConnectSecure includes also SSHG3, SCPG3,SFTPG3 command line tools for scripted jobs like Tectia Client (both products offer also GUI for Windows/Linux).

The following tools are included in both, Tectia Client and in Tectia ConnectSecure’s Windows/Linux/Unix installation packages:

  • ssh-broker-g3 - SSH Connection Broker Generation 3
  • ssh-broker-ctl - Tectia Connection Broker control utility
  • Generation 3 - sshg3 - Secure Shell terminal client
  • Generation 3 - scpg3 Secure Shell file copy client
  • Generation 3 - sftpg3 Secure Shell file transfer client
  • Generation 3 - ssh-capture (on Linux/Unix) Captures TCP connections for tunneling or for FTP-SFTP conversion
  • ssh-keygen-g3 - authentication key pair generator
  • ssh-cmpclient-g3 - CMP enrollment client
  • ssh-scepclient-g3 - SCEP enrollment client
  • ssh-certview-g3 - certificate viewer
  • ssh-ekview-g3 - external key viewer
  • ssh-troubleshoot - tool for collecting system information
  • ssh-translation-table - Secure Shell File Transfer Translation Table
  • ssh-keyfetch - Host key tool for the Secure Shell client

What are differences between the Tectia Client and the Tectia ConnectSecure (besides both are client components)?

Tectia Client includes the following components and features:

  • Standard terminal and file transfer tools (CLI/GUI versions)
  • MVS dataset listing capability
  • Client daemon for automated operations
  • Mainframe-friendly file transfer commands (sput/sget, SITE commands)
  • Support for X.509v3 certificates in user/server authentication
  • SCEP support
  • CMP support
  • CRL support
  • FIPS-certified cryptographic library
  • Compliance with the IETF Secure Shell standards
  • Automatic SSH tunnels (client daemon will automatically create a localhost listener and the daemon will also automatically open the SSH tunnel when an application will connect to that localhost SSH listener)
  • Multi-channel support (over a single SSH connection)
  • Centrally managed using Tectia Manager (central management console and GUI configuration interface for Unix/Linux/Windows Tectia/OpenSSH products, software upgrades, configurations, log inspection)
  • Support for strong two factor authentication (smartcards and PKI tokens via MSCAPI/PKCS#11 and direct support for Entrust)
  • Native support for RSA SecurID
  • Native support for GSSAPI authentication (Kerberos)
  • Custom translation table support (byte-to-byte conversion)
  • Dynamic buffers for more high-speed data transfers
  • Pre-compiled and QA tested packages for Windows/Linux/Unix
  • Support for IETF RFC 4716 format keys and OpenSSH format keys
  • Support for modern SCP implementation (SCP using SFTP for better control)
  • Public key setup wizard (GUI/CLI)

Tectia ConnectSecure includes all components and features that the standard Tectia Client already has plus ConnectSecure also provides the following extra features on top of standard client functionality:

  • All Tectia Client features
  • Extended MVS streaming
  • File prefixing
  • Checkpoint/restart mechanism
  • CryptiCore® encryption and authentication
  • SFTP APIs (JAVA and C)
  • Transparent FTP Tunneling
  • Transparent FTP-SFTP conversion
  • Transparent TCP tunneling for Windows/Linux/Unix (encrypt application traffic without modifying applications itself): Our SSH tunneling is a bit more advanced thing than the normal SSH port forwarding as we can capture the application traffic on-the-fly thus there's no need to modify applications to connect to localhost address/port(!). You really need to try our SSH tunneling to see the difference.

Hopefully this helps!

Regs, SamiM


answered Sep 14 '12 at 15:17

Sami%20Marttinen's gravatar image

Sami Marttinen ♦

That Transparent TCP tunneling in our Tectia ConnectSecure product is unique to Tectia and it allows you to tunnel random TCP based applications in a more flexible manner than what you can do with the old SSH port forwarding thing.

For instance, on Linux/Unix operating systems the advanced TCP tunneling works like follows:

ssh-capture YourApplicationBinaryName

  • After you have executed the previous command, the TCP/IP traffic from your application is now monitored by ConnectSecure
  • In ssh-broker-config.xml file you can then define filter rules which will instruct our Tectia ConnectSecure when it will tunnel that application traffic and when not.
  • In ssh-broker-config.xml, you can define which side (client/server) will resolve FQDNs to IP addresses. This is usually needed when you will connect to a private network (when the client cannot resolve DNS names).
  • In that ssh-broker-config.xml file you can also define SSH GW server settings, or you can let ConnectSecure to findout the destination (destination taken from the application, ConnectSecure will use the same IP/FQDN as a SSH server's address as the tunneled application)
  • For instance, you can force an application to be tunneled only when the application tries to connect to a specific IP address/FQDN (or port) and still leave connections to other destinations to go without tunneling.
  • ConnectSecure can also tunnel applications which are using dynamic ports or multiple ports (!!!)
  • By using dynamic tunneling and blocking direct plain-text application connections to the application servers, you can easily enable strong two factor authentication for your applications. In other words, all application connections would need to be tunneled and authenticated via SSH before someone could use the application. You can use this kind of method if your application doesn't support strong two factor authentication by default, or without costly customization.
  • On Windows, dynamic/transparent TCP tunneling is configurable via GUI and that is all that you need to do to tunnel your application traffic.

answered Sep 14 '12 at 19:18

Sami%20Marttinen's gravatar image

Sami Marttinen ♦

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Sep 13 '12 at 16:25

Seen: 8,869 times

Last updated: Sep 14 '12 at 19:18

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.