HttpVPN™ Operations Guide


Purpose of This Article

This white paper is intended for developers and web site/application operators who want to existing, already-deployed intranet web applications/web services and local sites become accessible on the Internet in secure, authenticated manner. This approach is very useful if you have any web site that needs to be accessible to someone outside your local-area network, without having to deal with all the headaches of in-house web hosting.

How HttpVPN™ Works

In the nutshell, HttpVPN™ makes web pages rendered by your local/intranet web applications, appear on HttpVPN Portal internet web site, where you and other authorized application end users log in to get secure access to the apps. HttpVPN Portal forwards HTTP requests generated by the web browsers to an HttpVPN Proxy that lives inside the same network where your apps reside, and Proxy then forwards requests further to web apps, making your app think that requests originated inside the LAN. After HTTP response was created by your web app, it's sent to the Proxy, which replaces LAN-based URLs on the page with Internet (Portal) based URLs and returns the response to the Portal, where it's presented to the end user. When user clicks links on the page, the whole round-trip is repeated again.

What You Need To Make It Work

Obviously, you will need an up & running local/intranet web site or application, residing on a machine living inside a behind-the-firewall LAN.

You will need to download and install HttpVPN Proxy software on a Windows machine that has unmetered or unlimited broadband Internet connection and is living inside the same LAN where your local/intranet app does. If your web sites/applications run on Windows, you may (but don't have to) install the Proxy on the same machine. If your applications run on Unix or other OS, you will need to install HttpVPN Proxy on another machine (virtual machine will do) running Microsoft Windows (XP SP2 or later).

In order to be able to install Proxy software, your Windows account has to have Administrative privileges.

You will also need to create an account at the Portal. This will ensure that only you and people you authorize can access your applications.

The Walk-Trough

Here we start the actual "how to" part of the article. Please follow these steps to make your local/intranet site or application accessible on the Internet to your and other people you authorize.

1. Create an Account at the HttpVPN Portal.

Start with creating an account at the Portal. You can skip this step if you already have an account with the Portal.

The 3-step account creation process includes usual stuff, like proving you are a human being and not a hacker's software bot, providing your name and setting up your username (email address) and password.

Once your account is created, a verification email is sent to the email address provided as a user name. Verification is not required for most features, but whenever money or payments are involved, only accounts with confirmed emails will be allowed to pay or receive money. Also, after account was created, it's a good idea to stop by at your profile page and add your birthday information, in case you want to have access to content-restricted sites of other people, as well as to have access to money-related features of HttpVPN.

2. Download and Install HttpVPN Proxy.

You can skip this step if you already an administrator of an HttpVPN Proxy residing in this local-area-network.

From the Windows machine where you will install HttpVPN, please go the HttpVPN Download page and get the runtime version of the HttpVPN Proxy software. Run the downloaded EXE to install the Proxy.

After HttpVPN Proxy software is installed, please run Start | Programs | UltiDev | HttpVPN Web Hosting Proxy | Proxy Management Utility. The purpose of this program is to let you create Proxy's identity and register the Proxy as belonging to you. These are the steps to take once you have launched Proxy Management Utility:

  • Say "Yes" when asked if the PC will be mostly-on. If machine with the Proxy is turned off, your application will become inaccessible on the Web.
  • Log in using Portal credentials. Your username and password are secure because they are sent SSL-encrypted.
  • When prompted to supply Proxy name, please enter a name that would be meaningful as your local network name. For example, if you register the Proxy at home, enter something like John's and Jane's Household; and if it's a business LAN, enter something like Company-Sales-Proxy X. These types of names, vs. "Proxy 1", will be very helpful when you invite other people to access your apps, and they will need to tell your Proxy from someone else's.
    Proxy Reg Utility - Proxy Name
  • Click Register Proxy button. After a brief delay you should get a message saying that Proxy has registered successfully. At this point your Proxy has obtained X.509 certificate-based identity known to the Portal as a legitimate web app host.
  • At this point if you log in to the Portal home page, you should see your newly-registered Proxy and its status should be UP.
  • This is it for HttpVPN Proxy installation and registration. It is now ready to make your local sites and applications accessible on the HttpVPN Portal.

3. Make Your Local/Intranet Web Site or Application Accessible on the Web.

  • Start with launching a web browser on the machine where Proxy is installed. Point the browser to the URL of the web application you want to make accessible on the Internet - just to make sure the Proxy will be able to reach the application.
  • Log in to the Portal, hover the mouse over the icon next to the Status indicator of the Proxy and click the "Add Site or Application menu" item:

    Registering a web application with HttpVPN Proxy

  • You will land at the Application Properties page. In most cases here you will need to specify just an application name and the URL by which Proxy can reach it (see the first bullet of this chapter):

    Register New Application Screen

  • To save application's settings you may either hit the "Save App's Settings" button twice, or press "Specify Application Root" button first, followed by pressing "Save App's Settings" button. After that the User Group List pane will appear on the right side of the screen, but you can ignore it for now.

    At this point you (and you only) can access the application on the Web at the Portal. Hit Back button to go back to the home page of the Portal - your application is there ready to rock-n-roll. Well, almost ready - it takes a minute or two to propagate application registration inf to propagate application registration info to the Proxy. So please wait for a couple of minutes, and then click your application link and enjoy secure Internet access to your behind-the-firewall web site!

Applications Using NTLM or Kerberos Windows Authentication

HttpVPN supports IIS web applications using NTLM or Kerberos windows authentication. When a browser pops up login dialog box for such application, the dialog box looks just like Basic/Digest authentication box - without domain field. To work around this limitation, please enter user name in the DOMAIN\USERNAME format. Since it's impossible to tell by looking at the authentication popup box whether the web app requires Basic/Digest or NTLM/Kerberos Windows authentication, users need to know whether the app uses Windows authentication and if it does, enter credentials using domain\username format.

HttpVPN allows browsers like Firefox that traditionally do not support Windows authentication, to work with NTLM/Kerberos apps.

Useful Links