Digital Workspace

Accops Digital Workspace helps organizations create a future-ready, compliant workspace and empower their workforce to be at
their productive best wherever they are. Accops Digital Workspace provides a comprehensive, zero-trust-based end-user
computing solution, enabling instant secure access to business applications from anywhere, any device and any network.

The Accops solution suite includes End-user ComputingVirtualizationvia application & desktop virtualization (VDI), zero trust-
based Application Access Gateway and Identity &Access Management solutions. It's a one end-to-end integrated solution
thattakescare of remote access, application virtualization,VDI, MFA, identity federation, SSO and thin client needs, sparing
organizations the need to juggle multiple product points from different vendors.

Accops Digital Workspace solution is highly modular to fit the needs of businesses of all sizes, providing seamless access to
modern web applications, Saas applications, client-server applications, legacy applications, virtual applications and virtual
desktops.
KEV FEATURES
Virtual Desktop Provisioning Integrated Application Delivery

Accops Digital Workspace solution supports both session

Accops Digital Workspace makes application delivery to
based desktops as well as dedicated virtual desktop-based
end users simple. Administrators can source applications
VDI. Administrators can add a Microsoft RDS server for
from different sources, like applications installed on
session-based desktop. Dedicated virtual desktops can be
Microsoft RDS server, Microsoft App -V or through
created, managed and delivered by adding VMWare vCenter,
application streaming products, and deliver the subset to
VMWare ESX, Microsoft Hyper -V or SCVMM. Linked-clones as
end users. The applications get seamlessly integrated to
well as full clones for VMWare-based platform can also be
user's PC, virtual desktop of the user or are available in the
created. It is possible to enable SysPrep from Accops
user portal. User can access these applications using any
console, enabling administrators to provision hundreds of
device they use.
virtual desktops with merely a few clicks.

Built-in Identity & Access Management

Zero Trust-Based Remote Access
The built-in Identity and Access Management solution
Accops Digital Workspace uses Secure Private Application
safeguards critical business applications and data from
Network (SPAN) technology to enable a high performance,
misuse by internal as well as external users, by managing
simplified remote access deployment. Accops' SPAN
user identities and monitoring user access. Organizations can
technology enables remote and mobile users to access
have strong control over endpoints by enabling contextual
business applications from any device, even over slow
access, device entry control and flexible policy framework.
networks with high latency. Accops solution detects, scans
The out of-the-box MFA is compatible with all applications.
and evaluates the trust level of all endpoints, based on
It enables strong authentication through multiple token
which, access is provided. Internet access on end user
options - SMS, Email, mobile app, pc software - or facial
machine can also be controlled and restricted based on
and fingerprint based biometric authentication. Single sign-
user role and responsibilities.
on (SSO) feature provides better security and
convenience. Accops Digital Workspace can also generate
Strong Endpoint Control alerts if access to any corporate application by a user
breaches the set risk thresholds, enabling organizations
Before an end user is allowed to access the applications,
to detect and prevent identity thefts and credential
Accops Digital Workspace lets organizations detect, scan
sharing.
and evaluate the trust level of the device used by the user.
Based on the trust level, access from the device can be
Detailed Auditing & Logging
controlled and restricted. Accops solution has the feature to
detect the device location and implement different security
Accops Digital Workspace provides administrators with
policies based on the location of the device.
detailed reports on all activities within the corporate
environment. It provides detailed logs on who accessed
what, when &from where along with end-device details.
Secure Sandbox Computing User Productivity & User Experience
With Accops Digital Workspace, organizations can create a Monitoring
secure sandbox for end user computing. In the secure
Accops Digital Workspace enables organizations to monitor
sandbox, the user can be restricted to run limited
productivity of their distributed workforce with per-user data
applications and they can be restricted from copying data
points, like log on time, log out time, and the time for which
from applications to local system or take data out of their
the user accessed each application. It is capable of
machines. The secure sandbox can control clipboard,
providing regular automated email updates with per-user
printing, desktop session recording, file saving, USB
details, like total session time, application access time, etc.,
access, and internet access, among others. Based on the
which can be used by HR teams for productivity
user location, the sandbox can adjust itself to relax the
measurement. The response time of each application can
restrictions if the user is working from a trusted location
be identified and the issues with slower applications can be
acted upon, to provide better user experience.
Device Management

When a PC runningAccops client or a thin client is available Privilege Access Audit & Control
on network, the device automatically registers itself with
Organizations can track, control and audit privilege access
the Accops controller and is available for management from
by the ITteams, support teams, developers and consultants
the console. Administrator can view the status of the
who need administrative privilege to systems for their
device, sessions and modify the device properties.
regular work. Accops Digital Workspace help organizations
Administrator can also push updates to the devices as
mitigate all potential security concerns posed by privilege
and when they are available. Alerts management can be
access, by enabling them to accurately track all details of
done from the central consolefordeviceswhich require
privilege user accounts usage.
extra attention.

Seamless, Safe Enterprise Mobility Scalable, Reliable & Highly Available

With built-in Load Balancing and high availability features,

Accops Digital Workspace comes with the latest TLS
Accops Digital Workspace can be scaled to thousands of
protocol based data security and integrity for application
users to ensure required uptime for business-critical
traffic. By deploying Accops Digital Workspace,
operations. Accops Digital Workspace has built-in load
organizations can secure any business application and
balancing for incoming users, as well as application traffic to
make it available to end users without any pre-configuration
ensure that the deployed hardware is effectively used.
on end users' machines. Organizations can also easily
HySecure can be setup in DR mode with client side failover
enable extranet users, vendors, consultants to bringtheir own
feature so that end users can always connect.
device for application access.

ARCHITECTURE

3
DATASHEET

Application & Virtual Desktop Publishing Desktop Provisioning

Session-based Applications & Desktops Desktop Pools
• Microsoft Windows RDS Server 2008 R2 - SPl, 2012 R2, Full and limited clones
2016,2019 Permanent and temporary Desktops
• Ubuntu-based terminal server Power management for virtual desktops
Dedicated Virtual Desktop OS Auto-expand pool
• Windows: Microsoft Windows 7/8/10 Desktop customization using SysPrep
• Linux: Ubuntu & CentOS Recompose desktops using source VM
Hypervisor Support Virtual desktop target location management
VMWare ESXi 5.5 or above Persistent & non persistent desktop
VMWare vCenter v5.5 or above Entitlements
Nutanix AHV/ Prism Central Hy Desk (Thin client) device
Microsoft Hyper-V 2012 R2/2016 PC with Hy Desk client
Microsoft SCVMM 2012 R2/2016 User Identity
Cloud: Microsoft Azure Group/OU
Physical Desktops Shared hosted desktop assignment
Application Support One to One assignment
All web-based, TCP and UDB based client server applications Auto-assign desktops on first login
Windows file shares and drive mapping Permanent or temporary assignment
Dynamic port-based applications Endpoint Control
Publish subnet or IP range for network access Strong device identification based on 20 parameters includes
Special support for RDP virtual channels CPUID, MBID, HDDID, MaclD, IMEI number and more
Application server load balancing Detect managed and unmanaged devices
Session caching for load-balanced applications Login control from managed and unmanaged devices
VoIP (Voice over IP) Support for checking for antivirus, firewall, antispyware
FTP products
Fileshare Real-time status check for last update time
Per application-based compression switch Real-time protection check
My Desktop for direct personal desktop access Application control based on device profile
HyWorks VDI and Hosted Application Mandatory profile for non-avoidable policy checks on all
0365, Gsuite, Salesforce (MFA is supported) endpoints
Device Management Quarantine profile for devices that fails all other profiles
Display configuration Secure endpoints from attacks over internet or from becoming
Device setting like volume USB ports a proxy for attacks
USB port redirection driver management Restrict internet access of the user based on policy
Device lock down settings Restrict users from accessing clipboard, printing, USB devices
Device UI option security and control Geolocation-based restriction
Device power save settings Windows update-based restriction
Language and keyboard settings Profile-based security policy
Device diagnostics settings and log collection Access Security
Grouping of devices for easier management TLS 1.0, 1.1, 1.2 and above
Wizard driven installation procedure Encryption: Strongest available - DES, 3DES, AES
Certificate-based strong authentication for administrators Authentication: SHA-2, RSA 2048, 4096
Web-based management console 4096 bit RSA key CA Certificate support
System Management Internet network masking and IP address/hostname mangling
Logging & reporting users logs, admin logs, device logs, alerts Application level gateway and not layer 2 bridging
Log achieving Hardened gateway operating system
Automated & manual configuration backup Split & full tunnel access modes
Cluster management Secure sandbox computing
Session host server management* DDOS Protection
Application Publishing Features Access Methods
Remote browser application Hy Desk devices
Application folder support HyWorks client for PC on Microsoft Windows, Ubuntu & macOS
Application shortcut publishing HySecure client for PC on Microsoft Windows, Ubuntu &
macOS
Customer icon publishing HyWorks client SDK for thin client integration
Launch in single session iOS & Android app
Session policies Hybrid portal mode
Protocol performance control Portal with Java applications
Universal printing Accops Nano Live USB
Printing quality control Accops Hy Lite Web portal for clientless access
Printing bandwidth control L3 mode
Clipboard control Reverse proxy clientless VPN for web applications
Drive mapping control Site to site access

4
DATASHEET

Monitoring, logging, auditing Authorization

Monitor device availability status Application-based access control
Monitor session status with details on CPU usage and power Access control based on
consumption • Device identity and profile
Monitor idle session status • Endpoint Security trust level
Timeout idle sessions automatically • User authenticationmethod
Manually terminate sessions • User role
Virtual desktop power status • User's organization
Manage power operations • User's location
Authentication server reachability status Dynamic policy evaluation based on run time information
Hypervisor reachability status about device, authentication method and user role
Resource utilizations Display of allowed applications and availability of the
Session recording application server to users
Customizable graphical dashboard & reports with detailed Time based restriction policies
event collection, real time visibility, email alerts & reports Scheduled account expiry
Watermark with date, time and customizable logo, text, Block specific groups
username for Virtual Apps & Desktops Multiple VPN Domain based control
Logs of all applications and duration for which each application Control user's Internet access
was running Support for external authorization servers
Support for external SIEM servers Automatic fetching of group information from
Logs of information like time of access, username, domain AD/LDAP/RADIUS
name, MAC address of endpoint, IP address of endpoint, Automatic expiry of ACL (Access control List)
application accessed, device profile, file uploaded/downloaded Authentication
Reporting on domain wise access, applications accessed, failed Authentication based on
login attempts, concurrence graph • User identity, OU/group/realm
Alert on Resource Utilization • Static passwords, OTP - dynamic passwords
Productivity logs • Certificates
User location monitoring and impossible travel notification • Device Signature: CPUID, HDDID, MaclD, IMEI No., and more
Monitor users for log monitoring • User location, IP address
Sys log report • Endpoint security trust level
Detailed logging of endpoint security scans results 2FA based on certificates, device signatures
Complete reporting of user logons and activity OTPs through SMS/Email/Hardware/Software Token
Deployment Local database with full customization per user, password
Scalable to thousands of users policies, password reset support
Active-Active N+1 cluster RSA secure ID or 3rd party OTP server
Application connection load balancing Integrates with AD/LDAP/RADIUS/SAML/ pre-existing
Session persistence: Users do not need to re-authenticate biometric authentication server
ISP load balancing for incoming connections Fully integrated client-certificate based 2FA server with
Client side failover using alternate gateways automatic CA and certificate provisioning
Runs on hardened Linux based platform Novell E-Directory
Menu driven console interface for easy configuration 550 NPLM-based apps
Can run on any standard or custom hardware 550-based SAML
Runs on virtualization platforms from VMware, XenServer, Consent (Push Notification)
Hyper-V Consent with additional tokens (Push Notification)
Support for FIDO & Passwordless Logan
Biometric Authentication

5
 FEATURES
Virtual apps & desktop security
management
Secure File upload/download work
flow with detailed audit logs: one way
file transfer, file type control, file size
control
Application containerization and
sandboxing for virtual apps &
applications within virtual desktops,
based on user and device context
Virtual IP address for each user session
for pooled desktop or virtual apps
users
Application isolation using MSIX
packages with efficient one click
application delivery
User profile management using
FSLogix and UPD
Contextual Application access and
application sandboxing for virtual apps
& virtual desktops
Session Experience Management
Accops Shell for virtual desktops
Session policies to control user
experience and permissions,
customizable at user, group, OU,
server, VM and device level
User session performance
management with CPU overuse
control and application resource
allocation management
User Experience Monitoring and
Management
Self-Service for Users for Session
performance management
Local Resource Redirection and
Session Experience
Driverless printing via Accops HyPrint
driver for any modern and legacy
application (PDF, Text based printer)
Support for eTokens for digital
certificate signing on Windows or
Linux based virtual apps and
desktops
Seamless USB peripheral
redirection for virtual desktops and
virtual apps running on personal
virtual desktops
with Windows 10 or Linux
Enhanced USB peripheral redirection
for pooled virtual desktops and virtual
apps running on Microsoft RDS Server

n (Needs additional License for

enhanced USB redirection module)
Access to Virtual Apps & Virtual
J Desktops
L Accops Desktop client to access Virtual
apps and Virtual Desktop: Windows
7/8/10, macOS, Ubuntu 16 & higher,
CentOS 7 & higher, Bharat OS,
Windows 10 loT
Accops Integrated portal to access
Virtual apps and Virtual Desktop:
Windows 7/8/10, macOS, Ubuntu 16 &
higher, CentOS 7 & higher, Bharat OS,
Windows 10 loT
Accops Workspace client for iOS &
Android to access virtual apps &
desktops and Microsoft RDP based
connections inside Accops container
Clientless access to Virtual Apps &
Desktops using HTMLS supported
browser (Hylite)
Seamless file transfer, endpoint
security, USB redirection and other
advanced features for Clientless portal
using HTMLS browser
Remote access to Virtual Apps &
Desktop via Accops HySecure
Management. Reporting &
Compliance for Virtual Apps &
Desktop
Productivity Monitoring on virtual
apps & desktops including time spent
on each application
Session Recording for Virtual Apps &
Desktops

tB
Watermark for Virtual Apps &
Desktops

7
n
[]
Built-in rep:rt n u:p
external SIEM servers
for

Customizable dashboard & reports

with detailed event collection, email
alerts and reports in email. {Needs x' x' x' x' x'
additional license for Accops
Reporting Server)
Multi-tenancy support to manage
multiple organizations from single x' x' x' x' x'
deployment
Time based access to apps &
resources with notifications to alert
admin of expiring ACls
Multiple high availability deployment
support including Active-Passive,
Active-Active
Support for Disaster recovery sites with
automated customizable data synch
Support Microsoft SQL Express edition
for up to 2000 concurrent user
deployment. Supports paid SQL

tE
editions
Record resource consumption at each
server, session and user level and
provide detailed reports
Centralized web based management
console with dashboards
Remote Access to Private Applications
Integrated workspace access portal to
I I I I I I
access any private applications (web
apps, client-server apps, virtual
applications and virtual desktops),
Cloud Apps, Saas applications. (Note:
Virtual apps & desktops needs
separate licensing)
Accops Workspace client for Windows,
macOS & Linux for accessing web
apps, client-server apps, Saas apps,
virtual apps & desktops from a single
user interface: Windows 7/8/10,
macOS, Ubuntu 16 & higher, CentOS 7
& higher, Bharat OS, Windows 10 loT

Secure Remote Access gateway with

Accops SPAN technology based on
application tunnels to create Zero
trust-based access gateway and using
latest TLS 1.3/1.2 protocol with latest
cipher support
Secure Remote Access gateway with
Accops Turbo technology to create a
seamless network extension based on
Datagram based tunnel and latest
cipher support
Accops Workspace client for iOS &
Android to access virtual apps &
desktops and Microsoft RDP based
connections inside Accops container
Accops Workspace client for iOS &
Android to access native mobile apps
& email client
Reverse Proxy Gateway for clientless
access to web applications
Clientless access to Windows & Linux
PC/VM using RDP using HTMLS
supported browser (Hylite)
Seamless file transfer, endpoint
security, USB redirection and other
advanced features for Clientless portal
using HTMLS browser
Application Support for Remote
Access
Remote access to web application,
Saas apps
Remote access to Internal applications;
client-server, RDP, SSH, any other
client-server applications, VDI
solutions
Integrated Access to Virtual
applications & Virtual Desktops :
Accops HyWorks support
Access to VOiP & other real time
applications through UDP based
tunnel for jitter free experience
Access to MyDesktop: Office PC
access: remote desktop and file share
Self-service for password and account

tE
lockout management

8
 FEATURES
Authentication & Authorization
for Remote Access
User Authentication Support:
Microsoft Active Directory, LDAP,
Novell e•Directory, Local Database
User Authentication Support:
RADIUS Server, SAML, ADFS,
oAuth
550 for web & Saas apps using SAML,
oAuth (IDP initiated authentication)
MFA using OTP tokens (SMS, Email),
Mobile App token, hardware token
MFA using FIDO Security Keys
MFA using push notification to
Desktops
MFA using push notification to
Smart phones
Contextual login and app access based
on device Identity
Contextual login and app access based
on device location, health and more
advanced parameters (Device

-
classification service)
Contextual access to Virtual apps &
desktops and apps within VDI based
on device Identity (Device classification
service)
3rd Party Applications: Multi-Factor
Authentication & SSO
MFA connector for SAML supported
apps (SP initiated auth) & ADFS
MFA connector with Apps supporting
RADIUS (network devices, etc)
MFA connector with AD integrated
apps using LDAP Proxy
MFA connector for Accops biometric
server & 3rd party biometric (face &
fingerprint) authentication server
Contextual MFA based on device ID,
user 1D, application accessed, location,
time
Step up authentication based on
context
Endpoint Management & Controls
Centralized endpoint inventory and
categorization for devices used for
remote access
Push firmware and client upgrades to
endpoints
Map end users to endpoint devices
and provide device contextual access
Remote control and helpdesk support
from datacentre
Restrict Internet control: Whitelist or
blacklist URLs or completely block
Internet
Restrict local LAN access
Restrict apps from downloading data,
printing, drag & drop
Restrict clipboard, print screen,
screen recording, screen scrapping
tool, screen sharing tool. Create
exceptions for specific program and
tools Restrict clipboard to work within
specific application for better control
Block USB port
Run in stealth mode on end user PC
with no option to stop the agent.
Password protected install and
uninstall
Data copy protection on endpoint
machine by blocking screen shot,
clipboard, screen recorder blocking
Announcements for users
Management, Reporting &
Compliance for Remote Access
Centralized web-based management
console with dashboards
Watermark for End-user PC

[J

9
 Available as Independent Accops Workspace
Other Add-on solutions HySecure Platinum HylD Platinum
SKU Platinum
Accops Reporting Server

Accops Biometric Server: Fingerprint, Facial Auth

Accops Enhanced USB Redirection Module

Accops NanoOS to repurpose old PC, OS on USB

Advanced Linux thin client management with complete firmware
configuration including 3rd party components, monitoring and control
(Needs additional thin client management software license}

B
Accops HyMobile: Comprehensive Mobile device management for iOS and
Android devices for company owned devices as well as personal {Needs
additional Accops HyMobile MDM Solution License)
Teradici PColP Cloud Access Plus license for heavy graphics applications
(monthly or annual subscription}

x: Feature available
x*: Feature available with add-on components
Blank or"-": Feature not available in this edition and needs upgrade to higher version

ACCOPS NANO OS ACCOPS SEP (Enhanced Driver)

Features
Features
Redirect USB devices to Microsoft RDS Server for Shared Hosted
Accops customized Linux OS for PC refurbishing Desktops
Kiosk Mode Operation Redirect USB devices inside Windows 7, Windows 8 & Windows
10 based OS for Dedicated Virtual Desktops
Support for HySecure and HyWorks
Redirect devices based on device type
NO access to local disk Redirect printers, scanners, biometric devices, USB security
Access to Virtual Desktops tokens, other USB devices

Access to Hosted Applications Redirect Parallel (LPT) and Serial (COM) ports

Secured OS (SCAP standards) Concurrent User Licensing

Note: The information contained in this document is subject to change. For the latest details, please refer to the commercial proposal document received or talk to an Accops
authorized sales professional.