NS One NS One
Bâtiment Oslo - Les Fjords
19, avenue de Norvège - ZA Courtaboeuf 1
91140 Villebon sur Yvette - FRANCE
Tél. : +33 (0)1 69 59 12 00
Fax : +33 (0)1 69 59 12 05

Contact form >
  • Application access portal
  • Simple implementation
  • Personalized access
  • Autonomous solution
  • High-performance connections

Today, with employees increasingly mobile, the number of people connecting to networked resources increasingly large and connection tools increasingly heterogeneous and uncontrolled, it is essential to manage the access policy to enterprise resources in a relevant manner.

NS One’s SG One solution addresses the problems of roaming access security by setting up a secured encrypted tunnel (VPN).

Remote connections are established via a web browser and SSL mode secured sessions. As it is not necessary to install client software on the PC, the user can connect from any location and any workstation.

However, since guaranteeing the security of the connections is not sufficient to provide a high-reliability and high-performance solution, NS One also:

  • Guarantees user authentication
  • Prevents any risk of infecting the workstation used
  • Provides an easy-to-understand connection interface
  • Ensures high-performance connections

schema sgone vpn

The SG One solution

SG One is a solution offered in the form of an appliance to simplify implementation. It makes it possible to secure the various access points to the companie’s Information System: email, web, applications, etc. using the various technology modules in charge of security features.

With the implementation of the SG One solution to secure mobile access, you allow users to connect to company applications via a web browser and SSL mode secured sessions. The operating mode automatically adapts to the application being relayed, and the user accesses the applications via a universal portal that performs access control on the basis of defined user profiles.

Easy to implement, the SG One solution can be put in parallel your anti-viral or anti-spam solutions, on the servers or client workstation. No intervention or deployment of special software is necessary, thus considerably reducing the costs of implementation and exploitation.

More informations

Each SG One appliance is composed of a framework based on a securised Linux core and of a Reverse Proxy (Virtual hosting and load balancing IP and URL, End-to-End encryption).

Then various modules are added to meet the customers needs according to their business activities and of the requirements for their security
policy: type of users and accessible applications, volume of information and connections, security level, etc.

schema sgone web

Integrated modules

The VPN module allows secured access to any enterprise application requiring remote access and is compatible with the SSL VPN architecture. The traffic is encapsulated in a SSL tunnel to ensure the confidentiality of the data exchanged. With several SSL tunneling modules available, this module adapts to the diversity of communication modes encountered in enterprise applications.

The OneWay module is based on a unique architecture developed by NS One that uses a system of network partitioning (diode), to reverse the direction of data exchanges and to authorize firewalls to block all traffic of external origin.

The Identity module is used to set up an authentication and permissions-management system. It authorizes joint use of several authentication databases, and allows specification of the rejection policy for unknown users or erroneous passwords.

Identity supports the major authentication systems: LDAP directory, NTLM/SAMBA server, Microsoft’s Active Directory, RADIUS server, XELIOS, NS Identity server (NS One’s proprietary authentication and authorization solution).

Each SSL VPN appliance includes a Manager module, which is a solution for the management of network and security configurations. Designed for largescale deployments, this solution allows granular and precise security management for each protected site. The administration system distributes the network configuration and security policy to the appliances located in the DMZ so as to protect the internal network.

The Crypto module is, in fact, a cryptographic acceleration card that enables up to a five-fold increase in throughput for 128 bit encryption configurations and supports more than 4000 RSA 1024 Bits/s.

To ensure better security, the Crypto card may be replaced by the HSM cryptographic acceleration card. To prevent any risk of spoofing, the cryptographic keys are generated directly and stored in the card. Designed and manufactured in Europe, it meets the FIPS 140-1 security standards for random number generation and secured key storage.

Optionals modules

The Portal module allows non-technical users to create an application access portal, which is automatically generated by the administration interface after the user selects the remote access applications.

Client Checking
The Client Checking module checks the level of confidence of a computer that has just connected to the enterprise network. The audit of the client computer determines:

  • The login of the connected user.
  • All of the computer’s hardware data (processor, RAM, etc.).
  • The network components and IP configuration (MAC and IP addresses, DNS, DHCP, etc).
  • Detailed information concerning the OS (version, installed updates).
  • The presence of anti-virus software (update of anti-virus database).
  • The installed software packages.


Typology of supported applications

  • Web clients: Web mail, file sharing, Web applications, Intranet or Extranet applications.
  • Web and Java clients: distant terminals, Web applications, Web mail, Telnet, emulation terminals, file sharing, Intranet or Extranet applications (Citrix, Windows Terminal Server, etc).
  • Client/server with heavy clients having statics and configurables communication port (Lotus, SAP, Tivoli, Citrix..).
  • Any company application requiring a distant access and compatible with the VPN SSL architecture.


  • Implementation of the main authentication systems: client with X509 certificates, LDAP directory, NTLM, Microsoft Active Directory, Radius, Xelios.


  • Web administration interfaces to acces in SSL to the whole of the applications’ parameter setting functions and authorizations and user profiles definition.
  • Automatic generation of the portal’s HTML pages and access to the applications.
  • Skeletal management of the access and system’s Logs, provided in a Web server standard format easily exploitable.

High performance

  • Double fault-tolerance: redundant architecture of the appliances and
    accelerator cards Crypto (tolerance hardware and software).

Drivers TAP

  • OS supported: Windows 2000 SP4/XP/Server, Linux, Mac Os.




  • Network partitioning
    Very restrictive firewalls configuration.
  • Application firewall
    Detection of attacks at the application level.
  • Simple implementation
    No intervention on client computers and no specific deployment.
  • Web enabled administration
    SSL access to all functions.
  • Access portal to applications
    Automatically generated by the administration interface.
  • Multi-protocol solution
    Relays protocols http, https, ftp, Citrix, POP, IMAP, telnet, etc.
  • High availability
    Double fault-tolerance through redundant architecture.

Ils nous ont fait confiance


Ag2r, AvBank, Axa Banque, Azur Assurance, Banque de France, Banque Populaire, BFT, BNP, Caisse d’Epargne, Crédit Agricole, Crédit Coopératif, Crédit Mutuel, GMF, HSBC, ING Direct, La Banque Postale, Macif, MMA, Société Générale, Sofinco,...