cancel
Showing results for 
Search instead for 
Did you mean: 

JSAM:HOW IT WORKS??

Highlighted
Occasional Contributor

JSAM:HOW IT WORKS??

Hi guys,

I am in a bit of fix here with JSAM.I have joined as a VPN admin in a company and they use juniper ssl VPN's.I am having a problem understanding what JSAM is.
In a standard juniper document i found the following details:


The Java version of the Secure Application Manager (J-SAM) provides secure port
forwarding for applications running on a remote machine. J-SAM works by directing
client application traffic to the J-SAM applet running on a client machine. The IVE
assigns a unique IP loopback address to each application server that you specify for a
given port. For example, if you specify: app1.mycompany.com, app2.mycompany.com,
and app3.mycompany.com for a single port, the IVE assigns a unique IP loopback
address to each application: 127.0.1.10, 127.0.1.11, and 127.0.1.12 respectively.


I did understand what basically JSAM does (reverse proxy) but i didnot understand what those loopback ip's the document says about and why the loopback ips are used?

Can someone describe in lay man terms how the whole JSAM thing works (with these loopback ip's).
I will be very thankfull to anyone who gives an answer.
2 REPLIES 2
Highlighted
Frequent Contributor

Re: JSAM:HOW IT WORKS??

Hi,

Does this help? "The JSAM applet works by creating a mapping the FQDN of the server to a loopback IP (127.0.x.x). When the user attempts to connect, the local IP is returned for the resolution" = KB19776.

So when the app stream is redirected to the loopback IP, JSAM will then route the traffic via the SSL tunnel for delivery to the SA/Server.

Highlighted
Frequent Contributor

Re: JSAM:HOW IT WORKS??

Hello Meftahur Rahman,

JSAM stands for Java Secure Application Manager.
When we say Java, we are basically talking about Java Applets here.
How does JSAM function?
- Remember, there is already a SSL tunnel between the client and the IVE.
- For example: If the IVE is configured for users to access bbc.com via JSAM, then when the client access the IVE
and launch JSAM, the following happens:
- JSAM will now immediately modify the computer "host file" and add the bbc.com is on 127.0.1.X loopback IP
address.
- JSAM also will do a backup of the "original host file" on the client machine.
(You can see this when you go to C:\WINDOWS\system32\drivers\etc location after launching JSAM)
- Now, when a user hits bbc.com, the computer will try to do name lookup and it will check the "host file" where, it has
the entry saying, bbc.com needs to be reached through 127.0.1.X.
- The browser sends the traffic to the JSAM java applet listening on this loopback IP and that traffic is forwarded /
tunneled to the IVE using the inital SSL connection to the IVE which the client already has with the IVE over port 443.
Hope the above helps you.

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks