Galileo Desktop SSL

Email Page | Print Page

Home | Contact Us | Search

Galileo 360 Portal

Knowledge Base

Product Support

Software Library

Galileo SSL Service

Galileo Flight Integrator (Sou...

Galileo IDS Documentation & So...

Support Agreements

Advanced Product Solutions Support > Software Library

Galileo Desktop SSL

Galileo SSL Service

Overview

Note, in order to use Galileo SSL, your contract with Travelport may need to be modified before you can begin using Galileo SSL to connect to the Apollo or Galileo host systems. Please contact your Travelport sales representative to determine what if any contract changes may be required.

Note, do not install the Galileo SSL service in conjunction with a particular Client ID unless you are certain the Client ID is "SSL enabled". The installation of this software changes the IP address settings in the Control Panel, Galileo TCP/IP applet to 127.0.0.1. Installing the SSL service before the Client ID has been added to the Galileo SSL proxy servers will result in a non-working connection. Hint, check the Galileo TCP/IP applet in Windows Control panel before you install the Galileo SSL service. That way, if you find you need to switch back to the prior settings, you will know what they were.

The Galileo SSL connection allows direct access to the Apollo and Galileo hosts through a secure Internet connection. You may use it as a connection solution for remote Agents who work from home, as your primary agency connection, or both.

SSL, short for Secure Sockets Layer, is a commonly used protocol for managing the security of a message transmission on the internet. Galileo SSL enables you to use your existing computers and print servers to access the Apollo and Galileo hosts over the public Internet via an encrypted, secured connection. The SSL software installation is transparent and automatically makes the required changes to configurations of Focalpoint, Galileo Desktop and Galileo Print Manager. If you are using Terminal Servers or Citrix Servers, some manual configuration work is required. Once the connection has been established, you will continue to work on Focalpoint, Viewpoint or Galileo Desktop as you do today.

When installed, Galileo SSL creates a "service" on the computer and this "service" in turn connects Galileo Desktop, Galileo Print Manager, and potentially other 3rd party gateways to Galileo's host systems.

The Galileo SSL service uses standard SSL protocols and ports; TCP port 443. As an example, this is the same port which a web browser would use to connect you to most banking sites using https:// URLs.

Please note, customers who restrict agency desktop access to the internet on port 443 will need to add rules to their firewall and/or proxy servers to allow for SSL traffic to the following destinations.

As part of Travelport's commitment to improve the stability of our popular desktop SSL connectivity product, we have implemented multiple SSL termination points to allow quick resolution of customer impacting platform issues. To enable this capability in a seamless fashion, we are asking our travel agency customers who restrict desktop access to the internet to add the following rules to their firewalls.

The destinations shown with DNS names are the primary, high availability HSRP connection points. During normal operations, these will be the VPN end point. However, as part of Travelport's commitment to improve the stability of our popular desktop SSL connectivity product, we have implemented multiple SSL termination points to allow quick resolution of customer impacting platform issues. To enable this capability in a seamless fashion, we are asking our travel agency customers who restrict desktop access to the internet to add ALL of the following destinations to their firewalls.

On port 443, please allow access to these public IP addresses from the agents' desktops:

12.17.227.30 (gdssl.galileo.com)
12.17.227.145
12.17.227.146
194.24.254.193
194.24.254.201
194.24.254.204 (sslfpemea.galileo.com)
216.113.131.33
216.213.159.225
216.213.159.226 (gdssl-atl.galileo.com)
216.213.159.227

Please note this does not affect any existing SSL connectivity instead allows Travelport more flexibility to minimize customer impact in the event of an SSL problem. Should you have any questions or concerns please escalate using your normal procedures.

If there are no restrictions limiting desktop access to the internet on port 443, there should be no changes required of the customer.

Known Limitations

Currently, the Galileo SSL Service does not work with 64-bit versions of Windows. This functionality will be included in the next release. No release date is available at this time.
Currently, the Travelport SSL proxy servers do not support our customer's HTTP Proxy Servers which require authentication with a username and password at the time of connection. Support for this type of authentication may or may not be included in a future release.

Manual Configuration For Customer Proxy Servers

The Galileo SSL proxy service will usually connect through cusotmer proxy servers. However, in the case where the service does not connect, the following changes may be required.

Use Notepad to open and edit c:\program files\galileo\ssl\SSLClientService.exe.config
Locate the <appSettings> section of the file
Add the following two lines to the end of the <appSettings> section
<add key="Proxy Server Address" value="your.proxy.server's.name.here" />
<add key="Proxy Server Port" value="port#.for.https.here" />
Use the name or IP address of your proxy server on the fist line
Enter the port # your proxy server uses for forware SSL (https) traffic on the second line
Note, the syntax is CRITICAL, including spaced, quotes ("), etc.

Advantages

Agencies are able to work as they do today using the same Client ID and GTIDS
No additional onsite hardware required
No server based software required
No special network routing required
No special firewall or router rules required
Most routers and firewalls allow this type of connection without any special configuration.
No design limit to the number of SSL connections through a standard router - performance limited only by ISP bandwidth
No credential challenge on connection breaks
The Galileo SSL service eliminates the need for the Nortel VPN software customers who might otherwise be using "FocalpointNet".
The Galileo SSL service may take the place of a site to site VPN (Un-Managed VPN in Galileo terminology), although for an office of more than five to ten people, consideration should be given to using a site to site VPN. See this link for details on "Un-Managed VPN".

Galileo SSL Version Info

Current Version is 01.00.0008, posted on December 16, 2008

Minimum Requirements

Internet Access
Windows 2000 Professional, Windows XP (all versions) or Windows Vista (all versions)
Galileo Desktop 1.01 or higher (Focalpoint 3.5 with Viewpoint 3.0 is also supported but not recommended)
Microsoft;s .Net 2.0 or above needs to be installed, if not present, the installation process will automatically download this from Microsoft and complete this portion of the installation.
If Microsoft XP installed, the “Microsoft Installer 3.1 v2” or above must be installed on the computer. See (KB893803)” for details and to obtain this software.
Please note, the person doing the installation must have administrative rights to the computer.
Note, if you are having difficulty using Windows Updates to download and install the Microsoft .NET v2.0 service, you may download and install this software directly form Microsoft at http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&DisplayLang=en

Support:

The North American Help Desk can assist you with all SSL related questions. Help Desk specialists are available to you 7 days a week, 24 hours a day by calling your normal support phone number.

Contracting

The use of the Galileo SSL service is a contractual item. If you are interested in using this type of connection, please contact your Travelport sales manager for information on pricing and implementation time frames.

Download

Before you can download the software, you must complete the following form. Upon completion of the form, you will be taken to a download page. Remember, while you can download the Galileo SSL service software, you will not be able to use it for your connection to Galileo's host systems until the appropriate contractual work has been completed.

Frequently Asked Questions (FAQ)

Click here for a list of Frequently Asked Questions (FAQ)

Version 01.00.0008 Release Notes

Added support for 64-bit versions of Windows

Version 01.00.0007 - Version # skipped

Version 01.00.0006 Release Notes

Resolves problems with GPM reconnecting after network outage (PT 8555639).
Improves handling of extended network outages.

Notes

This product does not currently support 64-bit operating systems. Such support will be added in a future version.

Version 01.00.0005 - This version was not released to production, but included the following (also included in the v01.00.0006 release above).

Support for applications that utilize older versions of TCP/IP communications to Galileo/Apollo. Specifically, this includes the Cornerstone mid-office 3rd party application, along with the Galileo DOS Print Server.

Version 01.00.0004 Release Notes

Server Mode. This function allows the SSL Client to be run on a dedicated server with multiple desktop and print clients targeting it from other locally networked machines.
XML Select support.
Install fix to resolve an issue with GPM not being forced to refresh its configuration.
Silent uninstall support.
Automated Proxy detection disabled. This resolves issues seen with some proxy configurations.

Notes

Version 01.00.0004 of this product does not currently support 64-bit operating systems. Such support will be added in a future version.

Version 01.00.0003

01.00.0003 (PRODUCTION Release)
This version (1.00.0003) adds support for the Print Management Browser (PM Browser). Note that there is also a new version of PM Browser (separate and optional install) that is specifically written to make use of the SSL Client.
1.00.0002 (PRODUCTION Release)
This version implements a revised security thumbprint that resolves an issue when using a USB memory stick on Windows Vista. Upgrading from a previous version to this version or above will require your security to be reset. Contact your Apollo or Galileo Help Desk to have this reset accomplished.
1.00.0001 (PRODUCTION Release)
Support for TN3270 clients added.
Support for Print Management Browser added. New PM Browser release required for this function to work.
Application assembly obfuscated to prevent reverse-engineering (INTERNAL INFO ONLY)
Fix to make GPM to reconnect after a network outage.
Event log message ID’s tidied up (all should have unique ID numbers now).
Some config values have been removed (eg. MQ and GIDS settings). These are now incorporated into the base code and function automatically.
Support added to allow %CLIENTID% in the <CustomTCPConnectionSettings> area of the configuration file. Specifying this value where a user-id is required will make use of the first Client ID discovered on the PC (search order is FP, Galileo Desktop, GPM).
Support added to allow %GIDSQUEUENAME% in the <CustomTCPConnectionSettings> area of the configuration file. Specifying this value where a user-id is required will make use of the GIDS queue name discovered on the PC. (NOTE: this will only function if the GIDS application was installed to the default folder <WINDOWS_DRIVE>:\Program Files\Galileo International\GIDS).
Version 4 authentication packet now sent by default.

Software Download Form

First name

Last name

Company

Address

City

State

Zip code

Pseudo City Code

Software to be installed by

Desktop Software Being Used

Testing On PCs which nornally connect using

By checking this field, I hereby certify that I, as a duly authorized representative of the organization, understand and agree to abide by the conditions set forth above regarding the usage of Galileo by Travelport software.