Galileo Desktop SSL

Galileo SSL Service

Overview

Note, in order to use Galileo SSL, your contract with Travelport may need to be modified before you can begin using Galileo SSL to connect to the Apollo or Galileo host systems. Please contact your Travelport sales representative to determine what if any contract changes may be required.

Note, do not install the Galileo SSL service in conjunction with a particular Client ID unless you are certain the Client ID is "SSL enabled". The installation of this software changes the IP address settings in the Control Panel, Galileo TCP/IP applet to 127.0.0.1. Installing the SSL service before the Client ID has been added to the Galileo SSL proxy servers will result in a non-working connection. Hint, check the Galileo TCP/IP applet in Windows Control panel before you install the Galileo SSL service. That way, if you find you need to switch back to the prior settings, you will know what they were.

The Galileo SSL connection allows direct access to the Apollo and Galileo hosts through a secure Internet connection. You may use it as a connection solution for remote Agents who work from home, as your primary agency connection, or both.

SSL, short for Secure Sockets Layer, is a commonly used protocol for managing the security of a message transmission on the internet.  Galileo SSL enables you to use your existing computers and print servers to access the Apollo and Galileo hosts over the public Internet via an encrypted, secured connection.  The SSL software installation is transparent and automatically makes the required changes to configurations of Focalpoint, Galileo Desktop and Galileo Print Manager. If you are using Terminal Servers or Citrix Servers, some manual configuration work is required.  Once the connection has been established, you will continue to work on Focalpoint, Viewpoint or Galileo Desktop as you do today. 

When installed, Galileo SSL creates a "service" on the computer and this "service" in turn connects Galileo Desktop, Galileo Print Manager, and potentially other 3rd party gateways to Galileo's host systems.

The Galileo SSL service uses standard SSL protocols and ports; TCP port 443. As an example, this is the same port which a web browser would use to connect you to most banking sites using https:// URLs.

Galileo SSL Version Info

• Current Version is v01.00.0013.00, released May 1, 2010
• Previous versions are no longer available for download.

Installation Guide (lots of answers to questions here as well)

• The installation guide for Galileo SSL can be downloaded/opened from here.
• The "Versioning Guide" for Galileo SSL can be downloaded from here.

Router, Firewall and Proxy Server Notes.

Please note, customers who restrict agency desktop access to the internet on port 443 will need to add rules to their firewall and/or proxy servers to allow for SSL traffic to the following destinations.

As part of Travelport's commitment to improve the stability of our popular desktop SSL connectivity product, we have implemented multiple SSL termination points to allow quick resolution of customer impacting platform issues. To enable this capability in a seamless fashion, we are asking our travel agency customers who restrict desktop access to the internet to add the following rules to their firewalls.

The destinations shown with DNS names are the primary, high availability HSRP connection points. During normal operations, these will be the VPN end point. However, as part of Travelport's commitment to improve the stability of our popular desktop SSL connectivity product, we have implemented multiple SSL termination points to allow quick resolution of customer impacting platform issues. To enable this capability in a seamless fashion, we are asking our travel agency customers who restrict desktop access to the internet to add ALL of  the following destinations to their firewalls.

On port 443, please allow access to these public IP addresses from the agents' desktops:

• 216.113.131.33
• 216.113.159.225 (gdssl.galileo.com)
• 216.113.159.226 (gdssl-atl.galileo.com)
• 216.113.159.227

Please note this does not affect any existing SSL connectivity instead allows Travelport more flexibility to minimize customer impact in the event of an SSL problem. Should you have any questions or concerns please escalate using your normal procedures.

If there are no restrictions limiting desktop access to the internet on port 443, there should be no changes required of the customer.

Known Limitations

• Currently, the Travelport SSL proxy servers do not support our customer's HTTP Proxy Servers which require authentication with a username and password at the time of connection. Support for this type of authentication may or may not be included in a future release.

Manual Configuration for Customer Proxy Servers

The Galileo SSL proxy service will usually connect through customer proxy servers. However, in the case where the service does not connect, the following changes may be required.

• Use Notepad to open and edit c:\program files\galileo\ssl\SSLClientService.exe.config
• Locate the <appSettings> section of the file
• Add the following two lines to the end of the <appSettings> section
  <add key="Proxy Server Address" value="your.proxy.server's.name.here" />
  <add key="Proxy Server Port" value="port#.for.https.here" />
• Use the name or IP address of your proxy server on the fist line
• Enter the port # your proxy server uses to forward SSL (https) traffic on the second line
• Note, the syntax is CRITICAL, including spaced, quotes ("), etc.

Advantages

• Agencies are able to work as they do today using the same Client ID and GTIDS
• No additional onsite hardware required
• No server based software required
• No special network routing required
• No special firewall or router rules required
• Most routers and firewalls allow this type of connection without any special configuration.
• No design limit to the number of SSL connections through a standard router - performance limited only by ISP bandwidth
• No credential challenge on connection breaks
• The Galileo SSL service eliminates the need for the Nortel VPN software which is used in conjunction with what is referred to as "FocalpointNet".

Minimum Requirements

• Internet Access
• Windows 7 (32-bit or 64-bit)
• Windows Vista
• Windows XP, SP2
• Windows 2000 Professional, SP3
• Windows Server 2003 or above if using Terminal Services or Citrix to run Galileo Desktop.
• Galileo Desktop 1.01 or higher.
• Galileo Desktop v2.2 is recommended on 64-bit versions of Windows
• Focalpoint 3.5 with Viewpoint 3.0 is also supported but not recommended.

Please note, the person doing the installation must have administrative rights to the computer.

Known Issues:

• Microsoft .Net 2.0 or above needs to be installed, if not present, the installation process will attempt to automatically download and install this software from Microsoft and and then complete the installation of the Galileo SSL service.
• On 32-bit versions of Windows XP, “Microsoft Installer 3.1 v2” or above must be installed on the computer. See (KB893803)” for details and to obtain this software.
• On 32-bit versions of Windows. If you are having difficulty using Windows Updates to download and install the Microsoft .NET v2.0 service, you may download and install this software directly from Microsoft at http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&DisplayLang=en
• On 64-bit versions of Windows. If SSL appears to have installed properly but you have no connection to Apollo.
  • Click Start, Run, type services.msc in the run line, and enter to access the list of services Windows is running.
  • Look in the list for the Galileo SSL Tunnel Service
  • If the service is present, but not started, and the 64-bit version of .NET v2.0 is not installed, attempts to start the service will fail.
  • Manually download and install “Microsoft .NET Framework Version 2.0 Redistributable Package (x64)” from http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=B44A0000-ACF8-4FA1-AFFB-40E78D788B00&displaylang=en
• IMPORTANT, the 32-bit and 64-bit versions of .NET v2.0 ARE DIFFERENT and there are different links above for the appropriate version for your copy of Windows

Support

• The North American Help Desk can assist you with all SSL related questions. Help Desk specialists are available to you 7 days a week, 24 hours a day by calling your normal support phone number.
• Prior to contacting a Travelport Help Desk or other support group, please upgrade to v01.00.0012 or higher. If you are not running this version or higher when you contact us for support, you will be asked to do so.

First name Last name Company Address City State or Province ZIP or Postal Code Country Pseudo City Code Host System Apollo Galileo Both Software to be installed by Company Employee Consultant Desktop Software Being Used Galileo Desktop v2.1 or above And Galileo Print Manager Galileo Desktop v2.1 or above Galileo Desktop v2.0 Galileo Desktop v2.0 And Galileo Print Manager Galileo Desktop v1.01 Galileo Desktop v1.01 and Galileo Print Manager Galileo Print Manager Only Focalpoint v3.5 Focalpoint v3.5 and Galileo Print Manager Using On PCs which formerly connected using an 'always on' connection such as frame relay or a hardware VPN a connection using the Nortel VPN software (FocalpointNet) a mixture of 'always on' and software VPN connections By checking this field, I hereby certify that I, as a duly authorized representative of the organization, understand and agree to abide by the conditions set forth above regarding the usage of Galileo by Travelport software.