Galileo SSL Service
Overview
Note, in order to use Galileo SSL, your contract with Travelport may need to be modified before you can begin using Galileo SSL to connect to the Apollo or Galileo host systems. Please contact your Travelport sales representative to determine what if any contract changes may be required.
Note, do not install the Galileo SSL service in conjunction with a particular Client ID unless you are certain the Client ID is "SSL enabled". The installation of this software changes the IP address settings in the Control Panel, Galileo TCP/IP applet to 127.0.0.1. Installing the SSL service before the Client ID has been added to the Galileo SSL proxy servers will result in a non-working connection. Hint, check the Galileo TCP/IP applet in Windows Control panel before you install the Galileo SSL service. That way, if you find you need to switch back to the prior settings, you will know what they were.
The Galileo SSL connection allows direct access to the Apollo and Galileo hosts through a secure Internet connection. You may use it as a connection solution for remote Agents who work from home, as your primary agency connection, or both.
SSL, short for Secure Sockets Layer, is a commonly used protocol for managing the security of a message transmission on the internet. Galileo SSL enables you to use your existing computers and print servers to access the Apollo and Galileo hosts over the public Internet via an encrypted, secured connection. The SSL software installation is transparent and automatically makes the required changes to configurations of Focalpoint, Galileo Desktop and Galileo Print Manager. If you are using Terminal Servers or Citrix Servers, some manual configuration work is required. Once the connection has been established, you will continue to work on Focalpoint, Viewpoint or Galileo Desktop as you do today.
When installed, Galileo SSL creates a "service" on the computer and this "service" in turn connects Galileo Desktop, Galileo Print Manager, and potentially other 3rd party gateways to Galileo's host systems.
The Galileo SSL service uses standard SSL protocols and ports; TCP port 443. As an example, this is the same port which a web browser would use to connect you to most banking sites using https:// URLs.
Installation Guide (lots of answers to questions here as well)
The installation guide for Galileo SSL can be downloaded/opened from here.
Router, Firewall and Proxy Server Notes.
Please note, customers who restrict agency desktop access to the internet on port 443 will need to add rules to their firewall and/or proxy servers to allow for SSL traffic to the following destinations.
As part of Travelport's commitment to improve the stability of our popular desktop SSL connectivity product, we have implemented multiple SSL termination points to allow quick resolution of customer impacting platform issues. To enable this capability in a seamless fashion, we are asking our travel agency customers who restrict desktop access to the internet to add the following rules to their firewalls.
The destinations shown with DNS names are the primary, high availability HSRP connection points. During normal operations, these will be the VPN end point. However, as part of Travelport's commitment to improve the stability of our popular desktop SSL connectivity product, we have implemented multiple SSL termination points to allow quick resolution of customer impacting platform issues. To enable this capability in a seamless fashion, we are asking our travel agency customers who restrict desktop access to the internet to add ALL of the following destinations to their firewalls.
On port 443, please allow access to these public IP addresses from the agents' desktops:
- 216.113.131.33
- 216.113.159.225 (gdssl.galileo.com)
- 216.113.159.226 (gdssl-atl.galileo.com)
- 216.113.159.227
Please note this does not affect any existing SSL connectivity instead allows Travelport more flexibility to minimize customer impact in the event of an SSL problem. Should you have any questions or concerns please escalate using your normal procedures.
If there are no restrictions limiting desktop access to the internet on port 443, there should be no changes required of the customer.
Known Limitations
Manual Configuration For Customer Proxy Servers
The Galileo SSL proxy service will usually connect through cusotmer proxy servers. However, in the case where the service does not connect, the following changes may be required.
-
Use Notepad to open and edit c:\program files\galileo\ssl\SSLClientService.exe.config
-
Locate the <appSettings> section of the file
-
Add the following two lines to the end of the <appSettings> section
<add key="Proxy Server Address" value="your.proxy.server's.name.here" />
<add key="Proxy Server Port" value="port#.for.https.here" />
-
Use the name or IP address of your proxy server on the fist line
-
Enter the port # your proxy server uses for forware SSL (https) traffic on the second line
-
Note, the syntax is CRITICAL, including spaced, quotes ("), etc.
Advantages
- Agencies are able to work as they do today using the same Client ID and GTIDS
- No additional onsite hardware required
- No server based software required
- No special network routing required
- No special firewall or router rules required
- Most routers and firewalls allow this type of connection without any special configuration.
- No design limit to the number of SSL connections through a standard router - performance limited only by ISP bandwidth
- No credential challenge on connection breaks
- The Galileo SSL service eliminates the need for the Nortel VPN software which is used in conjunction with what is referred to as "FocalpointNet".
Galileo SSL Version Info
Current Version is 01.00.0010, released on 29, 2009
Minimum Requirements
- Internet Access
- Windows 7
- Windows Vista
- Windows XP, SP2
- Windows 2000 Professional, SP3
- Windows Server 2003 or above if using Terminal Services or Citrix to run Galileo Desktop.
- Galileo Desktop 1.01 or higher.
- Galileo Desktop v2.2 is recommended on 64-bit versions of Windows
- Focalpoint 3.5 with Viewpoint 3.0 is also supported but not recommended.
Please note, the person doing the installation must have administrative rights to the computer.
Known Issues:
- Microsoft .Net 2.0 or above needs to be installed, if not present, the installation process will attempt to automatically download and install this software from Microsoft and and then complete the installation of the Galileo SSL service.
- On 32-bit versions of Windows XP, “Microsoft Installer 3.1 v2” or above must be installed on the computer. See (KB893803)” for details and to obtain this software.
- On 32-bit versions of Windows. If you are having difficulty using Windows Updates to download and install the Microsoft .NET v2.0 service, you may download and install this software directly form Microsoft at http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&DisplayLang=en
- On 64-bit versions of Windows. If SSL appears to have installed properly but you have no connection to Apollo.
- IMPORTANT, the 32-bit and 64-bit versions of .NET v2.0 ARE DIFFERENT and there are different links above for the appropriate version for your copy of Windows.
Support
The North American Help Desk can assist you with all SSL related questions. Help Desk specialists are available to you 7 days a week, 24 hours a day by calling your normal support phone number.
Contracting
The use of the Galileo SSL service is a contractual item. If you are interested in using this type of connection, please contact your Travelport sales manager for information on pricing and implementation time frames.
Download
Before you can download the software, you must complete the following form. Upon completion of the form, you will be taken to a download page. Remember, while you can download the Galileo SSL service software, you will not be able to use it for your connection to Galileo's host systems until the appropriate contractual work has been completed.
Frequently Asked Questions (FAQ)
Click here for a list of Frequently Asked Questions (FAQ)
Version 01.00.0010 Release Notes
- Resolves problem with GPM “streaming” BOOTP messages when configured with a workstation-only Client ID
Version 01.00.0008 Release Notes
- Added support for 64-bit versions of Windows
Release Notes For All Versions