Before Chilkat’s SSH Tunnel, your app would need to connect to a tunnel process/service running either on the local machine or on some computer on the LAN, and then tunnel out to the remote server.  It would look like this:

App ——(1)——>  TunnelService —-(2)——> SshServer —-(3)—–> SomeDestServerSuchAsSQL

You can wrap a non-encrypted TCP connection, or a TLS connection within the SSH Tunnel.
For example, if you connect with TLS, then (1) and (3) are TLS, and (2) is TLS wrapped inside SSH.
The (1) connection is within your LAN, the (3) connection is within the LAN on the server-side, and the (2) connection is over the Internet.

With Chilkat, the TunnelService is no longer a separate service running somewhere on your LAN.
Rather, it’s a background thread of your app.  Thus.. you can run your app anywhere and tunnel without needing to pre-install some SSH tunnel service on the LAN.  (In effect, you’re app is carrying the TunnelService in it’s back pocket..)