CA Single Sign-On and Citrix
NetScaler: Quickly Adapt to
Your Dynamic Authentication
Demands
CA Technologies and Citrix® have partnered to integrate their
complementary, industry-leading solutions: CA Single Sign-On
and Citrix NetScaler®. Combined, these solutions enable you to
deliver a streamlined user experience that boosts convenience
and productivity. At the same time, these solutions provide the
centralized, comprehensive capabilities that enable administrators
to more consistently enforce strong security policies—and save
time in the process.
Executive Summary
Today’s IT and security teams have to contend with more sophisticated and targeted threats, while at the same time managing a rapidly growing and increasingly complex set of services and technologies, including on-premise infrastructure, mobile devices and applications, virtualized machines, cloud services and more. While the demands are proliferating, staff and budgets are not, which means an urgent premium will be placed on finding platforms and solutions that offer flexible integration and cost efficiency.
CA Technologies and Citrix deliver integrated solutions that enable your organization to address expanding authentication and single sign-on (SSO) requirements, with unprecedented efficiency.
CA Single Sign-On (formerly CA SiteMinder) offers flexible, secure access management capabilities that complement the NetScaler platform. With these integrated solutions, you can address your critical security mandates and support more use cases, deployment types and users.
Combined, CA Single Sign-On and NetScaler enable your organization to strengthen security, without compromising the user experience or business agility. These solutions enable centralized, highly efficient security administration, so IT and security teams can apply more granular security policies, and more quickly adapt them to changing business requirements and security threats.
Challenge
Today, your organization, and virtually every business in every industry, is competing in an emerging application economy. In the application economy, the customer experience, operational performance and the ultimate success of a business are all increasingly being driven by the quality and performance of applications.
To address their businesses’ evolving and urgent application demands, IT organizations need to quickly adapt to the following requirements:
• More diverse computing models. Today’s applications rely on an increasingly diverse mix of on-premise infrastructure, externally hosted platforms, SaaS offerings, IaaS environments and more.
• More devices. As bring your own device (BYOD), mobile app stores and tech
consumerization continue to transform enterprises, it falls to IT to support virtually any device and any application–no matter where users reside or where applications are hosted.
• More flexible scaling. IT teams must gain the flexibility to both quickly scale up and scale down to support changing requirements.
• More controls. Weak, single-factor authentication continues to be exploited, leading to costly breaches and failed compliance audits. Security teams must be able to institute stronger access controls to combat increasingly sophisticated and targeted threats, and continue to adapt as threats evolve.
As they seek to respond to these increased demands, many IT organizations are being hampered by their current platforms and technologies. These groups are slowed by operational silos, lacking integrated, standardized platforms for managing service delivery across all the models,
environments and use cases that have to be supported. Having separately managed application access, security policies, identity stores and business logic creates significant challenges:
• Inconsistent policy enforcement. Working with disparate, disjointed systems, it gets increasingly difficult to apply policies in a consistent fashion and track policy compliance.
• High costs and administrative overhead. Stuck with supporting disparate systems, IT teams contend with high licensing costs, redundant administration efforts, manual correlation and reporting, time consuming compliance monitoring and so on.
• Poor user experience. Users have to contend with an increasing number of unique credentials and login processes, which either means hassling with password resets or resorting to such
ill-advised approaches as storing passwords insecurely or using the same password for many services.
Opportunity
CA Technologies and Citrix deliver integrated solutions that enable organizations to address proliferating authentication and SSO requirements, and to do so with unprecedented efficiency.
Combined, these solutions deliver a standardized, comprehensive platform that enables IT organizations to unify policy enforcement, consolidate management and more fully leverage SSO capabilities and benefits.
NetScaler
NetScaler is an advanced solution for delivering both applications and services. An inline
appliance that sits between users and applications, NetScaler provides extensive high availability, security and performance optimization capabilities. In this way, NetScaler enables IT teams to apply security policies in a uniform fashion and ensure users can access applications whenever needed.
NetScaler SDX
NetScaler SDX™ is a service delivery networking platform for enterprise and cloud data centers.
Through its advanced, virtualized architecture, NetScaler SDX can run multiple fully isolated, fully independent NetScaler instances on a single appliance. The platform features unified, central
Part of the CA Technologies authentication suite
CA Single Sign-On can be integrated with other authentication solutions from CA Technologies, including these offerings:
• CA Strong Authentication (formerly CA AuthMinder). This multi-factor
authentication system enables you to deploy and manage a wide range of authentication methods, from passwords and knowledge-based authentication (KBA) to two- factor software tokens or hardware credentials. The platform also supports outof-band authentication methods, for example, enabling the delivery of one-time passwords (OTP) via SMS, email or voice.
• CA Risk Authentication (formerly CA RiskMinder). CA Risk Authentication offers a transparent layer of protection against identity theft, data breaches and fraud. This is a powerful, adaptive authentication solution that works in real time to evaluate context, calculate risk, recommend actions and provide alerts and case management capabilities. In evaluating risk, the product can examine many factors, including device identification, geolocation, IP address and user activity.
• CA Mobile Access Gateway. The CA Mobile Access Gateway simplifies the process of applying internal data, application and security
infrastructure to mobile users and technologies. The product offers integrated security and management controls that help enterprises safely and reliably expose internal assets as mobile APIs. With these capabilities, organizations can address the challenges mobility presents in such areas as identity, security, optimization and integration.
Figure A.
Through the combined solution integration, administrators can provision and monitor CA Access Gateway instances through the NetScaler SDX interface.
CA Single Sign-On
CA Single Sign-On offers advanced access management capabilities that complement NetScaler and NetScaler SDX. The solution offers a way to centrally and efficiently control access
management across all your organization’s applications and Web services. Your users can gain the convenience of SSO when accessing any of your organization’s applications. Further, CA Single Sign-On offers broad support for:
• Multiple device form factors, including laptops, phones and tablets.
• Multiple applications and platforms, including SaaS, native mobile applications, Web applications and more.
NetScaler SDX
NetScaler SDX™ is a service delivery networking platform for enterprise and cloud data centers.
Through its advanced, virtualized architecture, NetScaler SDX can run multiple fully isolated, fully independent NetScaler instances on a single appliance. The platform features unified, central controls for provisioning, monitoring and management of NetScaler instances, as well as
best-in-class services provided by Citrix alliance partners.
• Multiple SSO approaches and architectures, allowing you to support SSO via Web agents, proxy agents, agent-less implementations, SAML or REST authentication and authorization Web services and more.
Above and beyond its SSO capabilities, CA Single Sign-On can also enable effective
management of your users’ sessions by providing coarse or fine-grained authorization, centralized auditing and timeout management. In addition, the solution enables administrators to enforce controls over which applications use SSO and which ones require step-up authentication.
Seamless integration with NetScaler SDX
CA Single Sign-On is seamlessly integrated with the NetScaler SDX platform. CA Single Sign- On features CA Access Gateway (formerly CA SiteMinder Secure Proxy Server). CA Access Gateway is a component that can be deployed in a standalone fashion as well as directly on the NetScaler SDX platform. Through this integration, your organization can leverage fully
consolidated services for application delivery and SSO. CA Access Gateway can be provisioned and monitored directly through the NetScaler SDX administrative console. Once the provision command has been submitted, NetScaler SDX will automatically create a virtual machine with a CA Access Gateway instance installed. Through this approach, your organization can gain complete flexibility in
right-sizing your implementations. Further, this on-device deployment yields high performance and low latency.
Sample use cases
Use case 1: Leveraging CA Single Sign-On for consolidation
CA Single Sign-On provides a flexible deployment architecture. IT teams can either deploy Web agents or CA Access Gateway to enforce policy-based protection of Web resources. However, in a large enterprise deployment, scores of Web agents or gateways may need to be employed, which can result in significant administrative overhead, high infrastructure costs and architectural complexity. By deploying multiple instances of CA Access Gateway on NetScaler SDX, IT teams can efficiently utilize all of CA Single Sign-On’s SSO capabilities within their NetScaler
environments.
Through this implementation approach, organizations can realize a range of advantages:
Figure B.
CA Single Sign-On consolidates a number of SSO capabilities, and enables streamlined implementation in NetScaler environments.
Figure C.
CA Single Sign-On can deliver SSO convenience to users in NetScaler environments.
• Consolidation. By leveraging the comprehensive functionality of CA Access Gateway—and deploying the product as virtualized instances running on NetScaler SDX—organizations can reduce the number of Web agents that need to be deployed. This approach limits the need for a separate application server or servlet engine that houses federation endpoints. In addition, this enables organizations to centrally enforce policies on Web applications, Web services and REST API-based mobile applications. As a result, organizations can combat infrastructure sprawl, reduce administration overhead and boost application response and availability.
• Security. Security teams can implement session linking to further enhance application security, and they can leverage enhanced session assurance to defend against “man-in-the- middle” and session hijacking threats.
• Device flexibility. These solutions enable organizations to implement additional session schemas—including DeviceID, SSL ID and mini cookies—to support modern, lightweight browser clients used in smart phones and tablets.
Use case 2: CA Single Sign-On as authentication and SSO provider for NetScaler
CA Single Sign-On is a versatile Web access management offering that can support a broad range of authentication and authorization requirements. By harnessing the integration between CA Single Sign-On and NetScaler, your organization can provide users with a consistent and enhanced experience, while utilizing a central authentication platform. Following are a few advantages this approach provides:
• Cross-platform browser support. Where possible, all Web resources protected by CA Technologies solutions are accessed from a browser, including browsers in Citrix- hosted Windows sessions.
• SSO convenience. Users get SSO access into all resources enabled by CA Technologies and Citrix platforms.
• Unified management. All resources are exposed within Citrix user interfaces, enabling cohesive management across an enterprise.
Typically, users will work within their browser, or use Citrix Receiver™ or Worx clients. In figure C, a Citrix Receiver or Worx client is shown leveraging CA Single Sign-On capabilities via CA Access Gateway integration with NetScaler SDX. CA Single Sign-On can be used to protect downstream resources through a number of authentication mechanisms, including basic, forms- based, federated identities, multi-factor authentication and so on. Once the user is
authenticated, an SMSession cookie is passed to NetScaler SDX and retained in the NetScaler Cookie Jar. When the user makes subsequent requests for resources that are secured through CA Single Sign-On, SSO will be enabled through the validation of the SMSession cookie.
Benefits
By leveraging the combination of CA Single Sign-On and NetScaler, your organization can realize significant benefits:
• Gain enhanced efficiency and agility. These solutions enable you to streamline administration and centrally manage authentication and authorization across all your distributed services and applications, so you can gain more efficiency and adapt faster to evolving business and technical requirements. For example, through the deployment of CA Access Gateway as a virtual appliance on NetScaler SDX, administrators can dynamically add or remove instances, according to changing demands.
• Tailor security policies. These solutions enable your organization to employ policies in a very granular fashion. Gain the visibility and controls you need to align security mechanisms to address different threats, groups, use cases and assets.
• Boost security and user productivity. With CA Single Sign-On, your IT teams can gain centralized visibility and more uniformly enforce strong security policies, while giving users con venient access to all their business applications.
• Leverage NetScaler investments. Through their integrated solutions, CA Technologies and Citrix help your organization maximize the value of your existing NetScaler and NetScaler SDX investments. You can add sophisticated SSO capabilities to your environment, while working with a single, centralized platform. Your organization can more fully harness the throughput and performance of the NetScaler SDX platform. In addition, you can fully exploit the benefits of virtualization, such as on-demand scalability, efficient load management and high availability.
• Reduce cost of ownership. Through the solution integration, your organization can enjoy faster, easier installation and upgrades. Further, you can gain additional capabilities without having to deploy and support a separate appliance, which offers both near- and long-term savings in administrative costs and efforts.
Conclusion
Your organization already has to support a lot of users, use cases, devices and delivery models and more are undoubtedly on the way. With solutions from CA Technologies and Citrix, your organization can leverage the centralized, standardized capabilities that deliver breakthroughs in administrative efficiency. With these capabilities, your organization can support its increasing demands and address emerging threats.
For more information on CA Single Sign-On, you can visit ca.com/single-sign-on. To learn more about the integration of CA Single Sign-On and NetScaler, please visit the Citrix Ready Xchange.
Corporate Headquarters Fort Lauderdale, FL, USA
Silicon Valley Headquarters Santa Clara, CA, USA
EMEA Headquarters Schaffhausen, Switzerland
India Development Center Bangalore, India
Online Division Headquarters Santa Barbara, CA, USA
Pacifi Headquarters Hong Kong, China
Latin America Headquarters Coral Gables, FL, USA
UK Development Center Chalfont, United Kingdom
About Citrix Ready
Citrix Ready identifies recommended solutions that are trusted to enhance the Citrix Delivery Center infrastructure. All products featured in Citrix Ready have completed verification testing, thereby providing confidence in joint solution compatibility. Leveraging its industry leading alliances and partner eco-system, Citrix Ready showcases select trusted solutions designed to meet a variety of business needs.
Through the online catalog and Citrix Ready branding program, you can easily find and build a trusted infrastructure. Citrix Ready not only demonstrates current mutual product compatibility, but through continued industry relationships also ensures future interoperability. Learn more at www.citrix.com/ready.
About CA Technologies
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management
