Citrix Access Gateway
U N I V E R S A L S S L V P N P R O V I D E S U S E R S T H E B E S T A C C E S S E X P E R I E N C E T O A L L A P P L I CAT I O N S A N D R E S O U R C E S .
Citrix Access Gateway™ is a universal SSL VPN appliance that combines the best features of IPSec and typical SSL VPNs – without the costly and cumbersome implementation and management – to make access easy for users, secure for the company, and low-cost for the IT department. The Access Gateway provides a secure, always-on, single point of access to any information resource. It works through any firewall; supports all applications and protocols, including IP telephony; is fast, simple and cost-effective to deploy and maintain via its Web-deployed, auto-updating client; and ensures that devices meet company security standards with a worm-blocking client and integrated end-point scanning.
The Access Gateway automatically and seamlessly reconnects users to their applications when they change locations and devices, and gives them the same access experience they have at the desktop.
Citrix Access Gateway provides secure access to any application hosted on Citrix Presentation Server™, as well
as distributed Windows®and UNIX®applications,
direct-access Web applications, network file shares, data and collaboration services, and even telephony services using VoIP softphones.
With the addition of the Advanced Access Control option, the IT organisation can utilise sense and response
capabilities to not only provide or deny access to appropriate applications, but also control the level of user action rights for each application or resource accessed.
Citrix Access Gateway
Secure, Scalable Access for Mobile Professionals
The South Carolina Department of Probation, Parole and Pardon Services (SCDPPPS) is responsible for helping motivated offenders succeed in their communities within the framework of public safety. The organisation needed to give its mobile professionals secure access to the network to retrieve case-related information. But its IPSec VPN
presented firewall traversal issues and created heavy support demands. SCDPPPS implemented the Citrix Access Gateway, which offered a competitive price, simple and rapid implementation, and an easy-to-use client that eliminated manual installation and upgrades. With the Citrix solution in place, the thick-client PowerBuilder application used by SCDPPPS agents worked across firewalls without a single change to the application. Secure, Scalable Access for Mobile Professionals
T H E B E S T U S E R A C C E S S E X P E R I E N C E
The Access Gateway has an easy-to-use, automatically downloaded and updated client. There is no need for users to understand complex client software. In addition, remote users enjoy the same rich desktop application access experience as if they were physically connected to the local network. Always-on access automatically and seamlessly reconnects users to their applications and documents when they change locations and devices, or lose connectivity. And with Advanced Access Control, users connecting to an Access Gateway – whether inside or outside the network, on a clientless device, PDA, laptop or PC – are presented with the same familiar user interface.
S T R E N G T H E N D ATA S E C U R I T Y B Y M O N I TO R I N G A N D
R E G U L AT I N G U S E R A C C E S S
The Access Gateway client hides the internal network addressing scheme and, in combination with split tunnelling control, effectively blocks common network worms. A combination of login and continuous, real-time endpoint scanning ensures that the user device remains safe for connection to the corporate network.
With the addition of the Advanced Access Control option, your IT organisation can utilise sense-and-respond capabilities to not only grant or deny access to appropriate applications, but also control what the user can do with the information. For example, based on the access device and/or location, organisations can control whether users are allowed to view, print, edit or save information.
S I M P L I F Y A D M I N I S T R AT I O N A N D L O W E R C O S T S
The Citrix Access Gateway universal SSL VPN dramatically reduces management complexity compared to traditional approaches. Administrators can quickly and easily install, configure and deploy the Access Gateway without compromising security. This results in greatly improved cost of ownership. User access is delivered without the cost and complexity of installing, configuring, updating and supporting client software on each device. The client software is automatically downloaded when a user connects to the gateway, so users always receive the latest version.
T H E B E S T R E M OT E A C C E S S S O L U T I O N
The Citrix Access Gateway universal SSL VPN is the best remote access solution – no other SSL VPN offers such an efficient and cost-effective remote access experience. Citrix Access Gateway can be deployed with or without Citrix Presentation Server™. Don’t confuse the Access Gateway with typical SSL VPNs that offer only half the solution – remote access, but not policy-based granular control over what users are permitted to do with your company’s valuable information.
Citrix Access Gateway Specifications
Trust the Leader in Secure Information Access
Citrix has been focused on delivering remote access solutions since 1989. Using our experience from working with more than 160,000 customers, we’ve developed the Citrix Access Gateway universal SSL VPN.
YOUR USERS will enjoy a consistent, seamless access experience comparable to working from the office, even when they’re located outside the corporate network.
YOUR IT DEPARTMENT will say goodbye to the cost and complexity of installing, configuring, updating and supporting complex VPN solutions and client software.
YOUR ORGANISATION can rest easy knowing that access to corporate data is secured across the network and on every device.
S P E C I F I C AT I O N SOptions
• Advanced Access Control
• Concurrent users
• 12 months – can be extended
Access Gateway Client
• Automatic download and update
• Hides internal IP addresses and DNS names (prevents worm traversal)
• Split tunnelling control
• Integrated end-point scanning
• Automatic reconnection and session reliability
• Deploys with or without PC admin rights
•Microsoft Active Directory
•Client Side digital certificates
•Secure Computing SafeWord®tokens
•Session Length: 128 bit,168 bit
•Ciphers: RC4, 3DES
•Hash: MD5, SHA1
Management and Reporting
•Logging to remote SYSLOG server
•Java™-based administration console
•Windows-based administration Tool
A P P L I A N C E H A R D WA R EPower
•Thermal control 260W AC power supply
•AC Voltage: 100-240V, 60-50Hz, 5-3 Amp Drives • 40 gigabyte HDD • 1 x 32x CD-Rom drive •1 x 3.5” 1.44Mb floppy drive Ports •Two RJ-45 Ethernet •Dual 10/100/1000 Mbps Ethernet
•Two nine-pin serial console port
• Two USB 2.0 / 1.1 ports
•Form Factor 1U Rackmount
• Dimensions 1.7" (43mm) H x 16.8" (426mm) W x 14.1" (358mm) D
•Gross Weight 23 lbs (10.4 kg)
•Hard drive activity LED
•2x Network activity LEDs
DESCRIPTION BENEFIT FEATURE Auto-download client Kiosk mode Remote control Network ACLs SNMP Support Syslog Servers Administration console Centralised administration Advanced Access Control option Event logging Advanced Access Control option Wizard-driven installation Advanced Access Control option
Automatically downloads the client software to the device when the user connects to the gateway. Additionally, users always receive the latest version of the client software when they connect.
Enables access to web-based applications from any device or Windows applications via the Linux ICA® client.
Provides administrators with the ability to remotely troubleshoot client issues with the Access Gateway. Administrators can configure Access Control lists of allowed servers and ports.
The Access Gateway devices support SNMP for gathering health and performance metric data. The Access Gateway supports logging to remote syslog servers.
Access Gateway Administrative user interface.
Integrates with the Citrix Access Suite, allowing administrators to manage their entire Citrix access infrastructure from a single interface.
Allows organisations to log user activities – such as log on, log off, session time and resources accessed by the users – for auditing purposes.
Provides an intuitive series of click-through screens and simple instructions to guide administrators through installation and configuration.
Alleviates the burden of installing, maintaining and supporting software on the client device. Allows organisations to easily and cost-effectively extend remote and mobile access to more users. Gives users the flexibility to access company information from any device that supports a Web browser.
Allows IT organisations to quickly and efficiently resolve user access issues.
Control was resources can be accessed remotely.
Integrate with existing SNMP based network management systems.
Integrate with existing syslog servers.
Java-based management console that does not require installation of any software and is accessed via a browser. It allows fast and easy appliance installation and configuration, provides system monitoring, and aids maintenance and upgrades. Maximises efficiency of the IT organisation.
Give organisations the tools they need to track user activity.
Reduces impact on IT staff by minimising the time required to install the product.
DESCRIPTION BENEFIT FEATURE Always-On access Access centre Advanced Access Control option Support for any client device Advanced Access Control option Clientless access Advanced Access Control option Consistent user interface Advanced Access Control option
Support for small form factor devices Advanced Access Control option Secure Gateway compatibility Integrated endpoint scanning Advanced end-point analysis Advanced Access Control option
Automatically reconnects disconnected users to the gateway when network connection is restored. Provides a robust landing page for users to easily access all their applications, files, email and other IT resources.
Supports a wide range of client devices from PCs to PDAs.
Allows users to access network file shares, Web email and internal Web sites from devices that are locked down and do not permit the downloading of any software.
Allows administrators to configure any user interface, such as SharePoint or WebSphere, for use with Advanced Access Control and ensure that the view persists whether users are internal or external to the corporate network.
Intelligently and automatically optimises the delivery and display of IT resources on small devices such as PDAs.
The Access Gateway appliance supports the ICA client in a similar manner to the secure gateway feature, allowing access from any SSL enabled ICA client. Provides a combination of initial login and continuous, real-time scanning of the end-point device.
Analyses the integrity and identity of the device connecting to the network to determine if it is safe to connect.
Allows users to quickly and seamlessly reconnect to network resources without a keystroke or mouse click. Provides users with a consistent landing page whether they are accessing information from inside or outside the organisation.
Ensures that users can access information from the device of their choice – from corporate-owned laptops to home PCs and PDAs.
Increases user productivity by giving them access to corporate IT resources from any device – including kiosks and small form factor devices.
Give organisations the flexibility to choose the right interface while ensuring that users maintain a consistent experience regardless of where they access information.
Mobile users can easily access internal resources – email, file shares and documents – in a format that is easily visible.
Presentation Server users can replace the secure gateway without loss of user functionality.
Ensures that the device remains safe to connect to the network.
Ensures that devices are safe before granting them access to the network. Unacceptable devices may be denied access, quarantined or given limited access to the IT resources.
DESCRIPTION BENEFIT FEATURE Access scenario analysis Advanced Access Control option Policy-based access control Advanced Access Control option Granular resource control Advanced Access Control option Live Edit Advanced Access Control option Integration with Presentation Server policies Advanced Access Control option Blocks worm traversal
Analyses the user’s access scenario in order to tailor the appropriate level of access for the user’s
connecting environment. The Advanced Access Control option also provides administrators with the flexibility to develop custom end-point analysis or the ability to integrate with third-party solutions.
Allows organisations to enforce polices that define what resources users can access depending on their access scenario.
Controls how users can interact with applications and resources once they are given access.
Enables administrators to define flexible policies based on user identity, device and location that allow or deny saving documents to local client devices; provide preview only access to documents and enable server-based file editing without the need to download documents.
Allows administrators to control Presentation Server policies to selectively enable client-side drive mapping, cut and paste as well as local printing based on the user’s access scenario.
Hides the IP addresses of the connected network from the client workstation.
Gives organisation complete flexibility in defining access parameters for any access scenario.
Presents users with an appropriate level of access depending on who they are, what device they are using and how it is configured and the connection through which they are entering the network.
Gives administrators total control over the rights users have within applications depending on their access scenario.
Ensures that company information is not inadvertently left on any client device and that it does not leave the confines of the internal network while still giving users the flexibility to view, edit and save documents.
Seamlessly extends SmartAccess capabilities to Presentation Server applications and resources.
Reduces the threat of worms infecting the network by reading the routing tables and propagating throughout all connected networks.
DESCRIPTION BENEFIT FEATURE Supports any application or network resource Supports access from any location Optimised support for UDP based applications Disable or enable split tunneling RADIUS Authentication LDAP Authentication Secure access to Web-based email Advanced Access Control option Support for two-factor authentication Advanced Access Control option
Gives users access to any application in its native form – whether client-server or web-based. Additionally, the Access Gateway supports UDP protocol based applications, such as real-time voice traffic (softphones).
Provides access to corporate resources from anywhere and from behind any firewall.
The Access Gateway uses specific techniques to optimise the delivery of UDP based traffic, used by applications such as email and IP telephony. Administrative control on a per-group basis as to whether a user’s local network is available while a network client is active.
Authenticate users against a RADIUS server.
Authenticate users against an external LDAP server.
Provides users with secure remote access to their corporate Outlook Web Access or iNotes email.
Provides built-in support for 2-factor authentication.
Enables administrators to give users access to IT resources without the need for custom development, or the need to maintain both SSL and IPSEC VPN infrastructures.
Enables users to remain productive and get the job done from any location.
Customers do not need to continue to maintain IPSEC VPNs to support UDP based applications, such as IP softphones.
Reduces the threat of malicious attacks – by disabling split tunneling, if a remote PC is connected directly to the Web and at the same time tied into the VPN, attackers coming on from the Web could commandeer the PC and gain access to the corporate network. Organisations can leverage existing authentication directories, using open standard protocols. Organisations can leverage existing authentication directories, using open standard protocols. Improves Outlook Web Access and Lotus iNotes security by avoiding inadvertent intellectual property leakage from email attachments.
About Citrix: Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader in access infrastructure solutions and the most
trusted name in secure access for enterprises and individuals. More than 160,000 organisations around the world use Citrix every day. Our access software, services and appliances give people secure and well-managed access to business information wherever it lives – on demand. Citrix customers include 100% of the Fortune 100 companies, 99% of the Fortune 500, and 97% of the Fortune Global 500. Based in Fort Lauderdale, Florida, Citrix has offices in 22 countries, and approximately 6,200 channel and alliance partners in more than 100 countries. For more information visit www.citrix.com.
W O R L D W I D E H E A D Q U A RT E R S Citrix Systems, Inc.
851 West Cypress Creek Road Fort Lauderdale, FL 33309, USA Tel: +1 (800) 393 1888 Tel: +1 (954) 267 3000 www.citrix.com
E U R O P E A N H E A D Q U A RT E R S Citrix Systems International GmbH
Rheinweg 9, 8200 Schaffhausen Switzerland Tel: +41 (0)52 6 35 77-00 www.citrix.com E U R O P E A N S U B S I D I A R I E S Citrix Systems GmbH Am Söldnermoos 17 85399 Hallbergmoos / München Germany Tel: +49 (0)811 83-0000 www.citrix.de
Citrix Systèmes SARL
7, place de la Défense 92974 Paris la Défense 4 Cedex France
Tel: +33 (0)1 49 00 33 00 www.citrix.fr
Citrix Systems UK Limited
Chalfont Park House, Chalfont Park Chalfont St. Peter Gerrards Cross Buckinghamshire, SL9 0DZ United Kingdom Tel: +44 (0)1753 276 200 www.citrix.co.uk
Citrix Systems Benelux
Clarissenhof 3c, 4133 AB Vianen Netherlands
Tel: +31 (347) 324800 www.citrix.nl
Citrix Systems Nordic
Kalkbrænderiløbskaj 4 2100 Copenhagen Ø Denmark Tel: +45 39193400 www.citrix.dk A S I A / PA C I F I C H E A D Q U A RT E R S Citrix Systems Hong Kong Ltd.
Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central, Hong Kong
The Citrix Access Platform
Citrix products are designed to solve particular access challenges as standalone solutions. When multiple products are leveraged together, they lay the foundation of a secure, flexible, and extensible access platform.
Citrix Presentation Server™is the market leader for centralising deployment and management of enterprise applications, and
provides secure, on-demand access to users anywhere, on any device and any connection.
Citrix Access Gateway™is an advanced, easy to use, and cost effective SSL VPN with advanced access control that
manages who accesses company information and what they can do with it.
Citrix Password Manager™is the most secure, efficient and easiest-to-deploy enterprise single sign-on solution for easy
access to all applications with a single logon.
Citrix GoToMeeting™is a Web-based managed service that makes it easy for anyone to access real-time collaboration tools
and online meetings – instantly, securely and cost-effectively.
Citrix GoToAssist™ is an industry-leading remote-support solution that enables organisations to provide access to
world-class support over the Internet for customers and end users in a highly available and secure environment. Citrix GoToMyPC®is a managed service that provides secure, encrypted remote access to Windows PC desktops from any