Citrix MetaFrame Secure Access
Manager:
An Overview of Administration
Citrix MetaFrame Secure Access
Manager:
An Overview of Administration
Joseph W. Baker III Systems Engineer
Citrix Systems, Inc.
Joseph W. Baker III Systems Engineer
Session Goals
• Learn what Citrix MetaFrame Secure Access
Manager is and how it works
Citrix Confidential
Non Disclosure Agreement
•
This presentation is
Agenda
• Its All about Access to My Stuff!
• Overview of Secure Access Manager
• Solution Architecture
• Management Components
• Providing out-of-the-box Access
Access to “MY” Stuff?
What is my “stuff”?
• Email• Office Applications
• CRM Applications
• Payroll
• Accounting
• Shipping & Receiving
• Trading
• Banking
• Real Estate
Citrix Confidential
Evolution?
Mainframe PC’s Client/Server Web
Services
.NET
XML
J2EE
Disparate Technologies not Silos
PC’s Mainframe
Citrix Confidential
What we do know about our stuff…
• Environments will continue to be diverse
• Web will not replace legacy overnight
• Users will need access to applications, information and services
despite the diversity
• IT Staff will need to provide timely, secure and
What we don’t know about our stuff…
• No one truly knows which technology is
going to win
• Who the major players will be in the market
• What technology a company will embrace
(ie. .Net, J2EE, Grid….)
Overview of Secure Access Manager
What is Citrix MetaFrame
Secure Access Manager?
Secure Access Manager enables
organizations to bridge the client/server,
Citrix Confidential
Secure Access Manager
Features and Benefits
• Simple
– Easy, wizard driven installation – Centralized management
• Powerful
– Information and application access – Scalable architecture
• Access
– Role-based access and User personalization – Seamless Integration with MetaFrame
Resource Aggregation
• Client/Server Applications
• Internal Documents and Libraries
• Document Management
• Collaboration Systems
• Web Applications
• Web Services
Citrix Confidential
Role-based access and
User Personalization
• Role-based Access
– Applications on demand
– Content by job role
– Interface by job role
• User Personalization
– Background Themes
– Drag and drop organization
MetaFrame Integration
Seamless integration with Citrix MetaFrame ensures Web access to all published applications
Comprehensive industry alliances bring even more
content and applications into the portal workspace
Use of Citrix ICA enables content and application
Content Applications
• Web Applications
– CDA’s, Web Parts/Forms, Gadgets
• Content Applications are to NFuse Elite as Client/Server Applications are to Windows
Menu Driven Framework
Embedded Applications Web
Citrix Confidential
Citrix Content Applications
• Integration CDA’s
– Bantu IM and Presence
– Documentum Content Mgmt.*
– eRoom Collaboration*
– Lotus Notes Web Access
– Microsoft NetMeeting Adapter
– Microsoft Outlook Web Access
– Microsoft Sharepoint
– Microsoft Web Parts Adapter
– Citrix Program Neighborhood
– Screaming Media Content (3)
– Sitescape Collaboration
– Stellent Document Mgmt.*
• Content Integration CDA’s
– Alert Broadcaster & Manager
– Database Viewer
– Embedded ICA (MetaFrame)
– Interactive Poll
– Internal Search (MS Indexing)
– Message Center
– Personnel Locator
– Shared Documents
– Web Favorites
– Web Search (Alta Vista)
– Web Site Viewer
Microsoft Web Parts
• Integration Web Parts
– Best Software
– Business Objects
– Correlate Technologies – Crystal Decisions
– Decision Support Panel
– Filenet
– Microsoft Great Plains
– Navision
– NQL – Mini Chat Client
– SAS
• Content Web Parts
– Content Sources Status – Document Status Tool
– MSNBC Weather – MSNBC News
– MSNBC Stock
– MSN MoneyCentral – MSN Search
– MSN Stock Ticker
Citrix Confidential
Web Forms
• CDA development with Visual Studio .NET
add-in
– NFuseEliteVSAddInSetup.msi
• Must install Web Form Agent on every
Agent Server
– WebFormCDASetup.msi
• Download Web Form Agent and Web Form
CDA SDK from CDN site, http://apps.citrix.com/cdn
Integration with Project Pearl
• Project Pearl Provides Real Collaboration to customers anytime anywhere
• Leverage Existing Secure Access
Manager and
Citrix Confidential
Accessing Third Party Apps
Bantu eRoom SiteScape
Collaboration Collaboration
News Web Parts
Architecture
Citrix Confidential
Access Security Overview
• Internet Security
– Secure Gateway 1.1
– Secure Gateway 2.0 (New in Megans Bay)
– NT and Active Directory Integration
– RADIUS server support
– SSL 128-bit encryption
– Secure ID Support (New in Megans Bay)
– Tunnel HTTP and HTTPS Traffic (New Megans Bay)
• Login Management
OLD Architecture Overview
MetaFrame XP Server Farm
Data Services, Data Storage
Collaboration Services Microsoft SharePoint Data Warehouse Application Data File Shares Databases E-mail XML Message Web Server Secure Access XML ISP
ISP Syndicated Content and Service
Providers
State Server
Citrix Confidential
Web Server
• Hosts the Access Interface
• Passes request to Load-balanced Agent servers
• Delivers information to user via a Web browser
• Possible methods of load balancing are:
• DNS Round Robin
Agent Server
• A logical server that runs the Secure Access Manager CDAs
• Load-balanced Content Delivery Services
(CDS)
• A server farm requires one Agent server
• Add to scale-up capacity
Citrix Confidential
State Server and Server Farm Database
•State Server
–Holds all the farm configurations
–Holds the updated farm information
–Holds end user profiles and preferences
•Server Farm Database
–Storage mechanism used by the server farm to hold configuration and settings data
New Components!
• Login Agent
– Active X login Page that provides access to Secure Access Manager
• Secure Gateway Proxy
– Deployed for two stage DMZs
– Used to mitigate multiple ports to Protected Network
• Access Client
– Active X control that allows internal Web
Citrix Confidential F ir ew al l
Secure Access Manager (Megans Bay)
F ir ew al l Citrix MetaFrame XP and/or MetaFrame for Unix Secure Gateway Service Client Workstations
Non-Secure Connectivity Authentication Access Mgmt.
Internet DMZ Internal Network
F
ir
ew
al
l
Secure Access Manager (Megans Bay)
F ir ew al l Citrix MetaFrame XP and/or MetaFrame for Unix Secure Gateway Service Client Workstations
Internet Authentication Access Mgmt.
Internet DMZ Internal Network
Management Components
Secure Access Manager Console
• Create and publish a custom MMC to
administer SQL, Secure Access Manager, IIS, etc…
– User accts accessing published PMC need admin permissions on the State Server
– MetaFrame Server hosting SAMC must be in a domain trusted by the State server domain
– Management Console.msc“
• Use one PMC to manage multiple Secure
Citrix Confidential
Aggregation of a wide range of internal and external content into a single location
Secure, role-based access to information and applications
Reduced IT costs and fast implementation add up to rapid return on
investment
Summary
Citrix Confidential
We’ve got a Solid Roadmap
• Universal and Secure Business Access
• Business Publishing
• Content Enablement
• Multi-Platform Integration
• Session-based Access
• Adaptive Interfacing
• Non-Programmatic Access
Summary
• Low Cost
• Low risk
• Simple to Manage
• Out-of-the-box Power
• Scalability
• Incredible Value add for Existing MetaFrame Customers
Citrix Confidential
Citrix Authorized Training
• With Citrix training:
– Learn tips and techniques for managing and administering Citrix software
– Obtain valuable lab time for hands-on practice
– Prepare for Citrix certification exams
– Learn quickly and efficiently in the classroom • New courses and certification include:
– CTX-7200 Citrix NFuse Elite Administration
– CTX-6100 Citrix Core Technologies and Architecture
– Citrix Certified Integration Architect (CCIA) program to be launched in Q4 2003
• Available worldwide from 350 Citrix Authorized Learning Centers (CALCs)
• To find a CALC near you, go to Training Locations from www.citrix.com/training
Thanks
