• No results found

MetaFrame Secure Access Manager is the most cost-effective way to get secure, personalized access over the Web to applications and information

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "MetaFrame Secure Access Manager is the most cost-effective way to get secure, personalized access over the Web to applications and information"

Copied!
30
0
0

Loading.... (view fulltext now)

Download now ( 30 Page )

Full text

(1)

How Citrix MetaFrame

Secure Access Manager Works

How Citrix MetaFrame

(2)

MetaFrame Secure Access Manager is the most

cost-effective way to get secure, personalized

access over the Web to applications and

information

MetaFrame Secure Access Manager is the most

cost-effective way to get secure, personalized

access over the Web to applications and

(3)

MetaFrame Secure Access Manager

MetaFrame Secure Access Manager

Secure access to any application or information

over the Internet

Single-point access to enterprise resources

Personalized, role-based user experience

Easy deployment and management

Secure access to any application or information

over the Internet

Single-point access to enterprise resources

Personalized, role-based user experience

(4)

Secure access to any application or

information over the Internet

Secure access to any application or

information over the Internet

Access application & information from anywhere

Without the cost or complexity of a traditional VPN

How does it work?

Standards-based encryption over the Internet

Minimal client configuration

Support for 2-factor authentication

Firewall traversal

Support for fault tolerance

Access application & information from anywhere

Without the cost or complexity of a traditional VPN

How does it work?

Standards-based encryption over the Internet

Minimal client configuration

Support for 2-factor authentication

Firewall traversal

(5)

Single-point access to enterprise

resources

Single-point access to enterprise

resources

All the information you need aggregated in one

convenient location

Easy to find any information resource - within the

enterprise or across the web

How does it work?

All information and applications

delivered to a single point

Familiar browser interface

Search and index functionality

All the information you need aggregated in one

convenient location

Easy to find any information resource - within the

enterprise or across the web

How does it work?

All information and applications

delivered to a single point

Familiar browser interface

(6)

Personalized, role-based

user experience

Personalized, role-based

user experience

Organize your access environment for optimal

productivity and efficiency

Ensure the right people can easily access the right

information and applications

How does it work?

Role definition

Role-based access

Personal user interface

Persistent user configurations

International content support

Organize your access environment for optimal

productivity and efficiency

Ensure the right people can easily access the right

information and applications

How does it work?

Role definition

Role-based access

Personal user interface

(7)

How does this compare

to web interface?

How does this compare

to web interface?

MetaFrame Presentation Server web interface delivers a

list of applications

based on the user’s identity

MetaFrame Secure Access Manager

delivers applications

and

information

tailored to each user’s role

MetaFrame Presentation Server web interface delivers a

list of applications

based on the user’s identity

(8)

Easy deployment and management

Easy deployment and management

Integrates seamlessly into existing MetaFrame Presentation

Server environments

Centralizes administration to make management simple

Wizard-driven configuration means little to no programming

to implement

Offers flexible environment

for customization

Integrates seamlessly into existing MetaFrame Presentation

Server environments

Centralizes administration to make management simple

Wizard-driven configuration means little to no programming

to implement

(9)

The User Perspective

The User Perspective

Access Center

Favorites List:

List of external and/or internal Web sites

Program Neighborhood:

Published applications available to the individual user from MetaFrame XP Presentation Server farm

Web Site Viewer:

Securely view and browse internal or external web content

(10)

The User Perspective

The User Perspective

Search CDA:

Allows users to search Web sites and file shares, returns only content and files accessible by individual user, and provides search results by relevancy

Content Delivery Agents (CDAs)

(11)

The User Perspective

The User Perspective

Search CDA:

Allows users to search Web sites and file shares, returns only content and files accessible by individual user, and provides search results by relevancy

(12)

The User Perspective

The User Perspective

ICA Applications:

(13)

Content Delivery Agents

Content Delivery Agents

CDAs deliver data, applications, documents, and

services to the an access center, including

MetaFrame XP published resources

Internal or external Web sites and applications

Documents and network resources

User access to different CDAs is administrator

controlled.

Custom agents can be created using SDK’s in

the form of scripts, or can incorporate Microsoft

Web Part (.dwp) files.

CDAs deliver data, applications, documents, and

services to the an access center, including

MetaFrame XP published resources

Internal or external Web sites and applications

Documents and network resources

User access to different CDAs is administrator

controlled.

(14)

Access Server Farm

Access Server Farm

Authentication Service / STA

Agent Servers

(load balanced)

Database

Server

Index

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Web

Servers

Enterprise

Resources

State

Server

Remote

Users

Internal

(15)

State Server

State Server

Authentication Service / STA

Agent Servers

(load balanced)

Database

Server

Index

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Web

Servers

Enterprise

Resources

Remote

Users

Internal

Users

State

Server

The State Server is the primary server in the farm, and maintains:

session information

server-farm configuration data,

critical access center data and user configurations.

(16)

Agent Servers

Agent Servers

Authentication Service / STA

Database

Server

Index

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Web

Servers

Enterprise

Resources

State

Server

Remote

Users

Internal

Users

Agent Servers

(load balanced)

Agent Servers handle CDA execution and generation of Access Center pages.

can be installed on web servers or stand alone

(17)

SQL Database Server

SQL Database Server

Authentication Service / STA

Agent Servers

(load balanced)

Index

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Web

Servers

Enterprise

Resources

State

Server

Remote

Users

Internal

Users

Database

Server

SQL database required to store configuration information (existing SQL server can be used):

Microsoft SQL Server 7.0 or 2000

Microsoft Data Engine (MSDE)

(18)

Web Servers

Web Servers

Authentication Service / STA

Agent Servers

(load balanced)

Database

Server

Index

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Enterprise

Resources

State

Server

Remote

Users

Internal

Users

Web

Servers

Web Servers are used to format and serve Access Center content to users.

requires Microsoft IIS 5.0 or higher

installs Web server extensions and Access Center

(19)

Index Server

Index Server

Authentication Service / STA

Agent Servers

(load balanced)

Database

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Web

Servers

Enterprise

Resources

State

Server

Remote

Users

Internal

Users

Index

Server

The Index Server indexes and allows searching of:

Web content (Internet or intranet)

(20)

Secure Gateway

Secure Gateway

Agent Servers

(load balanced)

Database

Server

Index

Server

MetaFrame

XP farm

Access

Management

Console

Web

Servers

Enterprise

Resources

State

Server

Remote

Users

Internal

Users

Authentication Service / STA

Secure

Gateway

Secure access to enterprise resources and applications

Transparently encrypts communication

Authenticates all user connections

Ticket-based connection authentication (STA)

Certified for Windows 2000 Server or Windows Server 2003

Secures access to

MetaFrame XP published resources

Web servers in the access server farm

(21)

User/Web Client Browser

User/Web Client Browser

Authenticati

on Service /

STA

Agent Servers

(load balanced)

Database

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Web

Servers

Enterprise

Resources

State

Server

Index

Server

Allows users to see the Access Interface. Requires:

Internet Explorer 5.0 SP2 and above, or

Internet Explorer 6.0 SP1 and above, with

JavaScript execution permission on client-side, and

Active-X permissions for Gateway Client

Remote

Users

Internal

(22)

Simplified Access Center

Communication

Simplified Access Center

Communication

Authenticati

on Service /

STA

Agent Servers

(load balanced)

Database

Server

Index

Server

MetaFrame

XP farm

Access

Management

Console

Secure

Gateway

Enterprise

Resources

State

Server

Remote

Users

Internal

Users

1. The client’s Web browser requests the page from the Web server.

2. The Web server contacts an agent server (based on an internal

load-balancing algorithm) for the page content.

3. The agent server contacts the state server for configuration

information.

4. The agent server builds the page from the required CDAs (based

on the request and the users access privileges) and sends the built page in XML format to the Web server.

5. The Web server converts the XML to HTML and sends it to the

client’s Web browser. The client’s Web browser processes and renders the page.

(23)

F

ire

w

a

ll

F

ire

w

a

ll

MSAM External Login Data Flow

Web Browser Web Browser MSAM Access Center MSAM Access Center logon agent logon agent Authentication Service Authentication Service secure gateway secure gateway

DMZ

Internet

Internal

Internal Web Server Internal Web Server

HTTP/S

1

HTTP

2 3

XML-HTTP/

S

4 5 7

SSL/443

8 9 6

HTTP/S

10 11

1. The user enters the URL of the SG server which scans the HTTP

request for a session ticket in a cookie header.

2. As this is the first login there is no session ticket and the HTTP

request is forwarded to the Login Agent

3. The login form is sent to the user, and the user completes their logon

details

4. The logon agent uses a SOAP XML request to the Authentication

Service to validate the credentials, and then returns a ticket

5. Upon successful authentication, the Authentication Service returns:

Session cookie

Redirection URL

Other cookies required by SAM

List of allowed internal web servers

6. The client browser redirects itself to the URL provided by the

Authentication Service.

7. The Gateway Client is downloaded and initialized.

8. The Gateway Client gets the HTTP request and notices its destination

is on the list of internal servers to redirect through the SG server. A secure connection is established to the SG server using SSL/TLS.

9. The SG server verifies the session ticket against its internal cache. If

the session ticket is not present in the internal cache, it will consult the Authentication Service.

10. The SG server consults its list of internal server names to verify that specified destination server is on it. It opens a connection to the indicated port on the MSAM access center server.

11. Every time a URL is entered in the client browser, the Gateway Client

checks to see if it is an internal server. If an internal server is entered, the Gateway client forwards the address to the SG server, which consults its list of internal server names to verify that specified destination server is on it and opens a connection to the indicated port on the target web server.

gateway client

(24)

F

ire

w

all

F

ire

w

all

Web Browser Web Browser MetaFrame Presentation Server Farm MetaFrame Presentation Server Farm Secure Ticket Authority Secure Ticket Authority secure gateway secure gateway

DMZ

Internet

Internal

Program Neighborhood CDA Program Neighborhood CDA ICA client ICA client

MSAM Application Launch

MSAM Application Launch

gateway client

gateway client

80/443

XML

0. The user logs in to the Access Centre as described in the previous slide

1. When the Program Neighborhood CDA loads it uses XML to query the

MetaFrame Presentation Server farm for a list of available applications for that user

2. The user launches an application and the Program Neighborhood CDA

queries the MetaFrame Presentation Server farm to discover which server to use. MetaFrame Presentation Server uses load balancing techniques to determine which server will be used.

3. The Program Neighborhood CDA contacts the Secure Ticket Authority and

exchanges the destination server internal address for a ticket.

4. The ticket is returned to the browser as an entry within the ICA file which in

turn contains the address for the server replaced by the address for the secure gateway.

5. Downloading the ICA file launches the ICA client.

SSL

443

6. The ICA client makes an SSL connection to the Secure Gateway.

7. The Secure Gateway contacts the Secure Ticket Authority via XML and

validates the ticket. If the ticket is valid the destination MetaFrame Presentation Server for the application is returned.

valid

8. The Secure Gateway server forwards the connection to the destination

server as native ICA (port 1494).

(25)

Providing Access to

Traditional Applications

Providing Access to

Traditional Applications

MetaFrame-enabled applications

MetaFrame XP for Windows

MetaFrame for UNIX

Access Options:

Program Neighborhood CDA - Multi-Farm support

Embedded Applications – Run in a web page

Access Center menu – Application list by login

File-Type Association – Click and run application access

MetaFrame-enabled applications

MetaFrame XP for Windows

MetaFrame for UNIX

Access Options:

Program Neighborhood CDA - Multi-Farm support

Embedded Applications – Run in a web page

Access Center menu – Application list by login

(26)

Providing Access to

Web Applications & Resources

Providing Access to

Web Applications & Resources

To provide unified access to:

Web-based applications

ASP applications

Intranet, Extranet and Internet Resources

Web-based reporting tools

Access Options:

Web Site Viewer – embed Web pages

Web Favorites – list of Web-based content

Integration to:

Microsoft Sharepoint Portal Server

Microsoft Web Forms

Documentum

Stellent

To provide unified access to:

Web-based applications

ASP applications

Intranet, Extranet and Internet Resources

Web-based reporting tools

Access Options:

Web Site Viewer – embed Web pages

Web Favorites – list of Web-based content

Integration to:

Microsoft Sharepoint Portal Server

Microsoft Web Forms

Documentum

Stellent

* third party CDAs

eRoom

Bantu

* –

Sitescape

*

eRoom

Bantu

*
(27)

Providing Access to

Documents and Information

Providing Access to

Documents and Information

To provide simplified access to:

Network file shares

Document Management

Indexed information and knowledge

Access Options:

Shared Documents – point to any UNC path

Wed Site Viewer – integrate web-based reports/docs

Internet Search – search the internet

Microsoft Sharepoint Portal Server integration

Other document management applications

To provide simplified access to:

Network file shares

Document Management

Indexed information and knowledge

Access Options:

Shared Documents – point to any UNC path

Wed Site Viewer – integrate web-based reports/docs

Internet Search – search the internet

(28)

Providing Access to

Database Information

Providing Access to

Database Information

To provide access to:

Custom/queried views

Web-based reports

Access Options:

Database Viewer – custom SQL views/dynasets

Web Site Viewer – HTML reports

Microsoft Spreadsheet Web Part – Spreadsheet views

File-type association – Proprietary formatted reports

To provide access to:

Custom/queried views

Web-based reports

Access Options:

Database Viewer – custom SQL views/dynasets

Web Site Viewer – HTML reports

(29)

Hardware Requirements

Hardware Requirements

Single-server installation

Server: 700 Mhz, 2Gb Ram

Components: Web, Agent, State, DB Server

Advantage

: quick deployment, minimal hardware

requirements, suitable also for development

environment

Multi-server installation

Server standard: 700 Mhz, 1Gb Ram

Servers: Web/State(1), Agent(2), SQL (1)

Advantage

: built in redundancy, increased user loads.

Single-server installation

Server: 700 Mhz, 2Gb Ram

Components: Web, Agent, State, DB Server

Advantage

: quick deployment, minimal hardware

requirements, suitable also for development

environment

Multi-server installation

Server standard: 700 Mhz, 1Gb Ram

Servers: Web/State(1), Agent(2), SQL (1)

(30)

Thank You!

Thank You!

References

Download now ( PPT - 30 Page - 2.40 MB )

Related documents

Detecting Sequence Number Collector Problem in Black Hole Attacks in AODV Based Mobile Adhoc Networks

In order to overcome this defect, a new detection method based on checking the sequence number in the Route Reply message by making use of a new message originated by

Device Driver Fault Simulation Using KEDR

To test system for availability and reliability firstly we should have fault injection frame work or fault simulation frame work to inject or simulate faults

Image Denoising Using Curvelet Transform Using Log Gabor Filter

Grace Chang, Student Member, IEEE, Bin Yu, Senior Member, IEEE, and Martin Vetterli, Fellow, IEEE,” Adaptive Wavelet Thresholding for Image Denoising and Compression ,”

Out, Creative and Questioning: Reflexive Self Representations in Queer Youth Homepages

Girls and trans youth are articu- lating young queer self-representa- tions in boldly innovative ways.. Queer girls complicate the very assumptions and categories ofwhat

The Women's Health Movement: Looking Back and Moving Forward

The Commission report itselfwas also lacking in almost any mention of women's health issues and con- cerns (National Coordinating Group on Health Care Reform and Women,

REMOVAL OF BYZANTINE ATTACKS IN ADHOC NETWORKS

The security of the data transmission can be increased by selecting most secured routes in Active Path Set (APS).To improve the performance of the secured message

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Akhil Tiwari will be graduating with a Bachelor's Degree in Engineering in computer science from Veermata Jijabai Technological Institute, Mumbai (India) in 2012. His areas

Hospital Based Responses to Woman Abuse: How Well Are We Doing?

In 1988 Canada launched a four- year Family Violence Initiative (FVI) to address the health, social, and justice issues related to family violence, including woman abuse.. T