Solutions in Security
Securing Remote Access to the
Workplace Solutions
Secure Centralized Business Solutions
Following September 11 attacks as reported by reuters:
“This tragedy and others have brought home that the
security of systems, applications, and data is a very
serious issue.”
“The need before this tragedy was cost. Now, the issue
is security, which will lead to an architecture that has far
more concentration of data, processing, and applications
in secure servers, and much more lightweight, protected
access devices.”
Louis Gerstner
Virtual Workplace Solutions
Agenda
Elements of a Secure Access Solution
The Secure Citrix Virtual Workplace
Securing Remote Access using CSG 1.0
Virtual Workplace Solutions
Elements of Secure Remote Access
Secure Remote Access consists of:
• Encryption• Authentication
• Access Control
• Traffic Management
Workplace Solutions
Elements of Secure Remote Access
Encryption
• Scrambles data so that only those who have the key to read the information are able to decode the message
• Keys are protected through a key management system
• Public Key Infrastructures (PKIs)
Essential to solutions utilizing digital certificates
As solution grows in complexity and size, number of keys to be
Virtual Workplace Solutions
Authentication
• Process of verifying that the sender is actually who he/she says they are
• Various authentication methods are available
Traditional username/password authentication
RADIUS or TACACS/TACACS+ servers, LDAP-compliant directory
servers
X.509 digital certificates
two-factor schemes ( hardware tokens and smart cards)
Workplace Solutions
Access Control and Management
• Secure Connectivity without access control only protects communications — not your network
• Dictates the amount of freedom a connected user has
• Protects the components of the network
Intellectual property
Information Services
Applications
• Ensure that users have full access to what they need, but nothing more
Virtual Workplace Solutions
Traffic Control
• Network congestion can adversely affect performance
• Solution benefits will not be fully realized if users suffer from:
poor response times
gateway crashes
other network delays or failures
• Guarantee reliability and Quality of Service
• Enable managers to define policies that actively allocate bandwidth traffic based on relative merit or importance
• Ensure performance of mission-critical applications without “starving” lower priority applications
Workplace Solutions
Enterprise Management
•
Ability to manage increasing complexity is crucial.
•
Imperative that the remote access can be managed from the
same integrated console as the rest of the organization's
security elements.
•
“Extended Enterprise” has increased the number of
applications, users, and IP addresses in use across many
organizations.
•
A true enterprise secure remote access solution must be
able work across multiple platforms in order to be effective.
Secure Access Solution
Workplace Solutions
Citrix Systems…
Who are we?
• We are the application access and deployment company
• We provide application deployment solutions for today’s web and
wireless world
• We provide security solutions for your extranet and internet access
• We provide centralized application and information access solutions
to help make your business more productive
Virtual Workplace Solutions
What is the Virtual Workplace?
The Virtual Workplace is…
• Having access to all of the information you want and need in order to do your job
• Getting that information to come to you, rather than having to go out and find it
• Having access to any applications and tools necessary to manipulate that information
• Having secure access to corporate resources from any computer, anywhere, regardless of your bandwidth, hardware, network
connection, or operating system
Workplace Solutions
Citrix Product Overview
Citrix MetaFrame™ XP
• Server-based computing solution that delivers an application interface over any network to any device.
Citrix NFuse™ Technology
• Application portal technology. Seamlessly
integrate any application within any standard web browser.
Citrix Secure Gateway
Virtual Workplace Solutions
Components of the Secure Virtual Workplace
F
ir
ew
al
l
Citrix MetaFrame XP w/ Feature Release 1Citrix Secure Gateway
Citrix NFuse 1.6 Technology ICA and SSL
Secure Connectivity Authentication Access Mgmt.
Other Network Resources such as Databases, Messaging Services, File Shares, Data Warehouse
ICA Solutions
Virtual Workplace Solutions
Security with Citrix Secure Gateway
Remote and Mobile Users, Branch Offices, Partners,
Suppliers, etc.
https://vwp.mycompany.com (Internet based DNS Load Balancing)
F
ir
ew
al
l
Citrix MetaFrame XP w/ Feature Release 1
Citrix Secure Gateway
Citrix NFuse 1.6 Technology ICA and SSL
Back-end Network Resources Secure Ticket Authority Local Users
F
ir
ew
al
l
Citrix MetaFrame XP w/ Feature Release 1
Citrix Secure Gateway
Citrix NFuse 1.6 Technology ICA and SSL
Secure Connectivity Authentication Access Mgmt.
Workplace Solutions
Encryption and Connectivity
• Secures ICA Traffic only• SSL v3.0 with 128-bit encryption
• Support for Public Key Infrastructure (PKIs)
• Single IP address is exposed to internet
• Ease of firewall traversal (uses port 443 only)
Security with Citrix Secure Gateway
F
ir
ew
al
l
Citrix MetaFrame XP w/ Feature Release 1
Citrix Secure Gateway
Citrix NFuse 1.6 Technology ICA and SSL
Back-end Network Resources
Virtual Workplace Solutions
Authentication
• Single sign-on through a browser-based solution
• Authentication provided by NFuse Web portal
Microsoft NT Domain and Active Directory
Novell NDS
• Support for Public Key Infrastructure (PKI)
• Authentication process is further secured using an HTTPS configured NFuse Web server
• RSA and Smart Card Authentication solutions supported
Security with Citrix Secure Gateway
F
ir
ew
al
l
Citrix MetaFrame XP w/ Feature Release 1
Citrix Secure Gateway
Citrix NFuse 1.6 Technology ICA and SSL
Back-end Network Resources
Workplace Solutions
Access Control and Management
• Protects ICA Traffic only• Provides Access control to chosen MetaFrame XP servers
• MetaFrame XP provides User and Group based Application Access Control and Management
Citrix Management Console used to control MetaFrame Server Farm
IP Range controls let administrators control which IP addresses can
access published applications
Users on external IP addresses can have limited application sets
Security with Citrix Secure Gateway
F
ir
ew
al
l
Citrix MetaFrame XP w/ Feature Release 1
Citrix Secure Gateway
Citrix NFuse 1.6 Technology ICA and SSL
Back-end Network Resources
Virtual Workplace Solutions
Traffic Control
• Configurable device mapping
Control mapping features that are available to users of ICA
Mapping includes Hard Drives, Printers, Audio, Clipboard, Audio, and COM
ports
Limiting availability eliminates bandwidth usage from components
Limiting mapping also increases security
Users cannot cut and paste, save files remotely, or print company owned data
• ICA Session Monitoring
Monitor ICA protocol use by Virtual Channel
Monitor size of packet and type of data (print, display, clipboard, etc.)
• ICA Priority Packet Tagging
Provides support for 3rd Party QoS solutions
Cisco QoS and Packeteer Packet Shaper
Workplace Solutions
Enterprise Management
• Citrix Secure Gateway is highly scalable and provides support for redundant solutions such as DNS-based Load Balancing
• MetaFrame XPe and the IMA architecture scales to 1000+ servers and tens of thousands of users
• Citrix Management Console provides management for application availability and access control
Load Management
Network Management integrates to Enterprise Management tools
from such as HP Openview, CA Unicenter, and Tivoli Netview
System Monitoring and Analysis provides usage monitoring,
trending, and accounting capabilities
Application Packaging and Delivery to MetaFrame Servers
• MetaFrame is also available for UNIX on Sun Solaris, HPUX and IBM AIX
• Supported ICA Clients available for all Windows platforms as well as Pocket PC, Unix, and Mac
Virtual Workplace Solutions
Security with Citrix Secure Gateway
Availability
•
Product will be available in December
Download from secure portal
Subscription Advantage Customers Only
MetaFrame XP
MetaFrame for Unix
Cannot be purchased separately
•
Technical Preview is currently available
Download from Citrix Developer Network
Register at apps.citrix.com/cdn
Preview available at apps.citrix.com/cdn/snowy Accompanying documentation located here as well
Server Based
Computing
Virtual Workplace Solutions
Server Based Computing for Security
Server Based Computing is like a window to your
house -
You decide how big the windows is, You decide
what’s in the house, You decide how many windows you want
to have
• Application Access Management – Not just network resource control • Secure Run-time Environment – Not just the connection, but the
applications and functions that can be accessed over that connection • Single Point of Universal Anywhere Access
• Complete End-to-End Control
Workplace Solutions
Server Based Computing for Security
Application Access Management
– Users run only the
applications that
you
want, the way
you
want to run them
• Users can look, but they can’t touch
You control whether the user can
Cut & Paste
Save information to a local hard drive
Print information to hard copy
Send information to attached devices (serial devices like PDA’s)
You decide which features are available
Back-end data can be secured using OS Security
Only install the features that you want to make available
Only publish the applications that you want your users to have
Virtual Workplace Solutions
Server Based Computing for Security
Single Point of Universal Anywhere Access
• Remote access can be achieved from any class or type of device
• Users go to a web site and:
1. Logon for secure connection
2. Automatically receive a client download (if necessary)
3. Access only the applications and information you make available
F
ir
ew
al
l
Citrix CSGWeb Server w/ Citrix NFuse 1.6 Technology Encrypted
Traffic
Citrix MetaFrame XP w/ Feature Release 1
Workplace Solutions
Server Based Computing for Security
Complete End-to-End Control -
All Management tools
necessary to manage the entire Application Computing
Environment are under you control and within your reach
Remote Access tools for connection security
Citrix Management Console to manage application availability
OS and Network Enterprise Management for user and network security
• The entire user environment is contained behind your firewall from interface to information
Secure Connection and Auth. Citrix CSG Secure Access Point Web Portal, NFuse Application Access Mgmt. Citrix MetaFrame Operating System Security Win2K Security Network Security Firewalls, Physical Separation Resource Security Combo of OS and Network
Virtual Workplace Solutions
Server Based Computing for Security
Intranet AND Remote Access Solution in one
• Secure Remote Access Solutions from Citrix: Secure Intranet and Remote Users
Can be used an an everyday enterprise networking and access
solution • Benefit
Every day users access their applications by
Accessing an internal web site e.g. - www.myvirtualdesktop.net
If remote access needs arise or In the event of a disaster
Users access a similar external web site e.g - www.virtualdesktop.mycompany.com
They are now productive and working in the same environment with
Workplace Solutions
MetaFrame XP
• MetaFrame XP Supports Authentication to
Microsoft NT and Active Directory
Novell NDS
• Program Neighborhood allows added access management
MetaFrame will control which applications are accessible
Centralized architecture allows complete control of users computing
environment, regardless of device, OS, connection, etc
Administrators can prevent users from copy and pasting, saving
files, or printing company data • Traffic Monitoring and Management
Third Party products from Cisco and Packeteer for QoS
ICA Traffic Monitoring provided in MetaFrame XPa/e
Device mapping management
Virtual Workplace Solutions
MetaFrame XPe
• Enterprise Management
System Monitoring and Analysis Application Packaging and Delivery
Installs applications, hotfixes, and service packs on Servers
Supports MSI packages
Supports scheduled installation and auto server reboot
Network Management SNMP alert support
3rd party support - HP Openview, CA Unicenter, Tivoli Netview
Workplace Solutions
Value-Add of NFuse Web portal
• SSL support is provided by MetaFrame XP
• Authentication
Microsoft and Novell methods supported
Ticket style authentication can be used in conjunction with user name
and password to secure credentials
• Access Management takes place at the MetaFrame server
Utilizes Program Neighborhood
Unified aggregation point for applications and information
• Enterprise Features
Runs in a web browser and is accessible from anywhere
Plugs directly into Enterprise Portal
Provides support for flexible business continuity solutions
Automatic Citrix ICA client installation
Virtual Workplace Solutions
Secure Remote Access with Citrix Solutions
Summary:
•
Citrix Solutions provide the:
Encryption
Authentication
Access Control
Traffic Management
Enterprise Class Features and Scalability
•
Required to secure
Workforce Mobility
Business Continuity Solutions