Citrix

Published on June 2016 | Categories: Documents | Downloads: 66 | Comments: 0 | Views: 453
of 9
Download PDF   Embed   Report

Comments

Content

WHITE PAPER

Secure Remote Access

Secure Remote Access
Completely under control with Citrix virtualization solutions

www.citrix.com

Introduction
Organizations of all types and sizes worldwide require the ability to provide users—regardless of where they are located—with secure access to the applications, desktops and corporate data. This ability is important because: • Organizations are in a better position to do business if their users, staff and contractors—both mobile and remote—have continuous, reliable access to applications and data. • Secure access to applications from anywhere—such as a branch office, factory floor, customer site, warehouse or other remote location—can facilitate growth and accommodate mergers and acquisitions without the need to establish expensive computing infrastructure at each new location. A wide range of secondary benefits are applicable as well. For instance, a well-architected secure access solution can help organizations: • Improve the bottom line through productivity gains and the reduction of labor, travel, and facilities costs by providing access to information where and when users require it. • Establish an efficient yet powerful means to ensure continuity of operations during disasters, pandemics and other types of potential disruptions. • Easily and economically facilitate tactical and strategic partnerships. Conventional methods for addressing this crucial business requirement, however, are fraught with challenges. For example, supporting clientserver applications requires installation of software components on every remote desktop and laptop. Not only is this approach both slow and costly to implement, manage, and support, but it is also insecure. Distributing applications and data to user endpoints exposes the organization to risk. Virtual private network (VPN) solutions have limitations as well. Although they establish a means for secure delivery by employing encrypted tunnels, more often than not the scope of access they provide is exceedingly broad. Users—and for that matter any malware that might be present on their systems—typically get access to the entire network. Likewise, VPNs do little to control the outflux of corporate data to authorized users and endpoints. Citrix® XenDesktop™ and Citrix® XenApp™, in contrast, enable businesses to quickly and securely provide users anywhere, using any device, with granular access to applications and desktops while still maintaining tight, centralized control over the use and distribution of sensitive data.

Application virtualization with XenApp
Application virtualization is an alternative to conventional deployment techniques. Virtualization separates applications from the underlying computing platform and allows them to be delivered to user devices rather than being distributed and installed on them. With XenApp, applications must first be profiled. This process yields a single package that accounts for all target platforms on which each application may need to run. Application packages are then stored and maintained on a centralized App Hub, or file system. At this point, on-demand delivery can be used to establish either offline or online application access.

2

WHITE PAPER

Secure Remote Access

• With offline application virtualization, applications are dynamically streamed into an isolated environment on the user’s device. Local computing resources are then used to run the application and users have access to essential programs and data even when they are disconnected from the corporate network. • Alternately, with online application virtualization, applications are dynamically streamed to centralized hosting servers. Users are then connected to remote sessions running the applications for which they require access. Datacenter resources are used to run the applications, which users are able to access from anywhere. A highly optimized protocol conveys only keystrokes, mouse movements and screen updates, thereby helping to achieve a high- definition user experience. With XenApp, users can gain access to any application from anywhere using any device without the organization’s sensitive data ever leaving the datacenter. At the same time, associated applications can be managed in an efficient, centralized manner, and complexity and cost can be reduced relative to traditional deployment techniques.

XenApp delivers robust protection and complete control over data
A primary criterion for any solution providing remote access to applications is the ability to do so securely; but is this really enough? Is it sufficient to limit access to authorized users and to encrypt each session to maintain the confidentiality of their activities and any content or data that is involved? In particular, how will protection be extended to data, which upon being accessed, is delivered to the user endpoint? When selecting a remote access solution, consideration must be given to whether data should be transferred to user endpoints. This includes evaluating how such a limitation, if desired, can be implemented without adversely impacting the ability for users to do their jobs. Furthermore, it also makes sense to have control over how and to what extent accessed data can be used. XenApp fully addresses these issues and concerns by providing an extensive array of protection and control capabilities. Comprehensive XenApp security features span four functional domains: centralized data retention and administration, secure access and delivery, fine-grained access and usage controls, and comprehensive monitoring.

Centralized data retention and administration
One of the most powerful security features of XenApp is a by-product of the online, or hosted, approach to application virtualization: data and sensitive application software need never leave the datacenter. With XenApp, applications and their data can be remotely accessed, viewed and manipulated without any of the associated information delivered to a user’s machine. All users get is real-time screen updates, or images, of what they’re working on. Centralized data delivers two other security advantages. First, software vulnerabilities can be remedied in a more thorough and efficient manner. Administrators need only patch and maintain a single, centralized image for each application, versus having to contend with hundreds or even thousands of distributed instances. An auto-synch feature ensures that locally delivered, or offline, virtual applications are also updated automatically.
3

In addition, hosted applications gain the protection of the robust, centralized security infrastructure characteristic of most organization’s central offices and datacenters. This is in contrast to the inconsistent and often ineffective level of protection typically afforded mobile and distributed endpoints.

Secure access and delivery
XenApp helps control who has access to virtualized resources and how the sessions providing that access are protected. To begin with, XenApp natively supports a wide array of authentication mechanisms, including: Active Directory, Active Directory Federation Services, RADIUS, Kerberos, pass-through authentication—where user desktop passwords are transparently submitted to the server—and multiple options for two-factor authentication, such as RSA SecurID tokens and smart cards. Biometric and other forms of authentication can also be accommodated by leveraging the available SDK. The integrated single sign-on technology included with XenApp provides detailed password management and control. This enables automated application logon, policies to control password strength and expiration, and self-service password reset—an essential capability for enforcing password discipline without increasing the burden on users and system administrators. Users need only a single logon identification and password to securely launch multiple password protected applications delivered by XenApp. In addition, Citrix virtualization encrypts all access sessions using multiple, standard protocols such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL), and high-strength, high-performance algorithms such as Advanced Encryption Standard (AES). This can be accomplished for XenApp-delivered applications or via the integrated line of full-featured SSL VPN appliances that enable secure remote access not just to XenApp hosted applications, but to all of an organization’s other centralized computing services as well. Cryptographic certificates can also be employed to prevent users from accessing unauthorized or untrusted servers.

Fine-grained control for access and usage
Another major strength and significant differentiator for XenApp is the ability to establish fine-grained control over access sessions and how data can be used within those sessions. Who can get to what and how— whether via offline access, online access or both—is established via the configuration of publishing and delivery policies. Providing control-based user identity, however, is only the beginning. When, for how long, from where and the state of the user’s computing device are other dimensions that can also be factored into both access and usage policies. The result is a degree of control and protection unachievable in alternative distributed data designs. Native XenApp capabilities enable highly granular policies to be set on an individual user or group basis to restrict whether hard drives, printers, com ports and clipboard functions (i.e., copy and paste) are accessible during access sessions to prevent data download and copy from the datacenter. Notably, bandwidth usage and processor utilization can similarly be controlled to help manage the user experience and overall system performance. Furthermore, advanced access controls integrated into the XenApp SSL VPN enable integrated endpoint scanning. With this capability, client systems can be scanned and evaluated against administrator-defined criteria to enforce approved, secure configurations—such as having up-to-date security and operating system software. The results can then be used as

4

WHITE PAPER

Secure Remote Access

factors that determine whether access is granted, and to what extent. For example, a configuration can be implemented where users with systems exhibiting no violations are granted normal access, those with minor violations are confined to a restricted access policy and those with major violations are blocked from all access—except perhaps to resources they can use to remediate their systems.

Comprehensive monitoring
Extensive monitoring, tracking and auditing capabilities provide a set of countermeasures for identifying and reacting to misuse and other undesirable activities that inevitably occur due to malicious intentions, undetected compromises, policy gaps, errors or oversights. XenApp features that address these issues include: • Session shadowing – Enables a given user session to be duplicated and displayed in real time on an administrator’s workstation. This functionality can be used either for troubleshooting purposes or to watch a user’s activities to confirm suspected misuse. • Smart Auditor – Creates a visual record of user on-screen activity while accessing online applications and stores it as a video file on a secure server. Session recording can be initiated based on triggered rules, for example, when a specific user in a watch-group connects to a specific application. This technology can be used to help with regulatory compliance, risk mitigation and troubleshooting objectives. • Configuration logging – Supports a similar set of goals as Smart Auditor, but in this case relative to administrators, rather than users. Each configuration change made to a XenApp server farm is tracked to maintain a record of who made it and when. • Reporting – A less time-sensitive mechanism for revealing the nature of user activities and their tendencies. When gathered and selectively displayed, these details can be used not only to help refine access and usage policies, but also to support forensic analysis—for example, by piecing together a timeline of user activity and correlating that with log data from other systems.

Beyond security and control – The other advantages of XenApp
Unmatched protection and data control are just two secure remote access strengths of XenApp. Other XenApp advantages include the ability to minimize operating costs, maximize business agility and ensure a high definition, high performance user experience.

Lowest operating costs for application delivery
XenApp overcomes the challenges associated with conventional application deployment methods to reduce the cost of application management by up to 50 percent. Applications are delivered on-demand without leaving the datacenter. Furthermore, there is no need to install or manage applications on individual user devices. As a result: • Testing and troubleshooting application packages is far easier and far less time consuming because there are fewer unique user configurations to manage. • Users get the applications they need when they need them, versus waiting for their turn in a complex, off-hours deployment schedule.

5

• All management, maintenance and support functions are centralized and simplified. Required updates are configured once and automatically propagated to all users instantly.

Greatest agility for meeting rapidly changing business needs
Today’s businesses can ill afford to stand still. Staying ahead of the competition means reacting quickly to new trends and constant changes in the marketplace. And for some organizations, this requirement must be met not just at the regional level, but on a global basis as well. XenApp helps modern organizations meet these challenges head on. The XenApp delivery model is the fastest approach for getting users, the applications they need to get to their jobs done and for keeping critical business processes from being disrupted. New applications and updates to existing ones can be implemented instantly, instead of taking days, weeks, or even months to accomplish a rollout. These abilities are also invaluable for organizations that are expanding, whether via organic growth, or mergers and acquisitions. New branches and facilities, and acquired ones, can easily be provisioned with corporate applications in under a day and without the need for major investments in new infrastructure at each location. With XenApp, the time to value for new services, abilities and facilities is accelerated at the same time that application management costs are cut in half.

Optimal application performance over any network
One risk with application virtualization and taking a centralized approach to application delivery versus conventional deployment is that the aforementioned benefits often come at the expense of the user’s experience. Potential pitfalls include slower performance and inconsistencies in terms of both the availability of various services and how different applications are accessed. With a Citrix-based solution, however, this is not an issue due to the presence of numerous compensating features and functions, and an innovative set of technologies known as Citrix® HDX™. Core capabilities of both XenApp and XenDesktop—the desktop virtualization solution available from Citrix—that help guarantee a high-definition user experience include: • Users are presented with one familiar way to access applications and desktops, regardless of where they are or what device they are using. • Underlying intelligence automatically selects the best delivery method—offline or online virtualization—for a given user, device, application and location. • Applications and data move seamlessly and automatically with users as they change locations, networks or devices so they can pick up exactly where they left off without interruption. • Application load management, automated server recovery and failover, and other high availability features help ensure an always-on user experience. • Service monitoring allows administrators to track and receive alerts on application performance and availability issues as experienced by the user.
6

Citrix HDX—a broad set of technologies that operate across the entire end-to-end delivery system from the datacenter to the user device—

WHITE PAPER

Secure Remote Access

automatically adapts to the environment by applying the best optimization mechanisms for each unique scenario. HDX extends existing technologies in Citrix virtualization solutions with new innovations for today’s mediarich applications and services. HDX MediaStream technology ensures that users receive a smooth, seamless experience when accessing multimedia content. HDX RealTime and HDX 3D work to enhance real-time communications and the delivery of complex two and three-dimensional graphics, respectively. Other elements of the HDX family include: HDX Plug-n-Play (for providing simple access to peripherals and other local resources), HDX Broadcast (for ensuring high performance over any network) and HDX IntelliCache (for optimizing performance and network utilization for branch users). The net result is a better than installed user experience compared to traditional deployment and installation techniques. Performance at least matches that of the fully installed scenario at the same time that application portability, security and functionality are greatly enhanced.

Comprehensive coverage
The extent of a solution’s coverage is an important consideration as well. With XenApp, users can rest easy in this regard. Applications can be delivered to over 30 different operating systems including Windows® and Apple® PCs, laptops, iPhones; Windows Mobile® and Symbian based handhelds; Linux® and UNIX workstations; the latest NetBooks; and any of thousands of thin-clients and smart terminals available on the market today. In addition, it’s important to recognize that all of the aforementioned capabilities and benefits associated with a centralized delivery model apply not just to remote users—they can be implemented and realized for users on the LAN as well. Indeed, employing XenApp in this way can help organizations immeasurably in terms of shoring up internal network security and further reducing IT costs.

An integral component of a complete IT service delivery solution
Another major advantage of XenApp is that it is an integral element of Citrix Delivery Center™, a comprehensive IT service delivery portfolio available from Citrix. Initially, organizations can deploy XenApp as a standalone solution for application virtualization that also addresses the business requirement for secure remote access. Then as business needs evolve, the IT department can progressively deploy additional components of Citrix Delivery Center to further optimize the availability, security, performance and cost of ownership for other parts of their computing infrastructure.

The role of Citrix XenDesktop
XenDesktop offers a complementary alternative for organizations to meet their secure remote access objectives. XenApp virtualizes individual applications. XenDesktop virtualizes the entire user desktop. Beyond this difference, however, the two solutions are similar. IT still has the flexibility of streaming desktops directly to user PCs wherever they happen to be located or they can be hosted centrally on datacenter servers. Almost all of the same capabilities and benefits are available, from robust protection and data control to reduced cost of operations, increased business agility, better-than-installed performance and comprehensive coverage. Moreover, XenDesktop includes embedded support for application virtualization, a feature that enables separation of applications from the desktop image to provide even greater flexibility and simpler management.
7

Organizations can take advantage of either solution, XenApp or XenDesktop, to address their secure remote access requirements. XenApp and XenDesktop can be used together to best meet the needs of different groups of users: those users who only require access to a handful of applications can be served by XenApp, while those who need a full corporate desktop can be served by XenDesktop. Either way, the organization benefits from a solution that provides robust control and protection, greater responsiveness to changing business needs and considerable cost savings.

Citrix Delivery Center
Citrix Delivery Center is the first solution on the market able to deliver applications and desktops to any user, anytime, anywhere from a secure central location. Citrix Delivery Center is a foundation for enabling IT to be a provider, similar to the electrical, telephone or television services that users receive at home. In addition to XenApp and XenDesktop, the Citrix Delivery Center features the following primary product lines: • Citrix® NetScaler® – The market-leading solution for Web application delivery, NetScaler optimizes the performance and security of native Web applications delivered by IT to employees as well as customers. • Citrix® XenServer™ – An enterprise-class solution for server virtualization, XenServer gives IT a dynamic datacenter where resources can be provisioned and balanced based on business needs at any given moment—including during unforeseen outages. • Citrix Workflow Studio™ – Citrix Workflow Studio is a tool for automating and streamlining IT service delivery from the datacenter, through the Citrix Delivery Center and onto the user’s device. Additional information on these and other components of the Citrix Delivery Center is available at www.citrix.com.

Conquering critical business requirements with XenApp and XenDesktop
XenApp and XenDesktop are powerful solutions that enable organizations to quickly and securely provide application and desktop access to users operating anywhere with any device. Essential business activities and processes can be conducted in real time, even though users, contractors and partners may be mobile or operating from branch offices, kiosks, factory floors, project sites and other remote locations. Moreover, comprehensive protection is provided and administrators can maintain complete control over sensitive data and applications. By employing the online option for virtualizing their applications and desktops, organizations can effectively keep critical information from ever leaving the datacenter. Unmatched protection and data control capabilities are only the beginning. With the centralized delivery model enabled by XenApp and XenDesktop, organizations can dramatically reduce their cost of IT operations, ensure optimal application performance over any network and maximize their business agility by rapidly responding to ever-changing business conditions. In addition, other components of the Citrix Delivery Center can be incorporated over time to reap even further rewards by optimizing the availability, security, performance and operation of more parts of the organization’s end-to-end computing infrastructure.
8

Worldwide Headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309, USA T +1 800 393 1888 T +1 954 267 3000 Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen, Switzerland T +41 52 635 7700 Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central, Hong Kong T +852 2100 5000 Citrix Online Division 6500 Hollister Avenue Goleta, CA 93117, USA T +1 805 690 6400 www.citrix.com

About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service technologies for more than 230,000 organizations worldwide. Its Citrix Delivery Center, Citrix Cloud Center (C3) and Citrix Online Services product families radically simplify computing for millions of users, delivering applications as an on-demand service to any user, in any location on any device. Citrix customers include the world’s largest Internet companies, 99 percent of Fortune Global 500 enterprises, and hundreds of thousands of small businesses and prosumers worldwide. Citrix partners with over 10,000 companies worldwide in more than 100 countries. Founded in 1989, annual revenue in 2008 was $1.6 billion. ©2009 Citrix Systems, Inc. All rights reserved. Citrix®, HDX™, NetScaler™, Workflow Studio™, XenApp™, XenDesktop™ and XenServer™ are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and other countries. All other trademarks and registered trademarks are property of their respective owners.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close