Citrix Access Gateway Enterprise Edition Technical Overview Seceidos GmbH&Co. KG Robert Hochrein

Slides:



Advertisements
Similar presentations
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Advertisements

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Module 3 Windows Server 2008 Branch Office Scenario.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Chapter 12 Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Lesson 19: Configuring Windows Firewall
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN
Clinic Security and Policy Enforcement in Windows Server 2008.
Barracuda Load Balancer Server Availability and Scalability.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
Intranet, Extranet, Firewall. Intranet and Extranet.
Chapter 7: Using Windows Servers to Share Information.
Access Gateway Operation
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Citrix Access Gateway 5.0 Customer Presentation Speaker Name and Title Date of Presentation.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
SafeNet Protects Data at Rest
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
StoneGate SSL VPN 1.2 Technical Overview
Deploying XenApp and XenDesktop with BIG-IP Brent Imhoff – Field Systems Engineer Gary Zaleski – Solutions Architect Michael Koyfman – Solutions Architect.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Name Company A Day in the Life… A Demonstration of Application Delivery.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.
"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Integrating and Troubleshooting Citrix Access Gateway.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Module 10: Windows Firewall and Caching Fundamentals.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Edge Security with Forefront Sandeep Modhvadia Security Specialist.
V2 January © 2015 Citrix | Confidential – Content in this presentation is under NDA. NetScaler Pitch Deck One solution for all apps.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Chapter 7: Using Windows Servers
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Configuring ALSMS Remote Navigation
Module Overview Installing and Configuring a Network Policy Server
Securing the Network Perimeter with ISA 2004
Forefront Security ISA
Unit 27: Network Operating Systems
Server-to-Client Remote Access and DirectAccess
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

Citrix Access Gateway Enterprise Edition Technical Overview Seceidos GmbH&Co. KG Robert Hochrein

2 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Citrix Access Gateway SSL VPN Remote Access Access Gateway Standard Edition best for Small-to-Midsized Customers Simple and Cost Effective Secure Remote Access Access Gateway Advanced Edition best for Presentation Server Environments Advanced Access Control and Device Flexibility Access Gateway Enterprise Edition best for Enterprise Deployments Complex and Demanding Environments

3 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Access Gateway Enterprise Edition Features & Benefits FeatureDescriptionBenefit Traffic AccelerationSpeed access to applications and resources with SSL offload, web compression, and TCP optimization. Provide the optimal remote access experience for users over low bandwidth, high latency connections. High Availability Configuration Link master and backup appliances to create a redundant cluster which ensures sessions will remain active if the master fails. Keep remote access available for users even in the case of an appliance failure. Global Server Load- balancing (GSLB) Route client connections to the best site based on site availability, health, proximity, and responsiveness. Improve the remote user’s access experience by connecting them to the best performing site. Implement a disaster recovery and business continuity strategy. Roles-based Administration Create and manage administrative users and groups that can each have unique management privileges. Define security policies to ensure administrators only perform the minimal set of operations required by their role. Enterprise-class Auditing Monitor and log all operations requested by end users and administrators. Gain full visibility into all operations to ensure services and data remain secure. Quarantine GroupsProvide limited access rights for clients which fail the end-point analysis scans. Create remediation sites to allow clients to install the most recent anti-virus pattern files, operating system patches, etc. prior to connecting to the protected resources.

4 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Access Gateway Enterprise Edition Features & Benefits (continued) FeatureDescriptionBenefit Browser CleanupRemove objects and data stored on the browser while the SSL VPN session was open. Prevent sensitive corporate information from inadvertently being leaked to mobile laptops and home PCs. Denial of Service Prevention Protect resources from common denial of service attacks such as SYN attacks and HTTP GET floods. Ensure continued service to legitimate users by protecting the organization’s servers. Access InterfaceAllow users to setup bookmarks and access files through a web browser. Give users a quick and easy way to access frequently used resources Extensive Authentication Support Provide authentication from a wide variety of typical enterprise authentication systems (including smart cards). Allow administrators to easily integrate their SSL VPN into their existing environment. Security CertificationsEnterprise Edition has been independently certified by ICSA Testing Labs (v2.0). A FIPS Level 2 certified cryptographic module is available as an option for the model 9000 platform as a hardware option. Customers have independent verification of the security and capabilities of the Enterprise Edition. US Government organizations and contractors may require FIPS certified cryptography. VLAN SupportSupport 802.1q packet tagging to route packets to the correct VLAN segment. Allow administrators to quickly deploy the SSL VPN to work in networks with existing VLAN topologies.

5 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Access Gateway Enterprise Edition Appliance Options Software editions supported Enterprise Form Factor1U2U FIPS Option─● Redundant power supplies ─● Maximum VPN users2,5005,000

6 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Methods of Initial Configuration Command-line Interface (CLI) Java Configuration Utility (GUI)

7 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Basic Configuration – cli method REVIEW CONFIGURATION PARAMETERS MENU This menu allows you to view and/or modify the NetScaler's configuration. Each configuration parameter displays its current value within brackets if it has been set. To change a value, enter the number that is displayed next to it NetScaler's IP address: [ ] 2. Netmask: [ ] 3. Advanced Network Configuration. 4. Time zone. 5. Cancel all the changes and exit. 6. Apply changes and exit. Select a menu item from 1 to 6 [6] To access the configuration utility using supplied console cable and terminal emulation of 9600,N,8,1 Tech 1

8 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Accessing the Administration Portal A open web browser to the default IP (

9 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Configuration Utility Login - Accept the certificate warning -Login with default user “nsroot” -Default password is “nsroot”

10 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Administration Traffic Management traffic uses port 3010 and an encrypted protocol Administrator Workstation

11 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Quick Start with the SSL VPN Wizard Start the Wizard Set the IP address Set the SSL certificate Select a DNS server Point to a AAA server And you’re done!

12 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Define Multiple Virtual Servers Each virtual server has a unique : –IP address and FQDN –SSL certificate –Authentication configuration –Policy set Policies can optionally derive from a global policy set Vpn1.company.com ( ) Vpn2.company.com ( ) Vpn3.company.com ( )

13 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Dashboard Utility

14 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Supports Major Authentication Methods –Active Directory –LDAP –NTLM –RADIUS (with challenge-response support) –RSA SecurID –TACASC+ –Local –Client Certificates Supports Cascading Authentication Authentication

15 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Authorization Policy Driven Access –Authentication by Policy –Authorization by Policy –Session control by Policy –Auditing by Policy Wide Variety of Criteria –Policy based on network information –Policy based on application access –Policy based on client certificate parameters –Policy based on client configurations Highly Granular Access Control –Users/Groups up to Global policies –HTTP authorization based on URL –TCP/IP authorization based on address and port

16 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Auditing Full Administrative Audit Trail –All management operations logged Full User Audit Trail –All session activity (login, logout, timeout) –All network flows (not just web) All System Events Support for External Syslog Servers

17 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Client Security Session Policies can control: –Split tunneling –Forward proxy definitions –Session timeout values –Client security End Point Analysis –Built-in support for Antivirus checks –Built-in support for Firewall checks –Host identification Client Side Clean Up –Clean browser cache, history, auto- completion files, plug-ins, etc. –Control with session policies –Administrator can mandate

18 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Denial of Service Protection – SYN Attacks ACK Client Server SYN SYN +ACK SYN SYN +ACK SYN SYN +ACK SYN SYN +ACK SYN SYN +ACK Client Server Normal TCP Sequence SYN Flood Enterprise Edition avoids memory consumption with packet cookies

19 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Other Denial of Server Protections Other Prevented Attacks: –Packet Floods –HTTP GET Floods –SSL Floods –Idle Connection Floods request Javascript challenge request Javascript challenge request Javascript challenge

20 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Security User Quarantine –Users assigned to a quarantine group when end-point analysis fails –Differentiated session and resource authorization policies –Use to grant limited access to remediation sites Quarantined Web Web Portal

21 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Client Support All Windows Platforms –Windows 98/ME –Windows NT/2000/XP/SP2 –Windows CE and PocketPC MacOS X and Linux –Java Based Client Reliable Application Access –No application content modification Enforces Client Security

22 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Navigation Homepage Bookmarks –Customize global bookmarks –Per-User bookmarks –Filesystem bookmarks Themes –Custom style sheets supported –Logo update –End user can pick their own colors Integrated File Manager –Web based file access Unicode Support

23 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Server-Initiated Requests Source IP = Mapped IP Source IP = Client IP Client connects and is assigned a unique Mapped IP address Servers can use this Mapped IP address to establish server-initiated connections back to the client.

24 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. High Availability Pairing Vpn.company.com ( ) Network health-check packets are exchanged Master Backup Two appliances can be linked to form an active / passive cluster. Health-checking packets are constantly exchanged between the pair. When the master fails, the backup assumes the IP address. All connections from the client are broken and must be re-established.

25 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Global Server Load Balancing (GSLB) Distributes network traffic across multiple sites Route client connections to the nearest site Distributes server load across multiple sites Implement Disaster recovery

26 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. 5x Faster Includes NetScaler Capabilities Internet

27 Internal and Partner Use Only © 2005 Citrix Systems, Inc.—All rights reserved. Access Gateway Enterprise Edition The best solution for the complex and demanding enterprise! Access Gateway Enterprise Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.