Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS.

Published byJulianna Griffin Modified over 9 years ago

Similar presentations

Presentation on theme: "Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS."— Presentation transcript:

1 Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS

2 2 RACHEL Service Remote Access to Commission Hosted Environments Provides access to Commission applications To both internal and external users Responding to specific requirements: information systems requiring fat clients or thin clients with high network payload Security needs Using a dedicated terminal services platform (CITRIX) SLA based managed service Service Catalogue : http://myintracomm.ec.europa.eu/serv/en/digit/serv_for_it_teams/isp_servic e_catalogue/Documents/Other%20CUPS%20Services_v1.01.pdf

3 3 RACHEL Service : some characteristics CITRIX * is an add-on product on top of Microsoft Terminal Services It uses a specific proprietary protocol (ICA) suited for high-latency networks Improved security of client sessions using the CITRIX Secure Gateway Policy based control per application Publishes applications in “seamless” windows instead of full desktops Supports multiple platforms (UNIX, MAC, Linux, Windows) Users access the CITRIX environment with an URL * CITRIX Terminology defined in Annex

4 4 RACHEL Service : Security characteristics CITRIX Secure Gateway Single point of access to the secure, enterprise network Intermediary for every connection request originating from the external world to the enterprise network All traffic between a remote workstation and the Secure Gateway is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol

5 5 RACHEL Service : Security characteristics Each application can have its own encryption settings (Basic, 40-Bit, 56-Bit & 128-Bit) to protect the traffic between the client and the XenApp server If the minimum requirements check box is selected and the plug-in connection does not meet the most restrictive level of encryption, the server rejects the connection when the plug-in tries to connect to the application.

6 6 RACHEL service: security characteristics Users don’t have access to server resources (drives/printers) Applications only are published, no desktops The same security settings apply regardless of the access path The External CITRIX environment uses an Active Directory that has no relationship with NET1 and is the best AD candidate to provision users not belonging to the Commission. From the DMZ it is not possible to browse the Internet.

7 7 RACHEL Service : Environments Two separate CITRIX environments: Internal Environment: CITRIX is the solution to cope with the high-latency (>500ms) and low bandwidth (<=64kbits/s) of users in the Delegations, especially in Africa Mainly used by Delegations Speed improvements up to 10x faster 85 Delegations with 273 active accounts: 82% of the sessions External Environment (DMZ): CITRIX is the solution for the added security model offered by the CITRIX Secure Gateway Currently used by European Institutions and Agencies over the sTESTA Network Project on-going: Access via the Internet More than 30 EU bodies using the service

8 8 RACHEL Service : Published Applications External Environment

9 9 RACHEL Service : sTESTA Network More info on https://portal.testa.eu/jetspeed/portalhttps://portal.testa.eu/jetspeed/portal sTESTA is an efficient, secure and reliable trans-European communication platform for the interchange of data between public administrations. sTESTA is based on a dedicated and private infrastructure, available to all National and European administrations in order to exchange information classified up to "RESTREINT UE" and requiring guaranteed availability and performance service levels.

10 10 RACHEL Service : Graphic view – Current status Secured communication channels are shown with a key symbol

11 11 RACHEL Service : Graphic view – Internet Access Secured communication channels are shown with a key symbol Components required for the Internet Access are in RED

12 12 ESTAT specificities Besides the above-mentioned security functionalities, possible additional security measures: For a fully secured end to end communication, the published ESTAT application (installed on the CITRIX XenApp servers) should have its own security mechanism/protocol to protect the traffic from the XenApp servers to the ESTAT backend systems. Use of 128-bit RC5 encryption instead of the Basic ICA encryption. Copy/Paste functionality can be disabled by a specific CITRIX policy for the ESTAT application. Blocking the mapping of client drives and of the default client printer via a specific CITRIX policy.

13 13 Statistics : Active users per Institution or Agency

14 14 Statistics : External Farm – Total sessions per month

15 15 Statistics : External Farm – Application usage

Download ppt "Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
CCSE NETWORK STRUCTURE. CCSE NETWORK OUTLINE Mid-sized Building Network spanning over Building 22 and Building 23. Autonomous from ITC’s KFUPM Domain.

CCSE NETWORK STRUCTURE. CCSE NETWORK OUTLINE Mid-sized Building Network spanning over Building 22 and Building 23. Autonomous from ITC’s KFUPM Domain.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.

Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Remote Networking Architectures

Remote Networking Architectures
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Fermilab VPN Service What is a VPN ?.

Fermilab VPN Service What is a VPN ?.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Similar presentations

Ads by Google