Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS.

Similar presentations


Presentation on theme: "Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS."— Presentation transcript:

1 Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS

2 2 RACHEL Service Remote Access to Commission Hosted Environments Provides access to Commission applications To both internal and external users Responding to specific requirements: information systems requiring fat clients or thin clients with high network payload Security needs Using a dedicated terminal services platform (CITRIX) SLA based managed service Service Catalogue : http://myintracomm.ec.europa.eu/serv/en/digit/serv_for_it_teams/isp_servic e_catalogue/Documents/Other%20CUPS%20Services_v1.01.pdf

3 3 RACHEL Service : some characteristics CITRIX * is an add-on product on top of Microsoft Terminal Services It uses a specific proprietary protocol (ICA) suited for high-latency networks Improved security of client sessions using the CITRIX Secure Gateway Policy based control per application Publishes applications in “seamless” windows instead of full desktops Supports multiple platforms (UNIX, MAC, Linux, Windows) Users access the CITRIX environment with an URL * CITRIX Terminology defined in Annex

4 4 RACHEL Service : Security characteristics CITRIX Secure Gateway Single point of access to the secure, enterprise network Intermediary for every connection request originating from the external world to the enterprise network All traffic between a remote workstation and the Secure Gateway is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol

5 5 RACHEL Service : Security characteristics Each application can have its own encryption settings (Basic, 40-Bit, 56-Bit & 128-Bit) to protect the traffic between the client and the XenApp server If the minimum requirements check box is selected and the plug-in connection does not meet the most restrictive level of encryption, the server rejects the connection when the plug-in tries to connect to the application.

6 6 RACHEL service: security characteristics Users don’t have access to server resources (drives/printers) Applications only are published, no desktops The same security settings apply regardless of the access path The External CITRIX environment uses an Active Directory that has no relationship with NET1 and is the best AD candidate to provision users not belonging to the Commission. From the DMZ it is not possible to browse the Internet.

7 7 RACHEL Service : Environments Two separate CITRIX environments: Internal Environment: CITRIX is the solution to cope with the high-latency (>500ms) and low bandwidth (<=64kbits/s) of users in the Delegations, especially in Africa Mainly used by Delegations Speed improvements up to 10x faster 85 Delegations with 273 active accounts: 82% of the sessions External Environment (DMZ): CITRIX is the solution for the added security model offered by the CITRIX Secure Gateway Currently used by European Institutions and Agencies over the sTESTA Network Project on-going: Access via the Internet More than 30 EU bodies using the service

8 8 RACHEL Service : Published Applications External Environment

9 9 RACHEL Service : sTESTA Network More info on https://portal.testa.eu/jetspeed/portalhttps://portal.testa.eu/jetspeed/portal sTESTA is an efficient, secure and reliable trans-European communication platform for the interchange of data between public administrations. sTESTA is based on a dedicated and private infrastructure, available to all National and European administrations in order to exchange information classified up to "RESTREINT UE" and requiring guaranteed availability and performance service levels.

10 10 RACHEL Service : Graphic view – Current status Secured communication channels are shown with a key symbol

11 11 RACHEL Service : Graphic view – Internet Access Secured communication channels are shown with a key symbol Components required for the Internet Access are in RED

12 12 ESTAT specificities Besides the above-mentioned security functionalities, possible additional security measures: For a fully secured end to end communication, the published ESTAT application (installed on the CITRIX XenApp servers) should have its own security mechanism/protocol to protect the traffic from the XenApp servers to the ESTAT backend systems. Use of 128-bit RC5 encryption instead of the Basic ICA encryption. Copy/Paste functionality can be disabled by a specific CITRIX policy for the ESTAT application. Blocking the mapping of client drives and of the default client printer via a specific CITRIX policy.

13 13 Statistics : Active users per Institution or Agency

14 14 Statistics : External Farm – Total sessions per month

15 15 Statistics : External Farm – Application usage


Download ppt "Tuesday, February 23, 2016 RACHEL Service Description Nedeljko DRAGOJEVIĆ – Service Manager Margarida ABECASIS – Head of Unit DIGIT.C.3 - CITIS."

Similar presentations


Ads by Google