Transcript Document

System Citr!x
technically speaking
Alexander Kroshkin
Systems Engineer
Citr!x Systems
Agenda
Agenda
• Universal access from anywhere
Agenda
• Universal access from anywhere
• Security considerations
Agenda
• Universal access from anywhere
• Security considerations
• ISA / ICA / CIA - which one to use?
Agenda
• Universal access from anywhere
• Security considerations
• ISA / ICA / CIA - which one to use?
• Do I need any client software?
Agenda
• Universal access from anywhere
• Security considerations
• ISA / ICA / CIA - which one to use?
• Do I need any client software?
• Access to different applications located at different
places
What if I need universal
access to corporate
resources from
ANYWHERE?
Direct access from a browser
Corporate resources
4
WEB
Server
URL
Request
3
Credential
Client device
Firewall
1
URL web page content request
2
Login Screen as answer
3
Enter Credetials
4
Authentification
Direct access from a browser
Corporate resources
5
WEB
Server
Firewall
6
Client device
1
URL web page content request
2
Login Screen as answer
3
Enter Credetials
4
Authentification
5
Application Set config. to WEB server
6
Application Set icons to the client
7
Click on Application icon and the
Application is served direct for the
MetaFrame Server
Direct access from a browser
The name of the technology
enabling web-based access to
applications is
1
URL web page content request
Nfuse Classic!
Firewall
Is it SAFE?
The Mobile Workforce
Securing access for them from
any location…
– Leverage CSG
– Wide availability of appropriate
connectivity (ex. cell phones)
– Increasingly mobile workforce
– More Internet café’s and Kiosks
Secure Connectivity
Authentication
Feeling SAFE?
Certainly
Access Mgmt.
ICA and SSL
Firewall
Citrix Secure
Gateway
Citrix MetaFrame XP
Citrix NFuse
Technology
Secure
Ticket
Authority
Back-end Network
Resources
Authentication with CSG
DMZ
4. ICA/SSL
ICA Client
3. ICA File
Web
Browser
3. ICA
File
CSG
Server
Secure Web
Server
5. ICA/1494
5. Ticket Verification
Production
MetaFrame Farm
Secure
Ticketing
Authority
XML Service
2. Ticket
Generation
NFuse
1. Standard NFuse XML
1. Standard NFuse ICA Name Resolution
2. Requested CSG ticket on application launch
3. CSG ticket is delivered to ICA client as the part of ICA file.
4. CSG ticket
3. is delivered to CSG server as the part of SOCKS inside SSL inform.
5. CSG server verifies ticket and opens ICA connection.
4.
5.
Authentication with CSG
DMZ
4. ICA/SSL
ICA Client
3. ICA File
Web
Browser
3. ICA
File
CSG
Server
Secure Web
Server
5. ICA/1494
5. Ticket Verification
Production
MetaFrame Farm
Secure
Ticketing
Authority
XML Service
2. Ticket
Generation
NFuse
1. Standard NFuse XML
1. Standard NFuse ICA Name Resolution
2. Requested CSG ticket on application launch
3. CSG ticket is delivered to ICA client as the part of ICA file.
4. CSG ticket is delivered to CSG server as the part of SOCKS inside SSL
information.
5. CSG server verifies ticket and opens ICA connection.
Access Management
Integrate with
authentication policy
– Portal security
– Trust based systems
– Biometrics
Smart card authentication
Citr!x supports use of smart
cards for user authentication
application set provision and
application launch
But what’s ICA?
ICA - Independent Computing Architecture
– ICA is a Citr!x-invented technology that shifts the application
processing from client to server
• low bandwindth
• Applications execute 100% on server
• Users view and work with application interface
Applications accessed
from desktop PC or
thin client
Only screens, mouse
clicks and keystrokes
travel the network
Applications install
and execute 100%
on server
Performance over high latency connections
Local Text Echo
– An ICA Client option that accelerates the display of the input text on
the client device, effectively shielding the user from experiencing
latency on the network.
MetaFrame
Server Farm
123
High latency link
User types 123
ICA Client
Persistent bitmap caching
• ICA supports caching of bitmaps on the local client and allows you to
specify the size of the cache, the minimum size of the bitmap to
cache, and the location of the cache as well.
Do I need to install
ICA Client?
Web Client Deployment
Client deployment can be
operated in several modes
from entirely relying on local
clients to forcing use of web
clients in all cases and
bypassing any locally
installed client
Client auto-detect support
for Web Client
Preferences for
embed or launch
Use Java ICA Client
Use of Java ICA Client
allows selective feature
functionality and size
control over client
deployment
Any single place of access
to applications located at
different places?
Enterprise Services for NFuse
All applications
at one place
Access to
Published
Applications
NFuse
Classic
Enterprise
Services
For NFuse
Aggregates farms
& Enhances User
Experience
MetaFrame
Farm Cracow
MetaFrame
Farm Bratislava
MetaFrame
Farm Brno
MetaFrame
Farm Ostrava
MetaFrame
Farm Prague
Do you have
any questions?
Alexander Kroshkin
[email protected]
Systems Engineer
ERP VTT Member