1 / 24

Citrix MetaFrame Password Manager 2.5

Citrix MetaFrame Password Manager 2.5. Codename – “Andros” Release Date – May 24, 2004 (projected). Citrix MetaFrame Password Manager 2.5 - Release Theme. Theme: “Broadening Support” Goals: Increase the addressable market Novell customers German/French/Spanish/Japanese languages

elizabethtwilliams
Download Presentation

Citrix MetaFrame Password Manager 2.5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Citrix MetaFrame Password Manager 2.5 Codename – “Andros” Release Date – May 24, 2004 (projected)

  2. Citrix MetaFrame Password Manager 2.5 - Release Theme • Theme: “Broadening Support” • Goals: • Increase the addressable market • Novell customers • German/French/Spanish/Japanese languages • Certificate based smart cards • Maintain Market Momentum • Timely release after MetaFrame Password Manager 2.0 • Implement new Citrix branding

  3. New Features – Novell Support • MPM 2.5 can be used with Novell’s GINA • Primary authentication against Novell eDirectory • eDirectory is not supported as a credential store • Netware file share support • Allows use of Netware file share for central credential store • New CtxNWFilePrep.exe utility • Establishes directory structure and privilege/trust set

  4. New Features – Novell Support • Most Citrix/Novell customers use ZENworks’ Dynamic Local User (DLU) feature • Windows Username and Password must match Novell Username and password. • Enable Volatile User – to remove user credential upon exit. • Synchronizes user’s Novell and local NT user passwords, so user doesn’t have to enter two passwords

  5. New Features – Multi-factor Authenticators • Enhanced support for smart cards, tokens, biometrics, and proximity devices: • Support for user certificate-based (X.509 PKI) network authentication • Re-authentication via workstation lock (secure attention sequence Ctrl+Alt+Del) which reverts to the network authentication GINA

  6. New Features – Multi-factor Authenticators • Product testing with an ever-growing list of vendors(14 announced on March 23) • Smart cards: ActivCard, Axalto (Schlumberger), GemPlus, LOGICO, Netmaker • Biometrics: BioNet Systems, EKey, Identix, SAFLINK, Integrated Biometrics • Tokens: RSA, Secure Computing, VASCO, CRYPTOCard, Aladdin, PassGo • Proximity: Ensure • Vendor participation via a Security Partner program

  7. New Features – Extended Application Support • Java and Active X based applications • MPM 2.5 introduces support for ActiveX controls, Java scripts and Java applets • Based on difficulty level this may require services from Citrix Consulting • Must create both a Web app def and a Windows app def • Must export INI file, edit to add new settings, re-import • Drop Down Menus • Previously (MPM 2.0), drop-down menus could be handled only via SendKeys or manual selection • Send arrow keys or first letter of menu item • MPM 2.5 provides automated drop-down menu selection for Win32 (except .NET) and Web apps

  8. New Features – Extended Application Support • Improved Terminal Emulation Support • New configuration setting for terminal emulators that don’t write the location of their HLLAPI DLL in the registry • e.g. BOSaNOVA • Support for Long URLs • Previously (in MPM 2.0), URLs in excess of 256 characters could only be handled by substring matching • MPM 2.5 supports strict matching of very long URLs

  9. New Features – Extended Application Support • Difficult Applications • MPM 2.5 supports several unusual window characteristics • No window title • Dynamic (variable) window title • Dynamic class name • Examples: • Cerner medical apps (no window title or variable title) • McKesson PCView32 (dynamic class name) • Substring matching is now available for Win32 apps

  10. New Features – Logging Tool • Can be enabled when required to collect data on application detection and credential insertion • Intended to help troubleshoot difficult applications • For use by Technical Support or Citrix Consulting • Enabled by creating a “Log” registry entry • HKLM\Software Citrix\Metaframe Password Manager\Log • Provides agent logging • No security-sensitive data is written to the log

  11. New Features – Improved End User Interface • Confirmation of Agent Detection • End users are now asked to confirm if the agent properly recognized the login fields and submit button • Prevents users from incorrectly configuring the agent • Directs them to their administrator for more complex applications

  12. New Features – Improved End User Interface • Improved Identity Verification • MPM 2.0 • Default question: Enter generic answer. • Likely to cause user confusion • MPM 2.5 • Default question: What is your identity verification phrase? • Minimum length of response to default question increased from 8 to 12 characters for improved security • New admin option to eliminate default question if one or more other questions have been defined

  13. New Features – Improved End User Interface • Identity Verification UI • Better end user description • New default verification question. • Default answer now 12 characters

  14. Improved UI for Identity Verification

  15. New Features – Policy Enforcement • Enforcement of password policies now extended to manual password change • MPM 2.0 only allowed this for auto-generated passwords • Invalid password results in error message:

  16. New Features - New Agent Settings • Forced Credential Storage • Disable ability for end user to opt out of submitting credentials to Password Manager for applications with existing definitions • Yes/No/Never dialog box is skipped, taking user directly to the credentials entry screen • Show Tray Icon • Enable/Disable agent icon that appears in the taskbar • Example usage: • Admin decides to hide systray icon for agents deployed on MetaFrame Presentation Server • Result is that end user sees only one MPM icon, for the agent running on his own local machine

  17. Integration with MetaFrame Presentation Server 3.0 • Location of central store can be specified per user • Note: Can also be specified in HKCU (for customers not using MPS 3.0) • Different groups of users can have different settings by using multiple file shares • Large organizations can distribute users across multiple file shares • MPM can be enabled/disabled per user • Allows for staged roll-out without having to publish each application twice

  18. Performance Improvements Preliminary figures (March 2004), taken on a Presentation Server at 65% utilization with std. synchronization and a roaming profile:

  19. Troubleshooting - General • Check that the Agent is deployed and configured correctly. • Check if the agent is synchronizing properly • Check synchronization point • Hit refresh in the agent and check the time stamp of the ini files to see if they changed. • Agent’s sync point may have been changed using the console • Check if you have an adminoverride. • If you do, you will have to delete mmffile and the ini files. • The agent will then read the sync point from the registry again. • Go to the sync point and check for permissions and settings. • Check for network problems that may be causing the agent not to sync properly.

  20. Troubleshooting – Windows Applications • Check whether the application is being detected • Make sure you add multiple window title and class id for transient windows. • Check if Password Manager Agent is detecting the controls on the window • Others things to look for • Check for dynamic control ids by running the app repeatedly. • Check for null control ids • Check for same control ids for all controls – Send keys must be used. • Check exclusion list – maybe you have incorrectly configured the exclusion list.

  21. Troubleshooting – Web Applications • Need to use forms • Look for <FORM> tag in the source of the web page • Change the web page or you will have to use SendKeys • Look for java applets or client side scripting

  22. Troubleshooting – Host Applications • Check if SSOMHO is running • SSOMHO runs when it detects the terminal emulator configured • Following must be done in order for SSMHO to run: • Mfrmlist.ini on the Agent must have an entry for the emulator • Agent setting for host apps must be enabled • HLLAPI Short name must be defined for the emulator • Debug tool will tell you why SSOMHO.EXE did not launch. • If SSOMHO is running, check the application definition

  23. Competitors • Passlogix • Protocom • Sentillion • Evidian

  24. On the Horizon… • Next Release • Codename: “Abaco” • Release Timeframe: “Turnberry” Suite Release - 1H ‘05 • Release Focus • Hot Desktop (password and smart card authentication) • Self Service Password Reset • License Server • Administration Console • Enhanced/Alternate Credential store

More Related