1 / 28

Citrix Access Gateway Enterprise Edition Technical Overview

Citrix Access Gateway Enterprise Edition Technical Overview. Seceidos GmbH&Co. KG Robert Hochrein robert.hochrein@seceidos.de. Complex and Demanding Environments. Advanced Access Control and Device Flexibility. Simple and Cost Effective Secure Remote Access. Access Gateway

niveditha
Download Presentation

Citrix Access Gateway Enterprise Edition Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Citrix Access Gateway Enterprise EditionTechnical Overview Seceidos GmbH&Co. KG Robert Hochrein robert.hochrein@seceidos.de

  2. Complex and Demanding Environments Advanced Access Control and Device Flexibility Simple and Cost Effective Secure Remote Access Access Gateway Enterprise Edition Access Gateway Advanced Edition Access Gateway Standard Edition best forPresentation Server Environments best forSmall-to-Midsized Customers best forEnterpriseDeployments Citrix Access GatewaySSL VPN Remote Access Internal and Partner Use Only

  3. Access Gateway Enterprise EditionFeatures & Benefits Internal and Partner Use Only

  4. Access Gateway Enterprise EditionFeatures & Benefits (continued) Internal and Partner Use Only

  5. Access Gateway Enterprise Edition Appliance Options Internal and Partner Use Only

  6. Methods of Initial Configuration • Command-line Interface (CLI) • Java Configuration Utility (GUI) Internal and Partner Use Only

  7. Basic Configuration – cli method To access the configuration utility using supplied console cable and terminal emulation of 9600,N,8,1 • REVIEW CONFIGURATION PARAMETERS MENU • ------------------------------------ • This menu allows you to view and/or modify the NetScaler's configuration. • Each configuration parameter displays its current value within brackets • if it has been set. To change a value, enter the number that is displayed • next to it. • ------------------------------------ • 1. NetScaler's IP address: [192.168.100.1] • 2. Netmask: [255.255.0.0] • 3. Advanced Network Configuration. • 4. Time zone. • 5. Cancel all the changes and exit. • 6. Apply changes and exit. • Select a menu item from 1 to 6 [6] Tech 1 Internal and Partner Use Only

  8. Accessing the Administration Portal A open web browser to the default IP (http://192.168.100.1) Internal and Partner Use Only

  9. Configuration Utility Login - Accept the certificate warning • Login with default user “nsroot” • Default password is “nsroot” Internal and Partner Use Only

  10. Management traffic uses port 3010 and an encrypted protocol Administration Traffic Administrator Workstation Internal and Partner Use Only

  11. Quick Start with the SSL VPN Wizard Start the Wizard Set the IP address Set the SSL certificate Select a DNS server Point to a AAA server And you’re done! Internal and Partner Use Only

  12. Define Multiple Virtual Servers • Each virtual server has a unique: • IP address and FQDN • SSL certificate • Authentication configuration • Policy set • Policies can optionally derive from a global policy set Vpn1.company.com (10.10.10.1) Vpn2.company.com (10.10.10.2) Vpn3.company.com (10.10.10.3) Internal and Partner Use Only

  13. Dashboard Utility Internal and Partner Use Only

  14. Authentication • Supports Major Authentication Methods • Active Directory • LDAP • NTLM • RADIUS (with challenge-response support) • RSA SecurID • TACASC+ • Local • Client Certificates • Supports Cascading Authentication Internal and Partner Use Only

  15. Authorization • Policy Driven Access • Authentication by Policy • Authorization by Policy • Session control by Policy • Auditing by Policy • Wide Variety of Criteria • Policy based on network information • Policy based on application access • Policy based on client certificate parameters • Policy based on client configurations • Highly Granular Access Control • Users/Groups up to Global policies • HTTP authorization based on URL • TCP/IP authorization based on address and port Internal and Partner Use Only

  16. Full Administrative Audit Trail All management operations logged Full User Audit Trail All session activity (login, logout, timeout) All network flows (not just web) All System Events Support for External Syslog Servers Auditing Internal and Partner Use Only

  17. Client Security • Session Policies can control: • Split tunneling • Forward proxy definitions • Session timeout values • Client security • End Point Analysis • Built-in support for Antivirus checks • Built-in support for Firewall checks • Host identification • Client Side Clean Up • Clean browser cache, history, auto-completion files, plug-ins, etc. • Control with session policies • Administrator can mandate Internal and Partner Use Only

  18. SYN SYN +ACK SYN SYN +ACK SYN SYN +ACK SYN SYN +ACK Denial of Service Protection – SYN Attacks Server Client Client Server SYN SYN +ACK ACK Normal TCP Sequence SYN Flood Enterprise Edition avoids memory consumption with packet cookies Internal and Partner Use Only

  19. request request request Javascript challenge Javascript challenge Javascript challenge Other Denial of Server Protections • Other Prevented Attacks: • Packet Floods • HTTP GET Floods • SSL Floods • Idle Connection Floods Internal and Partner Use Only

  20. Security • User Quarantine • Users assigned to a quarantine group when end-point analysis fails • Differentiated session and resource authorization policies • Use to grant limited access to remediation sites Web Email Web Portal Quarantined Quarantined Quarantined Internal and Partner Use Only

  21. Client Support • All Windows Platforms • Windows 98/ME • Windows NT/2000/XP/SP2 • Windows CE and PocketPC • MacOS X and Linux • Java Based Client • Reliable Application Access • No application content modification • Enforces Client Security Internal and Partner Use Only

  22. Navigation Homepage • Bookmarks • Customize global bookmarks • Per-User bookmarks • Filesystem bookmarks • Themes • Custom style sheets supported • Logo update • End user can pick their own colors • Integrated File Manager • Web based file access • Unicode Support Internal and Partner Use Only

  23. Servers can use this Mapped IP address to establish server-initiated connections back to the client. Server-Initiated Requests Source IP = Mapped IP Source IP = Client IP Client connects and is assigned a unique Mapped IP address Internal and Partner Use Only

  24. High Availability Pairing Master Network health-check packets are exchanged Vpn.company.com (10.10.10.1) Backup Two appliances can be linked to form an active / passive cluster. Health-checking packets are constantly exchanged between the pair. When the master fails, the backup assumes the IP address. All connections from the client are broken and must be re-established. Internal and Partner Use Only

  25. Global Server Load Balancing (GSLB) • Distributes network traffic across multiple sites • Route client connections to the nearest site • Distributes server load across multiple sites • Implement Disaster recovery Internal and Partner Use Only

  26. 5x Faster Includes NetScaler Capabilities Internet Internal and Partner Use Only

  27. Access Gateway Enterprise Edition Access Gateway Enterprise Edition The best solution for the complex and demanding enterprise! Internal and Partner Use Only

More Related