1 / 7

Citrix Receiver – The Challenge

Citrix Receiver – The Challenge. Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively determine users’ ID for security CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware Installation and Configuration Issues

rollin
Download Presentation

Citrix Receiver – The Challenge

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Citrix Receiver – The Challenge • Certificate-Based Authentication (CBA - 2FA) • The organization MUST be able to positively determine users’ ID for security • CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware • Installation and Configuration Issues • Citrix Installation might suffer conflicts and related issues (incompatibility, conflicting versions, etc.) • If the connection runs through VPN SSL – users will require plug-ins and/or specific browser version • Additional plug-ins might be required for organizational portal (.net, Java, etc.) • If a self-signed certificate (server certificate) is used, users have to configure end-point’s browser • Data Leakage • Hard to manage where users export data to (machines/media) and how they use it • A misconfigured machine might be used by unauthorized personal for accessing sensitive data

  2. Citrix Receiver – The Challenge • Certificate-Based Authentication (CBA - 2FA) • The organization MUST be able to positively determine users’ ID for security • CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware • Installation and Configuration Issues • Citrix Installation might suffer conflicts and related issues (incompatibility, conflicting versions, etc.) • If the connection runs through VPN SSL – users will require plug-ins and/or specific browser version • Additional plug-ins might be required for organizational portal (.Net, Java, etc.) • If a self-signed certificate (server certificate) is used, users have to configure end-point’s browser • Data Leakage • Hard to manage where users export data to (machines/media) and how they use it • A misconfigured machine might be used by unauthorized personal for accessing sensitive data Tough security issues. Data compromise. High helpdesk costs. Hard to manage.

  3. Citrix Receiver + 2FA: Current Situation • Traditional technologies demand that each component will be distributed separately to EACH end-point: • 2FA Middleware • Citrix Receiver Client(for both managed and unmanaged machines) • VPN SSL add-on for browser • Self-signed certificate • Additional required plug-ins/software • Unmanaged machines are handled by the end user. • Novice/non-savvy users will probably require helpdesk services. Receiver Client 2FA Hardware Self-Signed Certificate Additional Software Citrix Farm / IT Dept. End User Data & User Policies VPNSSL Add-on & URL 2FA Middleware Helpdesk What a mess… Home PC Laptop/Any PC Contractors Branch PCs

  4. Citrix Receiver + 2FA: Current Situation • Middleware • Citrix Receiver Client(for both managed and unmanaged machines) • VPN SSL add-on for browser • Self-signed certificate • Additional required plug-ins/software • Are all mounted on one device… • Centrally managed… • In plug-and-play mode… • On a single device for any platform at any time. But what if… Receiver Client 2FA Hardware Self-Signed Certificate Additional Software Citrix Farm / IT Dept. End User Data & User Policies VPNSSL Add-on & URL 2FA Middleware Helpdesk Home PC Laptop/Any PC Contractors Branch PCs This is exactly what Ceedo for Citrix is!

  5. The Solution: Ceedo for Citrix Solution: Pack everything into a plug-and-play platform on USB drive or 2FA device! • Administrator pre-configurescomponents, apps in a Ceedofor Citrix workspace and installs it on a flash drive or USB token. • USB drives or installation packagedelivered to end-users(usually in a read-only partition). • Users plug in devices and startworking immediately! Zero-installand zero footprint - nothing is leftbehind after USB is unplugged. • Workspaces can be managed remotely from the cloud. Ceedo Workspace Self-Signed Certificate Receiver Client Sandboxed Browser Additional Software Data & User Policies VPN SSL Add-on & URL PKI Middleware Home PC Laptop/Any PC Contractors Branch PCs

  6. Ceedo for Citrix Technology • Virtual Runtime Environment • Acts as a surrogate OS • Runs all components within a sandbox • Works entirely in User Mode • No admin rights or installation required • Cross windows platforms • Device architecture (varies) • Flash memory on 2FA device or regular USB drive • Partitioned to Read Onlyand Read/Write • Read Only:Ceedo workspace, 2FA Middleware or software and all other applications and components. • Read/Write: User Data and customizations. Ceedo Package Creator (CPC) Ceedo Enterprise Manager (CME) • Management System • CEM: Creates Ceedo workspaces and their policies. • CPC: Creates application packages. • CCMS: Assigns users and groups with devices, workspaces, edits and creates policies, aggregates usage data, and more (web-based)… Ceedo Client Management (CCMS) Virtual Runtime Environment

  7. To Conclude: Ceedo for Citrix Key Features • Plug-and-Play zero-install CitrixReceiver on a flash memory of a 2FA device (or any USB thumb-drive). • Encrypted data, sandboxed apps and enables configuring user-rights policies enforcement (access to drives, printers, etc.). • Includes a built-in pre-configured browser, plug-ins and additional software. • Allows for remote management of policies and component updates. • Roam from PC to PC, regardless of OS version and user privileges.

More Related