70 likes | 242 Views
Citrix Receiver – The Challenge. Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively determine users’ ID for security CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware Installation and Configuration Issues
E N D
Citrix Receiver – The Challenge • Certificate-Based Authentication (CBA - 2FA) • The organization MUST be able to positively determine users’ ID for security • CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware • Installation and Configuration Issues • Citrix Installation might suffer conflicts and related issues (incompatibility, conflicting versions, etc.) • If the connection runs through VPN SSL – users will require plug-ins and/or specific browser version • Additional plug-ins might be required for organizational portal (.net, Java, etc.) • If a self-signed certificate (server certificate) is used, users have to configure end-point’s browser • Data Leakage • Hard to manage where users export data to (machines/media) and how they use it • A misconfigured machine might be used by unauthorized personal for accessing sensitive data
Citrix Receiver – The Challenge • Certificate-Based Authentication (CBA - 2FA) • The organization MUST be able to positively determine users’ ID for security • CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware • Installation and Configuration Issues • Citrix Installation might suffer conflicts and related issues (incompatibility, conflicting versions, etc.) • If the connection runs through VPN SSL – users will require plug-ins and/or specific browser version • Additional plug-ins might be required for organizational portal (.Net, Java, etc.) • If a self-signed certificate (server certificate) is used, users have to configure end-point’s browser • Data Leakage • Hard to manage where users export data to (machines/media) and how they use it • A misconfigured machine might be used by unauthorized personal for accessing sensitive data Tough security issues. Data compromise. High helpdesk costs. Hard to manage.
Citrix Receiver + 2FA: Current Situation • Traditional technologies demand that each component will be distributed separately to EACH end-point: • 2FA Middleware • Citrix Receiver Client(for both managed and unmanaged machines) • VPN SSL add-on for browser • Self-signed certificate • Additional required plug-ins/software • Unmanaged machines are handled by the end user. • Novice/non-savvy users will probably require helpdesk services. Receiver Client 2FA Hardware Self-Signed Certificate Additional Software Citrix Farm / IT Dept. End User Data & User Policies VPNSSL Add-on & URL 2FA Middleware Helpdesk What a mess… Home PC Laptop/Any PC Contractors Branch PCs
Citrix Receiver + 2FA: Current Situation • Middleware • Citrix Receiver Client(for both managed and unmanaged machines) • VPN SSL add-on for browser • Self-signed certificate • Additional required plug-ins/software • Are all mounted on one device… • Centrally managed… • In plug-and-play mode… • On a single device for any platform at any time. But what if… Receiver Client 2FA Hardware Self-Signed Certificate Additional Software Citrix Farm / IT Dept. End User Data & User Policies VPNSSL Add-on & URL 2FA Middleware Helpdesk Home PC Laptop/Any PC Contractors Branch PCs This is exactly what Ceedo for Citrix is!
The Solution: Ceedo for Citrix Solution: Pack everything into a plug-and-play platform on USB drive or 2FA device! • Administrator pre-configurescomponents, apps in a Ceedofor Citrix workspace and installs it on a flash drive or USB token. • USB drives or installation packagedelivered to end-users(usually in a read-only partition). • Users plug in devices and startworking immediately! Zero-installand zero footprint - nothing is leftbehind after USB is unplugged. • Workspaces can be managed remotely from the cloud. Ceedo Workspace Self-Signed Certificate Receiver Client Sandboxed Browser Additional Software Data & User Policies VPN SSL Add-on & URL PKI Middleware Home PC Laptop/Any PC Contractors Branch PCs
Ceedo for Citrix Technology • Virtual Runtime Environment • Acts as a surrogate OS • Runs all components within a sandbox • Works entirely in User Mode • No admin rights or installation required • Cross windows platforms • Device architecture (varies) • Flash memory on 2FA device or regular USB drive • Partitioned to Read Onlyand Read/Write • Read Only:Ceedo workspace, 2FA Middleware or software and all other applications and components. • Read/Write: User Data and customizations. Ceedo Package Creator (CPC) Ceedo Enterprise Manager (CME) • Management System • CEM: Creates Ceedo workspaces and their policies. • CPC: Creates application packages. • CCMS: Assigns users and groups with devices, workspaces, edits and creates policies, aggregates usage data, and more (web-based)… Ceedo Client Management (CCMS) Virtual Runtime Environment
To Conclude: Ceedo for Citrix Key Features • Plug-and-Play zero-install CitrixReceiver on a flash memory of a 2FA device (or any USB thumb-drive). • Encrypted data, sandboxed apps and enables configuring user-rights policies enforcement (access to drives, printers, etc.). • Includes a built-in pre-configured browser, plug-ins and additional software. • Allows for remote management of policies and component updates. • Roam from PC to PC, regardless of OS version and user privileges.