Securing Citrix with SSL VPN Technology

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Securing Citrix with SSL VPN Technology"

Transcription

1 Securing Citrix with SSL VPN Technology An AEP Networks Solution Summary For years, Citrix Systems has dominated the server-based computing market as the solution of choice for application access across the enterprise. Citrix Presentation Server (formerly MetaFrame) delivers a scalable, comprehensive solution that yields unequivocal dividends. However, securing Presentation Server resources particularly for access beyond the LAN - remains a central challenge. Historically, Citrix administrators have had few options when implementing remote access to Citrix Presentation Server applications, beyond Citrix s resource- and server-intensive Secure Gateway for MetaFrame (Citrix Secure Gateway) software. Recently, Citrix has taken another stab at security by offering an acquired appliance called Citrix Access Gateway (CAG). While CAG is a decided step forward in terms of deployment and manageability, in truth the CAG appliance is lacking in flexibility and security features. For example, CAG was eliminated from Network World s December 2005 SSL VPN testing for its lack of web reverse proxy technology, a key requirement for secure, clientless application access. The product lacks third party security validation and accreditations, such as Federal Information Processing Standards (FIPS), ICSA Labs Secure Socket Layer - Transport Layer Security (SSL-TLS), and the Virtual Private Network Consortium (VPNC). CAG is also designed for Citrix applications, and does not support the variety of applications typically required for business users. For many organizations, CAG does not represent a true enterprise-class remote access solution. SSL VPNs offer a broader, more encompassing approach, providing crucial network security for Presentation Server as well as other application environments while adding important features unavailable with CAG. This paper describes the drawbacks associated with CAG and presents the AEP Netilla Security Platform, an SSL VPN from AEP Networks, as the best-of-breed alternative for simple, secure access to Citrix Presentation Server. Citrix Access Gateway Overview CAG, a 1U rack-mounted appliance, is designed as an access platform for Citrix-only environments. From an implementation perspective CAG is a much less complicated solution than its predecessor Citrix Secure Gateway, a software product requiring 2-4 servers to implement and significant effort to deploy and maintain. However, CAG is far from a total remote access solution: CAG lacks key security capabilities: Does not employ proxies - Relies on tunneling only creates an end-end connection that is much less secure. No industry certifications (FIPS, ICSA, and VPNC). Limited policy enforcement: No group information retrieved from ActiveDirectory or LDAP No stateful packet inspection (SPI) firewall

2 CAG lacks key functionality capabilities: Limited growth options: Cannot be securely extended to non-citrix applications (web-based, Linux, mainframe, or native Windows Terminal Services) Requires a full or ActiveX Windows client and administration rights on the remote user s PC. Confusing for end users: Requires multiple clicks to access Citrix applications Lacks authentication options (e.g. no client side certificates with revocation, no device identification, no embedded 2-factor server). Complicated deployment/management Requires Web Interface and a Secure Ticket Authority configured on the private network - lacks browser-based administration Poor reporting: While CAG supports standard Syslog/SNMP management, it is limited to failover and external load balancing SSL VPNs: A Better Approach SSL VPNs provide a much higher level of security compared to CAG, while adding a range of features that allow companies to extend their Citrix infrastructure with a surprising level of ease. The AEP Netilla Security Platform (NSP), for example, enhances Citrix with an icon-driven webtop with auto launch capabilities, an embedded 2-factor authentication server, server load balancing, session timeouts, robust reporting and logging, forced re-authentication, and client machine identification. The NSP provides this functionality through a powerful realms-based policy framework, allowing organizations to create customized policy enforcement containers depending on the access environment. For example, some users may require the full Outlook client via Citrix while others access Outlook Web Access through a reverse proxy. Road warriors who work from kiosks need endpoint integrity scans, while others must be limited to corporate-issued PCs only. A single NSP supports all these requirements to suit the assorted access needs of the enterprise. Securing Presentation Server Directly with the AEP Netilla Security Platform (NSP) For organizations that prefer to use the native Citrix ICA client, the NSP utilizes AEP s Intelligent Port Forwarding technology. As shown in Figure 1, this technique automatically delivers a Java client that sits on a remote Windows machine and looks for the TCP port that Presentation Server applications use. As soon as data starts to flow, the Port Forwarder Java client encapsulates and encrypts all the traffic in SSL and forwards it to the NSP gateway, where it can be deciphered and delivered to a Citrix Presentation Server. Figure 1: Port Forwarding the ICA Client (ActiveX, Java, Win32)

3 Once the user logs in to the NSP (via the authentication protocol used for the network), the NSP pulls the authorized applications that have been defined on the Citrix servers, and publishes icons for these applications directly onto the NSP s unified webtop. These Citrix icons are presented along with all the resources defined for that user (Web, Linux, mainframe or native Windows Terminal Server applications, as well as file shares). Alternatively, the NSP can be configured to auto-launch Citrix applications directly from the NSP s initial login screen. As an added benefit, updates made to Citrix applications by administrators are automatically reflected in the user s webtop, eliminating additional Administrator intervention. When a Citrix application is requested by the end user (either via clicking an icon or via the NSP s application auto-launch), the NSP checks to see if an ICA client is already resident on the user s computer; if not, it will package a Java applet containing the Citrix ICA client (Java or ActiveX) and install the client on the user s PC. Admin rights are not required for this process, nor are hosts file edits on the user s PC. This means that end users must only click an icon or log into the appliance to access Citrix applications; the NSP provides the appropriate client seamlessly and without administrative hassles. The NSP will publish any Citrix application a Windows desktop, full program neighborhood, or single Citrix application while standard Citrix printing and all other Presentation Server services such as Seamless Windows and load balancing are fully supported. Of note: The NSP provides access directly to the Presentation Servers themselves (without requiring Citrix Secure Gateway or Citrix Web Interface), further cutting costs and management. From an administrator s perspective, deploying Presentation Server via the NSP is a single-admin screen process: NSP administrators enter the IP or Hostname of a Citrix server running the XML service OR the host/ip of the SSL Relay The Admin selects standard options (application icon to display, server address, default ICA client to deliver, etc.) Admin selects users or groups (ActiveDirectory or LDAP) allowed to run the application set Option Two: Using AEP NSP Thin Proxy As an alternative to Intelligent Port Forwarding, the NSP offers an embedded thin-client proxy. In this arrangement, the NSP generates a proxy or representation of the application, so remote users can access different applications through native protocols such as Remote Desktop Protocol (RDP) data for Windows-based applications. Figure 2: Thin Client Proxy for Windows and Citrix Applications

4 As shown in Figure 2, the NSP intermediates the connection between remote-client requests and the network-based application server, terminating incoming SSL connections at the application layer in the NSP appliance, located in the DMZ. Once the incoming request is terminated, the NSP translates the data to the appropriate application protocol, such as RDP for the Terminal Server/Citrix server. During this termination period the NSP is able to apply security policy, functioning as a gatekeeper between the Internet and the private network. It is this crucial security benefit that distinguishes the NSP from competitors. In this application-layer proxy model, the end user never directly connects to a private side network resource; instead, the NSP functions as a proxy, protecting application servers from direct Internet exposure. Capping Citrix with NSP Thin Proxy Another benefit of NSP Thin Proxy technology accrues from simplifying the organization s use of Citrix. For example, even if an organization relies on Citrix for the LAN, remote users can leverage AEP Thin technology to talk RDP to the Citrix server, because Citrix is a service that runs on Windows Terminal Server. In this way, the NSP enables an organization to cap its Citrix deployment and instead deploy AEP thin-client technology to remote users, who access the same applications that they use in the office, rather than having to expand Citrix further. Or, organizations might prefer to make some Citrix applications available via Port Forwarding and others available via AEP s thin proxy. Both scenarios are possible in the same NSP, and in the same user s session, using AEP V- Realms. Secure ALL Business Application with a Single Appliance In addition to Port Forwarding and Thin proxy, the NSP also rewrites HTTP requests for web-based applications, allowing internal DNS addresses that do not resolve publicly to be accessed securely over the Internet. Company Web servers remain safe behind the firewall, in a highly secure portion of the private network, without the cost and maintenance of locking each server down for public access, while administrators gain granular access control to directories, servers, and paths on a user or group basis. Rounding out the NSP s access modes is Layer 3 (network-layer) tunneling for client/server-based applications, as well as a Java-based files browser with client drive mapping and drag, drop, copy and paste functionality.

5 Comparing the Approaches Citrix Access Gateway (CAG) AEP Netilla Security Platform (NSP) Access product Secure access product Citrix-focused access only lacks proxies Lacks third-party accreditation (no FIPS, ICSA, VPNC) Intrusive client-side install required required Admin rights on local PC Complex network deployment: Requires Web Interface and Secure Ticket Authority Provides end-to-end connections or tunnels Complicated management and configuration Conclusion: The Most Versatile SSL VPN Available NSP supports tunneling, Citrix, WTS, Linux as well as Web applications via more secure proxy technology Highly security focused (FIPS, ICSA, VPNC tested and approved) Non-intrusive end user deployment: NO Admin rights or hosts file edits on the local PC Much simpler: Direct communication from NSP to Presentation Server(s) in the private network Provides proxies to protect applications Simple to deploy and manage: Single-screen setup Trivial, limited authentication models V-realms containers for authentication, policy Complex for end users Multi-step end user access process Citrix apps published right in the user s portal one-click access to Citrix applications Single Sign On (SSO) capability via secure storage of credentials in session-based tokens for forwarding into applications Application autolaunch option Typical Citrix remote printing hassles Universal print driver for printing locally to ANY printer Supports third-party 2-Factor only Integrated VASCO 2-Factor authentication server eliminates extra hardware purchase or Citrix infrastructure changes. NSP also supports all third-party 2-Factor solutions from RSA, Aladdin, and others. In the final analysis, SSL VPNs offer tremendous value as secure application gateways, offering a far simpler, safer, and less costly approach than the CAG alternative. The result is a powerful tool - one that delivers a best-of-breed solution that maximizes an organizations application investment, while protecting the company s critical business assets. Try an Online Demo See for yourself: Visit and see how easy secure access to Citrix can be. Contact AEP Networks U.S: x5207 EMEA: +44 (0) Japan: Hong Kong:

Family Datasheet AEP Series A

Family Datasheet AEP Series A Trusted Security Everywhere Family Datasheet AEP Series A Covering: Hardware Edition Virtual Edition Load Balancer AEP Networks, Inc. All rights reserved. Secure Application Access 2500. 4500. 6500. 8500

More information

Citrix Access on SonicWALL SSL VPN

Citrix Access on SonicWALL SSL VPN Citrix Access on SonicWALL SSL VPN Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL SSL VPN 5.0. It also includes information about configuring

More information

SECURE ACCESS TO THE VIRTUAL DATA CENTER

SECURE ACCESS TO THE VIRTUAL DATA CENTER SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need

More information

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table

More information

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common

More information

What s New in Juniper s SSL VPN Version 6.0

What s New in Juniper s SSL VPN Version 6.0 What s New in Juniper s SSL VPN Version 6.0 This application note describes the new features available in Version 6.0 of the Secure Access SSL VPN products. This document assumes familiarity with the Juniper

More information

ULTEO OPEN VIRTUAL DESKTOP ARCHITECTURE OVERVIEW

ULTEO OPEN VIRTUAL DESKTOP ARCHITECTURE OVERVIEW ULTEO OPEN VIRTUAL DESKTOP V4.0.2 ARCHITECTURE OVERVIEW Contents 1 Introduction 2 2 Servers Roles 3 2.1 Session Manager................................. 3 2.2 Application Server................................

More information

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series PRODUCT CATEGORY BROCHURE Juniper Networks SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations

More information

PRODUCT CATEGORY BROCHURE

PRODUCT CATEGORY BROCHURE PRODUCT CATEGORY BROCHURE SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations of Every Size

More information

SSL VPN Technical Primer

SSL VPN Technical Primer 4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Novell Access Manager SSL Virtual Private Network

Novell Access Manager SSL Virtual Private Network White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...

More information

www.novell.com/documentation SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

www.novell.com/documentation SSL VPN Server Guide Access Manager 3.1 SP5 January 2013 www.novell.com/documentation SSL VPN Server Guide Access Manager 3.1 SP5 January 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Dell SonicWALL SRA 7.5 Citrix Access

Dell SonicWALL SRA 7.5 Citrix Access Dell SonicWALL SRA 7.5 Citrix Access Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through Dell SonicWALL SRA 7.5. It also includes information about

More information

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1 IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1 Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2 The Traditional Extended Enterprise Fixed

More information

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco

More information

Citrix Access Gateway

Citrix Access Gateway F E A T U R E S O V E R V I E W Citrix Access Gateway Citrix Access Gateway is a universal SSL VPN appliance that combines the best features of IPSec and typical SSL VPNs without the costly and cumbersome

More information

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013 SSL VPN Server Guide Access Manager 3.2 SP2 June 2013 Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A

More information

Copyright Giritech A/S. Secure Mobile Access

Copyright Giritech A/S. Secure Mobile Access Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary

More information

Expanding the Value of the Windows Terminal Server Investment. HOBLink JWT HOB Enhanced Terminal Services

Expanding the Value of the Windows Terminal Server Investment. HOBLink JWT HOB Enhanced Terminal Services Expanding the Value of the Windows Terminal Server Investment HOBLink JWT HOB Enhanced Terminal Services 2001 by HOB electronic GmbH & Co. KG Information in this document is subject to change without notice,

More information

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Citrix MetaFrame XP Security Standards and Deployment Scenarios Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document

More information

Secure remote access to your applications and data. Secure Application Access

Secure remote access to your applications and data. Secure Application Access Secure Application Access Secure remote access to your applications and data Accops HySecure is an application access gateway that enables secure access to corporate applications, desktops and network

More information

SCENARIO EXAMPLE. Case study of an implementation of Swiss SafeLab M.ID with Citrix. Redundancy and Scalability

SCENARIO EXAMPLE. Case study of an implementation of Swiss SafeLab M.ID with Citrix. Redundancy and Scalability SCENARIO EXAMPLE Case study of an implementation of Swiss SafeLab M.ID with Citrix Redundancy and Scalability Informations about the following case study The following example shows an installation of

More information

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

2003, Rainbow Technologies, Inc.

2003, Rainbow Technologies, Inc. Expertise Corporate 25 Years of Security SMB to Fortune 30 Access Control 28 Million Hardware Keys 50% Token market share 6 Years of ikey Web Security 10 Years of SSL Secure > 50% of the Data NetSwift

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

What s New in Juniper s IVE Platform Version 5.2. Highlights of this Release. What s New in IVE v5.2

What s New in Juniper s IVE Platform Version 5.2. Highlights of this Release. What s New in IVE v5.2 What s New in Juniper s IVE Platform Version 5.2 This application note describes the new features available in Version 5.2 of the IVE platform for all Secure Access SSL VPN products. This document assumes

More information

Interwise Connect. Working with Reverse Proxy Version 7.x

Interwise Connect. Working with Reverse Proxy Version 7.x Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web

More information

SSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN

SSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN 1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10

More information

How To Configure SSL VPN in Cyberoam

How To Configure SSL VPN in Cyberoam How To Configure SSL VPN in Cyberoam Applicable Version: 10.00 onwards Overview SSL (Secure Socket Layer) VPN provides simple-to-use, secure access for remote users to the corporate network from anywhere,

More information

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc. SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification

More information

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not

More information

SSL VPN Server Guide. Access Manager 4.0. November 2013

SSL VPN Server Guide. Access Manager 4.0. November 2013 SSL VPN Server Guide Access Manager 4.0 November 2013 Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

Java Secure Application Manager

Java Secure Application Manager Java Secure Application Manager How-to Introduction:...1 Overview:...1 Operation:...1 Example configuration:...2 JSAM Standard application support:...6 a) Citrix Web Interface for MetaFrame (NFuse Classic)...6

More information

Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources

Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources Table of Contents Introduction.........................................................................................

More information

SSL VPN A look at UCD through the tunnel

SSL VPN A look at UCD through the tunnel SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within

More information

Barracuda SSL VPN Administrator s Guide

Barracuda SSL VPN Administrator s Guide Barracuda SSL VPN Administrator s Guide Version 1.5.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2009, Barracuda Networks,

More information

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK Barracuda Networks Technical Documentation Barracuda SSL VPN Administrator s Guide Version 2.x RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks, Inc. www.barracuda.com v20-110511w-02-110915jc

More information

Deploying NetScaler Gateway in ICA Proxy Mode

Deploying NetScaler Gateway in ICA Proxy Mode Deploying NetScaler Gateway in ICA Proxy Mode Deployment Guide This deployment guide defines the configuration required for using the NetScaler Gateway in ICA Proxy Mode. Table of Contents Introduction

More information

CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions

CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions Overview The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure,

More information

Citrix Receiver for Mobile Devices Troubleshooting Guide

Citrix Receiver for Mobile Devices Troubleshooting Guide Citrix Receiver for Mobile Devices Troubleshooting Guide www.citrix.com Contents REQUIREMENTS...3 KNOWN LIMITATIONS...3 TROUBLESHOOTING QUESTIONS TO ASK...3 TROUBLESHOOTING TOOLS...4 BASIC TROUBLESHOOTING

More information

Setup Guide Access Manager Appliance 3.2 SP3

Setup Guide Access Manager Appliance 3.2 SP3 Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Propalms TSE Deployment Guide

Propalms TSE Deployment Guide Propalms TSE Deployment Guide Version 7.0 Propalms Ltd. Published October 2013 Overview This guide provides instructions for deploying Propalms TSE in a production environment running Windows Server 2003,

More information

Release Version 4.1 The 2X Software Server Based Computing Guide

Release Version 4.1 The 2X Software Server Based Computing Guide Release Version 4.1 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless

More information

2X ApplicationServer & LoadBalancer Manual

2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,

More information

F5 BIG-IP: Configuring v11 Access Policy Manager APM

F5 BIG-IP: Configuring v11 Access Policy Manager APM coursemonster.com/uk F5 BIG-IP: Configuring v11 Access Policy Manager APM View training dates» Overview This three day course gives networking professionals a functional understanding of the BIG-IPÂ APM

More information

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Configuring SonicWALL TSA on Citrix and Terminal Services Servers Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,

More information

Leostream Corporation leostream.com help@leostream.com Share this Whitepaper!

Leostream Corporation leostream.com help@leostream.com Share this Whitepaper! Introduction... 3 Advantages of Providing Remote Access to Personal PC... 4 Disadvantages of Typical Remote Access Solutions in a Corporate Environment... 5 Why Use Leostream for Remote Access... 5 Using

More information

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and

More information

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills

More information

2X ApplicationServer & LoadBalancer Manual

2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,

More information

Deliver Secure and Fast Remote Access to Anyone from Any Device

Deliver Secure and Fast Remote Access to Anyone from Any Device Gateway DATASHEET What s Inside: 2 Improved User Experience and Productivity 4 Superior Security 5 Accelerated Application Performance 6 Streamlined Access Management 8 Scalability and Flexibility to Meet

More information

Deploying Citrix MetaFrame with the FirePass Controller

Deploying Citrix MetaFrame with the FirePass Controller Deployment Guide Deploying Citrix Presentation Server (MetaFrame) with the FirePass Controller Deploying Citrix MetaFrame with the FirePass Controller Welcome to the F5 FirePass controller Deployment Guide

More information

Release Version 3 The 2X Software Server Based Computing Guide

Release Version 3 The 2X Software Server Based Computing Guide Release Version 3 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

Implementing PCoIP Proxy as a Security Server/Access Point Alternative

Implementing PCoIP Proxy as a Security Server/Access Point Alternative Implementing PCoIP Proxy as a Security Server/Access Point Alternative Overview VMware s Horizon Security Server and Access Point provides secure access to sessions over an unsecured WAN and/or Internet

More information

Mobile Access R75.40. Administration Guide. 13 August 2012. Classification: [Protected]

Mobile Access R75.40. Administration Guide. 13 August 2012. Classification: [Protected] Mobile Access R75.40 Administration Guide 13 August 2012 Classification: [Protected] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected

More information

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1 Pass Through Proxy How-to Overview:..1 Why PTP?...1 Via an SA port...1 Via external DNS resolution...1 Examples of Using Passthrough Proxy...2 Example configuration using virtual host name:...3 Example

More information

AnyConnect VPN Client FAQ

AnyConnect VPN Client FAQ AnyConnect VPN Client FAQ Document ID: 107391 Questions Introduction What level of rights is required for the AnyConnect client? Is a reboot required after AnyConnect is installed/upgraded? Is it possible

More information

Proof of Concept Guide

Proof of Concept Guide Proof of Concept Guide Version 4.0 Published: OCT-2013 Updated: 2005-2013 Propalms Ltd. All rights reserved. The information contained in this document represents the current view of Propalms Ltd. on the

More information

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual 2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual 2X VirtualDesktopServer Contents 1 2X VirtualDesktopServer Contents 2 URL: www.2x.com E-mail: info@2x.com Information in this document

More information

Clientless SSL VPN Users

Clientless SSL VPN Users Manage Passwords, page 1 Username and Password Requirements, page 3 Communicate Security Tips, page 3 Configure Remote Systems to Use Clientless SSL VPN Features, page 3 Manage Passwords Optionally, you

More information

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

DIGIPASS Authentication for Sonicwall Aventail SSL VPN DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties

More information

NetSpective Global Proxy Configuration Guide

NetSpective Global Proxy Configuration Guide NetSpective Global Proxy Configuration Guide Table of Contents NetSpective Global Proxy Deployment... 3 Configuring NetSpective for Global Proxy... 5 Restrict Admin Access... 5 Networking... 6 Apply a

More information

FEATURE. THE RISE OF SSL VPNS by Ian Kilpatrick, chairman Wick Hill Group. Summary of feature. 1300 words. * Recent growth of SSL VPNs

FEATURE. THE RISE OF SSL VPNS by Ian Kilpatrick, chairman Wick Hill Group. Summary of feature. 1300 words. * Recent growth of SSL VPNs FEATURE THE RISE OF SSL VPNS by Ian Kilpatrick, chairman Wick Hill Group 1300 words Summary of feature * Recent growth of SSL VPNs * Aim of VPN technology - controlled, secure and managed access to any

More information

COORDINATED THREAT CONTROL

COORDINATED THREAT CONTROL APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,

More information

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

DIGIPASS Authentication for Check Point Security Gateways

DIGIPASS Authentication for Check Point Security Gateways DIGIPASS Authentication for Check Point Security Gateways With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 38 Disclaimer Disclaimer of Warranties and

More information

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Licenses are not interchangeable between the ISRs and NGX Series ISRs. Q&A Cisco IOS SSL VPN Q. What is Cisco IOS SSL VPN or SSL VPN? A. Secure Sockets Layer (SSL)-based VPN is an emerging technology that provides remote-access connectivity from almost any Internet-enabled

More information

Microsoft Terminal Server and Citrix Presentation Server Deployment Environments

Microsoft Terminal Server and Citrix Presentation Server Deployment Environments Microsoft Terminal Server and Citrix Presentation Server Deployment Environments Understanding the use of Act! in a Terminal Server or Citrix Presentation Server environment Table of Contents Introduction...

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Sophos UTM. Remote Access via SSL. Configuring UTM and Client Sophos UTM Remote Access via SSL Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER OVERVIEW OF OPEN VIRTUAL DESKTOP Mathieu SCHIRES Version: 1.0.2 Published April 9, 2015 http://www.inuvika.com Contents 1 Introduction 2 2 Terminology and

More information

SSL-VPN 200 Getting Started Guide

SSL-VPN 200 Getting Started Guide Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN

More information

Application Note: Integrate Juniper SSL VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com

Application Note: Integrate Juniper SSL VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com Application Note: Integrate Juniper SSL VPN with Gemalto SA Server SASolutions@gemalto.com October 2007 www.gemalto.com Table of contents Table of contents... 2 Overview... 3 Architecture... 5 Configure

More information

Communication Ports Used by Citrix Technologies. April 2011 Version 1.5

Communication Ports Used by Citrix Technologies. April 2011 Version 1.5 Communication Ports Used by Citrix Technologies April 2011 Version 1.5 Overview Introduction This document provides an overview of ports that are used by Citrix components and must be considered as part

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

Stealth OpenVPN and SSH Tunneling Over HTTPS

Stealth OpenVPN and SSH Tunneling Over HTTPS Stealth OpenVPN and SSH Tunneling Over HTTPS Contents Tunneling OpenVPN and SSH via HTTPS for Windows,MAC and Linux... 1 Benefits of HTTPS Tunneling:... 2 Pre-Requisites:... 3 Part A: Step by Step Instructions

More information

Enterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)...

Enterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)... CONTENTS Enterprise Solution for Remote Desktop Services... 2 System Administration... 3 Server Management... 4 Server Management (Continued)... 5 Application Management... 6 Application Management (Continued)...

More information

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2? TM SSL-VPN: How to setup SSL-VPN feature (NetExtender Access)... of 6 1/12/2013 11:46 PM Question/Title UTM SSL-VPN: How to setup SSL-VPN feature (NetExtender Access) on SonicOS Enhanced (SonicOS 5.6 and

More information

SSL-Based Remote-Access VPN Solution

SSL-Based Remote-Access VPN Solution Cisco IOS SSL VPN SSL-Based Remote-Access VPN Solution Product Overview Cisco IOS SSL VPN is the first router-based solution offering Secure Sockets Layer (SSL) VPN remote-access connectivity integrated

More information

Citrix StoreFront 2.0

Citrix StoreFront 2.0 White Paper Citrix StoreFront 2.0 Citrix StoreFront 2.0 Proof of Concept Implementation Guide www.citrix.com Contents Contents... 2 Introduction... 3 Architecture... 4 Installation and Configuration...

More information

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER ARCHITECTURE OVERVIEW AND SYSTEM REQUIREMENTS Mathieu SCHIRES Version: 1.0.0 Published March 5, 2015 http://www.inuvika.com Contents 1 Introduction 3 2 Architecture

More information

WHITEPAPER IPSEC VPN Vs. SSL VPN

WHITEPAPER IPSEC VPN Vs. SSL VPN WHITEPAPER IPSEC VPN Vs. SSL VPN Introduction Whether a result of tele-working initiatives, contingencies for events such as 9/11, SARS, and the East Coast Blackout, or just addressing the need to balance

More information

Accessing the Media General SSL VPN

Accessing the Media General SSL VPN Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Introduction to the EIS Guide

Introduction to the EIS Guide Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

More information

A new Secure Remote Access Platform from Giritech. Page 1

A new Secure Remote Access Platform from Giritech. Page 1 A new Secure Remote Access Platform from Giritech Page 1 Remote users have preferences G/On 5 works for Windows, Mac and Linux The G/On Client user experience is specific to the operating system Users

More information

visionapp Remote Desktop 2010 (vrd 2010)

visionapp Remote Desktop 2010 (vrd 2010) visionapp Remote Desktop 2010 (vrd 2010) Convenient System Management P roduct Information www.vrd2010.com Inhalt 1 Introduction... 1 2 Overview of Administration Tools... 1 2.1 RDP Administration Tools...

More information

Communication ports used by Citrix Technologies. July 2011 Version 1.5

Communication ports used by Citrix Technologies. July 2011 Version 1.5 Communication ports used by Citrix Technologies July 2011 Version 1.5 Overview Introduction This document provides an overview of ports that are used by Citrix components and must be considered as part

More information

App Orchestration 2.0

App Orchestration 2.0 App Orchestration 2.0 Configuring NetScaler Load Balancing and NetScaler Gateway for App Orchestration Prepared by: Christian Paez Version: 1.0 Last Updated: December 13, 2013 2013 Citrix Systems, Inc.

More information

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services

More information

Delivering SSL VPN Remote Access without Compromising Security Connectra: Providing a diverse set of solutions for different remote access challenges

Delivering SSL VPN Remote Access without Compromising Security Connectra: Providing a diverse set of solutions for different remote access challenges White Paper Delivering SSL VPN Remote Access without Compromising Security Connectra: Providing a diverse set of solutions for different remote access challenges Check Point protects every part of your

More information

DIGIPASS Authentication for Cisco ASA 5500 Series

DIGIPASS Authentication for Cisco ASA 5500 Series DIGIPASS Authentication for Cisco ASA 5500 Series With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 20 Disclaimer Disclaimer of Warranties and Limitations

More information

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Building Your Complete Remote Access Infrastructure on Windows Server 2012 Building Your Complete Remote Access nappliance White Paper August 2012 Introduction Remote access is a complex challenge for IT administrators. Providing system access to remote users involves a broad

More information

VIRTUAL DESKTOP I SOLUTIONS

VIRTUAL DESKTOP I SOLUTIONS VIRTUAL DESKTOP I SOLUTIONS A TECHNICAL OVERVIEW Justin Stevens 1 Agenda Introductions VMware VDI Solutions Sun VDI Solutions Sun VDI In-Depth Look 2 Desktop Management Goals Centralize Computing Resources

More information