Using LDC with Citrix XenApp



Similar documents
Using Websense Data Endpoint Client Software

PRiSM Security. Configuration and considerations

DriveLock and Windows 8

CREDENTIAL MANAGER IN WINDOWS 7

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

DriveLock Quick Start Guide

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

Citrix XenApp-7.6 Administration Training. Course

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

FileMaker Pro 13. Using a Remote Desktop Connection with FileMaker Pro 13

1 Preventing Devices from Connecting to Unsecure Wireless Networks

CXA-201-2I Implementing Citrix XenApp 5.0 for Windows Server 2008

Citrix Remote Access Work Instructions

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

PDFDumps. PDFDumps can solve all your IT exam problems and broaden your knowledge

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

DriveLock and Windows 7

Connecting your Blackberry to Aliant Hosted Exchange. Instructions for connecting Blackberry hand-held devices to Aliant Hosted Exchange

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Secure Global Desktop (SGD)

VMware Horizon Workspace Security Features WHITE PAPER

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

CTX-1259BI Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003: Administration

Check Point FDE integration with Digipass Key devices

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

How To Restore Your Data On A Backup By Mozy (Windows) On A Pc Or Macbook Or Macintosh (Windows 2) On Your Computer Or Mac) On An Pc Or Ipad (Windows 3) On Pc Or Pc Or Micro

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

Desktop Web Access Single Sign-On Configuration Guide

Allianz Global Investors Remote Access Guide

Hallpass Instructions for Connecting to Mac with a Mac

Managing Documents in the Citrix XenApp Remote Desktop

Personal Secure Certificate

Citrix Access Gateway Plug-in for Windows User Guide

CTX-4100BI Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003: Skills Update

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

FastPass Password Manager

FileMaker Pro 12. Using a Remote Desktop Connection with FileMaker Pro 12

Please note that a username and password will be made available upon request. These are necessary to transfer files.

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Dell SonicWALL SRA 7.5 Citrix Access

extranet.airproducts.com Windows XP Client Configuration

my.airproducts.com Windows Vista Client Configuration

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.5

Configuring Web services

Patch Management SoftwareTechnical Specs

WA2192 Introduction to Big Data and NoSQL. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc. 1

Information Systems Services. SafeGuard Enterprise. enc. Device Encryption (DE) Installation V /11/2010

uh6 efolder BDR Guide for Veeam Page 1 of 36

PGP Universal Server 2.5 SmartLine DeviceLock 6.2

Using Microsoft RemoteFX USB Redirection to forward an F-Response Dongle

How to Install a Network-Licensed Version of IBM SPSS Statistics 19

2. To encrypt the drive for future use, click Yes (Fig 1, 2). This will start the encryption process.

IIS, FTP Server and Windows

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

VMware Identity Manager Administration

CONFIGURING AND USING WEBDAV IN LENOVO EMC LIFELINE

Running E-Lock ProSigner on a Windows 2000 Terminal Server

It is recommended that learners have experience administering Microsoft Windows Server 2003 environments.

Acronis Backup & Recovery 11

User Guide. SysMan Utilities. By Sysgem AG

Remote Desktop Connection Setup at King s College in Wilkes-Barre, PA

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Installing IDEA v8 Client Software on Citrix Server Environment

INSTALLATION GUIDE Netop Mobile for Android

ViPNet ThinClient 3.3. Quick Start

OPC Unified Architecture - Connectivity Guide

Active Directory Integration for Greentree

Phone: Fax: Box: 230

ShadowControl ShadowStream

Accessing vlabs using the VMware Horizon View Client for OSX

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

POP3 Connector for Exchange - Configuration

How to use SURA in three simple steps:

Remote Access: Internet Explorer

SafeNet Authentication Client

ESET REMOTE ADMINISTRATOR. Migration guide

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates

Sophos Anti-Virus for NetApp Storage Systems startup guide

Type Message Description Probable Cause Suggested Action. Fan in the system is not functioning or room temperature

Citrix Password Manager Using the Account Self-Service Feature. Citrix Password Manager 4.6 with Service Pack 1 Citrix XenApp 5.0, Platinum Edition

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.8

Apple OS / ios Installation Guide Includes MAC OSx and ios based devices

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

How to use

CECH Virtual Lab Guide Windows 7/Vista Edition

Lumension Guide to Device Control Best Practices

WhatsUp Gold v16.1 Installation and Configuration Guide

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Before taking this course, Citrix recommends that learners have the following:

Winscribe Citrix XenApp and Terminal Services Installation Guide

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Security White Paper The Goverlan Solution

Encrypting*a*Windows*7*Hard*Disk* with%bitlocker%disk%encryption!

VidyoDesktop VE. Quick User Guide. Product Version 3.0 Document Version A July, 2014

In This Guide. Nitro Pro 9 - Deployment Guide

Using Entrust certificates with Microsoft Office and Windows

Transcription:

Applies to: LES 4.4 SR7 and newer, Citrix XenApp 6 and newer This document describes the implementation of Lumension Device Control in a Citrix XenApp environment to control access to devices from unmanaged endpoints. September 2011 V1.0 Copyright 2011, Lumension

Table of Contents Using LDC with Citrix XenApp... 1 Installation... 3 Permissions... 3 Encryption... 4 Unsupported Features on Unmanaged Endpoints... 4 2

Installation These steps assume that an existing Citrix XenApp server is installed and configured, on an operating system which is supported by both Citrix XenApp and by the LES Agent. Install the LES database (SX), application server (SXS), and console (SMC) in the usual manner, according to the product documentation. For Windows-based endpoints which are supported by LES, install the LES agent directly on those endpoints for maximum protection. To address endpoints which are either unmanaged (e.g. employee-owned) or use an unsupported (e.g. non-windows) operating system, install an LES agent on the XenApp server. This agent will manage device access within the XenApp sessions. Note that in order for device permissions to be applied to specific users, XenApp must be configured not to allow anonymous publication of applications. When applications are published anonymously, the actual Active Directory user is not associated with the session, so no policy will apply to that unknown user. If an application must be published anonymously, then the same permission must be applied to all users. This is accomplished by assigning the permission to the user Everyone in the LES console. Permissions Permissions can be applied at the Device Class level of the hierarchy. Permissions cannot be applied to specific device models or unique device ID s as this information is not delivered to the server from the XenApp client. If there are users connecting on an LES-managed (LES agent is installed) and unmanaged endpoints (using XenApp) with the same username, and you want to manage to device ID or model level on the managed machines, set separate permissions for the LES agent on the Citrix Server. The managed endpoint should apply permissions to the specific devices and models you wish to manage. Add the Citrix server to the console using Insert Computer and apply permissions at the class level to that computer. Permissions can be set at each class level for User and User Group assignments. Read, Write, Encrypt, and Decrypt permissions are supported as they are for managed endpoints. Permissions can also be applied to encrypted devices and unencrypted devices. This means that you can set Read and Write permissions for encrypted Removable Storage Devices, and Read-only (or no access) permissions for unencrypted Removable Storage Devices. There is a class in Device Explorer which applies specifically to Citrix XenApp installations, Citrix Network Shares. A Citrix user may map a network drive letter to devices connected to the endpoint. The user could then potentially bypass the device permission being enforced by 3

reading and writing to the network drive letter instead of the device itself. Permissions set for Citrix Network Shares will apply to these file transfers. You may block access, allow read only, or allow read and write to these mapped drives. As an example, a user can connect a USB flash drive to a USB connector on his home computer (Y:) and map it locally as a network share (Z:) while using a XenApp-delivered application. Citrix XenApp will identify the device either as removable or network share depending on the drive letter that's used to access the device. So if a user accesses the drive using Z:, permissions will be applied by LDC according to Citrix Network Shares and if the user access the drive using Y: Removable Storage Devices class permissions will be used instead. Encryption Device encryption from remote endpoints is supported in the manner described here. The Secure Volume Browser application (SVOLBRO.EXE) is a component of the LES Client. This application can be used to encrypt devices from unmanaged endpoints. In order to use Secure Volume Browser for encryption, this application must be made available to XenApp users. You can do this by publishing the application through XenApp. If you are delivering the server s desktop environment though XenApp, then the Secure Volume Browser is already part of that image so it doesn t need to be published separately. However, you may want to put a shortcut to it on the desktop to make it easy to find for users. In order to encrypt a device, the user starts Svolbro.exe, right clicks the device s drive letter, and selects the encrypt option. They user is prompted for a password, and the device is encrypted. Unsupported Features on Unmanaged Endpoints Due to the fact that the agent is not installed on the endpoint, there are certain functions of LDC which do not perform as they do when installed on the endpoint itself. Offline permissions are not supported. The agent is installed on the server and is therefore always online. File Type Filtering is not available. The agent driver is not in a position to intercept file transfers and analyze file content to determine if the transfer should be permitted. File Shadowing is not supported. The file being transferred never actually resides on the XenApp server where the agent is installed. There is no mechanism within XenApp to allow the file to be returned to the server. Managing permissions for specific device models or unique device ID s. This information about the device is not passed from the XenApp client to the server. LES 4.4 SR9 and later versions contain an API which allows for this information to be communicated to the LES agent (on the XenApp server). Custom development of a mechanism to pass this 4

data from the XenApp endpoint to the XenApp server could provide this capability. Lumension can provide the API documentation upon request. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information