Movilidad, Seguridad y Alta Disponibilidad en la Entrega de Aplicaciones. Evento de Virtualización ONGEI 2009. Pedro Elera M.

Movilidad, Seguridad y Alta Disponibilidad en la Entrega de Aplicaciones. Evento de Virtualización ONGEI 2009 Pedro Elera M.

Agenda: Introducción Entrega de aplicaciones y Alta Disponibilidad Movilidad de Usuarios Seguridad en el Acceso Crecimiento del Negocio Próximos Pasos

Introducción

Citrix Vision The Citrix Vision is a world where anyone can work from anywhere 4

Businesses Run on Applications Decision Support Web & ecommerce Personal Productivity Financial Accounting Communication & Collaboration Users Apps Human Capital Development Customer Management 5

The Distance Between Users and Apps is Increasing Traditional approaches aren t closing the gap Globalization Flex Working Branch Expansion Web 2.0/Mobility E-Commerce Users Apps Consolidation Green Data Centers Security Compliance Continuity Web Services 6

Application Delivery Platform Workflow Studio Desktop and App Receivers Branch Repeater Access Gateway Users XenDesktop XenApp XenServer NetScaler Apps 7

XenApp End-to-end Application Delivery System Users Apps Application Performance Monitoring EasyCall Performance Branch Repeater WANScaler Mobile Client Security and Compliance SmartAccess Single Sign-on Smart Auditor Application Virtualization Hosted and Streamed Management Scalability High Availability 8

Citrix NetScaler and XenApp B2C Availability Performance Offload Security B2B World-class load balancing Global Server Load Balancing Caching Compression Connection pooling SSL processing Access Gateway SSL VPN Application firewall P2P 9

Citrix XenServer and XenApp Open XenServer virtualization architecture - 64-bit Xen hypervisor w/ bare metal performance - Snap-in storage integration Optimized for XenApp: -4 times the XenApp users per server XenCenter: -Simple administration -Centralized, multi-server management Enterprise high availability -Automated recovery of XenApp virtual machines Dynamic Workload Management - XenMotion live migration - Dynamic provisioning of XenApp workloads 10

User Apps Secure Anywhere Access to all Applications & Data Corporate notebooks Web Apps Partner workstations Access Gateway Internet DMZ Windows Apps Home computers Mobile devices Desktops & Desktop Apps 11

Secure Access to all Applications & Data / DR / HA CUSTOMERS Secure Access DR/BC Load Balancing DC 1 SSL PARTNERS EMPLOYEES DC 2 NetScaler Server Farms Web Portals / Desktops / Apps XenApp / XenDesktop / XenServer 12

Entrega de Aplicaciones y Alta Disponibilidad

XenApp: Applications on demand Reduce application costs by up to 50% 1 Eliminate data loss by centralizing applications and data Instantly deliver applications for business agility Ultimate user mobility, productivity and satisfaction 1 Gartner, Total Cost of Ownership Comparison of PCs with Server Based Computing, Aug 08 14

A Better Approach: Centralize, Virtualize, Deliver on demand Separate applications and operating environments Move applications and data from individual machines to the data center Corporate Office Branch Offices Remote Worker Mobile Worker Contract Worker Maintain and test in one secure place Deliver instantly and on-demand to any device, any where Data Center Back-up Data Center 15

Application Virtualization Separate the App, User and Machine Application Virtualization XenApp Server Streaming Presentation Virtualization Streaming Virtualize 1. Eliminate app conflicts 2. Eliminate regression testing Centralize 1. Install once 2. Secure app and data Virtual App Hosted Any device, any network Virtual App Local Offline use Use local resources 16

Application Delivery More Than Just Virtualization Superior user experience Any user task, knowledge, mobile any location, any network Application follows the user Superior application management Install once, test once, deliver instantly to everyone End to end visibility of user experience Security, control and compliance Scalability and flexibility Instantly deliver apps anywhere Highly available 17

XenServer Recovery of Downed XenApp Servers Bare Metal Hardware Bare Metal Hardware Bare Metal Hardware Remote VM guest storage 18

Access Gateway and NetScaler: Business Continuity & Disaster Recovery corp.xyz.com corp.xyz.com Global Server Load Balancing Route client connections to the nearest or most available site Implement multi-site disaster recovery DR Site corp.xyz.com corp.xyz.com One URL for the website supporting active-passive site failover. 19

Movilidad de usuarios

How Customers Think Today Office Remote 21

Thinking For Tomorrow Task worker Day Extender Outsourced Support Remote power user Remote Partner No Access Access Full Access Power user In office 22

What Is Citrix SmartAccess? Other SSL VPNs only go this far Who and Where? What Resources? How Fast? How? Which User What Device Web and File Resources Networks VPN Access Clientless Access What Authentication What Location Mail Servers Applications Repeater XenApp Applications XenDesktop Desktops Virtual Channels Virtual Channels Endpoint Analysis Authentication Access Control Acceleration Action Control 23

User Experience When Logging On 24

Single Sign-On to File Shares File Transfer Utility and UNC bookmarks are automatically authenticated with the users primary credentials and will prompt for authentication only when needed 25

Full VPN Client Experience Full IP connectivity Run client/server applications locally Map drives to file shares Use VoIP softphones Access streaming media Intranet Web sites Transparent Network Shim 26

Access Gateway Delivers Secure Desktops A secure connection is established between the client device and Access Gateway SmartAccess determines which desktop to deliver Access Gateway delivers the secure desktop 27

Authentication Supports most authentication mechanisms Active Directory LDAP NTLM RADIUS TACACS+ One-time password tokens Client certificates & smart cards Local store Dual Source Authentication Cascading Authentication 28

Authorization Policy-driven access Authentication Authorization Session control Auditing Wide variety of policy criteria Network information Application access Client certificate parameters Client configurations Highly granular access control User, groups, virtual IP, and global policies HTTP authorization based on URL TCP/IP authorization based on address and port 29

Auditing Full administrative audit trail All management operations logged Full user activity audit trail All session activity All network flows All system events logged Support for external logging servers 30

Historical Reporting Historical Reporting includes built-in reports for Access Gateway AAA Authentication successes vs. failures HTTP authorization successes vs. failures Non-HTTP authorization successes vs. failures Current AAA sessions AAA sessions 31

Seguridad en el Acceso Autenticación Fuerte

Authentication Choices Relative Strength PASSWORD + Password Policy POLICY PIN + PIN + PIN + + Single factor Two factor Three factor Weaker Stronger 33

RSA SecurID Time Synchronous Two-Factor Authentication RSA Authentication Agent RSA Authentication Manager RAS, VPN, Web Server, 032848 Algorithm Time Seed WAP etc. Algorithm Time Seed Same Time Same Seed 34

Variedad de Autenticadores SecurID RSA SecurID 35 35

On-demand Authentication: How it Works User Authentication OTT can logs Mgr sends onto be Manager self out used service SMS to establishes authenticate message console, with user requests identity to OTT the VPN OTP app Internet SMS Gateway Provider OK SMS Secure HTTPS Internet Employee Home Office Authentication Manager 7.1 Telecom Network Scenario: Employee working remotely needs access to network via VPN 36

RSA SecurID Appliance 3.0 Industry-leading Two Factor Authentication in a hardware appliance formats Based on latest RSA Authentication Manager v7.1 Release Base or Enterprise License Based on EMC Common Appliance Program Hardened rpath Linux (RHEL 4.0 kernal) OS Based on EMC Marina Program (Dell Server hardware) Redundant-class 2U Appliance for Primary Server Deployment Cost effective 1U appliance for both Server and Replica deployments 37

Crecimiento del negocio

Crecimiento del Negocio Tener una plataforma segura de entrega de aplicaciones: Posibilita una respuesta rápida a las necesidades de crecimiento del negocio. Desarrollo del Perú. Rapidez en la implementación y despliegue de nuevas aplicaciones. Reducción en costos de soporte y mantenimiento. Mejora la experiencia del usuario al trabajar de forma remota. Mayor productividad. Facilita la expansión del gobierno y la apertura de nuevas Sucursales o Direcciones Regionales. Despliegue de aplicaciones y acceso a datos de forma rápida. 39

Crecimiento del Negocio Facilita la fusión entre empresas y el intercambio seguro de información entre estas. Acceso rápido y seguro hacia nuevas aplicaciones y datos. Soporte remoto, no on-site. Facilita la movilidad de la Alta Dirección y el acceso seguro hacia información relevante para la toma de decisiones. Acceso remoto desde hoteles, eventos, conferencias, etc. a través del puerto 443 (SSL). Acceso desde dispositivos móviles a través de Internet (Java, Windows Mobile y BlackBerry). Facilita a la dirección de IT dedicar tiempo a la generación de proyectos alineados a la estrategia de la Agenda Digital Peruana. 40

Próximos pasos

Próximos pasos Descargar Evaluation Virtual Appliance (EVA) Sistema pre-configurado de maquinas virtuales para evaluar Citrix XenApp. www.citrix.com/tryxenapp Descargar XenServer Free Hypervisor www.citrix.com/xenserver Descargar Netscaler VPX Free Load Balancer www.citrix.com/netscaler Solicitar y/o ejecutar una Prueba de Concepto (POC) 42

GRACIAS! Pedro Elera Malásquez pelera@electrodata.com.pe CCA / CCSP / MCSA / MCP Dpto. de Virtualización Electrodata SAC.