Movilidad, Seguridad y Alta Disponibilidad en la Entrega de Aplicaciones. Evento de Virtualización ONGEI 2009 Pedro Elera M.
Agenda: Introducción Entrega de aplicaciones y Alta Disponibilidad Movilidad de Usuarios Seguridad en el Acceso Crecimiento del Negocio Próximos Pasos
Introducción
Citrix Vision The Citrix Vision is a world where anyone can work from anywhere 4
Businesses Run on Applications Decision Support Web & ecommerce Personal Productivity Financial Accounting Communication & Collaboration Users Apps Human Capital Development Customer Management 5
The Distance Between Users and Apps is Increasing Traditional approaches aren t closing the gap Globalization Flex Working Branch Expansion Web 2.0/Mobility E-Commerce Users Apps Consolidation Green Data Centers Security Compliance Continuity Web Services 6
Application Delivery Platform Workflow Studio Desktop and App Receivers Branch Repeater Access Gateway Users XenDesktop XenApp XenServer NetScaler Apps 7
XenApp End-to-end Application Delivery System Users Apps Application Performance Monitoring EasyCall Performance Branch Repeater WANScaler Mobile Client Security and Compliance SmartAccess Single Sign-on Smart Auditor Application Virtualization Hosted and Streamed Management Scalability High Availability 8
Citrix NetScaler and XenApp B2C Availability Performance Offload Security B2B World-class load balancing Global Server Load Balancing Caching Compression Connection pooling SSL processing Access Gateway SSL VPN Application firewall P2P 9
Citrix XenServer and XenApp Open XenServer virtualization architecture - 64-bit Xen hypervisor w/ bare metal performance - Snap-in storage integration Optimized for XenApp: -4 times the XenApp users per server XenCenter: -Simple administration -Centralized, multi-server management Enterprise high availability -Automated recovery of XenApp virtual machines Dynamic Workload Management - XenMotion live migration - Dynamic provisioning of XenApp workloads 10
User Apps Secure Anywhere Access to all Applications & Data Corporate notebooks Web Apps Partner workstations Access Gateway Internet DMZ Windows Apps Home computers Mobile devices Desktops & Desktop Apps 11
Secure Access to all Applications & Data / DR / HA CUSTOMERS Secure Access DR/BC Load Balancing DC 1 SSL PARTNERS EMPLOYEES DC 2 NetScaler Server Farms Web Portals / Desktops / Apps XenApp / XenDesktop / XenServer 12
Entrega de Aplicaciones y Alta Disponibilidad
XenApp: Applications on demand Reduce application costs by up to 50% 1 Eliminate data loss by centralizing applications and data Instantly deliver applications for business agility Ultimate user mobility, productivity and satisfaction 1 Gartner, Total Cost of Ownership Comparison of PCs with Server Based Computing, Aug 08 14
A Better Approach: Centralize, Virtualize, Deliver on demand Separate applications and operating environments Move applications and data from individual machines to the data center Corporate Office Branch Offices Remote Worker Mobile Worker Contract Worker Maintain and test in one secure place Deliver instantly and on-demand to any device, any where Data Center Back-up Data Center 15
Application Virtualization Separate the App, User and Machine Application Virtualization XenApp Server Streaming Presentation Virtualization Streaming Virtualize 1. Eliminate app conflicts 2. Eliminate regression testing Centralize 1. Install once 2. Secure app and data Virtual App Hosted Any device, any network Virtual App Local Offline use Use local resources 16
Application Delivery More Than Just Virtualization Superior user experience Any user task, knowledge, mobile any location, any network Application follows the user Superior application management Install once, test once, deliver instantly to everyone End to end visibility of user experience Security, control and compliance Scalability and flexibility Instantly deliver apps anywhere Highly available 17
XenServer Recovery of Downed XenApp Servers Bare Metal Hardware Bare Metal Hardware Bare Metal Hardware Remote VM guest storage 18
Access Gateway and NetScaler: Business Continuity & Disaster Recovery corp.xyz.com corp.xyz.com Global Server Load Balancing Route client connections to the nearest or most available site Implement multi-site disaster recovery DR Site corp.xyz.com corp.xyz.com One URL for the website supporting active-passive site failover. 19
Movilidad de usuarios
How Customers Think Today Office Remote 21
Thinking For Tomorrow Task worker Day Extender Outsourced Support Remote power user Remote Partner No Access Access Full Access Power user In office 22
What Is Citrix SmartAccess? Other SSL VPNs only go this far Who and Where? What Resources? How Fast? How? Which User What Device Web and File Resources Networks VPN Access Clientless Access What Authentication What Location Mail Servers Applications Repeater XenApp Applications XenDesktop Desktops Virtual Channels Virtual Channels Endpoint Analysis Authentication Access Control Acceleration Action Control 23
User Experience When Logging On 24
Single Sign-On to File Shares File Transfer Utility and UNC bookmarks are automatically authenticated with the users primary credentials and will prompt for authentication only when needed 25
Full VPN Client Experience Full IP connectivity Run client/server applications locally Map drives to file shares Use VoIP softphones Access streaming media Intranet Web sites Transparent Network Shim 26
Access Gateway Delivers Secure Desktops A secure connection is established between the client device and Access Gateway SmartAccess determines which desktop to deliver Access Gateway delivers the secure desktop 27
Authentication Supports most authentication mechanisms Active Directory LDAP NTLM RADIUS TACACS+ One-time password tokens Client certificates & smart cards Local store Dual Source Authentication Cascading Authentication 28
Authorization Policy-driven access Authentication Authorization Session control Auditing Wide variety of policy criteria Network information Application access Client certificate parameters Client configurations Highly granular access control User, groups, virtual IP, and global policies HTTP authorization based on URL TCP/IP authorization based on address and port 29
Auditing Full administrative audit trail All management operations logged Full user activity audit trail All session activity All network flows All system events logged Support for external logging servers 30
Historical Reporting Historical Reporting includes built-in reports for Access Gateway AAA Authentication successes vs. failures HTTP authorization successes vs. failures Non-HTTP authorization successes vs. failures Current AAA sessions AAA sessions 31
Seguridad en el Acceso Autenticación Fuerte
Authentication Choices Relative Strength PASSWORD + Password Policy POLICY PIN + PIN + PIN + + Single factor Two factor Three factor Weaker Stronger 33
RSA SecurID Time Synchronous Two-Factor Authentication RSA Authentication Agent RSA Authentication Manager RAS, VPN, Web Server, 032848 Algorithm Time Seed WAP etc. Algorithm Time Seed Same Time Same Seed 34
Variedad de Autenticadores SecurID RSA SecurID 35 35
On-demand Authentication: How it Works User Authentication OTT can logs Mgr sends onto be Manager self out used service SMS to establishes authenticate message console, with user requests identity to OTT the VPN OTP app Internet SMS Gateway Provider OK SMS Secure HTTPS Internet Employee Home Office Authentication Manager 7.1 Telecom Network Scenario: Employee working remotely needs access to network via VPN 36
RSA SecurID Appliance 3.0 Industry-leading Two Factor Authentication in a hardware appliance formats Based on latest RSA Authentication Manager v7.1 Release Base or Enterprise License Based on EMC Common Appliance Program Hardened rpath Linux (RHEL 4.0 kernal) OS Based on EMC Marina Program (Dell Server hardware) Redundant-class 2U Appliance for Primary Server Deployment Cost effective 1U appliance for both Server and Replica deployments 37
Crecimiento del negocio
Crecimiento del Negocio Tener una plataforma segura de entrega de aplicaciones: Posibilita una respuesta rápida a las necesidades de crecimiento del negocio. Desarrollo del Perú. Rapidez en la implementación y despliegue de nuevas aplicaciones. Reducción en costos de soporte y mantenimiento. Mejora la experiencia del usuario al trabajar de forma remota. Mayor productividad. Facilita la expansión del gobierno y la apertura de nuevas Sucursales o Direcciones Regionales. Despliegue de aplicaciones y acceso a datos de forma rápida. 39
Crecimiento del Negocio Facilita la fusión entre empresas y el intercambio seguro de información entre estas. Acceso rápido y seguro hacia nuevas aplicaciones y datos. Soporte remoto, no on-site. Facilita la movilidad de la Alta Dirección y el acceso seguro hacia información relevante para la toma de decisiones. Acceso remoto desde hoteles, eventos, conferencias, etc. a través del puerto 443 (SSL). Acceso desde dispositivos móviles a través de Internet (Java, Windows Mobile y BlackBerry). Facilita a la dirección de IT dedicar tiempo a la generación de proyectos alineados a la estrategia de la Agenda Digital Peruana. 40
Próximos pasos
Próximos pasos Descargar Evaluation Virtual Appliance (EVA) Sistema pre-configurado de maquinas virtuales para evaluar Citrix XenApp. www.citrix.com/tryxenapp Descargar XenServer Free Hypervisor www.citrix.com/xenserver Descargar Netscaler VPX Free Load Balancer www.citrix.com/netscaler Solicitar y/o ejecutar una Prueba de Concepto (POC) 42
GRACIAS! Pedro Elera Malásquez pelera@electrodata.com.pe CCA / CCSP / MCSA / MCP Dpto. de Virtualización Electrodata SAC.