Secure SSL, Fast SSL



Similar documents
The Office Reinvented: Mobile Workspaces are the Future of Work

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Advanced Service Desk Security

Microsoft SharePoint 2013 with Citrix NetScaler

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync citrix.com

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Citrix Lifecycle Management

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

icrosoft TMG Replacement with NetScaler

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

How To Use Netscaler As An Afs Proxy

The falling cost and rising value of desktop virtualization

Configuring Citrix NetScaler for IBM WebSphere Application Services

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Deploying NetScaler Gateway in ICA Proxy Mode

Citrix desktop virtualization and Microsoft System Center 2012: better together

Secure remote access

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

The Always-on Enterprise: Business Continuity Scenarios that Work

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile

Modernize your business with Citrix XenApp 7.6

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

Data Center Consolidation for Federal Government

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

Safeguard Protected Health Information With Citrix ShareFile

Secure remote access

Top Three Reasons to Deliver Web Apps with App Virtualization

Citrix ShareFile Enterprise: a technical overview citrix.com

Optimizing service assurance for XenServer virtual infrastructures with Xangati

Single Sign On for ShareFile with NetScaler. Deployment Guide

Solution Brief. Deliver Production Grade OpenStack LBaaS with Citrix NetScaler. citrix.com

Trend Micro Cloud Security for Citrix CloudPlatform

Mobility and cloud transform access and delivery of apps, desktops and data

Three ways companies are slashing IT costs with VDI

Using Vasco IDENTIKEY Server with NetScaler

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Citrix ShareFile Enterprise technical overview

Deliver Enterprise Mobility with Citrix XenMobile and Citrix NetScaler

Solve the application visibility challenge with NetScaler Insight Center

Taking Windows Mobile on Any Device

Design and deliver cloudbased apps and data for flexible, on-demand IT

Solution Guide for Citrix NetScaler and Cisco APIC EM

Citrix Solutions. Overview

Enterprise- Grade MDM

Citrix XenServer Industry-leading open source platform for cost-effective cloud, server and desktop virtualization. citrix.com

Secure Data Sharing in the Enterprise

Solution Guide. Optimizing Microsoft SharePoint 2013 with Citrix NetScaler. citrix.com

Mobilize with Enterprise-Grade Security and a Great Experience

Deploying NetScaler with Microsoft Exchange 2016

Citrix Support and Maintenance Services

Fullerton India enhances its employee productivity and efficiency with Citrix XenDesktop

Desktop virtualization for all

Powering real-time mobile access to critical information with ShareFile

Best practices for implementing

Run Skype for Business as a Secure Virtual App with a Great User Experience

2048-bit SSL. Best practices for implementing.

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Provisioning ShareFile on Microsoft Azure Storage

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Desktop virtualization for all

NetScaler carriergrade network

ShareFile Enterprise technical overview

Windows XP Application Migration Checklist

Cisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility

SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform Reference Architecture

Ensure VoIP and Skype for Business Call Quality and Reliability with NetScaler SD-WAN

Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare

Deploying XenApp 7.5 on Microsoft Azure cloud

Deploying XenApp on a Microsoft Azure cloud

Securing virtual desktop infrastructure with Citrix NetScaler

BlueCat Networks Adonis and Proteus on Citrix NetScaler SDX Platform Overview

XenApp and XenDesktop 7.8 AppDisk & AppDNA for AppDisk technology

Comprehensive Enterprise Mobile Management for ios 8

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

Microsoft TMG Replacement with NetScaler

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

The top 5 truths behind what the cloud is not

White Paper. Optimizing your Microsoft application and infrastructure investments with Citrix CloudBridge. citrix.com

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture

Quality of Experience for Mobile Data Networks citrix.com

Securing virtual desktop infrastructure with Citrix NetScaler

Maximizing Flexibility and Productivity for Mobile MacBook Users

Bring your own device freedom

How To Get Cloud Services To Work For You

BlueCat IPAM, DNS and DHCP Solutions on Citrix NetScaler SDX Platform Overview

Transcription:

Citrix NetScaler and Thales nshield work together to protect encryption keys and accelerate SSL traffic

With growing use of cloud-based, virtual, and multi-tenant services, customers want to utilize virtual and multi-tenant appliances such as NetScaler VPX and SDX with enhanced SSL key management. Thales nshield manages large numbers of SSL keys within a FIPS 140-2 Level 3 certified environment. The combined Citrix and Thales solution optimizes SSL traffic and securely manages the critical cryptographic keys to minimize the exposure of sensitive data within the IT infrastructure. SSL is Corporate The Secure Sockets Layer (SSL) 1 cryptographic protocol is widely used to provide secure communications over the Internet. Because it is relatively simple to implement and enjoys broad industry support, SSL is used extensively for protecting confidential data, for web-based retail and banking applications, and for collaboration tools such as electronic mail, instant messaging, and voice-over-ip (VoIP). As ecommerce continues to grow, and as governments and standards bodies impose more regulatory requirements for security and privacy, SSL traffic now accounts for a significant share of overall Internet traffic. Today, almost half of the world s websites are SSL enabled. Percent of Internet traffic using SSL: Fixed Access Mobile Access North America 3.8% 7.3% Europe 6.1% 6.2% Asia Pacific 1.4% 6.6% Percent of aggregate Internet traffic during peak periods. Source: Sandvine Global Internet Phenomena Report, 1H 2014. Percent of websites SSL-enabled: 45% Percent of Alexa s top 1 million websites enabled for SSL/TLS. Source: Julien Vehent blog post at jve.linuxwall.info Table 1: SSL traffic now accounts for a significant share of overall Internet traffic SSL is no longer just for consumer Internet applications. It is playing a growing and critical role protecting corporate data. Enterprises are increasingly relying on SSL to protect traffic to and from: Software as a Service (SaaS) applications Cloud-based storage and backup services Cloud application hosting services New corporate applications deployed on public, private and hybrid cloud infrastructures 1 Much SSL traffic today actually uses the newer Transport Layer Security (TLS) protocol, but for simplicity we will use SSL here rather than SSL/TLS. 2

Vendors and enterprises are also turning to SSL because it is a relatively standard way to encrypt traffic to an increasing number of mobile workers and mobile devices such as laptops, smartphones, tablets and phablets. For example, XenApp and XenDesktop, Citrix s application and desktop virutalization solutions, use SSL connections to give users secure and remote access from anywhere on any device. Because of these trends, SSL is increasingly being used to protect business-to-business and intrabusiness traffic. One recent analysis found that in key parts of the world 30% or more of applications observed on corporate networks were capable of using SSL. Percent of applications SSL enabled: Americas and Canada 32% Europe 30% Asia Pacific 32% Percent of applications detected at enterprise firewalls enabled for SSL. Source: Palo Alto Networks Application Usage and Threat Report, June 2014. Table 2: In key parts of the world almost one-third of applications on corporate networks are SSL-enabled The proper management of cryptographic keys is essential to the effective use of cryptography for security. Keys are analogous to the combination of a safe. If a safe combination is known to an adversary, the strongest safe provides no security against penetration...ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with keys, and the protection afforded to the keys. NIST Special Publication 800-57, Recommendation for Key Management Part 1: General (Revision 3), July 2012 Requirements for SSL: Secure Key Management and Fast Performance Because SSL is increasingly being used for business applications, enterprises have had to come to grips with both security and performance issues related to SSL. Security is obviously a critical question when SSL traffic is being used to carry intellectual property, financial information, personal data of customers and employees, and other company confidential information. Managing SSL encryption keys is a critical security issue that many organizations overlook. As described in National Institute of Standards and Technology (NIST) Special Publication 800-57: Keys are analogous to the combination of a safe. If a safe combination is known to an adversary, the strongest safe provides no security against penetration. Key management not only encompasses how keys are protected from direct attack, but also operational issues such as the backup of keys and their recovery in the event of system failures or disasters, and compliance issues related to ensuring that access to keys by administrators is controlled and monitored. Increasing SSL traffic can have a serious negative impact on the perceived performance of webbased applications. Not only do systems on each side of the connection need to encrypt and decrypt the traffic, but significant computing resources are required to create a handshake and authenticate a certificate 2. These activities can slow down the browser client, the web server and the network. 2 For example, when an end user visits a web page, the browser client creates a TCP socket to the web server and issues a secure session request. The web server returns a certificate. The browser client authenticates the certificate, generates a key, and sends the key to the web server. The web server uses the key to encrypt the content of the page, and sends the content to the browser client. The browser then decrypts the content. Several of these steps may be repeated for each object on the page, including images and scripts. 3

In short, as SSL traffic grows and carries more confidential information for mission-critical applications, how can organizations protect encryption keys and application performance without vast new investments in hardware and network bandwidth? Thales nshield Connect and Citrix NetScaler work together to enhance the security of cryptographic keys and to offload and accelerate SSL processing. The solution involves integrating Thales nshield Connect hardware security module (HSM) with the Citrix NetScaler application delivery controller (ADC). An overview of the integrated solution is shown in Figure 1, and some of the highlights are discussed below. Figure 1: Thales nshield Connect and Citrix NetScaler work together to provide secure key management and to offload and accelerate SSL processing FIPS 140-2 Level 3 Certification For financial institutions, health care organizations, government agencies and other regulated entities, nshield Connect complies with FIPS 140-2 Level 3 Secure Key Management with Thales nshield Connect nshield Connect from Thales e-security is a high-performance network-attached hardware security module (HSM) that securely manages cryptographic keys in order to minimize the exposure of sensitive data within the IT infrastructure. Key management involves a variety of functions, including: Key generation, to create truly random keys. Key registration, to associate keys with users, systems and applications. Key storage, to ensure that keys are isolated from other systems that have the potential to be compromised. Key distribution, to make keys available quickly when they are needed. 4

Key backup and recovery, to ensure that keys are available in the event of a local system failure or a disaster such as a data center fire or a hurricane. Key rotation, revocation and destruction, to ensure that keys can be replaced and destroyed with complete certainty. nshield Connect performs these functions with a high level of security, performance and operational efficiency. It is a dedicated appliance that isolates cryptographic processes and keys so they cannot be accessed if applications and servers are compromised. The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Encryption methods and algorithms are standardized and well understood, but key management is unique to each organization. This is where enterprise encryption becomes tricky and why key management holds the key to killing [protecting] data. John Kindervag Forrester Research analyst, in research report Killing Data Security features and capabilities include: A highly secure hardware system with a custom built chassis to guard against physical attack, and with tamper response mechanisms (i.e., mechanisms that wipe out keys and critical security parameters if the cover is opened or if physical probing is detected). Monitoring of environmental conditions, including the integrity of the chassis, power supplies and temperature, to detect potential attack. Identity-based authentication mechanisms, so user actions can be recorded and audited. Strong separation of duties, to ensure that no single individual has excessive access to keys or system features. Performance and operational advantages include: Protection and management of private keys and acceleration of RSA offload operations. Backup techniques that avoid the need to archive keys in dedicated hardware or backup HSMs. The ability to combine multiple units for load-balancing, resilience and failover. Support for remote operations and backup in lights-out data centers, so centralized staff can manage keys globally without local assistance. Together these features provide for maximum protection of keys, improved performance, and lower operating costs. Offload and accelerate SSL processing with Citrix NetScaler NetScaler is the world s most advanced Application Delivery Controller (ADC) for mobile and web applications. It has several features that help offload and accelerate SSL processing, as well as accelerating other types of traffic. Key capabilities of NetScaler include: Server and database load balancing, to distribute traffic to multiple servers in order to achieve optimal resource utilization, maximize throughput, and minimize response times. SSL offload and acceleration, to speed up the handling of the encryption and authentication requirements of SSL web traffic. SSL VPN, to terminate SSL VPN connections without using the resources of a web server. TCP offload, to reduce traffic by consolidating multiple requests from multiple clients into a single TCP socket to the back-end servers. 5

Compression, to reduce the volume of web traffic. Application firewall, to scan network traffic and protect against DDOS attacks and a broad range of web-based threats. Clustering, for fast, simple scalability. Figure 2: NetScaler provides key features that enhance availability, performance and security for Web-based applications Citrix NetScaler is available as high-performance hardware appliances, as flexible software-based virtual appliances, and as appliances with advanced virtualization to support multiple NetScaler instances in a multi-tenant environment. Conclusion: Taming SSL for Corporate Use SaaS applications, cloud hosting and mobile computing are increasing the importance of SSL traffic as a business issue in an enterprise. Enterprises can no longer afford to take SSL security and performance for granted because: More confidential information is being carried in SSL traffic, so data breaches caused by deficient key management practices could cost millions of dollars in breach notification costs, regulatory fines, and stolen intellectual property More mission-critical applications are being deployed with SSL, so performance problems can have a direct impact on employee productivity and customer satisfaction Thales e-security and Citrix help Enterprises meet those challenges with a solution that integrates nshield Connect and NetScaler. This solution provides a very high level of security for encryption keys, simplifies and centralizes key management, and improves application performance by offloading key management tasks and SSL termination from web servers. For more detailed technical specifications, please visit www. and www.thales-esecurity.com. 6

Corporate Headquarters Fort Lauderdale, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA EMEA Headquarters Schaffhausen, Switzerland India Development Center Bangalore, India Online Division Headquarters Santa Barbara, CA, USA Pacific Headquarters Hong Kong, China Latin America Headquarters Coral Gables, FL, USA UK Development Center Chalfont, United Kingdom About Citrix Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.. About Thales Thales e-security is a leading global provider of data encryption and cybersecurity solutions to the financial services, high technology, manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and secure more than 80 percent of worldwide payment transactions. Thales e-security has offices in Australia, France, Hong Kong, Norway, United States and the United Kingdom. www.thales-esecurity.com Copyright 2014 Citrix Systems, Inc. All rights reserved. Citrix, XenApp, XenDesktop and NetScaler are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies. 1114/PDF 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information