NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Similar documents
Microsoft SharePoint 2013 with Citrix NetScaler

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

icrosoft TMG Replacement with NetScaler

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync citrix.com

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

How To Use Netscaler As An Afs Proxy

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

Configuring Citrix NetScaler for IBM WebSphere Application Services

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Citrix desktop virtualization and Microsoft System Center 2012: better together

Microsoft TMG Replacement with NetScaler

Deploying NetScaler Gateway in ICA Proxy Mode

Deliver Enterprise Mobility with Citrix XenMobile and Citrix NetScaler

Secure SSL, Fast SSL

Defend hidden mobile web properties

SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform Reference Architecture

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

Provisioning ShareFile on Microsoft Azure Storage

Enterprise- Grade MDM

Solution Guide. Optimizing Microsoft SharePoint 2013 with Citrix NetScaler. citrix.com

Deploying NetScaler with Microsoft Exchange 2016

Solution Brief. Deliver Production Grade OpenStack LBaaS with Citrix NetScaler. citrix.com

Securing virtual desktop infrastructure with Citrix NetScaler

Citrix TriScale clustering tech note

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Windows XP Application Migration Checklist

Citrix Lifecycle Management

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

Enabling Application Aware Networks The Next Generation Data Centre with Citrix NetScaler & Cisco Nexus. Ralph W. Lorkins Lead Systems Engineer

Solution Guide for Citrix NetScaler and Cisco APIC EM

How To Manage A Netscaler On A Pc Or Mac Or Mac With A Net Scaler On An Ipad Or Ipad With A Goslade On A Ggoslode On A Laptop Or Ipa On A Network With

Deploying XenApp on a Microsoft Azure cloud

White Paper. Deployment Practices and Guidelines for NetScaler 10.5 on Amazon Web Services. citrix.com

Single Sign On for ShareFile with NetScaler. Deployment Guide

Securing virtual desktop infrastructure with Citrix NetScaler

Using Vasco IDENTIKEY Server with NetScaler

BlueCat Networks Adonis and Proteus on Citrix NetScaler SDX Platform Overview

Advanced Service Desk Security

Optimizing service assurance for XenServer virtual infrastructures with Xangati

Secure remote access

Citrix Solutions. Overview

Cisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility

What is an application delivery controller?

The falling cost and rising value of desktop virtualization

More than just Layer 2-7 Load Balancing Citrix NetScaler & CloudGateway

The Office Reinvented: Mobile Workspaces are the Future of Work

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

NetScaler carriergrade network

Deploying XenApp 7.5 on Microsoft Azure cloud

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

BlueCat IPAM, DNS and DHCP Solutions on Citrix NetScaler SDX Platform Overview

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

CNS-208 Citrix NetScaler 10.5 Essentials for ACE Migration

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

Data Center Consolidation for Federal Government

Citrix NetScaler 10.5 Essentials for ACE Migration CNS208; 5 Days, Instructor-led

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Optimizing with Citrix NetScaler. Three keys to building the best front-end network for virtual desktop delivery.

Basic & Advanced Administration for Citrix NetScaler 9.2

Solve the application visibility challenge with NetScaler Insight Center

Top Three Reasons to Deliver Web Apps with App Virtualization

Features of a comprehensive application security solution

Citrix ShareFile Enterprise: a technical overview citrix.com

Modernize your business with Citrix XenApp 7.6

Citrix NetScaler 10 Essentials and Networking

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture

Taking Windows Mobile on Any Device

Deploying Microsoft Dynamics CRM 2015 with NetScaler

Citrix XenServer Industry-leading open source platform for cost-effective cloud, server and desktop virtualization. citrix.com

Remote access to enterprise PCs

Mobilize with Enterprise-Grade Security and a Great Experience

CNS-208 Citrix NetScaler 10 Essentials for ACE Migration

White Paper. Optimizing your Microsoft application and infrastructure investments with Citrix CloudBridge. citrix.com

Secure virtual desktop infrastructure with Citrix NetScaler and Palo Alto Networks next-generation firewalls

CNS-200-1I Basic Administration for Citrix NetScaler 9.0

The top 5 truths behind what the cloud is not

Is your load balancer cloud ready? How NetScaler helps enterprises achieve cloud computing benefits.

Trend Micro Cloud Security for Citrix CloudPlatform

Desktop virtualization for all

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

Achieve mobile delivery with Citrix NetScaler

Comprehensive Enterprise Mobile Management for ios 8

Secure and manage mobile laptops

CNS-208 CITRIX NETSCALER 10.5 ESSENTIALS FOR ACE MIGRATION

Deployment Guide for Microsoft Lync 2010

Secure Data Sharing in the Enterprise

Desktop virtualization for all

Owner of the content within this article is Written by Marc Grote

Building success in the cloud

Citrix ShareFile Enterprise technical overview

How To Get Cloud Services To Work For You

Citrix NetScaler 10 Essentials and Networking

Citrix NetScaler Best Practices. Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG

Transcription:

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

2 Microsoft s Forefront Threat Management Gateway (TMG) is a network security and protection solution for enterprise users. It has traditionally been a key component of various Microsoft application deployments including Lync, SharePoint and Exchange. A principle benefit of TMG has been that it offers customers a way of publishing and protecting workload servers-particularly in Internet facing scenarios. In these environments a clean separation between the Internet and critical datacenter infrastructure is required. TMG provides this capability through an integrated solution featuring threat protection technologies including URL filtering, HTTPS inspection, malware protection, and signature-based detection of known operating system and application vulnerabilities. Advantages of a TMG deployment include: Secured access to approved content Enhanced enterprise network security Lowered liability risk by content based filtering With Microsoft s announcement that the TMG family of products are end-of-sale Citrix recommends the use of NetScaler application delivery controllers as a replacement. NetScaler provides all the feature and benefits of TMG plus much more. NetScaler is also deployed in a similar manner within the network for easeof-installation. TMG features TMG protects employees from Web-based threats by integrating multiple layers of security into an easy-to-manage solution. It includes four components: Forefront TMG Server, TMG web protection service, Management console and Management Server. It can be deployed in a standard server mode to maximise performance or as a virtualized machine to reduce hardware cost. Specific modules include: URL filtering URL categorization, time based blocking, and report only mode

3 HTTPS inspection Offload SSL processing from application servers Detection of possible malware and enforcement of corporate policies Exclusion of specific sites Malware inspection Inspects outbound web traffic including attachments and files Enhanced user experience by the following delivery methods Trickling - sends partial content to the user as the files are inspected. Progress notification by sending status HTML page to client computer inspection system (NIS) Based on protocol analysis, NIS enables the blocking of attacks while minimizing false positives Automatic update of signature sets and engine Granular control and policy configuration to comply with specific organization needs Caching Centralized rule mechanism Interoperability with Branch Cache solution Routing and remote access feature Can act as a Router, Internet gateway, VPN server, NAT server, proxy server Citrix NetScaler supports all these features and provides both physical hardware (MPX and SDX) as well as virtual appliance (VPX) solutions. Deployment topologies Microsoft TMG solutions are deployed in a variety of scenarios. The following methodologies are the most common. In each case, NetScaler is deployed in a like manner with straightforward installation and configuration. Back Firewall: TMG is located at the network s back end, and another network element, such as a perimeter network or an edge security device, is located between the Forefront TMG and the external network.

4 3 rd Party Firewall External DMZ TMG / Netscaler Trusted This is similar to the inline mode for NetScaler deployments behind the edge firewall. This is the most common deployment for NetScaler. Single network adapter: TMG is connected to only one network, to either the internal network or a perimeter network. This topology gives limited functionality of Forefront TMG. TMG / Netscaler External Trusted This is similar to the One-Arm mode of NetScaler where traffic needs to be routed through the NetScaler appliance.

5 3-Leg perimeter: This topology implements a perimeter network where TMG is connected to at least three physical networks. VPN Clients External TMG / Netscaler Perimeter Trusted This also is similar to One-Arm deployment of NetScaler. Citrix NetScaler: An ideal replacement for Microsoft TMG NetScaler fulfils not only all the functionality in Forefront Threat Management Gateway, but adds many additional features to optimize, protect and scale web-based applications. One of the principle uses of NetScaler is to front-end applications such as Microsoft Lync, SharePoint and Exchange in enterprise datacentres of all sizes. Citrix NetScaler is the most comprehensive Application Delivery Controller available. NetScaler not only includes all the capabilities of TMG but it is the most complete ADC on the market. NetScaler adds load balancing and Layer 4 connection management along with caching, compression, Layer 7 content optimization, content filtering, URL filtering, content rewrite, policy processing, application layer firewall,, network access control, SSL VPN and many other modules. NetScaler installations may start by replacing TMG features but the impact of NetScaler on application networking services has tremendous upside as additional features are utilized. NetScaler took the added step in supporting applications with the use of AppExpert Templates ; these are abstractions of application deployments through NetScaler. These predefined and freely available templates provide IT administrators with configurations that optimize the performance for a specific application. NetScaler has been tested and validated with key Microsoft Apps including Exchange, Lync, and SharePoint and complete deployment guides are available. NetScaler has demonstrated proven secure access technology working in conjunction with extensive authentication, optimization and acceleration modules. With the broader set of application oriented features NetScaler is not just the best product available for replacement of TMG, but it provides additional value for Microsoft Apps and environments.

6 NetScaler: A superset of TMG NetScaler provides all the features of Microsoft TMG and more. The following table provides a comparison of the principal TMG capabilities and NetScaler s support. Feature Comparison Feature TMG NetScaler URL Filtering Categorisation and other advanced feature Advance Policy Infrastructure with Responder HTTPS Inspection Policy Based SSL Offloading and Policies Malware Inspection Inspection System Capable of scanning attachments Traffic inspection based on protocol analysis, update support Application Firewall including XML and other attachments Application Firewall signature based protection with automatic updates Caching Basic AppCache Static and dynamic caching Routing and remote access Authentication Traffic Management Basic Basic, Form based, Certificate based Basic, No Active Sync roaming Static and Dynamic Routing with Secure remote access Basic ( 401+), Form Based, Certificate Based Advanced (HA, Scalable, Health Aware, GSLB), AAA for Traffic Management, content switching L3-L7 Firewall Basic Advanced (ACL, DDOS), Firewall mode, Application Firewall f or L7, HTTP DoS Protection mode

7 Feature TMG NetScaler Optimization (SSL offload, TCP optimization, Caching), Acceleration No performance gain Higher performance leads to better server use and much better optimization: SSL Offload TCP connection multiplexing HTTP optimization HTTP Caching HTTP Compression IPV6 No Support SLB64, SLB46, NAT64, NAT46, DNS64, End to End IPV6 support Forward and reverse Web Proxy Supports Supports including all layer 7 processing (e.g., rewrite, responder) VPN Server Support Full tunnel VPN, CVPN Site to Site VPN Support Cloud Connector SSL Bridging Support Support Web App Firewall Support HTML, XML firewall High Availability (HA) Complex, require 3 Nodes Active - Active, Active Passive, Cluster Publishing Apps Multi step process Support of AppExpert Templates to publish application in most optimal way Administration / Automation No Automation mechanism API support for third party integration, Command Centre for centralized administration Deployment topology comparison There are three main deployment options for TMG. NetScaler is used in an equivalent fashion for each scenario. TMG Back Firewall Single Adapter 3-Leg Perimeter NetScaler In-Line One-Arm One-Arm

8 NetScaler Advantages IT administrators can deploy NetScaler as a complete TMG replacement. NetScaler, installed with either the MPX/SDX physical or VPX virtual version has all the necessary features to fully ensure network security and provide protection to enterprise users. NetScaler goes much further and includes many more server availability, security, and application acceleration features in a single integrated appliance. When the administrator is ready, many more functional modules can be enabled to provide the most comprehensive application optimization solution available. NetScaler includes a greatly expanded list of core capabilities which can be utilized, one at a time or all at once. Unlike other ADC solutions, only NetScaler allows full simultaneous use of all features. With TriScale technology, NetScaler appliances scale in three dimensions for unprecedented growth for any environment. A partial list of features include: IPv6 capabilities Transitioning and translation technologies to connect IPv6 and IPv4 networks Dynamic Routing Support of key DR protocols like OSPF, BGP, RIP, IS_IS Surge Protection Ability to protect backend App servers from traffic surge HTTP Compression Compressing the HTTP payload to save bandwidth and faster response Web 2.0 Push Enabling Web 2.0 app deployments and technologies AAA-Traffic Management Enabling authentication, authorization and auditing for all kind of Apps App Firewall Full blown Application firewall with HTML and XML payload protection Rewrite Providing the ability of changing content of application request/response on fly Advance health check Ensuring that backend apps are UP and working effectively Global Server Load Balancing (GSLB) Ability to load balance globally dispersed application deployment AppExpert Callout Excellent way to speak with external resources DataStream Provides load balancing, optimization and connection multiplexing for SQL database servers

9 AppFlow The framework and protocol layer to export visibility information for L3 to L7 NetScaler Insight Module to consume and provide analytic reports on AppFlow info Command Center Centralized monitoring and management solution Platform Choice of platforms available in Virtual, Physical and Multi-tenant form TriScale Technology Centralized NetScaler appliances scale-up to 5x performance with software license, scale-in with up to 80 NetScaler fully isolated instances on one appliance and scale-out: with the clustering of up to 32 appliances in one system image. Conclusion Microsoft s Forefront TMG has been a versatile device. It served as a web proxy, firewall, secure gateway, app publisher and more. While many solutions claim to replace TMG deployments in specific usage scenarios, only NetScaler can provide a comprehensive replacement solution. NetScaler goes beyond TMG for complete optimization of applications and provides superior application availability, acceleration and security. Reference Deployment Guides Citrix NetScaler Deployment Guide for Microsoft Exchange 2010 Microsoft SharePoint 2010 Citrix NetScaler Solution Guide Microsoft Lync Server 2010 Citrix NetScaler Solution Guide Deploying Citrix NetScaler DataStream in Microsoft SQL Server 2008 R2 Environments How to allow Smart Access to Web Interface for SharePoint (WISP) with NetScaler Configuring Kerberos Constrained Delegation on a NetScaler Appliance

10 Corporate Headquarters Fort Lauderdale, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA EMEA Headquarters Schaffhausen, Switzerland India Development Center Bangalore, India Online Division Headquarters Santa Barbara, CA, USA Pacific Headquarters Hong Kong, China Latin America Headquarters Coral Gables, FL, USA UK Development Center Chalfont, United Kingdom About Citrix Citrix (NASDAQ:CTXS) is the cloud company that enables mobile workstyles empowering people to work and collaborate from anywhere, easily and securely. With market-leading solutions for mobility, desktop virtualization, cloud networking, cloud platforms, collaboration and data sharing, Citrix helps organizations achieve the speed and agility necessary to succeed in a mobile and dynamic world. Citrix products are in use at more than 260,000 organizations and by over 100 million users globally. Annual revenue in 2012 was $2.59 billion. Learn more at www.. Copyright 2013 Citrix Systems, Inc. All rights reserved. Citrix, NetScaler, NetScaler SDX, MPX, VPX and TriScale are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies. 0513/PDF

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information