Embed Size (px)
DESCRIPTION
Citrix Receiver – The Challenge. Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively determine users’ ID for security CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware Installation and Configuration Issues - PowerPoint PPT Presentation
Citation preview
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
Certificate-Based Authentication (CBA - 2FA)
• The organization MUST be able to positively determine users’ ID for security
• CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware
Installation and Configuration Issues
• Citrix Installation might suffer conflicts and related issues (incompatibility, conflicting versions, etc.)
• If the connection runs through VPN SSL – users will require plug-ins and/or specific browser version
• Additional plug-ins might be required for organizational portal (.net, Java, etc.)
• If a self-signed certificate (server certificate) is used, users have to configure end-point’s browser
Data Leakage
• Hard to manage where users export data to (machines/media) and how they use it
• A misconfigured machine might be used by unauthorized personal for accessing sensitive data
Citrix Receiver – The Challenge
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
Certificate-Based Authentication (CBA - 2FA)
• The organization MUST be able to positively determine users’ ID for security
• CBA requires Public Key Identification (PKI) hardware (USB smart card chip) and middleware
Installation and Configuration Issues
• Citrix Installation might suffer conflicts and related issues (incompatibility, conflicting versions, etc.)
• If the connection runs through VPN SSL – users will require plug-ins and/or specific browser version
• Additional plug-ins might be required for organizational portal (.Net, Java, etc.)
• If a self-signed certificate (server certificate) is used, users have to configure end-point’s browser
Data Leakage
• Hard to manage where users export data to (machines/media) and how they use it
• A misconfigured machine might be used by unauthorized personal for accessing sensitive data
Citrix Receiver – The Challenge
Tough security issues.
Data compromise.
High helpdesk costs.
Hard to manage.
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
AdditionalSoftware
Home PC Laptop/Any PC Branch PCsContractors
Citrix Receiver + 2FA: Current Situation
Self-SignedCertificate
VPN SSLAdd-on & URL
ReceiverClient
2FAMiddleware
Data & UserPolicies
Citrix Farm / IT Dept.
Traditional technologies demand that each component will be distributed separately to EACH end-point:
• 2FA Middleware• Citrix Receiver Client
(for both managed and unmanaged machines)
• VPN SSL add-on for browser• Self-signed certificate• Additional required plug-ins/software
Unmanaged machines are handled by the end user.
Novice/non-savvy users will probably require helpdesk services.
2FAHardware
End User Helpdesk
What a mess…
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
AdditionalSoftware
Home PC Laptop/Any PC Branch PCsContractors
Citrix Receiver + 2FA: Current Situation
Self-SignedCertificate
VPN SSLAdd-on & URL
ReceiverClient
2FAMiddleware
Data & UserPolicies
Citrix Farm / IT Dept.• Middleware• Citrix Receiver Client
(for both managed and unmanaged machines)
• VPN SSL add-on for browser• Self-signed certificate• Additional required plug-ins/software
Are all mounted on one device…Centrally managed…In plug-and-play mode…On a single device for any platform at any time.
2FAHardware
End User
But what if…
Helpdesk
This is exactly what Ceedo for Citrix is!
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
Administrator pre-configurescomponents, apps in a Ceedofor Citrix workspace and installs it on a flash drive or USB token.
USB drives or installation packagedelivered to end-users(usually in a read-only partition).
Users plug in devices and startworking immediately! Zero-installand zero footprint - nothing is leftbehind after USB is unplugged.
Workspaces can be managed remotely from the cloud.
The Solution: Ceedo for CitrixSolution: Pack everything into a plug-and-play platform on USB drive or 2FA device!
CeedoWorkspace
ReceiverClient
SandboxedBrowser
Self-SignedCertificate
VPN SSLAdd-on & URL
PKIMiddleware
AdditionalSoftware
Data & UserPolicies
Home PC Laptop/Any PC Branch PCsContractors
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
Ceedo for Citrix Technology
Device architecture (varies)Flash memory on 2FA device or regular USB drivePartitioned to Read Only and Read/WriteRead Only: Ceedo workspace, 2FA Middleware or software and all other applications and components.Read/Write: User Data and customizations.
Virtual Runtime
Environment
Ceedo EnterpriseManager (CME)
Management SystemCEM: Creates Ceedo workspaces and their policies.CPC: Creates application packages.CCMS: Assigns users and groups with devices, workspaces, edits and creates policies, aggregates usage data, and more (web-based)…Ceedo Package
Creator (CPC) Ceedo ClientManagement (CCMS)
Virtual Runtime EnvironmentActs as a surrogate OSRuns all components within a sandboxWorks entirely in User ModeNo admin rights or installation requiredCross windows platforms
© 2011 All rights reserved to Ceedo.
Ceedo - Flexible Computing
Plug-and-Play zero-install CitrixReceiver on a flash memory of a 2FA device (or any USB thumb-drive).
Encrypted data, sandboxed apps and enables configuring user-rights policies enforcement (access to drives, printers, etc.).
Includes a built-in pre-configured browser, plug-ins and additional software.
Allows for remote management of policies and component updates.
Roam from PC to PC, regardless of OS version and user privileges.
To Conclude: Ceedo for Citrix Key Features
