netscaler for mobility and secure remote access
DESCRIPTION
This session describes practical approaches to utilizing provisioning services for Citrix XenDesktop and Citrix XenApp, taken from actual customer deployments in the 25- to 500-device range. We will discuss how to use provisioning services correctly, including best practices for vDisks and cache placement. Other topics will include high availability and load balancing. Live demos will illustrate some of the best practices of a provisioning services deployment.TRANSCRIPT
1
2
3
We will focus on new differen3ators than what you’ve been currently selling integrated NetScaler solu3ons on. Today, when you speak to your customers about the value of a NetScaler along with XenDesktop solu3ons, you sell NetScaler on load balancing and secure access along with applica3on firewall. These are definitely compelling reasons and solve many customer pain points. In 2013, we have a few more differen3ators that will really separate us from our compe3tors and provide a much more solid case for implemen3ng NetScalers with a XenDesktop deployment, focused on visibility and solu3ons for the Next-‐Gen XD
4
NetScaler addressed four major customer pain points when deploying a XD solu3on. (from leO to right) Secure Access GSLB Load balancing (enabling session persistence for redundancy) And providing a way to configure web Interface from the NetScaler consolida3ng the solu3on _____________________________________ From leO to right Secure access GSLB Load balancing (with session persistence) WI
5
We are now introducing four more compelling reasons that will help solve customer pain points and enable you to demonstrate the value of NetScaler even beWer in front of your customers. 1. HDX Insight available shortly – bringing visibility into the end-‐end user experience from the packet to the applica3on with full visibility into the ICA protocol and help in troubleshoo3ng and capacity planning 2. A simplified Wizard delivering a single point of configura3on to deploy NetScaler solu3on for your XD infrastructure. This was done before with many different configura3on panes and wizards, and, now is greatly simplified. 3. WI to StoreFront Transi3on: For administrators wan3ng to convert from Web Interface to StoreFront, a single point of entry for both systems so administrators can easily transi3on from a single point of access. Plus custom health checks and monitors will be available to monitor store front on the NetScaler 4. ICA Proxy: While ICA proxy is a capability we already have, we are making a point to market it more in 2013. It secures XenDesktop from data leaks with 3ght integra3on and proper authen3ca3on of users.
6
HDX Insight Master Wizards SF Migra3on ICA Proxy
HDX Insight: Real-‐3me visibility into the end-‐user experience from the packet to the user. StoreFront Front-‐End: Security 3er that also provides scalability, visibility, and reliability. WI to StoreFront Transi3on: Simplifies the transi3on from Web Interface to StoreFront. ICA Proxy: Secures XenDesktop from data leaks with 3ght integra3on and proper authen3ca3on of users. HDX Insight: Opera3onal troubleshoo3ng tool for users having a bad XenDesktop experience. StoreFront Front-‐End: DMZ proxy for administrators requiring up3me, scalability, and 3e-‐in to the login process for HDX Insight. WI to StoreFront Transi3on: For administrators wan3ng to convert from Web Interface to StoreFront, a single point of entry for both systems so administrators can ICA Proxy:
7
8
9
NetScalers for XD deployments meet customer’s business challenges -‐ Faster performance for a variety of environments -‐ Meet availability SLAs providing op3mal customer user experience -‐ Ensure regulatory compliance and prevent data loss -‐ Ensure secure access and network con3nuity for the business
• Desktop Virtualiza3on is a growing secular trend that is not only evolving as a technology offering but also gaining adop3on among its users. It will help you to get in the door with exis.ng customers and more prospects – every company is being challenged with the diversity of user types, devices and loca3ons. Use this to open doors and posi3on yourself and Citrix as a thought leader and solu3on provider to those challenges.
• From the users’ perspec3ve, experience and produc3vity are very important. On the IT side, security, regulatory compliance and data loss con3nue to be real IT threats in the workplace.
10
IT administrators care about many points of failure in a typical XA/XD deployment. This is not only restricted to the backend server farm, but also to the network. Typical IT infrastructure concerns include -‐ Ensuring WAN latency is at a minimum -‐ There are no security breaches or boWlenecks -‐ Cri3cal services are available -‐ The LAN environment has no issues reaching the backend environment -‐ Adequate availability of VDI resources
These concerns apply not only to the applica3on level, but also to the network level and require end-‐end unprecedented visibility and access
11
Citrix NetScaler makes applica3ons such as MicrosoO’s Exchange, Lync, and SharePoint, Citrix XenDesktop, Oracle, SAP and many other applica3ons run at least 5x beWer by offloading func3onality from app servers and database servers, accelera3ng performance, and integra3ng security. Load balancing is of course a key part of an Applica3on Delivery Controller, but while many Applica3on Delivery controllers are just glorified old load balancers, NetScaler is a comprehensive system deployed in front of web and database servers that combines high-‐speed load balancing and content switching, compression, caching, SSL accelera3on, applica3on visibility and applica3on security. In addi3on to global desktop availability, op3mized network performance, and, security, we are now introducing yet another value-‐add to netScaler and that of Visibility. Think of visibility as the signal bars we have on our phones. A lower number of signal bars indicate an issue with the mobile service provider and not with the phone itself. Similarly, unprecedented visibility provided by NetScalers indicate key network health issues, and impac3ng an otherwise perfectly func3oning XD architecture. Monitoring the network as well as XD architecture is essen3al for a complete picture and ensuring op3mal user experience.
12
13
14
How does NetScaler help with ICA proxy -‐by ac3ng as a full proxy for ICA connec3ons, those connec3ons are filtered before hilng the backend server thereby ensuring these connec3ons are aWack free -‐STA (Secret Ticket Authority) integra3on prevents server data leakage -‐Integra3on with HDX Insight, StoreFront and Web Interface provides a fully consolidated and simplified solu3on -‐Delivers a compe33ve advantage by providing a true ICA proxy
15
16
Citrix Sharefile is the industry leading cloud storage solu3on for the enterprise. With the introduc3on of Enterprise Storage Zones, organiza3ons can now leverage hybrid storage solu3ons that get the best of cloud availability with the security of on-‐premise storage and data at-‐rest encryp3on.
17
With the benefits of on-‐premise cloud storage solu3ons come the reality that securing access and providing high availability for those components hosted by the enterprise are an absolute requirement. To address the security and availability requirements, Citrix recommends the use of the Citrix NetScaler product line. The NetScaler is a 3me-‐tested solu3on providing security, availability, and high scalability to countless large scale web sites, enterprise grade applica3ons, and virtual desktop environments. For Sharefile, this means driving the highest grade of security while providing the best cloud storage solu3on for end users. The 3ght coupling of NetScaler and Sharefile enables the secure and highly available delivery of cloud storage while keeping that data which should be private, indeed private. Furthermore, the hardened NetScaler insures that Sharefile soOware stays well behind a secured environment so only clean traffic is allowed through and risk is mi3gated.
18
19
To answer this challenge Citrix has introduced The Mobile Solu3ons Bundle. We think that this is truly revolu3onizing the way that companies are mobilizing their businesses. It’s a preWy loOy statement but let’s get into the specifics.
20
21
Let’s talk about the specific elements of The Mobile Solu3ons Bundle and NetScaler that many of our customers care a great deal about. I’ll take you through each of these in this next sec3on.
22
Peeling back the layers on the stack from our earlier picture you see how extensive our client side is with access on any device type and a more specific view of what we mean by applica3on management. Business apps, produc3vity and collabora3on tools and a sandboxed mail, doc and browser experience that users love. It’s a complete picture and Citrix is the only vendor that can offer all of these components.
23
24
25
26
27
A FEATURE OF XENMOBILE, ALLOWS NETSCALER TO CONTROL ACTIVESYNC TRAFFIC, GRANTING ACCESS TO CORPORATE MAIL, CALENDAR, AND CONTACTS. NETSCALER ACTS AS THE ENFORCEMENT POINT FOR MANAGING DEVICES THAT HAVE ACCESS TO CORPORATE EMAIL. FOR EXAMPLE, A CORPORATE COMPLIANCE POLICY MAY BE TO BLOCK ALL ANDROID DEVICES BECAUSE THEY MAY DEEM THEM TO BE A GREATER SECURITY RISK. THEREFORE, ONLY IOS DEVICES, SUCH AS IPHONES AND IPADS, CAN HAVE ACCESS TO CORPORATE EMAIL. NETSCALER COMPARES THE CONNECTING DEVICES AGAINST THE CONFIGURATIONS AND DENIES ACCESS TO ALL ANDROID DEVICES, WHILE ALLOWING USERS WITH IOS DEVICES TO CONNECT. A SECOND USE CASE WOULD BE THAT A CORPORATE COMPLIANCE POLICY IS TO BLOCK ALL ROOTED OR JAILBROKEN DEVICES FROM CONNECTING TO CORPORATE EMAIL. AGAIN, NETSCALER COMPARES THE CONNECTING DEVICES AGAINST THE CONFIGURATIONS AND DENIES ACCESS BASED ON THE CONFIGURATIONS. THIS WOULD BE HELPFUL FOR CUSTOMERS LOOKING AT THE XenMobile MDM EDITION, AS WELL AS THE XENMOBILE MOBILE SOLUTIONS BUNDLE. WITHOUT A DOUBT, THE ACTIVESYNC FEATURE IS A PRIMARY USE CASE FOR MDM
28
A FEATURE OF XENMOBILE, ALLOWS NETSCALER TO CONTROL ACTIVESYNC TRAFFIC, GRANTING ACCESS TO CORPORATE MAIL, CALENDAR, AND CONTACTS. NETSCALER ACTS AS THE ENFORCEMENT POINT FOR MANAGING DEVICES THAT HAVE ACCESS TO CORPORATE EMAIL. FOR EXAMPLE, A CORPORATE COMPLIANCE POLICY MAY BE TO BLOCK ALL ANDROID DEVICES BECAUSE THEY MAY DEEM THEM TO BE A GREATER SECURITY RISK. THEREFORE, ONLY IOS DEVICES, SUCH AS IPHONES AND IPADS, CAN HAVE ACCESS TO CORPORATE EMAIL. NETSCALER COMPARES THE CONNECTING DEVICES AGAINST THE CONFIGURATIONS AND DENIES ACCESS TO ALL ANDROID DEVICES, WHILE ALLOWING USERS WITH IOS DEVICES TO CONNECT. A SECOND USE CASE WOULD BE THAT A CORPORATE COMPLIANCE POLICY IS TO BLOCK ALL ROOTED OR JAILBROKEN DEVICES FROM CONNECTING TO CORPORATE EMAIL. AGAIN, NETSCALER COMPARES THE CONNECTING DEVICES AGAINST THE CONFIGURATIONS AND DENIES ACCESS BASED ON THE CONFIGURATIONS. THIS WOULD BE HELPFUL FOR CUSTOMERS LOOKING AT THE XenMobile MDM EDITION, AS WELL AS THE XENMOBILE MOBILE SOLUTIONS BUNDLE. WITHOUT A DOUBT, THE ACTIVESYNC FEATURE IS A PRIMARY USE CASE FOR MDM IMPLEMENTATIONS BECAUSE COMPANIES WANT TO KNOW THAT MOBILE DEVICES ARE SECURE BEFORE THEY ALLOW ACCESS TO SENSITIVE CORPORATE INFORMATION.
29
. Why this solu3on: Mobile applica3on infrastructure security is an absolute infrastructure requirement. Balancing transparency with applica3on level security requires detailed and granular policies for compliance. Filtering access at the mail server itself is too late and introduces risk associated with hackers crea3ng mayhem.
30
How this solu3on works: This is achieved by NetScaler parsing the Ac3veSync protocol used between mobile devices and Exchange email services in 3ght conjunc3on with XenMobile providing real-‐3me policy updates. As policies are revised, impact to individual device access is immediately felt
31
A FEATURE OF XENMOBILE, ALLOWS NETSCALER TO CONTROL ACTIVESYNC TRAFFIC, GRANTING ACCESS TO CORPORATE MAIL, CALENDAR, AND CONTACTS. NETSCALER ACTS AS THE ENFORCEMENT POINT FOR MANAGING DEVICES THAT HAVE ACCESS TO CORPORATE EMAIL. FOR EXAMPLE, A CORPORATE COMPLIANCE POLICY MAY BE TO BLOCK ALL ANDROID DEVICES BECAUSE THEY MAY DEEM THEM TO BE A GREATER SECURITY RISK. THEREFORE, ONLY IOS DEVICES, SUCH AS IPHONES AND IPADS, CAN HAVE ACCESS TO CORPORATE EMAIL. NETSCALER COMPARES THE CONNECTING DEVICES AGAINST THE CONFIGURATIONS AND DENIES ACCESS TO ALL ANDROID DEVICES, WHILE ALLOWING USERS WITH IOS DEVICES TO CONNECT. A SECOND USE CASE WOULD BE THAT A CORPORATE COMPLIANCE POLICY IS TO BLOCK ALL ROOTED OR JAILBROKEN DEVICES FROM CONNECTING TO CORPORATE EMAIL. AGAIN, NETSCALER COMPARES THE CONNECTING DEVICES AGAINST THE CONFIGURATIONS AND DENIES ACCESS BASED ON THE CONFIGURATIONS. THIS WOULD BE HELPFUL FOR CUSTOMERS LOOKING AT THE XenMobile MDM EDITION, AS WELL AS THE XENMOBILE MOBILE SOLUTIONS BUNDLE. WITHOUT A DOUBT, THE ACTIVESYNC FEATURE IS A PRIMARY USE CASE FOR MDM
32
Why this solu3on: Mobile applica3on infrastructure security is an absolute infrastructure requirement. Balancing transparency with applica3on level security requires detailed and granular policies for compliance. Filtering access at the mail server itself is too late and introduces risk associated with hackers crea3ng mayhem. Next click How this solu3on works: This is achieved by NetScaler parsing the Ac3veSync protocol used between mobile devices and Exchange email services in 3ght conjunc3on with XenMobile providing real-‐3me policy updates. As policies are revised, impact to individual device access is immediately felt
33
34
35
36
42
Branch Repeater and Repeater are available in variety of form-‐factors and models based on the target applica3on. Appliance models are primarily sized based on a customer’s WAN bandwidth requirements. The next few slides will focus on how to posi3on each of these products.
43
44
45
Thank you.
46