sicherheit im rechenzentrum der nächsten generation und...
TRANSCRIPT
© 2017 Citrix
Sicherheit im Rechenzentrum der nächsten Generation und in der Cloud
Hubert Krautter Senior Sales Engineer Networking
MARCH 16, 2018
2 © 2017 Citrix
Software Defined Perimeter
Citrix Secure Digital Workspace
Secure access to Apps
Security & Performance Analytics
Unified Experience
“BYO”
Identity
Single Sign-on
Unified Endpoint Management Contextual
Access
Contextual Performance
App Ops
Content Control
Legacy/ Custom
Apps
Users
3 © 2017 Citrix
NetScaler SD-WAN
Applications moving to the Cloud
4 © 2017 Citrix
Today’s Enterprise WAN Was Designed for Apps in the Data Center
Data Center
MPLS
Branch
5 © 2017 Citrix
…Not Applications in the Cloud
Data Center
MPLS
Cloud Provider
Branch
6 © 2017 Citrix
…Or for Internet Traffic Demands
Data Center
MPLS
Branch
Internet traffic on some enterprises’ MPLS networks
State of the WAN Report, Ashton Metzler & Associates, 2017
Up to 50%
7 © 2017 Citrix
What This Means…
Data Center
MPLS
Branch
Cloud Provider
MPLS provides reliability but it’s expensive and inefficient way of reaching the Internet and Cloud apps
8 © 2017 Citrix
What About a Hybrid WAN?
Data Center
MPLS
Branch
Cloud Provider
You’re dependent on a single connection, making you vulnerable to outages and with no control or visibility to critical SaaS apps
9 © 2017 Citrix
Migrating to the Cloud with NetScaler SD-WAN
Data Center Branch
NetScaler SD-WAN NetScaler SD-WAN
Internet
MPLS
Zone-based, stateful firewall
Application Awareness
10 © 2017 Citrix
Migrating to the Cloud with NetScaler SD-WAN
Data Center Branch
NetScaler SD-WAN NetScaler SD-WAN
Internet
MPLS
Granular path
selection
Internet breakout for
SaaS apps
11 © 2017 Citrix
Cloud Provider
Migrating to the Cloud with NetScaler SD-WAN
Data Center Branch
NetScaler SD-WAN NetScaler SD-WAN
Internet
MPLS
NetScaler SD-WAN
Build a secure
tunnel to the Cloud
Auto-provision
Cloud Appliances
12 © 2017 Citrix
Evolving to the Cloud Means Evolving Your WAN
The Design Requirements Still Hold
Reliability Visibility
Security Quality
Cloud Provider
Data Center
The Challenge Has Changed
13 © 2017 Citrix
What Cloud Services Does NetScaler offer?
14 © 2017 Citrix
Enterprise Cloud Apps
Corporate DC Apps
XenApp / XenDesktop HDX
SD WAN
VPN
SSO DNS
GTWY
NAC CS
LB
AppFW
SD WAN
SaaS Apps
DDoS
Enterprise Perimeter
Edge Perimeter
DMZ Internet
GSLB
* CS = content switching
Management & Analytics
Application Delivery Transformation
Web Filter
15 © 2017 Citrix
Enterprise Cloud Apps
Corporate DC Apps
XenApp / XenDesktop
SD WAN
DNS
GTWY
CS
LB
AppFW
SD WAN
SaaS Apps
DDoS
Edge Perimeter DMZ Internet
GSLB
* CS = content switching
Application Delivery Transformation
Moving to Cloud & SaaS
Front Door
LB
VPN
SSO
NAC
Web Filter
SDWAN Management & Analytics
Enterprise Perimeter
16 © 2017 Citrix
Enterprise Cloud Apps SaaS Apps Enterprise DC Apps
Differentiation - Citrix Software Defined Perimeter Umbrella framework for NetScaler Cloud Services - Enabling On premise like control, with cloud simplicity
Branch Users Mobile Users
Home Users
NetScaler SDWAN Branch
NetScaler SDWAN Head end
Network
Services
Service Control and Management
Data
Security User
Security
Route +
latency opt.
Traffic
Steering
Keyless
Encryption
AppFw
SWG
Secure Access
Identity Mgmt
User Policy
XA / XD / XM/ SF
Eliminate / Hide Attack Surface
Centralized Policy
Graduated Security Model Hybrid Cloud
Deployments
18 © 2017 Citrix
AD App Server
NetScaler
Remote User
Secure Access to on-prem App
SaaS Azure AD
• User lands on SaaS app • User redirected to on-
prem NS for auth (IDP) • User access SaaS app after
successful AAA
• User lands on NetScaler • User redirected to Azure
AD for auth (IDP) • User access on-prem app
after successful AAA
Cloud Migration Application and Identity
Application Migration to Cloud Identity Migration to Cloud
19 © 2017 Citrix
AD
Internal Network DMZ
NetScaler as
IDP
External Users
NetScaler as Identity Provider (IDP) for Office 365 Identity remains on-prem; App migrates to cloud
LDAP
Deployment Guide
20 © 2017 Citrix
Internal Network DMZ
NetScaler as SAML P
External Users
NetScaler as Service Provider (SP) for Enterprise ERP Identity remains on-prem; App migrates to cloud
Deployment Guide
Active Directory
21 © 2017 Citrix
• Single Sign-On to all SaaS / Cloud Apps
• Seamless user experience with monitoring capabilities using Gateway Insight (MAS)
• Storefront UI via Unified Gateway
Consolidate SaaS Apps on Single Portal Unified Gateway Single Sign-On (SSO)
22 © 2017 Citrix
How NetScaler Helps with Cloud Native Apps
23 © 2017 Citrix
• Offered on AWS marketplace since 2012 • BYOL, yearly subscription and hourly licenses • Powering multiple Citrix cloud service • High performance VPX enabled by SR-IOV
• Offered on Azure marketplace since 2015 • BYOL. Utility licensing is coming up soon • Powering multiple Citrix cloud service including XA Essential • High performance VPX
• Offered on IBM cloud marketplace since 2009 • Monthly subscription
NetScaler VPX in Public Cloud
Same Management
(Rebranded from Softlayer)
24 © 2017 Citrix
Challenges in Cloud Migration
Reduced CAPEX Global coverage Surge capacity
NetScaler
• Cost for migration
• Increasing complexity and scale in application management
• Transition from traditional application stack to cloud-native stack
25 © 2017 Citrix
Need a multi-cloud application delivery solution
Reduced CAPEX Global coverage Surge capacity
NetScaler
Lowering cost barrier in cloud migration
A single tool for application delivery management and monitoring
Cloud-native application stack with elasticity and automation
26 © 2017 Citrix
Need a multi-cloud application delivery solution
https://www.youtube.com/watch?v=WFeAJvKow1Q https://www.youtube.com/watch?v=IYbeJ_x1MKI
27 © 2017 Citrix
Hybrid/Multi-Cloud NetScaler
NetScaler Pooled Capacity
NetScaler Multi-site Availability (GSLB)
NetScaler MAS
Investment Protection in hardware to software transition
Anomaly detection Application health score
Enable additional option in application delivery
28 © 2017 Citrix