• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Netscaler for mobility and secure remote access
 

Netscaler for mobility and secure remote access

on

  • 1,133 views

This session describes practical approaches to utilizing provisioning services for Citrix XenDesktop and Citrix XenApp, taken from actual customer deployments in the 25- to 500-device range. We will ...

This session describes practical approaches to utilizing provisioning services for Citrix XenDesktop and Citrix XenApp, taken from actual customer deployments in the 25- to 500-device range. We will discuss how to use provisioning services correctly, including best practices for vDisks and cache placement. Other topics will include high availability and load balancing. Live demos will illustrate some of the best practices of a provisioning services deployment.

Statistics

Views

Total Views
1,133
Views on SlideShare
1,133
Embed Views
0

Actions

Likes
1
Downloads
59
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Netscaler for mobility and secure remote access Netscaler for mobility and secure remote access Document Transcript

    • 1  
    • 2  
    • 3  
    • We  will  focus  on  new  differen3ators  than  what  you’ve  been  currently  selling  integrated  NetScaler  solu3ons  on.    Today,  when  you  speak  to  your  customers  about  the  value  of  a  NetScaler  along  with  XenDesktop  solu3ons,  you  sell  NetScaler  on  load  balancing  and  secure  access  along  with  applica3on  firewall.  These  are  definitely  compelling  reasons  and  solve  many  customer  pain  points.      In  2013,  we  have  a  few  more  differen3ators  that  will  really  separate  us  from  our  compe3tors  and  provide  a  much  more  solid  case  for  implemen3ng  NetScalers  with  a  XenDesktop  deployment,  focused  on  visibility  and  solu3ons  for  the  Next-­‐Gen  XD  4  
    • NetScaler  addressed  four  major  customer  pain  points  when  deploying  a  XD  solu3on.    (from  leO  to  right)    Secure  Access  GSLB  Load  balancing  (enabling  session  persistence  for  redundancy)  And  providing  a  way  to  configure  web  Interface  from  the  NetScaler  consolida3ng  the  solu3on  _____________________________________  From  leO  to  right  Secure  access  GSLB  Load  balancing  (with  session  persistence)  WI  5  
    • We  are  now  introducing  four  more  compelling  reasons  that  will  help  solve  customer  pain  points  and  enable  you  to  demonstrate  the  value  of  NetScaler  even  beWer  in  front  of  your  customers.    1.  HDX  Insight  available  shortly  –  bringing  visibility  into  the  end-­‐end  user  experience  from  the  packet  to  the  applica3on  with  full  visibility  into  the  ICA  protocol  and  help  in  troubleshoo3ng  and  capacity  planning    2.  A  simplified  Wizard  delivering  a  single  point  of  configura3on  to  deploy  NetScaler  solu3on  for  your  XD  infrastructure.  This  was  done  before  with  many  different  configura3on  panes  and  wizards,  and,  now  is  greatly  simplified.    3.  WI  to  StoreFront  Transi3on:  For  administrators  wan3ng  to  convert  from  Web  Interface  to  StoreFront,  a  single  point  of  entry  for  both  systems  so  administrators  can  easily  transi3on  from  a  single  point  of  access.  Plus  custom  health  checks  and  monitors  will  be  available  to  monitor  store  front  on  the  NetScaler    4.  ICA  Proxy:  While  ICA  proxy  is  a  capability  we  already  have,  we  are  making  a  point  to  market  it  more  in  2013.  It  secures  XenDesktop  from  data  leaks  with  3ght  integra3on  and  proper  authen3ca3on  of  users.      6  
    • HDX  Insight  Master  Wizards  SF  Migra3on  ICA  Proxy  HDX  Insight:  Real-­‐3me  visibility  into  the  end-­‐user  experience  from  the  packet  to  the  user.  StoreFront  Front-­‐End:  Security  3er  that  also  provides  scalability,  visibility,  and  reliability.  WI  to  StoreFront  Transi3on:  Simplifies  the  transi3on  from  Web  Interface  to  StoreFront.  ICA  Proxy:  Secures  XenDesktop  from  data  leaks  with  3ght  integra3on  and  proper  authen3ca3on  of  users.    HDX  Insight:  Opera3onal  troubleshoo3ng  tool  for  users  having  a  bad  XenDesktop  experience.  StoreFront  Front-­‐End:  DMZ  proxy  for  administrators  requiring  up3me,  scalability,  and  3e-­‐in  to  the  login  process  for  HDX  Insight.  WI  to  StoreFront  Transi3on:  For  administrators  wan3ng  to  convert  from  Web  Interface  to  StoreFront,  a  single  point  of  entry  for  both  systems  so  administrators  can    ICA  Proxy:      7  
    • 8  
    • 9  
    • NetScalers  for  XD  deployments  meet  customer’s  business  challenges  -­‐  Faster  performance  for  a  variety  of  environments  -­‐  Meet  availability  SLAs  providing  op3mal  customer  user  experience  -­‐  Ensure  regulatory  compliance  and  prevent  data  loss  -­‐  Ensure  secure  access  and  network  con3nuity  for  the  business  •  Desktop  Virtualiza3on  is  a  growing  secular  trend  that  is  not  only  evolving  as  a  technology  offering  but  also  gaining  adop3on  among  its  users.  It  will  help  you  to  get  in  the  door  with  exis.ng  customers  and  more  prospects  –  every  company  is  being  challenged  with  the  diversity  of  user  types,  devices  and  loca3ons.  Use  this  to  open  doors  and  posi3on  yourself  and  Citrix  as  a  thought  leader  and  solu3on  provider  to  those  challenges.  •  From  the  users’  perspec3ve,  experience  and  produc3vity  are  very  important.  On  the  IT  side,  security,  regulatory  compliance  and  data  loss  con3nue  to  be  real  IT  threats  in  the  workplace.  10  
    • IT  administrators  care  about  many  points  of  failure  in  a  typical  XA/XD  deployment.  This  is  not  only  restricted  to  the  backend  server  farm,  but  also  to  the  network.  Typical  IT  infrastructure  concerns  include    -­‐  Ensuring  WAN  latency  is  at  a  minimum  -­‐  There  are  no  security  breaches  or  boWlenecks  -­‐  Cri3cal  services  are  available    -­‐  The  LAN  environment  has  no  issues  reaching  the  backend  environment  -­‐  Adequate  availability  of  VDI  resources  These  concerns  apply  not  only  to  the  applica3on  level,  but  also  to  the  network  level  and  require  end-­‐end  unprecedented  visibility  and  access        11  
    • Citrix  NetScaler  makes  applica3ons  such  as  MicrosoO’s  Exchange,  Lync,  and  SharePoint,  Citrix  XenDesktop,  Oracle,  SAP  and  many  other  applica3ons  run  at  least  5x  beWer  by  offloading  func3onality  from  app  servers  and  database  servers,  accelera3ng  performance,  and  integra3ng  security.      Load  balancing  is  of  course  a  key  part  of  an  Applica3on  Delivery  Controller,  but  while  many  Applica3on  Delivery  controllers  are  just  glorified  old  load  balancers,  NetScaler  is  a  comprehensive  system  deployed  in  front  of  web  and  database  servers  that  combines  high-­‐speed  load  balancing  and  content  switching,  compression,    caching,  SSL  accelera3on,  applica3on  visibility  and    applica3on  security.      In  addi3on  to  global  desktop  availability,  op3mized  network  performance,  and,  security,  we  are  now  introducing  yet  another  value-­‐add  to  netScaler    and  that  of  Visibility.  Think  of  visibility  as  the  signal  bars  we  have  on  our  phones.  A  lower  number  of  signal  bars  indicate  an  issue  with  the  mobile  service  provider  and  not  with  the  phone  itself.  Similarly,    unprecedented  visibility  provided  by  NetScalers  indicate  key  network  health  issues,  and  impac3ng  an  otherwise  perfectly  func3oning  XD  architecture.  Monitoring  the  network  as  well  as  XD  architecture  is  essen3al  for  a  complete  picture  and  ensuring  op3mal  user  experience.    12  
    • 13  
    • 14  
    • How  does  NetScaler  help  with  ICA  proxy    -­‐by  ac3ng  as  a  full  proxy  for  ICA  connec3ons,  those  connec3ons  are  filtered  before  hilng  the  backend  server  thereby  ensuring  these  connec3ons  are  aWack  free  -­‐STA  (Secret  Ticket  Authority)  integra3on  prevents  server  data  leakage  -­‐Integra3on  with  HDX  Insight,  StoreFront  and  Web  Interface  provides  a  fully  consolidated  and  simplified  solu3on  -­‐Delivers  a  compe33ve  advantage  by  providing  a  true  ICA  proxy      15  
    • 16  
    • Citrix  Sharefile  is  the  industry  leading  cloud  storage  solu3on  for  the  enterprise.  With  the  introduc3on  of  Enterprise  Storage  Zones,  organiza3ons  can  now  leverage  hybrid  storage  solu3ons  that  get  the  best  of  cloud  availability  with  the  security  of  on-­‐premise  storage  and  data  at-­‐rest  encryp3on.      17  
    • With  the  benefits  of  on-­‐premise  cloud  storage  solu3ons  come  the  reality  that  securing  access  and  providing  high  availability  for  those  components  hosted  by  the  enterprise  are  an  absolute  requirement.  To  address  the  security  and  availability  requirements,  Citrix  recommends  the  use  of  the  Citrix  NetScaler  product  line.  The  NetScaler  is  a  3me-­‐tested  solu3on  providing  security,  availability,  and  high  scalability  to  countless  large  scale  web  sites,  enterprise  grade  applica3ons,  and  virtual  desktop  environments.  For  Sharefile,  this  means  driving  the  highest  grade  of  security  while  providing  the  best  cloud  storage  solu3on  for  end  users.      The  3ght  coupling  of  NetScaler  and  Sharefile  enables  the  secure  and  highly  available  delivery  of  cloud  storage  while  keeping  that  data  which  should  be  private,  indeed  private.    Furthermore,  the  hardened  NetScaler  insures  that  Sharefile  soOware  stays  well  behind  a  secured  environment  so  only  clean  traffic  is  allowed  through  and  risk  is  mi3gated.    18  
    • 19  
    • To  answer  this  challenge  Citrix  has  introduced  The  Mobile  Solu3ons  Bundle.  We  think  that  this  is  truly  revolu3onizing  the  way  that  companies  are  mobilizing  their  businesses.  It’s  a  preWy  loOy  statement  but  let’s  get  into  the  specifics.  20  
    • 21
    • Let’s  talk  about  the  specific  elements  of  The  Mobile  Solu3ons  Bundle  and  NetScaler  that  many  of  our  customers  care  a  great  deal  about.  I’ll  take  you  through  each  of  these  in  this  next  sec3on.  22  
    • Peeling  back  the  layers  on  the  stack  from  our  earlier  picture  you  see  how  extensive  our  client  side  is  with  access  on  any  device  type  and  a  more  specific  view  of  what  we  mean  by  applica3on  management.  Business  apps,  produc3vity  and  collabora3on  tools  and  a  sandboxed  mail,  doc  and  browser  experience  that  users  love.  It’s  a  complete  picture  and  Citrix  is  the  only  vendor  that  can  offer  all  of  these  components.  23  
    • 24  
    • 25  
    • 26  
    • 27  
    • A  FEATURE  OF  XENMOBILE,  ALLOWS  NETSCALER  TO  CONTROL  ACTIVESYNC  TRAFFIC,  GRANTING  ACCESS  TO  CORPORATE  MAIL,  CALENDAR,  AND  CONTACTS.  NETSCALER  ACTS  AS  THE  ENFORCEMENT  POINT  FOR  MANAGING  DEVICES  THAT  HAVE  ACCESS  TO  CORPORATE  EMAIL.      FOR  EXAMPLE,  A  CORPORATE  COMPLIANCE  POLICY  MAY  BE  TO  BLOCK  ALL  ANDROID  DEVICES  BECAUSE  THEY  MAY  DEEM  THEM  TO  BE  A  GREATER  SECURITY  RISK.  THEREFORE,  ONLY  IOS  DEVICES,  SUCH  AS  IPHONES  AND  IPADS,  CAN  HAVE  ACCESS  TO  CORPORATE  EMAIL.  NETSCALER  COMPARES  THE  CONNECTING  DEVICES  AGAINST  THE  CONFIGURATIONS  AND  DENIES  ACCESS  TO  ALL  ANDROID  DEVICES,  WHILE  ALLOWING  USERS  WITH  IOS  DEVICES  TO  CONNECT.    A  SECOND  USE  CASE  WOULD  BE  THAT  A  CORPORATE  COMPLIANCE  POLICY  IS  TO  BLOCK  ALL  ROOTED  OR  JAILBROKEN  DEVICES  FROM  CONNECTING  TO  CORPORATE  EMAIL.  AGAIN,  NETSCALER  COMPARES  THE  CONNECTING  DEVICES  AGAINST  THE  CONFIGURATIONS  AND  DENIES  ACCESS  BASED  ON  THE  CONFIGURATIONS.    THIS  WOULD  BE  HELPFUL  FOR  CUSTOMERS  LOOKING  AT  THE  XenMobile  MDM  EDITION,  AS  WELL  AS  THE  XENMOBILE  MOBILE  SOLUTIONS  BUNDLE.    WITHOUT  A  DOUBT,  THE  ACTIVESYNC  FEATURE  IS  A  PRIMARY  USE  CASE  FOR  MDM    28  
    • A  FEATURE  OF  XENMOBILE,  ALLOWS  NETSCALER  TO  CONTROL  ACTIVESYNC  TRAFFIC,  GRANTING  ACCESS  TO  CORPORATE  MAIL,  CALENDAR,  AND  CONTACTS.  NETSCALER  ACTS  AS  THE  ENFORCEMENT  POINT  FOR  MANAGING  DEVICES  THAT  HAVE  ACCESS  TO  CORPORATE  EMAIL.      FOR  EXAMPLE,  A  CORPORATE  COMPLIANCE  POLICY  MAY  BE  TO  BLOCK  ALL  ANDROID  DEVICES  BECAUSE  THEY  MAY  DEEM  THEM  TO  BE  A  GREATER  SECURITY  RISK.  THEREFORE,  ONLY  IOS  DEVICES,  SUCH  AS  IPHONES  AND  IPADS,  CAN  HAVE  ACCESS  TO  CORPORATE  EMAIL.  NETSCALER  COMPARES  THE  CONNECTING  DEVICES  AGAINST  THE  CONFIGURATIONS  AND  DENIES  ACCESS  TO  ALL  ANDROID  DEVICES,  WHILE  ALLOWING  USERS  WITH  IOS  DEVICES  TO  CONNECT.    A  SECOND  USE  CASE  WOULD  BE  THAT  A  CORPORATE  COMPLIANCE  POLICY  IS  TO  BLOCK  ALL  ROOTED  OR  JAILBROKEN  DEVICES  FROM  CONNECTING  TO  CORPORATE  EMAIL.  AGAIN,  NETSCALER  COMPARES  THE  CONNECTING  DEVICES  AGAINST  THE  CONFIGURATIONS  AND  DENIES  ACCESS  BASED  ON  THE  CONFIGURATIONS.    THIS  WOULD  BE  HELPFUL  FOR  CUSTOMERS  LOOKING  AT  THE  XenMobile  MDM  EDITION,  AS  WELL  AS  THE  XENMOBILE  MOBILE  SOLUTIONS  BUNDLE.    WITHOUT  A  DOUBT,  THE  ACTIVESYNC  FEATURE  IS  A  PRIMARY  USE  CASE  FOR  MDM  IMPLEMENTATIONS  BECAUSE  COMPANIES  WANT  TO  KNOW  THAT  MOBILE  DEVICES  ARE  SECURE  BEFORE  THEY  ALLOW  ACCESS  TO  SENSITIVE  CORPORATE  INFORMATION.        29  
    • .  Why  this  solu3on:  Mobile  applica3on  infrastructure  security  is  an  absolute  infrastructure  requirement.  Balancing  transparency  with  applica3on  level  security  requires  detailed  and  granular  policies  for  compliance.  Filtering  access  at  the  mail  server  itself  is  too  late  and  introduces  risk  associated  with  hackers  crea3ng  mayhem.            30  
    • How  this  solu3on  works:  This  is  achieved  by  NetScaler  parsing  the  Ac3veSync  protocol  used  between  mobile  devices  and  Exchange  email  services  in  3ght  conjunc3on  with  XenMobile  providing  real-­‐3me  policy  updates.  As  policies  are  revised,  impact  to  individual  device  access  is  immediately  felt        31  
    • A  FEATURE  OF  XENMOBILE,  ALLOWS  NETSCALER  TO  CONTROL  ACTIVESYNC  TRAFFIC,  GRANTING  ACCESS  TO  CORPORATE  MAIL,  CALENDAR,  AND  CONTACTS.  NETSCALER  ACTS  AS  THE  ENFORCEMENT  POINT  FOR  MANAGING  DEVICES  THAT  HAVE  ACCESS  TO  CORPORATE  EMAIL.      FOR  EXAMPLE,  A  CORPORATE  COMPLIANCE  POLICY  MAY  BE  TO  BLOCK  ALL  ANDROID  DEVICES  BECAUSE  THEY  MAY  DEEM  THEM  TO  BE  A  GREATER  SECURITY  RISK.  THEREFORE,  ONLY  IOS  DEVICES,  SUCH  AS  IPHONES  AND  IPADS,  CAN  HAVE  ACCESS  TO  CORPORATE  EMAIL.  NETSCALER  COMPARES  THE  CONNECTING  DEVICES  AGAINST  THE  CONFIGURATIONS  AND  DENIES  ACCESS  TO  ALL  ANDROID  DEVICES,  WHILE  ALLOWING  USERS  WITH  IOS  DEVICES  TO  CONNECT.    A  SECOND  USE  CASE  WOULD  BE  THAT  A  CORPORATE  COMPLIANCE  POLICY  IS  TO  BLOCK  ALL  ROOTED  OR  JAILBROKEN  DEVICES  FROM  CONNECTING  TO  CORPORATE  EMAIL.  AGAIN,  NETSCALER  COMPARES  THE  CONNECTING  DEVICES  AGAINST  THE  CONFIGURATIONS  AND  DENIES  ACCESS  BASED  ON  THE  CONFIGURATIONS.    THIS  WOULD  BE  HELPFUL  FOR  CUSTOMERS  LOOKING  AT  THE  XenMobile  MDM  EDITION,  AS  WELL  AS  THE  XENMOBILE  MOBILE  SOLUTIONS  BUNDLE.    WITHOUT  A  DOUBT,  THE  ACTIVESYNC  FEATURE  IS  A  PRIMARY  USE  CASE  FOR  MDM    32  
    • Why  this  solu3on:  Mobile  applica3on  infrastructure  security  is  an  absolute  infrastructure  requirement.  Balancing  transparency  with  applica3on  level  security  requires  detailed  and  granular  policies  for  compliance.  Filtering  access  at  the  mail  server  itself  is  too  late  and  introduces  risk  associated  with  hackers  crea3ng  mayhem.      Next  click  How  this  solu3on  works:  This  is  achieved  by  NetScaler  parsing  the  Ac3veSync  protocol  used  between  mobile  devices  and  Exchange  email  services  in  3ght  conjunc3on  with  XenMobile  providing  real-­‐3me  policy  updates.  As  policies  are  revised,  impact  to  individual  device  access  is  immediately  felt        33  
    • 34  
    • 35  
    • 36  
    • 42  
    • Branch  Repeater  and  Repeater  are  available  in  variety  of  form-­‐factors  and  models  based  on  the  target  applica3on.    Appliance  models  are  primarily  sized  based  on  a  customer’s  WAN  bandwidth  requirements.    The  next  few  slides  will  focus  on  how  to  posi3on  each  of  these  products.  43  
    • 44  
    • 45  
    • Thank  you.  46