Your SlideShare is downloading. ×
  • Like
  • Save
RUCUG: 11. Rick Dehlinger BYOC: Beware the Perimeter
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

RUCUG: 11. Rick Dehlinger BYOC: Beware the Perimeter

  • 1,635 views
Published

Думаете о BYOC? Опасайтесь периметра! …

Думаете о BYOC? Опасайтесь периметра!
В маркетинговых презентациях Citrix и других вендоров часто проскакивает аббревиатура BYOC. Что это такое? Bring Your Own Computer, или по-русски ПРИходи СО Своим Компьютером (ПРИСОСКО J)). Про проблемы использования личных ПК (или iPad-ов) пользователей для доступа к корпоративным приложениям, и о том, как технически правильноих решать, расскажет Rick Dehlinger

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,635
On SlideShare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Entertaining BYOC?Beware the Perimeter
    Rick Dehlinger, Independent Technologist/Consultant
    Citrix Technology Professional/Public Speaker
    rick@rickdehlinger.com | @rickd4real | LinkedIn
  • 2. RickD – 1992 to 2010
    Desktop and
    Application
    Delivery
  • 3. What are you talking about Rick???
    New!!!
    Proven
  • 4. Introduce “PharmaCo”
    Solution Overview – Universal Workspace
    Challenges…!
    Summary/Review
    Closure
    Agenda
  • 5. Case Study – ‘PharmaCo’
  • 6. Global specialty pharmaceuticals manufacturer
    Design, test, manufacture, and sell specialty pharmaceuticals
    @10,000 users WW
    R&D, Manufacturing, Sales, Administrative Services, Contractors, etc.
    HQ on West Coast USA, offices/users in over 40 countries
    Highly competitive market
    Highly regulated industry
    Who are they? What do they do?
  • 7. Primary datacenter in Oregon, variety of other resources scattered everywhere
    Small IT team, operational support provided by a global MSP
    XP on the desktop, data everywhere, SMS for basic management
    Complex Active Directory structure
    Snapshot: IT Environment (today)
  • 8. @10,000 users worldwide
    Large percentage of remote users (40%+)
    Large percentage of ‘contingent’ workers
    Snapshot: User Environment
  • 9. Complex IT environment
    Slow time to market with new services
    User satisfaction level – too low!
    M&A, sale of business units costly and complex
    HIGH risks/impact of industrial espionage, compliance breaches, legal actions
    Problems…!
  • 10. The ‘Universal Workplace’
  • 11. User perspective: “What you want, when you want it, where you want it.”
    IT perspective:
    Major IT transformation project
    Touches almost every component of their infrastructure
    THE opportunity to do things RIGHT!
    What is the ‘Universal Workplace’?
  • 12. Users:
    “…all you need is a browser and an Internet connection!!!”
    “…dynamically adjust to provide you with everything you need!”
    “…use any device you want!”
    IT/Management:
    “…service non-managed machines without managing them”
    “…we’ll be dancing in fields, as carefree as birds!!”
    ‘Single Pane of Glass’ - Universal Access
  • 13. Datacenter, data, system consolidation
    AD, application rationalization
    Desktop refresh (Win7/x64)
    SMS to SCCM, Exchange upgrades
    SAN upgrades
    Network Perimeter Hardening/Transparency
    What’s in scope?
  • 14. (not much!)
    IPv6…
    What’s not in scope?
  • 15. Desktop/Delivery Services Focus
    Solution Overview
  • 16. Solution Stack (subset)
  • 17. Dynamic Composition / Statelessness / Layering
  • 18. Componentized Resources
  • 19. Policy Evaluation/Enforcement
  • 20. Perimeter Services
  • 21. Execution and Presentation
  • 22. Composition at Runtime
  • 23. BYOC – Perimeter…
    Challenges and Solutions
  • 24. Problem: no layer 1-3 access control
    No device differentiation, health checking, etc.
    Find a plug, have fun! (full network access)
    Today:
    Simple Certificate check for wireless network access, some wired network access (conference rooms)
    Cisco Clean Access implemented, torn out on main campus
    Primary ‘filter’ today: facility security, escort policies
    Challenge One: Access Control, Managed Networks
  • 25. 802.1X now a critical dependency
    Switch/router upgrades
    Enterprise PKI deployment
    Note: Gartner/Burton feedback…
    Solution: 802.1X PNAP
  • 26. …implementing a NAC architecture is not simple… the promise… is still mostly in the future.
    Burton Group, 2008 Analyst Report
  • 27. Problem: 40%+ field employeesrarely connect to corporate managed network
    Goal: seamless user (AND it management) experience on and off managed network
    Challenge 2: Managing Off-Network Devices
  • 28. Don’t manage them!
    (shot down)
    Establish SSL VPN connection at logon
    (an option… but not desired – more complex user experience)
    DirectAccess
    (current leading option…!)
    Open Source
    Openswan
    Options to Consider…
  • 29. Upsides of DirectAccess
    Seamless user experience
    Seamless management experience
    Challenges
    IPv4 resources!!! No-go without NAT64/DNS64 services – must have UAG
    Robust PKI required
    Complexity
    Unknown quantity
    No internal/3rd party expertise identified
    More on DirectAccess…
  • 30. Moving slowly…
    MSFT engaged for POC
    Major uncertainty (and RISK!)
    Status…
  • 31. The fear…
    Keyloggers on unmanaged devices capturing username/password, compromising other externally published applications (OWA, SharePoint, etc.)
    Potential solutions:
    Computer Associates UCG
    visionapp’s vSL
    Risks:
    ‘Honey Pot’ (reverse encrypt-able credentials database)
    Agents on each AD Domain Controller
    Challenge 3: No Passwords Outside the Perimeter
  • 32. Accept the risk!
    …and move critical services behind new perimeter w/OTP
    Solution?
  • 33. Session Review
  • 34. Rick Dehlinger - Independent Technologist/Consultant
    Citrix Technology Professional/Public Speaker
    rick@rickdehlinger.com | @rickd4real | LinkedIn
    rick.dehlinger@clarossystems.com
    About Claros:Claros Systems is an independent professional services organization intensely focused on building world class, change friendly Delivery Systems. It’s owned by Rick Dehlinger and 2 other managing partners.