Post on 06-Feb-2018
OpenLineontbijtsessie
RichardvandenOudenalderCitrixServiceProviders Netherlands,EMEAWestern Europe,CitrixSystemsInc.
MennoBernardt
CitrixServiceProviders Netherlands,EMEAWestern Europe,CitrixSystemsInc.JULY4,2017
2 ©2016Citrix|Confidential
Today’sTopics
Ø Introduction
Ø Citrixvision• HowCitrixsecurestheworkspace
Ø Citrixtechnologyupdate• XenApp/XenDesktop• ShareFile• XenMobile• NetScaler
3 ©2017Citrix
o Visieo Bedrijfsplano Doelstellingeno Financieel
o IT Beleidsplano Innovatieo Wet&
Regelgeving
o ITArchitectuur
o Budgeto Facilityo Asset
management
o Analyseso Functionalitieto Beschikbaarheido Veiligheid
o Infrastructuur,platform&applicatie design
o Productieo Marketingo Verkoopo Service
o ProjectManagement
o Monitoring
o Integratieo Implementatieo Migratieo Beheer
Strategisch
Inrichten
Uitvoeren
Business Informatie &Communicatie
Technologie
CouldyourITDepartmentbecomemoreeffective?
Slaan weeen brugtussen devraag
vandebusinessendedienstverlening
vanIT?
Weten weprecieswathiervoor nodig
is?
4 ©2017Citrix
Strategisch
Inrichten
Uitvoeren
Business Informatie &Communicatie
Technologie
Vraag Vraag
Aanbod Aanbod
IST(analyse)
Soll(interviews)
1. Knelpunten2. Speerpunten3. Projecten
1. Kwalificeren2. Prioriseren
HowdoesITsupportthebusinesseffectively?
5 ©2017Citrix
o Visieo Bedrijfsplano Doelstellingeno Financieel
o IT Beleidsplano Innovatieo Wet&
Regelgeving
o ITArchitectuur
o Budgeto Facilityo Asset
management
o Analyseso Functionalitieto Beschikbaarheido Veiligheid
o Infrastructuur,platform&applicatie design
o Productieo Marketingo Verkoopo Service
o ProjectManagement
o Monitoringo Service
Management
o Integratieo Implementatieo Migratieo Beheero Support
Strategisch
Inrichten
Uitvoeren
Business Informatie &Communicatie
Technologie
CouldyourITDepartmentbecomemoreeffective?
• Wie kent deorganisatieen haar doelstellingen hetbest?
• Wie kan efficient&snelcommuniceren ?
• Waarom isdeeigen ITafdeling dan niet meerdiensten aan hetuitbesteden ommeerdeze taak goed uit tevoeren ?
6 ©2017Citrix
BridgeplanAcompliantplantoassisttheserviceproviderfromaperpetuallicensingmodeltoaconsumptionbasedlicensingmodel
withoutcausingmajordisruptionincost-basisforexistingcontracts.
7 ©2017Citrix
Challengeswithdifferentlicensesmodels
xXAPerpetualLicensesreselled bytheCitrixReseller
• Additionalbuyingprocessnewlicenses
• NormalLicensesManagement
x XACSPLicensesmanagedbytheCitrixService
Providerpermonth
EasyLicensescaling
EasyLicenseManagement
CAPEXmodel OPEXmodel
Decline
Grow
Bundles
Type
Declineextracost
8 ©2017Citrix
Identify
• Identify– Customerusingperpetualforhosting– CustomerwilloutsourcehisITtoaCSP
Identifyperpetuallicensesusedforhosting
Identify
Identify customersusing
perpetuallicensesfor3rd
partyhosting
AllentitiesusingCitrixproductstohostservicesfor3rdpartiesshoulddosousinglicensesprocuredundertheCitrixServiceProviderProgramForcustomerscurrentlyusingPerpetualLicensestoservice3rd parties,anynewusersshouldbeprocuredundertheCSPProgram
9 ©2017Citrix
Qualify
• Benefits– Cannowbeintegratedintoserviceproviderestatesimplifyingmanagement– Nomonthlyusageowedforperpetualorannuallicenses– Reducecomplexityofmultiplelicenseservers– ReduceadministrativecostbasedonqualificationforuseofCitrixtools– Preservesinvestmentinperpetuallicenseswhileincentingcustomerstoeithermovenoworinthefutureastheirlicenseinvestmentisamortized
Qualifyhostingusagerights
Qualify
Qualify hostingusagerights
toclarifycustomerbenefits
&Standardize license
practices
10 ©2017Citrix
Convert• Convert– Identifyyourownperpetuallicensesbeingusedforhosting(complete)– SelectCSPlicensesbasedonthesamefunctionality
• Which givingthe usage rights forthe actual install base• Oraconverted amount of licenses (CCUconsideration)
– Createapreferredbusinessplantoconvertthelicenses• MatchingexistingcostforSWM(Select)tosupportthisplan• Mutualcommitment fromboth partnerandCitrix
– Partnerreturns ordestroys the perpetual licensing andstartusing CSPstocklicensing• Theconvert licenses become abaselineare usedaslong asneeded.• Normalreporting stays the sameas itwas before abridgeplanintegration
ConvertperpetuallicensestoServiceProvider
Convert
Convert licenses&Ensure
customerscurrent
investmentisprotected
CSPTechnicalproductupdate
CitrixandSecurity
13 ©2016Citrix|Confidential
SecurityIsTopofMind
14 ©2016Citrix|Confidential
Securityiscomplex
15 ©2016Citrix|Confidential
SecurityChallengesOurCustomersarefacingToday
SecuredAccess
MobileSecurity
Data&IPProtection
Compliance&
Governance
BusinessContinuity
Visibility&insightsintouser,device,network,andcloudactivity
InsiderThreatsThirdParty
RemoteAccessM&AIntegration
MobileDevicesMobileApps
UnmanagedDevice
Legacy&CustomappsLossofIPandsensitivedataDatasharing
GLBA,SOX,NIST,GDPR
HIPAA,PCI-DSSFFIEC,NUAC,OCCdatasovereignty
MalwareattacksDDoSProtection
WorkforceContinuityDisasterRecovery
16 ©2017Citrix
NetScalerGateway
Hypervisor
CurrentApproachbyMostCitrixCustomers
ResourceLocation
On-premises
Internet
SaaS
XenAppSecureVirtualBrowser
InternalUsers
Firewall
Nativebrowsers
17 ©2016Citrix|Confidential
NetScalerGateway
XenServer+BitdefenderHVI
Addedon-prem securitybyCitrix
ResourceLocation
On-premises
Internet
SaaS
XenAppConfidentialBrowser
IntranetBrowser
InternetBrowser
WebAppFirewall
Intranet
NetScalerSecureWebGateway
WebfilteringSmartAccess&Federation
18 ©2016Citrix|Confidential
ButthePerimeterisexpanding&MixofAssets&Data
VPN
Endpoints
RemoteWorkers
Mobile/BYO
EnterpriseEndpoints
IoT/Wearables
Network
3G/4G
WAN
VPN
Applications
Media
EnterpriseData
Data
CloudData
MobileData
PersonalData
FileServer
SecurityServices
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
SecureWindowsAppDeliveryXenAppandXenDesktop
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
22 ©2016Citrix|Confidential
OnlyXenServerenableschoiceinGPUvendorsXenServer7.2Experimental,EnterpriseEditionfeature
experimental
New
XenMotion forNVDIAGRIDWorkloads!
23 ©2016Citrix|Confidential
AcropolisNEW!
XenServer
Hyper-V vSphere
• PVS-Accelerator
• HypervisorIntrospection
• GraphicsLeadership
• Nomoredowntimeduringupdates
with
24 ©2016Citrix|Confidential
PreventingZeroDayAttacksHypervisorIntrospection(HVI)withXenServerandBitdefender
Protectsin-guestmemoryforreal-timeanalysis
HypervisorprovidesisolationifVMinstanceiscompromised
Reliesondetectingattacktechniques,versusapre-existingpatternfile
Performanceoverheadmanagedbyhypervisorhost,notindividualVM
Agentperhypervisorhost,notindividualVM
25 © 2016 Citrix | Confidential
Retire
Package
Patch
PublishValidateApplicationLife-CycleProcure
26 © 2016 Citrix | Confidential
AppManagement• Step1:Gatherapps
App
27 © 2016 Citrix | Confidential
AppManagement• Step2:Analyzeandremediateapps
App AppDNA
28 © 2016 Citrix | Confidential
AppManagement• Step3:Sequenceandlayerapps
CreateApp-VSequence
CreateLayer
App ManualInstall
• App-V– Automatedsequencecreation– Supportsappisolation– Noextrainfrastructurerequired– 1sequencetomanytargets
• Layer– Integratedlayerinteroperabilityanalysis– Noextrainfrastructurerequired– 1layertomanytargets
• ManualInstall– Traditionalapproach– Apppartofthedesktopimage
AppDNA
+securityanalysis
29 © 2016 Citrix | Confidential
AppManagement• Step4:Publish&deliverapps
CreateApp-VSequence
App ManualInstall
Windows7,8and10App
Pooled VDI
Personal VDI
Windows2008R2and2012R2App
CreateAppDisk Layer
AppDNA
SecureandrapidAppdeployment
30 ©2016Citrix|Confidential
Thiswon’thappentoyouifyouuseXA/XD!
31 ©2016Citrix|Confidential
NewCitrixReceivers
ReceiverforLinux13.6• AdaptiveTransport/EDTSupport
Receiver7.3foriOS• AdaptiveTransport/EDTSupport
ReceiverforChrome&HTML5• Multi-monitor• Chromeappshortcuts• SDKenhancements
ReceiverforMac12.6• Auto-Update• HighDPImatching
ReceiverforWindows4.8• Auto-Update
32 ©2016Citrix|Confidential
ExpandingourLinuxusecaseCosteffective,securevirtualappsanddesktops
Ubuntu RHEL CentOSProvisioningServices
LinuxVDIHostedShared SeamlessApps
Cost-effectiveoptionsforLinuxwithnon-GridNVIDIAGPUs
33 ©2016Citrix|Confidential
OnlyAvailable withXenServer7.2andXenDesktop7.14
RoamsessionsbetweenTabletsandDesktopswithWindowsContinuum
experience
WindowsContinuumexperienceonanydevice
34 ©2016Citrix|Confidential
UDP
FramehawkGearing
Framehawk Graphics
Multitouch
AdaptiveTransport
RTP
Mouse
Keyboard
Audio
AdaptiveDisplayTCP Audio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard/Mouse
Printing
MobileSensors
GenericUSB
Drives
Enhanceduserexperiencewithminimaladministrativeoverhead
35 ©2016Citrix|Confidential
UDP
FramehawkGearing
Framehawk Graphics
Multitouch
RTP
Mouse
Keyboard
Audio
AdaptiveDisplayTCP Audio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard/Mouse
Printing
MobileSensors
GenericUSB
Drives
AdaptiveDisplay
AdaptiveTransport
Audio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard/Mouse
Printing
MobileSensors
GenericUSB
Drives
AdaptiveTransportEnhanceduserexperiencewithminimaladministrativeoverhead
36 ©2016Citrix|Confidential
Deliveringthebestexperienceatthelowestcost
40%reductioninBandwidth
2xfastersessioninteractivity
10xfasterprinting&filetransfer
RaisingthebarwithnextgenerationHDXtechnologies
37 ©2016Citrix|Confidential
RealTime OptimizationPackforSkypeforBusiness
What’sNew
SupportforH.264-encodingwebcams
Hardwareaccelerationforvideoencoding/decoding
RealTime MediaEngineUpdateService
What’sComing
RealTimeMediaEngineforHDXPi
RealTimeMediaEngineforChromebooks
200,000DailyActiveUsers
(DAU)ofHDXRealTime
OptimizationPackforSkypeforBusiness
Thedevelopment,releaseandtimingofanyfeaturesorfunctionalitydescribedforourproductsremainsatoursolediscretionandaresubjecttochangewithoutnoticeorconsultation.Theinformationprovidedisforinformationalpurposesonlyandisnotacommitment,promiseorlegalobligationtodeliveranymaterial,codeorfunctionalityandshouldnotberelieduponinmakingpurchasingdecisionsorincorporatedintoanycontract.
38 ©2016Citrix|Confidential
WorkspaceEnvironmentManagement
UserEnvironmentManagement
Deliverthebestpossibleworkspaceperformance,desktoplogonandapplicationresponsetimesfor
everyuser
ResourceManagement
Intelligentlyadjustthewayapplicationsutilizesystems
resourcessuchasRAM,CPUandInput/Output(IOPS)
70%Improved server
scalability
80%Improved logon
times
TransformerInstantlyconvertanyPCintoahigh-performancethinclient,extendingthelifeoftheexistinghardwareto
savemoney
BasedonNorskale acquisition
*Premiumonly
EnableyourbusinesswithrapiddeploymentsAppLayering
40 ©2016Citrix|Confidential
• Traditionalagent-basedPCconfiguration,applicationvirtualization,andimagemanagementsolutionshavemadelifemiserableforITandWindowsusersforyears
What’stheproblemwe’resolvingwithUnidesk?
ComplexandInefficientHighFailureRatesImagesprawlADrainonITBudgetsDaysorWeekstoDeliverNewAppsRepackagingforEveryPlatformIncompatiblewiththeCloud
Reduceoveralldesktopandapplicationmanagementcosts
*Premiumonly
41 ©2017Citrix
• SeparateappsandOSfromtheimage–OnlysolutionthatlayersallofWindows–Unparalleledappcompatibility(>99.5%)– Soeasy,anybodycanmakelayers
• Oneappperlayer,nostacksorbubbles
42 ©2017Citrix
Elasticlayering
• Customizeeachworkspaceondemand–Appson-demand– instantuserassignedapps– Simplemanagement– 100%ADgroupmembership–Optionalpersistence– userapps/profile/data
Solves95%ofyourchallenge!
43 ©2017Citrix
Layeringisthe“tech”nottheproduct…
• LayeringisEVERYWHERE!– Essentiallythetechisfilesystemandregistryvirtualizationcombinedwiththelogiconhowtocombinetheseelementsfromdifferent‘layers’.
• LayersareuniquevirtualdisksthatcontainonlythefilesystemandregistryforagivenOSorApplication.
• ThisallowsforanyapplicationtopackagedasalayerandseparatedfromtheOS,unlikepreviousapp-virt toolsandotherlayeringproductsonthemarket.
44 ©2017Citrix
SecurefilesharingShareFile
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
© 2014 Citrix. Confidential.
Users DemandInstant access from any deviceFile sharing with anyoneEasy and familiar user experience
IT RequiresSecurityControl No data leakage
ShareFile – Solve the “DropBox Problem”
48 ©2016Citrix|Confidential
49 ©2016Citrix|Confidential
1. ShareFileworkswithfileversioning2. Cryptoware willencryptafileandShareFile
willnoticethere’safileupdate,sonewversion1willbetheencryptedfileandtheoldversion1willbecomeversion2.
3. BydeletingVersion1theencryptedfilewillbedeletedandversion2willbecomethelatestfile.
4. ResultisarecoverfromCryptoware.
50 ©2017Citrix
IntegratewithDataLossPreventionsystems
InformationRightsManagement
Ensureonlytherightpeoplecanviewbusinessfiles
RestrictonlineaccesswithwatermarkingandscreencaptureprotectionProtectdownloadedfilesbyrevokingaccess,blockingprinting,andcopy/pasteICAPintegrationProtectdatabyscanningonmalware
51 ©2017Citrix
FivewaysShareFileaddsvaluetoOffice365
DataFragmentation
Usershavedataintoomanyplaces
ElectronicSignatures
John Doe
Contracts&agreementsneedlegallybinding
signatures
DocumentWorkflows
Feedback&approvalsarestuckine-mail
HostedDesktops
OneDriveisnotsupportedinvirtual
desktopenvironments
Externalcollaboration
Customers&partnerscan’taccessOneDriveor
SharePoint
SecureyourEndpointsXenMobile
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
54 ©2016Citrix|Confidential
CitrixXenMobile• EnablingtheMobileWorkspacebecauseworkisnotaplace
Productivity and Collaboration
Data Management
App Management
Device Management
A complete stack that maximizes productivity without compromising security
55 ©2017Citrix|Confidential
• Free/Busyscheduling
• AttachmentRepository
• OutofOffice
• Seamlessintranetaccess
• Contextuallyawarenoteretrieval
XenMobile productivityapps– Builtforbusiness
• DigitaltransformationwithSecureForms
• LeverageExchangeNotesandTasks
• EasyfileaccesswithShareFile
• ViewandeditOfficedocsandannotatePDFs
• Micro-VPN
• Desktopaccess/control
• OneTouchmeetingjoin
• VIPInboxandaudiotones
• PersonalCalendaroverlay
SecureMail SecureTasks *ShareFile QuickEdit *ScanDirect*SecureNotes *SecureFormsSecureWeb
*XenMobile EnterpriseOnly
56 ©2017Citrix|Confidential
EasydataaccessShareFileintegration– SecureMail– emailcontent/Calendar
ShareFileIntegration
DocumentControls
SecureMailIntegration
AttachLinksNotFiles
57 ©2016Citrix|Confidential
• Containerizeapplicationdata• Encryptionoptionsincluding:
• Devicedependent– Setpasscode• Deviceindependent– MAM-only(BYOD)
• EnforcedevicepasscodeinMAM-onlyenvironments.
• On-boardFIPScompliantsecurevaultforapplicationdatainuse
• 70+deviceindependentMAMsecuritypolicies
• Perappmicro-VPN
MobileApplicationManagement(MAM)Protectdatafromcommonthreats– Mobilemalware;maliciousapps,ransomware
58 ©2016Citrix|Confidential
GatewayServices
(NetScaler)
Perappmicro-VPN
DMZ
Encryptedmicro-VPN
SharePoint
Exchange
Intranet
SecureMail
SecureWeb
Single-Sign-Onsecureaccessforallmanagedapps
Secureaccesstocorporateresources
ThirdParty
59 ©2017Citrix|Confidential– ContentinthispresentationisunderNDA
SecureForms– ConsumerGradeUserExperience
SecureFormsComposerCreateformtemplatesandworkflowrules
SecureFormsMobileAppCapturestructureddata
XenMobileSecureForms
60 ©2017Citrix|Confidential– ContentinthispresentationisunderNDA
SecureForms– SecureData
SecureFormsComposerCreateformtemplatesandworkflowrules
SecureFormsMobileAppCapturestructureddata
DataStoreStructured XML, CSVArchiveandSearch
ShareFile
XenMobile SecureForms
61 ©2017Citrix|Confidential– ContentinthispresentationisunderNDA
SecureForms– ZeroMobileCodeandEasyIntegration
Records Management
System
SecureFormsComposerCreateformtemplatesandworkflowrules
SecureFormsMobileAppCapturestructureddata
DataStoreStructured XML, CSVArchiveandSearch
IntegrationConnecttoexistingsystems
ETL – BI Tools
ShareFile
SharePoint
WebService
XenMobileSecureForms
62 ©2017Citrix|Confidential
Composeandpublishamini-app
Usemini-appfrommobiledevice
SecurelysavetoShareFile
1
2
3
Automatedworkflows– SecureForms
63 ©2017Citrix|Confidential– ContentinthispresentationisunderNDA
HealthCare:PatientRequestForm
Capture Store Process
Act
• Fast,CheapandZeroMobileCode• HighAccuracyDataCapture• Savestime• Structureddatacaptureto
measureoperationalKPIslikethroughput
XenMobile SecureForms
64 ©2016Citrix|Confidential
XenMobileUEM
Mobile Device Management
BYOD Laptops
MacDevices
Win10
65 ©2016Citrix|Confidential
Devicesecurityactions– Locate– Lock– Wipe– Revoke
Windows10devicesecurity
66 ©2016Citrix|Confidential
MacOSmanagement
RestrictMacOScapabilities
• SystemPreferencePaneItems
• AppSpecificcontrols
• Sharing- SocialMediaandMessages
• iCloudSyncforMail/Calendar/Contacts
• AppleMusic
• Camera
67 ©2016Citrix|Confidential
CitrixBetterTogether- SmartAccess
• XenAppandXenDesktop 7.6/StoreFront3.7or3.8
• XenMobileServer10.5
• XenMobileServerconfiguredtoaggregateHDXappsfromStoreFront
• ExportXMSSAMLcertificatetoStorefrontserver
Detectoutofcompliance EndUserExperience
SecureandoptimizedappsfromanywhereNetScalerADC
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
70 ©2016Citrix|Confidential
WhatisanSSLVPN?
• Usedforremote/secureaccesstocompanydata
• Layer7protocol,runsontopofhttp
• Providesencryptionofapplicationtrafficandauthenticationforendusersandenduserdevices
Internet NetScaler
71 ©2016Citrix|Confidential
SmartControlwithNetScalerUnifiedGateway• Defineservicelevel-accessbasedonuserID,deviceandlocation
©Citrix2015
GenericUSBLync
ICAconnection(HDXBroadcast)
FramehawkDCR
ThinWire
KB&MouseClipboard
Printing
Audio
MobilesensorsSmartcard
Flash
Drives
Multimedia
72 ©2016Citrix|Confidential
ManagingEndpointDeviceSecurity• SmartAccess
RequestResource EPAPoliciesPassed
Corporatelaptop
73 ©2016Citrix|Confidential
Multipleremoteaccesssolutionsindatacentercauseredundancy
Users
Mobile
VDI
SaaS
WebApps
Client/Server
• Iscostlyandhardtomanage,increasedatacentersprawl
• Needmultiplemonitoringandcompliancetools
• Providespooruserexperience,decreasesproductivity
• Leadstonon-compliance,moreaccesspointsincreasethreatofsecuritybreach
74 ©2016Citrix|Confidential
NetScalerUnifiedGatewayprovidesOneURL
Users
Mobile
VDI
SaaS
WebApps
Client/Server
• Consolidationleadstocostreductionbyupto50%
• Easiertomanage• Centralizedapproachtoimprove
efficiency• Easytoenforcecompliance,
reduceattackfootprint• Supportforallenduserdevices• Completeend-to-endvisibility
75 ©2016Citrix|Confidential
andEnablesSingleSign-OnAcrossallApplications
UserswithSingleSign-on
Mobile
VDI
SaaS
WebApps
Client/Server
SAML2.0,OAuth
• Singlepointofaccesstoallapplications
• Secureaccessmanagement,granularandconsistentaccesscontrolacrossallapps
• Betteruserexperienceimprovesproductivity
76 ©2016Citrix|Confidential
Ease of ManagementEnd user Experience Identity is Important
UnifiedGatewaydoesitlikethis..
✓
✓
✓
andmore…
77 ©2016Citrix|Confidential
WinningOverRemoteAccessUserswithOneURL
One URL
78 ©2016Citrix|Confidential
PortalCustomization
Backgroundimage
Headerlogo&Position
Brandlogo
Logonbuttonlogo
Fieldtitles&font
FormTitle
USER
Help-Desk DesktopSpecialist
NetworkSpecialist
IT Department IT dept. calls Citrix Support
IT Support Lacks Visibility• Frustrateduserslessproductivebecauseofissuesaccessingtheirapps
• Novisibilitytoapplicationtrafficornetwork• Leadstofinger pointinginIT
• LongSLAs• Frustratedusers
Citrix SupportSoftware
Citrix Support
Citrix Support
Escalation
Citrix Support
ITAdmin
80 ©2016Citrix|Confidential
SanFrancisco
Singapore
AddNetScalerforZonePreferences
Userisconnectedtoclosestsite
GlobalServerLoadBalancing
81 ©2016Citrix|Confidential
KeepsUserIdentityOn-Premise
1. UnifiedGatewayUserLogon2. NetScalerauthenticatesuseragainstADwheretheUGportalisreturned
withtheO365Apps3. Userclicksontheapptorequestaccess4. O365redirectsusertoSAMLIdP(NetScalerAAA)5. NetScalerredirectscallertoSAMLSPACS(AAD)withoutpromptinguser
duetoexistingsession6. SAMLSPACS(AAD)checksSAMLassertionandredirectscallerbackto
resource7. Resourceaccessgranted
DirSync
AD
AAD
1 23
4
5
6
7
NetScalerasSAMLIDP
• SAMLSPandIDPcapabilities
• Integratedwithallwell-knownIDPproviders
82 ©2017Citrix
MultifactorAuthentication– n-Factor
Userisaskedtoprovidecertificate
Certificateispresentandvalid
Usernameisextractedfromcertificate
UserisaskedforpasswordforADas2nd
factor
UsernamePassword
83 ©2017Citrix
MultifactorAuthentication– n-Factor
Userisaskedtoprovidecertificate
Certificateisnot
presentorvalid
Userisaskedtoprovideusername,password,
passphrase
LDAP/AD1st factorauthentication
Radius2nd factorauthentication
UsernamePasswordPasscode
84 ©2016Citrix|Confidential
Problem
7
6
5
4
3
2
1
ApplicationLayer
ProtectionLayer
SessionLayer
TransportLayer
NetworkLayer
DataLink(MAC)LayerPhysicalLayer
Uppe
rLayers
Lower
Layers
OSIModel
Apps
SessionLayer
TransportLayer
NetworkFirewall
NoAppsprotection86%oftheattacksareattackstotheapplications
85 ©2016Citrix|Confidential
Solution
7
6
5
4
3
2
1
ApplicationLayer
ProtectionLayer
SessionLayer
TransportLayer
NetworkLayer
DataLink(MAC)LayerPhysicalLayer
Uppe
rLayers
Lower
Layers
OSIModel
Apps
SessionLayer
TransportLayer
NetworkFirewall
ApplicationProtection
WebAppFirewall
86 ©2016Citrix|Confidential
CitrixAppFirewall:HybridSecurityModel
UnknownAttacks
LearnApplicationEnvironment
KnownAttacks
ApplySignatures
NegativePo
sitive
HybridHybrid
ProtectAgainstKnownand
UnknownThreats
SecureandoptimizeNetScalerSD-WAN
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
89 ©2017Citrix
SD-WANbusinesscasesTriggers
NetScalerSD-WANOffersCustomerSituation
• Networkupgradecostavoidance• Abundantbandwidth• Always-onreliability
NewApplications
BetterUserExperience
KeyValue
• ConsolidatenetworkservicesbycombiningSD-WAN,RoutingandWANOptimization
EquipmentRefresh
SimplifyBranchInfrastructure
• AvoidcostofMPLSexpansion• Uselowercostbroadbandinplace
MPLSContractRenewal
ReduceCost
FrequentOutages
AlwaysonBranch
• Eliminateapplicationinterruption• Automaticlosslessfailover
90 ©2016Citrix|Confidential
NetScalerSD-WAN
• Combining multiple paths into one single virtual WAN
• Per-packet path selection to ensure high reliability and bandwidth efficiency
• Constant real-time performance measurement of loss, latency, jitter and congestion
• Optional WAN optimization and protocol acceleration ensuring best user experience
91 ©2017Citrix
NetScalerSD-WANProvides
DataCenterBranchNetScalerSD-WANNetScalerSD-WAN
Internet
MPLS
Zone-based,statefulfirewall
ApplicationAwareness
&Segmentati
on
92 ©2017Citrix
NetScalerSD-WANProvides
DataCenterBranchNetScalerSD-WANNetScalerSD-WAN
Internet
MPLS
Granularpath
selection
InternetbreakoutforSaaSapps
93 ©2017Citrix
CloudProvider
NetScalerSD-WANProvides
DataCenterBranchNetScalerSD-WANNetScalerSD-WAN
Internet
MPLS
NetScalerSD-WAN
Secure&reliable
connectivityto cloudapps
Auto-provisionCloud
Appliances
94 ©2017Citrix
CloudProvider
NetScalerSD-WANProvides
DataCenterBranchNetScalerSD-WANNetScalerSD-WAN
Internet
MPLS
NetScalerSD-WAN
Centralizedvisibilty andcontrol
95 ©2017Citrix
NetScalerSD-WAN:BreakoutInternetattheBranch
Internet
MPLS Default Queue
MPLS EF QueueNetScalerSD-WAN NetScalerSD-WAN
AvoidbackhaulingInternet-boundtraffictothedatacentertosavebandwidthandimproveapplicationperformance!
• AllowsInternet-destinedtraffictogototheInternetdirectlyorviaaSecureWebGateway(SWG)• IntegratewithSWGservices(Zscaler,ForcePoint etc)forsecurityandpolicyenforcement• ControltheamountofbandwidthforInternettraffic
Secure Web Gateway(Zscaler, Forcepoint)
96 ©2017Citrix
ApplicationAwarenesswithNetScalerSD-WAN
Knownprotocolsandportnumbers
DNSMatchingandKnownIPAddresses
Compareportnumbersandprotocolmessagesagainstknownapplicationsandapplicationcomponents
1
ReadnameofserviceinSSL/TLScertificateorinServerNameIndication
SecurityCertificateDetails2
SearchforknownbinarypattersintrafficflowsPayloadCharacteristics3
InspectDNSqueriesandsessioninitializationsequencesforknownIPaddresses
4
WhatOther’sSee
WithNetScalerSD-WAN
NetScalerSD-WANAppClassification
4,000+applications,groupedintocategories
97 ©2017Citrix
ApplicationawarefirewallWithcentralizedandintegratedconfiguration
Youcanrestrictwhichzonesthisapplicationcancomefromandto
Controlwhethertoallowordenytraffic
Applypoliciestogroupsofapplications,individualapplications,orsubsetsoftrafficwithinanapplication
98 ©2017Citrix
Datacenter
Cloud/SaaS
NetScalerSD-WANCenterforUnifiedManagement
Branch
Branch MPLSINTERNET4G/LTE
SATELLITE
SD-WANCenter
• Singlepaneofglassforbranch,datacenterandcloud• Firewall,VirtualWAN,RoutingandWANOptimizationall
configuredfromsameinterface• Policiesaredefinedcentrallyandpushedtoallappliances• Nobranchordeviceconfigorloginrequired
99 ©2017Citrix
SimplifiedDeploymentwithZero-TouchDeploymentService
Automatedbring-up
AuthenticationtojoinNetwork
Statusupdatesofdeployment
• Significantlyreducedeploymentcost• Eliminateerrorswithcentralizedtemplates• Bringuplargescalenetworkquickly
GainInsightandcontrolMAS
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
102 ©2016Citrix|Confidential
NetScalerMASdeliversacompletesystemfortheADC
ConfigurationMgmt
Visibility&Analytics
ClassicDCManagement
SDNControl
HybridandMulti-CloudControl
Hybridcloudmgmt
SDNIntegration
CloudMgr integration
AppCentricity
FleetMgmt
FleetVisibility
AdvancedAnalytics
ContainerMgmt
Licensing
NewGeneration,BorderlessDCManagement
ApplicationCentricManage-ment
AutomatedCentralizedManage-ment
SDNandCloud
Orchestra-tion
Visibility&
Analytics
AppCentricMgmt
Physical,VirtualADCs SDWANGateway
PhysicalADCs
SDWAN
Gateway
NetScalerMAS
103 ©2017Citrix|Confidential– ContentinthispresentationisunderNDA
MachineLearning
NetScalerMASisre-inventingtroubleshootingCircleofPain
ManualSearch
Customerfilesticket
UpdateConfig
UpdateConfig
CircleofEase
recommendation
Recommendation
104 ©2017Citrix
CentrallymanagetheNetScalerfleet
DistributionbyEvents/Health/Versions/Model/UpTime/ConfigAudit/Certificates
105 ©2017Citrix
AppDashboard– NewRepresentation
SharePoint
Bigger theSizeHighertheAppUsage
MOSTUSED
MoreRed ColorShadeLowertheAppScore
LOWAPPSCORE
106 ©2017Citrix
AppDashboard
LowAppScoreApp
HighThreatExposureApps
LowSecurityApps
AppTrafficPattern
LowAppScoreApps
107 ©2017Citrix
AppThreatAnalysis
Layer7Attacks
Layer4Attacks
TopAppsunderAttack
TopClientsinitiatingAttack
AttackOrigin
AttackVariation
SoftwareDefinedPerimeter
CitrixSecureDigitalWorkspace
Users SecureIT
Security&PerformanceAnalytics
UnifiedExperience
“BYO”Identity
SingleSign-on
UnifiedEndpointManagementContextual
Access
ContextualPerformance
AppOps
ContentControl
Legacy/CustomApps
109 ©2016Citrix|Confidential
CitrixSolutionsAppsanddataarecentrallymanagedinthedatacenterandaccessedviagranularaccesscontrol
Dataaccess,storageandsharingarecontrolledandauditedon-premandinthecloud
Accessandcontrolacrossthenetworkwithassuredappdeliveryandend-to-endvisibility
Securemobileappsanddatawithagreatuserexperience
110 ©2016Citrix|Confidential
SeamlessContextualAccess
SoftwareDefinedPerimeter
Analyticsand
Insight
People-Centric
RemoteWorkers
EnterpriseEndpoints
IoT/Wearables Mobile/BYOCentralized
PolicyControl
PeopleIntelligence
Enterprise Mobile
Personal Email Security
Cloud
“Apps&Data”“Devices&Platforms”
CitrixWorkspaceSecurityComplementaryProtection ComplementaryProtection
SecurityAtTheHeartOfEverythingWeDo
111 ©2016Citrix|Confidential
Q&A
112 ©2016Citrix|Confidential