Sprin VTUG citrix Solutions

April 24, 2014

Taking Your Business, and Users, to the Cloud!VTUG: Spring Ahead 2014

Todd Smith – Citrix


Transformation


WorkplaceRedesignMobile

WorkstylesWorkforceMobility

WorkflowOptimization


A Mobile Workstylemakes people happier and more productive


Mobile Workstyles are powered by...

Mobile WorkspacesSecurely unite apps,

data and services on any device over any network or cloud

Citrix is the leader in


Collaboration & Sharing

Access & Data Security

App & Desktop Virtualization

Enterprise Mobility Management

App Networking & Cloud Orchestration

© 2014 Citrix | Confidential – Do Not Distribute© 2013 Citrix | Confidential – Do Not Distribute

Tablets expected to soon overtake PC sales*

3+ devices per employee

1.5 M Android devices activated daily

BYOD Revolution

* IDC, 2013

**Base: 9,766 Global Information Workers (17 countries)

Source: Forrsights Workforce Employee Survey Q4 2012


Mobility vs. Security

• Too many ways to lose data on mobile devices

• Mobile networks becoming the norm vs. WAN

• Data too big to move

• Confidentiality, compliance and IP protection more complex

*Wireless Intelligence report, 1, 2013


Infinite Complexity of ManagementAcross apps, devices and locations


16

Business Concerns

Device Configuration

App Configuration and Delivery

Content Support

End User Experience

Security, Integration, Vendor Consolidation, Value on Investment


17

XenMobile Enterprise

The Citrix Solution

Device Configuration

XenMobile MDM

App Configuration and DeliveryXenMobile

MAM

ContentXenMobile ShareFile

SupportRemote

Support and GoToAssist

Integrate and Leverage Existing Citrix Investment

Enable User Productivity While Maintaining Security


Citrix – The Most Complete Mobile PortfolioAny app, any device, anywhere

Mobile ROI

Mobile Device Management

SandboxedMail and Web

Mobile App Security

Secure Mobile Data Sharing

Mobile Network Control

SSO & Identity Management

Desktop & App Virtualization

Social & Web Collaboration


Mob

ile R

OI

DeviceManagement

Sandboxed mail and web

Mobile network control

Mobile app security

MDM Enterprise Mobility Management

Citrix - The Most Comprehensive Solution

SSO &Id Mgmt

Secure data control


Collaboration

GoToMeetingGoToAssist

PodioMDM Edition Enterprise

Citrix – Competitive Position


Recognized as a “Leader” by Gartner; Winner at Interop

Magic Quadrant Critical Capabilities

Source: Gartner report, Magic Quadrant for Mobile Device Management Software, May 23, 2013, Phillip Redman, John Girard, Terrence Cosgrove, Monica BassoSource: Gartner report, Critical Capabilities for Mobile Device Management Software, May 23, 2013, Phillip Redman © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, e-mail [email protected] or visit gartner.com. Used with permission.


Mobile, Simple, Secure


What Do We Know?


Entire desktopJust the apps

Windows apps and data secured and delivered… Within a virtual desktop

Optimized for:• Large Screen Footprint - Multi-window• Keyboard and mouse• Persistent workspace

Windows apps and data secured and delivered…

Optimized for:• Smaller screen, mobile• Touch interface• Non-persistent workspace

Apps and Desktops with Ease

Seamless Transitions


Central or local executionFlexCast delivery technology

Physical PCsApps and Desktops

HDX 3D Pro-enabled workstations or Remote PC access technology

Central ManagementImage management | Application management | User data profiles | Access policies

Central Execution Local Execution

Hosted VDIApps and desktops

Dedicated or pooled desktop virtual

machines

Hosted SharedApps and Desktops

Windows Server session-based desktop

or apps

Local HypervisorDesktops

Type 1 Hypervisor for PCs and Laptops with

XenClient Synchronizer


Desktops and Apps as-a-Service


XenDesktop 7

Single Site

Director 2.1

Site A Site B Site C

Help Desk and Troubleshooting / Environment health

Director


EdgeSight Performance management

Director and EdgeSight

XenDesktop 7


Director

Tim

e

Historical Trends and AnalyticsManaging and optimizing capacity

TM

TM

TM


EdgeSight Network analysis

Director and EdgeSight

XenDesktop 7


Tim

e

HDX InsightIsolating and managing network performance

Network - Deep Packet Analysis

TM

TM


Let’s Go Mobile!


ShareFile

• SSO to all MDX apps• User support for MDX apps

• Integrated email, contacts and calendar• Designed for work

• Internet and intranet browsing• Supports file download

• All your files available anywhere• Sharing integrated into other MDX apps

WorxMail

WorxWeb

WorxHome


System Overview

Access Gateway

App Controller

Device Manager

ShareFile

WorxStore

StorageZone ShareFileControl Plane

XenMobileEnterprise


User authorization required

Mobile device access

Allow local storage

Offline access allowed

Restrict document sharing

Printing allowed

Edit data

SmartAccessPolicy Controls

Enrollment & App Store


Unified Corporate App Store

• Available on 3B+ devices

• Mobile apps native on device

• Seamless delivery of Windows, datacenter and web apps

• Any device – smartphone, tablet, PC and Mac


AuthenticationAuthentication and SSO

• Strongly authenticates usersoNetScaler Gateway is primary authentication pointo Permits combinations of AD credentials with certificates, tokens, and

other second factors

• Registers devices to userso Permits lock and wipe of corporate data/apps on selected devices

• Serves as access manager for MDX managed appso Strongly identifies managed appsoDetermines app entitlements and policies for authenticated userso Brokers permitted data exchanges between managed apps

WorxHome


Single Sign-OnAuthentication and SSO

• SSO for all managed appsoHosted HDX apps and desktopsoWeb/SaaS appsoMDX managed mobile apps

Various online and offline modes selected by app policy

• MDX apps can use derived credentials oGateway tickets for micro-VPN accessoAutomatic HTTP auth challenge responses

(NTLM today, Kerberos coming soon)oCertificates for PKI protected web sitesoSpecialty credentials eg

(SAML token for Sharefile access)

WorxHome


WorxMail

Mail, calendar, contactsEnterprise class security

Beautiful native experienceFull inter-app integration

MDX-secured

• Secure email body and attachment• “Open in” control to provide data leak

protection• No Exchange server exposure to internet• Send email with ShareFile attachments• Integrated calendars and Exchange GAL


Sandboxed Email, Calendar and Contacts App

• Secure email app with a great user experience

• Attach files to emails and save attachments

• Full calendar with access to free/busy information

• Directly opens web links to any site, including intranet sites

WorxMail


Secure Document Sharing, Sync & Editing

• Both cloud and on-premises data storage options

• Capable of accessing SharePoint and network drives

• “Open-in” capabilities can be restricted to other Worx-enabled apps

ShareFile


WorxWeb

42

Secure browserInternal web app accessFull inter-app integration

Consumer experienceMDX-secured

• iOS and Android device intranet web

browsingo Easy access to SharePoint, Intranet Portal etc

• Similar look/ feel as native browsero Safari on iOS; Chrome on Android

• Single sign-on via NetScalero Respond to HTTP 401


Secure Mobile Web Browser

• Full-featured consumer-like browser

• Secure access to internal, external and HTML5 web apps

• URL whitelisting and blacklisting

• Access to enterprise resources with a Micro VPN

WorxWeb


ShareFile Platform

Storage Zones

Network Shares

SharePoint

ShareFile.com


Follow-me data with ShareFile

• Enables file sharing with anyone

• Syncs data across all devices

• Online file sharing spaces for virtual teams

• Selective offline access on mobile devices

• Data protection ᵒ Encryptionᵒ Device lockᵒ Remote wipeᵒ Poison-pill

Store

Sync

Share

Secure


ShareFile Enables Mobile Workstyles

• Access, share and sync files from any device

• Apps for mobile devices

• Mobile-optimized ShareFile web site

• Access data residing in existing network shares & SharePoint*

• Offline access and editing

• Built-in mobile editor for rich content editing on-the-go

• PDF annotation


Mobile content

editor for Microsoft

Office


Workflow Integration with Microsoft Outlook

Attachmentconversion

Unclog mail servers

Overcome file size restrictions

Better control and visibility

Request large files


ShareFile with StorageZones

Citrix-managed StorageZone (AWS)

Customer-managed StorageZone (example)

• Choose where your data is stored

• Designated zones in public clouds

• Manage StorageZones on-premises


On-Demand Sync

+

Data Optimized for Virtual Desktops

Instant access, share and sync Reduce storage costs

MDX Technology


AppApp App

MDX Technologies

• Encrypted local storage

• Micro (app specific) VPN

• App specific lock and wipe

• Inter-app communication

• Conditional access policies

• Federated identity and SSO

App

App Preparation Tool


Information Containment

• Control data exchange with other apps and devices:ᵒ Cut/Copy/Pasteᵒ Document exchange (Open-In)ᵒ Inter-app communicationsᵒ Network APIs

Quick Look EvernoteMail

Facebook OfficeHDBox

Quick Look OfficeHD

without containment with containment

What happens in MDX apps stays in MDX apps….


Secure inter-app communication

• Restricted – Allow only trusted apps to share data with one another

• Unrestricted – No controls, “Open In” shows all apps registered to handle that file type

• Blocked – No way to share that app’s data with anything else

app one app two

mobile OS

Open-In


private data

Citrix ReceiverMDX InterApp

MDXVault

XenMobile

Native MobileApps

Deny SMSDisable iCloudDisable screenshotsForce authenticationBlock jailbroken device

MDX Policiesduring app wrapping

app private data vault

app private data vault


Enterprise-enable any mobile app with the Worx App SDK

• Simple and powerful SDK

• Enabled through a single line of code

• Apps can be wrapped post-development

• Controls like:ᵒ Data encryptionᵒ Authenticationᵒ Secure lock and wipeᵒ Inter-app policiesᵒ Micro VPNs

Any app can be a Worx app


App Behavior Restrictions

• Block mobile OS API sets and featuresᵒ Printing ᵒ iCloud ᵒ Email and SMS composeᵒ Inter-app URL dispatch and scheme handlers

(iOS)ᵒ Intent launch and content providers (Android)

• Block access to sensitive device hardwareᵒ Camera, microphone, location services, etc.

• All controls are applied at run-time based on

app policies


App Access Controls

• Block/permit app access based on policy

• User authentication (how and when)ᵒ Online versus offline, re-authentication period,

max offline time

• Device security postureᵒ Jail-broken or rootedᵒ PIN/passcode enabledᵒ Hardware enforced encryptionᵒ MDM enrolled vs unmanaged

• Network stateᵒ Internal network or externalᵒ Specific internal wifi networksᵒ Wifi Only

System Architecture


XenMobile Infrastructure DependenciesNetwork & Information Systems Infrastructure

CORE SERVICES:Active Directory / LDAP

NTP, and DNS services ready

HOST NAMES:Create FQDN’s for XenMobile Device

Manager & WorxHome VIP Addresses

FIREWALL RULES:Configure for device connections &

XenMobile servers(XDM, XAC, NetScaler)

IP Addresses:(Public & Internal)

Must have the static IP’s mapped for External NATs, NSIP, SNIPs, and VIPs

that are used by the NetScaler, XDM, XAC and other services.

Server Environment:Physical & Virtual (DMZ vs. Corporate

LAN placement of servers)

IT Security:Internal PKI, external certificate

services, and Identity Management services


Create Base PoliciesThe Must Haves

“Magic 5” MDM Policies

• End-User Terms & Conditions

• Device Passcode• Software Inventory

(where allowed / privacy concerns)

• Company WiFi (setup a secure network)

• ActiveSync Mail

Regional or User/Device Specific Policies

• Device Restrictions• Location Services• VPN• PKI / User Identity

Certificates• App Push• App Store• Device Platform Specific

(iOS 7, Samsung SAFE/KNOX)

Worx App Policies

• Clipboard (Copy & Paste)• Documents (Open In)• Device Restrictions• Login Security• mVPN Tunneling vs. Open

Networking• Network WiFi Control


Citrix – The Most Complete Mobile PortfolioAny app, any device, anywhere

Mobile ROI

Mobile Device Management

SandboxedMail and Web

Mobile App Security

Secure Mobile Data Sharing

Mobile Network Control

SSO & Identity Management


Social & Web Collaboration


Mobile, Simple, Secure


Questions?

•Todd Smith – Sales Engineering Managerᵒ [email protected]

•www.citrix.com

mailto:[email protected]

http://www.citrix.com/


Want something for Free?

• The Free 350 page soup-to-nuts 'How To: BYOD Project Volume 1' e-book will teach you:

• How to install and configure Citrix DesktopPlayer for Mac 1.1, soup-to-nuts...

• How to install and configure Citrix XenClient Enterprise Synchronizer 5.1.1.

• How to install and configure Microsoft Windows Server 2012 R2

• How to install and configure Hyper-V for use with the Citrix Synchronizer.

• How to prepare the environment for installation.

• How to train end-users to use the new DesktopPlayer for Mac solutions.

• Detailed Citrix Synchronizer Policies section.

• Detailed Citrix Synchronizer administration tasks explained.

• Citrix Synchronizer backup and recovery explained.

• How to create & maintain Synchronizer virtual machines.

• 350 pages of step-by-step, soup-to-nuts, and easy as 1,2,3!

• http://docs.dabcc.com

http://docs.dabcc.com/

Work better. Live better.

Sprin VTUG citrix Solutions

Technology

Transcript of Sprin VTUG citrix Solutions