1 / 40

Citrix Extranet 2.0

Product Overview. Citrix Extranet 2.0. Agenda. What is Citrix Extranet 2.0? Architecture System Requirements Citrix Extranet Features Access Control Identification & Authentication Encryption On-line Registration Citrix Extranet Admin Event Logging Citrix Extranet Advantages

Download Presentation

Citrix Extranet 2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Product Overview Citrix Extranet 2.0

  2. Agenda • What is Citrix Extranet 2.0? • Architecture • System Requirements • Citrix Extranet Features • Access Control • Identification & Authentication • Encryption • On-line Registration • Citrix Extranet Admin • Event Logging • Citrix Extranet Advantages • Commonly Used Terms

  3. What Is Citrix Extranet 2.0? • Citrix Extranet provides a virtual private network (VPN) which allows you to securely deploy the latest business-critical applications to users around the world, via the Internet – all while maintaining the manageability, scalability, reliability and control you’ve grown to expect from Citrix.

  4. Citrix Extranet Architecture • Leverage your existing network design

  5. Citrix Extranet System Specifications Windows NT Microsoft Windows NT Server operating system 4.0, service pack 5 or 6a Pentium II processor at 350 MHz 2 or more network adapter cards 64 MB of RAM 10 MB of free hard disk space Sun SPARC Sun Solaris 2.6, 7, or 8 20 MB minimum of free hard disk space All required software packages 2 or more network adapter cards

  6. Client Specifications • All Users • Internet access • Connection to a network using TCP/IP protocol • The Citrix Extranet Client software • PC Users • Microsoft Windows 95 osr2, 95b, 98, 98 SE, or Windows NT Workstation 4.0, with service pack 5 or 6a or Windows 2000 SP1(proxy mode only) • 2 MB free hard disk space • Microsoft Internet Explorer 4.0x, 5.0, or 5.01, or Netscape Navigator 4.5, 4.5.1, 4.6, 4.61, 4.7, 4.71, 4.72, or 4.73

  7. Client Specifications • Macintosh Users • Apple or other Macintosh OS–compatible Power PC computer • 1 MB free disk space • Macintosh OS Version 8.1 or later (8.5 or later recommended) • Open Transport 1.3 or later (2.0 or later recommended) • Netscape Navigator 4.x or Microsoft Internet Explorer 4.x, or 5.0 • UNIX Users • A computer with Sun SPARC Systems running Solaris 2.6 or later • 5 MB minimum of free hard disk space • A suitable UNIX Web browser (must support forms)

  8. Client Specifications • Windows CE/PocketPC Users • CE Devices • Handheld PC (SH3 and MIPS) • Handheld PC Professional Edition (SH3, SH4, MIPS, ARM, and StrongARM) • Palm-size PC (SH3 and MIPS)

  9. Citrix Extranet 2.0 Features

  10. Citrix Extranet Features Access Control Event Logging Identification and Authentication Encryption Citrix Extranet Admin On-Line Registration (OLR)

  11. Access Control • TCP-based access permissions are defined for individuals or groups

  12. Access Control • Permissions are identified by host name/IP address and the port • TCP – FTP, Telnet, POP3, etc… • Web – server and port

  13. Access Control • User-based policy management ensures secure application access

  14. Access Control • Access permissions are received: • At the time the Citrix Extranet Client initiates • At regular user-defined intervals • Permission sources: • User • Users’ group • “All” users *Assigning permissions to groups avoids unnecessary duplication and is more efficient than assigning permissions to individual users.

  15. Access Control Dynamic Configuration 3. Citrix Extranet Client contacts every Citrix Extranet Server for which the user has an authentication key and requests the user’s current access permissions 1. Prompts user for Access Code 2. User’s authentication key(s) accessed 5. User’s access permissions are dynamically updated at startup and at regular intervals as defined by the end user Citrix Extranet Server w/Dynamic Configuration (DC) Server Or DC Server on a separate machine 4. User’s TCP access permissions are read from sgate.acl and their Web permissions from sweb.acl; the current permissions are then sent to Citrix Extranet Client NOTE: The Dynamic Configuration Agent always resides on the Citrix Extranet Server

  16. Identification and Authentication • Citrix Extranet Server is the final authority when authenticating session requests: • User authentication • Access Management • User and group additions

  17. Identification and Authentication Physical Smart Cards MCOS MCOS-B STARCOS 2.1 • Key exchange methods are flexible for the Administrator • Tokens • FIPS token (FIPS 140-1 compliant) • VCAT token • RADIUS • SecurID • Entrust/Netrust • PKI (X.509) Certificates • Baltimore • Entrust • Microsoft • Netscape • VeriSign • Smart Card Readers PCAT • Smarty • CHIPDRIVE external

  18. Identification and Authentication • Citrix Extranet uses two authentication factors • Access code • Token URL request sent to Server

  19. Identification and Authentication • The session is initiated • Each Client TCP connection uses a unique session key Shared Secret Key is combination of 1/2 shared secret key generated by client & 1/2 shared secret key generated by server

  20. Encryption • The ticket contents are encrypted • Initialization Vector (IVEC) • User ID • Ticket time/TTL • Encryption algorithm • Session key • Destination • MD5

  21. On-line Registration (OLR) • Automated registration of the Citrix Extranet Client is via the Internet • User registers • IDs automatically generated • Flexible UID server assignments

  22. On-line Registration (OLR) • Seamless registration process Shared Secret Key is combination of 1/2 shared secret key generated by client & 1/2 shared secret key generated by server

  23. Citrix Extranet Admin • Manage individual or groups of servers and users • Assigns Web and TCP permissions • Configures OLR Web form • Specifies management levels • Utilizes database functions like sort, filter and find

  24. Event Logging • Allows for easy troubleshooting by logging critical information • Session start/end • User added/deleted • User enabled/disabled • User key changed • Successful/ unsuccessful user login • Server up/down

  25. Citrix Extranet 2.0 Advantages

  26. Citrix Extranet Advantages • Flexible system integration • Rapid deployment • Centralized management • Simplicity and ease of use • Cost-effectiveness

  27. Flexible System Integration Network Connections Public Network LAN/WAN Corporate Intranet/Extranet Internet Client Support Windows 95/98/NT/2000 Macintosh Solaris Linux Windows CE Windows PocketPC Token Support Hard Drive Floppy (FIPS 140-1 or VCAT) Smart Card Netrust/Entrust/X.509 digital certificate SecurID Radius Internet Citrix Extranet VPN Clients MetaFrame servers

  28. Flexible System Integration • Allows ICA Protocol to securely pass through both ends of a connection Citrix Extranet Client uses TCP traffic on port 443 The Client believes the servers are on the same network When ICA passes through the Client to the Server, Citrix Extranet proxy intercepts the calls

  29. Flexible System Integration • Export ready for use at any available strength encryption • Triple DES (168-bit) • RC4 • DES (56-bit) *Embargoed countries are Cuba, Libya, North Korea, Syria, Sudan, Iran, Iraq

  30. Rapid Deployment • Easy deployment and token enrollment of large user bases via On-line Registration (OLR)

  31. Centralized Management • Powerful GUI allows for local or remote administrator management • Remotely using the Citrix Extranet Client • Locally on a Windows NT platform

  32. Ease of Use 1 2 • Simple 2-step client activation • Install Citrix Extranet client software • Register online

  33. Cost-effectiveness • Leverage existing systems • No costly leased lines or modem banks • Minimal client management and user support costs

  34. Connect Business Securely • Permit secure online information exchange via the Internet • Mobile users • Suppliers • Business partners • End-customers • Branch and international offices

  35. Citrix Extranet 2.0 Powerful End-to-end security Centralized management

  36. Commonly Used Terms • 3DES: Cipher that applies the DES cipher three times with either two or three different DES keys. The Citrix Extranet implementation uses three DES keys (2168 combinations). • Access Code: The secret code, similar to a PIN on an ATM card—required to unlock the authentication key stored on the user’s token each time the user accesses a secure service. This code, defined by the user during registration, must be at least four characters in length with a maximum of 16, and can be any combination of letters and numbers. • Access Control: Allowing or denying connections through the use of access permissions. • Access Permissions: The associations between users and connections, as defined by a User ID, group name, service (TCP or Web), or destination. Citrix Extranet access permissions can be either individual user permissions or group permissions. • Authentication: The process of determining the identity of a user attempting to access a system.

  37. Commonly Used Terms • Authentication Key: The key is a 32-character hexadecimal key assigned to a user during installation by the registration server administrator, consisting of the numbers 0 to 9 and letters A to F. • The Citrix Extranet authentication system supports virtual smart cards and ISO-standard smart cards for both authentication and stored data. A user with a physical smart card must use a smart card reader connected to their PC. Virtual smart card information (FIPS or VCAT token) may be stored on either the PC hard drive or a removable (floppy) disk. • The user’s Citrix Extranet authentication key is stored on the smart card, whether physical or virtual. This information is shared with the Citrix Extranet Server, where it is stored in the Citrix Extranet Server’s user database. • Authentication Token: A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques.

  38. Commonly Used Terms • Authenticator: The name assigned to a Citrix Extranet Server through which users can access a particular service. This name can be up to 14 alphanumeric characters in length and it is recommended that it be a derivative of your Citrix Extranet Server hostname. • Domain Name: Identifies a ‘location’ on the Internet (e.g., citrix.com) that has been registered with the Internet Network Information Center (InterNIC). Currently the domain name is limited to 47 characters. Through the use of aliases, however, it is possible to accommodate longer names. • DES: Data Encryption Standard is a NIST-standard encryption algorithm for secure data protection. A binary number is used as an encryption key with 720 quadrillion possible combinations (256). The key is randomly generated for each session (TCP connection). • FIPS Token: (Virtual Smart Card or Soft Token) A software emulation of a hardware authentication token that is in compliance with the FIPS140–1 coding standards. It stores your private information (authentication key) in an single encrypted file, either on a floppy disk or on your hard drive. FIPS Token is the default authentication method.

  39. Commonly Used Terms • OLR: Citrix Extranet provides On-Line Registration (OLR) services which you may wish to implement depending on your system configuration and the functional requirements of your organization. • RC4: Is a stream cipher developed by RSA Data Security, Inc. This variable key-size stream cipher uses byte-oriented operations to perform random permutations. The typical cipher period is greater than 10100. Since eight to sixteen machine operations are required per output byte, the cipher runs very quickly in software. It is commonly used for secure communications, such as encrypting secure web site traffic using the SSL protocol. • VCAT Token: Identical to the FIPS Token, except that it stores your private information (authentication key) in an encrypted file system, rather than a single file. • Virtual Private Network (VPN): A private network created over a public network (e.g., the Internet) by using encryption, where exclusive client and host communications can occur.

More Related