Extending Identity - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

Extending Identity

Description:

Home Computer. Endpoint security, identification, and integrity validation. The Customer Problems ... to consolidate numerous backend authentication systems ... – PowerPoint PPT presentation

Number of Views:58
Avg rating:3.0/5.0
Slides: 32
Provided by: edyorkand
Category:

less

Transcript and Presenter's Notes

Title: Extending Identity


1
Extending Identity Access Management
Mike Barry Enterprise Relationship Manager Bill
TompkinsSales Engineer
2
Agenda
  • Part I Overview of NYS Identity Access
    Management
  • Benefits Across Organizations
  • Benefits Within an Organization
  • Part II Citrix Advanced Access Control
  • Extends and Secures NYS Access Infrastructure
  • Part III Citrix Password Manager
  • Facilitates single sign on thus limiting
    complexity

3
Benefits Across Organization
  • Facilitate cross agency collaboration and data
    sharing by eliminating the need for complex,
    cumbersome bi-lateral data sharing agreements
  • Improve productivity by increasing access to
    external information resources

4
Benefits Within an Organization
  • Simplify process for establishing users,
    granting and revoking access to electronic
    resources as the agencies requirements expand
  • Reduce the number of separate user IDs and
    passwords for users, thereby enhancing security
    by leveraging password management/ SSO
    utilities
  • Enable the organization to securely access
    external resources owned by another member of the
    federation to facilitate user access from
    outside the enterprise

5
Citrix Delivers Access Security
  • Perimeter Security Establishes a barrier to keep
    malicious attacks from affecting the productivity
    of the organization

Access Security Provides regulated access only
to the business resources users need to perform
their duties
6
Secure Access Challenges
  • Anywhere access to business applications and data
  • Expanding access to more users and device types
    cost-effectively
  • Prevent downtime and business loss from security
    breaches
  • Meet or exceed security, privacy and regulatory
    concerns

7
The Customer Problems
Consistent user experience
Cannot access from behind firewalls
CPS Applications
Access from widely varying devices
Corporate Laptop
Local Users
Advanced Access Control
Access Gateway
Email Servers
Need access to all internal IT resources
Mobile PDA
Firewall
Firewall
Web or App Servers
Internet
Minimize re-authentication on re-connect
Home Computer
File Servers
  • Bandwidth
  • Latency
  • Deviceidiosyncrasies

Desktops Phones
Partners
Control over how information and applications can
be used
Endpoint security, identification, and integrity
validation
Centralized access control to all IT resources
Hardened Appliance
Consistent user experience
8
Product Components

Access Gateway
Advanced Access Control
  • Deployed in a secured network
  • Deployed on Windows Server platform
  • Centralizes administration, management policy
    based access control
  • Centralized reporting and auditing
  • Manages endpoint analysis and client delivery
  • Extends access to more devices and scenarios
  • Advanced policy engine with action control
  • Access Gateway hardened appliance in DMZ
  • Enables end-to-end secure communication via SSL
  • Authentication point
  • Enforces policies generated by Advanced Access
    Control

9
Advanced Access Control 4.2 New Features
  • End User Features
  • Enhanced authentication support
  • Appliance integration allows several
    authenticators to be used
  • Active Directory, LDAP (such as Novell
    eDirectory), Radius, RSA SecurID, Secure
    Computing Safeword
  • Client consolidation and improved end-user
    experience
  • Secure Access Client replaces ActiveX Gateway
    Client and Advanced Gateway Client from previous
    versions
  • All clients are downloaded on as-needed basis
  • Simplified access to published applications
  • Published applications are accessible from
    Navigation UI page

10
Advanced Access Control 4.2 New Features
  • Administrative Features
  • Access Suite Console administration of appliance
  • Majority of appliance settings are configured
    within Access Suite Console
  • Only basic appliance settings are configured
    within Access Gateway Admin Console
  • Extended Citrix License Server support
  • Licenses for appliance are maintained on Citrix
    License Server
  • Advanced Access Control acquires a license for
    user when connecting through the appliance
  • Extended Endpoint Scan Functionality
  • Standard scans control access to login page and
    resources
  • Continuous scans control VPN tunnel session to
    appliance

11
Advance Access Control Architecture Overview
12
Access Gateway with Advanced Access Control 4.2
Local Users
Corporate Laptop
Presentation Server Applications
Advanced AccessControl
Access Gateway
Mobile PDA
E-mail Servers
Firewall
Firewall
Web or App Servers
Kiosks
Internet
Partner computer
Citrix Access Gateway Appliance
Advanced Access Control Server Farm
File Servers
Home computer
13
Advanced Access Control 4.2Proof of Concept
Deployment
Presentation Server
Advanced Access Control
E-mail Servers
Firewall
Firewall
Client Device
Web/App Servers
File Servers
IP PBX
14
Advanced Access Control 4.2Production (Fully
Redundant) Deployment
Internet
DMZ
Protected Network
Enterprise Resource Servers
Exchange/ Notes
Database Cluster
FileShares
NetScaler Load-Balancer
Endpoint Device
Access Gateways
Web Servers
Optional - Access Center Agent Services
Advanced Access Control Servers
MPS
Optional - Indexing Services
15
Citrix Password Manager
16
What is Citrix Password Manager?
  • Software-based enterprise single sign-on solution
  • Provides a single logon to Windows, Web, and
    host-based applications
  • Lightweight agent runs against central database,
    users automatically synchronize
  • and is really easy to deploy and use

Product Overview
17
Business Challenges
Back to Agenda
18
Overview of Business Challenges
  • Passwords are potential security breaches
  • High help desk costs for password resets
  • Growing number of password-protected applications
  • Complex integration required to consolidate
    numerous backend authentication systems

Business Challenges
19
Growing Number of Password-Protected Applications
  • The average user has 18 accounts (Gartner)
  • Constant authentication prompts disrupts work and
    multiple passwords are difficult to remember
  • Average call to help desk for a password reset
    takes 20 minutes (Gartner)

Source Five Business Drivers of Identity and
Access Management. Gartner, 31 October 2003
Business Challenges
20
Top IT initiatives haveone thing in common
IT Centralization
Branch OfficeExpansion
BusinessContinuity
Mergers Acquisitions
RegulatoryCompliance
WirelessMobility
PartnerCommerce
Teleworking
Source Gartner, IDC, META, Forrester, CFO
Magazine, Business Week, 2004
Business Challenges
21
IT Security Breaches
  • Users create own insecure password management
    schemes sticky notes, text files, spreadsheets
  • Infrequent password changes
  • De-provisioning users to disable access

Source Management Update The Future of
Enterprise Security. Gartner, 15 September 2004
Business Challenges
22
Security Audits are Top of Mind
Yes
Yes
Yes
Yes
Abstract of an actual security audit conducted
by a major auditing company. Information
provided by Knowlity, Citrix Silver Solution
Advisor in San Juan, Puerto Rico
Business Challenges
23
High Help Desk Costs
Business Challenges
24
Numerous Backend Authentication Systems
  • How many backend authentication systems do you
    have?
  • Apps Windows, Web, host-based applications
  • Directories Active Directory, LDAP, eDirectory,
    Tivoli Directory Server, etc.
  • Directory consolidation projects are frequently
    unsuccessful
  • Data owners unwilling to relinquish control
  • Not all apps can talk to a single directory

Business Challenges
25
How Do Customers Address these Challenges without
Citrix?
Business Challenges
Internal and Partner Use Only
26
How Does It Work?
Citrix Password Manager
How Does it Work?
27
Intelligent Agent Response
Automatically respond to end-user
password-related events
  • End users can SSO-enable applications
  • e.g., Business partner web sites
  • Change password requests - generate new passwords
    without user intervention
  • Supports Windows, Web, Host-based applications

How Does it Work?
28
smithj


smithj

29
What is Citrix Password Manager?
  • Software-based enterprise single sign-on solution
  • Provides a single logon to Windows, Web, and
    host-based applications
  • Lightweight agent runs against central database,
    users automatically synchronize
  • and is really easy to deploy and use

Product Overview
30
Wrap Up Questions?
31
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com