Extending Identity

1
Extending Identity Access Management
Mike Barry Enterprise Relationship Manager Bill
TompkinsSales Engineer
2
Agenda

• Part I Overview of NYS Identity Access
  Management
• Benefits Across Organizations
• Benefits Within an Organization
• Part II Citrix Advanced Access Control
• Extends and Secures NYS Access Infrastructure
• Part III Citrix Password Manager
• Facilitates single sign on thus limiting
  complexity

3
Benefits Across Organization

• Facilitate cross agency collaboration and data
  sharing by eliminating the need for complex,
  cumbersome bi-lateral data sharing agreements
• Improve productivity by increasing access to
  external information resources

4
Benefits Within an Organization

• Simplify process for establishing users,
  granting and revoking access to electronic
  resources as the agencies requirements expand
• Reduce the number of separate user IDs and
  passwords for users, thereby enhancing security
  by leveraging password management/ SSO
  utilities
• Enable the organization to securely access
  external resources owned by another member of the
  federation to facilitate user access from
  outside the enterprise

5
Citrix Delivers Access Security

• Perimeter Security Establishes a barrier to keep
  malicious attacks from affecting the productivity
  of the organization

Access Security Provides regulated access only
to the business resources users need to perform
their duties
6
Secure Access Challenges

• Anywhere access to business applications and data
• Expanding access to more users and device types
  cost-effectively
• Prevent downtime and business loss from security
  breaches
• Meet or exceed security, privacy and regulatory
  concerns

7
The Customer Problems
Consistent user experience
Cannot access from behind firewalls
CPS Applications
Access from widely varying devices
Corporate Laptop
Local Users
Advanced Access Control
Access Gateway
Email Servers
Need access to all internal IT resources
Mobile PDA
Firewall
Firewall
Web or App Servers
Internet
Minimize re-authentication on re-connect
Home Computer
File Servers

• Bandwidth
• Latency
• Deviceidiosyncrasies

Desktops Phones
Partners
Control over how information and applications can
be used
Endpoint security, identification, and integrity
validation
Centralized access control to all IT resources
Hardened Appliance
Consistent user experience
8
Product Components

Access Gateway
Advanced Access Control

• Deployed in a secured network
• Deployed on Windows Server platform
• Centralizes administration, management policy
  based access control
• Centralized reporting and auditing
• Manages endpoint analysis and client delivery
• Extends access to more devices and scenarios
• Advanced policy engine with action control

• Access Gateway hardened appliance in DMZ
• Enables end-to-end secure communication via SSL
• Authentication point
• Enforces policies generated by Advanced Access
  Control

9
Advanced Access Control 4.2 New Features

• End User Features
• Enhanced authentication support
• Appliance integration allows several
  authenticators to be used
• Active Directory, LDAP (such as Novell
  eDirectory), Radius, RSA SecurID, Secure
  Computing Safeword
• Client consolidation and improved end-user
  experience
• Secure Access Client replaces ActiveX Gateway
  Client and Advanced Gateway Client from previous
  versions
• All clients are downloaded on as-needed basis
• Simplified access to published applications
• Published applications are accessible from
  Navigation UI page

10
Advanced Access Control 4.2 New Features

• Administrative Features
• Access Suite Console administration of appliance
• Majority of appliance settings are configured
  within Access Suite Console
• Only basic appliance settings are configured
  within Access Gateway Admin Console
• Extended Citrix License Server support
• Licenses for appliance are maintained on Citrix
  License Server
• Advanced Access Control acquires a license for
  user when connecting through the appliance
• Extended Endpoint Scan Functionality
• Standard scans control access to login page and
  resources
• Continuous scans control VPN tunnel session to
  appliance

11
Advance Access Control Architecture Overview
12
Access Gateway with Advanced Access Control 4.2
Local Users
Corporate Laptop
Presentation Server Applications
Advanced AccessControl
Access Gateway
Mobile PDA
E-mail Servers
Firewall
Firewall
Web or App Servers
Kiosks
Internet
Partner computer
Citrix Access Gateway Appliance
Advanced Access Control Server Farm
File Servers
Home computer
13
Advanced Access Control 4.2Proof of Concept
Deployment
Presentation Server
Advanced Access Control
E-mail Servers
Firewall
Firewall
Client Device
Web/App Servers
File Servers
IP PBX
14
Advanced Access Control 4.2Production (Fully
Redundant) Deployment
Internet
DMZ
Protected Network
Enterprise Resource Servers
Exchange/ Notes
Database Cluster
FileShares
NetScaler Load-Balancer
Endpoint Device
Access Gateways
Web Servers
Optional - Access Center Agent Services
Advanced Access Control Servers
MPS
Optional - Indexing Services
15
Citrix Password Manager
16
What is Citrix Password Manager?

• Software-based enterprise single sign-on solution
• Provides a single logon to Windows, Web, and
  host-based applications
• Lightweight agent runs against central database,
  users automatically synchronize
• and is really easy to deploy and use

Product Overview
17
Business Challenges
Back to Agenda
18
Overview of Business Challenges

• Passwords are potential security breaches
• High help desk costs for password resets
• Growing number of password-protected applications
• Complex integration required to consolidate
  numerous backend authentication systems

Business Challenges
19
Growing Number of Password-Protected Applications

• The average user has 18 accounts (Gartner)
• Constant authentication prompts disrupts work and
  multiple passwords are difficult to remember
• Average call to help desk for a password reset
  takes 20 minutes (Gartner)

Source Five Business Drivers of Identity and
Access Management. Gartner, 31 October 2003
Business Challenges
20
Top IT initiatives haveone thing in common
IT Centralization
Branch OfficeExpansion
BusinessContinuity
Mergers Acquisitions
RegulatoryCompliance
WirelessMobility
PartnerCommerce
Teleworking
Source Gartner, IDC, META, Forrester, CFO
Magazine, Business Week, 2004
Business Challenges
21
IT Security Breaches

• Users create own insecure password management
  schemes sticky notes, text files, spreadsheets
• Infrequent password changes
• De-provisioning users to disable access

Source Management Update The Future of
Enterprise Security. Gartner, 15 September 2004
Business Challenges
22
Security Audits are Top of Mind
Yes
Yes
Yes
Yes
Abstract of an actual security audit conducted
by a major auditing company. Information
provided by Knowlity, Citrix Silver Solution
Advisor in San Juan, Puerto Rico
Business Challenges
23
High Help Desk Costs
Business Challenges
24
Numerous Backend Authentication Systems

• How many backend authentication systems do you
  have?
• Apps Windows, Web, host-based applications
• Directories Active Directory, LDAP, eDirectory,
  Tivoli Directory Server, etc.
• Directory consolidation projects are frequently
  unsuccessful
• Data owners unwilling to relinquish control
• Not all apps can talk to a single directory

Business Challenges
25
How Do Customers Address these Challenges without
Citrix?
Business Challenges
Internal and Partner Use Only
26
How Does It Work?
Citrix Password Manager
How Does it Work?
27
Intelligent Agent Response
Automatically respond to end-user
password-related events

• End users can SSO-enable applications
• e.g., Business partner web sites
• Change password requests - generate new passwords
  without user intervention
• Supports Windows, Web, Host-based applications

How Does it Work?
28
smithj


smithj

29
What is Citrix Password Manager?

• Software-based enterprise single sign-on solution
• Provides a single logon to Windows, Web, and
  host-based applications
• Lightweight agent runs against central database,
  users automatically synchronize
• and is really easy to deploy and use

Product Overview
30
Wrap Up Questions?
31
(No Transcript)