Title: Extending Identity
1Extending Identity Access Management
Mike Barry Enterprise Relationship Manager Bill
TompkinsSales Engineer
2Agenda
- Part I Overview of NYS Identity Access
Management - Benefits Across Organizations
- Benefits Within an Organization
- Part II Citrix Advanced Access Control
- Extends and Secures NYS Access Infrastructure
- Part III Citrix Password Manager
- Facilitates single sign on thus limiting
complexity -
3Benefits Across Organization
- Facilitate cross agency collaboration and data
sharing by eliminating the need for complex,
cumbersome bi-lateral data sharing agreements - Improve productivity by increasing access to
external information resources
4Benefits Within an Organization
- Simplify process for establishing users,
granting and revoking access to electronic
resources as the agencies requirements expand - Reduce the number of separate user IDs and
passwords for users, thereby enhancing security
by leveraging password management/ SSO
utilities - Enable the organization to securely access
external resources owned by another member of the
federation to facilitate user access from
outside the enterprise
5Citrix Delivers Access Security
- Perimeter Security Establishes a barrier to keep
malicious attacks from affecting the productivity
of the organization
Access Security Provides regulated access only
to the business resources users need to perform
their duties
6Secure Access Challenges
- Anywhere access to business applications and data
- Expanding access to more users and device types
cost-effectively - Prevent downtime and business loss from security
breaches - Meet or exceed security, privacy and regulatory
concerns
7The Customer Problems
Consistent user experience
Cannot access from behind firewalls
CPS Applications
Access from widely varying devices
Corporate Laptop
Local Users
Advanced Access Control
Access Gateway
Email Servers
Need access to all internal IT resources
Mobile PDA
Firewall
Firewall
Web or App Servers
Internet
Minimize re-authentication on re-connect
Home Computer
File Servers
- Bandwidth
- Latency
- Deviceidiosyncrasies
Desktops Phones
Partners
Control over how information and applications can
be used
Endpoint security, identification, and integrity
validation
Centralized access control to all IT resources
Hardened Appliance
Consistent user experience
8Product Components
Access Gateway
Advanced Access Control
- Deployed in a secured network
- Deployed on Windows Server platform
- Centralizes administration, management policy
based access control - Centralized reporting and auditing
- Manages endpoint analysis and client delivery
- Extends access to more devices and scenarios
- Advanced policy engine with action control
- Access Gateway hardened appliance in DMZ
- Enables end-to-end secure communication via SSL
- Authentication point
- Enforces policies generated by Advanced Access
Control
9Advanced Access Control 4.2 New Features
- End User Features
- Enhanced authentication support
- Appliance integration allows several
authenticators to be used - Active Directory, LDAP (such as Novell
eDirectory), Radius, RSA SecurID, Secure
Computing Safeword - Client consolidation and improved end-user
experience - Secure Access Client replaces ActiveX Gateway
Client and Advanced Gateway Client from previous
versions - All clients are downloaded on as-needed basis
- Simplified access to published applications
- Published applications are accessible from
Navigation UI page
10Advanced Access Control 4.2 New Features
- Administrative Features
- Access Suite Console administration of appliance
- Majority of appliance settings are configured
within Access Suite Console - Only basic appliance settings are configured
within Access Gateway Admin Console - Extended Citrix License Server support
- Licenses for appliance are maintained on Citrix
License Server - Advanced Access Control acquires a license for
user when connecting through the appliance - Extended Endpoint Scan Functionality
- Standard scans control access to login page and
resources - Continuous scans control VPN tunnel session to
appliance
11Advance Access Control Architecture Overview
12Access Gateway with Advanced Access Control 4.2
Local Users
Corporate Laptop
Presentation Server Applications
Advanced AccessControl
Access Gateway
Mobile PDA
E-mail Servers
Firewall
Firewall
Web or App Servers
Kiosks
Internet
Partner computer
Citrix Access Gateway Appliance
Advanced Access Control Server Farm
File Servers
Home computer
13Advanced Access Control 4.2Proof of Concept
Deployment
Presentation Server
Advanced Access Control
E-mail Servers
Firewall
Firewall
Client Device
Web/App Servers
File Servers
IP PBX
14Advanced Access Control 4.2Production (Fully
Redundant) Deployment
Internet
DMZ
Protected Network
Enterprise Resource Servers
Exchange/ Notes
Database Cluster
FileShares
NetScaler Load-Balancer
Endpoint Device
Access Gateways
Web Servers
Optional - Access Center Agent Services
Advanced Access Control Servers
MPS
Optional - Indexing Services
15Citrix Password Manager
16What is Citrix Password Manager?
- Software-based enterprise single sign-on solution
- Provides a single logon to Windows, Web, and
host-based applications - Lightweight agent runs against central database,
users automatically synchronize - and is really easy to deploy and use
Product Overview
17Business Challenges
Back to Agenda
18Overview of Business Challenges
- Passwords are potential security breaches
- High help desk costs for password resets
- Growing number of password-protected applications
- Complex integration required to consolidate
numerous backend authentication systems
Business Challenges
19Growing Number of Password-Protected Applications
- The average user has 18 accounts (Gartner)
- Constant authentication prompts disrupts work and
multiple passwords are difficult to remember - Average call to help desk for a password reset
takes 20 minutes (Gartner)
Source Five Business Drivers of Identity and
Access Management. Gartner, 31 October 2003
Business Challenges
20Top IT initiatives haveone thing in common
IT Centralization
Branch OfficeExpansion
BusinessContinuity
Mergers Acquisitions
RegulatoryCompliance
WirelessMobility
PartnerCommerce
Teleworking
Source Gartner, IDC, META, Forrester, CFO
Magazine, Business Week, 2004
Business Challenges
21IT Security Breaches
- Users create own insecure password management
schemes sticky notes, text files, spreadsheets - Infrequent password changes
- De-provisioning users to disable access
Source Management Update The Future of
Enterprise Security. Gartner, 15 September 2004
Business Challenges
22Security Audits are Top of Mind
Yes
Yes
Yes
Yes
Abstract of an actual security audit conducted
by a major auditing company. Information
provided by Knowlity, Citrix Silver Solution
Advisor in San Juan, Puerto Rico
Business Challenges
23High Help Desk Costs
Business Challenges
24Numerous Backend Authentication Systems
- How many backend authentication systems do you
have? - Apps Windows, Web, host-based applications
- Directories Active Directory, LDAP, eDirectory,
Tivoli Directory Server, etc. - Directory consolidation projects are frequently
unsuccessful - Data owners unwilling to relinquish control
- Not all apps can talk to a single directory
Business Challenges
25How Do Customers Address these Challenges without
Citrix?
Business Challenges
Internal and Partner Use Only
26How Does It Work?
Citrix Password Manager
How Does it Work?
27Intelligent Agent Response
Automatically respond to end-user
password-related events
- End users can SSO-enable applications
- e.g., Business partner web sites
- Change password requests - generate new passwords
without user intervention - Supports Windows, Web, Host-based applications
How Does it Work?
28smithj
smithj
29What is Citrix Password Manager?
- Software-based enterprise single sign-on solution
- Provides a single logon to Windows, Web, and
host-based applications - Lightweight agent runs against central database,
users automatically synchronize - and is really easy to deploy and use
Product Overview
30Wrap Up Questions?
31(No Transcript)