Citrix Secure Gatewayv1.1Citrix Secure Gatewayv1.1
Customer Presentation
Aug 2002
2
What is Citrix Secure Gateway?What is Citrix Secure Gateway?
Citrix Secure Gateway is a secure Internet gateway between MetaFrame® servers and ICA Client workstations that allows customers to simply and securely deliver applications across the Internet, on demand, to any device
Citrix Secure Gateway is a secure Internet gateway between MetaFrame® servers and ICA Client workstations that allows customers to simply and securely deliver applications across the Internet, on demand, to any device
3
Fir
ewal
l
Typical LayoutTypical Layout
Fir
ewal
l
Citrix MetaFrame XP and/or MetaFrame for Unix
Citrix Secure Gateway
CitrixNFuseClassic
ClientWorkstations
Secure Connectivity Authentication Access Mgmt.
Internet DMZ Internal Network
4
Benefits of Citrix Secure GatewayBenefits of Citrix Secure Gateway
Provides simple, secure, remote access – anywhere there is a PC with a browser and Internet connection.
Lowers cost of ownership by removing need to maintain direct dial in facilities.
Protects and extends your MetaFrame investment beyond the enterprise.
Integrates employees, customers, partners.
Provides simple, secure, remote access – anywhere there is a PC with a browser and Internet connection.
Lowers cost of ownership by removing need to maintain direct dial in facilities.
Protects and extends your MetaFrame investment beyond the enterprise.
Integrates employees, customers, partners.
5
Solutions incorporating CSGSolutions incorporating CSG
A full solution including CSG, NFuse Classic, and MetaFrame enables many different business scenarios:– Business Continuity– Remote Employee Access– Partner Access– Remote shop-front systems– Consumer information access
A full solution including CSG, NFuse Classic, and MetaFrame enables many different business scenarios:– Business Continuity– Remote Employee Access– Partner Access– Remote shop-front systems– Consumer information access
6
Key Features of Citrix Secure GatewayKey Features of Citrix Secure Gateway
Strong Encryption
Industry standard SSL v3.0 or TLS v1.0
Uses standard SSL port 443 for ease of firewall traversal
Minimal Client Configuration
Supports all ICA clients with SSL/TLS (Tier 1)
No additional client software required (e.g. VPN)
Zero installed Java applet solution supported
Single Authentication
Integrates with NFuse Classic and NFuse Elite
Possible integration with 3rd party auth e.g. RSA SecurID®, SafeWord™ PremierAccess™
Strong Encryption
Industry standard SSL v3.0 or TLS v1.0
Uses standard SSL port 443 for ease of firewall traversal
Minimal Client Configuration
Supports all ICA clients with SSL/TLS (Tier 1)
No additional client software required (e.g. VPN)
Zero installed Java applet solution supported
Single Authentication
Integrates with NFuse Classic and NFuse Elite
Possible integration with 3rd party auth e.g. RSA SecurID®, SafeWord™ PremierAccess™
7
Citrix Security SolutionsCitrix Security Solutions
SSL Solutions
CSG is a simple and secure, ICA only solution
SecureICA™ SSL Relay
Citrix Secure
Gateway
VPN Solutions
8
When to use SecureICA or SSL RelayWhen to use SecureICA or SSL Relay
Use SecureICA when:– Internal LAN / WAN / Intranet– Secure DOS or Win 16 access is necessary– Have older devices/ ICA clients that cannot be
upgraded– Risk of “man-in-the-middle” attack is acceptable
Use SSL Relay when:– Small number of MetaFrame servers to support (<5)– No need to secure access at DMZ– No need to hide server IP addresses, or NAT is used– Need end-to-end encryption of data between client
and server
Use SecureICA when:– Internal LAN / WAN / Intranet– Secure DOS or Win 16 access is necessary– Have older devices/ ICA clients that cannot be
upgraded– Risk of “man-in-the-middle” attack is acceptable
Use SSL Relay when:– Small number of MetaFrame servers to support (<5)– No need to secure access at DMZ– No need to hide server IP addresses, or NAT is used– Need end-to-end encryption of data between client
and server
9
When to use CSG or VPNWhen to use CSG or VPN
Use Citrix Secure Gateway when:– Large number of servers to support– Want to hide internal network addresses– Want to secure from DMZ– Need two-factor authentication (in conjunction with NFuse)– Need non-intrusive client install i.e. access from Internet
cafes
Use a Virtual Private Network (VPN) when:– Need two-factor authentication– Need to create a secure pipeline for full (beyond ICA)
network access– Need to create secure tunnels between sites– Want to secure from within DMZ– Access is normally via same workstation i.e. OK to install
additional client – Want/need to use IPSEC
Use Citrix Secure Gateway when:– Large number of servers to support– Want to hide internal network addresses– Want to secure from DMZ– Need two-factor authentication (in conjunction with NFuse)– Need non-intrusive client install i.e. access from Internet
cafes
Use a Virtual Private Network (VPN) when:– Need two-factor authentication– Need to create a secure pipeline for full (beyond ICA)
network access– Need to create secure tunnels between sites– Want to secure from within DMZ– Access is normally via same workstation i.e. OK to install
additional client – Want/need to use IPSEC
10
CSG v1.1 availabilityCSG v1.1 availability
CSG v1.1 Windows (English) available on MetaFrame FR2 Components CD
CSG v1.1 Windows (English) is fully internationalized for operation on non-English Windows 2000.
CSG v1.1 Windows (Japanese) available on MetaFrame FR2 (J) Components CD
Download available from Citrix Secure Portal for Subscription Advantage Customers
CSG v1.1 Solaris available from secure Portal for Subscription Advantage customers.
CSG v1.1 Windows (English) available on MetaFrame FR2 Components CD
CSG v1.1 Windows (English) is fully internationalized for operation on non-English Windows 2000.
CSG v1.1 Windows (Japanese) available on MetaFrame FR2 (J) Components CD
Download available from Citrix Secure Portal for Subscription Advantage Customers
CSG v1.1 Solaris available from secure Portal for Subscription Advantage customers.