sikker adgang fra alle devices
DESCRIPTION
Sikker adgang fra alle devices. edgemo summit CPH maj 2014. Kort intro. Eigil Ørnfelt Infrastructure specialist [email protected]. Niels Holm Infrastructure specialist [email protected]. NetScaler Access Gateway Enterprise Edition (AGEE). NetScaler Gateway. NetScaler ADC. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/1.jpg)
Sikker adgang fra alle devices
edgemo summit CPHmaj 2014
![Page 2: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/2.jpg)
Kort introEigil ØrnfeltInfrastructure specialist
Niels HolmInfrastructure specialist
![Page 3: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/3.jpg)
NetScaler GatewayNetScaler Access Gateway Enterprise Edition (AGEE)
Citrix Access Gateway (CAG)
Citrix Secure Gateway
NetScaler ADC
Citrix Advanced Access Gateway (CAG)
![Page 4: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/4.jpg)
Citrix NetScaler overview
![Page 5: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/5.jpg)
Citrix NetScaler overview
Cloud Infrastructure
Enterprise Datacenter
PerformanAcAcAccelerate Offload SecurityAvailability
• World-class load balancing
• Health monitoring
• Caching• Compression• Optimization
• TCP Connection Management
• SSL processing
• SSL VPN• Application
firewall• AAA
![Page 6: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/6.jpg)
Layer 4 Load Balancing
• Source IP• Cookie• SSL Session ID• Server-ID in URL Query• Customer Server-ID• Token (header or body)
Maintaining UserSessions
Distributing Traffic
• Least Connections• Lowest Response Time• Round Robin• SNMP-based• Hash-based• Many more…
Monitoring Server Health and Availability
• TCP Connection• HTTPS Connection• Extended Content Verification• Scriptable Health Checks
TCP and UDP Client Requests
![Page 7: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/7.jpg)
Global Server Load Balancing
Site B
Site A
![Page 8: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/8.jpg)
HTTP Requests
• Anything in request body• Device Type• Language• Cookie• Browser Capability• XML XPath support
Client Attributes
• Any TCP Request• HTTP Get• HTTP Post
Request Protocol
Request Method
• Any TCP payload value• Any HTTP payload value• Domain• Wildcard URL
Content Switching: Load Balancing on Steroids
![Page 9: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/9.jpg)
Optimering
![Page 10: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/10.jpg)
TCP Connection Multiplexing
1. NetScaler terminates connection2. Client transmits requests3. NetScaler establishes server connection
4. NetScaler transmits client requests5. Other clients follow same procedure6. Multiple client requests are transmitted across common server
connection
Web Server
![Page 11: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/11.jpg)
AppCache• Memory or flash disk based cache• Reduce time to first packet• Significantly reduce back-end server workloads• Dynamic caching for frequently changing content• Flash cache support for realtime updates
![Page 12: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/12.jpg)
AppCache – Non-Caching proxy
Deliver it one time
Get the web page
![Page 13: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/13.jpg)
AppCache – Caching proxy
Deliver it many times
Get the web page once
![Page 14: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/14.jpg)
AppCompress• Standard based compression – GZIP/DEFLATE• Works with all browsers, including mobile• Applies to HTML, JavaScript, CSS and Documents• 3:1 to 5:1 Compression Ratio
![Page 15: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/15.jpg)
AppCompress
1 GbyteFile
1 GbyteFile
1 Gbps Throughput200-300Mbps Throughput
![Page 16: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/16.jpg)
Sikkerhed
![Page 17: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/17.jpg)
AAA - Authentication
![Page 18: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/18.jpg)
Multi-factor authenticationREQ.SSL.CLIENT.CERT = EXISTSREQ.BROWSER-TYPE = Internet ExplorerREQ.SSL.CLIENT.CERT != EXISTSREQ.SSL.CLIENT.CERT = EXISTS + LDAP
![Page 19: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/19.jpg)
NetScaler Insight Center
![Page 20: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/20.jpg)
Insight Center
Internet
!
!!
!WAN Data Center Network
XenDesktop/ XenApp
? ?
?
![Page 21: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/21.jpg)
Insight CenterO
ldN
ew
USER
Help-Desk Desktop Admin
Network Admin
Citrix SupportSoftware
Citrix Support
Citrix SupportEscalation
USER
Help-Desk Network Admin
IT Department
Citrix Support
IT dept calls Citrix Support
![Page 22: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/22.jpg)
NetScaler Insight Center
Internet NetScaler
XenDesktop/ XenApp
NetScaler Insight Center
3rd PartyAnalysis Tools
AppF
low
AppF
low
![Page 23: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/23.jpg)
Insight Center
Application or Network?
Which Part of Network?
Bandwidth Taken Up?Users Affected
Servers Causing Trouble
![Page 24: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/24.jpg)
Insight Center
ICA Analytics
DC & WAN Latency
Active /Inactive Session Data
ICA RTT
Host Delay
Client/ Server IP
Virtual Channels
![Page 25: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/25.jpg)
?
![Page 26: Sikker adgang fra alle devices](https://reader036.vdocuments.us/reader036/viewer/2022062404/56816643550346895dd9b827/html5/thumbnails/26.jpg)
Tak for jeres tid!