Deliver Apps, Desktops and Data from AWS & On-Prem

1 © 2018 Citrix | Confidential
Delivering Secure
SaaS/Web and
Client-Server Apps
from AWS in a Hybrid
Infrastructure
Steve Wilson
VP Products, Cloud
@virtualsteve
Marissa Schmidt
Senior Director, Product Management
@MissAppFW
© 2016 Citrix | Confidential

Citrix and AWS Together
Accelerate high performance,
compliant applications,
desktops and data to your
diverse user base in minutes
instead of months
Each workload and its data can
be automatically paired with
modern and cost-effective
capacity that meets your
requirements
Mature solutions are designed
to provide platform stability,
network and data security, and
compliance with corporate and
sovereign policy requirements
Your workloads and
infrastructure, paired with the
AWS global footprint and Citrix
solutions, deliver first-rate user
workspaces
Faster Smarter Trusted Global

Citrix
Workspace
Endpoint Management
service
Citrix Files Smart Tools
Region & number of Availability Zones
New Region (coming soon)
#
Citrix Analytics Citrix Gateway
Citrix Gateway SD-WAN
Citrix Gateway

About the Customer
• Large financial institution
• HQ in North East USA with users around the
globe
• Roughly 75% of users run their main desktops
via Citrix Workspace
Challenge
• Mission-critical workload that requires fault
tolerance
• Excessive cost and overhead of running a
physical DR site
– Upfront costs
– Ongoing maintenance
– Hardware refresh
Customer Success Story
Solution
• Establishing a DR site on AWS enables this
organization to reduce costs, maintain high
performance, provision additional capacity when
needed, eliminate the management of physical
site
• Citrix NetScaler extends corporate network to
AWS and provides consistent control over traffic,
as well as an additional layer of security
users on AWS
6,000
Able to support
full-time, production users
200
Have run

About the Customer
Appliance Manufacturer with a presence around
the globe
Drivers
• Existing Citrix user looking to phase out their
physical data center
• Looking to empower mobile users leveraging
various types of devices
Customer Success
Results
• Chose to migrate to AWS based on workload
performance demands
• MTM designed a custom environment to
support their application portfolio and helped
execute migration
• Through AnywhereApp, a people-centric
architecture was created – leveraging AWS – to
facilitate a powerful, and secure, experience

About the Customer
Health Insurance Company with roughly 2,000
users in the NY area
Drivers
• Desire to establish a hybrid cloud environment
in an effort to begin phasing out physical data
centers
• Enable secure and compliant mobility for
healthcare workers and associates
Customer Success
Results
• AWS met workload performance demands
• MTM implemented a custom-designed
infrastructure to better support hybrid workloads
• Customer now moving XenApp workstations to
AWS
• A new model which allows the customer to
consume cloud and workloads as they grow

About the Customer
Financial Institution with a national presence
Drivers
• Needed to establish a disaster recovery site,
without incurring expense of physical
infrastructure
• Citrix Cloud powers a mission-critical
application that runs in private data center
Customer Success
Results
• The AWS global presence makes it easy to
establish disaster recovery (DR) sites without the
overhead of physical infrastructure
• Able to run half of desktops on AWS in case of a
disaster
• Success of the AnywhereApp has led to more
workloads being migrated to AWS
• User experience was powerful and transparent,
even if a failover needs to happen

Enterprise 1.0
Legacy/
Custom
Apps
VPN
ERP
Database
Users

Legacy/
Custom
Apps
ERP
Database
Cloud Transformation 1.0
Lift & Shift
Users

Cloud Transformation 1.0’s Failure
Why Didn’t It Happen This Way?
Governance
& Security
Data
Gravity
Cloud Vendor
Lock In
Inertia

VPN
The Messy World of Real Transformation
FILE SHARING
CLOUD
OFFICE
PRODUCTIVITY
EMAIL
CRMHR
TOOLS ERP
Users
Legacy/
Custom
Apps
ERP
Database

Security & Performance Analytics
Unified
Experience
Instant
Access
Advanced
Auth
Contextual
Access
Contextual
Performance
Unified
Endpoint Mgmt.
Cross Cloud
Management
Content Control
Secure ITUsers
Secure Digital Perimeter
Your Secure Digital Workspace
Legacy/
Custom
Apps
ERP
Database
FILE
SHARING
CLOUD
OFFICE
PRODUCTIVITY
EMAIL
CRMHR
TOOLS ERP

DAVID
CITRIX WORKSPACE APP
Everything you need to be
productive in one experience
SECURE DIGITAL PERIMETER
User / App / Content / Network
CITRIX WORKSPACE
CONTENTAPPS DEVICES
ANALYTICS
On-prem / CloudSaaS / Mobile /
Windows / Virtual
PC / Smartphone /
Tablet / IoT
The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation.
The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied
upon in making purchasing decisions or incorporated into any contract.

• Instant access to on-prem and AWS-hosted Windows applications
• Instant Access to any SaaS from Workspace (with any browser)
• Instant Access with Enhanced Security for SaaS (Workspace App with Embedded Browser)
• Instant Access to Cloud-hosted and on-prem document stores
• DLP Policies Watermark
– Restrict copy/paste/print/navigate
– Restrict downloads
– Restrict mobile access
• Information Source/Content Analytics
– Reduce malware/phishing
– Reduce inappropriate content
• User Behavior Analytics
Key Technology Components
Citrix Workspace

VPN
Virtual Apps & Desktop Service
On-Prem Datacenter
Hypervisor
AD
Server VDAs
Hybrid-Cloud VDI Management
Incorporating public cloud into your architecture
Four key questions:
• Which applications are ready to move to
the cloud?
• How to connect AD to the cloud?
• What are the external access
requirements?
• What other authentication requirements
exist?
VDAs
AWS Region
AD
Server VDAsVDAs
Cloud Connectors Cloud Connectors

The Most Popular SaaS Apps Integrated Out Of The Box
Apps File Sharing Cloud ERP Tools HR
Analytics Expense
Tracking
Collaboration Intranet E-signature
Design Customer
Support
Marketing
Automation
Project
Management
Ops
Management
E-procurement
Communications

File Sharing 3D Design Meetings Spreadsheet Email Tools CRM

On-prem Client Server Apps
(existing XenApp farm)

AWS-hosted Client Server Apps

Secured SaaS Apps

On-prem Desktop

AWS-hosted Desktop

On-Prem Docs

AWS S3 Docs

Web/SaaS Apps Coexist with Desktop Apps & Docs (User)
A Truly Unified Workspace for Enterprise Customers
Doc Reader Word Processor ERPSpreadsheet CRMFinancial

SaaS Template Library (Admin View)
At least 25 top SaaS Apps for Synergy

Policy Controls for SaaS DLP (Admin View)
Usable on any SaaS Application – Foundation of a SaaS Governance Framework

Enhanced Security via Embedded Browser (User View)
Example: Watermarking
Keep
HR App

Information Source/Content Analytics (End User View)
Increase the Safety of your Environment

Information Source/Content Analytics (Admin View)
Control Content to Different Sites and Content Categories

1. User Instance of WorkSpace App registers/authenticates with Citrix Cloud
2. List of enumerated apps is returned to the WorkSpace App instance
3. User initiates connection to Sanctioned SaaS App
4. SaaS Provider authenticates user via SAML (SSO) against IDP
5. User now logged directly into Sanctioned SaaS App
SaaS Apps
USecure Digital
Workspace
Embedded Browser
HDX Engine
( for Windows / Linux apps )
Citrix
WorkSpace App
Citrix Cloud
IDP
1
2
A
U
E
A
API Events
User Plane
Authentication
3
3
5
Networking Client
Management Agent /API
Secure Cache Container
6. WS App Management Agent feeds all SaaS interaction events back to Citrix Analytics
(which avoids requiring inline device/proxy logging)
7. Closed loop action based on CAS trigger ( control / block access )
6
Analytics
Gateway
E
7
Integrated SSO and Sanctioned App Visibility & Management
Citrix WorkSpace App

Secure Web Gateway for URL Filter & Redirection
Visibility and management of user activities into Non- Sanctioned URLs
1. User in Workspace App clicks on URL in a SaaS app, local standard browser is open
2. SWG in data path detects a non-sanctioned URL
3. SWG blocks access and sends a URL redirect to browser (to Secure Browser service)
4. New browser tab opens on Standard Browser (displaying Secure Browser session to Non-Sanctioned SaaS App)
SaaS Apps
Unknown
URL
Citrix Cloud
CISCAS
4
5. Secure Browsing Service feeds all User SaaS interaction events back to Citrix Analytics
Standard
Browser
XA Secure CWA Browser
4
SWG
U
1 2
3

Secure Browser Service – Access w/o Workspace App
Visibility and management of user activities into Sanctioned Apps
1. User logs into his corporate SaaS App from an HTML5 Standard Browser
2. SaaS provider authenticates User via CIS
3. User URL session is redirected to the Citrix Secure Browsing Service
4. New browser tab opens on Standard Browser (displaying Secure Browser session to SaaS App)
SaaS Apps
Citrix Cloud
IDP
CAS
1
2
5
5. Secure Browsing Service feeds all User SaaS interaction events back to Citrix Analytics
Standard
Browser
XA Secure WSA Browser
3
4
U
A

Gateway Provides Single Sign-On Across all Applications
Users
with Single Sign-on
Mobile
VDI
SaaS
Web Apps
Client /
Server
SAML 2.0, OAuth
• Single point of access to all
applications
• Secure access
management, granular and
consistent access control across
all apps
• Better user experience
improves productivity
• Tighter Security with Multi-
Factor authentication

Workspace App (Receiver)
–App launch
–URL navigate
–App close
–File download
–File print
–Clipboard operation (Cut, Copy, Paste)
Access Security service (SWG)
–URL Transaction (URL, Download data size, Upload data size …)
SaaS & Web Access Security Events

User Behavior Security Analytics: Risk Indicators
Citrix Workspace
(85% customers)
Mobile Apps
(XenMobile)
Files
(ShareFile)
SaaS Apps Virtual Apps
(XenApp / XenDesktop)
Citrix Workspace w/
Apps & Desktops
(15% customers)
Access
(GW, SWG / SDP)
 Unusual device / location
 Unusual app usage
 Unusual downloads to
external drive
 Jailbroken / rooted device
 Unsupported OS
 Unusual Login
 EPA scan failures
 Authentication failures –
Single Factor
 Authentication failures –
Second Factor
 Authorization failures
 Unusual download
Excessive file sharing
 Excessive access to
sensitive files
 Excessive file downloads
 Excessive file uploads
 Excessive file/folders
deletion
 Ransomware by Deletes
 Ransomware by
Renames
 Unmanaged device
 Jailbroken / rooted
device
 Unusual location
 Black Listed Apps
 Unusual SaaS App usage
 Potential Data
Exfiltration
 Excessive data upload to
a site
 Excessive data
download to a site
 Risky Website access
 Access black-listed site
 Access from a new
device
NEW

SaaS Access Security
Risk Indicators

Cloud Based
Apps
Files
Traditional
apps
Mobile
Networks
Access
Data
Apps
Network
Frequency
Location
Time
Devices
Access Network
Restricted Access
Uploads
Downloads
DLP Events
Malware & Spam
P to P Torrents
Restricted IPs
…
…
User Behavior Security Analytics
Ecosystem User Behaviors & Categories
ML Modeling,
Profiles & Risk Scores
Notifications &
Policy Control
Proactive, Granular, Policy Control
User 1 User 2
User 3 User 4
Policy

• Users accessing malicious
& risky URLs
• Uploads and downloads
to malicious & risky URLs
• Popular SaaS apps and
usage
• Historical traffic trends
and prediction of future
usage trends
Access Security
Analytics:
Key Use-cases

Cloud providers
On-premises
apps & data
SaaS & mobile apps

Problem
• Less visibility on app health, data center health, internet/ISP health in hybrid environments
• How to leverage existing on-prem infrastructure while making use of cloud
Solution
• Provide last mile visibility to improve user experience
• Automation across hybrid environment
AWS + Citrix ADC + Citrix ITM solution = Agility,
Availability with Intelligent Routing

World's Largest Internet User Experience Community
ISP: Internet Service Provider; CDN: Content Delivery Network; DC: Datacenter
Analyze internet
sourced
experience
information
Intelligently steer
traffic across
public clouds,
ISPs, CDNs and
DCs
Business
continuity -
Avoid outages of
servers,
networks and
CDNs
Lower TCO -
Eliminate un-
necessary
bursting costs
over CDNs
Recommend
cloud-workload
placements
15B data points/day | 900M user sessions | 40K networks

Citrix ITM
End-to-End Visibility using Citrix ADC & Citrix ITM
End Users
Last-mile connectivity
with DC goes bad
Real-User Network
Experience Metrics
Tier 2
ISP
Local
ISP
Tier 1
ISP
Tier 2
ISP
CDN
CDN Tier 2
ISP
Tier 3
ISP
Corporate Data Center
Citrix ADC GSLB
Supports ELB Auto-scaling
Citrix ADC GSLB
MPX | SDX | VPX
Citrix ADC
MPX | FIPS | VPX
AWS Cloud
ELB | NLB
Application traffic
Citrix ADC LB
• Citrix ITM finds last mile performance with help of community data
• Citrix ITM talks to Citrix ADC to gain visibility of Citrix ADC internal
metrics as well Feeds from Citrix ADC to Citrix ITM
ITM Radar User Telemetry
• Citrix GSLB helps in DR and also supports ELB auto-scaling

Deliver Apps, Desktops and Data from AWS & On-Prem

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Deliver Apps, Desktops and Data from AWS & On-Prem

Ähnlich wie Deliver Apps, Desktops and Data from AWS & On-Prem (20)

Mehr von Amazon Web Services

Mehr von Amazon Web Services (20)

Deliver Apps, Desktops and Data from AWS & On-Prem