SlideShare ist ein Scribd-Unternehmen logo

Citrix Day 2014: XenMobile Enterprise Edition

Digicomp Academy AG
Digicomp Academy AG

This document provides an overview and summary of new features in Citrix XenMobile 9.0. Key highlights include redesigned Worx apps with a consistent look and feel, improved security and containerization policies for mobile devices, simplified XenMobile platform and MDM support, and considerations for infrastructure, enrollment, and certificates. It also covers technical preparations needed like obtaining public certificates and SSL configurations for NetScaler Gateway.

Technologie
1 von 67
Downloaden Sie, um offline zu lesen
Citrix XenMobile Enterprise Edition Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG Daniel Kuenzli Senior Systems Engineer Citrix Systems GmbH
EMM Enterprise Mobility Management 2 © 2014 Citrix Productivity and Collaboration Data Management App Management Device Management
Technical Preparation: Architecture 3 © 2014 Citrix
4 © 2014 Citrix What’s new in XenMobile 9.0
New in XenMobile 9.0 - Platform XDM cluster simplification Expanded MDM support for Win 8.1 (Phone and Tablet) Sony MDM extensions Modified license files with Citrix v6 compatibility Support options and TaaS Integration NetScaler 10.5 – Simpler configuration for XenMobile 5 © 2014 Citrix
6 © 2014 Citrix WorxWeb • Consistent look/ feel • Offline page support • Download persistence WorxMail • Simpler navigation • Fast triage • iOS background mode • Admin notification control • Server-side search (iOS) • Landscape/ Portrait ShareFile • Secure EFSS • Mobile content editing • SharePoint & network files WorxNotes • Secure notes • Team notebooks • Email and calendar integration WorxDesktop • Secure VDI like access to physical desktop • Access work files and apps WorxEdit • Offline content edit • Review , comment and collaborate on documents What’s new in XenMobile 9.0 Redesigned Worx Apps
9.0 MDX security enhancements New containerization policies • Prevent backup to iCloud • Prevent file backup • Block Airprint • Block AirDrop/NFC • Block Social Features • App screen is obscured when it goes to background 7 © 2014 Citrix
8 © 2014 Citrix Infrastructure and Client Considerations
Key XenMobile Concepts Enrollment considerations WorxWeb SSO and Proxy considerations WorxMail, STA, microVPN and Battery Certificates and PKI iOS 8 support considerations Secrets Vault and User Entropy SSL Settings on NetScaler and Troubleshooting 9 © 2014 Citrix
10 © 2014 Citrix Enrollment MDM, MAM, ADS, 2FA, SHP etc
Enrollment modes and mechanisms Auto-discovery is easiest for user onboarding • ADS security setting for public certificate trust (MITM protection) • MAM only mode supported as well UPN is recommended for user authentication • Local users are available for MDM only, but not for MAM and Enterprise • Explicit UPN gets away from implicit UPN complications 2-factor is available for both MDM and MAM authentication • XenMobile generated OTP for MDM enrollment • RADIUS OTP support for MAM authentication Invitation URLs seems popular with customers • Sent via SMS to user’s mobile number from AD • Self-Help portal for user self-service enrollment 11 © 2014 Citrix
12 © 2014 Citrix WorxWeb, Proxy and Topology
13 © 2014 Citrix TYPICAL CLIENT INTERACTION - RECAP Worx Home WorxMail Gateway AuthN Worx IPC WorxWeb Control flow Data flow • Worx Home responsible for control flow and session ticket generation • Responsible for full Gateway authentication at the NetScaler • Worx apps responsible for data flow with backend servers • Only need valid session ticket to open connection to NetScaler (STA or NS_AAAC)
WorxWeb Einsatzszenarien Infrastruktur WorxWeb direkt zu WebServer • „no-brainer“ • Kein Vorteil für externe Benutzer WorxWeb mit mVPN Tunnel • WorxHome authentifiziert Tunnel • Benutzer am SSLVPN angemeldet • HTTPs vom Client zum WebServer • SSO nur für HTTP möglich WorxWeb mit SecureBrowse • Umschreiben am Client (Aufwand) • SSO auch für HTTPs möglich 14 © 2014 Citrix
WorxWeb 15 © 2014 Citrix Anmeldung am VServer Überprüfen der Policies WorxHome HTTPs 443 SSLVPN DMZ XM AppC Aufbauen eines Tunnels HTTP(s) Verbindung geht von Client zum Server
WorxWeb SSO 16 © 2014 Citrix Bei HTTP beantwortet CNS SSO Request HTTPs 443 XM AppC WorxHome SSLVPN DMZ Bei HTTPs kein SSO möglich HTTP401 Bei HTTPs kann Verbindung nicht unterbrochen werden am CNS
WorxWeb mit SecureBrowse SecureBrowse schreibt HTTP Traffic am Client um • aus URL: http://sharepoint/huhu.html wird 17 © 2014 Citrix https://sslvpn.comp.com/SecureBrowse/http/sharepoint/huhu.html NetScaler ist aus Sicht des WebServers der Client (SSL Verbindung) NetScaler kann für HTTP und HTTPs SSO Requests beantworten Mehr Rechenaufwand am Browser und am NetScaler als mVPN Es wird keinTunnel offen gehalten
WorxWeb mit SecureBrowse 18 © 2014 Citrix WorxHome SSLVPN DMZ XM AppC Anmeldung am VServer Überprüfen der Policies Client Side rewriting: https://AG.comp.com/SecureBrowse/SharePoint Rewriting am VServer HTTP(s) Verbindung von CNS zum Server
WorxWeb mit SecureBrowse 19 © 2014 Citrix HTTPs 443 XM AppC WorxHome SSLVPN DMZ HTTP401 SSO auch bei HTTPs
WorxWeb: MicroVPN Flexibility Permit VPN mode switching 20 © 2014 Citrix Default: mVPN Fallback für HTTPs SSO: SecureBrowse
Beispiele für HTTP Proxy Traffic Policies (non global) Internes WiFi Netz • Internet Daten gehen über Proxy Server • Intranet Daten gehen direkt zu den Servern Proxy für bestimmte Server Verbindungen zu bestimmten Netz brauche spezielle Settings (proxy/noproxy) 21 © 2014 Citrix
Proxy global Setzen und Überschreiben für Ausnahmen set vpn parameter -clientIdleTimeout 1 -proxy NS -httpProxy 10.54.255.155:3128 -sslProxy 10.54.255.155:3128 add vpn trafficAction allow_intranet_ta http -proxy NOPROXY add vpn trafficPolicy Allow_intranet_tp "REQ.IP.DESTIP == 10.0.0.0 - netmask 255.0.0.0 || REQ.IP.DESTIP == 162.139.0.0 -netmask 255.255.0.0 || REQ.IP.DESTIP == 142.56.0.0 -netmask 255.255.0.0" allow_intranet_ta Alternativ: add vpn trafficPolicy bypass_intranet "REQ.HTTP.HEADER CSHOST CONTAINS mycompany.com" allow_intranet bind vpn vserver MyVPN-policy Allow_intranet 22 © 2014 Citrix
WorxWeb with NetScaler Proxy config 23 © 2014 Citrix
24 © 2014 Citrix SIMPLEST WORXMAIL DEPLOYMENT ActiveSync WorxMail Exchange CAS MDX Network access = Unrestricted Pros 1. Best battery life of device 2. At-rest data security and SSL for transport 3. Client-cert authN for additional security Cons 1. ActiveSync Service is internet faced and need to be secured 2. More complex regarding device control
25 © 2014 Citrix NON-IDEAL WORXMAIL DEPLOYMENT WorxMail Exchange CAS MDX Network access = Tunneled Pros 1. ActiveSync only in LAN 2. Full control of device access Cons 1. Poor device battery life ActiveSync NetScaler Gateway microVPN
26 © 2014 Citrix RECOMMENDED WORXMAIL DEPLOYMENT WorxMail Exchange CAS MDX Network access = Tunneled Ticket Validity period Background services gateway STA provider config on NetScaler Gateway Pros 1. Best battery performance for most secure deployment 2. Support for client-certs as well 3. Full control of device access ActiveSync NetScaler Gateway STA App Controller STA Validation
Worx IPC 27 © 2014 Citrix TRAFFIC FLOW WorxMail Exchange CAS ActiveSync NetScaler STA Gateway App Controller • Control traffic • STA Validation Worx Home Gateway AuthN 1. Worx Home authN at NetScaler Gateway VIP based on configured authN policy 2. All control communication with App Controller 3. WorxMail token retrieval from Worx Home 4. WorxMail data connection to NetScaler Gateway and onward to CAS
28 © 2014 Citrix Certificates and PKI
Multiple certificates doing multiple things … 29 © 2014 Citrix iOS MDM sub-system Worx Home Worx * (Any worx app) XenMobile Device Manager NetScaler Gateway VIP Device cert – MDM Protocol MDM Control cert MAM User cert WiFi, VPN etc iOS system Services cert services
Multiple certificates doing multiple things …CAs are different 30 © 2014 Citrix iOS MDM sub-system Worx Home Worx * (Any worx app) Device cert – MDM Protocol MDM Control cert iOS system services MAM User cert Services cert Built-in CA • Lifecycle management • Device revocation, instead of cert revocation Enterprise CA • Microsoft cert services • OCSP/ CRL config at NetScaler Enterprise CA • MDM Payload delivery • Broadest support – Microsoft, Entrust, Symantec etc
31 © 2014 Citrix iOS 8 compatibility considerations
Background MDX leverages dylib for app. policies during wrapping process iOS 8 now supports App. Extensions with Dylib Using dylib mandates use of Team ID within provisioning profile (malware protection) Enterprise Certs has an additional field ‘Organization unit’ that is required by MDX • Present from late 2013 onwards 32 © 2014 Citrix
Solution Apps need to be re-wrapped using MDX 9.0.2+ Verify signing cert and provisioning profile for team ID and OU 33 © 2014 Citrix
Check for new Provisioning Profile 34 © 2014 Citrix
Log file 35 © 2014 Citrix New Enterprise Cert. Old Enterprise Cert. MySample(pid 964) - [deny-mmap] mapped file has no team identifier and is not a platform binary:
36 © 2014 Citrix Secrets Vault User Entropy, System Entropy etc 36
37 © 2014 Citrix Certificate Exchange Server IP NetScaler Cookie User Name Cached AD Password What Secrets?
Secrets are stored in iOS KeyChain 38 © 2014 Citrix Worx Home Key Value Crypto_S1 … Crypto_S2 … NS_AAAC … P12_Password … SAML_Token … WorxMail Key Value CAS_FQDN … Email … Password … WorxWeb Key Value ??? … ??? … ??? …
Isn’t OS secure-storage safe? Yes & No Yes • KeyChain encrypted with Device Pin • Enforce Device Pin for Corporate owned devices No • Device Pin for BYOC? • Users don’t set strong Device Pins • Jailbreak or Rooted device – Storage is easily accessible 39 © 2014 Citrix
So what do we do? Secrets Vault • Encrypted storage built on top of OS secure-store • Accessible to WorxHome & all MDX apps • Secures all secrets – sensitive material that may be leveraged for an exploit / privacy 40 © 2014 Citrix Worx Home Key Value Key Vault Key=Enc(K1, K2, K3) Secrets Vault Enc((S1, S2,Cert_Key,NS_AAC, SAML_Token),Key) • K1 = Device random value • K2 = Vendor specific value • K3 = Device Identifier
That’s Secure Yes – Strong proprietary encryption, on top of OS protection If device stolen: • 1st hurdle – Jailbreak device and access KeyChain • 2nd hurdle – Identify the right element in keychain for attack • 3rd hurdle – Secrets Vault appears to be a meaningless blob • 4th hurdle – Reverse Engineer WorxHome code to figure out the layered encryptions, and various keys used Attack – Theoretically Possible, Practically Very Hard Problem – All elements required for decryption, reside on the device 41 © 2014 Citrix
User Entropy App Controller setting = Enable secrets using passcode Introduce new variable, that never resides on the device WorxPin – Pin known only to user (Recommended) • Used for all offline MDX authentication • Used for introducing new randomness into Secrets Vault protection AD Password • Also possible to use AD password as UE 42 © 2014 Citrix
Secrets Vault – with User Entropy • K1 = Device random value • K2 = Vendor specific value • K3 = User Entropy 43 © 2014 Citrix Key Value Key Vault Key=Enc(K1, K2, K3) Secrets Vault Enc((S1, S2,Cert_Key,NS_AAC, SAML_Token),Key) User Entropy = WorxPin / AD Password (only user knows UE – Stolen device can not decrypt data)
44 © 2014 Citrix SSL Cheats on NetScaler
How to get better rating on your SSL Vserver Result with standard NetScaler Gateway configuration 45 © 2014 Citrix
Weak Ciphers and Poodle Attack vulnerability 46 © 2014 Citrix
No Perfect Forward Secrecy but finally no Renegotiation 47 © 2014 Citrix
Generating DH Key for FS 48 © 2014 Citrix
Vserver SSL settings 49 © 2014 Citrix
Change Cipher Suites Better on the CLI – some GUI issues on actual build Create custom cipher group • add ssl cipher YOUR-DEFAULT-ECCPFS • bind ssl cipher YOUR-DEFAULT-ECCPFS -cipherName TLS1-ECDHE-RSA-AES256-SHA • bind ssl cipher YOUR-DEFAULT-ECCPFS -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA • bind ssl cipher YOUR-DEFAULT-ECCPFS -cipherName TLS1-AES-256-CBC-SHA Bind custom cipher group to SSL Vserver • bind ssl vserver <vserverName> -ciperName YOUR-DEFAULT-ECCPFS Bind ECC curves to SSL Vserver • bind ssl vserver <vserverName> -eccCurveName ALL (Only on VPX and MPX/SDX115xx and higher) 50 © 2014 Citrix
Better SSL Rating (on non VPX A+) 51 © 2014 Citrix
Just the Ciphers we want 52 © 2014 Citrix
Forward Secrecy on all supported platforms 53 © 2014 Citrix
54 © 2014 Citrix Network Tracing
Technical Preparation: Certificates: XenMobile Server-side 55 © 2014 Citrix Public Certificates: Obtain the two individual certs needed to support: • XenMobile MDM: cert tied to the MDM FQDN – secures the trusted MDM enrollment of devices and allows for SSO capabilities later. • XenMobile MAM: cert tied to the NetScaler Gateway FQDN for the XenMobile WorxHome & WorxStore access, and (mVPN) services required for the secure tunneling of Worx enabled apps. • NOTE: Individual named certs recommended. Use of Wildcard “*.domain.com” certs are okay, but SAN-certs are not compatible.
SSL Certificates Helpful tools OpenSSL # Generate a 2048-bit private key openssl genrsa -out my.key 2048 # Create a Certificate Signing Request openssl req -new -key my.key -out my.csr # Create a self-signed certificate with a 365-day expiration openssl x509 -req -days 365 -in my.csr -signkey my.key -out my.crt # Convert a Certificate from DER to PEM openssl x509 -inform der -in certificate.cer -out certificate.pem # Convert a Certificate from PEM to PFX openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile CACert.crt 56 © 2014 Citrix
SSL Certificates Helpful tools XCA Certificate and key managements – CSR, KEY, CERT DB 57 © 2014 Citrix
Troubleshooting Using Wireshark Able to capture, decrypt and decode SSL traffic if • Captured on a Ethernet tap or shared media hub • Wireshark can capture in promiscuous mode • Wireshark is compiled with GnuTLS support • RSA key is accessible • Port, Protocol and SSL Server IP address is configured 58 © 2014 Citrix
Troubleshooting Options for capturing packets No access to (shared) network • Install Wireshark or tcpdump locally on each server • Capture packets on the Netscaler (Choose tcpdump or nstrace format) 59 © 2014 Citrix
Troubleshooting Using Wireshark Configure Wireshark for SSL decryption Preferences -> Protocols -> SSL 60 © 2014 Citrix
Troubleshooting Using Wireshark DH Keys can’t be used to decipher SSL traffic • Consider SSL Offload with the NetScaler and check the ciphers (RSA only) 61 © 2014 Citrix Handshake packets point to Diffie Hellman Application Data: Meaningless data string
Troubleshooting Using Wireshark Providing the RSA key, server ip and port number allows Wireshark to decrypt and decode SSL 62 © 2014 Citrix Handshake packets point to RSA Decoded as clear text HTTP
63 © 2014 Citrix Titan - Preview
64 © 2014 Citrix ACCESS TIER MDM FLOWS MAM AND MICRO-VPN FLOWS XM-TITAN ARCHITECTURE L B T IE R XENMOBILE SERVER XENMOBILE SERVER MS-SQL Single unified « XENMOBILE SERVER » with all device and app management features Unified administraCve console with AD integraCon, and RBAC support External data store, for simpler scalability, HA, DR and mulC-­‐site rollout Consolidated logging, reporCng and event management
XenMobile Titan – Platform Review 65 © 2014 Citrix http(s)://XMS-FQDN/MDM/ http(s)://XMS-FQDN/MAM/ DB • MS SQL 2012+ • DR with DB replication XenMobile Server Worx Home MDM sub-system MAM sub-system AD Process PKI Process Syslog Process Active Directory • LDAP and LDAPS • Multi-domain • Global Catalog support • On-demand AD (No sync, delta sync etc) • No first-name, last-name dependency • Sync required for “Nested Groups” support - Optional PKI • No change from XM9 • MSFT CA for user certs Syslog • Unified logging • User activity • Admin activity • System activity MDM Endpoint Interface • Listening on ports 443 (Cert based post-enrollment) and 8443 (Pre-enrollment) MAM Endpoint Interface • Listening on ports 443 (non-cert based) Console Unified console • RBAC for MDM and MAM configuration • AD user as admin • Local user creation for MDM/ MAM enrollments API DB Process API • Carryover of XDM API • Backwards compatible • NOTE: No MAM config APIs
Unified Administrative Console 66 © 2014 Citrix
Citrix Day 2014: XenMobile Enterprise Edition

Empfohlen

XenMobile Packet Flow
XenMobile Packet FlowXenMobile Packet Flow
XenMobile Packet FlowNuno Alves
 
Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013
Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013
Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013patmisasi
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...
SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...
SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...Citrix
 
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...David McGeough
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Citrix Internals: ICA Connectivity
Citrix Internals: ICA ConnectivityCitrix Internals: ICA Connectivity
Citrix Internals: ICA ConnectivityDenis Gundarev
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 UpdateMarketingArrowECS_CZ
 

Empfohlen

XenMobile Packet Flow
XenMobile Packet FlowXenMobile Packet Flow
XenMobile Packet FlowNuno Alves
 
Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013
Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013
Xen mobile Scalar Decisions EMM Sales-presentation April 25th, 2013patmisasi
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...
SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...
SYN308: How XenMobile integrates with NetScaler, XenDesktop and XenApp for co...Citrix
 
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...David McGeough
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Citrix Internals: ICA Connectivity
Citrix Internals: ICA ConnectivityCitrix Internals: ICA Connectivity
Citrix Internals: ICA ConnectivityDenis Gundarev
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 UpdateMarketingArrowECS_CZ
 
Net scaler appfw customer technical presentation dec 2012f
Net scaler appfw customer technical presentation dec 2012fNet scaler appfw customer technical presentation dec 2012f
Net scaler appfw customer technical presentation dec 2012fxKinAnx
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
 
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationDEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationCisco DevNet
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersCisco DevNet
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricRobb Boyd
 
Cloud offering by Comverse
Cloud offering by ComverseCloud offering by Comverse
Cloud offering by ComverseComverse, Inc.
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5MarketingArrowECS_CZ
 
Microsoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoMicrosoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoQuek Lilian
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Markus Schlichting
 
Building for the cloud - integrating an application on Windows Azure - Remix2010
Building for the cloud - integrating an application on Windows Azure - Remix2010Building for the cloud - integrating an application on Windows Azure - Remix2010
Building for the cloud - integrating an application on Windows Azure - Remix2010Maarten Balliauw
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival TipsForgeRock
 
Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMSMarius Sandbu
 
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6Lee Bushen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Net scaler appfw customer technical presentation dec 2012f
Net scaler appfw customer technical presentation dec 2012fNet scaler appfw customer technical presentation dec 2012f
Net scaler appfw customer technical presentation dec 2012fxKinAnx
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
 
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationDEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationCisco DevNet
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersCisco DevNet
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricRobb Boyd
 
Cloud offering by Comverse
Cloud offering by ComverseCloud offering by Comverse
Cloud offering by ComverseComverse, Inc.
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
Microsoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoMicrosoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoQuek Lilian
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Markus Schlichting
 
Building for the cloud - integrating an application on Windows Azure - Remix2010
Building for the cloud - integrating an application on Windows Azure - Remix2010Building for the cloud - integrating an application on Windows Azure - Remix2010
Building for the cloud - integrating an application on Windows Azure - Remix2010Maarten Balliauw
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival TipsForgeRock
 

Was ist angesagt? (20)

Net scaler appfw customer technical presentation dec 2012f
Net scaler appfw customer technical presentation dec 2012fNet scaler appfw customer technical presentation dec 2012f
Net scaler appfw customer technical presentation dec 2012f
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
 
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationDEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure Solution
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud Fabric
 
Cloud offering by Comverse
Cloud offering by ComverseCloud offering by Comverse
Cloud offering by Comverse
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5
 
Microsoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoMicrosoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John Delizo
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)
 
Building for the cloud - integrating an application on Windows Azure - Remix2010
Building for the cloud - integrating an application on Windows Azure - Remix2010Building for the cloud - integrating an application on Windows Azure - Remix2010
Building for the cloud - integrating an application on Windows Azure - Remix2010
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival Tips
 

Ähnlich wie Citrix Day 2014: XenMobile Enterprise Edition

Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMSMarius Sandbu
 
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6Lee Bushen
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix
 
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...David McGeough
 
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...David McGeough
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware
 
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysKhash Nakhostin
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...xKinAnx
 
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...solarisyourep
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStackOSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStackTim Mackey
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Digicomp Academy AG
 
Citrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware
 

Ähnlich wie Citrix Day 2014: XenMobile Enterprise Edition (20)

Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMS
 
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
 
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
 
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & Gateways
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
 
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
 
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
Presentation cisco vxi–optimized infrastructure for scaling v mware view wi...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStackOSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6
 
Citrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinar
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
 

Mehr von Digicomp Academy AG

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Digicomp Academy AG
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Digicomp Academy AG
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Digicomp Academy AG
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutDigicomp Academy AG
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutDigicomp Academy AG
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xDigicomp Academy AG
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Digicomp Academy AG
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinDigicomp Academy AG
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Digicomp Academy AG
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattDigicomp Academy AG
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogDigicomp Academy AG
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnDigicomp Academy AG
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingDigicomp Academy AG
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessDigicomp Academy AG
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Digicomp Academy AG
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceDigicomp Academy AG
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudDigicomp Academy AG
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slidesDigicomp Academy AG
 

Mehr von Digicomp Academy AG (20)

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handout
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit x
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING Expertendialog
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital Business
 
Minenfeld IPv6
Minenfeld IPv6Minenfeld IPv6
Minenfeld IPv6
 
Was ist design thinking
Was ist design thinkingWas ist design thinking
Was ist design thinking
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slides
 

Kürzlich hochgeladen

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Kürzlich hochgeladen (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Citrix Day 2014: XenMobile Enterprise Edition

  • 1. Citrix XenMobile Enterprise Edition Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG Daniel Kuenzli Senior Systems Engineer Citrix Systems GmbH
  • 2. EMM Enterprise Mobility Management 2 © 2014 Citrix Productivity and Collaboration Data Management App Management Device Management
  • 4. 4 © 2014 Citrix What’s new in XenMobile 9.0
  • 5. New in XenMobile 9.0 - Platform XDM cluster simplification Expanded MDM support for Win 8.1 (Phone and Tablet) Sony MDM extensions Modified license files with Citrix v6 compatibility Support options and TaaS Integration NetScaler 10.5 – Simpler configuration for XenMobile 5 © 2014 Citrix
  • 6. 6 © 2014 Citrix WorxWeb • Consistent look/ feel • Offline page support • Download persistence WorxMail • Simpler navigation • Fast triage • iOS background mode • Admin notification control • Server-side search (iOS) • Landscape/ Portrait ShareFile • Secure EFSS • Mobile content editing • SharePoint & network files WorxNotes • Secure notes • Team notebooks • Email and calendar integration WorxDesktop • Secure VDI like access to physical desktop • Access work files and apps WorxEdit • Offline content edit • Review , comment and collaborate on documents What’s new in XenMobile 9.0 Redesigned Worx Apps
  • 7. 9.0 MDX security enhancements New containerization policies • Prevent backup to iCloud • Prevent file backup • Block Airprint • Block AirDrop/NFC • Block Social Features • App screen is obscured when it goes to background 7 © 2014 Citrix
  • 8. 8 © 2014 Citrix Infrastructure and Client Considerations
  • 9. Key XenMobile Concepts Enrollment considerations WorxWeb SSO and Proxy considerations WorxMail, STA, microVPN and Battery Certificates and PKI iOS 8 support considerations Secrets Vault and User Entropy SSL Settings on NetScaler and Troubleshooting 9 © 2014 Citrix
  • 10. 10 © 2014 Citrix Enrollment MDM, MAM, ADS, 2FA, SHP etc
  • 11. Enrollment modes and mechanisms Auto-discovery is easiest for user onboarding • ADS security setting for public certificate trust (MITM protection) • MAM only mode supported as well UPN is recommended for user authentication • Local users are available for MDM only, but not for MAM and Enterprise • Explicit UPN gets away from implicit UPN complications 2-factor is available for both MDM and MAM authentication • XenMobile generated OTP for MDM enrollment • RADIUS OTP support for MAM authentication Invitation URLs seems popular with customers • Sent via SMS to user’s mobile number from AD • Self-Help portal for user self-service enrollment 11 © 2014 Citrix
  • 12. 12 © 2014 Citrix WorxWeb, Proxy and Topology
  • 13. 13 © 2014 Citrix TYPICAL CLIENT INTERACTION - RECAP Worx Home WorxMail Gateway AuthN Worx IPC WorxWeb Control flow Data flow • Worx Home responsible for control flow and session ticket generation • Responsible for full Gateway authentication at the NetScaler • Worx apps responsible for data flow with backend servers • Only need valid session ticket to open connection to NetScaler (STA or NS_AAAC)
  • 14. WorxWeb Einsatzszenarien Infrastruktur WorxWeb direkt zu WebServer • „no-brainer“ • Kein Vorteil für externe Benutzer WorxWeb mit mVPN Tunnel • WorxHome authentifiziert Tunnel • Benutzer am SSLVPN angemeldet • HTTPs vom Client zum WebServer • SSO nur für HTTP möglich WorxWeb mit SecureBrowse • Umschreiben am Client (Aufwand) • SSO auch für HTTPs möglich 14 © 2014 Citrix
  • 15. WorxWeb 15 © 2014 Citrix Anmeldung am VServer Überprüfen der Policies WorxHome HTTPs 443 SSLVPN DMZ XM AppC Aufbauen eines Tunnels HTTP(s) Verbindung geht von Client zum Server
  • 16. WorxWeb SSO 16 © 2014 Citrix Bei HTTP beantwortet CNS SSO Request HTTPs 443 XM AppC WorxHome SSLVPN DMZ Bei HTTPs kein SSO möglich HTTP401 Bei HTTPs kann Verbindung nicht unterbrochen werden am CNS
  • 17. WorxWeb mit SecureBrowse SecureBrowse schreibt HTTP Traffic am Client um • aus URL: http://sharepoint/huhu.html wird 17 © 2014 Citrix https://sslvpn.comp.com/SecureBrowse/http/sharepoint/huhu.html NetScaler ist aus Sicht des WebServers der Client (SSL Verbindung) NetScaler kann für HTTP und HTTPs SSO Requests beantworten Mehr Rechenaufwand am Browser und am NetScaler als mVPN Es wird keinTunnel offen gehalten
  • 18. WorxWeb mit SecureBrowse 18 © 2014 Citrix WorxHome SSLVPN DMZ XM AppC Anmeldung am VServer Überprüfen der Policies Client Side rewriting: https://AG.comp.com/SecureBrowse/SharePoint Rewriting am VServer HTTP(s) Verbindung von CNS zum Server
  • 19. WorxWeb mit SecureBrowse 19 © 2014 Citrix HTTPs 443 XM AppC WorxHome SSLVPN DMZ HTTP401 SSO auch bei HTTPs
  • 20. WorxWeb: MicroVPN Flexibility Permit VPN mode switching 20 © 2014 Citrix Default: mVPN Fallback für HTTPs SSO: SecureBrowse
  • 21. Beispiele für HTTP Proxy Traffic Policies (non global) Internes WiFi Netz • Internet Daten gehen über Proxy Server • Intranet Daten gehen direkt zu den Servern Proxy für bestimmte Server Verbindungen zu bestimmten Netz brauche spezielle Settings (proxy/noproxy) 21 © 2014 Citrix
  • 22. Proxy global Setzen und Überschreiben für Ausnahmen set vpn parameter -clientIdleTimeout 1 -proxy NS -httpProxy 10.54.255.155:3128 -sslProxy 10.54.255.155:3128 add vpn trafficAction allow_intranet_ta http -proxy NOPROXY add vpn trafficPolicy Allow_intranet_tp "REQ.IP.DESTIP == 10.0.0.0 - netmask 255.0.0.0 || REQ.IP.DESTIP == 162.139.0.0 -netmask 255.255.0.0 || REQ.IP.DESTIP == 142.56.0.0 -netmask 255.255.0.0" allow_intranet_ta Alternativ: add vpn trafficPolicy bypass_intranet "REQ.HTTP.HEADER CSHOST CONTAINS mycompany.com" allow_intranet bind vpn vserver MyVPN-policy Allow_intranet 22 © 2014 Citrix
  • 23. WorxWeb with NetScaler Proxy config 23 © 2014 Citrix
  • 24. 24 © 2014 Citrix SIMPLEST WORXMAIL DEPLOYMENT ActiveSync WorxMail Exchange CAS MDX Network access = Unrestricted Pros 1. Best battery life of device 2. At-rest data security and SSL for transport 3. Client-cert authN for additional security Cons 1. ActiveSync Service is internet faced and need to be secured 2. More complex regarding device control
  • 25. 25 © 2014 Citrix NON-IDEAL WORXMAIL DEPLOYMENT WorxMail Exchange CAS MDX Network access = Tunneled Pros 1. ActiveSync only in LAN 2. Full control of device access Cons 1. Poor device battery life ActiveSync NetScaler Gateway microVPN
  • 26. 26 © 2014 Citrix RECOMMENDED WORXMAIL DEPLOYMENT WorxMail Exchange CAS MDX Network access = Tunneled Ticket Validity period Background services gateway STA provider config on NetScaler Gateway Pros 1. Best battery performance for most secure deployment 2. Support for client-certs as well 3. Full control of device access ActiveSync NetScaler Gateway STA App Controller STA Validation
  • 27. Worx IPC 27 © 2014 Citrix TRAFFIC FLOW WorxMail Exchange CAS ActiveSync NetScaler STA Gateway App Controller • Control traffic • STA Validation Worx Home Gateway AuthN 1. Worx Home authN at NetScaler Gateway VIP based on configured authN policy 2. All control communication with App Controller 3. WorxMail token retrieval from Worx Home 4. WorxMail data connection to NetScaler Gateway and onward to CAS
  • 28. 28 © 2014 Citrix Certificates and PKI
  • 29. Multiple certificates doing multiple things … 29 © 2014 Citrix iOS MDM sub-system Worx Home Worx * (Any worx app) XenMobile Device Manager NetScaler Gateway VIP Device cert – MDM Protocol MDM Control cert MAM User cert WiFi, VPN etc iOS system Services cert services
  • 30. Multiple certificates doing multiple things …CAs are different 30 © 2014 Citrix iOS MDM sub-system Worx Home Worx * (Any worx app) Device cert – MDM Protocol MDM Control cert iOS system services MAM User cert Services cert Built-in CA • Lifecycle management • Device revocation, instead of cert revocation Enterprise CA • Microsoft cert services • OCSP/ CRL config at NetScaler Enterprise CA • MDM Payload delivery • Broadest support – Microsoft, Entrust, Symantec etc
  • 31. 31 © 2014 Citrix iOS 8 compatibility considerations
  • 32. Background MDX leverages dylib for app. policies during wrapping process iOS 8 now supports App. Extensions with Dylib Using dylib mandates use of Team ID within provisioning profile (malware protection) Enterprise Certs has an additional field ‘Organization unit’ that is required by MDX • Present from late 2013 onwards 32 © 2014 Citrix
  • 33. Solution Apps need to be re-wrapped using MDX 9.0.2+ Verify signing cert and provisioning profile for team ID and OU 33 © 2014 Citrix
  • 34. Check for new Provisioning Profile 34 © 2014 Citrix
  • 35. Log file 35 © 2014 Citrix New Enterprise Cert. Old Enterprise Cert. MySample(pid 964) - [deny-mmap] mapped file has no team identifier and is not a platform binary:
  • 36. 36 © 2014 Citrix Secrets Vault User Entropy, System Entropy etc 36
  • 37. 37 © 2014 Citrix Certificate Exchange Server IP NetScaler Cookie User Name Cached AD Password What Secrets?
  • 38. Secrets are stored in iOS KeyChain 38 © 2014 Citrix Worx Home Key Value Crypto_S1 … Crypto_S2 … NS_AAAC … P12_Password … SAML_Token … WorxMail Key Value CAS_FQDN … Email … Password … WorxWeb Key Value ??? … ??? … ??? …
  • 39. Isn’t OS secure-storage safe? Yes & No Yes • KeyChain encrypted with Device Pin • Enforce Device Pin for Corporate owned devices No • Device Pin for BYOC? • Users don’t set strong Device Pins • Jailbreak or Rooted device – Storage is easily accessible 39 © 2014 Citrix
  • 40. So what do we do? Secrets Vault • Encrypted storage built on top of OS secure-store • Accessible to WorxHome & all MDX apps • Secures all secrets – sensitive material that may be leveraged for an exploit / privacy 40 © 2014 Citrix Worx Home Key Value Key Vault Key=Enc(K1, K2, K3) Secrets Vault Enc((S1, S2,Cert_Key,NS_AAC, SAML_Token),Key) • K1 = Device random value • K2 = Vendor specific value • K3 = Device Identifier
  • 41. That’s Secure Yes – Strong proprietary encryption, on top of OS protection If device stolen: • 1st hurdle – Jailbreak device and access KeyChain • 2nd hurdle – Identify the right element in keychain for attack • 3rd hurdle – Secrets Vault appears to be a meaningless blob • 4th hurdle – Reverse Engineer WorxHome code to figure out the layered encryptions, and various keys used Attack – Theoretically Possible, Practically Very Hard Problem – All elements required for decryption, reside on the device 41 © 2014 Citrix
  • 42. User Entropy App Controller setting = Enable secrets using passcode Introduce new variable, that never resides on the device WorxPin – Pin known only to user (Recommended) • Used for all offline MDX authentication • Used for introducing new randomness into Secrets Vault protection AD Password • Also possible to use AD password as UE 42 © 2014 Citrix
  • 43. Secrets Vault – with User Entropy • K1 = Device random value • K2 = Vendor specific value • K3 = User Entropy 43 © 2014 Citrix Key Value Key Vault Key=Enc(K1, K2, K3) Secrets Vault Enc((S1, S2,Cert_Key,NS_AAC, SAML_Token),Key) User Entropy = WorxPin / AD Password (only user knows UE – Stolen device can not decrypt data)
  • 44. 44 © 2014 Citrix SSL Cheats on NetScaler
  • 45. How to get better rating on your SSL Vserver Result with standard NetScaler Gateway configuration 45 © 2014 Citrix
  • 46. Weak Ciphers and Poodle Attack vulnerability 46 © 2014 Citrix
  • 47. No Perfect Forward Secrecy but finally no Renegotiation 47 © 2014 Citrix
  • 48. Generating DH Key for FS 48 © 2014 Citrix
  • 49. Vserver SSL settings 49 © 2014 Citrix
  • 50. Change Cipher Suites Better on the CLI – some GUI issues on actual build Create custom cipher group • add ssl cipher YOUR-DEFAULT-ECCPFS • bind ssl cipher YOUR-DEFAULT-ECCPFS -cipherName TLS1-ECDHE-RSA-AES256-SHA • bind ssl cipher YOUR-DEFAULT-ECCPFS -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA • bind ssl cipher YOUR-DEFAULT-ECCPFS -cipherName TLS1-AES-256-CBC-SHA Bind custom cipher group to SSL Vserver • bind ssl vserver <vserverName> -ciperName YOUR-DEFAULT-ECCPFS Bind ECC curves to SSL Vserver • bind ssl vserver <vserverName> -eccCurveName ALL (Only on VPX and MPX/SDX115xx and higher) 50 © 2014 Citrix
  • 51. Better SSL Rating (on non VPX A+) 51 © 2014 Citrix
  • 52. Just the Ciphers we want 52 © 2014 Citrix
  • 53. Forward Secrecy on all supported platforms 53 © 2014 Citrix
  • 54. 54 © 2014 Citrix Network Tracing
  • 55. Technical Preparation: Certificates: XenMobile Server-side 55 © 2014 Citrix Public Certificates: Obtain the two individual certs needed to support: • XenMobile MDM: cert tied to the MDM FQDN – secures the trusted MDM enrollment of devices and allows for SSO capabilities later. • XenMobile MAM: cert tied to the NetScaler Gateway FQDN for the XenMobile WorxHome & WorxStore access, and (mVPN) services required for the secure tunneling of Worx enabled apps. • NOTE: Individual named certs recommended. Use of Wildcard “*.domain.com” certs are okay, but SAN-certs are not compatible.
  • 56. SSL Certificates Helpful tools OpenSSL # Generate a 2048-bit private key openssl genrsa -out my.key 2048 # Create a Certificate Signing Request openssl req -new -key my.key -out my.csr # Create a self-signed certificate with a 365-day expiration openssl x509 -req -days 365 -in my.csr -signkey my.key -out my.crt # Convert a Certificate from DER to PEM openssl x509 -inform der -in certificate.cer -out certificate.pem # Convert a Certificate from PEM to PFX openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile CACert.crt 56 © 2014 Citrix
  • 57. SSL Certificates Helpful tools XCA Certificate and key managements – CSR, KEY, CERT DB 57 © 2014 Citrix
  • 58. Troubleshooting Using Wireshark Able to capture, decrypt and decode SSL traffic if • Captured on a Ethernet tap or shared media hub • Wireshark can capture in promiscuous mode • Wireshark is compiled with GnuTLS support • RSA key is accessible • Port, Protocol and SSL Server IP address is configured 58 © 2014 Citrix
  • 59. Troubleshooting Options for capturing packets No access to (shared) network • Install Wireshark or tcpdump locally on each server • Capture packets on the Netscaler (Choose tcpdump or nstrace format) 59 © 2014 Citrix
  • 60. Troubleshooting Using Wireshark Configure Wireshark for SSL decryption Preferences -> Protocols -> SSL 60 © 2014 Citrix
  • 61. Troubleshooting Using Wireshark DH Keys can’t be used to decipher SSL traffic • Consider SSL Offload with the NetScaler and check the ciphers (RSA only) 61 © 2014 Citrix Handshake packets point to Diffie Hellman Application Data: Meaningless data string
  • 62. Troubleshooting Using Wireshark Providing the RSA key, server ip and port number allows Wireshark to decrypt and decode SSL 62 © 2014 Citrix Handshake packets point to RSA Decoded as clear text HTTP
  • 63. 63 © 2014 Citrix Titan - Preview
  • 64. 64 © 2014 Citrix ACCESS TIER MDM FLOWS MAM AND MICRO-VPN FLOWS XM-TITAN ARCHITECTURE L B T IE R XENMOBILE SERVER XENMOBILE SERVER MS-SQL Single unified « XENMOBILE SERVER » with all device and app management features Unified administraCve console with AD integraCon, and RBAC support External data store, for simpler scalability, HA, DR and mulC-­‐site rollout Consolidated logging, reporCng and event management
  • 65. XenMobile Titan – Platform Review 65 © 2014 Citrix http(s)://XMS-FQDN/MDM/ http(s)://XMS-FQDN/MAM/ DB • MS SQL 2012+ • DR with DB replication XenMobile Server Worx Home MDM sub-system MAM sub-system AD Process PKI Process Syslog Process Active Directory • LDAP and LDAPS • Multi-domain • Global Catalog support • On-demand AD (No sync, delta sync etc) • No first-name, last-name dependency • Sync required for “Nested Groups” support - Optional PKI • No change from XM9 • MSFT CA for user certs Syslog • Unified logging • User activity • Admin activity • System activity MDM Endpoint Interface • Listening on ports 443 (Cert based post-enrollment) and 8443 (Pre-enrollment) MAM Endpoint Interface • Listening on ports 443 (non-cert based) Console Unified console • RBAC for MDM and MAM configuration • AD user as admin • Local user creation for MDM/ MAM enrollments API DB Process API • Carryover of XDM API • Backwards compatible • NOTE: No MAM config APIs
  • 66. Unified Administrative Console 66 © 2014 Citrix