Blog posts tagged with 'access gateway'

 
 In my last post, I discussed the importance of user experience -> It's All About The User Experience (IAATHUX) 
Our Access Gateway team has come up with a new look and
feel that is nice and clean.   I think this is much more intuitive and consistent with the experience across Citrix Delivery Center.   Notice that they are using plugin terminology in anticipation of App Receiver.

The desktop icon has changed from the "two rubic's cubes connected by a red pipe" to the simple and easy to understand lock symbol.   The rationale here is that secure access is not just about remote access but should secure connections onsite and offsite.

The thing I like the most with Access Gateway is that with auto-reconnect, I can just live in secure connected mode all the time.  At Citrix, we run open wireless networks at most locations, so I can just put my laptop to sleep and start-up in any location (including at home) and be assured a secure connection without having to do anything.  I just see the secure lock icon in my systray and the auto reconnect happen as I transit networks. 
 
With the advantages of de-perimeterization,
I think more and more users will appreciate this model. Check out the Jericho Forum, for more on this model.

Cheers,

Gordon

The views expressed here are mine alone and have not been authorized by, and do not necessarily reflect the views of, Citrix.

Typically, an admin that implements the Access Gateway Enterprise Edition(AGEE), find themselves deciding how to lock down the environment that the users will connect to.  I have been asked many times what the "Best Practice" would be to restrict or allow access to their users.  What I like to explain is that the normal security guidelines come into play first, however each environment can differ based on company security policies and application delivery goals. 

What I like most about the AGEE, aside from multiple vServers, automated failover, enterprise scalability, policy control, etc.. is the flexibility to provide secure remote access to Presentation Server applications without using a "VPN" client. The AGEE's is called the Secure Access Client(SAC).  The SAC is there if needed, and all of the granular access policies can be applied to the full "VPN" tunnel.  The flexibility to give users access to just Presentation Server application and/or a full desktop experience is only outdone by the ease and flexibility of the policies that can determine the users logon session environment.......  This is called SmartAccess and it gets performed via the AGEE appliance itself.

Bottom line with using policies is to make sure you start with a solid design.  Included in that design should be what kind of users will be connecting and what resources they will need access to.  From there, you will need to decide on if you need to run Pre-Authentication Policies to grant/deny access to the logon page as well as determining other features that the users will have during their session.  In addition, you will need to determine if you need to setup any policies to run End-Point Analysis after their credentials are entered to filter Presentation Server applications and/or grant/deny access to other resources, including the entire session.

This is just the beginning, there are many other features provided by the AGEE as well as many different combinations of how to apply policy and dynamically create the users logon environment when connecting via the AGEE.  I hope after reading this, you too will be excited about the power and flexibility of the AGEE and remember to keep in mind how important an initial design is to maximize the AGEEs full potential. 

So, this is my first ever blog post.  Thought I share a diagram that I been using since December when the two products were married together. It been passed around, so you may have seen it before. It is also starting to get awefully busy, so things like CRL are left off.