• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Blogs for tag 'cag'

Permalink | Twitter Post to Twitter | Comments (0) | Views (1840) |

27 Aug 2009 12:16 PM EDT
ICA Proxy over AGSE
[ Tags:  xenapp ,   proxy ,   cag ,   access gateway ,   application proxy ,   ica proxy ,   secure gateway ,   agse ,   ica delivery controller ,   apptips ,   tips ,   howto ,   cdc ,   delivery center ,   virtualization ,   ssl offload ,   cdn ,   xenapp ,   xenserver ,   netscaler ]
posted by Craig Ellrod

ICA Proxy for XenApp using CAG

Citrix Access Gateway™, a member of the Citrix Delivery Center, is an SSL VPN to securely deliver any application with policy-based SmartAccess control.

Citrix XenApp™, also a member of the Citrix Delivery Center™ product family, is the industry's de facto standard for delivering Windows-based applications with the best performance, security and cost savings.

By centralizing applications and data in secure datacenters, IT can reduce the costs of management and support, increase data security and facilitate business continuity.

We at Citrix are often asked how to deploy a CAG in front of a XenApp server farm, to proxy application delivery over the ICA protocol, securely. The CAG secures XenApp delivered applications by serving as a proxy for those applications. CAG proxies the ICA connections delivered from XenApp, and then wraps those applications with HTTPS or SSL to secure the traffic before it leaves your organization.

This is possible by following the steps in the deployment guide. This guide is specific to the Citrix Access Gateway Standard Edition (AGSE), which is different hardware & software from the Citrix NetScaler Access Gateway Enterprise Edition (AGEE).

Download the deployment guide.

Its Powerful Citrix Developer Network!

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (1) | Views (10030) |

04 Jun 2008 03:10 PM EDT
Gemalto - case for strong authentication with Citrix
[ Tags:  gemalto ,   cpm ,   xenapp ,   cag ,   security ,   strong authentication ,   smart card ,   password manager ,   citrix password manager ]
posted by Kate Brew

I spent some time recently chatting with Ross Duncan, VP of Channels at Gemalto, due to my role as product manager for Citrix Password Manager.While Citrix remains "strong authentication agnostic", Ross raised some great points: - Passwords are bad - I don't think anyone will argue this point!  There have been many solutions to enforce management of passwords to mitigate the inherent weakness.  Then those "solutions" that make passwords more complex can cause user convenience problems - plus bad behavior such as passwords written down, using the same password for many applications, and so on.  Then the help desk calls are both extensive and expensive.  - eSSO means putting all the keys to the kingdom in one place.  This allows IT to use hyper-secure passwords (20+ characters, special characters, etc.) that change rapidly.  However, the end user now has only ONE password to know - therefore there is a case to augment it with a strong authentication device like Gemalto smart cards. - Coupling of eSSO and smart cards brings the ultimate in convenience with maximum security - the user inserts their card, enters their PIN, and they can securely access the system.  This is much easier then entering user name/password - easier and more secure. - Vendors like Gemalto are integrated with Citrix Password Manager, smooth roaming/Hot Desktop, XenApp and CAG, which is convenient for customers.
We also discussed the merits of converging logical and physical security.  This always looks great on powerpoints, but it has been a real slow starter in real life.  It's been discussed for 8 years that I personally know about, but the actual implementations are lagging.  It always struck me this way: the physical security personnel and the IT security personnel are usually in different areas within and organization, and there are numerous political barriers to having the two groups work together and contribute budgets to make a badge/technology/management decision together.  I know Gemalto has partnerships to do this, but it seems to me to face obstacles.  Would like to hear comments!
 

Expand Blog Post