• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Personal Blog
Craig Ellrod
Blogs
Profile
Added by Craig Ellrod, last edited by Craig Ellrod on Sep 02, 2008  (view change)
Permalink | Twitter Post to Twitter | Comments (1) | Views (9044) |
19 Aug 2008 01:46 PM EDT
Web Filter for XenApp
[ Tags: antivirus ,   hybrid ,   iprism ,   stbernard ,   eprism ,   proxy ,   bridge ,   netscaler ,   appexpert ,   apptips ,   tips ,   compliance ,   xenapp ,   virtualization ,   xen ,   tap ,   netscaler ,   xenapp ,   number 1 web filter ,   web filter ,   web filters ,   web filtering ,   url filtering ,   internet filter ,   website filter ,   content filter ,   content filtering ,   im filter ,   p2p filter ,   im filtering ,   p2p filtering ,   email filter ,   email filtering ,   transparent proxy ,   citrix ready ,   xen filter ,   network tap ,   application virtualization ,   citrix presentation server ,   xenapp web filter ,   xenapp security ,   load balancer ,   load balancing ,   server load balancer ,   server load balancing ]
posted by Craig Ellrod

The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed.

With NetScaler:

We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications.

The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting.

With XenApp:

The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.


Citrix & St.Bernard Deployment Guide!

Network Diagram:



Watch this video tip:





NetScaler Developer Network!

Labels

antivirus antivirus Delete
hybrid hybrid Delete
iprism iprism Delete
stbernard stbernard Delete
eprism eprism Delete
proxy proxy Delete
bridge bridge Delete
netscaler netscaler Delete
appexpert appexpert Delete
apptips apptips Delete
tips tips Delete
compliance compliance Delete
xenapp xenapp Delete
virtualization virtualization Delete
xen xen Delete
tap tap Delete
netscaler netscaler Delete
xenapp xenapp Delete
number 1 web filter number_1_web_filter Delete
web filter web_filter Delete
web filters web_filters Delete
web filtering web_filtering Delete
url filtering url_filtering Delete
internet filter internet_filter Delete
website filter website_filter Delete
content filter content_filter Delete
content filtering content_filtering Delete
im filter im_filter Delete
p2p filter p2p_filter Delete
im filtering im_filtering Delete
p2p filtering p2p_filtering Delete
email filter email_filter Delete
email filtering email_filtering Delete
transparent proxy transparent_proxy Delete
citrix ready citrix_ready Delete
xen filter xen_filter Delete
network tap network_tap Delete
application virtualization application_virtualization Delete
citrix presentation server citrix_presentation_server Delete
xenapp web filter xenapp_web_filter Delete
xenapp security xenapp_security Delete
load balancer load_balancer Delete
load balancing load_balancing Delete
server load balancer server_load_balancer Delete
server load balancing server_load_balancing Delete
lang-eng lang-eng Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (1)

 

  1. Sep 01

    Anonymous says:

    We use CensorNet with Citrix in a VMware ESX environment. Unlike other web filte...

    We use CensorNet with Citrix in a VMware ESX environment. Unlike other web filters, CensorNet is able to identify usernames of the Citrix users so that we can apply policies based on user group. Even better, its about half the price of some of the bigger web filtering companies but just as many features

     www.censornet.com for more info

Add Comment