What is a VPN Used For

It's that time of year re: SYNERGY and GEEK SPEAK LIVE!

• Geek Speak Tonight! on Wednesday, May 13, 17:30 to 19:30, in the OCCC | West Concourse, Level IV, Valencia B / C. Enjoy complete with snacks and drinks, while Citrix Technology Professionals (CTP), CTOs and other industry thought leaders involved happy hour in a lively discussion about the compelling technical topics. As always audience participation is strongly encouraged. (We offer beer. J)

• Geek Live Talk! Track: This series of open, unfiltered sessions covering a variety of technical subjects, is also maintained with regular Synergy breakout session tracks, to give participants a chance to participate in detailed technical discussions. These sessions are particularly fun because they are unfiltered and usually lead to great opportunities for audience participation. We need to hear from you to know if we provide the right technical content, so make sure to complete your session feedback form after each session to participate.

There are a few things this year to know:

1. Geek Speak Tonight moved to Wednesday night. Do not miss it! The format has been revised and covers a wide range of topics such as: the Internet of Things, Octoblu, Citrix User Group Community (CUGC) opportunities to share expertise Geek and more
2. -Plan to attend SYN515: Geek Out game Show with Brian Madden - visited if you have visited one of BriForum events, you probably have this very popular game show. It's a geek version of Jeopardy!
3. There are 14 Geek this year speak live sessions. (. Details, handles Twitter and links are in the table below)
4. Sessions led by CTPs (Citrix Technology Professionals) are shown below; italicized.
5. There is a "Meet the Geeks" page just for us! A collection of large Synergy geekery trapped on one side! J

Regardless of your role in the workspace virtualization efforts your organization can most probably appreciate the challenges the following scenario.

A newly formed virtualization team has run the floor, to meet, to create a virtual desktop environment and newly re-architect. Over the next 12 to 18 months, through rapid organic growth and a series of strategic acquisitions, your business will almost triple the user base of 3,000 employees to 8,000 plus. The rapid growth is off a huge burden on the performance and stability of a clearly suboptimal virtual desktop environment in its infancy.

Plagued by the latency and performance of this environment, the desktop virtualization effort is in user acceptance, adoption, and most suffer critically in "user experience."

The unprecedented growth for your business is also your enterprise storage to capacity as the desktop virtualization for more than 70% of this use will bring Account. Critical decisions must be made regarding the need to provide a significant amount of SAN storage with projects outside the VDI to move forward to buy, and to provide space for a revamped disaster recovery site available. tend By DR strategy towards a true active-active data center design, the necessary capacity will be considerable. Along with the challenges above, you will also need a solution virtual workspace that. The scalability and flexibility offered for future growth

This challenging scenario was a reality for Nation Star Mortgage, just outside of Dallas, Texas.

Nationstar a leading servicer of mortgages in the United States with a presence in the market originations as well. At Citrix Synergy 2015 I is that I have the opportunity to share a bit of our history and some of the technologies and strategies we are discussing have used to meet these challenges.

When one of the engineers in our virtualization and new technologies group at Nation Star, I'll share how we used the Atlantis ILIO software defined storage solution to complement our Citrix XenApp environment:

• Successfully implement a stateless and diskless virtual desktop solution.
• from a legacy migrate to the next generation XenApp architecture.
• Dramatic improvement in performance and stability
• They eliminate the need for additional large storage costs
• reallocate 70% of the higher level storage XenApp back into the organization
• offload 100% of VDI related IOPS of SAN storage into the RAM
• consistently improve from above 2 minutes logon times 15-20 seconds to
• implementing a virtualization solution that can be scaled in a modular and consistent manner

We are also some of the gotchas and setbacks on our trip, including some of the following points:

• challenges with some of the write-cache really bring options in PVS 7.X
• What does a diskless XenApp published desktop with it?
• Go to optimize fine line between performance and the maintenance of stability
• Special Considerations with a simple in memory XenApp Atlantis ILIO model

you are currently facing challenges in any of the above aspects of desktop virtualization? I hope that our breakout session SYN112: How Nation Star Mortgage $ 1,300,000 on desktop virtualization, by their approach have saved for storage and disaster recovery, you can in your Citrix and workstation virtualization journey can in Citrix and Computer virtualization help support travel.

Josiah Foster is a Senior Citrix / Virtualization Engineer with the "Emerging Technologies" group at Nation Star Mortgage. You can with him on Twitter

Citrix invited the author of this blog post link at Citrix Synergy to present 2015 and in a related competition participate. The author has received an entry in the competition this blog for tabling

for all things Citrix Synergy Stay connected -. Follow @Citrix on Twitter and join the conversation with #CitrixSynergy

Introduction

This post is a continuation of a series of articles, written by the Citrix Labs R & D associates about IoT.

have defined the workplace in the previous posts, defines the role of the Internet of Things in the Citrix software, identifies many security challenges unique to the IoT, analyzed the information security "CIA" triad fundamentals and described a simple IoT frame with a device layer gateway layer and service layer.

In this article, we examine two specific security models that can be used to build security directly into IoT devices. The memorably called "Resurrecting Duckling" and the classic Biba security models provide a useful lens through which we can start the form of safe IoT is taking shape to be seen.

Examples of the current state of the IoT device security, consider the HP Research study of 10 popular (but unnamed) IoT devices ranging from door locks to hubs that control multiple devices , found that 0% of the collected personal data devices, 80% strong passwords was not necessary and 70% sent unencrypted data. Similarly, a researcher on Kaspersky Lab chopped his own IoT enabled home and over 14 vulnerabilities found in 20 minutes, some as serious as an administrative root password, the "1" and readable configuration files was user data.

The obvious conclusion was reached in these reports that for the Internet of Things equipment safety are fully realized, sets the device security in the equipment of its foundation must build. Security can not be an afterthought, which is added later. It is unacceptable to forego security, just because it is an "entertainment" device that will be outdated, and out of production in 12 months, because we all know that the equipment will be in use for years in the to join hands of the consumer, even if the manufacturer has evolved.

the rest of this post reviews models potential security IoT devices for the protection and Citrix describes own Octoblu IoT platform implementation of the models.

The Resurrecting Duckling security model

The Resurrecting Duckling security model name, the first one from Frank Stajano 02 implored, comes from the following metaphor. A duckling out of his egg thresholds when his mother see the first moving object of his looks that makes a noise; irrespective of his looks. This phenomenon is called imprinting. After printing, the duckling will follow his mother's instructions and no one else until his death. The metaphor is used to describe how could implement IoT devices safe, temporary connections via ad hoc networks.

When applied to the IoT, the "egg" is the factory sealed box which encloses the device. If it is removed, and is turned on, the device is its owner as the first unit recognizes it to send a secret key. This key may be a password, a UUID, a cryptographic key, or even a biometric signature. Once the key is received, the unit "claimed" and not a newborn longer and will remain loyal to its owner, until death. "Death" of devices is an important concept in this model, because this is how a device can change hands. Death is the only way to return the unit back to the prenatal state, so it can be printed by a new master.

Devices death can be made to occur in certain scenarios, when a medical instrument is dropped into the disinfection container, for example. Another scenario is a simple timeout so that the unit of "age", dies for rental equipment might. are yet other devices will only die if so by their owner instructed (for example, if the device is lost, stolen or sold), so that only the current authorized user can transfer the control of the device.

Below find a simple state diagram the Resurrecting Duckling security model and summarizes its four main principles.

Following Multiple Masters

mother / duckling relationship works well illustrated to secure personal devices with only one owner, but in the real world of the Internet the things we expect many people with the same equipment as well as many devices to interact with each other. The printed duckling is faithful to his mother for her entire life, but it should also be happy to talk to others. There is even the direction of the other follow, as long as the mother duck says that it's okay to do so

To accommodate this, the model is extended, so that there are two different ways, will be master , is the long-term mother / duckling relationship that lasts for the life of the ducklings. The second is a master / slave or peer-to-peer relationship, which in nature, lasting only temporarily is complete as a short transaction as long as necessary. The first type of relationship requires the secret key embossing, while the second is not the case.

Imagine the duckling as IoT device with a number of properties that can be read, and actions they can perform. The security model demands that the IoT device policy rules is to have for each of the component functions the credentials of a person (or other device) has to provide the device to access the specific properties and methods. These rules can grant or deny privileges to one of the possible device functions. A request in this model is that when a person / device presents the embossing button on the device, it can upload new policy rules in it. Against the background of this policy for the safety of the equipment are critical, they will most likely be created by the device manufacturer.

The various strategies for the device at different integrity levels, both public and private, or can could be chosen, even as granular as per user. This creates the need for a multi-layer health model, ie the model Biba security, as illustrated below. This security model can be summarized by its three main characteristics, provide:

• The simple integrity property - The data can be read from a higher integrity level
• The Star integrity property - data can be written to a lower integrity level
• The Invocation property - The user may not require service (call) from a higher integrity level

In this example, someone the public interface has no credentials to read data from the device. However, the public interface can not write data to a higher level of security, yet they can call a function in a higher security level. Someone the private interface can write using data and call methods of a lower layer of security, but these higher layer of security data from the lower layers of security to read unfamiliar.

is to manage cloud service (mother duck) makes it possible to carry out the special effect of the upload of a new policy to a duckling. Apart from the fact that a person or thing that can present the required credentials for launching any action by permits duck policy. This enables peer-to-peer interaction between things without being the mother duck.

threat model for Ducklings Resurrecting

The secret key given to the device when printed is obvious that the high target value in this model. To protect the key during the on-boarding process, it needs to be delivered through a channel that maintains the confidentiality and integrity. Moreover, a degree of protection against forgery is also necessary, difficult and expensive "murder" it suitably to make (maliciously printable restore), the device without any damage. In this sense, it is necessary, the secret key as difficult to recover from the device to make it so that it can not be used for impersonation. Finally, the secret key for each device should be unique, so if a single device is compromised, only the data that is on the device at risk, and not the entire network.

A perfect example of the need for tamper-proof physical security is described in this article, where a security researcher an attached bulb chops access the Wi-Fi connection to gain credentials. While counterfeiting security is required in order to reduce this risk in the device layer, it does capabilities for security as well as the higher layers is needed. For example, need to do in a safe way for the gateway or cloud service outputs in charge of the secret key. It's a good idea to take a security situation which it assumes already hacked. Against this background, these layers should also use real-time analytics to identify anomalous behavior of potentially unauthorized devices.

Octoblu Implements Resurrecting Duckling imprinting

Add Citrix Octoblu platform imprinting process is implemented by a UUID, and tokens to IoT device assigning the Microblu OS is running. If you connect with the Octoblu cloud service, devices are authenticated with their UUID and tokens. If a device does not have an owner, it is state in an unclaimed (printable). The device and its properties are searchable by authenticated resources on the same network. The device can then be used (see claim API). Once a device (printed) is claimed, it will not be visible to the public, unless the owner of the device.

Octoblu also gives you the option of registered devices to further secure access to configure permission by white-lists and black-lists. It can be used for each of the permissions to be stored in the device properties, a white list or a black list. The lists contain the UUIDs of devices that access or banned by the communication be granted to the secure device. Although this approach does not implement all the features of the security model Biba, it has a device or a person requiring a secure token to provide before they can access a particular function of the device.

Conclusion

A IoT system that "secure-by-design" relies on devices that have security features in the manufacturer from the very beginning. With security models such Resurrecting Duckling and Biba as a guide, we can (although not completely) to derive the following set of requirements for securing IoT devices:

• device identity and enrollment - Use to create secret key at enrollment or onboarding identity and a degree of trust between a specific device and the rest of the IoT system. A device that cryptography is used trustworthy than one that is not
• Imprinting -. After device'sidentity the IoT management system should enter the claimed or imprinted condition restricting use of the device to a single administration. For example, suppose a homeowner enrolls a connected door lock in its IoT management service, the barrier should be after in. After this is done, the claim switch the lock refused enrollment in another IoT management service until the first IoT-service resets. If not claimed, what someone stop with malicious intent to find a way to your castle gain claim and entry into your house
• Tamper evident / resistant - It must be easy to tell if one thing was physically impaired, and even if physically impaired, it must be impractical to extract valuable information
• isolation -. if a single device is compromised in a network of things, only the data on this unit should be in danger, and not the entire network. This usually means on the device for encryption to prevent symmetric group key
• multi-layer integrity -. multiple master and peer-to-peer interactions support, the device several layers of security such as public interfaces must be open for all and private interfaces where authentication is required before the unit with the user or other device interact. The data to prevent carefully controlled between the different security levels of contamination
• software updates is exchanged -. This requirement is not explicitly written into the security models discussed in this paper, but we all know that errors found in the software and exploited by those with malicious intent. Thus IoT devices (like the chopped bulb above example) to secure, there must be a framework to promote, distribute, and install software updates to close security gaps after they found. This is essentially a function of the higher layers of the IoT system, but devices must be upgradable in the field.

to meet, even after all of the requirements listed here, the device security can be easily compromised if the gateway or cloud service layers are not as well protected.

Come back soon, because we'll cover next time security models for the gateway and cloud service layers of IoT frame.

examples: Prefix bind a user name and remove domain prefix
radius Rewrite is a new feature in 10.5e To build. THUS Have yourself depict

many interesting Scenarien Two Simple application examples .:
1.The One two-factor login Have die Use names on the Radius server prefix
2 .Domäne "cut out" for entering the user name in syntax "domain username"
in my 1.Beipiel is a prefix "PL" insert.

The rewite policy / action

Add Rewrite action Radius_Request_Prefix
RADIUS.REQ.USER_NAME "RADIUS.NEW_AVP (1, " PL "+ RADIUS.REQ.USER_NAME) "

 replace  Add rewrite policy Radius_Request_Prefix RADIUS.IS_CLIENT Radius_Request_Prefix  

  bind global Radius_Request_Prefix 100  

in 2.Example going to die domain "cut out" for entry of user names in the syntax domain username. This is possible with the following action:

Rewrite action Radius_NoDomain RADIUS.REQ.USER_NAME
RADIUS.NEW_AVP (1 RADIUS.REQ.USER_NAME.AFTER_STR replace ( "\"))

In order to rewrite the request to the radius Sever, on must the radius request an email loadbalancer

radius Server hat die IP: 192.168.178.10

  Add service SRV_Radius  192.168.178.10  RADIUS 1812  

The LB VServer hat die 192 168 178 210

  Add lb vserver VS_Radius RADIUS 192 168 178 210 1812 -persistenceType NONE -cltTimeout 0  

  bind lb vserver VS_Radius SRV_Radius  

And radius action die is THUS:

 Add  authentication radius action Radius2AD -serverIP  192 168 178 210  -serverPort 1812   -radNASid CNS  

to note still did man /tmp/aaad.debug die circumscribes not looks, because only AFTER the VServer the radius request rewritten iS!

in DEM current build 10.5e (NS10.5: 54.008.e.nc) is building a vServers possible not binding. In eDocs is therefore described only global binding

After Citrix Desktop Player for Mac released last year, one of the most important skills customer was asked the support for Windows devices that would allow users desktop player on MacBooks and Windows laptops and PCs running.

reinforced this customer feedback, our vision for client virtualization and as a result we have accelerated the development to extend the functionality of Desktop Player for Mac to Windows devices.

at Citrix Summit 2015, we have announced and showed a forthcoming preview of this solution with the desktop player for Windows Tech Preview. Today we are pleased to announce the availability of the desktop Player for Windows Tech Preview can!

The Tech Preview adds Windows platform support for desktop players by allowing users to access a local virtual desktop on your Windows laptop or PC, regardless of wireless network conditions - or even if no network connection is available. In addition, the Tech Preview replaced existing user data, applications and settings with a simple install without interruption. Users can switch virtual desktops with ongoing synchronization of data and profile for a seamless experience on any device and between local (desktop player) and hosted (XenDesktop).

At the same time, the Tech Preview IT enables centralized management and secure these local virtual desktops over the Synchronizer management server that functions as image management, patching and updating, the role-based policy management and security controls , The Synchronizer can also IT governance and providing a single golden image to Mac and Windows endpoints running Desktop Player.

In addition to the Desktop Player for Windows Tech Preview, we are also pleased to announce the availability of the desktop Player for Mac announce Public Tech Preview. This Tech Preview strengthens the security features of Citrix Desktop Player for Mac 1.2 with features like fully VHD encryption, clipboard and file-sharing policies and VHD copy.

They both Desktop Player for Windows and Mac Tech Previews found on the download page. Please note that the software on Citrix for customers only, who are currently on Subscription Advantage or Software Maintenance. Moreover, these Tech Previews are not intended for production use. See below for more details of the functions in these two Tech Previews:

Key Features in Desktop Player Tech Previews

• Desktop Player for Windows Tech Preview
  • New Windows platform support in desktop Player : Allows users to be productive while on-the-go access through their local virtual desktop on their Windows laptop or PC, regardless of the network connectivity
  • . Centralized Management . Centrally deploy and local virtual desktops, the output on the company and BYO Windows laptops and PCs with provisioning control, patching and updating, and policy management capabilities
  • Powerful security features:. as remote Wipe, expiration date, and time-based lockout policies
  • protect Seamless switching between FlexCast models business data with security features: access hosted applications and desktops using Citrix receiver and switch between hosted and local virtual desktops with the synchronization of user profiles and data
  • Simple, flexible user experience . users can download the latest Windows technology with support for Windows 7 and 8.1 run (as a guest or host OS). Users can also use an external display via multi-monitor support
  • Simple, uninterrupted install :. Preserve existing user applications, data and settings with a simple, wizard-driven installation program that automatically pushes a virtual Windows desktop down

• Desktop Player for Mac Tech Preview
  • Synchronizer clipboard sharing security policy .: to help Controls clipboard sharing between the host operating system and guest VM data leakage of valuable corporate data prevent
  • Synchronizer File Sharing security policy .: Controls local memory access by accessing managing folders from the guest to host VM. can configure new UI improvements Users that host folders are visible on the guest VM
  • VHD encryption .: Full VHD encryption for the guest helps prevent VM data leaks. This is centrally enforced a policy Synchronizer
  • VHD copy .: Prevents the ability of the VHD to copy and manipulate due to encryption. Forced centrally Synchronizer encryption policy.

To learn more about Citrix Desktop Player for Mac, download learn and evaluate it for free in your area or visit the desktop Player product page.

Discuss with online connect with the Citrix Desktop Player Team!

• Specify the desktop Player product page
• Try desktop player with a free 0-day trial
• Follow us on Twitter
• Like us on Facebook
• Visit the desktop Player Technical Forum

, you may be wondering how these products unlike some will be of the other products that are out there on XenMobile timeouts.

fair question and I'm glad you asked!

products like this that explain how the different NetScaler / MDX timeouts work and this one have been by my colleague Albert, as the inactivity timer works for a while. This item also starts them in condition to

In my (admittedly biased) opinion, they did a great job just that. explain what each timeout is doing and where it is configured. If you do not have these items not yet read, now is the time. To answer the question we started with, I will try not to explain how these timeouts work. You already know that because you already rated this article, right?

Instead, we want to focus on why we would configure one way or another to get the balance between usability and security that we have to

DISCLAIMER :. The values ​​we understand to be Examples and starting points to discuss. Every environment is unique and has different security requirements. before production deployment, you may need to adjust these values ​​to based on environment-specific applications and security requirements, and (of course), the all configuration changes should test in a non-production environment.

Now to the good stuff. an example of the desired user experience Let us discuss the timeouts for a second and look forget. After all, there are these timeouts only tune user experience with security in mind (to force or security lockdowns with user experience in mind - depending on who you ask :))

Example: "I want my users levers have WorxMail. as seamless email experience as possible. My security man said that if they use their company not apps for 15 minutes, we want them to be prompted for a type of credentials, so let's do that. I want to to enable offline access to the material that makes sense, but not forever, only for the "right" amount of time. I do not really care what happens to my user authentication example, if they want to access the WorxStore. you do not go there too often the day. Oh, and WorxWeb, which is great for us. When a user opens, I definitely want that for them to be easy. Last thing. If we updates to guidelines and applications push, I do not want to be more than one business day prior to that propagates to our end users manageable to keep things. "

Believe it or not, only that brief" conversation "we have most of what we need to launch decisions. From this information, we would probably something like the following at the end of the landing (

app passcode

online session required: Off

inactivity timer: 15 minutes

Max offline period: 8 hours

background services ticket expiration (WorxMail):> 8 hours

NetScaler session timeout:> 480 minutes (8 hours)

NetScaler coercion timeout:. N / a

So, how do we get these values ​​

they let us break it first, the "customer" is asked for a WorxMail experience is as seamless as possible. to do this, we want our "background services ticket delivery 'value is greater than (or at least equal) our' max offline time." the reason that if the maximum offline time expires, the user a perform forced 'online authentication' against the NetScaler Gateway. This renewed both its STA (background tasks) ticket and the NetScaler session cookie. As long as the user has a valid STA ticket, they should be getting email. PS if you are not familiar with WorxMail and STA, this is a must-read.

that still does not answer how we to 8 hours of landing 'max offline time' as we get it?

Well, it admitted that three parts. We wanted to allow for offline access' just the right amount of time. "That about as subjective as data comes, but not if it on what a mobile user could do. I fly a lot. That's when offline time for me is crucial. If I at the level I want to be able read his e-mails I've already downloaded, you will see cached browser pages, notes, etc., even if my flight does not have WiFi. But most domestic flights 8 hours is not long, and I promised, we do not have throw darts with these numbers come to. we ended up to 8 hours, because "if we push we do not want to be a working day more than app and policy updates it" before this change meets the end user. about 8 hours is a fairly typical day and online registration (forced when the maximum offline time is up) what WorxHome solves is to check with the back to see if there are MDX policy updates and / or application updates.

Now for NetScaler session timeout. For those of us who are fans of wizards (myself included), we will concentrate on the _OS and _WB session policies / creates profiles. We actually know this about covered. We want this value is greater than or equal to the maximum offline time, because as long as I have a valid NetScaler session, my WorxWeb (or any other app MVPN use) experience should be relatively seamless. I asked for a to inactivity based credential, but when I'm through, I'm going away. We do not want to make the session timeout unnecessarily large, because it can have the memory usage affect the NetScaler page.

At this point, all that remains of the imagination is the forced timeout. In a high security environment, in which we want to actively end NetScaler session at a specified interval, this setting is very useful. In your average use on the other side there is a setting that is often forgotten when adjustments and complexity that is often not necessary.

Last, but not least, the "App password" setting is really what determines whether MDX timeout settings as inactivity timer apply to the specific application in question.

something like the above is where our "balanced" Customers usually land. We would be at least at the stadium. But what about the ends of the spectrum? We have some customers who are extremely security conscious and others that 100% driven by the user experience. Here are two examples of how this policy might look like. The decision points would be no different than the ones we

driven security before the vote, the input data changes only

app passcode: On

online session required : from

inactivity timer: 10 minutes

Max offline period: 1 hour

background services ticket expiration (WorxMail):> 1 hour

NetScaler session timeout:> 60 minutes (1 hour)

NetScaler forced timeout: 60 minutes (1 hour)

workflow driven:

app passcode: from

online session Required: Off

inactivity timer: N / A

Max offline period: 168 hours

background services ticket expiration (WorxMail): > 168 hours (7 days)

NetScaler session timeout:> 10,080 minutes (7 days)

NetScaler forced timeout: N / A

In summary, it's really no right or wrong answer when it comes to how those settings are adjusted. We want to be sure that the maximum offline time period is shorter than the background services timeout and the NetScaler Gateway session timeout. We also want to be sure we timeouts user experience mapping requirements, administrative requirements and safety requirements. From there, you should bring a few tests and feedback iterations in order, where you want to be a predictable and consistent user experience.

If you. Questions or would like to share that have worked, feel free to drop me a note below timeout settings Happy mobilization

Ryan McClure
architect. | Citrix Consulting

Two major trends driving the adoption of enterprise file sync and sharing -Solutions. First, the enterprise mobility. From 2013, 61 percent of information workers work outside the office [1], and the number of teleworkers by almost two-thirds increase over the next five years. Second, the proliferation of personal devices and / or BYOD programs in companies. These two trends have driven many employees use consumer cloud sharing services to do their job. This is problematic because corporate IT has no visibility or control over these accounts. For security, compliance and policy requirements to meet, companies are looking for enterprise-class options for this critical ability to take over. The question most business owners and managers information technology battle is how to determine what key features they should look for their complex requirements in an enterprise file sync and sharing service and one meets service and keep their critical business data safe.

Let's start with the basics!

1). What is Enterprise File Sync and sharing? Enterprise File Sync and sharing (EFSS) refers on a number of on-site and / or cloud-based features that enable individuals, synchronize, store and share documents, photos, videos and files multiple devices (PCs, Macs, smartphones and tablets). File sharing can be within the organization, with partners, customers and other 3 ^rd parties. File Sync and sharing is an abbreviation of files between multiple users and devices to share, and to preserve the synchronization of shared files file integrity.

There are consumer-style, enterprise-class file sync and sharing services. Most consumer-style services are free, offer file synchronization, sharing and access with limited file sizes. Most do not have asked the ability to access offer on-premise data, lack of security and management features that IT managers.

companies roll out enterprise-class file sync and sharing services, because everyone needs to share, synchronize, store and secure data on any device, anywhere. designed and developed for companies an enterprise-class service deployment for users ensuring IT control and data security while employees with a consumer-like experience they will love. If IT does not occur in and provide an authorized enterprise-class

File Sync and sharing service, choose employees to use their own file-sharing services, consumer-style offer functions and company information leakage risk. and privacy breaches

In fact, unmonitored entry of file-sharing applications has risen at amazing rates; according to the Enterprise Strategy Group report, a large majority (70 percent) of organizations know or their employees suggest that use personal online file-sharing accounts, without formal approval IT [2]. Organizations need enterprise-class file sync and sharing services provide to secure their corporate data assets.

2). What challenges IT managers face today ... and how can a company file sync and sharing service to help them meet these challenges?

• BYOD, Workshifting, a growing global workforce and 3rd party networks driving demand for instant access to (synchronized) data offline productivity and seamless cooperation from everywhere . Functional departments and teams in the choice of consumer services style investing to meet their mobility needs, enterprise data fragmentation caused by various online services, coupled with inconsistent security policies and user experience. Regarding an enterprise-wide IT authorized, enterprise-class file sync and sharing service the opportunity will offer to share, synchronize, store and secure data on any device, anywhere.
• End users turn to unsafe consumer-style tools , because they are easy to use and do not require VPN. Many IT teams resort to extreme measures, either by the use of these services to block unsecure and affect user productivity, or allowing their use and to compromise security. In addition, consumer-style Services file sync and share typically lack the ability to support the employees on-the-go and do not enhance mobile productivity. Enterprise File Sync and Share services provide important functions such as in mobile content editor built, the ability to integrate with a complete Enterprise Mobility Management (EMM) solution and the ability to connect to any Enterprise Content Management (ECM) system.
• IT is not retained in a position to control how sensitive data is accessed, stored and shared - IT teams today want to ensure control and visibility data. an enterprise file sync and sharing service deployment allows it to acquire IT control again. It will know again how the data is accessed, stored, and shared both within and outside the organization. In addition, there is also the IT teams are helping stringent security compliance requirements to enable them to protect your IT investment, infrastructure and workflows, existing, all while a rich user experience provides to ensure a good introduction.

3). What organizational benefits of an enterprise file sync and sharing solution offer

• The ability to mobilize all enterprise data - An organization can mobilize corporate data wherever they stored, or outside the building or in existing data platforms such as network shares and SharePoint or an ECM system. always with a "- - would allow additional functions to retrieve data organizations in personal cloud services like Dropbox, Google Drive, etc.
• improves collaboration, data sharing and productivity on "read-write access to data on all devices synchronized
• It enables the secure management and control of -., how the data is accessed, stored and exchanged. Meets enterprise data security and compliance standards through a secure service, the flexibility to store data or outside the building offers, or both
• happier users -. empower users instant access to data in sync across all your devices (desktop PCs and Macs and mobile devices).

4). ? What key features should in any enterprise-class file sync and sharing solution

• built for mobile users An enterprise file sharing and sync services be included - give users true enterprise-class data services in all corporate and personal mobile devices, while it needs to give the entire control. Users can access and synchronize securely share files with people from any device, both inside and outside the organization for easy collaboration and increase productivity. Offline access keeps productivity even when on-the-go
• Flexible options for storing data associated with the work, what you already have -. You should be able to decide where your data is stored - on premises, to meet in the cloud or a combination of both your needs for data ownership, compliance, performance and cost. The service should also work with, what you have today. There is no need, all your company data to migrate to the cloud
• existing Mobilize network shares, SharePoint or other ECM system -. provide instant mobile access to data on existing network file drives and SharePoint - which are not generally accessible outside the corporate network or on mobile devices. The service should develop any IT or partner organization connectors at each enterprise content management (ECM) system so that the data types expand user access on the go and manage this can
• Secure Enterprise File Management. - Advanced security features such as remote wipe, device lock, password protection, white / black listings and data expiration policies, you can determine exactly how confidential data is stored, retrieved and shared. Track and log activity in real time and create to meet compliance requirements, customized reports. The ability to hold data encryption key property if Microsoft Azure with
• integration of mobile applications, desktops, data and services in your mobile office -. data is an important part of the mobile workstation. Without access to the data, you can not get your work. A file-sharing service that is optimized and integrated with other major mobile workstation technology for virtual desktop environments also critical. For example, allows Citrix Share File for seamless transitions from physical to virtual desktops and future OS migrations and enables IT future-proof their investment.

5). If Enterprise File Sync and sharing services closely with Enterprise Mobility Management (EMM)?

Yes integrate, they should-with love a uniform user experience people. Most businesses file sync and sharing services (EFSS) do not integrate seamlessly with EMM solutions. This EFSS products usually require the purchase of additional tools and services and integration development. Citrix has a differentiated capability end user computing challenges of integrated solutions to address covering mobile desktops, applications and data. Citrix Share File was wrapped one of the first EFSS tools in an EMM solution.

Citrix XenMobile Enterprise Edition Share File Enterprise contains allow to synchronize, share, open and edit data in corporate applications on any device they use, while IT maintains security and control humans.

you see what they have to say leading analysts over Citrix.

business leaders and IT managers are not familiar with Citrix Share File invited to request a totally free trial.

Today Cisco announced several innovations to its Unified Computing System ( UCS) product line and lifted its vision to important industry trends that dovetail well with the Citrix vision for the mobile workspace. Among these were mobility and cloud-scale; two important components that are part of the Citrix nuclear DNA and help drive our daily thinking and the overall strategy. Throughout our long partnership, Citrix and Cisco have aligned with our vision to their workplace to provide people with access wherever they are, on any device.

We also have a high priority focus on providing infrastructure for our partners and customers platforms create that are future-proof, while we help them deal with the fast growing pace of change in their IT environments , Whether change from the exploding number of terminals comes, continue to cooperate rapid pace of underlying operating system updates or app and desktop migrations and upgrades, Cisco and Citrix to provide a common platform, the management, security and control allows for IT, while the user to free to use the devices that give them the most productive wherever work takes them.

Citrix and Cisco have worked together for more than ten years to optimize application and desktop virtualization environments, helping companies to become more efficient, safety and productivity through our joint reference architectures (RAs) and Cisco Validated Designs (CVDs). Our cooperation increased with the introduction of the Cisco Unified Computing System (UCS) in 09, as our engineers knowledge bundled customers with clear guidelines to provide each XenApp and XenDesktop deployment provided the optimal user experience and performance needs.

Cisco UCS ideal required further accelerate to deliver innovative cloud-scale computing with the introduction of Cisco UCS M-Series Modular Server that promise unmatched operational efficiency for cloud service providers and enterprise customers and offer a modular that architecture to be infrastructure and computing requirements for scaling the infrastructure to be demand. This cloud scale strategy services where we extend the Citrix "anyness" concept to any cloud and use infrastructure Server OEM partners such as Cisco in full compliance with our plans for Citrix Workspace.

We look forward to working closely with Cisco engineers how we test and optimize our XenApp and XenDesktop Virtualization Platforms with NetScaler and Citrix App orchestration tools are combined to develop the designs and reference architectures, the best the and reliable performance on these new systems.

provide for our Citrix Service Provider, we will continue our Citrix Service Provider (CSP) reference architecture to take advantage of the new performance, features and integration capabilities of the new Cisco UCS M-series and C30 rack server build management and management across multiple simplify datacenter. We will pool our resources in order to streamline the process of deploying and on-boarding new users while making sure the system the rich HDX mobile human user experience delivered by Citrix expect.

As the pace of innovation continues to accelerate, we are pleased to be in alignment, and look forward, with Cisco to our customers and partners have the reference architectures and validated designs to ensure on strategic initiatives with Cisco, available to built quickly roll out cloud Scale app and desktop virtualization to the most modern infrastructure. As a partner are aligned with strategy and vision, our customers win.

This will be an amazing journey.

CloudPortal Services Manager allows service providers, resellers and customers their own brand, so that the web portal interface (Control Panel) displays to Create your own logo, colors, fonts and messages

involved when their users log on to the portal, the three most important elements in branding, which are changing the look and feel of the Cloud portal Services Manager interface .:

1. Sheet
2. pictures
3. application and content of the page

create your own brand

A customer will inherit all brands that have been saved (by the merchant / service provider) in the higher hierarchy. The customer can create his own brand

to create a new custom mark, you go to the customer menu> Configuration> Branding> Brand .:

1. Select "New Brand" [
2. Enter a brand code (a short reference code which is unique).
3. Enter a brand name. This can be more descriptive.
4. Browse and location for the defined CSS file (Stylesheet) Add that are configured on the template.
5. When a style sheet associated with a brand will use the default stylesheet.
6. Let the image fields are empty, you must manually copy the image files to the web server. Please ignore the message "image uploaded."
7. Add the text content that is displayed on the login page (effective only when brand URL is configured). This field can be empty.
8. Add the text content of the website such instructions for self-service. Information about news, system health and availability, may be added here. This field is also optional
9. Save the new brand

Once the new brand has been created, it can then be applied to an individual customer: ..

Or a portal URL:

How it works

There is a master sheet in Cloud portal services Manager, which is used for the web portal for all classes comprises. This master stylesheet is built in the main DLL, so not visible.

The web portal first loads the master style sheet, if you defined a custom brand (or inherited) for the customer, the classes in the custom mark defined sheet are those that consist of the master loaded overridden.

below, the stylesheet classes that are generally defined in custom branding.

you can define to change the whole interface look and feel with all the necessary classes of integrated point in Example brand "orange".

all image files of Cloud Portal Services Manager are usually located in the C: inetpub Cortex Management CortexDotNet pic. It is recommended that Citrix Service Provider its own subdirectory for use in the custom brands to create images.

images to be used in the stylesheet has defined have the correct file path. Below an example of the class for the login page CloudPortal Services Manager

.loginbody is {

margin: 0 auto;

padding :. 0;

}

White Labeling

The marks are applied Manager service properties in the hierarchy in a manner similar to Cloud Services Portal. if a trader an own brand has defined the default inherit the customers from this dealer this brand

white Labeling In order to achieve this, so that customers can only see from a dealer that all services are hosted and the reseller offered:

1. Login CloudPortal Services Manager to create as an administrator resellers a brand, so the brand to the reseller is only available and its customers.
2. define all the necessary sheet classes with the logo of the reseller photos login page image (you can web server access for this need).
3. you define the login page content and user home page content as a reseller
4. as Citrix Service Provider, create a separate URL (host header on the website web portal in IIS on the webserver. or create a new site in the same file structure shows) and DNS resolve.
5. to assign the reseller brand to the new URL.

Learn about Cloud Portal Services Manager

This week at Intel Developer Forum 14 # IDF14 in San Francisco, Citrix and Intel will highlight our expanded partnership with a number of new technology demonstrations. Citrix mobile workspaces leadership are on full display with Citrix solutions with Intel technology in enterprise mobility, networking, cloud and data center customers and Chrome.

Citrix was invited by Intel, a cross section through additional technology to present solutions within four Intel Communities and Advanced Technology Zone

cloud and security -. within the Intel SSG Security Pavilion, Citrix is ​​ supply of safe workloads within OpenStack clouds with based on Citrix XenServer . Citrix has for several years in various projects with Intel is working to support Trusted Execution Intel Technology based (TXT), and will be expanded pleased this year showcasing secure virtual machines running OpenStack clouds within Intel's flagship software and security Pavilion are combined in , Booth # 512

Networking - Citrix is ​​now a part of Intel network builder Community. For the first time at IDF Citrix is ​​our Intel Xeon-based portfolio of NetScaler SDX solutions are highlighted in booth # 932nd Citrix is ​​Dynamic service chaining with OpenStack and VNF including NetScaler and Citrix ByteMobile

Enterprise Graphics Virtualization -. connected With Synergy 2014 Intel and HP Citrix to put on stage in the sector open to new Xeon E3 Iris Pro Graphics offers game changing density, efficiency and performance benefits for enterprise customers, since they for delivering rich applications and data to a wide range of users. Stop to see Intel Data Center Pavilion # 116 The latest technology demos with Intel Graphics Virtualization Technology , HP and Citrix

Enterprise Mobility Management -. Citrix continues to optimize partner with Intel mobility management and user experience on all Intel-based devices. Citrix booth # 355 will feature XenMobile on the latest generation of Intel-based Windows and Android convertible, 2: 1 and tablet devices

Chrome and clients - Both in the Advanced Technology Zone , and the main Citrix Booth, Intel and Citrix is ​​the Tech Preview of Citrix Receiver for Chrome present running on the new Intel Core i3 Chromebooks from Acer and Dell. In addition to our expands partnership with Google , Citrix and Intel continue to bring users across the enterprise the best app and desktop virtualization experience on the latest Intel-based Core i3 cooperate Chrome devices.

IDF promises presented our strong technology partnership with Intel and further demonstrate the industry Citrix guide to be an exciting week for mobile workspaces. We invite our partners, enterprise customers and industry supporters in the Bay Area this week # IDF14 the Moscone Center to visit with Citrix experts to speak and display an impressive array of Citrix solutions.

Marc Andreessen was right software really eats the world

While in the past the office productivity was determined by physical constraints linked with the people to certain areas of production, such as buildings and desktop computers, we have now moved beyond. The software can do to take us through these limitations, we have to do, when and where we need to do it. A car is a conference room a global team matches. An iPad in a cafe is a design studio. An airport lounge is a sales office. Just last week Apple has a wristwatch that a communications center, health sensor, wallet, weather station and who knows what else. No wonder investors to pour so much money into software companies. More than ever, it is software that define us our own reality.

This is especially true in the workplace. Not so long ago, people were working at a particular location, developed a specific machine to do specific things. The image appears already as ancient history, right? Today it must not matter where you are, what device you have, or even if you are stuck on a device or move about more about the source of the day. Wherever you go, you can define your workspace according to your needs. If you need to act like a high-end engineering workstation your tablet, no problem. If you need to collaborate with colleagues on the other side of the world, you can meet with them all face-to-face on the laptop screen. If you edit or respond to a client on a fixed period a document, you can catch the next device even grab one of a borrowed friend and just like that, you are trusted in your own desktop search.

Of course, the software-defined workspace is not magically appear. It comes from the IT, the culmination of a long process of innovation that has first connected LAN systems in client-server and now seen in an increasingly diverse and dynamic mosaic of interconnected systems monolithic mainframe systems branch. In adapting to the requirements of this new environment, it has the software-defined data center embraced, with the virtual shifts the physical in terms of computing, storage, networking and orchestration. With the workstation software-defined, IT curated now aggregates, secures and delivers applications and content anywhere they are needed, without being bound by physical location or hardware.

to complete this shift and the mobile workstation, we each element to be the best it can be. A dynamic access environment requires bulletproof security, even from the human remains to allow true freedom and comfort. People need a great experience, where and how they work, without having to worry about the limits of the device or network they use similar, a high-end Windows application on an Android device via public WLAN runs. You need to be able to access information and share it with others, and cooperation with teammates seamlessly with devices and locations. Each service will be delivered, must be secure, collaborative, contextual, continuously and smoothly moved.

The culmination of a 25-year partnership of success

That's where Citrix comes. the software-defined workspace is the result of our partnership with IT through a journey of transformation. There is no faith, we is more at the heart than the idea that the work does not take place-it's something that people do. Over the past two decades, we have remote access, virtualization, Delivery Networking, cloud infrastructure and mobility management pioneered to allow all people to define their own environment for the productivity of labor, no matter where they are. Along the way we have developed assets that enable us in a unique position to become a reality, the software-defined workspace. As such has been placed for Citrix Share File and the Magic Quadrant for Enterprise Mobility Management Suites ** Citrix for Enterprise File Synchronization and Sharing * in Gartner Leaders Quadrant of the Magic Quadrant. You can before more of my thoughts on our market leadership in my previous blogs.

In the weeks and months to read, you will hear a lot more about the workplace software-defined and how Citrix makes it possible. Picture a complete work, the people followed wherever they go, under whatever form they need it. Then imagine how much better life for your business will be and your employees, if we help you to realize it.

About the author

Matthew Morgan vice president of corporate product marketing for Citrix. In this capacity, Mr. Morgan Global Product Marketing passes for all Citrix solutions. His background includes twenty years in enterprise software, including the world's leading product marketing organizations for HP Software, Mercury Interactive and Blueprint. Feel free, with him on LinkedIn or visit his personal blog.

* Gartner Magic Quadrant for connecting 2014 for Enterprise File synchronization and sharing, Monica Basso, Jeffrey Mann, Charles Smulders, July 2

** Gartner Magic quadrant for Enterprise Mobility management Suites, Terrence Cosgrove, Rob Smith, Chris Silva, Bryan Taylor, John Girard, Monica Basso, June 3, 2014

Gartner does not endorse any vendor, product or services depicted in its research publications, and does not advise technology users to select with the highest ratings or other designation, only the provider. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose .

Citrix Labs recently XenDesktop 7.5 Windows Azure Pack Gallery Photo posted. This blog post takes a closer look at the Windows Azure Pack fits in the company and how the XenDesktop Windows Azure Pack Gallery image allows rapid and automated XenDesktop implementations in a private / hybrid cloud scenario.

XenDesktop cloud in a private / hybrid

CC Photo credit: Daniel Lu

if they were to ask a typical company, whether they embraced some form of public cloud, chances are 100% of respondents would say "yes" (and this survey that the adoption amplified).

Now were, if you have the same number of enterprise customers, if they still ask a heavy investment in their own internal data center, the answer would probably be close to 100% also. The reality of cloud adoption that while it offers companies many advantages around cost, efficiency and flexibility; the typical company is managing more internal data centers for some time. Reasons for this are probably a number of factors, which concerns, security concerns, testing or managing legacy applications that can not possibly contain suitable for public cloud.

This increase to the private and hybrid clouds, to implement something that many companies have already begun to evaluate and implement, or plan, because it aspects of public and private clouds look together to combine.

Knowing this, that examines Citrix Labs team how we could help our customers deploy virtual desktops in a private or hybrid cloud scenario. Recently we published a tech preview of our XenDesktop System Center templates. These templates provide an easy way to simplify and automate XenDesktop implementations in a service-based private cloud. Our next project that we has just been released as a Tech Preview is a XenDesktop Windows Azure Pack gallery image.

XenDesktop Windows Azure Pack Gallery Image Tech Preview

What is a XenDesktop Windows Azure Pack Gallery image? Now let us first start with Windows Azure Pack.

"The Windows Azure Pack for Windows Server provides a solution for companies that act as service providers and service providers interested in winning enterprise workloads. ... (It) provides the power of Windows Azure in your data center, so you have a wide range, self-service, cloud multi-tenancy with Windows Azure consistent experiences and services. ( Microsoft Windows Azure Pack for Windows Server Whitepaper )

Windows Azure Pack is to emulate the Windows Azure experience a data center, so that large companies and service providers to have a consistent experience as they provide and independent resources manage of their location - public cloud, private cloud or hybrid cloud a Windows Azure Pack gallery image is a standard, shareable component of Windows Azure Pack, the virtual machine roles, or server roles as repeatable configuration..

The XenDesktop service self-determination allows customers of a large enterprise or service provider Windows Azure Pack Gallery image provides a consistent installation of XenDesktop roles. Similar in concept to the aforementioned System Center Service templates they should be reusable virtual machine blueprints, which can be used to simplify the deployment and management of virtual machines. The essential difference is that gallery images can be exposed for tenants on the Windows Azure Management Portal Pack, it is easy for a large company or a service provider make gallery images across multiple customers.

[1945009teilen]

Windows Azure Management Portal Pack