Securing external-facing XenClient synchronizers with NetScaler

12:43 PM
Securing external-facing XenClient synchronizers with NetScaler -

One of the key proposals of the value of XenClient is the image and device management capabilities to remote server XenClient Synchronizer- management for XenClient devices. Synchronizer enables customers to create central, manage and update the images for delivery to the terminal where the image runs locally. Synchronizer allows administrators to specify client-side policies and for the users to save their images.

A case of use for these key capabilities is the centralized management of images to mobile users. A customer common issues arise when dealing with the issue of mobile users who travel or those who are not located in the office is: what is the best way to expose the Synchronizer to the public Internet? Our response to date has been to offer three options:

Option A :. Port Forwarding or requests forward (port 443) from the edge (firewall) to the Synchronizer

Option B :. Put the Synchronizer in the DMZ

Option C: No access to the Synchronizer outside the corporate network or require that users are in the office to get updates image, new images and download user backups

[

Each of these options has advantages and disadvantages, but we'll save that for another blog detail. The biggest problem that comes to mind for port forwarding or a DMZ scenario is that you must ensure that you have a kind of / network intrusion detection prevention system.

Ideally, Citrix NetScaler coupled with Synchronizer can offer a good solution as well. Many customers have asked: "Can I leverage my implementation NetScaler with Synchronizer" The answer is simple: "Yes"

Now you ask how

Leverage NetScaler SSL Offloading with End-to NetScaler SSL Encryption or -End Bridging give you the opportunity to expose a Synchronizer to the public Internet with a little peace of mind. with NetScaler in the fold, you now have a bit more options to consider:

Option D: NetScaler SSL offloading with encryption end to end ensures communication of XenClient Engine to the Synchronizer is encrypted by configuring SSL offloading with security. throughout by re-encrypt the plaintext data using secure SSL sessions to communicate with the Synchronizer, you can ensure that traffic is provided. in parallel, you will gain some enhanced scalability due in part to the NetScaler offloading SSL traffic encryption / decryption

Option E :. NetScaler SSL Bridging allows the unit to fill all secure traffic directly to the Web server. In this scenario NetScaler does not unload or accelerate traffic bridged as SSL offloading with End-to-End Encryption done. This option is simple and just provides another layer of security for those who do not feel the need to take advantage of the transfer function, but want another layer of network security.

Both scenarios can protect against attacks at the network level attacks such as SYN and HTTP DOS attacks. You can also pull access control NetScaler party lists (ACLs) to secure traffic further. Finally, you can take advantage of features such as protection against overvoltage and rate limiting to control incoming connections and avoid overloading the Synchronizer

Then you ask :. "How to configure these NetScaler options with a Synchronizer"

in the coming weeks, I will write a series of blogs, as well as the launch of two Technotes the XenClient support site highlighting each configuration mentioned above and how to configure them. Meanwhile, here is a post bracket on the forum to get started.

Stay tuned for more and watch Synchronizer and fun NetScaler. If you want to know more about NetScaler with Synchronizer, XenClient 4.5 Technology Preview give it a try. The Technology Preview is now available for XenClient, XenDesktop Enterprise and Platinum XenDesktop existing customers who are current on their Software Assurance contracts. For those of you who are not existing customers, you can try XenClient 4.1 here.

Join the conversation by connecting with Citrix XenClient team online!

  • Visit product page XenClient
  • Follow us on Twitter
  • Like us on Facebook
  • Visit our XenClient Technical Forum
Previous
Next Post »
0 Komentar