XenApp 5 Security Standards and Deployment Scenarios

Size: px
Start display at page:

Download "XenApp 5 Security Standards and Deployment Scenarios"

Transcription

1 XenApp 5 Security Standards and Deployment Scenarios :22:07 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

2 Contents XenApp 5 Security Standards and Deployment Scenarios... 4 XenApp 5 Security Standards and Deployment Scenarios... 5 Security Considerations in a XenApp Deployment... 6 Country-Specific Government Information... 7 FIPS 140 and XenApp... 8 TLS/SSL Protocols Government Ciphersuites IP Security Citrix Password Manager Smart Cards Smart Card Support Kerberos Authentication Citrix XenApp Plugins Standards Summary Virtual Channels Additional XenApp Security Features ICA Encryption Using SecureICA Authentication for the Web Interface Using RSA SecurID Authentication for the Web Interface Using SafeWord Deployment Samples Sample A Using the SSL Relay How the Components in Sample Deployment A Interact FIPS 140 Validation in Sample Deployment A TLS/SSL Support in Sample Deployment A Supported Ciphersuites for Sample Deployment A Certificates and Certificate Authorities in Sample Deployment A 31 Smart Card Support in Sample Deployment A Plugins Used in Sample Deployment A Sample B Using Secure Gateway (Single-Hop)

3 How the Components in Sample Deployment B Interact IPSec in Sample Deployment B FIPS 140 Validation in Sample Deployment B TLS/SSL Support in Sample Deployment B Supported Ciphersuites for Sample Deployment B Certificates and Certificate Authorities in Sample Deployment B 42 Smart Card Support in Sample Deployment B Plugins Used in Sample Deployment B Sample C Using Secure Gateway (Double-Hop) How the Components in Sample Deployment C Interact IPSec in Sample Deployment C FIPS 140 Validation in Sample Deployment C TLS/SSL Support in Sample Deployment C Supported Ciphersuites for Sample Deployment C Certificates and Certificate Authorities in Sample Deployment C 52 Smart Card Support in Sample Deployment C Plugins Used in Sample Deployment C Sample D Using the SSL Relay and the Web Interface How the Components in Sample Deployment D Interact FIPS 140 Validation in Sample Deployment D TLS/SSL Support in Sample Deployment D Supported Ciphersuites for Sample Deployment D Certificates and Certificate Authorities in Sample Deployment D 61 Smart Card Support in Sample Deployment D Plugins Used in Sample Deployment D Sample E Using Password Manager and Secure Gateway (Single-Hop) How the Components in Sample Deployment E Interact IPSec in Sample Deployment E FIPS 140 Validation in Sample Deployment E TLS/SSL Support in Sample Deployment E Supported Ciphersuites for Sample Deployment E Certificates and Certificate Authorities in Sample Deployment E 72 Smart Card Support in Sample Deployment E Plugins Used in Sample Deployment E

4 XenApp 5 Security Standards and Deployment Scenarios Citrix products offer the security specialist a wide range of features for securing a XenApp system according to officially recognized standards. Security standards as they apply to Citrix XenApp 5.0 for Microsoft Windows Server 2003 and Citrix XenApp 5.0 for Microsoft Windows Server 2008 are discussed here. These topics provide an overview of the standards that apply to XenApp deployments and describe the issues involved in securing communications across a set of sample XenApp deployments. For more information about the details of the individual security features, refer to the relevant product or component documentation. When deploying XenApp 5.0 for Windows Server within large organizations, particularly in government environments, security standards are an important consideration. For example, many government bodies in the United States and elsewhere specify a preference or requirement for applications to be compliant with FIPS 140. These topics address common issues related to such environments. These topics are designed for security specialists, systems integrators, and consultants, particularly those working with government organizations worldwide. Note: Later Citrix product and feature versions may be available and may be supported on different operating system versions; Citrix XenApp 5 security test configurations used the versions noted in these topics. 4

5 Security Considerations in a XenApp Deployment XenApp provides server-based computing to local and remote users through the Independent Computing Architecture (ICA) protocol developed by Citrix. ICA is the communication protocol by which servers and client devices exchange data in a XenApp environment. ICA is optimized to enhance the delivery and performance of this exchange, even on low bandwidth connections. As an application runs on the server, XenApp intercepts the application s display data and uses the ICA protocol to send this data (on standard network protocols) to the plugin software running on the user s client device. When the user types on the keyboard or moves and clicks the mouse, the plugin software sends the data generated for processing by the application running on the server. ICA requires minimal client workstation capabilities and includes error detection and recovery, encryption, and data compression. A server farm is a collection of XenApp servers that you can manage (from the Access Management Console) as a single entity. A server can belong to only one farm, but a farm can include servers from more than one domain. The design of server farms has to balance the goal of providing users with the fastest possible application access with that of achieving the required degree of centralized administration and network security. Note that in XenApp deployments that include the Web Interface, communication between the server running the Web Interface and client devices running Web browsers (and plugin software) takes place using HTTP. In a XenApp deployment, administrators can configure encryption using either of the following: SSL Relay, a component that is integrated into XenApp Secure Gateway, a separate component provided on the XenApp installation media 5

6 Security Considerations in a XenApp Deployment XenApp provides server-based computing to local and remote users through the Independent Computing Architecture (ICA) protocol developed by Citrix. ICA is the communication protocol by which servers and client devices exchange data in a XenApp environment. ICA is optimized to enhance the delivery and performance of this exchange, even on low bandwidth connections. As an application runs on the server, XenApp intercepts the application s display data and uses the ICA protocol to send this data (on standard network protocols) to the plugin software running on the user s client device. When the user types on the keyboard or moves and clicks the mouse, the plugin software sends the data generated for processing by the application running on the server. ICA requires minimal client workstation capabilities and includes error detection and recovery, encryption, and data compression. A server farm is a collection of XenApp servers that you can manage (from the Access Management Console) as a single entity. A server can belong to only one farm, but a farm can include servers from more than one domain. The design of server farms has to balance the goal of providing users with the fastest possible application access with that of achieving the required degree of centralized administration and network security. Note that in XenApp deployments that include the Web Interface, communication between the server running the Web Interface and client devices running Web browsers (and plugin software) takes place using HTTP. In a XenApp deployment, administrators can configure encryption using either of the following: SSL Relay, a component that is integrated into XenApp Secure Gateway, a separate component provided on the XenApp installation media 6

7 Country-Specific Government Information The following topics are of particular relevance to XenApp installations in Australia, the United Kingdom, and the United States: FIPS 140 and XenApp TLS/SSL Protocols Smart Cards Smart Card Support Kerberos Authentication In addition, for information on Common Access Cards (of particular relevance to installations in the United States), see Smart Card Support. For more information about issues specific to your country, contact your local Citrix representative. 7

8 FIPS 140 and XenApp Federal Information Processing Standard 140 (FIPS 140) is a U.S. Federal Government standard that specifies a benchmark for implementing cryptographic software. It provides best practices for using cryptographic algorithms, managing key elements and data buffers, and interacting with the operating system. An evaluation process that is administered by the National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) allows encryption product vendors to demonstrate the extent to which they comply with the standard and, thus, the trustworthiness of their implementation. FIPS 140-1, published in 1994, established requirements for cryptographic modules to provide four security levels that allowed cost-effective solutions appropriate for different degrees of data sensitivity and different application environments. FIPS 140-2, which superceded FIPS in 2002, incorporated changes in standards and technology since FIPS 140-3, which is still in draft, adds an additional security level and incorporates new security features that reflect recent advances in technology. Some U.S. Government organizations restrict purchases of products that contain cryptography to those that use FIPS 140-validated modules. In the U.K., guidance published by the Communications-Electronics Security Group (CESG) recommends the use of FIPS 140-approved products where the required use for information is below the RESTRICTED classification, but is still sensitive (that is, data classified PRIVATE). The security community at large values products that follow the guidelines detailed in FIPS 140 and the use of FIPS 140-validated cryptographic modules. To implement secure access to application servers and to meet the FIPS 140 requirements, Citrix products can use cryptographic modules that are FIPS 140 validated in Windows implementations of secure TLS or SSL connections. The following XenApp components can use cryptographic modules that are FIPS 140 validated: XenApp Citrix XenApp Plugin for Hosted Apps for Windows (including the Citrix XenApp plugin, the Citrix XenApp Web Plugin, and Program Neighborhood) Web Interface SSL Relay Secure Gateway for Windows Where the client and server components (listed above) communicate with the TLS or SSL connection enabled, the cryptographic modules that are used are provided by the Microsoft Windows operating system. These modules use the Microsoft Cryptography Application Programming Interface (CryptoAPI) and are FIPS 140 validated. 8

9 FIPS 140 and XenApp Note: On both Windows Vista with Service Pack 1 and Windows Server 2008, you must apply Microsoft hotfix kb ( to ensure that the random number generator used within CryptoAPI and, therefore, the underlying operating system is FIPS 140 compliant. The ciphersuite RSA_WITH_3DES_EDE_CBC_SHA, defined in Internet RFC 2246 ( uses RSA key exchange and TripleDES encryption. This is achieved as follows: According to the Microsoft documentation ( FIPS-compliant systems that use FIPS 140-certified cryptomodules can be deployed by following a prescribed set of steps. These steps include setting a particular FIPS local policy flag. As noted in the Microsoft documentation referenced above, not all Microsoft components and products check the FIPS local policy flag. Refer to the Microsoft documentation for instructions on how to configure these components and products to behave in a FIPS-compliant manner. Similarly, Citrix components do not check the FIPS local policy flag. Instead, these components must be configured to behave in a FIPS-compliant manner. Specifically, Citrix components that use TLS must be configured to use government ciphersuites. This will cause the component to select one of the following ciphersuites: RSA_WITH_3DES_EDE_CBC_SHA [RFC 2246] RSA_WITH_AES_128_CBC_SHA [FIPS 197, RFC 3268] RSA_WITH_AES_256_CBC_SHA [FIPS 197, RFC 3268] Given the accuracy of the above statements, and assuming that all these steps are followed, the resulting XenApp configuration will use FIPS 140 cryptomodules in a FIPS-compliant manner. For a list of currently validated FIPS 140 modules, see For more information about FIPS 140 and NIST, visit the NIST Web site at 9

10 TLS/SSL Protocols You can secure communications between client devices and servers using either the Transport Layer Security (TLS) 1.0 or Secure Sockets Layer (SSL) 3.0 protocols. These protocols are collectively referred to TLS/SSL. Both TLS and SSL are open protocols that provide data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. Note that both the SSL Relay and Secure Gateway support TLS and SSL. SSL is an open, nonproprietary security protocol for TCP/IP connections. If you want to use the SSL Relay to secure communications between client devices and servers within the server farm, you must install the SSL Relay on each server in the farm. Alternatively, you can use Secure Gateway. Both the SSL Relay and Secure Gateway implementations are discussed in this documentation. TLS, which is also an open standard, is the latest, standardized version of the SSL protocol. The SSL Relay also supports TLS; you can configure the SSL Relay, Secure Gateway, and the Web Interface to use TLS. Support for TLS Version 1.0 is included in XenApp 5.0 and Password Manager 4.6. Because there are only minor differences between TLS and SSL, the server certificates in your installation can be used for both TLS and SSL implementations. 10

11 Government Ciphersuites You can configure XenApp, the Web Interface, and Secure Gateway to use government-approved cryptography to protect "sensitive but unclassified" data by using the applicable ciphersuite: RSA_WITH_3DES_EDE_CBC_SHA supports RSA key exchange and TripleDES encryption, as defined in Internet RFC 2246 ( RSA_WITH_AES_128_CBC_SHA supports RSA key exchange with Advanced Encryption Standard (AES) and 128-bit keys for TLS connections, as defined in FIPS and Internet RFC 3268 ( For more information about AES, see RSA_WITH_AES_256_CBC_SHA supports RSA key exchange with AES and 256-bit keys for TLS connections, as defined in FIPS 197 and RFC

12 IP Security IP Security (IPSec) is a set of standard extensions to the Internet Protocol (IP) that provides authenticated and encrypted communications with data integrity and replay protection. IPSec is a network-layer protocol set, so higher level protocols such as Citrix ICA can use it without modification. Although such sample deployments are outside the scope of this document, you can use IPSec to secure a XenApp deployment within a virtual private network (VPN) environment. IPSec is described in Internet RFC Microsoft Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003 have built-in support for IPSec. 12

13 Citrix Password Manager Citrix Password Manager increases application security for all XenApp applications, allowing organizations to centralize password management while providing users with fast sign-on access to Web, Windows, and host-based applications. Password Manager is available as a standalone product and is included in XenApp Platinum Edition. 13

14 Smart Cards You can use smart cards with XenApp, supported XenApp plugins, the Web Interface, and Password Manager to provide secure access to applications and data. Using smart cards simplifies the authentication process while enhancing logon security. XenApp supports smart card authentication to published applications, including smart card-enabled applications such as Microsoft Outlook. In a business network, smart cards are an effective implementation of public key technology and can be used for the following purposes: Authenticating users to networks and computers Securing channel communications over a network Securing content using digital signatures If you are using smart cards for secure network authentication, your users can authenticate to applications and content published on your server farms. In addition, smart card functionality within these published applications is also supported. For example, a published Microsoft Outlook application can be configured to require that users insert a smart card into a smart card reader attached to the client device in order to log on to a XenApp server. After users are authenticated to the application, they can digitally sign using certificates stored on their smart cards. Citrix supports the use of Personal Computer Smart Card (PC/SC)-based cryptographic smart cards. These cards include support for cryptographic operations such as digital signatures and encryption. Cryptographic cards are designed to allow secure storage of private keys such as those used in Public Key Infrastructure (PKI) security systems. These cards perform the actual cryptographic functions on the smart card itself, meaning that the private key and digital certificates never leave the card. In addition, you can use two-factor authentication for increased security. Instead of merely presenting the smart card (one factor) to conduct a transaction, a user-defined PIN (a second factor) known only to the user, is used to prove that the cardholder is the rightful owner of the smart card. 14

15 Smart Card Support Citrix continues testing various smart cards to address smart card usage and compatibility issues with XenApp. XenApp supports the Common Access Card in a deployment that includes the Citrix XenApp Plugin for Hosted Apps for Windows. Contact your Common Access Card vendor or Citrix representative for more information about supported versions of Common Access Card hardware and software. Citrix tests smart cards using certificates from common certificate authorities such as those supported by Microsoft. If you have any concerns regarding your certificate authority and compatibility with XenApp, contact your local Citrix representative. 15

16 Kerberos Authentication Kerberos is an authentication protocol. Version 5 of this protocol was first standardized as Internet RFC Many operating systems, including Microsoft Windows 2000 and later, support Kerberos as a standard feature. XenApp extends the use of Kerberos. When users log on to a client device, they can connect to XenApp without needing to authenticate again. The user s password is not transmitted to XenApp; instead, authentication tokens are exchanged using the Generic Security Services API (GSSAPI), which was first standardized in Internet RFC This authentication exchange is performed within a Citrix Independent Computing Architecture (ICA) virtual channel and does not require any additional protocols or ports. The authentication exchange is independent of the logon method, so it can be used with passwords, smart cards, or biometrics. To use Kerberos authentication with XenApp, both the client and server must be appropriately configured. You can also use Microsoft Active Directory Group Policy to selectively disable Kerberos authentication for specific users and servers. For information on implementing Kerberos Authentication in a XenApp environment, see Knowledge Center article CTX

17 Citrix XenApp Plugins With the Citrix XenApp Plugin for Hosted Apps installed on their client devices, users can work with applications running on XenApp servers. Users can access these applications from virtually any type of client device over many types of network connection, including LAN, WAN, dial-up, and direct asynchronous connections. Because the applications are not downloaded to the client devices (as with the more traditional network architecture), application performance is not limited by bandwidth or device performance. Citrix XenApp Plugins are available for Windows, Macintosh, Linux, UNIX, and Windows CE operating systems, and the Java Runtime Environment. Additionally, you can use the Citrix XenApp Web Plugin with Web browsers that support ActiveX controls or Netscape plug-ins. Citrix XenApp Plugins for Windows use cryptographic modules provided by the operating system. Other plugins, including the Client for Java, contain their own cryptographic modules. The Client for Java can, therefore, be used on older Windows operating systems that do not support strong encryption. The table in Standards Summary lists the latest versions of the available plugins. The table specifies whether each plugin is FIPS 140 compliant, supports TLS, includes smart card support, uses government ciphersuites, supports certificate revocation checking, and supports Kerberos authentication. Note that certificate revocation checking is applicable to plugins running on Microsoft Windows 2000, Windows XP, and Windows Vista only. Where the latest version of a plugin does not completely supersede a previous version (for example, a particular operating system may be supported only by an earlier plugin version), the earlier version of the plugin is also listed. 17

18 Standards Summary The following table summarizes the standards relevant to the various XenApp plugins: Plugin type FIPS 140 TLS Triple DES AES CRL check Smart card Kerberos Citrix XenApp plugin (Win32) 11.x Citrix XenApp Web Plugin (Win32) 11.x Program Neighborhood (Win32) 11.x Client for Windows CE for Windows-Based Terminals 10.x Client for Windows CE for Handheld and Pocket PCs 10.x *¹ * * * * * * *¹ * * * * * * *¹ * * * * * * *² * * * *² * * * Client for Macintosh 10.x * * * * * Client for Linux 10.x * * * Client for Java 9.x * * * * *³ Client for Sun Solaris 8.x * * * Notes: ¹ These plugins inherit FIPS 140 compliance from the base operating system, Windows. ² These plugins inherit FIPS 140 compliance from the base operating system, Windows CE. ³ Kerberos authentication is not supported when the Client for Java is running on Mac OS X client devices. The table below shows the certificate source for plugins that support at least one of the security features listed in the table above. Plugins marked OS use certificates stored in the operating system certificate store, those marked Plugin use certificates bundled with the plugin, and plugins marked JRE use certificates stored in the Java keystore. Plugin type Citrix XenApp plugin (Win32) 11.x Citrix XenApp Web Plugin (Win32) 11.x Program Neighborhood (Win32) 11.x Client for Windows CE for Windows-Based Terminals 10.x Root certificate source OS OS OS OS 18

19 Standards Summary Client for Windows CE for Handheld and Pocket PCs 10.x Client for Macintosh 10.x Client for Linux 10.x Client for Java 9.x Client for Sun Solaris 8.x OS OS Plugin JRE (Java 1.4.x) JRE or OS (Java 1.5.x or later) Plugin 19

20 Virtual Channels The following table shows which ICA virtual channels (or combination of virtual channels) can be used with XenApp for authentication and application signing or for encryption methods. Note: This table applies only to XenApp, not to Password Manager. Smart card authentication Biometric¹ authentication Password authentication Application signing/encryption Smart card virtual channel * * * Kerberos virtual channel * * * ¹ Third-party equipment is required for biometric authentication. Core ICA protocol (no virtual channel) 20

21 Additional XenApp Security Features The following products can be used with XenApp to provide additional security: SecureICA RSA SecurID Aladdin SafeWord The topics below provide a brief overview of how these products can be used with XenApp. However, these additional security measures are not included in the sample deployments. For more information about the features of these products, refer to the relevant product documentation. 21

22 ICA Encryption Using SecureICA ICA encryption with SecureICA is integrated into XenApp. With SecureICA, you can use up to 128-bit encryption to protect the information sent between a XenApp server and users client devices. However, it is important to note that SecureICA does not use FIPS 140-compliant algorithms. If this is an issue, you can configure XenApp servers and plugins to avoid using SecureICA. 22

23 Authentication for the Web Interface Using RSA SecurID You can use the third-party product RSA SecurID as an authentication method for the Web Interface running on Internet Information Services. If RSA SecurID is enabled, users must log on using their credentials (user name, password, and domain) plus their SecurID PASSCODE. The PASSCODE is made up of a PIN followed by a tokencode (the number displayed on the user s RSA SecurID token). RSA SecurID supports authentication on both XenApp and Password Manager. 23

24 Authentication for the Web Interface Using SafeWord You can use the third-party product Aladdin SafeWord as an authentication method for the Web Interface running on Internet Information Services. If SafeWord is enabled, users must log on using their credentials (user name, password, and domain) plus their SafeWord passcode. The passcode is made up of the code displayed on the user s SafeWord token, optionally followed by a PIN. SafeWord supports authentication on XenApp, but not on Password Manager. 24

25 Deployment Samples To make a XenApp deployment FIPS 140 compliant, you need to consider each communication channel within the installation. The following deployment samples show how users can connect to XenApp servers with different configurations of components and firewalls. In particular, the samples provide general guidance on how to make each communication channel secure using TLS/SSL so that the system as a whole is FIPS 140 compliant. Note: Secure Gateway and the SSL Relay support both TLS and SSL-based encryption. Your choice of method is largely determined by which topology best meets the needs of your organization s security policies. The deployment samples described in this document are as follows: Sample A Using the SSL Relay Sample B Using Secure Gateway (Single-Hop) Sample C Using Secure Gateway (Double-Hop) Sample D Using the SSL Relay and the Web Interface Sample E Using Password Manager and Secure Gateway (Single-Hop) 25

26 Sample A Using the SSL Relay This deployment uses the SSL Relay to provide end-to-end TLS/SSL encryption between the XenApp server and the plugin. This diagram shows sample deployment A, which uses the SSL Relay. The deployment uses XenApp 5.0 for Microsoft Windows Server Users run the Citrix XenApp plugin 11.x (32-bit Windows) on their client devices. 26

27 How the Components in Sample Deployment A Interact Use TLS/SSL to secure the connections between client devices and the XenApp servers. To do this, deploy TLS/SSL-enabled plugins to users and configure the SSL Relay on the XenApp servers. This deployment provides end-to-end encryption of the communication between the client device and the XenApp servers. Both the SSL Relay and the appropriate server certificate must be installed and configured on each server in the farm. The SSL Relay operates as an intermediary in communication between client devices and the XML Service on each server. Each client device authenticates the SSL Relay by checking the SSL Relay s server certificate against a list of trusted certificate authorities. After this authentication, the client device and the SSL Relay negotiate requests in encrypted form. The SSL Relay decrypts the requests and passes them to the XenApp servers. All information sent to the client device from the servers passes through the SSL Relay, which encrypts the data and forwards it to the client device to be decrypted. Message integrity checks verify that each communication has not been tampered with. This diagram shows a detailed view of sample deployment A. 27

28 FIPS 140 Validation in Sample Deployment A In this deployment, the SSL Relay uses the Microsoft cryptographic service providers (CSPs) and associated cryptographic algorithms available in the Microsoft Windows CryptoAPI to encrypt and decrypt communication between client devices and servers. For more information about the FIPS 140 validation of the CSPs, see the Microsoft documentation. For Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003, TLS/SSL support and the supported ciphersuites can also be controlled using the following Microsoft security option: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing For more information, see the documentation for your operating system. 28

29 TLS/SSL Support in Sample Deployment A You can configure XenApp to use either the Transport Layer Security 1.0 protocol or the Secure Sockets Layer 3.0 protocol. In sample deployment A, the components are configured for TLS. For more information about configuring TLS, see the Citrix plugin documentation and the XenApp Administration documentation for the SSL Relay Configuration Tool. When using the SSL Relay Configuration Tool, ensure that TLS is selected on the Connection tab. 29

30 Supported Ciphersuites for Sample Deployment A In this deployment, XenApp can be configured to use government-approved cryptography, such as the ciphersuite RSA_WITH_3DES_EDE_CBC_SHA, to protect sensitive but unclassified data. For more information about configuring government ciphersuites, see: The XenApp Administration documentation for the SSL Relay Configuration Tool. When using the SSL Relay Configuration Tool, ensure that only GOV is selected on the Ciphersuite tab. The Citrix plugin documentation. Alternatively, for TLS connections, you can use AES as defined in FIPS 197. The government ciphersuites are RSA_WITH_AES_128_CBC_SHA for 128-bit keys and RSA_WITH_AES_256_CBC_SHA for 256-bit keys. As defined in Internet RFC these ciphersuites use RSA key exchange and AES encryption. For more information about AES, see 30

31 Certificates and Certificate Authorities in Sample Deployment A Citrix products use standard Public Key Infrastructure (PKI) as a framework and trust infrastructure. In sample deployment A, a separate server certificate is configured for each XenApp server on which the SSL Relay is used. A root certificate is required for each client device. For more information, see the XenApp Administration documentation. 31

32 Smart Card Support in Sample Deployment A In this deployment, you can configure XenApp to provide smart card authentication. To do this, you must configure authentication with Microsoft Active Directory and use the Microsoft Certificate Authority. 32

33 Plugins Used in Sample Deployment A In this deployment, users access their applications using the Citrix XenApp plugin. For more information about the security features and capabilities of Citrix XenApp Plugins, see Citrix XenApp Plugins. 33

34 Sample B Using Secure Gateway (Single-Hop) This deployment uses Secure Gateway in a single-hop configuration to provide TLS/SSL encryption between a secure Internet gateway server and an SSL-enabled plugin, combined with encryption of the HTTP communication between the Web browser and the Web server. Additionally, you can secure ICA traffic within the internal network using IPSec. This diagram shows sample deployment B, which uses Secure Gateway in a single-hop configuration. The following table lists the components of the deployment and the operating systems required for the servers and client devices. XenApp farm Components XenApp 5.0 for Microsoft Windows Server SSL Relay enabled Secure Ticket Authority installed on XenApp server Operating systems Windows Server 2008 Windows Server 2003 with Service Pack 2 34

35 Sample B Using Secure Gateway (Single-Hop) Web server Web Interface for Internet Information Services Windows Server 2008 Windows Server 2003 with Service Pack 2.NET Framework 3.5 or 2.0 (IIS 6.0 only) Secure Gateway server Users client devices Visual J#.NET 2.0 Second Edition Secure Gateway 3.1 for Windows Windows Server 2008 Citrix XenApp Plugin for Hosted Apps for Windows 11.x TLS-enabled Web browser Windows Server 2003 with Service Pack 2 Windows Vista Windows XP Professional 35

36 How the Components in Sample Deployment B Interact Use TLS to secure the connections between client devices and Secure Gateway. To do this, deploy TLS/SSL-enabled plugins and configure Secure Gateway at the network perimeter, typically in a demilitarized zone (DMZ). Secure the connections between users Web browsers and the Web Interface using HTTPS. Additionally, secure communication between the Web Interface and the XenApp servers using TLS. This diagram shows a detailed view of sample deployment B.1. In this deployment, Secure Gateway removes the need to publish the address of every XenApp server in the farm and provides a single point of encryption and access to the farm. Secure Gateway does this by providing a gateway that is separate from the XenApp servers and reduces the issues for firewall traversal to a widely accepted port for ICA traffic in and out of the firewalls. Set against the increased scalability of sample deployment B is the fact that ICA communication is encrypted only between client devices and Secure Gateway. ICA communication between Secure Gateway and the XenApp servers is not encrypted. Note that the SSL Relay in sample deployment B is used to encrypt communication between the Web Interface and the XML Service running on the XenApp servers. Secure Gateway communicates with the XenApp servers directly, so the SSL Relay is not used for communication between Secure Gateway and the server farm. To comply with FIPS 140, secure the communication between Secure Gateway and the server farm using IPSec, as shown in sample deployment B.2. This diagram shows a detailed view of sample deployment B.2, which includes IPSec. 36

37 How the Components in Sample Deployment B Interact 37

38 IPSec in Sample Deployment B To enable IPSec to secure communication between Secure Gateway and the XenApp server farm, you must configure IPSec on each server, including the Secure Gateway server. IPSec is configured using the local security settings (IP security policies) for each server. In sample deployment B.2, IPSec is enabled on the requisite servers and the security method is configured for 3DES encryption and SHA-1 integrity to meet FIPS 140 requirements. 38

39 FIPS 140 Validation in Sample Deployment B In this deployment, the SSL Relay uses the Microsoft cryptographic service providers and associated cryptographic algorithms available in the Microsoft Windows CryptoAPI to encrypt and decrypt communication between client devices and servers. For more information about the FIPS 140 validation of the CSPs, see the Microsoft documentation. For Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003, TLS/SSL support and the supported ciphersuites can also be controlled using the following Microsoft security option: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing For more information, see the documentation for your operating system. 39

40 TLS/SSL Support in Sample Deployment B You can configure Secure Gateway and the Web Interface to use either the Transport Layer Security 1.0 protocol or the Secure Sockets Layer 3.0 protocol. In sample deployment B, the components are configured for TLS. For more information about configuring TLS, see the Web Interface, Secure Gateway for Windows, and Citrix plugin documentation. 40

41 Supported Ciphersuites for Sample Deployment B In this deployment, Secure Gateway and the Web Interface can be configured to use government-approved cryptography, such as the ciphersuite RSA_WITH_3DES_EDE_CBC_SHA, to protect sensitive but unclassified data. For more information about configuring government ciphersuites, see the Secure Gateway for Windows and Citrix plugin documentation. Alternatively, for TLS connections, you can use AES as defined in FIPS 197. The government ciphersuites are RSA_WITH_AES_128_CBC_SHA for 128-bit keys and RSA_WITH_AES_256_CBC_SHA for 256-bit keys. As defined in Internet RFC these ciphersuites use RSA key exchange and AES encryption. For more information about AES, see 41

42 Certificates and Certificate Authorities in Sample Deployment B Citrix products use standard Public Key Infrastructure (PKI) as a framework and trust infrastructure. In sample deployment B, one server certificate is configured on Secure Gateway and one on the Web Interface. A certificate is also configured on each XenApp server. For more information, see the relevant product documentation. 42

43 Smart Card Support in Sample Deployment B In this deployment, you can configure XenApp to provide smart card authentication. To do this, you must configure authentication with Microsoft Active Directory and use the Microsoft Certificate Authority. 43

44 Plugins Used in Sample Deployment B In this deployment, users access their applications using the Citrix XenApp plugin. For more information about the security features and capabilities of Citrix XenApp Plugins, see Citrix XenApp Plugins. 44

45 Sample C Using Secure Gateway (Double-Hop) This deployment uses Secure Gateway in a double-hop configuration to provide TLS/SSL encryption between a secure Internet gateway server and an SSL-enabled plugin, combined with encryption of the HTTP communication between Secure Gateway and the Web browser, the Web Interface, and the Secure Gateway proxy. Additionally, you can secure ICA traffic within the internal network using IPSec. This diagram shows sample deployment C, which uses Secure Gateway in a double-hop configuration. The following table lists the components of the deployment and the operating systems required for the servers and client devices. XenApp farm Components XenApp 5.0 for Microsoft Windows Server SSL Relay enabled Secure Ticket Authority installed on XenApp server Operating systems Windows Server 2008 Windows Server 2003 with Service Pack 2 45

46 Sample C Using Secure Gateway (Double-Hop) Web server Web Interface for Internet Information Services Windows Server 2008 Windows Server 2003 with Service Pack 2.NET Framework 3.5 or 2.0 (IIS 6.0 only) Secure Gateway Service Secure Gateway Proxy Users client devices Visual J#.NET 2.0 Second Edition Secure Gateway 3.1 for Windows Windows Server 2008 Citrix XenApp Plugin for Hosted Apps for Windows 11.x TLS-enabled Web browser Windows Server 2003 with Service Pack 2 Windows Vista Windows XP Professional 46

47 How the Components in Sample Deployment C Interact Here, the DMZ is divided into two sections by an additional firewall. The server running the Secure Gateway Service is located in the first section of the DMZ. The Web Interface and the Secure Gateway Proxy are located in the second section. Users connect to the Secure Gateway Service located in the first section of the DMZ. Use TLS to secure the connections between client devices and Secure Gateway. To do this, deploy TLS/SSL-enabled plugins and configure Secure Gateway at the network perimeter, typically in a DMZ. This diagram shows a detailed view of sample deployment C. In this deployment, Secure Gateway removes the need to publish the address of every XenApp server in the farm and provides a single point of encryption and access to the farm. Secure Gateway does this by providing a gateway that is separate from the XenApp servers and reduces the issues for firewall traversal to a widely accepted port for ICA traffic in and out of the firewalls. To comply with FIPS 140, secure the communication between the Secure Gateway Proxy and the server farm using IPSec. 47

48 IPSec in Sample Deployment C To enable IPSec to secure communication between the Secure Gateway Proxy and the XenApp server farm, you must configure IPSec on each server, including the Secure Gateway Proxy. IPSec is configured using the local security settings (IP security policies) for each server. In sample deployment C, IPSec is enabled on the requisite servers and the security method is configured for 3DES encryption and SHA-1 integrity to meet FIPS 140 requirements. 48

49 FIPS 140 Validation in Sample Deployment C In this deployment, the SSL Relay uses the Microsoft cryptographic service providers and associated cryptographic algorithms available in the Microsoft Windows CryptoAPI to encrypt and decrypt communication between client devices and servers. For more information about the FIPS 140 validation of the CSPs, see the Microsoft documentation. For Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003, TLS/SSL support and the supported ciphersuites can also be controlled using the following Microsoft security option: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing For more information, see the documentation for your operating system. 49

50 TLS/SSL Support in Sample Deployment C You can configure Secure Gateway and the Web Interface to use either the Transport Layer Security 1.0 protocol or the Secure Sockets Layer 3.0 protocol. In sample deployment C, the components are configured for TLS. For more information about configuring TLS, see the Web Interface, Secure Gateway for Windows, and Citrix plugin documentation. 50

51 Supported Ciphersuites for Sample Deployment C In this deployment, Secure Gateway, the Secure Gateway Proxy, and the Web Interface can be configured to use government-approved cryptography, such as the ciphersuite RSA_WITH_3DES_EDE_CBC_SHA, to protect sensitive but unclassified data. For more information about configuring government ciphersuites, see the Web Interface, Secure Gateway for Windows, and Citrix plugin documentation. Alternatively, for TLS connections, you can use AES as defined in FIPS 197. The government ciphersuites are RSA_WITH_AES_128_CBC_SHA for 128-bit keys and RSA_WITH_AES_256_CBC_SHA for 256-bit keys. As defined in Internet RFC these ciphersuites use RSA key exchange and AES encryption. For more information about AES, see 51

52 Certificates and Certificate Authorities in Sample Deployment C Citrix products use standard Public Key Infrastructure (PKI) as a framework and trust infrastructure. In sample deployment C, one server certificate is configured on Secure Gateway, one on the Secure Gateway Proxy, and one on the Web Interface. A certificate is also configured on each XenApp server. For more information, see the relevant product documentation. 52

53 Smart Card Support in Sample Deployment C Smart card authentication is not supported in sample deployment C. You cannot configure smart card support when Secure Gateway is positioned between the client devices and the Web Interface to provide a single point of access to the server farm. For more information, see the Secure Gateway for Windows documentation. 53

54 Plugins Used in Sample Deployment C In this deployment, users access their applications using the Citrix XenApp plugin. For more information about the security features and capabilities of Citrix XenApp Plugins, see Citrix XenApp Plugins. 54

55 Sample D Using the SSL Relay and the Web Interface This deployment uses the SSL Relay and the Web Interface to encrypt the ICA and HTTP communication between the XenApp server and the Web server, combined with encryption of the HTTP communication between the Web browser and the Web server. This diagram shows sample deployment D, which uses the SSL Relay and the Web Interface. The following table lists the components of the deployment and the operating systems required for the servers and client devices. XenApp farm Components XenApp 5.0 for Microsoft Windows Server SSL Relay enabled Secure Ticket Authority installed on XenApp server Operating systems Windows Server 2008 Windows Server 2003 with Service Pack 2 55

56 Sample D Using the SSL Relay and the Web Interface Web server Users client devices Web Interface for Internet Information Services Citrix XenApp Plugin for Hosted Apps for Windows 11.x TLS-enabled Web browser Windows Server 2008 Windows Server 2003 with Service Pack 2.NET Framework 3.5 or 2.0 (IIS 6.0 only) Visual J#.NET 2.0 Second Edition Windows Vista Windows XP Professional 56

57 How the Components in Sample Deployment D Interact Use HTTPS to secure the connections between users Web browsers and the Web Interface. Secure the connection between the Web Interface and the SSL Relay using TLS. Additionally, use TLS to secure the connections between client devices and the SSL Relay. The SSL Relay operates as an intermediary in communication between client devices, the Web Interface, and the XML Service on each server. Each client device authenticates the SSL Relay by checking the SSL Relay s server certificate against a list of trusted certificate authorities. After this authentication, the client device and the SSL Relay negotiate requests in encrypted form. The SSL Relay decrypts the requests and passes them to the XenApp servers. All information sent to the client device from the servers passes through the SSL Relay, which encrypts the data and forwards it to the client device to be decrypted. Message integrity checks verify that each communication has not been tampered with. This diagram shows a detailed view of sample deployment D. 57

58 FIPS 140 Validation in Sample Deployment D In this deployment, the SSL Relay uses the Microsoft cryptographic service providers and associated cryptographic algorithms available in the Microsoft Windows CryptoAPI to encrypt and decrypt communication between client devices and servers. For more information about the FIPS 140 validation of the CSPs, see the Microsoft documentation. For Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003, TLS/SSL support and the supported ciphersuites can also be controlled using the following Microsoft security option: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing For more information, see the documentation for your operating system. 58

59 TLS/SSL Support in Sample Deployment D You can configure the SSL Relay and the Web Interface to use either the Transport Layer Security 1.0 protocol or the Secure Sockets Layer 3.0 protocol. In sample deployment D, the components are configured for TLS. For more information about configuring TLS, see: The XenApp Administration documentation for the SSL Relay Configuration Tool. When using the SSL Relay Configuration Tool, ensure that TLS is selected on the Connection tab. The Web Interface documentation. The Citrix plugin documentation. 59

60 Supported Ciphersuites for Sample Deployment D In this deployment, the SSL Relay and the Web Interface can be configured to use government-approved cryptography, such as the ciphersuite RSA_WITH_3DES_EDE_CBC_SHA, to protect sensitive but unclassified data. For more information about configuring government ciphersuites, see: The XenApp Administration documentation for the SSL Relay Configuration Tool. When using the SSL Relay Configuration Tool, ensure that only GOV is selected on the Ciphersuite tab. The Web Interface documentation. The Citrix plugin documentation. Alternatively, for TLS connections, you can use AES as defined in FIPS 197. The government ciphersuites are RSA_WITH_AES_128_CBC_SHA for 128-bit keys and RSA_WITH_AES_256_CBC_SHA for 256-bit keys. As defined in Internet RFC these ciphersuites use RSA key exchange and AES encryption. For more information about AES, see 60

61 Certificates and Certificate Authorities in Sample Deployment D Citrix products use standard Public Key Infrastructure (PKI) as a framework and trust infrastructure. In sample deployment D, a separate server certificate is configured for each XenApp server on which the SSL Relay is used. For more information, see the XenApp Administration documentation. 61

62 Smart Card Support in Sample Deployment D In this deployment, you can configure XenApp to provide smart card authentication. To do this, you must configure authentication with Microsoft Active Directory and use the Microsoft Certificate Authority. 62

63 Plugins Used in Sample Deployment D In this deployment, users access their applications using the Citrix XenApp plugin. For more information about the security features and capabilities of Citrix XenApp Plugins, see Citrix XenApp Plugins. 63

64 Sample E Using Password Manager and Secure Gateway (Single-Hop) This deployment uses Password Manager and Secure Gateway in a single-hop configuration to enable single sign-on and TLS/SSL encryption between a secure Internet gateway server and an SSL-enabled plugin, combined with encryption of the HTTP communication between the Web browser and the Web server. Additionally, you can secure ICA traffic within the internal network using IPSec. For further information about the Password Manager components in this deployment, see the Password Manager documentation. This diagram shows sample deployment E, which uses Password Manager and Secure Gateway. Note: The Password Manager central store is hosted on two servers (primary and secondary), both running Active Directory. The secondary server is only used to provide failover for the primary server. The following table lists the components of the deployment and the operating systems required for the servers and client devices. Components Operating systems 64

65 Sample E Using Password Manager and Secure Gateway (Single-Hop) XenApp farm Password Manager Service Password Manager central store Web server XenApp 5.0 for Microsoft Windows Server SSL Relay not enabled Secure Ticket Authority installed on XenApp server Password Manager 4.6 with Service Pack 1 agent Password Manager 4.6 with Service Pack 1 Service Password Manager 4.6 with Service Pack 1 central store Web Interface for Internet Information Services Windows Server 2008 Windows Server 2003 with Service Pack 2 Java 1.4.x or later Windows Server 2008 (32-bit) Windows Server 2003 with Service Pack 2 (32-bit) Windows Server 2003 R2 (32-bit).NET Framework 2.0 Windows Server 2008 Windows Server 2003 with Service Pack 2 Windows Server 2008 Windows Server 2003 with Service Pack 2.NET Framework 3.5 or 2.0 (IIS 6.0 only) Secure Gateway server Users client devices Visual J#.NET 2.0 Second Edition Secure Gateway 3.1 for Windows Windows Server 2008 Citrix XenApp Plugin for Hosted Apps for Windows 11.x TLS-enabled Web browser Windows Server 2003 with Service Pack 2 Windows Vista Windows XP Professional 65

66 How the Components in Sample Deployment E Interact Use TLS to secure the connections between client devices and Secure Gateway. To do this, deploy TLS/SSL-enabled plugins and configure Secure Gateway at the network perimeter, typically in a demilitarized zone (DMZ). Secure the connections between users Web browsers and the Web Interface using HTTPS. Additionally, use TLS to secure communication between the Web Interface and the XenApp server farm, and between the farm and the Password Manager central store and Password Manager service. In this deployment, Secure Gateway removes the need to publish the address of every XenApp server in the farm and provides a single point of encryption and access to the farm. Secure Gateway does this by providing a gateway that is separate from the XenApp servers and reduces the issues for firewall traversal to a widely accepted port for ICA traffic in and out of the firewalls. Set against the increased scalability of sample deployment E is the fact that ICA communication is encrypted only between client devices and Secure Gateway. ICA communication between Secure Gateway and the XenApp servers is not encrypted. To comply with FIPS 140, secure the communication between Secure Gateway and the server farm using IPSec. This diagram shows a detailed view of sample deployment E. 66

67 How the Components in Sample Deployment E Interact 67

Citrix XenApp and XenDesktop 7.6 LTSR FIPS Sample Deployments

Citrix XenApp and XenDesktop 7.6 LTSR FIPS Sample Deployments Citrix XenApp and XenDesktop 7.6 LTSR FIPS 140-2 Sample Deployments Table of contents Introduction... 2 Audience... 2 Security features introduced in XenApp and XenDesktop 7.6 LTSR... 2 FIPS 140-2 with

More information

Citrix XenApp and XenDesktop 7.15 LTSR FIPS Sample Deployments

Citrix XenApp and XenDesktop 7.15 LTSR FIPS Sample Deployments Citrix XenApp and XenDesktop 7.15 LTSR FIPS 140-2 Sample Deployments Contents Introduction... 2 Audience... 2 Security features introduced in XenApp and XenDesktop 7.15 LTSR... 2 FIPS 140-2 with XenApp

More information

Getting Started. Citrix Secure Gateway. Version 1.0. Citrix Systems, Inc.

Getting Started. Citrix Secure Gateway. Version 1.0. Citrix Systems, Inc. Getting Started Citrix Secure Gateway Version 1.0 Citrix Systems, Inc. Copyright and Trademark Notice Information in this document is subject to change without notice. Companies, names, and data used in

More information

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios Overview Citrix XenApp, XenDesktop and NetScaler are commonly used in the creation of Payment Card Industry (PCI), Data Security

More information

Axway Validation Authority Suite

Axway Validation Authority Suite Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to

More information

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo Vendor: Citrix Exam Code: 1Y0-253 Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Version: Demo QUESTION 1 A Citrix Administrator needs to configure a single virtual server

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

CTX-1259AI Citrix Presentation Server 4.5: Administration

CTX-1259AI Citrix Presentation Server 4.5: Administration C O U R S E D E S C R I P T I O N CTX-1259AI Citrix Presentation Server 4.5: Administration CTX-1259AI Citrix Presentation Server 4.5: Administration provides the foundation necessary to effectively deploy

More information

Receiver for BlackBerry 2.2

Receiver for BlackBerry 2.2 Receiver for BlackBerry 2.2 2015-04-19 05:21:53 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Receiver for BlackBerry 2.2... 3 About This Release...

More information

NCP Secure Client Juniper Edition (Win32/64) Release Notes

NCP Secure Client Juniper Edition (Win32/64) Release Notes Service Release: 10.10 r31802 Date: September 2016 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows 10 32/64 bit Windows 8.x 32/64

More information

The SafeNet Security System Version 3 Overview

The SafeNet Security System Version 3 Overview The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products

More information

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing Citrix XenDesktop 7.6 Solutions. Version: Demo

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing Citrix XenDesktop 7.6 Solutions. Version: Demo Vendor: Citrix Exam Code: 1Y0-401 Exam Name: Designing Citrix XenDesktop 7.6 Solutions Version: Demo DEMO QUESTION 1 Which option requires the fewest components to implement a fault-tolerant, load-balanced

More information

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc. Cisco Systems Cisco Secure Access Control System RSA SecurID Ready Implementation Guide Partner Information Last Modified: March 27, 2008 Product Information Partner Name Cisco Systems, Inc. Web Site www.cisco.com

More information

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. NCP Secure Enterprise Mac Client Service Release 2.05 Rev. 32317 Date: January 2017 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this

More information

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology Versatile central manageable VPN Client Suite for Linux Central Management and Network Access Control Compatible with VPN gateways (IPsec Standard) Integrated, dynamic personal firewall FIPS Inside Fallback

More information

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. NCP Secure Enterprise Mac Client Service Release 2.05 Build 14711 Date: December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this

More information

Data Sheet NCP Exclusive Remote Access Client Windows

Data Sheet NCP Exclusive Remote Access Client Windows Centrally Administrable VPN Client Suite for Windows For Juniper SRX Series Central Management Microsoft Windows 10, 8.x, 7 and Vista Dynamic Personal Firewall VPN Bypass VPN Path Finder Technology (Fallback

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

NCP Secure Client Juniper Edition Release Notes

NCP Secure Client Juniper Edition Release Notes Service Release: 10.11 r32792 Date: November 2016 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows 10 32/64 bit Windows 8.x 32/64

More information

Clientless SSL VPN Overview

Clientless SSL VPN Overview Introduction to Clientless SSL VPN, page 1 Prerequisites for Clientless SSL VPN, page 2 Guidelines and Limitations for Clientless SSL VPN, page 2 Licensing for Clientless SSL VPN, page 3 Introduction to

More information

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform. NCP Secure Enterprise MAC Client Service Release 2.02 Build 11 Date: August 2011 1. New Feature Compatibility to Mac OS X 10.7 Lion This version of the des Secure Enterprise MAC Client can be used on Mac

More information

TechTalk: Implementing Citrix Receiver from Windows to iphone. Stacy Scott Architect, Worldwide Technical Readiness

TechTalk: Implementing Citrix Receiver from Windows to iphone. Stacy Scott Architect, Worldwide Technical Readiness TechTalk: Implementing Citrix Receiver from Windows to iphone Stacy Scott Architect, Worldwide Technical Readiness Citrix Receiver Citrix Receiver Overview Citrix Receiver for iphone Citrix Receiver for

More information

HP Instant Support Enterprise Edition (ISEE) Security overview

HP Instant Support Enterprise Edition (ISEE) Security overview HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained

More information

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions SecureToken Architecture 1 3 2 32-bit microprocessor smart chip Support onboard RSA key pair generation Built-in advanced cryptographic functions 4 5 6 7 8 9 10 Support onboard digital signing Supports

More information

Access Gateway 9.3, Enterprise Edition

Access Gateway 9.3, Enterprise Edition Access Gateway 9.3, Enterprise Edition 2015-05-03 05:23:10 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Access Gateway 9.3, Enterprise Edition...

More information

NetScaler Gateway 10.5

NetScaler Gateway 10.5 NetScaler Gateway 10.5 Jun 26, 2014 About This Release Key Features What's New Known Issues Compatibility with Citrix Products System Requirements NetScaler Gateway Plug-in System Requirements Endpoint

More information

Deploying the BIG-IP LTM and APM with Citrix XenApp or XenDesktop

Deploying the BIG-IP LTM and APM with Citrix XenApp or XenDesktop Deployment Guide Deploying the BIG-IP LTM and APM with Citrix XenApp or XenDesktop Important: The fully supported version of this iapp has been released, so this guide has been archived. See http://www.f5.com/pdf/deployment-guides/citrix-vdi-iapp-dg.pdf

More information

Alliance Key Manager A Solution Brief for Partners & Integrators

Alliance Key Manager A Solution Brief for Partners & Integrators Alliance Key Manager A Solution Brief for Partners & Integrators Key Management Enterprise Encryption Key Management This paper is designed to help technical managers, product managers, and developers

More information

Deploying F5 with Citrix XenApp or XenDesktop

Deploying F5 with Citrix XenApp or XenDesktop Deploying F5 with Citrix XenApp or XenDesktop Welcome to the F5 deployment guide for Citrix VDI applications, including XenApp and XenDesktop with the BIG-IP system v11.4 and later. This guide shows how

More information

Data Sheet. NCP Secure Enterprise VPN Server. Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise VPN Server. Next Generation Network Access Technology Hybrid IPsec / SSL VPN gateway software Universal platform for remote access to the company network Integrated IP routing and firewall features Integration of iphone, ipad, ios, Andoid, Windows Phone/Mobile

More information

BlackBerry Dynamics Security White Paper. Version 1.6

BlackBerry Dynamics Security White Paper. Version 1.6 BlackBerry Dynamics Security White Paper Version 1.6 Page 2 of 36 Overview...4 Components... 4 What's New... 5 Security Features... 6 How Data Is Protected... 6 On-Device Data... 6 In-Transit Data... 7

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

PASS4TEST. IT Certification Guaranteed, The Easy Way!   We offer free update service for one year PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 1Y0-A04 Title : Gateway 8.1.Enterprise Edition: Administration Vendors :

More information

NCP Secure Enterprise macos Client Release Notes

NCP Secure Enterprise macos Client Release Notes Service Release: 3.10 r40218 Date: July 2018 Prerequisites Apple OS X operating systems: The following Apple macos operating systems are supported with this release: macos High Sierra 10.13 macos Sierra

More information

CMB-207-1I Citrix Desktop Virtualization Fast Track

CMB-207-1I Citrix Desktop Virtualization Fast Track Page1 CMB-207-1I Citrix Desktop Virtualization Fast Track This fast-paced course covers select content from training courses CXA-206: Citrix XenApp 6.5 Administration and CXD-202: Citrix XenDesktop 5 Administration

More information

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Google Cloud Platform: Customer Responsibility Matrix. December 2018 Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect

More information

Teldat Secure IPSec Client - for professional application Teldat IPSec Client

Teldat Secure IPSec Client - for professional application Teldat IPSec Client Teldat Secure IPSec Client - for professional application Support of Windows 8, 7, Vista and XP (32-/64-bit) IKEv1, IKEv2, IKE Config Mode, X-Auth, certificates (X.509) Integrated personal firewall Easy

More information

Implementing Citrix XenApp 5.0 for Windows Server 2008

Implementing Citrix XenApp 5.0 for Windows Server 2008 Citrix 1Y0-A05 Implementing Citrix XenApp 5.0 for Windows Server 2008 Version: 5.0 Topic 1, Volume A QUESTION NO: 1 An administrator currently has Secure Gateway and web interface on the same server in

More information

Enterprise Services for NFuse (ESN) February 12, 2002

Enterprise Services for NFuse (ESN) February 12, 2002 Enterprise Services for NFuse (ESN) February 12, 2002 What is Enterprise Services for NFuse?... 1 What solution does ESN enable?... 2 What s the difference between NFuse and Enterprise Services for NFuse?...

More information

Data Sheet. NCP Secure Entry Mac Client. Next Generation Network Access Technology

Data Sheet. NCP Secure Entry Mac Client. Next Generation Network Access Technology Universal VPN Client Suite for macos/os X Compatible with VPN Gateways (IPsec Standard) macos 10.13, 10.12, OS X 10.11, OS X 10.10 Import of third party configuration files Integrated, dynamic Personal

More information

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10 for App and Desktop Solutions. Version: Demo

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10 for App and Desktop Solutions. Version: Demo Vendor: Citrix Exam Code: 1Y0-250 Exam Name: Implementing Citrix NetScaler 10 for App and Desktop Solutions Version: Demo QUESTION NO: 1 Citrix 1Y0-250 Exam A company uses various pre-approved user devices

More information

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3. Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on

More information

Citrix Web Interface for Microsoft SharePoint Administrator s Guide. Citrix Access Suite 4.2

Citrix Web Interface for Microsoft SharePoint Administrator s Guide. Citrix Access Suite 4.2 Citrix Web Interface for Microsoft SharePoint Administrator s Guide Citrix Web Interface for Microsoft SharePoint Citrix Access Suite 4.2 Use of the product documented in this guide is subject to your

More information

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology Centrally managed VPN Client Suite for macos/os X For Juniper SRX Series Central Management macos 10.13, 10.12, OS X 10.11, OS X 10.10 Dynamic Personal Firewall VPN Path Finder Technology (Fallback IPsec/HTTPS)

More information

Endpoint Protection with DigitalPersona Pro

Endpoint Protection with DigitalPersona Pro DigitalPersona Product Brief Endpoint Protection with DigitalPersona Pro An introductory technical overview to DigitalPersona s suite for Access Management, Data Protection and Secure Communication. April

More information

Data Sheet. NCP Exclusive Entry Client. Next Generation Network Access Technology

Data Sheet. NCP Exclusive Entry Client. Next Generation Network Access Technology VPN Client Suite for Windows For Juniper SRX Series Microsoft Windows 10, 8.x, 7 Dynamic Personal Firewall Import of third party configuration files VPN Bypass VPN Path Finder Technology (Fallback IPsec/HTTPS)

More information

Secure Government Computing Initiatives & SecureZIP

Secure Government Computing Initiatives & SecureZIP Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS

More information

Course CXA-206: Citrix XenApp 6.5 Administration

Course CXA-206: Citrix XenApp 6.5 Administration Course CXA-206: Citrix XenApp 6.5 Administration Course Length: 5 days Overview Citrix XenApp 6.5 Administration training course provides the foundation necessary for administrators to effectively centralize

More information

COMMON CRITERIA CERTIFICATION REPORT

COMMON CRITERIA CERTIFICATION REPORT COMMON CRITERIA CERTIFICATION REPORT Ixia NTO 7303 and Vision ONE v4.5.0.29 30 October 2017 383-4-409 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be

More information

Citrix Workspace app 1808 for ios

Citrix Workspace app 1808 for ios Citrix Workspace app 1808 for ios Citrix Product Documentation docs.citrix.com September 7, 2018 Contents What s new in Citrix Workspace app for ios 3 What s new in 1808........................................

More information

Receiver for Mac 11.4

Receiver for Mac 11.4 Receiver for Mac 11.4 2014-12-16 14:18:25 UTC 2014 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Receiver for Mac 11.4... 3 About this Release... 4 System

More information

Citrix Receiver for Universal Windows Platform

Citrix Receiver for Universal Windows Platform Citrix Receiver for Universal Windows Platform Jul 18, 2017 Citrix Receiver for Universal Windows Platform (UWP) is client software available for download from the Microsoft store. It enables users to

More information

COURSE OUTLINE IT TRAINING

COURSE OUTLINE IT TRAINING CMB-207-1I Citrix XenApp and XenDesktop Fast Track Duration: 5 days Overview: This fast-paced course covers select content from training courses CXA-206 and CXD- 202 and provides the foundation necessary

More information

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

VMware AirWatch Cloud Connector Guide ACC Installation and Integration VMware AirWatch Cloud Connector Guide ACC Installation and Integration Workspace ONE UEM v1810 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

Deploying F5 with Citrix XenApp or XenDesktop

Deploying F5 with Citrix XenApp or XenDesktop Deploying F5 with Citrix XenApp or XenDesktop Welcome to the F5 deployment guide for Citrix VDI applications, including XenApp and XenDesktop with the BIG-IP system v11.4 and later. This guide shows how

More information

Ready Theatre Systems RTS POS

Ready Theatre Systems RTS POS Ready Theatre Systems RTS POS PCI PA-DSS Implementation Guide Revision: 2.0 September, 2010 Ready Theatre Systems, LLC - www.rts-solutions.com Table of Contents: Introduction to PCI PA DSS Compliance 2

More information

CXA-204-1I Basic Administration for Citrix XenApp 6

CXA-204-1I Basic Administration for Citrix XenApp 6 CXA-204-1I Basic Administration for Citrix XenApp 6 Basic Administration for Citrix XenApp 6 training course provides the foundation necessary for administrators to effectively centralize and manage applications

More information

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

CoSign Hardware version 7.0 Firmware version 5.2

CoSign Hardware version 7.0 Firmware version 5.2 CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and

More information

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology Universal, centrally managed VPN Client Suite for macos/os X Central Management and Network Access Control Compatible with VPN Gateways (IPsec Standard) Integrated, dynamic Personal Firewall VPN Path Finder

More information

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS 1 BACKGROUND 2 WINDOWS SERVER CONFIGURATION STEPS 2 CONFIGURING USER AUTHENTICATION 3 ACTIVE DIRECTORY

More information

Interface. Circuit. CryptoMate

Interface. Circuit. CryptoMate A C O S 5 - C T M C r y p t o M a t e U S B T o k e n Version 1.5 03-2007, Email: info@acs.com.hk Website: www.acs.com.hk CryptoMate USB Token 1.0 Introduction Frustrated by network breaches like Trojan

More information

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing

More information

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

VMware Workspace ONE UEM VMware AirWatch Cloud Connector VMware AirWatch Cloud Connector VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

Indeed Card Management Smart card lifecycle management system

Indeed Card Management Smart card lifecycle management system Indeed Card Management Smart card lifecycle management system Introduction User digital signature, strong authentication and data encryption have become quite common for most of the modern companies. These

More information

Citrix Workspace app for ios

Citrix Workspace app for ios Citrix Product Documentation docs.citrix.com October 22, 2018 Contents What s new in Citrix Workspace app for ios 3 What s new in 1810.1....................................... 3 What s new in 1810........................................

More information

CXA Citrix XenApp 6.5 Administration

CXA Citrix XenApp 6.5 Administration 1800 ULEARN (853 276) www.ddls.com.au CXA-206-1 Citrix XenApp 6.5 Administration Length 5 days Price $5500.00 (inc GST) Citrix XenApp 6.5 Administration training course provides the foundation necessary

More information

Dameware ADMINISTRATOR GUIDE. Version Last Updated: October 18, 2017

Dameware ADMINISTRATOR GUIDE. Version Last Updated: October 18, 2017 ADMINISTRATOR GUIDE Dameware Version 12.0 Last Updated: October 18, 2017 Retrieve the latest version from: https://support.solarwinds.com/success_center/dameware_remote_support_mini_remote_control 2017

More information

DBsign for HTML Applications Version 4.0 Release Notes

DBsign for HTML Applications Version 4.0 Release Notes DBsign for HTML Applications Version 4.0 Release Notes Copyright 2010 Version 4.0 Copyright Notice: The Release Notes has a copyright of 2000-2010 by Gradkell Computers, Inc. This work contains proprietary

More information

Citrix XenApp 6.5 Administration

Citrix XenApp 6.5 Administration Citrix XenApp 6.5 Administration CXA206; 5 Days, Instructor-led Course Description Citrix XenApp 6.5 Administration training course provides the foundation necessary for administrators to effectively centralize

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure

More information

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen Thales e-security Security Solutions PosAm, 06th of May 2015 Robert Rüttgen Hardware Security Modules Hardware vs. Software Key Management & Security Deployment Choices For Cryptography Software-based

More information

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN Create and Apply Clientless SSL VPN Policies for Accessing Resources, page 1 Connection Profile Attributes for Clientless SSL VPN, page 1 Group Policy and User Attributes for Clientless SSL VPN, page 3

More information

Security and Certificates

Security and Certificates Encryption, page 1 Voice and Video Encryption, page 6 Federal Information Processing Standards, page 6 Certificate Validation, page 6 Required Certificates for On-Premises Servers, page 7 Certificate Requirements

More information

ipad in Business Security Overview

ipad in Business Security Overview ipad in Business Security Overview ipad can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods for

More information

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3. INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for

More information

PLATO Learning Environment System and Configuration Requirements

PLATO Learning Environment System and Configuration Requirements PLATO Learning Environment System and Configuration Requirements For Workstations December 13, 2010 1 Content About This Document... 3 Document Change Log... 4 System & Configuration Requirements... 5

More information

Alliance Key Manager A Solution Brief for Technical Implementers

Alliance Key Manager A Solution Brief for Technical Implementers KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key

More information

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Fundamentals of Windows Server 2008 Network and Applications Infrastructure COURSE OVERVIEW This five-day instructor-led course introduces students to network and applications infrastructure concepts and configurations provided by Window Server 2008. Students will be able to acquire

More information

QuickSpecs. Key Features and Benefits. HP C-Series MDS 9000 Storage Media Encryption (SME) Software. Overview. Retired

QuickSpecs. Key Features and Benefits. HP C-Series MDS 9000 Storage Media Encryption (SME) Software. Overview. Retired Overview MDS 9000 Storage Media Encryption (SME) secures data stored on tape drives and virtual tape libraries (VTLs) in a storage area network (SAN) environment using secure IEEE standard Advanced Encryption

More information

Administrator s Guide

Administrator s Guide Administrator s Guide Citrix ICA Win32 Clients Version 7.0 Citrix Systems, Inc. Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A copy

More information

for Windows 2000 Servers. Application server software for enterprises to compete in the digital economy.

for Windows 2000 Servers. Application server software for enterprises to compete in the digital economy. Citrix MetaFrame for Windows 2000 Servers. Application server software for enterprises to compete in the digital economy. Citrix is the world leader in application server software and services that provide

More information

Cisco Passguide Exam Questions & Answers

Cisco Passguide Exam Questions & Answers Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying

More information

Citrix - CXA XenApp 6.5 Administration

Citrix - CXA XenApp 6.5 Administration Citrix - CXA-206 - XenApp 6.5 Administration Duration: 5 days Course Price: $4,995 Course Description CXA-206-1 Citrix XenApp 6.5 Basic Administration Training Course Citrix XenApp 6.5 Basic Administration

More information

DigitalPersona Pro Enterprise

DigitalPersona Pro Enterprise DigitalPersona Pro Enterprise Quick Start Guide Version 5 DATA PROTECTION REMOTE ACCESS SECURE COMMUNICATION STRONG AUTHENTICATION ACCESS RECOVERY SINGLE SIGN-ON DigitalPersona Pro Enterprise DigitalPersona

More information

Safeguarding Cardholder Account Data

Safeguarding Cardholder Account Data Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection

More information

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent

More information

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107) Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience

More information

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

VMware AirWatch Certificate Authentication for Cisco IPSec VPN VMware AirWatch Certificate Authentication for Cisco IPSec VPN For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems Technical Overview of in Windows 7 and Windows Server 2008 R2 Microsoft Windows Family of Operating Systems Published: January 2009 This document supports a preliminary release of a software product that

More information

NetExtender for SSL-VPN

NetExtender for SSL-VPN NetExtender for SSL-VPN Document Scope This document describes how to plan, design, implement, and manage the NetExtender feature in a SonicWALL SSL-VPN Environment. This document contains the following

More information

Configuring Secure Socket Layer HTTP

Configuring Secure Socket Layer HTTP This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity

More information

Configuring Secure Socket Layer HTTP

Configuring Secure Socket Layer HTTP This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity

More information

NCP Secure Enterprise Management for Linux Release Notes

NCP Secure Enterprise Management for Linux Release Notes Major Release: 4.01 r32851 Date: November 2016 Prerequisites The following x64 operating systems and databases with corresponding ODBC driver have been tested and released: Linux Distribution Database

More information

1Y0-371 Q&As. Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions. Pass home 1Y0-371 Exam with 100% Guarantee

1Y0-371 Q&As. Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions. Pass home 1Y0-371 Exam with 100% Guarantee 1Y0371 Q&As Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions Pass home 1Y0371 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing

More information

PLATO Learning Environment (v2.0) System and Configuration Requirements

PLATO Learning Environment (v2.0) System and Configuration Requirements PLATO Learning Environment (v2.0) System and Configuration Requirements For Workstations July 30, 2010 Windows XP Home and Professional (SP3) Windows Vista Home/Premium/Business/Ultimate Windows 7 Home/Premium/Business/Ultimate

More information

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: February 16, 2006 Product Information Partner Name ipass Inc. Web Site www.ipass.com Product Name ipass Enterprise Connectivity

More information