Lets refresh where we are! We are discussing about architecting a Citrix environment from Architects perspective. There are 2 parts to it:
1) Assessment
2) Design
Assessment is further divided into
· Security and personalization
· Operation and Support
· Conceptual Architecture
In this blog, we will discuss assessment of security and operation. Each topic will be covered in separate blog.
Most organizations spend significant
amounts of money for security. When assessing enterprise security, an architect
should gather information about the environment in regard to physical security
including restrictions, permissions, the management of systems and
personalization settings implemented through profiles and policies.
Enterprise Security
Security concerns with desktops
include viruses and malware, persistent cache and employees sending
confidential information by way of the backend infrastructure. Assessing
security in an virtualization environment is essential to ensure that the
environment is as secure is possible.
During the security assessment, an
architect should also inspect the following topics in an environment:
- Administrator access
- Application and server security
- Network security
- Remote access security
- Password change policies
- Password security issues
- Antivirus security
- Service pack updates
- Server certificates
- Event logs
A best practice is to never grant
anonymous access unless absolutely necessary, require authentication to the
desktop and require application-level passwords.
Security Assessment
Architects should ask the following
questions:
- For existing XenApp environments, is ICA encryption
used?
- How do external users access their desktop data?
- Is there a dedicated security team?
- If Web Interface is implemented, are security
certificates installed on the Web Interface servers?
If not,
passwords are transmitted in plain text and can be easily accessed by an
internal administrator.
- Are internal or third-party certificates being used?
- Are endpoint analysis scans being run or is the
organization performing any other type of endpoint analysis?
Endpoint
analysis should be performed in most environments, even if the organization is
running a non-Citrix appliance, such as Cisco or Juniper.
- Do users have the ability to perform all of their
required tasks?
- Does any sensitive data leave the network?
- Is accessing applications and resources safe?
- Do any security measures negatively affect performance?
- Is VPN access from a PC allowed?
- Can users access mapped drives through a VPN?
- Is Single Sign-on being used?
- What are the audit policies?
- Are there security considerations between internal and
external networks?
- What are the enterprise-wide password policies?
- Are Service Pack updates performed? What is the
process?
- Are server security logs monitored by administrators?
- How much retention exists in the security logs?
Assessing each area of security is
helpful to the architect during the design phase, in order to recommend a
solution that is secure for the organization and its users.
Browsers and Encryption
During the security portion of the
assessment, architects also gather information related to browsers and
encryption levels.
Architects should ask the following
questions:
- Which browsers are supported by the organization?
- What are the browser security settings?
- Are any applets, such as ActiveX or Java, blocked?
- Which encryption level does the business require?
General recommendations include the
following:
- Standardize on a supported browser that meets the
business requirements. Using multiple browser types can result in
inconsistent access between devices.
- Ensure that browser settings do not block Java applets.
Strict security settings might result in launch failures.
- Ensure that encryption standards can be met by all
supported client devices. Not using encryption is a security risk.
User Authentication and
Authorization
An architect should examine the user
authentication process during the assessment. Authentication is usually based
on one of the following:
- Explicit
- Pass-through
- Smart Card
- Pass-through with Smart Card
For example, if explicit
authentication is used for accessing desktops and local applications, an
architect must determine whether that process is ideal or recommend an
alternate type of authentication in the design.
Explicit authentication is usually
recommended in Citrix environments.
User authentication also
incorporates access to subsequent resources. For example, if Smart Card
authentication is used for the desktop, access to an application may or may not
support that type of authentication. In addition, an authentication tool such
as Citrix Single Sign-on (formerly Password Manager) may be used to address
subsequent authentication requirements.
User authorization involves
assessing the permission levels for the categorized user types. Architects
should ask the following questions:
- Which user types are power users?
- Which user types are allowed to install their own
applications?
- Do users have administrator status on their local
desktops?
- Are any users using Single Sign-On?
- What are the user permissions on the XenApp servers, if
applicable?
- Are there any applications that require less
restrictive or modifying the registry?
An understanding of user
authorization in the environment will help the architect determine if any special
security templates or modifications will need to be made in the design phase.
External Access Scenarios
To appropriately design a secure
access solution for external users, architects must identify the various
external access scenarios either currently used or required. These scenarios
describe which users will be connecting to the environment externally and which
resources those users will be able to access. For example, employees connecting
externally to the environment from managed laptops might be granted full VPN
access, which provides access to all the same resources those employees get
when connecting from within the office. However, contractors might be granted
limited VPN access or access only to published applications available through
Web Interface. When identifying an organization's access scenarios, architects
should answer the following types of questions:
- Is external access currently provided for any users?
- Who are the external users? Are they employees,
contractors or vendors?
- Are the client devices used for external access managed
or unmanaged? Are they laptops or desktops?
- How are ICA connections from external users secured?
Does the organization currently have an SSL VPN solution such as Access
Gateway or Secure Gateway?
- How are users authenticated? Is Active Directory or
two-factor authentication required?
- Is Windows single sign-on to the Access Gateway
plug-in required?
- Is automatic single sign-on to web applications
required?
- Do any users require full SSL VPN access into the environment
or can secure access be limited to XenDesktop and XenApp resources?
- Are endpoint analysis scans (EPAs) needed to verify
client device requirements, such as the anti-virus version, a Registry
setting or the presence of an internal certificate? Will users that fail
the endpoint analysis scans be quarantined or provided with limited
access?
Policy Management
Policy management is important to
assess in a virtualization environment.
Architects should ask the following
questions:
- What are the organization's policy settings?
- Which resultant policies have been implemented?
- Which group policies exist?
- Which Citrix-specific policies have ben implemented, if
applicable?
- How are policies generally applied in the environment?
In an environment containing Citrix
XenApp or XenDesktop, there are a number of ways to apply a configuration or
security setting onto a group of servers. Policies can be applied through
numerous methods and impact different aspects of the environment.
For more information, see the Citrix
Consulting white paper "How Policies Impact XenApp Environments" on
the www.citrix.com web site.
No comments:
Post a Comment