Security For XenApp XenDesktop Deployments

With contributions by Jason Poole, Manager Bus. Dev. NetScaler and Cloud Group, Citrix.

Last Tuesday, at the Citrix Summit breakout session, Jason Poole (from Citrix) and I presented on why NetScaler and Palo Alto Networks are the best solutions for your XenApp XenDesktop deployments.

If you have a Citrix XenApp/XenDesktop deployment, you’ve probably deployed it to support the evolving desktop, application and data access requirements for your employees. You’ve benefitted from the on-demand application delivery, as well as the flexibility to support a diverse set of mobile device access. But did you know that NetScaler and Palo Alto Networks next-generation firewalls provide the best security for your existing XenApp XenDesktop deployments?

 

Citrix

Specifically, the joint solution addresses secure access to the desktop virtualization environment, ensures compliance for virtual desktop users accessing backend data center applications, and protects this infrastructure from modern threats.

In addition to accelerating the performance of virtual desktop traffic, NetScaler provides the following security features for XenApp XenDesktop deployments:

  • Full proxy – ICA connections are always attack free
  • Proper integration with Secure Ticket authority prevents internal user and server data from leaking, including internal IP address information
  • Integrated with HDX Insight, StoreFront and Web Interface
  • SmoothRoaming without risky modifications to the data that may cause incompatibilities with Receiver and XenDesktop

With Palo Alto Networks next-generation firewalls deployed at the back end of the XenApp XenDesktop infrastructure, you will be able to deliver the following for virtual desktop users:

  • Establish segmentation by application, user and content in the data center
  • Dynamically identify virtual desktop users regardless of the type of virtual desktop offering (using Terminal Services agent or User-ID agent integration) and enforce security policies for granular application access
  • Accurately identify and control the use of more than a thousand applications, regardless of ports, protocol or any evasive techniques that are used to mask their operation
  • Provide complete integrated threat protection with high-performance stream-based protection against viruses, spyware, exploits and targeted attacks

The good news is that both NetScaler and Palo Alto Networks next-generation firewalls can be jointly orchestrated with CloudStack to easily deploy the joint solution for your desktop virtualization infrastructure. We’ve tested and validated the joint solution, and it is fully supported by both companies. For more information, please refer to the deployment guide here.

Thank you to those of you who were able to make it to our session.