Download How MetaFrame Secure Access Manager Works

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
Document related concepts

URL redirection wikipedia , lookup

Transcript 
How Citrix MetaFrame
Secure Access Manager Works
MetaFrame Secure Access Manager is the most
cost-effective way to get secure, personalized
access over the Web to applications and
information
MetaFrame Secure Access Manager
Secure access to any application or information
over the Internet
Single-point access to enterprise resources
Personalized, role-based user experience
Easy deployment and management
Secure access to any application or
information over the Internet
Access application & information from anywhere
Without the cost or complexity of a traditional VPN
How does it work?
Standards-based encryption over the Internet
– Minimal client configuration
– Support for 2-factor authentication
– Firewall traversal
–
–
Support for fault tolerance
Single-point access to enterprise
resources
All the information you need aggregated in one
convenient location
Easy to find any information resource - within the
enterprise or across the web
How does it work?
–
All information and applications
delivered to a single point
Familiar browser interface
– Search and index functionality
–
Personalized, role-based
user experience
Organize your access environment for optimal
productivity and efficiency
Ensure the right people can easily access the right
information and applications
How does it work?
Role definition
– Role-based access
–
Personal user interface
– Persistent user configurations
– International content support
–
How does this compare
to web interface?
MetaFrame Presentation Server web interface delivers a
list of applications
based on the user’s identity
MetaFrame Secure Access Manager
delivers applications and information
tailored to each user’s role
Easy deployment and management
Integrates seamlessly into existing MetaFrame Presentation
Server environments
Centralizes administration to make management simple
Wizard-driven configuration means little to no programming
to implement
Offers flexible environment
for customization
The User Perspective
Access Center
Content Delivery
Agents (CDAs)
Program Neighborhood:
Published applications available to the
individual user from MetaFrame XP
Presentation Server farm
Favorites List:
List of external and/or internal Web sites
Web Site Viewer:
Securely view and browse internal or
external web content
The User Perspective
Content Delivery Agents (CDAs)
Search CDA:
Allows users to search Web sites
and file shares, returns only
content and files accessible by
individual user, and provides
search results by relevancy
secure access manager
The User Perspective
Content Delivery Agents (CDAs)
Search CDA:
Allows users to search Web sites
and file shares, returns only
content and files accessible by
individual user, and provides
search results by relevancy
The User Perspective
ICA Applications:
View and operate ICA published
applications
Content Delivery Agents
CDAs deliver data, applications, documents,
and services to the an access center, including
–
–
–
MetaFrame XP published resources
Internal or external Web sites and applications
Documents and network resources
User access to different CDAs is administrator
controlled.
Custom agents can be created using SDK’s in
the form of scripts, or can incorporate Microsoft
Web Part (.dwp) files.
Access Server Farm
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Access
Authentication
Management Service / STA
Console
Remote
Users
State Server
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Access
Authentication
Management Service / STA
Console
Remote
Users
•
The State Server is the primary server in the farm, and maintains:
•
•
•
•
session information
server-farm configuration data,
critical access center data and user configurations.
Permanent member of the farm and cannot be changed or removed.
Agent Servers
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Access
Authentication
Management Service / STA
Console
Remote
Users
Agent Servers handle CDA execution and generation of Access Center pages.
•
can be installed on web servers or stand alone
•
requests are load balanced by MSAM based on CPU utilization.
SQL Database Server
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Access
Authentication
Management Service / STA
Console
Remote
Users
SQL database required to store configuration information (existing SQL server
can be used):
•
•
Microsoft SQL Server 7.0 or 2000
Microsoft Data Engine (MSDE)
MSAM creates all accounts and tables at install, and installs MSDE if required.
CDAs can also use MSAM database for storage
Web Servers
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Access
Authentication
Management Service / STA
Console
Remote
Users
Web Servers are used to format and serve Access Center content to users.
•
requires Microsoft IIS 5.0 or higher
•
installs Web server extensions and Access Center
configurations on all Web servers
Index Server
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Access
Authentication
Management Service / STA
Console
Remote
Users
The Index Server indexes and allows searching of:
•
•
Web content (Internet or intranet)
Intranet documents
Secure Gateway
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Secure
Gateway
Authentication
Access
Management Service / STA
Console
Remote
Users
Secure access to enterprise resources and applications
•
•
•
Transparently encrypts communication
Authenticates all user connections
Ticket-based connection authentication (STA)
Certified for Windows 2000 Server or Windows Server 2003
Secures access to
• MetaFrame XP published resources
• Web servers in the access server farm
• Web and application servers in your
network
User/Web Client Browser
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Access
Management
Console
Authenticati
on Service /
STA
Secure
Gateway
Remote
Users
Allows users to see the Access Interface. Requires:
•
•
•
•
Internet Explorer 5.0 SP2 and above, or
Internet Explorer 6.0 SP1 and above, with
JavaScript execution permission on client-side, and
Active-X permissions for Gateway Client
Simplified Access Center
Communication
Enterprise
Resources
MetaFrame
XP farm
Database
Server
Index
Server
Internal
Users
State
Server
Web
Servers
Agent Servers
(load balanced)
Access
Management
Console
Authenticati
on Service /
STA
Secure
Gateway
Remote
Users
1.
2.
3.
4.
5.
The Web
client’s
agent
server
server
Webconverts
contacts
browser
contacts
builds
the
an
the
requests
the
page
agent
XML
state
from
to
server
the
server
HTML
the
page
(based
required
for
and
from
configuration
sends
on
the
CDAs
an
Web
itinternal
to(based
server.
the
on
load-balancing
information.
the
client’s
request
Weband
browser.
algorithm)
the users
The access
for
client’s
the page
privileges)
Web content.
browser
andprocesses
sends theand
built
page in XML
renders
the page.
format to the Web server.
MSAM External Login Data Flow
DMZ
Internet
Internal
8
SSL/443
gateway client
10
secure gateway
HTTP/S
7
6
MSAM
Access
Center
11
1
2
HTTP
Internal
Web Server
HTTP/S
logon agent
Firewall
3 5
Firewall
Web
Browser
9
4
XMLHTTP/S
1. The
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Every
As
Upon
this
user
login
logon
client
Gateway
SG
successful
time
is
server
enters
form
the
browser
agent
a URL
Client
first
verifies
consults
isthe
uses
authentication,
sent
is
login
redirects
is
gets
URL
entered
adownloaded
to
the
there
SOAP
its
of
the
session
list
the
in
HTTP
itself
user,
isXML
of
the
SG
no
the
internal
to
and
client
request
server
session
and
request
ticket
Authentication
the
the
initialized.
URL
browser,
server
against
which
user
and
ticket
toprovided
the
notices
completes
scans
names
and
its
Authentication
the
Service
internal
Gateway
the
by
the
its
to the
destination
HTTP
verify
their
HTTP
returns:
cache.
Client
logon
that Ifchecks
request
details
Service
Authentication
is
the
specified
to
on
see
the
if to
for
is
itlist
destination
is
forwarded
validate
aticket
an
of
session
Service.
internal
internal
isthe
not
to
server
ticket
credentials,
servers
the
server.
present
Login
in
is aon
to
If
cookie
inan
Agent
it.
redirect
the
and
internal
It internal
opens
header.
then
through
returns
server
a cache,
connection
the
is
a ticket
it
entered,
SG
willserver.
to
consult
the
theAGateway
the
•session
Session
cookie
secure
Authentication
indicated
client
forwards
connection
port
on
Service.
the
the
is
address
MSAM
established
to
access
the
to
SG
center
the
server,
SG
server.
server
which
using
consults
SSL/TLS.
its
list
of
• Redirection URL
internal
server
names
to verify
that specified destination server is on it and
• Other
cookies
required
by SAM
opens
a connection
to theweb
indicated
• List
of allowed internal
servers port on the target web server.
Authentication
Service
MSAM Application Launch
Internet
Internal
Firewall
Web
Browser
Firewall
gateway client
DMZ
SSL
443
1494
ICA
secure gateway
80/443
XML
MetaFrame
Presentation
Server Farm
Program
Neighborhood
CDA
 valid
ICA client
0.
1.
2.
3.
4.
5.
6.
7.
8.
When
Downloading
The
user
Program
ticket
ICA
Secure
theclient
logs
launches
Program
isGateway
returned
Neighborhood
the
in
makes
to
ICA
an
the
Neighborhood
contacts
server
file
an
to
application
Access
the
SSL
launches
forwards
browser
CDA
connection
the
Centre
contacts
and
Secure
CDA
the
as
the
the
as
ICA
loads
an
described
to
connection
Ticket
Program
client.
the
entry
the
itSecure
uses
Secure
Authority
within
Neighborhood
inXML
tothe
Ticket
Gateway.
the
the
to
previous
via
ICA
destination
query
Authority
XML
fileCDA
the
and
which
slide
and
in
MetaFrame
queries
exchanges
turn
validates
server
contains
as
the
the
native
the
Presentation
MetaFrame
ticket.
the
destination
ICA
address
If(port
the
Presentation
Server
ticket
1494).
for
server
the
is
farm
server
internal
valid
Server
forthe
replaced
a address
list
destination
farm
of available
to
by
for
discover
the
aMetaFrame
ticket.
address
applications
which
forserver
thefor to
that user
use.
secure
Presentation
MetaFrame
gateway.
Server
Presentation
for the application
Server uses
is returned.
load balancing techniques to
determine which server will be used.
Secure Ticket
Authority
Providing Access to
Traditional Applications
MetaFrame-enabled applications
–
–
MetaFrame XP for Windows
MetaFrame for UNIX
Access Options:
–
–
–
–
Program Neighborhood CDA - Multi-Farm support
Embedded Applications – Run in a web page
Access Center menu – Application list by login
File-Type Association – Click and run application access
Providing Access to
Web Applications & Resources
To provide unified access to:
–
–
–
–
Web-based applications
ASP applications
Intranet, Extranet and Internet Resources
Web-based reporting tools
Access Options:
–
–
–
Web Site Viewer – embed Web pages
Web Favorites – list of Web-based content
Integration to:
–
–
–
–
Microsoft Sharepoint Portal Server
Microsoft Web Forms
Documentum
Stellent
eRoom
– Bantu*
–
–
Sitescape*
* third party CDAs
Providing Access to
Documents and Information
To provide simplified access to:
–
–
–
Network file shares
Document Management
Indexed information and knowledge
Access Options:
–
–
–
–
–
Shared Documents – point to any UNC path
Wed Site Viewer – integrate web-based reports/docs
Internet Search – search the internet
Microsoft Sharepoint Portal Server integration
Other document management applications
Providing Access to
Database Information
To provide access to:
–
–
Custom/queried views
Web-based reports
Access Options:
–
–
–
–
Database Viewer – custom SQL views/dynasets
Web Site Viewer – HTML reports
Microsoft Spreadsheet Web Part – Spreadsheet views
File-type association – Proprietary formatted reports
Hardware Requirements
Single-server installation
Server: 700 Mhz, 2Gb Ram
– Components: Web, Agent, State, DB Server
Advantage: quick deployment, minimal hardware
requirements, suitable also for development
environment
–
Multi-server installation
Server standard: 700 Mhz, 1Gb Ram
– Servers: Web/State(1), Agent(2), SQL (1)
Advantage: built in redundancy, increased user loads.
–
Thank You!
Questions?
Related documents
Southeastern Michigan State Employees Federal Credit Union
Southeastern Michigan State Employees Federal Credit Union
Presentation: Many kinds of clients and servers
Presentation: Many kinds of clients and servers
Here is the Original File
Here is the Original File
Slide 1
Slide 1
File - Mr. Philpott`s Courses
File - Mr. Philpott`s Courses
System Design Exercises part 2
System Design Exercises part 2
Components of an operating system
Components of an operating system
Basic Networking Terminology
Basic Networking Terminology
Team42
Team42
eHealth Network Monitoring
eHealth Network Monitoring