digipass authentication for netscaler - maintenance · pdf filexenapp xendesktop...
TRANSCRIPT
DIGIPASS Authentication for
Citrix NetScaler (with AGEE)
INTEGRATION GUIDE
1 DIGIPASS Authentication for NetScaler (with CAG)
DIGIPASS Authentication for NetScaler (with CAG)
Disclaimer
Disclaimer of Warranties and Limitation of Liabilities
All information contained in this document is provided 'as is'; VASCO Data Security assumes no
responsibility for its accuracy and/or completeness.
In no event will VASCO Data Security be liable for damages arising directly or indirectly from any
use of the information contained in this document.
Copyright
Copyright 2012 VASCO Data Security, Inc, VASCO Data Security International GmbH. All
rights reserved. VASCO, Vacman, IDENTIKEY, aXsGUARD, DIGIPASS and logo
are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data
Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc.
and/or VASCO Data Security International GmbH own or are licensed under all title, rights and
interest in VASCO Products, updates and upgrades thereof, including copyrights, patent
rights, trade secret rights, mask work rights, database rights and all other intellectual and
industrial property rights in the U.S. and other countries. Microsoft and Windows are
trademarks or registered trademarks of Microsoft Corporation. Other names may be
trademarks of their respective owners.
2 DIGIPASS Authentication for NetScaler (with CAG)
DIGIPASS Authentication for NetScaler (with CAG)
Table of Contents
Reference guide ............................................................................................................. 4
1 Overview................................................................................................................... 5
2 Technical Concepts ................................................................................................... 6
2.1 Citrix ................................................................................................................... 6
2.1.1 NetScaler ....................................................................................................... 6
2.1.2 Access Gateway Enterprise Edition .................................................................... 6
2.1.3 Web Interface ................................................................................................. 6
2.2 VASCO ................................................................................................................. 6
2.2.1 IDENTIKEY Authentication server ...................................................................... 6
3 Citrix setup ............................................................................................................... 7
3.1 Architecture .......................................................................................................... 7
3.2 Prerequisites ......................................................................................................... 7
3.3 Citrix ................................................................................................................... 7
3.3.1 Access Gateway .............................................................................................. 7
3.3.1.1 Policies .................................................................................................... 7
3.3.1.2 Virtual Servers ........................................................................................ 11
3.3.1.3 Groups .................................................................................................. 12
3.4 Test the setup .................................................................................................... 14
4 Citrix Receiver on mobile ........................................................................................ 15
4.1 Architecture ........................................................................................................ 15
4.2 Prerequisites ....................................................................................................... 15
4.3 Citrix ................................................................................................................. 15
4.3.1 Access Gateway ............................................................................................ 15
4.3.1.1 Policies .................................................................................................. 15
4.3.1.2 Virtual Servers ........................................................................................ 18
4.4 Test ................................................................................................................... 19
3 DIGIPASS Authentication for NetScaler (with CAG)
DIGIPASS Authentication for NetScaler (with CAG)
5 Solution .................................................................................................................. 22
5.1 Architecture ........................................................................................................ 22
5.2 Citrix ................................................................................................................. 22
5.2.1 Access Gateway ............................................................................................ 22
5.2.1.1 Policies .................................................................................................. 22
5.2.1.2 Virtual Servers ........................................................................................ 25
5.3 IDENTIKEY Authentication Server .......................................................................... 26
5.3.1 Policies ........................................................................................................ 27
5.3.2 Client .......................................................................................................... 28
5.3.3 User ............................................................................................................ 29
5.3.4 DIGIPASS .................................................................................................... 29
5.4 Test the Solution ................................................................................................. 31
5.4.1 With the browser .......................................................................................... 31
5.4.2 With Citrix Receiver ....................................................................................... 31
6 FAQ ......................................................................................................................... 34
7 Appendix ................................................................................................................. 34
4 DIGIPASS Authentication for NetScaler (with CAG)
DIGIPASS Authentication for NetScaler (with CAG)
Reference guide
ID Title Author Publisher Date ISBN
5 DIGIPASS Authentication for NetScaler (with CAG)
DIGIPASS Authentication for NetScaler (with CAG)
1 Overview This whitepaper describes how to configure a Citrix NetScaler with Citrix Access Gateway
Enterprise Edition (AGEE) in combination with the VASCO IDENTIKEY AUTHENTICATION Server.
That way an extra security layer can be added to the SSL VPN solution the CITRIX AGEE provides.
Netscaler
XenApp
XenDesktop
Authentication
Servers
6 DIGIPASS Authentication for NetScaler (with CAG)
DIGIPASS Authentication for NetScaler (with CAG)
2 Technical Concepts 2.1 Citrix
2.1.1 NetScaler
Citrix NetScaler makes apps and cloud-based services run five times better by offloading
application and database servers, accelerating application and service performance, and
integrating security. Deployed in front of web and database servers, NetScaler combines high-
speed load balancing and content switching, data compression, content caching, SSL acceleration,
network optimization, application visibility and application security on a single, comprehensive
platform.
2.1.2 Access Gateway Enterprise Edition
Citrix Access Gateway Enterprise Edition (AGEE) is a secure application access solution that
provides administrators granular application-level control while empowering users with remote
access from anywhere. It gives IT administrators a single point to manage access control and
limit actions within sessions based on both user identity and the endpoint device, providing better
application security, data protection, and compliance management.
2.1.3 Web Interface
The Citrix Web Interface provides users with access to XenApp applications and content and
XenDesktop virtual desktops. Users access their resources through a standard Web browser or
through the Citrix online plug-in.
2.2 VASCO
2.2.1 IDENTIKEY Authentication server
IDENTIKEY Authentication Server is an off-the-shelf centralized authentication server that
supports the deployment, use and administration of DIGIPASS strong user authentication. It
offers complete functionality and management features without the need for significant budgetary
or personnel investments.
IDENTIKEY Authentication Server Server is supported on 32bit systems as well as on 64bit
systems.
7