Duration 45:02
16+
Play
Video

Citrix Synergy TV - SYN219 - Access Control solution deep dive

Praveen Raghuraman
Director, Product Management at Citrix
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN219 - Access Control solution deep dive
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
463
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

About the talk

Topic: IT

Access Control is the new solution for upleveling your access strategy. Join us as we uncover easy and secure SSO capabilities to all apps, specifically SaaS and web applications, and security controls to help govern SaaS and web app usage. Learn how to improve security for all of your apps and put web filtering and browser isolation security policies in place for internet access. Plus, get tips on integration with Citrix Analytics and for providing your end users with an easy and seamless experience for accessing all of their applications and data.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

How do you want? I'm coming to Ramen address of product management responsible for the access control and Gateway Solutions. And. My name is Bella 00:05 Swami Norton senior manager in the engineering and work on some parts of Fort Worth going to talk about and also in the Citrix virtual apps and 00:15 desktops surface pen works and how you can actually implemented 00:22 in your deployment before we proceed. Just a quick disclaimer. 00:32 Work now. All right, 00:44 then. 00:52 What do you want to do is just provide you a quick overview of the solution talk about how we can address all the core you kisses and what are the 01:05

capabilities like that be having the access control solution. You really going to four years cases which are part of the overall solution and then 01:13 we'll do the few demos and can we bring it all together? Don't be a few features that are on our road map and Randy 8, so we'll be also giving you a 01:22 glimpse into that. Would that flips into the solution or Rio? So before we going to actually water solution is I 01:31 like I just wanted to say I love you in the picture around what are the core needs that our customers have been telling us which is driving really the 01:41

point of the solution for a leader of Porky requirements when it comes to delivering secure access to apps and it's a very important 01:48 experience feature. But at the same time it also reduces the overall check pedometer because you don't have to now login to 50 different sites and 01:58 your passwords that requirement and being able to do that along with having the quadratic equation mechanisms. The second thing is when you are 02:06 dealing with sass applications of applications are different kinds of applications that your employees may be using for work protecting IP and 02:16

providing governments around how does applications are actually consumed is Accused case 02:24 and links that maybe actually within even sank. Applications that are now 02:29 becoming a tax collectors. So how do we actually provide the ability to do you know how isolated Continental Plaza right controls in the food thing is 02:39 being able to gain visibility and inside so you really can manage this key behavior from user perspective and then drywall that to closed-loop control 02:47

within the solution. So that customers have been telling us and what that maps to is this for 02:55 critical capabilities, which is around authentication being able to do the characters in single sign-on enforcing policy can call and then bringing 03:05 analytics to help with the arousal and what did he actually integrate all these capabilities into one 03:15 Mystic solution and deliberate so that you can use the same single solution whether you're in or tell 03:25 ring size applications. Posted Enterprise applications. Are you have in OU's it's going to the internet for sanctions on Iran sanction content 03:35

and capability is around from an unusual perspective being able to tell about that single sign-on experience. He'll be basically use the word 03:44 space app as the as a main or unified peanut single-pane-of-glass and being able to use that on any device and under different sort of a 03:54 locations. Where is Officer remote? The actual core capabilities of security control are part of what axis controlled really delivers in 04:03 here will be going into acting all these capabilities in depth and so it is making sure we have the visibility and the analytics particularly much 04:13

really detailed understanding of user risk, or you could scores and being able to get our detailed reports and what kind of data and contents actually 04:23 being access. We launched Access Control last year and in August and ever since we've actually been getting a lot of 04:31 requests from customers. So I just wanted to give you a quick view of all the new capabilities that we've actually added does a lock that has been 04:40 happening and there are a few items that are actually on our road map is very excited about in further enhancing you overall solution. I'll be 04:48

covering all of this going into the details of how long the presentation. Let's now look into how it works. So the solution actually is delivered 04:57 from an admin perspective through these four key tile. So when you log into your Citrix Cloud console account, you will see what I do have different 05:07 tiles access control is a solution that is also a child go when you request a trial you actually get entitled to all of these four different tiles. 05:15 And I think that's a very important distinction because many customers are all prospects have asked us. How do I get, you know, the overall Solution 05:24

on all of these times actually composed that the broader solution that were talking about attacks control. Now let's talk about some of the other core 05:32 capabilities in the first one. We really want to dresses multi-factor authentication. So what is the roadmap and what are the capabilities we 05:42 have with multi-factor Arts today? So excited to announce that we have native two-factor auth built into Citrix Cloud using the 05:52 80-plus token mechanism and, and use of perspective. It's a fairly simple three-step process where they went to log into that 06:01

work space. They will be presented with a token challenge that they have to enter the process to pre-register their device using any 06:11 third-parties SSO app either can be a citric acid or a third-party authenticator like Google or Microsoft 06:20 token that they have from that authenticator app into the application and they get single signed in. So this is a solution is 06:28 fully delivered. Florence available right now in GA For more advanced use cases, what you've done is we've actually got a lot of feedback from some of 06:37

our customers and partners where they actually want to leverage that existing Investments have only made with their Gateway on friends. So we also 06:46 announcing the availability of this gateway to be something that you can actually connect and use that Confederate to all other Advanced mechanisms. 06:55 So things like being able to we don't connect to Google are akhtar any of the other third-party IDP or even being able to use ping or a r 07:04 s a r s a Duo for doing second factor out using radius of any of these mechanisms already supported on from today and you can now use 07:14

it along with work space. And what shelter does it typically allows you to leverage your existing Investments and help unblock the Migration by 07:24 moving on the clock Journey. Looks like you have your on-premises gateway that you may be using all ready for 07:33 two-factor on Advanced multi-factor. And what we've done is from an inducer perspective, you can configure gateway to be really annoy PC server and 07:43 you make an arrow ID. So what policy on your gateway once you do that configuration when end-users connect to your workspace, they will get redirected 07:53

for that request back into the gateway and they're depending on what particular configuration is there for two-factor multi-factor that will execute 08:03 and when the result comes back we're now able to authenticate unlock the user into their work space does a fairly easy process from an endurance 08:12 perspective and it allows you to leverage your existing on Furman. so this capability obviously allows you now 08:21 to interoperate with an ecosystem of third-party providers like the likes of 200 and Addison and what have you and obviously we have things like smart 08:30

card authentication integrated Windows authentication and several other capabilities which now instantly become available in the context of what state 08:40 Flex. Review how single sign-on what have you done in single sign-on and you know how the process works so it's all about and 08:51 so all of these common applications that can you see a supported as P define template within the access control 09:00 console. So when you going to the three step process to publish these applications and configure them so that 09:10

end users can use them and in this picture. I also have that the blob on the on the left 2009 certificate which 09:19 is available also for you to download and then upload resume to XML file or being able to copy paste into the service provider that you have 09:29 the family straightforward auction, and I'm close to 300 Alberton templates 09:39 and if you have any applications that you Using and you would like us to add that, you know, you can let us know or do you also have the option to be 09:48

able to better to configure life with and set up your own app as well? So let's walk through house as IQ. How does style single sign-on actually work? 09:56 So here I am this picture on the left the workspace app. And as you notice the workspace app has evolved from what used to be your own privacy work 10:05 with an embedded engine built into it as a network incline which and risk management API that actually send all the data into search analytics. So 10:14 when the last time when a user has logged in and they connect two separate Cloud, 10:23

it sends the list of all the applications that list now populated with an event space app 10:29 connection Listen to Let's play one of the tiles in one of the tank and apps and then 10:39 we do the single sign-on sam'l assertion based on the configuration that's already been provided. This could be us for that Office 365 any of these 10:48 commonly used application. Do you have the cookie which is not used for the session to continue and the user is not directly London. So they're single 10:57

sign-on we continue to use that token and keep asserting it and we can you know seamlessly give them the experience pain in word space. The other 11:06 important thing here to notice is that we send all the data from the workspace app and search analytics for being able to collect my brother a 11:15 visibility and give you Insight on what kind of behavior is happening so that the process and what about say you have a application you have 11:25 applications like Outlook web access or share point or sap or any of these different applications that you may be hosting internally within your own 11:34

Enterprise in your data center. So you can now use Gateway service actually to be able to provide the same simplified experience using the word space 11:43 without actually requiring to have a VPN. So this is really how much more simpler easiest painless way from an end-user experience perspective. So we 11:52 have a service tech preview and we will be available in GA very soon by hopefully 12:00 by the end of the end of this quarter in Q2. So the main requirement for a being able to do this is you have to use one of the you 12:10

know, supported a single sign-on a methody have we currently support capitalist firms based and Direction and we're also working on some of the new 12:20 are mechanisms and also one other thing that's important is that you need what is called as a Gateway connector and think of this as a fully managed 12:29 appliance that we sent that you actually can download and deposit your data center and a common best practice is to be able to use to use this Gateway 12:38 connector in a cheap ammo so that you have full Brazilian Samba tendency in terms of funeral connections. Some details about disconnected. It actually 12:48

is actually a washing machine and runs in a single IP mode with DHCP all communication from the connector off to the cloud is fully encrypted 12:58 with the other thing is so similar to what you may have known about 13:08 how to get rid of this world like a proxy the same mechanism is used here. Now these connectors are fully managed by Citrix. So these 13:17 are automatically updated and you can also monitor their health by actually looking at a pretty simple dashboard which gives you a view into the 13:27

health and status of that object connector. I'm going to show you a quick demo sort of how what the admin experience in a New Direction. 13:37 It looks like. I'm going to log in first in into 13:47 Citrix cloud. And here we go to the Gateway service child and you see these options. You'll see an option to add avocado salsa that your list of all 13:57 the applications. What I'm going to do is choose inside. My network has the option and we're going to configure Outlook web access. So we enter the 14:06

name of the actual fqdn on that you that would be used to reach this application within your corporate Network. And obviously you can customize 14:15 anything to set up an icon when it shows on the workspace enhanced security before the new capability. As I mentioned. We were added this year and you 14:25 have to publish the Gateway connector. So I just selected died. And what we're going to do is just go ahead and 14:35 configure all the different parameters like the assertion the actual URL the username password. He wants to be complete that process. 14:44

Your application will be ready to be then made available on the workspace. So now it's available and 14:54 the user that can actually go ahead and use this application. So you see that out the way back since she was up here and I 15:03 don't know what he's got is a manic subscribers option where you can select a user or a domain of users have selected music group Indianapolis 15:13 published in the end user logs into their work space. They were actually seems like on when I click on it. It stated exactly the way we've Creek 15:23

Retreat any other classification. I have the security controls enable. So when your launch Outlook you see that the watermark appears also 15:32 enabled pepper drink, so that's why you see if there's a bad link or any form of malicious link that is going to get blocked. So 15:41 pretty much all the controls & Security capability. That we've had with access control for stats are now available also for your hole straight on from 15:51 apps. So I'm going to hand it over to Bala who's going to walk us to some of the policy control mechanism. Thank you. All right. So once the users 16:00

have logged on then comes to most fun park every administrators dream job how to keep your security department happy how to keep your end-users happy 16:10 right, security perspective boat sinks single 16:18 sign-on for a consistent experience, but after that you want to make sure your intellectual property is being protected you want to make sure that any 16:28 browsing that is going on and that's not bringing any sort of vulnerability into the into the corporate Network. And what kind of information 16:37

are induced verse about Cinco de Mayo be inadvertently going to start in places. So those are compliance issues right to handle these three types of 16:47 challenges. You need Cloud app controls. We're going to talk a little bit about how to control the inducer Behavior so that they don't inadvertently 16:56 caused any kind of for IP challenges when they don't think you want to make sure that they're all the texts that are out there are 17:04 being isolated. So we'll talk a little bit about browser isolation. And the last part is about content filtering. So in the earlier demo that 17:14

Caribbean walkthrough, he click this enhanced security button really what happens behind the scenes with that one click you control and use her 17:24 behavior you control what kind of contract they cannot produce and in addition to that you also control the 17:32 ability to look at the various sites without bringing in any type of malware any kind of 17:42 notice. There is clipboard access can be restricted printing can be 17:48 Restricted certain types of navigation. Maybe you just want them to be in a particular section that maybe it's just getting there do your sap work or 17:58

do you work in a work day and then you're out right and restrict downloads and they're in the in the previous launch. You are so at Watermark 18:06 display right to all of these capabilities come with one click. This is controlling inducer what they can do and cannot go in 18:16 addition to this behind us there to other things that happen. All the content goes through a web filtering mechanism. And in addition to 18:25 that dynamically depending on the situation the entire browsing can be completely isolated out of your corporate Network. So talking about content 18:35

filtering, right? Somebody may go into a class happen to be working on something and there's a link that leads to one thing which leads to another and 18:44 inadvertently that users may end up in a place where they should not but I thought today certex offers almost a hundred ninety plus categories that 18:52 you can you can restrict. So these are done by category is every website and web sites have a reputation Score says 19:01 what so you had the ability to see and you search can only produce external unsanctioned website that have a reputation of four or 19:11

you can only go to certain sites that are safe from my browsing protector. Are 19:21 most products give you a black and white list, but cervix is the only company that offers you a turd mechanism called redirecting to secure browser. 19:31 This is where you keep your end users happy as well because if they wanted photos social media and other acceptable forms of accepted media, right you 19:40 can let them but just not inside your car at the airport. So Access Control in in in conjunction to secure dresser offers you that unique capability. 19:50

All right. So how does how do you decide what's allowed and what's not allowed and where to where to direct the inducer second 20:00 things 20:09 work properly. Those are by default alarm and the second thing is if it's a supplication that you published like the example you saw in the previous 20:19 demo. Those are allowed Everything else by default takes on the extreme security posture where they're blocked, but then if they're not blocked if 20:26 this is not part of your Blacklist, then we look at how to redirect it into the secure browser safe. Maybe that in your pipe. There's a link that 20:35

leads you into into a LinkedIn or Facebook or something like that. Those are immediately launched into a sandbox. So 20:43 I've been mentioning second dress for a couple of times. So let me just give you a quick idea of how this architectural Works what really we do behind 20:52 the scenes as we have isolated browser that runs in Citrus Club. We managed it be instantiated and it offers three important functionality 21:00 isolation containment and privacy what I mean by isolation is whatever the inducer does is happening in a browser that is 21:10

outside your corporate Network and happening within such a club that is isolation. If inadvertently a user enter in a place where they should know. 21:20 It's all contained within the secure browser in my neck. So it has no zero impact to your corporate networks on 3rd. When I say what I mean by privacy 21:29 is what happens at the end of the session is the interior contacts deleted and completely reset. So every time somebody logs him you 21:38 are guaranteed to start in the known king skate. You cannot even be connect back there. So with that black round, let's talk a little bit about how is 21:48

this being used in the access control context? Right? So here's the inducer that login into their workspace app. They have the recipe type install on 21:57 their medicine device login and they are about to launch their space app the test app when you have the enhanced security enabled is going to go 22:06 through the web filtering when it notices that the application or or the user is clicking on a link that is not sanction. Then what it does. 22:15 Into the particular status application you happen to click into a URL that does not sanction. It's going to be that into secure 22:29

browser service. Now you may be well is Desert mean the inducer is now able to produce any side not at all because what happens if even the security 22:38 services intelligent enough to know that this needs to be redirected back into the web printing services available as part of the access control and 22:48 then it goes to some of these normal highly-decorated sites in which you control. I think you 22:55 control Bedford drink and you also control isolation. But the most more common case may be that some of your inducers may be launching a native 23:05

browser. So what happens when they launched a little browser and login into Citrix workspace? We noticed that this is coming from 23:15 an infant that is not a subject work space and the intersection into secure browser. And so one way or the other end users and that within a certain 23:25 Sports pizza because we have a version of Citrix workspace app that also danced with insecure browser. Is there a town near manage device or it's in 23:35 the Citrix secure browser service one way or the other you have a trip from here the same lettering happens and going out to any of this unsanctioned 23:42

URS will continue to the right ovary covered. This is the way in which Access Control offers you the capability to protect your IP. 23:52 Isolate any kind of browsing and also make sure the content that is being produced is complaint with the regulations that use it in place. 24:02 At this point, how do I understand? You know, what is my user Behavior? How do I understand the risk? And you know, what can I do to 24:12 control their behavior of the service indicator into my organization 24:21

even 24:26 bringing together the different policy control? And what we do is tie it all together with search analytics to give you the visibility so you can 24:36 actually no one Monica and then we ghost policies so that they weren't the best based on your security pass chain requirements 24:43 station 24:49 score that information is actually used and send two separate analytics and along with that all the information that is used in terms of what types of 25:00 yous are adding access virus by different user. That is used in by Sabaton lyrics to create border collie service code to 25:09

quantify potential risk. It's a number between 0 200. I mean, you know broadly speaking it it can 25:18 vary there's an obvious piano in the background on how it works. But what we see on the dashboard is this tiles on the top where each of the 25:28 websites that I'm being accessed based on the desk or directly categorize. So if you have websites that are highly that are known to be malicious that 25:38 are known to be back there obviously going to show up in those red and yellow tiles and anything that supposed to be clean sanction going to show up 25:47

in the green and explicitly blocked. You are lucky to get a very good sentence using this dashboard on what kind of 25:54 posture or what is your overall assessment of risk from the standpoint of people using applications. You can always turn down 26:04 and go back in time and actually look at all the different, you know transactions. If you will visit sites that uses of actually access 26:13 for the easy for you to be able to you know, use the ad in government policy and all of this data analytics to do 26:23

that. If you click on a specific you can get pretty detailed timeline view of how that users risk actually progressed. And what is the basis on which 26:33 this restore his computer one thing to note here beside the date has not only coming from axle control code is computer Based on data that is coming 26:43 from across the surface of ecosystem. So do you have any point management or if you have shared file and many other other products deployed all of 26:52 those I can you contribute to the overall overall I can get score. When are the new edition that has been added to 27:00

Olympics and particularly for Access Control? Is this new search and filter base troubleshooting. So when you have the ability to actually go in 27:09 and launch this very easy and simple search my stool and there's a drop-down for Access or that what that does is now it allows you to search all the 27:19 data and all the log II just saw very quickly and you can use a very simple and easy filter mechanism in 27:28 Fast 6 on the left side. Like I can quickly filter based on the category of a book websites that I mean access or things like whether it is 27:38

what type of content it belongs to and reputation and so on and so forth need troubleshooting tool. Let's view today goes all the 27:48 admin capabilities. Right? We we can review the four core component of how the solution is buried. Let's look at what is the end-user going to 27:58 experience based on their different, you know policies that we actually set up in face and all the single sign-on the first show you 28:07 a better browser you typically install it on your desktop and when it tries to go to one of the 28:17

Publix applications, this is going to open a browser. If no enhanced security is turned on about the enhanced security check. Bots in this 28:27 in this case since we haven't enforced any policies, they get single sign-on, they can actually access that but if you have enhanced security turned 28:36 on then depending on the specific browser controls as well as the cloud controls, you will actually see different Behavior. Turn 28:46 down the Walmart and it's open. It opens up in the embedded browser. That's local installed. And they say you now try to access Salesforce everything 28:56

since what you have your applications, then you continue to be within that app. This is all allowed. So, you know, you'll be allowed to go to the site 29:05 if there is a sign that it's malicious or bad. It's in the block and you'll see this access first page and for everything else that wasn't that great 29:13 category that really bad. I was explaining that lawn mowing to secure browser and all this is seamlessly happening without you know, you having to go 29:23 and change too many things that we too many things at your end user is using a machine that does not have workspace app installed that say they're 29:30

working from you know, home or some other place and they have to get some stuff done and they say they have to login to their work application today 29:37 web version when you are a lot of work space and it's very similar Behavior. What if you remember one thing that I mentioned it if we don't have what? 29:46 Is Apple local install instantiate a secure browser session automatically in the cloud. So what the access control 29:55 services doing is it actually detect that this particular user session is coming from outside of workspace app. So we need to enforce it and Yaki 30:05

automatically create a very very important point that you have bought you kisses you have the ability to enforce policy control and 30:15 take appropriate actions. And anything that is obviously within the secure browser Service as a 30:23 reader can be only have themselves. So we'll just go ahead and you know that. No, one other use case is sp initiated 30:33 flow. That's what it really means is you if you wanted directly access the SAS application outside of the workspace app icon. 30:43

And let's see you directly use the link that is published by the service provider than what you can do with similar behavior. In this case. You would 30:53 go and use your carpet photos pretty common lot of people in bed that you are alive and make it easy and convenient for people to use access to this 31:02 as that user me directly go and type that URL. Not depending on whether single sign-on is turned on or not. You will see you again some different 31:09 Behavior. Then we will instantiate the secure browser again same behavior. Right one thing. You notice your desired. 31:19

What for the single sign-on we do need to make sure that you're up or your service provider has turn the login URL. So 31:29 it's typically something that you would do us part of your configuration, but it's an important requirement if it's allowed to deny the same quality 31:39 of life. So you access your sanction applications. You can get these policy control enforcement. No, I thought it would be helpful to 31:46 just get a compare and contrast these different browsers and what their experience really looks like and this is a very common question you get from a 31:56

lot of people so he can be heroes. If you're using the embedded browser, obviously you have a very full native experience and also 32:04 this this runs and all the policy control is as far as in control second third and fourth locally on the device 32:13 in the cloud and very soon as of now, we don't have access controller in the accounting equation for 32:21 need a browser. But that is something we're working on in the roadmap and it'll be available soon. So when one status available your 32:31

browser and still get the web filtering controls. So today we have the Cloud app controls. Let's play Espina headed Droid 32:40 shown you but web filtering and that will actually be available. On it. That's all I have a small demo on that. I'll show you how it how it looks. 32:50 So one other really nice capabilities that many people have asked us is you know, I like workspaces great all the capabilities 33:00 of nice, but what if I'm you don't want to transition to the cloud on my journey to the cloud are we have significant Investments a storefront and go 33:10

to let how do we actually know still consume some of this thing and embark on the journey. So this would be your typical front front end end bike 33:18 and depending on where you're coming from be able to access in applications using workspace app to in this is actually the 33:27 storefront user interface control which gives you the ability to connect to all these tears after enforce quality control functionality 33:37 which will be available in touch with you soon and what to do with a likely sync all the stars have been real bad definitions that we have put into 33:47

work space and present them as icons. On your button on the storefront photos that you have to 33:57 run that actually runs on your DVC and it basically does a periodic sink and pulls all those definition to be created using the 34:07 public in hybrid deployment. This was obviously announced yesterday 34:17 the keynote and what what's important here is you will need to have entitlement to access control to be able to use this functionality result of 34:27 access the bridge and overtime, you know, if you can consume everything in between workspace. Let me show you a demo of how this thing works and how 34:36

Holly I can experience looks like. Do I have the cell phone corner here? 34:46 We have published Salesforce as a secure app with all the policy control. When you log in the very first time what you would actually sees that 34:56 Watermark appear. I'll be back to be disabled cut copy paste and we're putting download and intersections. So let's say you can actually try to go 35:05 in and it shows up but you know, you still see that you can actually try and copy face anyting download is prevented as well. 35:15

And all of this is happening from the accident. I started with the store front. So this is what size application now, let's see if you go back and you 35:25 won't answer you do the same thing for what day was in another application you're single sign-on. I didn't have to go ahead and you know enter my 35:34 password and same behavior, right depending on what policy controls have been enabled. You see all these security controls in place so that it's 35:41 pretty neat for that 10-point now, King is if I if I try to let you know browse the web page that particular Watermark is going to show up front and 35:50

center. So you're actually kind of protected. Let's go in and I can try to launch another application here in this case. That's it. 36:00 That's what I have and locations to all of the policy control 36:10 capabilities are fully supported with this new feature. No. So that lets going in so what's what's 36:20 the next ride in one of his slaves already talked about it, but I want to go into more detail in a browser also and have 36:30 a consistent policy for battery. And where does it really becomes interesting and important is that sexual arousal immigration? Because what you could 36:40

do is you can obviously use of you know, other third-party solution for everything and use that to block site. What if you wanted the same cuz 36:48 it's just an experience for all your sanction and work application to go through their own favorite 36:58 need a browser this one so we are working on a proxy configuration Pac-12 37:08 is approached. You will definitely will need to have your machine the MGM managed or GPO manage, so It's important that you know that God 37:18

has not changed. So that is a requirement. But typically if you have one of those conditions than this solution should work fine in the first phase. 37:28 We won't have some of the advantages cases like SLO bypass an exception windows are a little something worth considering for the future and 37:37 has an end-user will be authenticated just like a work space and user so 37:45 kind of an extra layer of security when they're accessing me out there. Thank you. So that I can look at a demo. Now. How would 37:54

this how how does it look like Find this case I have I'm going to go in and 38:04 launch a lunch my favorite browser. So I first of all let me walk you through the admin experience. So this is the 38:14 access control on the console and European people have a new section tornado browser settings turn on the ability to use when putting phone in the 38:24 browser data pack file. It's hosted in the cloud. And what you going to do is you will typically you don't have this configuration 38:33

done to a Thule GPO. What is this use case? I'm going to actually go ahead and turn on automatic configuration buy coffee tasting that URL and that's 38:43 pretty much it. Once this step is done the other requirements to actually install a certificate which obviously I don't have any requirement so I can 38:53 make sure that you know, you have a trust relationship between the client and our of Prague Novena login to work space as using my you-know-what space 39:02 credentials. We should be a day or night whatever you have done at that point in time. I get the same experience. If it's allowed of application 39:12

now, let's say if it was being you know, it's loaded to sanction if it's a blog site automatically block died and we 39:22 didn't start from what Stacy just started from Modern native browser the same exact experience for some 39:32 of the social media websites like Instagram. If you try to go to one of those sides then will automatically be able to enforce that 39:39 to the secure browser. Finally I wanted to kill you start up your own give you a view into 39:49 one of their capability that be announced at Keno yesterday, which is also part of the overall control solution. And this is about adding more 39:59

a protection capabilities and increasing that list of different kind of an old browser-based control that we can fly to New capabilities. 40:09 One is the ability. Do you know block and obfuscate data when it's not my 40:19 place app at the same time. We also have the ability to have the screen capture 40:25 sort of obfuscate it so what would that look like essentially is this new to new check boxes that you will see in your workspace 40:35 configuration when you go into an enhanced security and you can turn them on or off. You 40:44

do need to have the workspace app installed. These capabilities will not work in the evaporation. And main reason is that since he Lagos actually are 40:54 like a local agent that might actually be off the heating and Resident on your network on your device. We do need to make sure that this can be 41:03 enforced on the local machine. So that are all on the road map and we'll be announcing that availability over the 41:11 next coming quarters. Weird that I kind of feel toward the end of our session. I don't want to draw your attention to a couple of other 41:20

sections where we will be coming similar content. We have an identity and access management session later in the day at 4:30. So very similar 41:30 capabilities, but also give me your view of what are the other, you know, our identity capabilities that we working on entrance off, you know partners 41:40 and salsa food and then, you know, don't forget to rate our session and give us feedback. She like this session. Let us know if you didn't like us to 41:48 let us know whatever you think that you would like to see him in future. So with that, I think we have a few minutes to take questions. 41:57

Thank you for being a density prospective customers the night. We just use Google Authenticator to get in 42:13 store for the next gas station for this is something they just do it with the Google 42:21 what you would do it you would you would use the on from Gateway 42:30 for now because I'm from Gateway has the ability to be able to you know Frederick. I didn't read some of the other providers and that would be the way 42:40 you can bring Google ADP along with you. Don't go along with the saxophone. Sorry, I didn't catch the question. 42:47

No, I could Got a Feeling. Oh, okay. So your question is about do we support Google user directory? So not yet. That is something that is 43:00 that is being considered by the identity team signed up. We can connect you to the identity project manager on timeline. 43:10 Citrus cloud now has at least three different connector requirements to file UI service between a general contractor now the Gateway connection to the 43:21 ATM agent consolidation across that so that we can provide customers a single and point to connect with all citrus call functionality 43:29

way more and more. So that is 43:36 going on without actually being able to exactly give you a specific time line, but it's very very soon. We are working on unifying the ability to 43:46 enter have one single connector. I'd like to be able to do these things and then some architectural changes will allow us to be a lot more agile and 43:55 how we can rule out these capabilities from a connector standpoint. So so yes good question. any more questions 44:02 Okay. So the question is what is the method required to connect storefront to the cloud? You're so what apps on desktop you would typically 44:18

use the cloud connector and at the end of how can I get essential it helps you make those outbound connections for all your data traffic going to the 44:27 Gateway service also acts as a way for you to be able to connect your 80 or unfriend. So that's the mechanism. 44:36 any more questions Alright. Thank you very much. Thank you. 44:49

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN219 - Access Control solution deep dive”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN219 - Access Control solution deep dive”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content