Understanding and Implementing Citrix Password Manager 4'0

1
Understanding and Implementing Citrix Password
Manager 4.0

• Paul Wilson Ed Zimny
• Product Development Team
• Citrix Systems

Don Griffin, MCSE, MCNE, IEEEDirector, IT
Infrastructure / R D Beverly Enterprises
2
Introduction

• Paul Wilson, Sr. Test Engineer for Password
  Manager at Citrix Systems
• Ed Zimny, Sr. Products Manager for Password
  Manager at Citrix Systems
• Don Griffin, Director, Infrastructure Research
  and Development at Beverly Enterprises

3
Objectives

• Identify the benefits of Password Manager in the
  enterprise environment.
• Identify the main components and secure
  architecture of Password Manager
• Complete basic administrative tasks using the
  Password Manager console
• Configure and demonstrate selectedPassword
  Manager features

4
Agenda
5
Password Manager Overview
Single Sign-On to Windows,Web and host-based
applications
Access to Any Application
One Primary Logon
Windows
Citrix Advanced Access Control
Citrix Advanced Access Control
Web
Distinct credentials for each backend
application/resource
Biometric
Smart Card
Host
Token
6
Password Manager New Features

• Password Manager 4.0
• Self-service Password Reset
• Hot Desktop
• Automatic Key Recovery
• Password Manager 4.1
• Account Unlock
• Batch Credential Provisioning
• Integration with User Provisioning Products
• Password Expiration
• Java Support

7
Benefits of Password Manager

• Increases IT Security
• Facilitates Regulatory Compliance
• Best End User Access Experience
• Compatibility and Extensibility
• Quick ROI

8
Agenda
9
Architecture Components

• Agent
• Console
• Central Store
• Service

10
Architecture Agent

• Enterprise SSO to secondary applications
• GINA-based Authentication
• Intelligent Agent Response

11
Architecture Console

• Manage identity verification
• Define password policies
• Manage application definitions
• Define user configurations

12
Architecture Central Store

• Stores console administrative data
• Stores user data from agent and service
• Central location for synchronization process
• Supported Types
• AD
• NTFS/Novell fileshare
• LDAP

Central Credential Store
CredentialSynchronization
Local Credential Store
13
Architecture Service

• Uses proven XTE service
• Support for optional features
• Account Self-Service
• Key Management
• Data Integrity
• Password Provisioning
• Fault-tolerant stateless design

14
Architecture Putting it Together
15
Agenda
16
Managing Objects

• Application Definitions
• User Configurations
• Password Policies
• Identity Verification

17
Managing Applications

• Application Definition Tool (ADT)
• Application Types
• Configuring a Basic Windows Application
• Configuring a Basic Web Application

18
Managing Users

• Agent Behavior settings
• New names for old settings
• Mapping in Admin Guide
• Application Groups
• Initial Credential Setup
• Password Sharing
• Delete User Credentials

19
Managing Password Policies

• Default
• Domain
• Custom
• Expiration

20
Managing Identity Verification

• Self-Service Password Reset
• Key Recovery Methods
• Identity Verification
• Previous Password
• Automatic Key Recovery

21
Agenda
22
Beverly Enterprises

• Don Griffin, MCSE, MCNE, IEEEDirector, IT
  Infrastructure / R D

23
Who Is Beverly Enterprises ?

• Beverly Enterprises, Inc. and its operating
  subsidiaries comprise a leading provider of
  healthcare services to the elderly in the United
  States
• One of the top nursing home / hospice operators
  and contract therapy providers in the US
• 350 facilities
• 32 states and the District of Columbia
• 43,000 associates

24
Beverly and Citrix . A Success
A Complete Access Solution Partner

• Citrix Presentation Server
• Citrix Password Manager
• Citrix Secure Access Manager
• Citrix Access Gateway Secure Gateway
• Citrix Conferencing Manager
• Citrix GoToMeeting

25
Solving New Legislation Requirements with Citrix

• SOX
• HIPAA

• Solutions
• Centralization/Regionalization
• Keep Data Secure But Lower Your Exposure
• Maximize All Access Vehicles
• Turn older PCs into locked-down dumb terminals
  with no company data allowed locally.

26
But Access Challenges Remain
Login / Password Struggles

• Disproportional Amount Of Security Related Help
  Desk Calls
• Top Help Desk Issue
• High Turnover Exacerbates Problem
• 30 to 40 Percent
• Many Applications Without Pass-Through Security
• Some 3rd Party
• Some Home-Grown
• Business Innovations
• Lets try this vendor, ..OK??

27
Password Manager Hits The Mark

• Easy Deployment
• First Piloted Using Share Directory
• Full Rollout Was Active Directory
• 30-Day Deployment
• All Remote
• No Feet On Street
• Deployed to Systems Accessed By 38,000 Employees
• Enabled Single Sign-On for Email, 3rd Party
  Applications, Web Apps, Terminal Emulation.
• Help Desk Calls (Password Resets) Reduced by 28
  in 90 Days With Continued Downward Trend

28
What About After Its Deployed?

• Password Manager Flexible - Easy To Adjust
• Scenario
• Recently, A Regulatory Change Required Deployment
  Of A New Version Of Our Primary Clinical
  Application.
• This Application Is Used Daily by A Majority Of
  Our Healthcare Staff And Was Serviced By Password
  Manager
• We Had A Quick Regulatory Deadline To Meet
• Problem
• Vendor Changed A Key Field That Required Us To
  Adjust Password Manager
• Solution Adjustment Made Deployed In 30 Min.

29
Agenda
30
Before you leave

• Feature demonstrations are next
• Session surveys are available online at
  www.citrixiforum.com Monday, October 10 (please
  provide feedback)
• Download presentations from the iForum website on
  Tuesday, October 11
• TechLab Hours Mon 1200p-300p Tues
  1000a-400p Mandalay Bay Ballroom I
• Breakout session handouts are located at the
  Breakers Registration Desk South

31
Questions
32
Feature Demonstrations

• Self-Service Password Reset
• Account Unlock
• Password Change with Automatic Key Recovery
• Hot Desktop
• Batch CredentialProvisioning

33
Training Recommendations

• HOT Session 4 Integrating and Troubleshooting
  Complex Applications with Citrix Password Manager
• CTX-1614 Citrix Password Manager 4.0 Selling and
  Positioning (eLearning Course)
• CTX1325AW Citrix Password Manager 4.0
  Architectural Overview (eLearning Course)
• CTX-1326AI Citrix Password Manager 4.0
  Administration (Instructor Lead Course)

34
Before you leave

• TechLab Hours Mon 1200p-300p Tues
  1000a-400p Mandalay Bay Ballroom I
• Session surveys are available online at
  www.citrixiforum.com Monday, October 10 (please
  provide feedback)
• Download presentations from the iForum website on
  Tuesday, October 11
• Breakout session handouts are located at the
  Breakers Registration Desk South

35
Thank You

• Contacts
• Paul Wilson paul.wilson_at_citrix.com
• Ed Zimny Ed.Zimny_at_citrix.com
• Don Griffin Don_Griffin_at_BeverlyCorp.com

36
(No Transcript)