SlideShare uma empresa Scribd logo

Daniel künzli cloudgateway.next

Digicomp Academy AG
Digicomp Academy AG
Tecnologia
1 de 37
Baixar para ler offline
Citrix CloudGateway . next Enterprise Mobility Management Daniel Künzli Senior Systems Engineer Networking & Cloud
WE BELIEVE… • End users will win the battle of choice • BYO will fundamentally transform IT • Mobile = Heterogeneity • Managing heterogeneity will create huge value
Enterprise mobility is rapidly changing Manage BYO BYO Devices Manage Devices Manage Email Corporate Devices 2000 2012
Customer Needs •Basic set of secure apps • App distribution & management • Centralized policy control •Service Level Management • Support for any device - BYOD
CloudGateway Architecture Citrix CloudGateway Mobile Web NetScaler/ StoreFront AppController Access Gateway SaaS Citrix Receiver FMD XenDesktop/ ShareFile XenApp #CitrixSynergy #SYN203
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
MDX Mission Permit IT control of enterprise assets on unmanaged mobile devices Enterprise assets 1. Enterprise applications 2. Enterprise data 3. Enterprise network access
Overview of MDX Architecture Managed Applications Secure Network Tunnel gateway Secure IPC services Authentication MDX Framework MDX Framework MDX Framework Entitlements & policies app private app private app private data vault data vault data vault shared data vault MDX Framework provided by either: Encrypted data with enterprise key management 1. Wrapping toolset 2. Directly compiled SDK
Mobile Vault Architecture – API interception mobile app mobile OS
Mobile Vault Architecture – API interception mobile app network files clipboard Policy aware interception functions network files clipboard micro-VPN encrypted encrypted storage clipboard mobile OS Citrix mobile services
Mobile Vault Architecture – API interception App Wrapping (iOS): mobile app • API Interception techniques ᵒ Direct modification of app binary (replace symbol references) ᵒ Runtime hook injection for system calls & native libraries ᵒ Objective-C categories with method swizzling network files clipboard • MDX Framework code injected via dynamic library Policy aware interception functions network files clipboard micro-VPN encrypted encrypted storage clipboard mobile OS Citrix mobile services
Mobile Vault Architecture – API interception App Wrapping (iOS): mobile app • API Interception techniques ᵒ Direct modification of app binary (replace symbol references) ᵒ Runtime hook injection for system calls & native libraries ᵒ Objective-C categories with method swizzling network files clipboard • MDX Framework code injected via dynamic library Policy aware interception functions network files clipboard SDK: • Symbols redirected at compile time micro-VPN encrypted encrypted storage clipboard • Access to native services reduces need mobile OS for hooks/swizzling Citrix mobile services • MDX Framework statically linked
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
User account discovery Streamlined first time use experience • Get Receiver from the app store • Find your Receiver account details ᵒ Service record delivery by email or web ᵒ Recommended approach: Receiver account auto-discovery • Receiver account auto-discovery • User provides email address • Receiver uses well known DNS names in corporate domain to locate Storefront • Similar to process used to auto-discover exchange servers
Device registration First time logon: lightweight mobile device registration • Receiver silently registers device with CloudGateway ᵒ Receiver provides device unique token and selected device information • CloudGateway issues unique device ID  Receiver • CloudGateway links device ID/tokens to users ᵒ Admins can view all devices registered to users ᵒ Devices can be locked or marked for app data wipe ᵒ Receiver and MDX apps poll CG current lock/wipe status • Gateway must be reachable, but no logon needed
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
Device and app authentication • Receiver registers and track devices to users ᵒ Permits lock and wipe of corporate data/apps on selected devices • Receiver also serves as access manager for MDX managed applications ᵒ Strongly identifies applications ᵒ Determine app entitlements and policies ᵒ Brokers permitted data exchanges between managed apps • MDX applications can parlay their Receiver auth context into other credentials for single-sign ᵒ NTLM challenge/response (or the real AD domain, username, & password) ᵒ User and device certificates ᵒ Specialty tokens like Sharefile SAML token eventually kerberos, Oauth/OpenID , etc.
Single sign-on • Receiver and CloudGateway directly provide SSO for ᵒ Hosted applications (ICA/HDX) ᵒ Web/SaaS applications • MDX applications can parlay their Receiver authentication context into other credentials and access rights ᵒ Gateway tickets for micro-VPN access ᵒ NTLM challenge/response (or even the real AD domain, username, & password) ᵒ User and device certificates ᵒ Specialty tokens like Sharefile SAML token ᵒ Eventually credentials for auth systems… kerberos tokens, Oauth/OpenID , etc.
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
 100+ connectors built-in  SAML and Form-Fill compatibility  Provisioning for popular SaaS services
 Tie all apps to AD  Enforce policies  Single click de-provisioning  End user self-service
End user experience
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
Micro-VPN • Policy controlled per-application tunneling technology • Relies on Citrix Receiver for authentication and SSO • Network access policy choices: ᵒ Blocked • Application network APIs are blocked and fail as if network is not available ᵒ Unconstrained • Application network APIs work normally ᵒ Tunneled • Application network APIs are tunneled through CloudGateway to enterprise intranet • Full power of Access Gateway Enterprise 9.x and 10.x to configure VPN behavior ᵒ Split-tunnel based on IP address ranges or domain suffix -OR- route all traffic back into enterprise intranet ᵒ Powerful rules engine for constraining access for external applications
Micro-VPN Architecture (iOS) mobile app Networking Logic NSURLRequest CFNetwork BSD Sockets corporate intranet NSURLRequest Network interception functions direct calls (resolve domain, etc.) server proxy info Tunneler library session ticket auth ASIHTTPRequest Socks UDP TCP Proxy Proxy Proxy localhost listener server network requests (redirected to local proxy) encrypted tunnel MDX Framework
Only with NetScaler or Access Gateway Ent. 27
Citrix Access Gateway™ and Citrix NetScaler™ Providing secure remote access to Windows apps, desktops, and enterprise web Adaptive Best Performance HDX SmartAccess MDX Micro VPN Policy Control & Flexible Deployment
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
What happens in MDX apps stays in MDX apps…. • Many ways for information to escape from a managed app ᵒ MDX framework slams the door on these escapes • Data exchange with other apps ᵒ Copy/Paste ᵒ Document exchange (Open-In) ᵒ Network APIs ᵒ Printing, iCloud, email, SMS, etc… • Restrict access to sensitive device hardware ᵒ Camera, microphone, location services, screen shots, etc • All controls are applied at run-time based on current app policies
Containing Data Exchange • Blocking copy/paste and other types of data exchange is easy ᵒ Gives poor user experience • Constraining data exchange to managed apps yields far better experience • By default, MDX framework seeks to constrain many operations to managed apps only: ᵒ Copy/paste ᵒ Document exchange (Open-in) ᵒ Inter-app dispatch (URL Schemes, Intents) • Administrator can place apps into a named security groups ᵒ If not configured, default is all managed apps
Encryption of persistent app data • Mobile platforms secure persistent data in application sandboxes ᵒ These protections trivially defeated by jail-breaking or rooting device • Most mobile platforms can encrypt persistent data… but there are limits ᵒ Encryption keys are held persistently on device ᵒ Keys are often protected by cryptographically weak PIN or passcode ᵒ No means to revoke access if device is not recovered • Better solution: Encrypted file vaults with keys managed by enterprise
Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
Mobile Apps Suite Mail Browser Documents
Enterprise Citrix ISV Apps Me@Work Apps
Citrix Receiver and CloudGateway delivers enterprise mobility today • Mobile container for apps, browser, data, and email Mobile Container • Native iOS, Android, and HTML5 apps wrapped with Mobile App policy Wrapping • Secure network access from app through Receiver to Secure Mail CloudGateway Secure Browser • Remote wipe/lock Contained Data Single Sign-On Mobile Optimized
Work better. Live better.

Recomendados

Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data CenterCisco Russia
 
Remote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageRemote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageIJMER
 
BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.Michal Jarski
 
Kubernetes solutions
Kubernetes solutionsKubernetes solutions
Kubernetes solutionsEric Cattoir
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 

Recomendados

Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data CenterCisco Russia
 
Remote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageRemote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageIJMER
 
BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.Michal Jarski
 
Kubernetes solutions
Kubernetes solutionsKubernetes solutions
Kubernetes solutionsEric Cattoir
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudIntel - API Security & Tokenization
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Introspeloso
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Systems, Inc.
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudCA API Management
 
Into the Cloud
Into the CloudInto the Cloud
Into the CloudAmazon Web Services
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Cloudera, Inc.
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
P hallam baker_keynote
P hallam baker_keynoteP hallam baker_keynote
P hallam baker_keynoteshindeshekhar
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSJoseph Holbrook, Chief Learning Officer (CLO)
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...NetwayClub
 

Mais conteúdo relacionado

Mais procurados

Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Introspeloso
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Systems, Inc.
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudCA API Management
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Cloudera, Inc.
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
P hallam baker_keynote
P hallam baker_keynoteP hallam baker_keynote
P hallam baker_keynoteshindeshekhar
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 

Mais procurados (20)

Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Intro
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest Access
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architecture
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the Cloud
 
Into the Cloud
Into the CloudInto the Cloud
Into the Cloud
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioning
 
P hallam baker_keynote
P hallam baker_keynoteP hallam baker_keynote
P hallam baker_keynote
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWS
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 

Destaque

Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...NetwayClub
 
Mobey Forum NFC Update - Citi
Mobey Forum NFC Update - CitiMobey Forum NFC Update - Citi
Mobey Forum NFC Update - CitiDion Lisle
 
F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction Jimmy Saigon
 
ESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET
 

Destaque (6)

Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...
 
Mobey Forum NFC Update - Citi
Mobey Forum NFC Update - CitiMobey Forum NFC Update - Citi
Mobey Forum NFC Update - Citi
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction F5-BigIP Edge gateway introduction
F5-BigIP Edge gateway introduction
 
ESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure Authentication
 

Semelhante a Daniel künzli cloudgateway.next

Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2Digicomp Academy AG
 
Enterprise mobility management customer presentation december scripted
Enterprise mobility management customer presentation december scriptedEnterprise mobility management customer presentation december scripted
Enterprise mobility management customer presentation december scriptedNuno Alves
 
J75912 nec cloud brochure storage
J75912 nec cloud brochure storageJ75912 nec cloud brochure storage
J75912 nec cloud brochure storageNECIndia
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudPeter Coffee
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsCA API Management
 
Desktop Virtualization and the Consumerization of IT
Desktop Virtualization and the Consumerization of ITDesktop Virtualization and the Consumerization of IT
Desktop Virtualization and the Consumerization of ITInnoTech
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADFF5 Networks
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Private Compute-as-a-Service
Private Compute-as-a-ServicePrivate Compute-as-a-Service
Private Compute-as-a-ServiceKeao Caindec
 
Virtualization and cloud computing
Virtualization and cloud computingVirtualization and cloud computing
Virtualization and cloud computingDeep Gupta
 
Cloud computing
Cloud computingCloud computing
Cloud computingsaralaanuj
 
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)RightScale
 
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...Peter de Haas
 
Presentation applications with the power of soft layer
Presentation applications with the power of soft layerPresentation applications with the power of soft layer
Presentation applications with the power of soft layerxKinAnx
 
IBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM Events
 
Airwatch - Mobile Content Strategies and Deployment Best Practices
Airwatch - Mobile Content Strategies and Deployment Best PracticesAirwatch - Mobile Content Strategies and Deployment Best Practices
Airwatch - Mobile Content Strategies and Deployment Best PracticesGlobal Business Events
 
APPs modernas e Back-End na Nuvem com Microsoft Azure
APPs modernas e Back-End na Nuvem com Microsoft AzureAPPs modernas e Back-End na Nuvem com Microsoft Azure
APPs modernas e Back-End na Nuvem com Microsoft AzureVitor Meriat
 

Semelhante a Daniel künzli cloudgateway.next (20)

Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
 
Enterprise mobility management customer presentation december scripted
Enterprise mobility management customer presentation december scriptedEnterprise mobility management customer presentation december scripted
Enterprise mobility management customer presentation december scripted
 
J75912 nec cloud brochure storage
J75912 nec cloud brochure storageJ75912 nec cloud brochure storage
J75912 nec cloud brochure storage
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the Cloud
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model Requirements
 
Desktop Virtualization and the Consumerization of IT
Desktop Virtualization and the Consumerization of ITDesktop Virtualization and the Consumerization of IT
Desktop Virtualization and the Consumerization of IT
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADF
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Private Compute-as-a-Service
Private Compute-as-a-ServicePrivate Compute-as-a-Service
Private Compute-as-a-Service
 
Virtualization and cloud computing
Virtualization and cloud computingVirtualization and cloud computing
Virtualization and cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
 
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
DDHS 2009 Microsoft Heads In The Cloud Feet On The Ground Peter de Haas...
 
Presentation applications with the power of soft layer
Presentation applications with the power of soft layerPresentation applications with the power of soft layer
Presentation applications with the power of soft layer
 
IBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George Karidis
 
Airwatch - Mobile Content Strategies and Deployment Best Practices
Airwatch - Mobile Content Strategies and Deployment Best PracticesAirwatch - Mobile Content Strategies and Deployment Best Practices
Airwatch - Mobile Content Strategies and Deployment Best Practices
 
APPs modernas e Back-End na Nuvem com Microsoft Azure
APPs modernas e Back-End na Nuvem com Microsoft AzureAPPs modernas e Back-End na Nuvem com Microsoft Azure
APPs modernas e Back-End na Nuvem com Microsoft Azure
 

Mais de Digicomp Academy AG

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Digicomp Academy AG
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Digicomp Academy AG
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Digicomp Academy AG
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutDigicomp Academy AG
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutDigicomp Academy AG
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xDigicomp Academy AG
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Digicomp Academy AG
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinDigicomp Academy AG
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Digicomp Academy AG
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattDigicomp Academy AG
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogDigicomp Academy AG
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnDigicomp Academy AG
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingDigicomp Academy AG
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessDigicomp Academy AG
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Digicomp Academy AG
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceDigicomp Academy AG
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudDigicomp Academy AG
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slidesDigicomp Academy AG
 

Mais de Digicomp Academy AG (20)

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handout
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit x
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING Expertendialog
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital Business
 
Minenfeld IPv6
Minenfeld IPv6Minenfeld IPv6
Minenfeld IPv6
 
Was ist design thinking
Was ist design thinkingWas ist design thinking
Was ist design thinking
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slides
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Daniel künzli cloudgateway.next

  • 1. Citrix CloudGateway . next Enterprise Mobility Management Daniel Künzli Senior Systems Engineer Networking & Cloud
  • 2. WE BELIEVE… • End users will win the battle of choice • BYO will fundamentally transform IT • Mobile = Heterogeneity • Managing heterogeneity will create huge value
  • 3. Enterprise mobility is rapidly changing Manage BYO BYO Devices Manage Devices Manage Email Corporate Devices 2000 2012
  • 4. Customer Needs •Basic set of secure apps • App distribution & management • Centralized policy control •Service Level Management • Support for any device - BYOD
  • 5. CloudGateway Architecture Citrix CloudGateway Mobile Web NetScaler/ StoreFront AppController Access Gateway SaaS Citrix Receiver FMD XenDesktop/ ShareFile XenApp #CitrixSynergy #SYN203
  • 6. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 7. MDX Mission Permit IT control of enterprise assets on unmanaged mobile devices Enterprise assets 1. Enterprise applications 2. Enterprise data 3. Enterprise network access
  • 8. Overview of MDX Architecture Managed Applications Secure Network Tunnel gateway Secure IPC services Authentication MDX Framework MDX Framework MDX Framework Entitlements & policies app private app private app private data vault data vault data vault shared data vault MDX Framework provided by either: Encrypted data with enterprise key management 1. Wrapping toolset 2. Directly compiled SDK
  • 9. Mobile Vault Architecture – API interception mobile app mobile OS
  • 10. Mobile Vault Architecture – API interception mobile app network files clipboard Policy aware interception functions network files clipboard micro-VPN encrypted encrypted storage clipboard mobile OS Citrix mobile services
  • 11. Mobile Vault Architecture – API interception App Wrapping (iOS): mobile app • API Interception techniques ᵒ Direct modification of app binary (replace symbol references) ᵒ Runtime hook injection for system calls & native libraries ᵒ Objective-C categories with method swizzling network files clipboard • MDX Framework code injected via dynamic library Policy aware interception functions network files clipboard micro-VPN encrypted encrypted storage clipboard mobile OS Citrix mobile services
  • 12. Mobile Vault Architecture – API interception App Wrapping (iOS): mobile app • API Interception techniques ᵒ Direct modification of app binary (replace symbol references) ᵒ Runtime hook injection for system calls & native libraries ᵒ Objective-C categories with method swizzling network files clipboard • MDX Framework code injected via dynamic library Policy aware interception functions network files clipboard SDK: • Symbols redirected at compile time micro-VPN encrypted encrypted storage clipboard • Access to native services reduces need mobile OS for hooks/swizzling Citrix mobile services • MDX Framework statically linked
  • 13. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 14. User account discovery Streamlined first time use experience • Get Receiver from the app store • Find your Receiver account details ᵒ Service record delivery by email or web ᵒ Recommended approach: Receiver account auto-discovery • Receiver account auto-discovery • User provides email address • Receiver uses well known DNS names in corporate domain to locate Storefront • Similar to process used to auto-discover exchange servers
  • 15. Device registration First time logon: lightweight mobile device registration • Receiver silently registers device with CloudGateway ᵒ Receiver provides device unique token and selected device information • CloudGateway issues unique device ID  Receiver • CloudGateway links device ID/tokens to users ᵒ Admins can view all devices registered to users ᵒ Devices can be locked or marked for app data wipe ᵒ Receiver and MDX apps poll CG current lock/wipe status • Gateway must be reachable, but no logon needed
  • 16. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 17. Device and app authentication • Receiver registers and track devices to users ᵒ Permits lock and wipe of corporate data/apps on selected devices • Receiver also serves as access manager for MDX managed applications ᵒ Strongly identifies applications ᵒ Determine app entitlements and policies ᵒ Brokers permitted data exchanges between managed apps • MDX applications can parlay their Receiver auth context into other credentials for single-sign ᵒ NTLM challenge/response (or the real AD domain, username, & password) ᵒ User and device certificates ᵒ Specialty tokens like Sharefile SAML token eventually kerberos, Oauth/OpenID , etc.
  • 18. Single sign-on • Receiver and CloudGateway directly provide SSO for ᵒ Hosted applications (ICA/HDX) ᵒ Web/SaaS applications • MDX applications can parlay their Receiver authentication context into other credentials and access rights ᵒ Gateway tickets for micro-VPN access ᵒ NTLM challenge/response (or even the real AD domain, username, & password) ᵒ User and device certificates ᵒ Specialty tokens like Sharefile SAML token ᵒ Eventually credentials for auth systems… kerberos tokens, Oauth/OpenID , etc.
  • 19. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 20.  100+ connectors built-in  SAML and Form-Fill compatibility  Provisioning for popular SaaS services
  • 21.  Tie all apps to AD  Enforce policies  Single click de-provisioning  End user self-service
  • 22.
  • 24. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 25. Micro-VPN • Policy controlled per-application tunneling technology • Relies on Citrix Receiver for authentication and SSO • Network access policy choices: ᵒ Blocked • Application network APIs are blocked and fail as if network is not available ᵒ Unconstrained • Application network APIs work normally ᵒ Tunneled • Application network APIs are tunneled through CloudGateway to enterprise intranet • Full power of Access Gateway Enterprise 9.x and 10.x to configure VPN behavior ᵒ Split-tunnel based on IP address ranges or domain suffix -OR- route all traffic back into enterprise intranet ᵒ Powerful rules engine for constraining access for external applications
  • 26. Micro-VPN Architecture (iOS) mobile app Networking Logic NSURLRequest CFNetwork BSD Sockets corporate intranet NSURLRequest Network interception functions direct calls (resolve domain, etc.) server proxy info Tunneler library session ticket auth ASIHTTPRequest Socks UDP TCP Proxy Proxy Proxy localhost listener server network requests (redirected to local proxy) encrypted tunnel MDX Framework
  • 27. Only with NetScaler or Access Gateway Ent. 27
  • 28. Citrix Access Gateway™ and Citrix NetScaler™ Providing secure remote access to Windows apps, desktops, and enterprise web Adaptive Best Performance HDX SmartAccess MDX Micro VPN Policy Control & Flexible Deployment
  • 29. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 30. What happens in MDX apps stays in MDX apps…. • Many ways for information to escape from a managed app ᵒ MDX framework slams the door on these escapes • Data exchange with other apps ᵒ Copy/Paste ᵒ Document exchange (Open-In) ᵒ Network APIs ᵒ Printing, iCloud, email, SMS, etc… • Restrict access to sensitive device hardware ᵒ Camera, microphone, location services, screen shots, etc • All controls are applied at run-time based on current app policies
  • 31. Containing Data Exchange • Blocking copy/paste and other types of data exchange is easy ᵒ Gives poor user experience • Constraining data exchange to managed apps yields far better experience • By default, MDX framework seeks to constrain many operations to managed apps only: ᵒ Copy/paste ᵒ Document exchange (Open-in) ᵒ Inter-app dispatch (URL Schemes, Intents) • Administrator can place apps into a named security groups ᵒ If not configured, default is all managed apps
  • 32. Encryption of persistent app data • Mobile platforms secure persistent data in application sandboxes ᵒ These protections trivially defeated by jail-breaking or rooting device • Most mobile platforms can encrypt persistent data… but there are limits ᵒ Encryption keys are held persistently on device ᵒ Keys are often protected by cryptographically weak PIN or passcode ᵒ No means to revoke access if device is not recovered • Better solution: Encrypted file vaults with keys managed by enterprise
  • 33. Elements of the Solution • Common MDX architecture (iOS and Android) • User & device enrollment • SSO with AD integration • App delivery and management • App specific VPN • Information containment • Core mobile apps
  • 34. Mobile Apps Suite Mail Browser Documents
  • 35. Enterprise Citrix ISV Apps Me@Work Apps
  • 36. Citrix Receiver and CloudGateway delivers enterprise mobility today • Mobile container for apps, browser, data, and email Mobile Container • Native iOS, Android, and HTML5 apps wrapped with Mobile App policy Wrapping • Secure network access from app through Receiver to Secure Mail CloudGateway Secure Browser • Remote wipe/lock Contained Data Single Sign-On Mobile Optimized
  • 37. Work better. Live better.