Industry news

Google & Citrix Extend Alliance to Support Secure Cloud Transformation for the Enterprise

Citrix employee blogs - Thu, 07/20/2017 - 17:02
Today, Citrix is pleased to announce a broader strategic collaboration with Google to help deliver secure, cloud-based applications to enterprise customers. Since 2010, we have worked together to deliver applications to Chrome devices and manage their Android deployments – but …   Related Stories
Categories: Citrix, Virtualisation

Exclusive White Papers Out Now! IT Challenges at Industry Verticals and How to Solve Them

Citrix employee blogs - Thu, 07/20/2017 - 16:00
Read our top vertical solution White Papers addressing key IT challenges that Education, Financial Services and Healthcare industries are currently facing.

Specific priorities at each industry vertical often get ignored with IT products and solutions meant for generic needs. The …

  Related Stories
Categories: Citrix, Virtualisation

Moving to the Cloud? Rethink Your Security Efficacy – Join Us for an Exclusive Webinar

Citrix employee blogs - Thu, 07/20/2017 - 14:00

In today’s world of apps everywhere and users anywhere, companies need security that protects across their hybrid cloud deployments.

With the rise in security threats, the need for multi-vector security protection becomes even more important as companies adopt cloud and …

  Related Stories
Categories: Citrix, Virtualisation

A New Security Architecture for the Cloud Era

Citrix employee blogs - Thu, 07/20/2017 - 12:00

What does it mean for security when virtually every device in the enterprise connects to the cloud and people access apps and data on multiple devices and platforms? It’s one of the most urgent questions facing IT, and one reason

  Related Stories
Categories: Citrix, Virtualisation

New! AWS Backend Server Autoscaling with Netscaler

Citrix employee blogs - Thu, 07/20/2017 - 11:00

From the upcoming release 12.0.51.x Netscaler on AWS supports Backend Servers Autoscaling.

Efficient hosting of applications in a cloud requires continuous optimization of application availability. To meet increasing demand, you have to scale network resources upward. When demand subsides, you …

  Related Stories
Categories: Citrix, Virtualisation

Managing your Digital Workspace using NVIDIA GRID Insights in Citrix XenServer & Director

Citrix employee blogs - Wed, 07/19/2017 - 18:00

The GPU is ubiquitous across the datacenter and cloud. Whether you’re supporting engineers and designers who rely on compute and graphic intensive applications or knowledge workers using Windows 10 and modern productivity applications, GPU is critical to your digital workplace. …

  Related Stories
Categories: Citrix, Virtualisation

Okada Manila – Where the Ultimate Luxury & the Ultimate Technology Meet

Citrix employee blogs - Wed, 07/19/2017 - 14:00

Okada Manila is Asia’s newest integrated entertainment resort and one of the largest ultra-luxury casino resorts in the world. Most companies, when implementing systems, have legacy technology to contend with, but not Okada Manila. They were in the unique position …

  Related Stories
Categories: Citrix, Virtualisation

The Real Value of Machine Learning: Beyond the Buzzwords

Citrix employee blogs - Wed, 07/19/2017 - 12:00

There’s a lot of hype over machine learning and data science these days. It’s time to go beyond the buzzwords, and find out how we, as a security community, can actually reap the benefits of machine learning like fine-tuning staffing

  Related Stories
Categories: Citrix, Virtualisation

Copying Files into a Hyper-V VM with Vagrant

Microsoft Virtualisation Blog - Tue, 07/18/2017 - 21:50

A couple of weeks ago, I published a blog with tips and tricks for getting started with Vagrant on Hyper-V. My fifth tip was to “Enable Nifty Hyper-V Features,” where I briefly mentioned stuff like differencing disks and virtualization extensions.

While those are useful, I realized later that I should have added one more feature to my list of examples: the “guest_service_interface” field in “vm_integration_services.” It’s hard to know what that means just from the name, so I usually call it the “the thing that lets me copy files into a VM.”

Disclaimer: this is not a replacement for Vagrant’s synced folders. Those are super convienent, and should really be your default solution for sharing files. This method is more useful in one-off situations.

Enabling Copy-VMFile

Enabling this functionality requires a simple change to your Vagrantfile. You need to set “guest_service_interface” to true within “vm_integration_services” configuration hash. Here’s what my Vagrantfile looks like for CentOS 7:

# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.box = "centos/7" config.vm.provider "hyperv" config.vm.network "public_network" config.vm.synced_folder ".", "/vagrant", disabled: true config.vm.provider "hyperv" do |h| h.enable_virtualization_extensions = true h.differencing_disk = true h.vm_integration_services = { guest_service_interface: true #<---------- this line enables Copy-VMFile } end end

You can check that it’s enabled by running Get-VMIntegrationService in PowerShell on the host machine:

PS C:\vagrant_selfhost\centos> Get-VMIntegrationService -VMName "centos-7-1-1.x86_64" VMName Name Enabled PrimaryStatusDescription SecondaryStatusDescription ------ ---- ------- ------------------------ -------------------------- centos-7-1-1.x86_64 Guest Service Interface True OK centos-7-1-1.x86_64 Heartbeat True OK centos-7-1-1.x86_64 Key-Value Pair Exchange True OK The protocol version of... centos-7-1-1.x86_64 Shutdown True OK centos-7-1-1.x86_64 Time Synchronization True OK The protocol version of... centos-7-1-1.x86_64 VSS True OK The protocol version of...

Note: not all integration services work on all guest operating systems. For example, this functionality will not work on the “Precise” Ubuntu image that’s used in Vagrant’s “Getting Started” guide. The full compatibility list various Windows and Linux distrobutions can be found here. Just click on your chosen distrobution and check for “File copy from host to guest.”

Using Copy-VMFile

Once you’ve got a VM set up correctly, copying files to and from arbitrary locations is as simple as running Copy-VMFile in PowerShell.

Here’s a sample test I used to verify it was working on my CentOS VM:

Copy-VMFile -Name 'centos-7-1-1.x86_64' -SourcePath '.\Foo.txt' -DestinationPath '/tmp' -FileSource Host

Full details can found in the official documentation. Unfortunately, you can’t yet use it to copy files from your VM to your host. If you’re running a Windows Guest, you can use Copy-Item with PowerShell Direct to make that work; see this document for more details.

How Does It Work?

The way this works is by running Hyper-V integration services within the guest operating system. Full details can be found in the official documentation. The short version is that integration services are Windows Services (on Windows) or Daemons (on Linux) that allow the guest operating system to communicate with the host. In this particular instance, the integration service allows us to copy files to the VM over the VM Bus (no network required!).

Conclusion

Hope you find this helpful — let me know if there’s anything you think I missed.

John Slack
Program Manager
Hyper-V Team

Categories: Microsoft, Virtualisation

High Performance NetScaler in the Cloud

Citrix employee blogs - Tue, 07/18/2017 - 18:00

As the enterprise begins its shift to the cloud and architects begin mapping and sizing infrastructure to support their application requirements, they’re presented with the limitless of capacity of the cloud. Since the cloud is highly elastic and can easily …

  Related Stories
Categories: Citrix, Virtualisation

Analysts’ Perspectives: Redefining Branch Networking With SD-WAN

Citrix employee blogs - Tue, 07/18/2017 - 16:00

Enterprises are redefining their branches as part of their digital transformation strategy, and for many, a one-size-fits-all wide area network (WAN) is no longer a viable solution. Trends, such as cloud computing, video collaboration, virtualized applications, and the internet of …

  Related Stories
Categories: Citrix, Virtualisation

Raise Your SD-WAN IQ with Citrix Hands-on Workshop

Citrix employee blogs - Tue, 07/18/2017 - 14:00
What’s up with the WAN?

It’s no surprise that WAN traffic is growing every year. According to one report, it jumped more than 200%  in 2016, and shows no sign of slowing down.

This surge is being driven by …

  Related Stories
Categories: Citrix, Virtualisation

2017 Citrix Partner Loyalty Survey: Your Feedback Helps Build Our Programs

Citrix employee blogs - Tue, 07/18/2017 - 12:00

Silence is NOT golden…..

At Citrix, the only idea that is not considered is the one that is never spoken. The same sentiment extends to our partner community as well. We want need to hear from you — the good …

  Related Stories
Categories: Citrix, Virtualisation

Microsoft Inspire delivers new Cloud products

Theresa Miller - Tue, 07/18/2017 - 05:30

Washington DC recently hosted Microsoft Inspire, the rebranded name for the company’s Worldwide Partner Conference. Alongside the One Commercial Partner announcement (a restructure of how the company engages with partners of all sizes), they snuck in some Cloud product news too. Microsoft 365 Not known for their brilliance with product names, Microsoft released Microsoft 365 […]

The post Microsoft Inspire delivers new Cloud products appeared first on 24x7ITConnection.

XenMobile: Working Through REST API, Part 1

Citrix employee blogs - Mon, 07/17/2017 - 16:30

During my more than 20 years of consulting, automation has always been one of my priorities.

The key to automation is, for the most part, scripting. Luckily, these days, our products have public APIs and can be handled through a …

  Related Stories
Categories: Citrix, Virtualisation

SMBs: A Massive, Cloud-shaped Opportunity for CSPs

Citrix employee blogs - Mon, 07/17/2017 - 14:00

Most people don’t realize it, but more than 99% of all businesses in the US are small- to medium-sized. It’s easy to underestimate this segment. Conventional business wisdom says that big businesses eat small businesses for lunch.

Well, cloud …   Related Stories
Categories: Citrix, Virtualisation

Summer: It’s the Perfect Time to Think About Cloud Readiness!

Citrix employee blogs - Mon, 07/17/2017 - 12:00

Ah, summer! A time when millions of people take a break halfway through the year to recharge their batteries. They turn on the out-of-office messages and head to mountains, beaches, or amusement parks. They reconnect with their families, friends and …

  Related Stories
Categories: Citrix, Virtualisation

Celebrating Collaboration Through Creativity: Announcing the Citrix Ready Spotlight Video Contest 2017!

Citrix employee blogs - Mon, 07/17/2017 - 12:00

The Citrix Ready Spotlight Video Contest is back! It’s time, once again, for Citrix Ready partners to bring out their best Citrix-verified products and solutions, and creatively showcase their prowess through an engaging video!

Nowadays, even superheroes are seemingly teaming …   Related Stories
Categories: Citrix, Virtualisation

Protecting a Cloud Jump Box with Duo Free

Aaron Parker's stealthpuppy - Sun, 07/16/2017 - 01:45

Deploying a jump box into a cloud environment such as Azure or AWS, is a common way of providing access into said environment through a single entry point. Often access to the jump box will be restricted by source IP, but that approach isn’t completely secure for many reasons – admins don’t update the rules, source IP doesn’t identify the user etc.

One of the best ways to protection authentication to a remote Windows box is via multi-factor authentication (MFA). Keep source IP rulesets if you want, but add MFA to ensure that even if a user’s password is compromised, additional authentication information is always enforced.

In most Azure environments I’ve deployed, the customer is licensing Azure AD Premium which we could integrate with RD Gateway and RD Web Access for securing authentication to the jump box via the Azure MFA Server. The issue there is that it requires deploying more complexity than necessary for a jump box and likely extra licensing for the RD Gateway role. Less than ideal.

So I went looking for a more cost effective way of securing remote access to cloud environments – something that’s light weight, runs on a single VM and ideally wouldn’t require additional licensing.

Fellow CTP and all round knowledgeable guy, Jarian Gibson recommended checking out Duo. Duo are an identity provider including MFA who have a a free version that gives you two-factor authentication for up to 10 users.

Adding MFA to a Jump Box

Signing up for Duo and adding MFA to a Windows Server VM running in Azure is a simple process:

  1. Sign up for Duo. A Duo account is free – this provides you with a control panel used to add Duo support for multiple applications. Install the Duo Mobile app on your phone to enable MFA prompts as phone calls and SMSs are not free. Duo gives you 490 ‘Telephone credits’, but you’ll need to add a credit card to purchase more.
  2. Add a user account to Duo that matches the account on the jump box. My jump box is a stand-alone server, so the account in Duo matches the username of an account local to the VM
  3. Choose to add MFA to ‘Microsoft RDP‘. Duo have about 125 applications they can add authentication features to, and their documentation for setup is very good.
  4. Install the Duo Authentication for Windows Logon on the target VM. The hardest part about this step was actually finding the binaries to install the agent. It’s linked in the documentation (of course) but for whatever reason, I just couldn’t see it.
  5. Keep the bad guys out

Here’s what the process looks like:

Setup

Adding Microsoft RDP (and local logon) support is as simple as clicking the ‘Protect this Application’ link. When you added, you’ll find an Integration Key, Secret Key and API hostname that will be used by the Duo agent on the target VM to authenticate against Duo for MFA prompts.

Authentication details for Microsoft RDP

As you can see in the screenshot there’s a number of options for customising authentication; however, in this case I’ve accepted all of the defaults.

Next, add a user to Duo that matches the username in the target environment. This can be a user in Active Directory or a local user account. In my test environment, my jump box is not a member of AD, but I could make the VM a member of a domain. The ability to target domain or local users is great because it provides flexibility.

Adding a user in the Duo Console

For this user account, I’ve added a phone number which then allows me to send a link for adding the account to the Duo Mobile app on the user’s phone.

Activating an account on the Duo Mobile app

Send a link to the user which can be customised:

Send an activation link to the user

Here’s what appears on the user’s phone – tap the link and it will open in the Duo app.

Duo activation link sent to the phone

And the account now added to the phone. Here’s I have my Duo admin account, plus the account on the jump box. I’m not sure whether the display name can be changed, but it does show my customised logo configured in the Duo admin console.

Accounts in the Duo Mobile ap, but t

So setup of Microsoft RDP and a user account in the Duo console is quick and easy, so onto installing the Duo agent on my target VM.

Installing the Duo Agent

Logon to your target VM, download the Duo Authentication for Windows Logon agent and run the installer. During install you’re asked for the account details setup previously in the admin console. 

Adding the Duo account details to the agent

The installer supports a silent install, so you could for example, add the agent with authentication details with PowerShell DSC during deployment of the VM.

One the agent is install, no reboot is required. Yes – no reboot!

Logon Experience

When connecting to the jump box via RDP, you authenticate with username and password from the local device as normal; however, once the connection is made, Duo displays a security prompt, where you’ll need to respond to a push notification, phone call or provide a passcode.

Duo security prompt on the jump box

The screenshot shows the Duo logo, even though I’ve set my own logon in the Duo console. While my custom logo displays on the phone, I would have liked for it to display on the Windows logon screen to provide users with the extra visual feedback when logging in.

Responding to a login request in the Duo Mobile app on the iPhone is as simple as acknowledging the request with an Approve (or Deny, if need be).

Duo login request on an iPhone

If you have an Apple Watch, you can approve the login request from your wrist without finding your phone, so responding to the notification is even quicker.

Duo login request on the Apple Watch

Denied Logons

There may be many reasons why logins are denied, so here’s what the experience looks like for a couple of scenarios. The first screenshot shows what happens if I tap Deny on the authentication prompt on my phone or watch:

Logon request denied

If I click Dismiss and close the Duo dialog box, Windows displays a login request button.

Login request denied

I can re-enter my password at the point and the Duo Security dialog will come up again and send me an authentication notification.

What happens for other users on the system that aren’t enrolled in Duo? If login is successful, they’ll see a prompt that says “The username you have entered is not enrolled with Duo Security. Please contact your system administrator.” Shown here:

When a user is not enrolled in Duo

This looks pretty good. I’m not sure if there’s ways around the Duo authentication, but I presume standard credential provider hooking into GINA is used, so it should be as rock solid as Microsoft makes in and Duo adheres to the standard.

Summary

In this article, I’ve shown you how to integrate Duo into a RDP login to provide MFA for a jump box hosted in Azure. This provides the additional security needed to protect logins into these environments that could augment source IP rules for remote access or allow you to open RDP access for administrators needing to get into the cloud environment from anywhere. Best of all, we’ve added this extra security with minimal infrastructure additions and no extra licensing.

This article by Aaron Parker, Protecting a Cloud Jump Box with Duo Free appeared first on Aaron Parker.

Categories: Community, Virtualisation

Using Self Service to Configure, Troubleshoot & Understand XenMobile

Citrix employee blogs - Fri, 07/14/2017 - 15:00

I am Subhash Kaja, and I want to share a story based on the experience we have as customer-facing team (previously, we were known as the WhiteGlove and Mobility Experts Team) for Mobility and XenMobile InterOp Components. Our belief is …

  Related Stories
Categories: Citrix, Virtualisation

Pages

Subscribe to Spellings.net aggregator