What if your environment gets pwned? Or you lose your local hypervisor and everything running on it? Or you lose all your precious configurations due to a human error or some glitch? The Black Swan In some rare cases we’ve been involved in disaster recovery cases where customer’s environment has been exposed, compromised or under … Disaster Recovery
We need to secure and segment our network and block direct connections to server networks. There’s also a lot of buzz about Zero Trust Network Access (ZTNA) and the “old” castle and moat defense is considered weak and ancient. Products are often presented as a ZTNA solution even that it’s more of a concept than … On-prem bastion / Jump host
Everyone has their master IdP (Entra ID, OKTA, Google Identity…) already in place anyways, so what’s all the fuzz about? It might be a bit more useful to walk-through a couple of examples to shed some light on the why. This post will explain three use-cases: One thing in common for all of the use-cases … NetScaler as IdP/SP – why?
This article will be updated if new information is found or something is incorrect. Backgrounds Overview The actual change is described in MS KB5014754. In a nutshell the change enforces strong mapping of certificates to an on-premises AD user object. This change will impact many (government) users that are using smart cards. For many cases … MS Certificate authentication changes
This year has been interesting with many vendors changing their licensing and Cloud Software Group has definitely stirred the pot on their own behalf. From where we’re standing, this also presents a great opportunity to get a lot more out of your investment. Overview So, what actually happened was that recently Cloud Software Group (or … Citrix Licensing changes for NetScaler
Last one (for now); having SSO all the way to the application is critical for users and from security perspective. And most importantly; achievable with NetScaler. Overview In the example the web application acts as an OIDC SP, using NetScaler as an OIDC IdP. NetScaler authentication itself is similar to the previous post, so it’s … Chained federated authentication, NetScaler as SP and IdP
Second one – are you ready? I think this one is a bit more interesting and something you might run in to! Overview In the example the reverse proxy is protected with Microsoft Entra ID authentication capabilities. NetScaler is configured as SAML SP for Microsoft Entra ID and no SSO for the destination web front … Federated authentication, NetScaler as SP
As promised; here’s the first one of the three real-life authentication examples. I will post the next one tomorrow and the final one the day after tomorrow. Overview In this use case the NetScaler acts as a load balancer (aka reverse web proxy) for the web front end servers, but also enables the authenticate, authorize … NetScaler Basic on-prem authentication
Overview Far too often I’m facing an assumption that the NetScaler is “just a load balancer” or the Gateway for Citrix environments. Of course it’s true that NetScaler can do both of the above, but it’s capable of so much more. We here at Comping have been working on various cases around identity and NetScaler … NetScaler Identity handling capabilities
Overview You’ve gotten this far so let me wrap this series up for you. Why – Why someone tries to access the environment? Who – Who should be able to access the environment? Can we authenticate the users or identify them in another way? Where – Where are the users connecting from? From the office … Security basics, part 5 – How?
