Citrix Venafi Solution brief
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
Citrix® NetScalerTM and Venafi Key and Certificate Management Solution Organizational Benefits Achieve on-going encryption and key management best practices: • Enhance security • Reduce operational complexity • Reduce regulatory and compliance risks • Increase overall network and operational performance
Expanding complexity of enterprise certificate and key management Data is the new currency and when sensitive information is lost or compromised, organizations often pay a heavy price. A steady stream of high-profile security breaches and data losses have cost organizations millions in revenue and lost customer and investor confidence. Today, nearly every enterprise application and IT system has been encryption key and certificate enabled. While this delivers greater security capabilities than ever before, the complexity of utilizing this encryption capability has created a significant increase in security and operational risk and degradation in network and application performance When data is protected by securing it with an encryption key, the key becomes the data and is the thing that must be protected. If the key is not well managed, the risk of data loss or theft increases significantly. Certain key types, based on the encryption algorithms or key length, have been cracked and compromised. The government agency NIST has concluded that 1024-bit encryption keys are vulnerable and pose a security risk, and should be migrated and upgraded to the stronger, 2048-bit keys. However, this process of migrating and upgrading poses significant operational complexities as well as significant network and application performance challenges. Organizations are faced with finding and identifying thousands of encryption keys across vast disparate IT environments and infrastructures. Once an inventory is established they then are faced with the significant operational burden of migrating weak keys to recommended 2048 bit keys and ensuring this process took place as planned without and impact on critically system availability. In addition, it is estimated that the computing power necessary to process and manage SSL sessions utilizing recommended 2048 bit keys is approximately 5x that of 1024 bit keys. This places a significant and costly burden on network and application resources. Organizations need to identify and eliminate systemic, unquantified and unmanaged security, operational and compliance risks associated with deprecated 1024-bit RSA encryption keys. They also need to reduce operational complexity and enhance network and application performance related to migrating 1024-bit keys to recommended “Acceptable” 2048-bit encryption keys.
Proven interoperability of Venafi and Citrix Venafi and Citrix have partnered to create a turnkey certificate and key management solution that eliminates enterprise risks associated with Key and Certificate management while also enhancing network and application performance. The result is improved security, compliance and operational efficiency. Venafi works intricately with the SSL offloading, Citrix Access Gateway Enterprise Edition (SSL VPN) and Application Firewall features integrated in Citrix NetScaler. NetScaler has been tightly integrated with Venafi for automated key generation and certificate distribution.
www.citrix.com
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
Administrators can set up NetScaler hardware and virtual appliances to work closely with Venafi in the generation of keys, configuration of certificates, provisioning and installation of these on NetScaler. With Venafi and NetScaler, organizations can scale encryption deployments and management functionality across the enterprise. Venafi support and manages hundreds of thousands of keys and certificates at many of the world’s most prestigious Global 2000 organizations while NetScaler powers over 10 gigabits of SSL traffic per appliance with 2048 bit keys. • Enable rapid migration from 1024 bit keys to 2048 across the IT infrastructure – Venafi has the certificate inventory – Venafi provides automated replacement of keys – Venafi can enforce 2048 policies / compliance • Improve performance by offloading SSL certificates to NetScaler devices – Expand NetScaler platforms to enable 2048 compliance without degrading performance – Venafi integration with NetScaler enables automated deployment of certificates to NetScaler from other systems
Director Certificate Manager and Citrix NetScaler Capabilities Venafi Encryption Director™ Certificate Manager™ (Director Certificate Manager) enables organizations to rapidly develop an accurate certificate inventory and identify security and operational risks. Additionally, organizations can quickly evaluate their compliance with corporate and regulatory policies and establish a concise methodology to ensure compliance through controls policy based workflow and automation capabilities. Citrix NetScaler is an all-in-one web application delivery appliance. Deployed in front of weband app-servers, NetScaler is a purpose-built hardware platform, also available as virtual appliance on VMware ESX, Citrix XenServer and Microsoft Hyper-V hypervisors, that includes high-speed content switching and application acceleration, content caching, SSL acceleration, web application firewall, network optimization, and application performance monitoring. NetScaler helps an organization quickly deploy scalable and available internet-facing applications, while reducing total cost of ownership, optimizing the user experience, and ensuring security of applications. Director Certificate Manager and Citrix NetScaler provides out-of-the-box automated management and network performance capabilities that eliminate unquantified and unmanaged risk and enhance operational efficiencies: • Develop an inventory: Remove guesswork and get a clear picture of your encryption landscape through automated discovery. Rapidly identify where risk exists and take action. • Discover weaker, 1024-bit keys and quickly migrate thousands of certificates or CAs to 2048-bit keys and provision new certificates rapidly with one-click replacement functionality. • Convert application based keys and certificates to Citrix NetScaler for increased network and application performance. • Monitor certificate expiration: Alert administrators before problems wreak havoc in your environment, escalate if timely action is not taken.
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
• Reduce private key access: With secure and automated remote generation and provisioning of keys and concise separation of duties, you can minimize private key access. Ensure that those with knowledge of a key’s credential do not have access to the stored key. • Get compliant: Compare assets to standards and measure reality versus objectives. With policy-based automated enrollment and provisioning, ensure that mission-critical encryption assets meet the standards you must comply with, while reducing administrator workload.
Admin(s)
Separation of duties for cert and key mgmt operations
CA(s) Automated certificate enrollment to one or more Cas
Director Approver(s) Dual control through enforcement of one or more approvals
Director
Automated provisioning to one or more devices, including non-Citrix systems with same key
Automated management operations: • Certificate discovery • Key pair/CSR generation • Certificate installation • Private key provisioning (where applicable) • CA certificate provisioning • Certificate/key extraction • Monitoring and validation • One-to-many distribution • Optional workflow gates for required approvals
Venafi Director Certificate Manager and Citrix NetScaler Integration
Apache IIS Java and iPlanet
Tealeaf Compuware
Customers
Venafi and Citrix Implementation Scenario
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
Conclusion With Venafi Encryption Director and Citrix NetScaler, you can ensure that your encryption systems provide the security they are designed to deliver while at the same time reducing operational risk and administrative workload with improved application and network performance. Secure your organization and improve operational computing with Director Certificate Manager and Citrix NetScaler today and dramatically minimize your risk profile. Learn more at http://www.citrix.com/ready/partners/venafi.
Worldwide Headquarters Citrix Systems Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309, USA T +1 800 393 1888 T +1 954 267 3000 www.citrix.com
Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen, Switzerland T +41 52 635 7700
Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central, Hong Kong T +852 2100 5000 Citrix Online Division 6500 Hollister Avenue Goleta, CA 93117, USA T +1 805 690 6400
PA R T N E R Citrix Ready
About Citrix Ready Citrix Ready identifies recommended solutions that are trusted to enhance the Citrix Delivery Center infrastructure. All products featured in Citrix Ready have completed verification testing, thereby providing confidence in joint solution compatibility. Leveraging its industry leading alliances and partner eco-system, Citrix Ready showcases select trusted solutions designed to meet a variety of business needs. Through the online catalog and Citrix Ready branding program, you can easily find and build a trusted infrastructure. Citrix Ready not only demonstrates current mutual product compatibility, but through continued industry relationships also ensures future interoperability. Learn more at www.citrixready.com/ready. www.citrix.com 03/11/0012
PA R T N E R Citrix Ready
Citrix® NetScalerTM and Venafi Key and Certificate Management Solution Organizational Benefits Achieve on-going encryption and key management best practices: • Enhance security • Reduce operational complexity • Reduce regulatory and compliance risks • Increase overall network and operational performance
Expanding complexity of enterprise certificate and key management Data is the new currency and when sensitive information is lost or compromised, organizations often pay a heavy price. A steady stream of high-profile security breaches and data losses have cost organizations millions in revenue and lost customer and investor confidence. Today, nearly every enterprise application and IT system has been encryption key and certificate enabled. While this delivers greater security capabilities than ever before, the complexity of utilizing this encryption capability has created a significant increase in security and operational risk and degradation in network and application performance When data is protected by securing it with an encryption key, the key becomes the data and is the thing that must be protected. If the key is not well managed, the risk of data loss or theft increases significantly. Certain key types, based on the encryption algorithms or key length, have been cracked and compromised. The government agency NIST has concluded that 1024-bit encryption keys are vulnerable and pose a security risk, and should be migrated and upgraded to the stronger, 2048-bit keys. However, this process of migrating and upgrading poses significant operational complexities as well as significant network and application performance challenges. Organizations are faced with finding and identifying thousands of encryption keys across vast disparate IT environments and infrastructures. Once an inventory is established they then are faced with the significant operational burden of migrating weak keys to recommended 2048 bit keys and ensuring this process took place as planned without and impact on critically system availability. In addition, it is estimated that the computing power necessary to process and manage SSL sessions utilizing recommended 2048 bit keys is approximately 5x that of 1024 bit keys. This places a significant and costly burden on network and application resources. Organizations need to identify and eliminate systemic, unquantified and unmanaged security, operational and compliance risks associated with deprecated 1024-bit RSA encryption keys. They also need to reduce operational complexity and enhance network and application performance related to migrating 1024-bit keys to recommended “Acceptable” 2048-bit encryption keys.
Proven interoperability of Venafi and Citrix Venafi and Citrix have partnered to create a turnkey certificate and key management solution that eliminates enterprise risks associated with Key and Certificate management while also enhancing network and application performance. The result is improved security, compliance and operational efficiency. Venafi works intricately with the SSL offloading, Citrix Access Gateway Enterprise Edition (SSL VPN) and Application Firewall features integrated in Citrix NetScaler. NetScaler has been tightly integrated with Venafi for automated key generation and certificate distribution.
www.citrix.com
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
Administrators can set up NetScaler hardware and virtual appliances to work closely with Venafi in the generation of keys, configuration of certificates, provisioning and installation of these on NetScaler. With Venafi and NetScaler, organizations can scale encryption deployments and management functionality across the enterprise. Venafi support and manages hundreds of thousands of keys and certificates at many of the world’s most prestigious Global 2000 organizations while NetScaler powers over 10 gigabits of SSL traffic per appliance with 2048 bit keys. • Enable rapid migration from 1024 bit keys to 2048 across the IT infrastructure – Venafi has the certificate inventory – Venafi provides automated replacement of keys – Venafi can enforce 2048 policies / compliance • Improve performance by offloading SSL certificates to NetScaler devices – Expand NetScaler platforms to enable 2048 compliance without degrading performance – Venafi integration with NetScaler enables automated deployment of certificates to NetScaler from other systems
Director Certificate Manager and Citrix NetScaler Capabilities Venafi Encryption Director™ Certificate Manager™ (Director Certificate Manager) enables organizations to rapidly develop an accurate certificate inventory and identify security and operational risks. Additionally, organizations can quickly evaluate their compliance with corporate and regulatory policies and establish a concise methodology to ensure compliance through controls policy based workflow and automation capabilities. Citrix NetScaler is an all-in-one web application delivery appliance. Deployed in front of weband app-servers, NetScaler is a purpose-built hardware platform, also available as virtual appliance on VMware ESX, Citrix XenServer and Microsoft Hyper-V hypervisors, that includes high-speed content switching and application acceleration, content caching, SSL acceleration, web application firewall, network optimization, and application performance monitoring. NetScaler helps an organization quickly deploy scalable and available internet-facing applications, while reducing total cost of ownership, optimizing the user experience, and ensuring security of applications. Director Certificate Manager and Citrix NetScaler provides out-of-the-box automated management and network performance capabilities that eliminate unquantified and unmanaged risk and enhance operational efficiencies: • Develop an inventory: Remove guesswork and get a clear picture of your encryption landscape through automated discovery. Rapidly identify where risk exists and take action. • Discover weaker, 1024-bit keys and quickly migrate thousands of certificates or CAs to 2048-bit keys and provision new certificates rapidly with one-click replacement functionality. • Convert application based keys and certificates to Citrix NetScaler for increased network and application performance. • Monitor certificate expiration: Alert administrators before problems wreak havoc in your environment, escalate if timely action is not taken.
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
• Reduce private key access: With secure and automated remote generation and provisioning of keys and concise separation of duties, you can minimize private key access. Ensure that those with knowledge of a key’s credential do not have access to the stored key. • Get compliant: Compare assets to standards and measure reality versus objectives. With policy-based automated enrollment and provisioning, ensure that mission-critical encryption assets meet the standards you must comply with, while reducing administrator workload.
Admin(s)
Separation of duties for cert and key mgmt operations
CA(s) Automated certificate enrollment to one or more Cas
Director Approver(s) Dual control through enforcement of one or more approvals
Director
Automated provisioning to one or more devices, including non-Citrix systems with same key
Automated management operations: • Certificate discovery • Key pair/CSR generation • Certificate installation • Private key provisioning (where applicable) • CA certificate provisioning • Certificate/key extraction • Monitoring and validation • One-to-many distribution • Optional workflow gates for required approvals
Venafi Director Certificate Manager and Citrix NetScaler Integration
Apache IIS Java and iPlanet
Tealeaf Compuware
Customers
Venafi and Citrix Implementation Scenario
Solution Brief | Citrix Ready and Venafi
PA R T N E R Citrix Ready
Conclusion With Venafi Encryption Director and Citrix NetScaler, you can ensure that your encryption systems provide the security they are designed to deliver while at the same time reducing operational risk and administrative workload with improved application and network performance. Secure your organization and improve operational computing with Director Certificate Manager and Citrix NetScaler today and dramatically minimize your risk profile. Learn more at http://www.citrix.com/ready/partners/venafi.
Worldwide Headquarters Citrix Systems Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309, USA T +1 800 393 1888 T +1 954 267 3000 www.citrix.com
Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen, Switzerland T +41 52 635 7700
Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central, Hong Kong T +852 2100 5000 Citrix Online Division 6500 Hollister Avenue Goleta, CA 93117, USA T +1 805 690 6400
PA R T N E R Citrix Ready
About Citrix Ready Citrix Ready identifies recommended solutions that are trusted to enhance the Citrix Delivery Center infrastructure. All products featured in Citrix Ready have completed verification testing, thereby providing confidence in joint solution compatibility. Leveraging its industry leading alliances and partner eco-system, Citrix Ready showcases select trusted solutions designed to meet a variety of business needs. Through the online catalog and Citrix Ready branding program, you can easily find and build a trusted infrastructure. Citrix Ready not only demonstrates current mutual product compatibility, but through continued industry relationships also ensures future interoperability. Learn more at www.citrixready.com/ready. www.citrix.com 03/11/0012
