Citrix MetaFrame Password Manager 2.5 Codename – “Andros” Release Date – May 24, 2004 (projected)

Published byHilda Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "Citrix MetaFrame Password Manager 2.5 Codename – “Andros” Release Date – May 24, 2004 (projected)"— Presentation transcript:

1 Citrix MetaFrame Password Manager 2.5 Codename – “Andros” Release Date – May 24, 2004 (projected)

2 What is MetaFrame Password Manager? Single Sign-On solution for: –MetaFrame Presentation Server Deployment –Desktop Deployment –Mixed Deployment (MetaFrame Presentation Server + Desktop) User only needs to remember primary credentials Handles all secondary logons and password change requests automatically End users and administrators can configure applications using an easy-to-use wizard Central administration and control Meets all traveling/mobile user needs

3 Password Manager Components

4 Password Manager Architecture

5 Password Manager Components Agent –Provides SSO to Windows, Web, and Host applications –User logs in once to Agent, and Agent seamlessly logs user into all other configured applications –Co-located with applications

6 Password Manager Components Admin Console - administrative component used to configure: –Application Definitions Defines how the Agent will identify and supply credentials for applications –Password Generation Policies Set of rules that define the structure for an auto-generated password –Password Sharing Groups Keeps stored passwords for applications that share credentials in sync –Agent Settings Sets behavior and functionality of Agent –Synchronization Push configurations to sync point for Agents to pick up –First Time Use Wizard Create user questions and “bulk-add” applications

7 Password Manager Components Remote Credential Store (Synchronization Point) –Active Directory or network file share –Centrally stores user credentials, application definitions, first time use configuration, and admin overrides –Admin Console pushes configurations to sync point –Agents pull configurations from sync point and push user credentials to sync point License Repository –Active Directory or network file share –Stores Manager Password Manager licenses –Setup is required before Admin Console can be used

8 Agent Deployment Options Agent is only installed on MPS machines = MPM Agent DesktopDesktop Agent is only installed on client machines Pure Client Deployment Provides SSO only to local applications Pure Client Deployment Provides SSO only to local applications Agent is installed on both MPS and client machines DesktopDesktop DesktopDesktop MPSMPS MPSMPS Pure MetaFrame XP Deployment Provides SSO only to MetaFrame applications Pure MetaFrame XP Deployment Provides SSO only to MetaFrame applications Mixed Deployment Provides SSO to MetaFrame applications and local applications Mixed Deployment Provides SSO to MetaFrame applications and local applications

9 Citrix MetaFrame Password Manager 2.5 New Features Codename – “Andros” Release Date – May 24, 2004 (projected)

10 Citrix MetaFrame Password Manager 2.5 - Release Theme Theme: “Broadening Support” Goals: –Increase the addressable market Novell customers German/French/Spanish/Japanese languages Certificate based smart cards –Maintain Market Momentum Timely release after MetaFrame Password Manager 2.0 –Implement new Citrix branding

11 New Features – Novell Support MPM 2.5 can be used with Novell’s GINA –Primary authentication against Novell eDirectory –eDirectory is not supported as a credential store Netware file share support –Allows use of Netware file share for central credential store –New CtxNWFilePrep.exe utility Establishes directory structure and privilege/trust set

12 New Features – Novell Support Most Citrix/Novell customers use ZENworks’ Dynamic Local User (DLU) feature –Windows Username and Password must match Novell Username and password. –Enable Volatile User – to remove user credential upon exit. –Synchronizes user’s Novell and local NT user passwords, so user doesn’t have to enter two passwords

13 New Features – Multi-factor Authenticators Enhanced support for smart cards, tokens, biometrics, and proximity devices: –Support for user certificate-based (X.509 PKI) network authentication –Re-authentication via workstation lock (secure attention sequence Ctrl+Alt+Del) which reverts to the network authentication GINA

14 New Features – Multi-factor Authenticators Product testing with an ever-growing list of vendors (14 announced on March 23) –Smart cards: ActivCard, Axalto (Schlumberger), GemPlus, LOGICO, Netmaker –Biometrics: BioNet Systems, EKey, Identix, SAFLINK, Integrated Biometrics –Tokens: RSA, Secure Computing, VASCO, CRYPTOCard, Aladdin, PassGo –Proximity: Ensure Vendor participation via a Security Partner program

15 New Features – Extended Application Support Java and Active X based applications –MPM 2.5 introduces support for ActiveX controls, Java scripts and Java applets –Based on difficulty level this may require services from Citrix Consulting Must create both a Web app def and a Windows app def Must export INI file, edit to add new settings, re-import Drop Down Menus –Previously (MPM 2.0), drop-down menus could be handled only via SendKeys or manual selection Send arrow keys or first letter of menu item –MPM 2.5 provides automated drop-down menu selection for Win32 (except.NET) and Web apps

16 New Features – Extended Application Support Improved Terminal Emulation Support –New configuration setting for terminal emulators that don’t write the location of their HLLAPI DLL in the registry e.g. BOSaNOVA Support for Long URLs –Previously (in MPM 2.0), URLs in excess of 256 characters could only be handled by substring matching –MPM 2.5 supports strict matching of very long URLs

17 New Features – Extended Application Support Difficult Applications –MPM 2.5 supports several unusual window characteristics No window title Dynamic (variable) window title Dynamic class name –Examples: Cerner medical apps (no window title or variable title) McKesson PCView32 (dynamic class name) –Substring matching is now available for Win32 apps

18 New Features – Logging Tool Can be enabled when required to collect data on application detection and credential insertion –Intended to help troubleshoot difficult applications –For use by Technical Support or Citrix Consulting Enabled by creating a “Log” registry entry –HKLM\Software Citrix\Metaframe Password Manager\Log –Provides agent logging No security-sensitive data is written to the log

19 New Features – Improved End User Interface Confirmation of Agent Detection –End users are now asked to confirm if the agent properly recognized the login fields and submit button –Prevents users from incorrectly configuring the agent –Directs them to their administrator for more complex applications

20 New Features – Improved End User Interface Improved Identity Verification –MPM 2.0 Default question: Enter generic answer. Likely to cause user confusion –MPM 2.5 Default question: What is your identity verification phrase? Minimum length of response to default question increased from 8 to 12 characters for improved security New admin option to eliminate default question if one or more other questions have been defined

21 New Features – Improved End User Interface Identity Verification UI –Better end user description –New default verification question. –Default answer now 12 characters

22 Improved UI for Identity Verification

23 New Features – Policy Enforcement Enforcement of password policies now extended to manual password change –MPM 2.0 only allowed this for auto-generated passwords –Invalid password results in error message:

24 New Features - New Agent Settings Forced Credential Storage –Disable ability for end user to opt out of submitting credentials to Password Manager for applications with existing definitions Yes/No/Never dialog box is skipped, taking user directly to the credentials entry screen Show Tray Icon –Enable/Disable agent icon that appears in the taskbar –Example usage: Admin decides to hide systray icon for agents deployed on MetaFrame Presentation Server Result is that end user sees only one MPM icon, for the agent running on his own local machine

25 Integration with MetaFrame Presentation Server 3.0 Location of central store can be specified per user –Note: Can also be specified in HKCU (for customers not using MPS 3.0) –Different groups of users can have different settings by using multiple file shares –Large organizations can distribute users across multiple file shares MPM can be enabled/disabled per user –Allows for staged roll-out without having to publish each application twice

26 Performance Improvements MeasurementMPM 2.0MPM 2.5 Insertion impact (AD) Windows 20007.5%2.6% Insertion impact (FS) Windows 20007.5%5.0% Agent response – Win32 app (AD)1.00s0.11s Agent response – Win32 app (FS)0.64s0.51s Network Bandwidth Utilization (AD)130 KB96 KB Network Bandwidth Utilization (FS)50 KB32 KB Preliminary figures (March 2004), taken on a Presentation Server at 65% utilization with std. synchronization and a roaming profile:

Download ppt "Citrix MetaFrame Password Manager 2.5 Codename – “Andros” Release Date – May 24, 2004 (projected)"

Similar presentations

Similar presentations

automated single login access to Novell storage resources

automated single login access to Novell storage resources
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Ads by Google