Product Documentation

NetScaler Essentials for the Public Sector

Jan 12, 2017

Offering gateways to analytics, Citrix NetScaler, like a Swiss Army knife, supplies a utility appliance to a public sector network. Not only does NetScaler provide essential federal functions, like FIPS 140-2 Level 2 compliance and smart card authentication, NetScaler reduces hardware needs, eases configuration, provides a more secure gateway, and improves analytics and monitoring.

NetScaler provides two main federal specific features to improve smart card authentication and to help make earlier web applications FIPS 140-2 Level 2 compliant.

Improving Smart Card Authentication

You can use NetScaler to improve smart card authentication by delivering a seamless single sign-on experience when you place NetScaler in front of a XenApp or XenDesktop environment. NetScaler reduces the number of times a user needs to enter a PIN by validating the user’s certificate, checking the certificate against an Active Directory account, and then ultimately passing the connection through to the Web Interface or StoreFront. Subsequently, NetScaler replays any request for credentials, or more specifically the client certificate and PIN, to maintain a single sign-on experience.

Making Earlier Web Applications FIPS 140-2 Level 2 Compliant

NetScaler also can make earlier web applications smart card–enabled without the need for recoding or reprograming. You can use NetScaler as a front-end reverse proxy that enforces smart card authentication. Using a FIPS module also provides FIPS 140-2 level 2 compliant encryption.

If an organization is still using Citrix Secure Gateway or Access Gateway with their Citrix environment, they can replace it with a FIPS-enabled NetScaler MPX appliance in order to be FIPS 140-2 Level 2 compliant.

Additional NetScaler Features

By using modules, you can configure the features in a NetScaler MPX appliance as if the appliance were software. For example, the NetScaler appliance has a module that enables you to configure features like application firewall as if NetScaler were software.

NetScaler, when configured as an access gateway to XenApp or XenDesktop, also provides additional analytics within the ICA sessions by leveraging HDX Insight. You can detect what users are doing inside the ICA session all the way down to virtual channels, such as video, voice, keystroke, mouse clicks, and so on. Also, NetScaler can push out session data to commonly used monitoring tools in the public sector, such as SPLUNK and Solar Winds.

An added benefit of using NetScaler is the reduction of hardware needed to accomplish certain tasks like load balancing. NetScaler offers load balancing for local and global servers and services, as well as features like application firewall— in the same appliance. For example, if you place a NetScaler appliance in front of a ShareFile farm, you can load balance locally and globally, authenticate users with a smart card, and set up the application firewall policies all in the same appliance.