Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick ('s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

Courtesy of our Citrix Authorised Support Centre status I spent 2 days last week covering the Access Gateway and Advanced Access Control with the Product Readiness Team in Dublin.

What was quite illuminating from my (Citrix Focused) point of view was that we also managed to drag in one of our Security Consultants so that we could get more independent view on it's capabilities. The reality of it from his point of view is that he is quite amazed that we still need two devices to hang this all together, as he's comparing this directly to offerings like Connectra and Nokia, etc. where the entire system sits on a hardened(?) device in the DMZ. (Although in the Connectra example I believe you can "roll your own"?)

When you step back and think about it, this is all about bringing together two different products that have clearly been on opposite sides of the fence.

On the one hand you have the Net6 Product that grew up expecting to live and breath in the DMZ and so started life as a  hardened appliance based on a Linux Kernel and is now expected to supplant the Citrix Secure Gateway, or at least provide enough advantages that people will buy it rather than continue to install CSG/WI

On the other hand we have Citrix's purchase of Sequoia, way back when, that appeared to metamorphosis in to NFuse Elite, then MetaFrame Secure Access Manager (MSAM), and now (after a dozen name changes....) in to Advanced Access Control. This has piece of the puzzle has been a long time developing in to the product that it is today, but essentially is based around a Win32 platform, even in it's earlier MSAM iteration it always needed .NET and J#, etc.

Now that we've covered the fact that both halves of this product set are set in different Platforms it's not hard to see why Citrix end's up needing two devices to make it work. The unfortunate thing is that the product is now going to have to be much better than anything else if it's going to win converts from the Security side above and beyond Citrix users.

I am now starting to see where all the extra little buttons and check boxes in the CMC regarding workspace control and access via MSAM start to tie in to this, and how this can bring a very real benefit to any large implementation of Citrix that needs serious access.

Still, that's how it is currently with Access Gateway and Advanced Access Control version 4.1.2, iForum 2005 in Vegas is coming to a close today, and we *may* only be a week away from the release of 4.2.
(Although I believe it might have been delayed by another product for some reason, we'll see...)

Posted on Wednesday, October 12, 2005 5:16 AM Citrix , IT Management , Real Cool Stuff , Security | Back to top

Comments on this post: Thoughts on Citrix Access Gateway and Advanced Access Control (AG & AAC)

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Dave Caddick | Powered by: