Most VDI customers running Citrix XenApp, XenDesktop, or NetScaler are dealing with sensitive data, and breaches of security are a potentially crippling liability. While XenDesktop has some advanced security features available—such as AES encryption and an optional password manager—the root of the problem remains: user passwords.
Dual factor authentication is one solution to the problems caused by weak passwords, phishing, and password theft. For those who don’t know, logging into a system with dual-factor authentication requires something you know (a password) and something you have in your possession—usually a hardware or software token.
Enter the new wave of security.
When dual-factor authentication is enabled on a VDI system, users have to enter their Windows password normally, and then provide a unique passcode that can be generated by a smartphone app or small keychain device, sent to the user as a text message, or even generated using a sheet of codes printed on a piece of paper that is called a PIN/TAN sheet. Without both the password and the unique passcode generated by the token, attempts to login to your VDI will fail.
Yes, I know what you are thinking: it is a bit like those old cereal box decoder rings. Of course, dual factor authentication is the 21st century version: open standard encryption algorithms specifically designed for one-time-use passwords have replaced simple character substitution.
What does it cost to implement?
Traditionally, most dual factor authentication systems have been expensive software/hardware combinations. The costs of tight security are high—currently, about £45 – £110 per user. For a University or business with 100 or 1000 users, costs add up fast. That is why we are excited about the new software solution called SMS2.
SMS2 is an open standards security platform that enables two-factor authentication for all users of XenDesktop, XenApp, or any RADIUS compliant VDI solution, and it is available completely free of charge.
SMS2 works with a wide variety of hardware tokens, such as the OTP series from security specialist Feitian. This cross-compatibility allows you to avoid pricier token models.
SMS2 is Citrix Ready.
Besides cutting costs in a major way, SMS2 is modular and based on open standards, so it can integrate with a variety of VDI systems. It is also verified as “Citrix Ready” for use with XenApp 6.5 and NetScaler Access Gateway.
WrightCSS, the company behind SMS2, is a member of the Citrix Partner program, and offers premium support for those who desire them. They offer a complete set of services around SMS2 including system setup, customization, and training to get any IT organization prepared to maintain SMS2.
SMS2 is fully tested and officially supported on Citrix XenApp, XenDesktop, Access Gateway, and NetScaler systems, and can be downloaded for free at the WrightCSS website.
Search the Citrix Ready Catalog here
Join the Citrix Ready Program here