Citrix endpoints just got more secure.
Here is how. Intel launched their Identity Protection Technology (Intel® IPT) in 2012, providing a simple, tamper-resistant method for protecting access to customer and business data from threats and fraud. Intel IPT is now built into all Intel inspired Ultrabook™ devices and the latest business PCs utilizing Intel® Core™ vPro™ processors.
Increased interest in certificate-based authentication brought together Intel and charismathics to seamlessly integrate Intel’s IPT engine with existing certificate based authentication schemes. Charismathics is a leading provider of smart card and PKI based technology based in Germany. The combination provides seamless user experience when compared with regular hardware tokens, smart cards or USB keys and makes it possible to use virtual smart cards with Citrix virtualized applications. You can find out more details at charismathics cssi for-Intel-Identity Protection Technology.
In conjunction with Citrix XenApp and XenDesktop, virtual smart card (or certificate-based) authentication provides unparalleled user convenience and unmatched integrated endpoint security. The combination of Intel’s IPT engine, charismathics widely deployed PKI client software, and Citrix virtualization solutions revolutionizes the integration of endpoint and user authentication .
What this could mean for you?
Smart cards are widely used for providing high security for virtualized environments but they can be a hassle for users and have high associated costs. Just providing and replacing cards can get expensive. Virtual smart cards can significantly reduce these costs and allow more Citrix users to take advantage of the greater security. Sven Gossel, Charismathics CEO, expects a migration not only from physical smart cards but also from one or two factor authentication solutions to the convenience and security of certificate based authentications as IPT technology finds its way into more devices.
Built on the standard PKCS#11 interfaces, the Intel/Charismathics solution provide advanced secure PIN entry, an optional second factor, and PIN management options. And it does away with any accessories that can to be forgotten or needs to be attached – it is just a much simpler way to deal with certificates.
Smart cards represent a relatively expensive security investment. Virtual smart cards provide similar security with increased user convenience and reduced support costs. And the good news is that the organization doesn’t have to completely convert to only virtual smart cards. The charismathics software gives you the option to support both physical and virtual cards. You can pick the “token type” that is good for specific user groups and your specific Citrix product. And charismathic software can be used with nearly all versions of Citrix Receivers.
Want to get started?
The basic charismathics and Intel software you need probably already comes with the computers you are purchasing. So basically you’ll just need to contact your IT integrator or software reseller to upgrade. Or contact charismathics or Intel directly if your company is under maintenance with them. You will find the most relevant answers here: charismathics CSSI Virtual Smart Card FAQs and a product sheet here: CSSI for Intel vPro
Virtually the same configuration steps are required to use virtual smart cards as regular smart cards with your Citrix infrastructure. And Citrix just published detailed guidelines for doing just that here: Configuring Citrix XenDesktop 7.6 and NetScaler Gateway_10.5 for PIV Smart Card Authentication.
Want to see it in action? Attend Synergy
Visit Intel‘s Synergy 2015 stand in the Expo Hall at in Orlando.