Defend hidden mobile web properties

Download as PDF

Is your mobile micro app concealing a complex web property?

We've all used mobile apps to check the weather, stocks and news or to interact via social media while on the go. These apps help to make smartphones and tablets compelling and content rich.

Mobile web properties

The mobile web doesn’t just exist in your smartphone or tablet’s browser— there’s also an invisible but critical layer at the back end that powers mobile app services from content delivery to networking and collaboration. A micro app on a mobile device typically serves as the entry point to a web property.

Web properties consist of one or more of the following: traditional websites, web apps for cloud and enterprise, software as a service (SaaS) apps and mobile app backends. Web properties increasingly involve a virtual supply chain that integrates numerous services from multiple providers of content, authentication, advertisements, social media and collaboration. These web properties use technologies that range from simple HTML and HTTP for content delivery and WSDL and XML for supply chain integration, to mutually authenticated SSL for trusted collaboration and complex APIs for interoperability.

Figure 1: Did you know that many mobile micro apps are simply a front end to a complex web property?

Mobile web property example

Let's use a simple weather app to illustrate the complexity involved in today's mobile web properties.

Figure 2: Weather app and mobile web properties

Starting with the app on the device, people want to be confident that the information provided is current and accurate and response time is acceptable. With a designed-for-mobile look and feel, a mobile micro app sets expectations that it will perform the same as other native mobile apps—with seemingly instant gratification. And if gratification isn’t instant, users move on to the next app, right?

User privacy must also be respected, with location services only available to apps approved by the organization and to their web property providers. If you’re getting an ad for sunscreen, it likely means the provider knows you’re in a sunny location.

The user’s organization, which is making the app available to enhance productivity and convenience, is concerned about preventing compromise of the mobile device through vectors such as malicious ads by the external services that feed the app.

The mobile web app provider has similar concerns, needing to satisfy the application user as well as control delivery of content and services across an increasingly complex supply chain that integrates multiple sources. The mobile weather application factors in user location, preferences and acceptance of terms of service, and provides connectors to advertisements, social media and SMS. On the backend, sensors and data feeds need to be checked for availability and updates, as well as to ensure integrity against compromise. And, while meteorological information is usually not considered critical, there are times when its accurate and timely delivery is essential (Fig. 3).

Figure 3: Emergency alert: Hurricane warning

Now that we’ve talked about the weather, let’s consider the additional requirements for mobile micro apps that handle sensitive data.

Mobile micro financial applications with one-click access to a substantial amount of personal net worth and healthcare micro apps that display the results of lab work and clinical visits are great examples of the need for strong transaction protection. Similarly, enterprise applications for time and billing, purchase approvals and line of business functions, which are increasingly being refactored to run as mobile micro apps, have similar security and privacy needs.

The user’s organization, which is making the app available to enhance productivity and convenience, is concerned about preventing compromise of the mobile device through vectors such as malicious ads by the external services that feed the app.

The mobile web app provider has similar concerns, needing to satisfy the application user as well as control delivery of content and services across an increasingly complex supply chain that integrates multiple sources. The mobile weather application factors in user location, preferences and acceptance of terms of service, and provides connectors to advertisements, social media and SMS. On the backend, sensors and data feeds need to be checked for availability and updates, as well as to ensure integrity against compromise. And, while meteorological information is usually not considered critical, there are times when its accurate and timely delivery is essential (Fig. 3).

To summarize the needs for protecting and optimizing mobile web properties:

  • Enterprise policy control is essential for organizational management of mobile apps—especially for BYOD users.
  • User experience must be superior and app response time near instantaneous to entice and retain users.
  • Security and privacy must be protected and respected.
  • Web application owners require visibility, orchestration and enhanced delivery across the entire virtual supply chain.

Solution overview

Micro mobile apps are proliferating in business scenarios as more employees bring personal devices to the workplace. To meet the diverse performance, management and security requirements for successfully delivering mobile applications, Citrix recommends enterprises employ a combination of Citrix XenMobile and Citrix NetScaler. While XenMobile provides a strong foundation of essential mobile device and application management capabilities, NetScaler delivers a high-performance user experience, additional layers of security and privacy protection and guaranteed availability for key solution components—including the XenMobile infrastructure itself.

Thinking back to our weather app example, there are several opportunities to optimize, secure and otherwise enhance the end-to-end solution using NetScaler and XenMobile.

Figure 4: User/Device side with XenMobile

Mobile device and application management...and beyond

XenMobile provides a revolutionary way to mobilize your business. With XenMobile, employees, customers and constituents get the mobile device, app and data freedom they desire—to access any resource they need or want from any device at any time—while IT gains the management and security capabilities necessary to maintain control, protect corporate assets and demonstrate compliance. Integration with NetScaler unlocks further advantages, such as the ability to avoid risky network-level tunnels when enabling remote access to backend services and components.

Key capabilities include:

  • Enterprise mobility management including full MDM (mobile device management) and MAM (mobile application management) is enabled through XenMobile, along with a unified app storefront that supports your organization’s complete portfolio of mobile, web, SaaS and Windows apps/desktops, plus Citrix ShareFile data resources.
  • Mobile app networking combines the protection of SSL with micro VPN capabilities to provide an application-specific VPN for each desired application. Networking policies and protections are configured to be specific to the application and remain completely transparent to the user. Accessing an app is simply a matter of clicking on the corresponding icon.
  • XenMobile apps (formerly Worx apps) are MAM-enabled Citrix and partner applications that run in managed containers on the device, with enterprise policies configured for use of device features, location services, security and networking. Citrix applications include Secure Mail for managed mobile enterprise email and Secure Web for secured browsing and simple one-click access to company Intranet applications from mobile devices. Xenmobile apps are enterprise ready with security, policy and provisioning managed by XenMobile.
  • Mobile application connectivity and networking services for XenMobile are protected and extended for seamless mobility with NetScaler. NetScaler Gateway provides micro VPN and WorxWeb connectivity, along with Single sign-on (SSO) access to all enterprise-managed web and SaaS apps.

Always on, always fast

While XenMobile extends coverage to mobile devices and the front end of the mobile micro app, NetScaler takes care of the network and backend components of your mobile web solutions. The first way it does this is by ensuring high availability of backend infrastructure and the downstream chain of web property resources, while accelerating performance.

For example:

  • NetScaler provides robust load balancing and global server load balancing (GSLB) to mitigate component- and site-level outages, respectively, while minimizing app response time through proximity and geolocation-based service delivery.
  • Denial of service (DoS) attack protection, including DDoS (distributed denial of service) mitigation, is enabled at the connection, network and application layers.
  • SSL encryption, used to secure all untrusted communication paths, is hardware accelerated.
  • SurgeControl is available to regulate traffic surges during peak server load events, such as epic storms.
  • DataStream inspects and optimizes SQL traffic, performing context-based traffic management.
  • Support for SPDY and MPTCP protocols (multipath TCP), along with an extensive portfolio of caching and compression features, accelerates traffic to mobile browsers for a greatly enhanced user experience.

Robust security and privacy protection

The supply chain is privacy- and security-enabled, and also monitored for regulatory compliance.

Key capabilities include:

  • A web app firewall integrated in NetScaler protects dynamic content and session information while thwarting highly customized threats, including SQL injection and cross-site scripting (XSS) attacks.
  • XML data feeds from sensors are scrubbed using the XML firewall features in NetScaler.
  • HTTP Rewrite and Responder are configured on a per-service basis to provide custom request/response policies and error messages, and to format third-party content to specific application requirements, such as listing a sensor as “down” instead of showing internal error codes.
  • Supply chain management and administration are strongly authenticated, enabled for enterprise directory solutions and SAML and secured for remote access through NetScaler Gateway.
  • Content is inspected for advanced malware via integration with Citrix Ready security products from third parties.
  • For highly regulated security environments, such as financial services and healthcare organizations, additional NetScaler features provide PCI DSS configuration management and reporting, as well as certificate-based authentication.

Visibility and cloud readiness

Providing visibility and secure, optimized delivery across the entire virtual supply chain and aligning with business-driven cloud migration initiatives require a fully cloud-ready solution. In this regard, NetScaler is not only cloud deployable, but also facilitates hybrid cloud configurations and exhibits core characteristics of cloud solutions, including elastic scalability, programmability, adaptability and support for multi-tenancy.

Key capabilities include:

  • NetScaler ActionAnalytics enables fully automated monitoring and response to degraded performance conditions, while NetScaler Insight Center provides administrators with in-depth visibility to help identify and remedy emerging issues before they become full-blown problems.
  • As a full-featured, software-only implementation, NetScaler VPX provides the flexibility to implement essential application delivery capabilities on demand, anywhere within either the enterprise or a third-party cloud datacenter.
  • NetScaler SDX provides a multi-tenant platform for hosting disparate applications, partner solutions and cloud services.
  • NetScaler SD-WAN enables cloud bursting, providing a secure, high-performance solution to extend enterprise mobile web apps into the cloud whenever additional capacity is required. Because mobile apps are updated very frequently, the solution can be configured with instant failover and rollback capabilities to handle app upgrades that gain favorable review and quickly move to another version when mobile app upgrades don’t go as planned.

Conclusion

Mobile micro apps often rely on backend web infrastructure, sometimes involving a complex chain of disparate datacenter- and cloud-based resources. Protecting and otherwise delivering such apps, therefore, is not simply a matter of providing security and ensuring usability on mobile devices. Considerable attention must also be paid to optimizing performance over the network and ensuring the availability, scalability and security of all the other components hiding behind the scene. The combination of XenMobile and NetScaler offers enterprises an ideal solution that not only incorporates a comprehensive set of MDM and MAM features but also complements them with a market-leading, cloud-ready suite of capabilities for optimizing mobile web app performance, availability and security.