Cloud assurance

Cloud resources

Global Citrix cloud infrastructure

The Citrix cloud resources are available around the world in up to 5 regions. Review the resource map below to understand the region coverage for a particular service.

--select--
-or-
--select--
Each Citrix Cloud account is associated with a single home region, customers located anywhere in the world can choose which of the regions shown will be their home region.

Intelligent Traffic ManagementOptimize application routing with network experience metrics.

Available
Unavailable

Citrix has invested in a number of transfer mechanisms to enable the lawful use of data across jurisdictions. In particular:

Pen testing

Citrix Cloud customer penetration (pen) testing

Many organizations are required to validate that their computing environments meet corporate standards for security. Customers of the Citrix Cloud platform are able to run penetration testing against their environment but need to work with the Citrix team to ensure that they are not impacting any other customer.  This section provides information on the requirements and how to coordinate the testing.

The person submitting this notification agrees that (1) any penetration testing will comply with the Citrix Cloud Customer Penetration Test requirements available on the Citrix Trust Center; and (2) they have authority to agree to these terms on behalf of the Customer.

Submit pen test notification

Citrix Cloud customer pen test requirements

This document describes the requirements (“Requirements”) for customers (“you”) to perform penetration tests against your Citrix Cloud services environments. These Requirements are designed to allow you to evaluate the security of your Citrix Cloud environment(s) while preventing harm to other customers or to Citrix, including associated infrastructure, computing environments and data.

All penetration tests must follow the Requirements. Use of Citrix Cloud services will continue to be subject to the terms of the agreement and terms under which you purchased the relevant service. Any violation of these Requirements or of the relevant service terms may result in suspension or termination of your services and legal action as set forth in your agreement. You are responsible for any damage to Citrix Cloud infrastructure (including networks, machines and data) and to any other customers caused by failure to abide by these Requirements or your Citrix Cloud services agreement.

Prior notice

  • To avoid false security alerts and to prevent interruption of your penetration test, you must fill out a Penetration Test Notification Form at least 24 hours prior to the start of any penetration test.

General conditions

  • You may perform penetration testing only of your Citrix Cloud subdomain(s) identified on the Penetration Test Notification Form. 
  • You may not attempt to scan, test or impact any other domain or environment or to access any domain, environment or data that is not yours.
  • You may not perform a denial of service attack, fuzzing or other activity designed to interrupt availability of the service or to access or affect the integrity of data on any computing environment.
  • You may not attempt phishing or other social engineering attacks or insertion of malware or other malicious code into the service.
  • You may not attempt to exploit any vulnerabilities found during testing (e.g., data exfiltration), and activities that could pose risk to Citrix infrastructure, data or other customers must be discontinued once a vulnerability is found.
  • Citrix is not responsible for any impact to your Citrix Cloud computing environment or service levels related to your penetration testing activities. 
  • Citrix reserves the right to respond to any actions on its networks that appear to be malicious and to discontinue or require you to discontinue a penetration test at any time.

Reporting

  • If you believe you discovered a potential security flaw related to the Citrix Cloud or any other Citrix service or infrastructure, you must report it to secure@citrix.com within 24 hours. 
  • You may not disclose vulnerability information publicly or to any third party until you hear back from Citrix that the vulnerability has been fixed.
Cloud availability

Check the health status of Citrix cloud services in real time by clicking here.