External Guest Firewall Integration for Juniper SRX (Optional)

To achieve the above purposes you must set up fixed configurations for the firewall. Firewall rules and policies need not change as users are provisioned into the cloud. Any brand of hardware firewall that supports NAT and site-to-site VPN can be used.

14.5.2.External Guest Firewall Integration for Juniper SRX (Optional)

Note

Available only for guests using advanced networking, both shared and isolated.

CloudPlatform provides for direct management of the Juniper SRX series of firewalls. This enables CloudPlatform to establish static NAT mappings from public IPs to guest VMs, and to use the Juniper device in place of the virtual router for firewall services. You can have only one Juniper SRX device per zone. This feature is optional. If Juniper integration is not provisioned, CloudPlatform will use the virtual router for these services.

The Juniper SRX can optionally be used in conjunction with an external load balancer. External Network elements can be deployed in a side-by-side or inline configuration.

For more information, see the Administration Guide.

CloudPlatform requires the Juniper to be configured as follows:

Note

Supported SRX software version is 10.3 or higher.

1.Install your SRX appliance according to the vendor's instructions.

2.Connect one interface to the management network and one interface to the public network. Alternatively, you can connect the same interface to both networks and a use a VLAN for the public network.

3.Make sure "vlan-tagging" is enabled on the private interface.

4.Record the public and private interface names. If you used a VLAN for the public interface, add a ".[VLAN TAG]" after the interface name. For example, if you are using ge-0/0/3 for your public interface and VLAN tag 301, your public interface name would be "ge-0/0/3.301". Your private interface name should always be untagged because the CloudPlatform software automatically creates tagged logical interfaces.

5.Create a public security zone and a private security zone. By default, these already exist and are called "untrust" and "trust" zones. Add the public interface to the public zone. CloudPlatformautomatically adds the private interface to private zone (trusted zone). Note down the security zone names.

6.Make sure there is a security policy from the private zone to the public zone that allows all traffic.

7.Note the username and password of the account you want the CloudPlatform software to log in to when it is programming rules.

165

Page 173
Image 173
Citrix Systems 4.2 manual External Guest Firewall Integration for Juniper SRX Optional

4.2 specifications

Citrix Systems, a leading provider of virtualization solutions and cloud computing technologies, released version 4.2 of its popular software, Citrix XenApp, which was previously known as Presentation Server. This version marked a significant evolution in providing users with remote access to applications and desktops, emphasizing simplicity, performance, and security.

One of the standout features of Citrix XenApp 4.2 is its improved application streaming capabilities. This technology allows applications to be delivered to users in real-time, reducing the need for extensive local installations and enhancing the user experience. With application streaming, administrators can efficiently manage applications on a central server while ensuring that users have immediate access to the necessary tools.

Another highlight of this version is the enhanced security measures put in place to protect sensitive data. Citrix XenApp 4.2 includes support for SSL encryption, providing a secure communication channel for data transmitted between the server and clients. This is particularly crucial for businesses that need to comply with strict data protection regulations. Additionally, the integration of endpoint security features ensures that unauthorized access to applications is minimized.

Performance enhancements are also a critical focus in this release. Citrix optimized the delivery of applications over various network conditions, ensuring that users experience minimal latency regardless of their location. This was achieved through the incorporation of SmartAccess and SmartControl technologies, which allow administrators to set policies based on user roles, device types, and network conditions. This level of granularity enables organization-wide security without compromising on usability.

The user experience was further improved with a revamped interface, making it easier for end-users to access their applications and data. Simplified menus, clear navigation paths, and the ability to customize user settings contributed to a more efficient workflow, allowing users to focus on their tasks rather than struggling with the software.

Finally, Citrix XenApp 4.2 was designed to be highly scalable. Organizations of all sizes could deploy this solution to deliver applications efficiently, adapting to their specific needs as their user base grows or changes. This flexibility is crucial for businesses looking to future-proof their IT investments while maintaining optimal performance.

In summary, Citrix XenApp 4.2 stands out with its enhanced application streaming, robust security features, improved performance under varying conditions, user-friendly interface, and scalability, making it an ideal choice for organizations seeking to leverage virtualization for remote access to applications and desktops.