Access Gateway VPX 5.0 NEW!

Access Gateway VPX 5.0 is a virtual appliance for Citrix XenServer or VMWare ESX/ESXi that provides secure access to virtual desktops, applications and data while allowing users to work from anywhere. It offers the same capabilities as an Access Gateway physical appliance (Model 2010) while giving greater flexibility and more deployment options to IT administrators. Access Gateway VPX is the best choice for organizations who need to rapidly provision secure access, reduce infrastructure requirements, and minimize power consumption.

New Features
Some of the key new features available in Access Gateway version 5.0 include:

• Access Gateway VPX for VMWare ESX/ESXi — Access Gateway VPX running on VMware ESX and ESXi hypervisors allows organizations to leverage their existing server virtualization investments and provides additional deployment flexibility.
• Simple and Intuitive Administration — Access Gateway 5.0 uses a new Flash-based administration tool for the appliance that makes it easy to install certificates, configure access control and monitor activity from any Flash-enabled web browser.
• Basic High Availability support for Model 2010 and VPX appliances — Two Access Gateway appliances can be configured as a failover pair. The appliances operate in active/passive mode, with the primary appliance servicing all user connections and the secondary appliance monitoring the primary and synchronizing session information. If the primary appliance fails, the secondary appliance takes over.
• Variable Logon Points — Each Access Gateway appliance can host multiple logon points for support of different features or different user communities. Basic logon points enable unlimited logins for secure access to Citrix XenApp and XenDesktop only and are enabled by the free Access Gateway platform license; SmartAccess logon points enable rich access control features such as network-layer VPN, endpoint analysis, clientless access to web sites and file shares, and adaptive access control.
• Endpoint Remediation — When users fail to access the system because of a failed endpoint analysis scan, you can provide a customized HTML message informing them of why they failed and what steps to take for remediation.
• Improved architecture — Significant updates have been made to the appliance firmware and Access Controller web services in this release to improve the overall performance, stability and feature set of Access Gateway.

Important Licensing Changes
Platform License Required
Each appliance running Access Gateway 5.0 requires a platform license in order to function. Without the platform license installed, the gateway will not allow logins after a 48-hour grace period. Platform licenses are delivered electronically when an appliance is ordered. If you have an existing Access Gateway Model 2010 appliance covered by Warranty, you can obtain your Access Gateway Platform License using the Upgrade My Products toolbox on MyCitrix.
User Licenses Optional
The required Access Gateway platform license enables unlimited logins through Basic logon points. Each concurrent login to a SmartAccess logon point requires an Access Gateway user license. Access Gateway Standard Edition or Access Gateway Universal licenses may be used for this purpose.
Subscription Advantage Eligibility Date
To use your existing Access Gateway licenses with this version, the Subscription Advantage on those licenses must be valid on or after September 1, 2010.
Supported Platforms
Access Gateway 5.0 is supported only on the following appliance platforms:

• Access Gateway Model 2010
• Access Gateway VPX

AppSense News - User Rights Management is released today (AM and AMC 8.1)

Application Manager 8.1 and AppSense Management Center 8.1 have been release today on the AppSense web site.

Visit  myAppSense on  http://www.appsense.com/    to download the 8.1 releases of these two products. Performance Manager and Environment Manager are still on version 8.0.759.0 and 8.0.905.0 respectively.

The changes can be found in the release notes of AM and AMC. But the major change of note is the User Rights Management in Application Manager that we presented at the last event. The ability to make all users non administrators and elevate their rights to administrator for certain applications. I encourage you to have a play with this exciting new feature as it generated quite a bit of interest at the last event.

Application Manager 8.1

Application Termination

·    Enables Application Manager to shutdown running applications based on several triggers such as IP address change, a change to connecting device and change to configuration meaning that any application that is now prohibited that is running will be shutdown with various options to prevent loss of work.

Process Rules

·    Moving Trusted Applications into the rules structure and giving Application Manager an application centric edge by allowing network restrictions to be based on the application itself rather than by user, groups and devices, etc.

Application Groups

·    We have removed Signature Groups and Network Connection Groups and created Application Groups which give the ability to group any kind of rule item in a central library that can then be applied to our rules.

Disengaging functionality

·    Now you can turn off particular functionality from within AM, for example if you only want to control network access, you can disengage other areas such as Application Access Entitlement or User Rights Management, and leave ANAC enabled. Should you only want to enable User Rights Management then simply disengage the other areas.

User Rights Management

·    Elevation of user privileges for running applications: Allow an administrator to specify the applications run with administrator privileges. The user does not need an administrative account but is able to run specific applications with administrative privileges as defined by the Application Manager administrator.

·    Elevation of user privileges for running Control Panel applets: Many roaming users need to install printers, wireless networks, some users need to be able to change network and firewall settings, even simple tasks like changing the time & date, add / remove programs require Control Panel applets to be run as an administrator. User Rights Management can elevate privileges for individual applets, meaning a non administrator standard user can still make the changes they need to do their job.

·    Reducing privileges to restrict application rights: Allow an administrator to specify the applications run with reduced privileges. The user has administrator privileges by default, but is forced to run specific applications as non-administrator. Reducing rights can be a better option to removing administrator rights across the board and can mean a phased roll out. By running certain applications as an administrator, for example Internet Explorer, the user is able to change many undesirable settings, install applications and potentially open up the desktop to the Internet. User Rights Management can restrict an admin level user into running IE in a standard user mode, safe-guarding the desktop.

·    Reducing privileges to restrict access to system settings: Preventing an administrator from carrying out certain tasks can be advantageous. User Rights Management will give a higher level system administrator the ability to stop an administrative user from altering settings that they should not change. This could include firewall settings or to prevent the stopping of certain services. User Rights Management would take a user that has administrative privileges and reduce those privileges for certain processes. Although the user has administrator rights, the system administrator retains control of the environment.

Management Center

Membership Rules

·    Enabling the ability to provide dynamic rules where you can specify the criteria that determine automatically what deployment groups your machines join, items such as NetBIOS name, Active Directory information including Active Directory Security groups can be used to discover and add machines to deployment groups.

·    Console Integrated CCA installation

·    The functionality of the previous “CCA deployment tool” has now been integrated into the Management Console. This enables you to install the CCA from the Deployment Group’s computer page.

Computer Visibility

·    Giving the administrator visibility into how well the deployment of configuration and agents is going, how many computers are currently offline and what alerts processed.