1Y0-440 helper - Architecting a Citrix Networking Solution (CCE-AppDS) Updated: 2024

Reference Architecture: Citrix XenDesktop on vSphere

Nutanix has developed reference architecture for Citrix XenDesktop on vSphere. It is part of the Nutanix Solutions Library and is intended for architecting, designing, managing, and supporting Nutanix infrastructures. Consumers of this document should be familiar with VMware vSphere, Citrix XenDesktop, and the Nutanix Enterprise Cloud Platform.

Read this reference architecture for and overview of the Nutanix solution, Citrix XenDesktop and its use cases. The document covers:

• Benefits of Citrix XenDesktop on Nutanix
• Design and configuration considerations when architecting a Citrix XenDesktop solution on Nutanix
• Benchmarking Citrix XenDesktop performance on Nutanix

Download now!

Sponsored by

An avid technology enthusiast, Steve Gregory has been writing professionally since 2002. With more than 10 years of experience as a network administrator, Gregory holds an Information Management certificate from the University of Maryland and is pursuing MCSE certification. His work has appeared in numerous online publications, including Chron and GlobalPost.

Citrix disclosed Friday that foreign cybercriminals hacked into its internal network and may have accessed and downloaded business documents.

The Santa Clara, Calif.-based software company said it was contacted by the FBI on Wednesday, who told them there was reason to believe there had been a successful cyberattack on the company's network, according to a blog post Friday from Stan Black, Citrix's chief security and information officer. It doesn't appear the security of any Citrix product or service was compromised, according to Black.

"It appears that the hackers may have accessed and downloaded business documents," Black wrote. "The specific documents that may have been accessed, however, are currently unknown."

[Related: 16 Hottest Network And Endpoint Security Products Unveiled At RSA San Francisco]

Citrix's stock closed Friday down $2.89 (2.51 percent) to $99.98 per share. That's the lowest closing price for Citrix's stock since Dec. 24, 2018.

The FBI advised Citrix that the hackers likely used a tactic known as password spraying, where the threat actor tries a single commonly used password against many accounts. If unsuccessful, additional common passwords will be tried until the accounts are accessed. Once the hackers gained a foothold with limited access, Black said they worked to circumvent additional layers of security.

Citrix took actions to re-secure its internal network and has commenced a forensic investigation into the breach, Black said. Specifically, the company is continuing to cooperate with the FBI and has engaged a outside cybersecurity firm to assist.

"Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly," Black said. "In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information."

The breach disclosure comes just three days after Citrix updated its SD-WAN offering to help enterprises to administer user-centric policies and connect branch employees to applications in the cloud with greater security and reliability. The product is intended to simplify branch networking by converging WAN edge capabilities and defining security zones to apply different policies for different users.

Citrix Systems prepared for Tuesday's opening of its annual Citrix iForum application delivery conference, held this week in Las Vegas, with the introduction of its desktop virtualization strategy, the renaming of its server virtualization technology, and the introduction of new voice, compliance, and "green" features to its core NetScaler and Presentation Server applications.

The desktop and server virtualization moves come as a result of Citrix's mid-August move to acquire XenSource for $500 million. That acquisition closed Monday, said Wes Wasson, senior vice president and chief marketing officer of Citrix.

Citrix plans to combine existing Citrix and XenSource technology to launch XenDesktop, a desktop virtualization software, during the first half of 2008, Wasson said.

While there is already other desktop virtualization software in the market, such as the Virtual Desktop Infrastructure (VDI) from VMware, XenDesktop is taking a different approach, Wasson said.

XenDesktop lets solution providers build virtual desktop PCs, but without the applications, Wasson said. Instead, the applications are kept as separate products in separate locations, and delivered to the virtual desktop PCs.

"VMware will tell you to provide them your desktop with the applications, and they'll put it in a virtual machine," he said. "But we scratch our heads and say, that's just moving the existing problems from the desktop to the data center."

By separating the applications and their delivery from the virtual desktops, the result is fewer software conflicts and less chance of corrupting files, Wasson said. "We deliver the desktop so it can run in a virtual machine," he said. "It's best used for delivering applications like we do with Presentation Server and NetScaler."

Citrix on Monday also rebranded its XenSource line as Citrix XenServer, Wasson said. Nothing else has changed, including the price and Citrix's relationship with XenSource channel partners, he said.

There are about 350 XenSource VARs, all of whom are automatically certified for Citrix XenServer, Wasson said. In addition, about 70 percent of Citrix's 5,000 channel partners worldwide currently sell server virtualization software from rival VMware.

Wasson said he does not want his company's channel partners to change their VMware relationship. But he does want them to try XenServer. "We'll be offering a jump start program to get them selling XenServer quickly," he said. "If they sell VMware, they'll keep selling it. But many will also be impressed with XenServer."

Peter Anderson, president of Bayshore Technologies, a Tampa, Fla.-based Citrix solution provider, said he is very excited to see Citrix embrace server and desktop virtualization.

"We carry VMware, but we think the market is huge," Anderson said. "In the next couple of years, Dell, Hewlett-Packard, and IBM all will come out with virtualization."

Anderson said he sees a big potential market for virtual desktop PCs. "Virtualization's main advantage is management," he said. "This will take a lot of the stress out of desktop management. We'll be able to send out changes easier. And control is a huge issue. We like the idea of not touching the desktop."

Donnie Downs, president of Plan B Technologies, a Bowie, Md.-based Citrix solution provider, said there are a lot of customers buying into Citrix's application delivery message who will be glad to see it married to virtualization.

"Microsoft people will say, you can do this with [Microsoft] Terminal Server, and you don't need Citrix," Downs said. "Or at VMware, they'll say, yeah, you can do without Citrix. Now with XenServer, you can say, yeah, you can do it all with Citrix."

However, Downs said, bringing XenDesktop to market is not as easy as it sounds. "We need to see how it is presented," he said. "There has been a lot of confusion with things like portals and the ASP model. But customers really need virtual desktops for rapid application deployment and ease of management.

NEXT: How it stacks up against competitors

Mike Strohl, president of Entisys Solutions, a Concord, Calif.-based Citrix solution provider, said that companies like VMware are already virtualizing desktop PCs.

"But Citrix not only provides the OS level of virtualization, it also has the technology to stream applications to the virtual desktops," Strohl said. "And with Desktop Broker, they have the delivery aspect handled as well. Citrix has the experience to handle all the related dynamics."

In addition to unveiling its desktop and server virtualization strategy, Citrix on Monday also introduced three new add-ons to its current software lineup.

The first is EasyCall, a simple way to integrate communications into Citrix's NetScaler for web applications and Presentation Server for Windows applications.

With EasyCall, whenever the user passes the mouse cursor over a telephone number, that number is highlighted, and can be automatically dialed from within the application, Wasson said.

EasyCall can be integrated into any application, including Office applications and Web-based applications, Wasson said. It works with any phone system, including POTS (Plain Old Telephone System), PBX, and Voice over IP, making it ideal for telephone call centers, he said.

Users can not only set it to automatically dial out a highlighted number, it can also be programmed to dial from a specific phone, Wasson said. "This is great for mobile users," he said. "In a hotel, if you click on a phone number, it will make the call using the hotel phone number, but the call is actually originated from the corporate phone system. So the company is charged, not the hotel."

Downs said EasyCall could have big implications for large call centers. And for other customers, it offers a chance to talk to departments that solution providers may have not had access to before. "With EasyCall, I can go to a completely different part of the customer with this communications ability," he said.

On the compliance side, Citrix on Monday is introducing SmartAuditor to its Presentation Server.

SmartAuditor automatically records a user's session based on company policies which can specify users, applications, and time of day. The session recordings are then time-stamped and stored for later playback for compliance audits, Wasson said.

For instance, SmartAuditor can be set to record the sessions of certain users working with sensitive data, or contractors with a lower level of trust in an organization, he said. It can also be used in a targeted way, he said.

Strohl said it is a about time someone came out with an application like SmartAuditor. "This is important for security and compliance," he said. "If you have a scenario with regulated data, like security brokers, all e-mails now need to be archived. This is similar, but for other applications and data."

Any customer with HIPAA or Sarbanes-Oxley or other regulatory concerns will like SmartAuditor with its ability to look at data, log-ins, log-outs, and what users do, Anderson said.

And it is a technology that will work its way into the small and midsize business space, he said. "Once you have an IT person, they have the keys to the kingdom," he said. "They can see all the passwords and documents. A lot of small businesses don't see the ramifications of that. Tools like SmartAuditor to allow us to see who is where are extremely important."

Citrix is also trying to do its part to address data center power use with PowerSmart, an add-on to Presentation Server that will let customers set policies to automatically reduce server power based on application traffic levels.

Data centers today can set servers to power up and down at certain times, but it is much harder to time the changes to how users use their applications, Wasson said. PowerSmart times those changes according to application usage, he said.

For example, as Lotus Notes users start dropping off at the end of the day, PowerSmart can send a signal to start shutting down some of the servers. Then, as users sign back in, a signal can be sent to power up the servers again.

Anderson said his enterprise customers are telling him they are running out data center power. "Anything that can reduce power will be a great feature," he said.

Downs said he has already approached a hospital that works with Plan B Technologies and has been having major power issues with IT to talk about PowerSmart. "We told them, this is something we will introduce on a blade server system we sold them, and they said, yeah, we need that immediately," he said.

Things like PowerSmart can help a customer look very good in the eyes of the public, Downs said. "With all the buzz around Al Gore and global warning, you can sign a customer up with a pre-canned press release about reducing power they can take to their Board of Directors," he said.

EasyCall and SmartAuditor have been added to the platinum editions of NetScaler and/or Presentation Server free of charge. EasyCall licenses are activated by a Citrix Communication Gateway appliance that is retail priced at $3,500. PowerSmart works with iLO-enabled HP servers, and will be available for download in December.

Copyright © 2024 ABC News Internet Ventures.

The vulnerability’s name has been popping up over the past couple months in reports on key sectors. According to a post from cybersecurity researcher Kevin Beaumont, this flaw may be behind the cyber attack that disrupted swathes of credit unions earlier this week. The credit unions’ technology vendor Ongoing Operations was hit with ransomware and had failed to patch the vulnerability, he wrote. Ongoing Operations declined to confirm to Government Technology whether Citrix Bleed had been exploited.

But the health-care sector is also raising warnings. Industry group the American Hospital Association urged its membership recently to patch and defend against the vulnerability. Its message amplified the federal Health Sector Cybersecurity Coordinating Center (HC3)’s own alert. Ransomware actors also exploited it in an attack on airplane giant Boeing.

Advisory authors include the Cybersecurity and Infrastructure Security Agency, FBI, Multi-State Information Sharing and Analysis Center and Australia’s lead cybersecurity agency, the Australian Signals Directorate’s Australian Cyber Security Centre.

At least one group of threat actors has been identified exploiting Citrix Bleed: affiliates deploying LockBit 3.0 ransomware. LockBit affiliates have in the past targeted organizations in critical infrastructure sectors, including government and emergency services, health care, financial services, energy, education, food and agriculture, manufacturing and transportation, per the joint advisory.

The flaw is also relatively easy to exploit and so is likely to be widely exploited “in unpatched software services throughout both private and public networks,” per the advisory.

To respond, organizations should adopt updates, as well as search for evidence of compromise (and then take appropriate responses) as well as adopt other mitigation steps outlined in the joint advisory.

Citrix released the patch in early October, but attackers are known to have been exploiting it since August 2023.

“The manufacturer has also warned that these compromised sessions will still be active after a patch has been implemented,” HC3 wrote.

As such, HC3 advised not only updating but also using certain commands to remove “any active or persistent sessions.” The commands are below:

• kill aaa session -all

• kill icaconnection -all

• kill rdp connection -all

• kill pcoipConnection -all

• clear lb persistentSessions

Just three days after Xfinity disclosed that 36 million of its users’ personal information was exposed in a data breach, Fort Lauderdale-based Citrix Systems Inc. is facing a class-action lawsuit accusing the firm of failing to prevent the breach.

The extent of the breach was disclosed on Monday in a notice to the Maine Attorney General by Comcast Cable Communications, which does business as Xfinity.

That day, Comcast released a notice to customers disclosing that “unauthorized access to its internal systems” had occurred between Oct. 16 and Oct. 19. Following a review, Comcast concluded on Dec. 6 that the breach exposed customer information such as usernames and passwords that the company had disguised for security purposes.

Hackers also stole some users’ names, contact information, last four digits of Social Security numbers, dates of birth and/or secret questions and answers, Comcast said.

Customers logging onto their Xfinity accounts have been required to change their passwords to protect their accounts. They also are urged to set up two-factor, or multi-factor, authentication and to change passwords for other accounts that share the same username and password or security question.

By Wednesday, Citrix — which services Xfinity’s website — was named as defendant in a proposed class-action lawsuit about the breach.

A Citrix spokesman, reached by email, said the company is aware of the lawsuit but said the company does not comment on pending litigation. Comcast, which was not named as a defendant in the lawsuit, did not respond to a request for information about the breach.

The suit accuses Citrix of failing to protect “highly sensitive information” in their custody that it “knew and understood” is “valuable and highly sought after by criminal parties who seek to illegally monetize” it by posting it for sale on the dark web.

The suit states that Citrix on Oct. 10 announced the vulnerability of a software product used by Xfinity and thousands of other companies known as “Citrix Bleed.”

Citrix said it released a patch to fix the vulnerability at that time and issued additional mitigation guidance on Oct. 23, the lawsuit claims.

While Comcast said it “promptly patched and mitigated its systems,” it said it later discovered that prior to the repair operation, between Oct. 16 and Oct. 19, “there was unauthorized access to some of (its) internal systems that (it) concluded was a result of this vulnerability,” according to the lawsuit.

In a notification to the Office of the Maine Attorney General on Monday, Comcast revealed that the personal identifiable information of 35,879,455 individuals was believed to have been exposed in the breach.

The lawsuit names Jacksonville resident Francis Kirkpatrick as lead plaintiff. It was filed by the Fort Lauderdale law firm Kopelowitz Ostrow Ferguson Weiselberg Gilbert and the Tampa-based law firm The Consumer Protection Firm PLLC.

It says that Kirkpatrick has experienced “suspicious spam” after the breach that he believes to be an attempt to secure additional personal information.

The suit claims that class members have suffered from invasion of their privacy, lost or diminished value of their personal identifiable information, lost time and opportunity costs associated with attempting to mitigate consequences of the breach, and the “continued and certainly increased risk” to their information.

It seeks unspecified “compensatory and consequential damages” from Citrix.

The website ClassAction.org, which describes itself as a group of online professionals with relationships with class action and mass tort attorneys, on Tuesday posted notice of an investigation that it said could lead to a class action lawsuit against Comcast. A news release on Tuesday by New Jersey-based Console & Associates, P.C. urges victims to contact the law firm.

According to GovTech.com, a website that serves the government technology industry, hackers have been exploiting “Citrix Bleed” vulnerabilities since August. Hackers can exploit the vulnerability within Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances, the site reported.

The vulnerability enables hackers “to bypass password requirements and multifactor authentication” to hijack “legitimate user sessions,” according to an advisory released on Nov. 21 by the Cybersecurity & Infrastructure Security Agency, a component of the United States Department of Homeland Security.

“Through the takeover of legitimate user sessions, malicious actors acquire elevated permissions to harvest credentials, move laterally, and access data and resources,” the advisory states.

Citrix Bleed has been linked to ransomware and malware attacks on several companies, including Toyota and Boeing, several tech sites reported.

For Comcast, news of the breach comes a year after a different breach left an unknown number of customers unable to access their accounts. When they regained access, they discovered their accounts had been taken over by hackers who were able to bypass two-factor authentication and change their passwords, then used their information to gain access to other accounts, the website SecurityBoulevard.com reported.

Ron Hurtibise covers business and consumer issues for the South Florida Sun Sentinel. He can be reached by phone at 954-356-4071, on Twitter @ronhurtibise or by email at rhurtibise@sunsentinel.com.

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.

On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications company found evidence of malicious activity on its network between October 16 and October 19.

Cybersecurity company Mandiant says the Citrix flaw had been actively exploited as a zero-day since at least late August 2023.

Following an investigation into the impact of the incident, Xfinity discovered on November 16 that the attackers also exfiltrated data from its systems, with the data breach affecting 35,879,455 people.

"After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords," the company said.

"[F]or some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing."

While Xfinity says it has asked users to reset their passwords to protect affected accounts, customers report that they had been getting password reset requests last week without any indication as to why that was happening.

"To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven't been asked to do so already," the company says in a data breach notice published on its website.

One year ago, Xfinity customers also had their accounts hacked in widespread credential stuffing attacks bypassing two-factor authentication.

Compromised accounts were then used to reset account passwords for other services, including the Coinbase and Gemini crypto exchanges.

Update December 18, 19:08 EST: A Comcast spokesperson shared the following statement with BleepingComputer after the article was published but didn't share more details on the number of individuals affected by the data breach. The company added that its operations were not impacted and that it received no ransom demand after the incident.

We are providing notice to customers about a data security incident which exploited a vulnerability previously announced by Citrix, a software provider used by Xfinity and thousands of other companies worldwide. We promptly patched and mitigated the vulnerability. We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.  

In addition, we required our customers to reset their passwords and we strongly recommend that they enable two-factor or multi-factor authentication, as many Xfinity customers already do. We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24x7.

Update December 19, 05:40 EST: Added info on the number of people affected by the data breach.