XenTegra - The Citrix Session

The Citrix Session: Citrix Features Explained: Increase app security with Citrix Secure Private Access

July 13, 2022 XenTegra / Andy Whiteside / Bill Sutton Season 1109 Episode 109
The Citrix Session: Citrix Features Explained: Increase app security with Citrix Secure Private Access
XenTegra - The Citrix Session
More Info
XenTegra - The Citrix Session
The Citrix Session: Citrix Features Explained: Increase app security with Citrix Secure Private Access
Jul 13, 2022 Season 1109 Episode 109
XenTegra / Andy Whiteside / Bill Sutton

For your hybrid workers to do their best, most productive work, they need anywhere access to a wide variety of SaaS and web applications. But today the average business relies on 88 different apps, creating a larger-than-ever attack surface for your cybersecurity team to protect. Making web app security even more complex, each type of SaaS app demands a different type of security posture to defend against new threats. As you explore how to secure SaaS applications, it’s vital you deliver anywhere access to your hybrid workforce without sacrificing SaaS app security.

Citrix Secure Private Access helps companies strengthen web app security with versatile and secure app access that doesn’t disrupt the hybrid work experience. In this post, we will examine how you can use Public SaaS App Access, Private Web App Access, and Private Client/Server App Access to empower your hybrid workers without compromising your SaaS application security requirements.

Host:  Andy Whiteside
Co-host: Bill Sutton
Co-host: Geremy Meyers

Show Notes Transcript

For your hybrid workers to do their best, most productive work, they need anywhere access to a wide variety of SaaS and web applications. But today the average business relies on 88 different apps, creating a larger-than-ever attack surface for your cybersecurity team to protect. Making web app security even more complex, each type of SaaS app demands a different type of security posture to defend against new threats. As you explore how to secure SaaS applications, it’s vital you deliver anywhere access to your hybrid workforce without sacrificing SaaS app security.

Citrix Secure Private Access helps companies strengthen web app security with versatile and secure app access that doesn’t disrupt the hybrid work experience. In this post, we will examine how you can use Public SaaS App Access, Private Web App Access, and Private Client/Server App Access to empower your hybrid workers without compromising your SaaS application security requirements.

Host:  Andy Whiteside
Co-host: Bill Sutton
Co-host: Geremy Meyers


00:00:03.240 --> 00:00:14.340
Andy Whiteside: hi everyone, welcome to episode 109 of the citrix session i'm your host Andy whiteside i've got bill said and director of services billy's to got 7000 hours of project ready work coming at you.

00:00:14.849 --> 00:00:19.770
Bill Sutton: pretty much what it seems like these days, which is a good problem to have I guess.

00:00:20.610 --> 00:00:34.500
Andy Whiteside: Good problem to have still a problem, though, so if you're listening and you would like to be on a digital workspace and user compute hardcore focused on that industry and beyond team then reach out and let's INTEGRA know yeah.

00:00:34.890 --> 00:00:35.460

00:00:36.840 --> 00:00:52.110
Andy Whiteside: get to work with bill, who is an awesome and knowledgeable manager, which is you know not what everybody else has we we have someone who's a good at managing and also knows how this stuff works which, believe it or not, that's how it's supposed to work.

00:00:55.110 --> 00:01:07.140
Andy Whiteside: Okay, but i'm gonna do this to both you guys i'm I am using an LG all in one thing client and using the zoom custom partition and Nigel to do this, one I really want to do it to my virtual desktop but I was having a crash.

00:01:07.950 --> 00:01:24.270
Andy Whiteside: Not a citrix issue, not a windows issue but a browser issue earlier got that dreaded do you want to wait for the whatever thing to run before we move on what are you what are you using to record the podcast it's okay if you're using a fat PC laptop whatever what are you using.

00:01:24.390 --> 00:01:31.800
Bill Sutton: i'm using a fat laptop currently I have done it using teams through a or zoom through vdi but I wasn't using that today.

00:01:32.820 --> 00:01:44.550
Andy Whiteside: In INTEGRA world and i'm an idiot for not knowing this zoom offload if you have the right pieces in the vdi and on your endpoint and the endpoints windows does that currently work do we have that turned on and working.

00:01:45.000 --> 00:01:48.870
Bill Sutton: I believe so, yes, last time I did I did, and it worked fine yeah.

00:01:50.010 --> 00:01:58.050
Andy Whiteside: I gotta go test that again and see if it's working or turned on we're like the cobbler and we have shoes for our kids but they're not the best us because we're too busy doing and everywhere else.

00:01:59.520 --> 00:02:00.360
Bill Sutton: yeah exactly.

00:02:00.840 --> 00:02:06.750
Andy Whiteside: So JEREMY myers with is JEREMY is the director of sales engineering for the southeast for citrix how's it going.

00:02:07.830 --> 00:02:15.570
Geremy Meyers: First of all, thanks for the Promotion but second of all that is true, I cover the southeast i'm not a director, yet, but one of these days, maybe.

00:02:15.930 --> 00:02:16.620
Andy Whiteside: it's promoting you.

00:02:17.220 --> 00:02:21.780
Geremy Meyers: I appreciate that Thank you can nudge nudge my w two that'd be awesome too.

00:02:23.730 --> 00:02:25.410
Andy Whiteside: I don't even know who report to anyone.

00:02:26.220 --> 00:02:28.230
Geremy Meyers: I will Eric Fisher actually.

00:02:30.330 --> 00:02:31.920
Geremy Meyers: long, long time guy you know.

00:02:33.540 --> 00:02:35.580
Andy Whiteside: So many people got thinking all right, so what.

00:02:36.600 --> 00:02:38.640
Andy Whiteside: what's your device influence story.

00:02:39.900 --> 00:02:49.860
Geremy Meyers: So right now I am fat for this zoom call here, I do have to virtual desktops open right now, so I have my citrix desktop which I use quite a bit.

00:02:50.880 --> 00:03:05.760
Geremy Meyers: You know I use it for team calls I use it for a lot of, and this kind of plays into our conversation today I use a lot for internal web Apps for sure, so a lot of our you know engineering dashboard a lot of our some of the tableau dashboards they only exist internal right so.

00:03:06.000 --> 00:03:18.780
Andy Whiteside: You can get to them is to tunnel through and I using the word tunnels politically but it's not really tunnel, but it is right up through an application also windows not application think that's, the only way you have access this thing's.

00:03:19.380 --> 00:03:21.090
Geremy Meyers: Correct all the way.

00:03:22.890 --> 00:03:28.290
Geremy Meyers: And then, I have a second environment that is my team's lab environment and so we're going through.

00:03:28.530 --> 00:03:36.480
Geremy Meyers: configuring some things for add adaptive all some other things like that, but you know that's completely separate and irrelevant outside of me just want the name drop that were.

00:03:36.900 --> 00:03:45.000
Geremy Meyers: You know, doing some of that stuff as well and tinkering with the new features that we have with which looks like our topic today secure private access so.

00:03:45.840 --> 00:03:53.730
Andy Whiteside: Well, you know to me it's it's not a relative right because it's first of all, you got to use your own stuff and I can't tell you how many companies we work with where.

00:03:54.120 --> 00:04:01.650
Andy Whiteside: I try to impress them with the idea that we're using our own stuff and it just goes right by them and, like no, you have to understand this, because when time comes, you need to use your own stuff.

00:04:02.190 --> 00:04:17.790
Andy Whiteside: And if you're running around on a $2,000 laptop expecting your users to use a virtual desktop and you're not using it, you know shame on you and, at the same time, your team has to have a lab I don't have any clients, we have that they have a single machine catalog maybe.

00:04:18.390 --> 00:04:23.430
Andy Whiteside: And that's their lab and you're like that's won't get it done with the intricacies these days.

00:04:23.730 --> 00:04:30.900
Geremy Meyers: Well i'll tell you what right So when I first started at citrix, by the way this is 10 years at citrix so I don't want to make you feel all dandy but.

00:04:31.290 --> 00:04:37.530
Geremy Meyers: It occurred to me, as I was sitting at the 10 year anniversary of his integrity that this might be my 10 years at citrix and of course it was and I got the email.

00:04:38.430 --> 00:04:45.570
Geremy Meyers: So that was fun, but I remember back when I first started, and I wanted to lab and here's what that looked like i'm went and bought like three.

00:04:45.930 --> 00:04:51.690
Geremy Meyers: I want to say small form factor Shell PCs something I could slap in some cpu a whole lot of Ram.

00:04:52.140 --> 00:04:56.250
Geremy Meyers: And some solid state drives right because I wanted to runs in server I wanted to have a pool.

00:04:56.640 --> 00:05:10.650
Geremy Meyers: And I wanted to you know to all this stuff up the biggest challenge that I had at the time was trying to figure out the Microsoft licensing right because I didn't have already RDS cows, so that meant I had to rebuild Zen APP servers literally every was 180 days anyways long story short.

00:05:11.700 --> 00:05:19.380
Geremy Meyers: I remember how hard it was for me to give up that on Prem lab environment because i've got space in azure now right and so we'll build some things in azure.

00:05:19.710 --> 00:05:29.790
Geremy Meyers: Standard up tear it down multiple different catalog types in those sorts of things just because man folks are just they're asking, first of all, just want to know how things work we all want to know how things work but.

00:05:30.180 --> 00:05:36.900
Geremy Meyers: In some of the scenarios customers kind of put in front of us it's Nice that we have a more flexibility now because it's in a hyper scale or like azure.

00:05:38.100 --> 00:05:39.240
Geremy Meyers: to tinker with it was really cool.

00:05:40.410 --> 00:05:45.510
Andy Whiteside: yeah I love that comment, but as a person has been dealing with a customer over the weekend and today.

00:05:46.530 --> 00:05:57.990
Andy Whiteside: it's like okay tell them exactly what to do, but then scope out all the options, like all the options, you know what you just said, I mean it's it's like you know and then so at the end, the day and they were very open to it.

00:05:59.190 --> 00:06:03.090
Andy Whiteside: The other day we just told hey this our blueprint This way we want to go with you.

00:06:03.630 --> 00:06:12.120
Andy Whiteside: hmm like this great if you want to deviate some great if you want to completely overhaul it but for us to you know, be able to guarantee you a price and guarantee you.

00:06:12.660 --> 00:06:18.000
Andy Whiteside: A solution that works really need to follow the blueprint, and they were all and then we started talking about you know.

00:06:18.420 --> 00:06:28.530
Andy Whiteside: To nine verses four nines and all sudden they got there like it doesn't matter tonight's is great, I mean it's not great, but it's really, really good and the truth is we're not gonna know the difference between two and three nines.

00:06:29.730 --> 00:06:36.450
Geremy Meyers: Probably not what's that 12 hours 16 hours something like that the difference between two nines and five nines I forget but it's it's something like that.

00:06:38.430 --> 00:06:41.310
Geremy Meyers: And that's over the course of a year, so let me put that in perspective but yeah.

00:06:44.040 --> 00:06:45.270
Andy Whiteside: Well, in guys some.

00:06:46.560 --> 00:06:58.830
Andy Whiteside: We have picked for today, the following topic oh yeah and, as I was looking I was looking at this one on the Left from five days ago introduction to citrix adaptive authentication I want to come back and do that one guy so.

00:06:59.550 --> 00:07:00.660
Andy Whiteside: For that list for next week.

00:07:01.290 --> 00:07:05.490
Geremy Meyers: Who, we might have that configured for next week, too, so that might be fun for sure cool.

00:07:06.030 --> 00:07:08.070
Andy Whiteside: very hot off the top part of the process.

00:07:09.030 --> 00:07:09.630
Andy Whiteside: and your lap.

00:07:10.950 --> 00:07:18.630
Andy Whiteside: Okay, so, but for this week another one by Stephen bills I think it's pronounced that way former citrix sales engineer, but now i'm product manager, I believe.

00:07:19.230 --> 00:07:26.580
Andy Whiteside: This one citrix features explained so we're staying in that series and it's increased APP security with citrix secure private access.

00:07:27.870 --> 00:07:33.990
Andy Whiteside: We want to go through that one today so JEREMY can you kind of just to start by telling us you know what this is why it matters.

00:07:34.800 --> 00:07:35.340

00:07:36.510 --> 00:07:50.010
Geremy Meyers: In a nutshell, it's protecting access to public, and this is right off the right off the BAT this is really what it what it does right so we're protecting access to public SAS Apps right, what does that mean public website right, so if you're a user of.

00:07:50.760 --> 00:08:03.840
Geremy Meyers: salesforce right, you know how does an organization, do you protect that outside of things like single sign on right private web access So what if that SAS APP that website that APP that you're delivering.

00:08:04.860 --> 00:08:13.950
Geremy Meyers: exists, internally and then lastly client server application access right, so you know something that involves a client like a fat client.

00:08:14.970 --> 00:08:17.520
Geremy Meyers: And then some sort of back end right obviously something that might.

00:08:18.270 --> 00:08:21.600
Geremy Meyers: represent a traditional citrix APP you might have a scenario where.

00:08:21.900 --> 00:08:29.280
Geremy Meyers: You know, you want to protect that outside of a traditional Zen ads and desktop deployment which maybe that's a good conversation in itself because that's still might not make sense but.

00:08:29.670 --> 00:08:37.740
Geremy Meyers: Really that's what we're talking about with you know SP a secure private access is you know, protecting public private and even clients or wraps if you need to.

00:08:38.460 --> 00:08:45.480
Andy Whiteside: Well let's let's dig in the first one little bit so and be very specific exactly tell the people in the citrus world don't know what you guys do for SAS Apps.

00:08:46.050 --> 00:09:05.640
Andy Whiteside: that's probably the one of the most future proofing pieces of your business and i'm kind of blame that on the success on the x86 side of the House so we're just stuck in that world and don't realize that they've got to have some of those same features and beyond, for the SAS the.

00:09:05.730 --> 00:09:10.320
Andy Whiteside: browser application this case public facing so.

00:09:11.340 --> 00:09:14.250
Andy Whiteside: So this topic simply is how to strengthen SAS.

00:09:15.630 --> 00:09:30.900
Andy Whiteside: Software as a service APP security with public software as a service APP access and you'll see me do that occasionally i'll just quit with the acronyms because we frank, a lot of people get caught up in the acronyms and he asked them what they mean they don't actually know.

00:09:31.860 --> 00:09:32.130
Geremy Meyers: Right.

00:09:32.970 --> 00:09:33.780
Geremy Meyers: And if I were the same.

00:09:34.200 --> 00:09:44.010
Geremy Meyers: On the same thing goes for SAS APP right I just think we assume folks notice asset is but, at the end of they were we talking about public website, you know, for instance, right, so if your applet your organization runs off of.

00:09:44.460 --> 00:09:56.010
Geremy Meyers: You know, Microsoft dynamics to the runs off of salesforce if it runs off things I mean, these are all SAS Apps right and you're just organization is delivering up a website to their users for their application access that's what we're talking about here.

00:09:56.550 --> 00:10:05.970
Andy Whiteside: And the chances that you would take today dynamics and you bring it in house and delivered through a browser but do it privately know I heard you speak very common, but now it's almost unheard of.

00:10:06.480 --> 00:10:12.060
Geremy Meyers: Well, in there's still some Apps out there, like that right so, for instance, take Oracle you know era P, is probably installed.

00:10:12.540 --> 00:10:24.150
Geremy Meyers: You know, it could be the cloud version, but you know we a lot of folks running that internally SAP I mean that's a that's a that's a big man with APP right and so folks are you know struggling to get that you know into the SAP cloud so.

00:10:24.360 --> 00:10:36.540
Geremy Meyers: collapse yeah yeah I mean listen, we saw customers running windows xp So if you think that you know folks are going to go to the cloud with some of these things it's just it's going to take a lot of effort, because there's a lot of technical debt there honestly right.

00:10:38.040 --> 00:10:47.520
Andy Whiteside: So let me, let me do this first and then we'll let you and bill both comment on this so SAS It all starts with single identity, if possible.

00:10:48.360 --> 00:10:56.670
Andy Whiteside: That allows you to multifactor authenticate that then enables you for single sign on into everywhere, you want to go after that.

00:10:57.030 --> 00:11:06.990
Andy Whiteside: And if you want to you can even turn off single sign on and force them to re authenticate but there's a balance between Okay, I want to make it easy single identity, I want to make it secure multifactor.

00:11:07.500 --> 00:11:20.460
Andy Whiteside: I want to make it easy insecure single sign on, and I could even turn that up a level if need be, is that, basically, what citrix is providing or Is there something beyond that they were talking about here with the public SAS offerings.

00:11:21.390 --> 00:11:28.230
Geremy Meyers: So citrix can provide all those things you just described, but they can also take that a step further right so.

00:11:28.650 --> 00:11:36.060
Geremy Meyers: I think, to sort of be in the space, right now, you have to provide or be able to provide that single sign on, you have to be able to provide that second factor.

00:11:36.420 --> 00:11:43.020
Geremy Meyers: as a way of protecting the front door that APP I would argue, you know, forcing users to re authenticate might be less secure.

00:11:43.440 --> 00:11:48.840
Geremy Meyers: than doing the single sign in the sense that you know now here's another password or users got to remember.

00:11:49.470 --> 00:11:56.340
Geremy Meyers: If you're like my dad you're probably going to use the same password several different locations so there's a security challenge in itself.

00:11:57.330 --> 00:12:05.310
Geremy Meyers: But on top of that it's just multiple attack services you opened up so when you do single sign on if you can just pull pull back to users ability to manage their own password.

00:12:05.700 --> 00:12:15.120
Geremy Meyers: And just put that behind a single identity with multi factor I think you've got a long way, but yes, at the very least that is step one, but there are some additional things we can do we can get into that.

00:12:16.920 --> 00:12:24.780
Andy Whiteside: So my my comment on the re authenticate piece was after like a timeout type thing and I guess at that point you're back to the single identity to come right back through.

00:12:26.070 --> 00:12:35.880
Andy Whiteside: know any any thoughts comments on how this is playing out and you see our customers implementing this across the board, or is it still just one offs that get.

00:12:36.090 --> 00:12:36.750
Bill Sutton: it's it's.

00:12:36.900 --> 00:12:53.970
Bill Sutton: it's mostly one offs at this point, I think, to be honest with you that my view is that a lot of customers don't really know that citrix offers this at this level, and that the at the level that jeremy's about to go into the the items that are go beyond just sso because to jeremy's point.

00:12:54.990 --> 00:12:58.320
Bill Sutton: Having the ability to use single identity single sign on.

00:12:59.070 --> 00:13:08.010
Bill Sutton: Multi factor those those those are the entry points you've got to have that that's Those are the two halves and then what central provides is really provides, in addition to that is really I think the real.

00:13:08.400 --> 00:13:13.020
Bill Sutton: Added value is and there's lots of security elements that go along with that that will get into.

00:13:13.530 --> 00:13:28.500
Bill Sutton: But I don't think that your average customer I think they they many of them still see citrix as the vdi play and that's obviously still a very solid play, but there's a lot more than that this technology, in particular, can do than than what they've been doing.

00:13:29.400 --> 00:13:32.280
Andy Whiteside: Well, I don't want to call out that you know its.

00:13:33.660 --> 00:13:37.020
Andy Whiteside: Customers thinking to use citrix for SAS Apps.

00:13:37.050 --> 00:13:40.410
Andy Whiteside: and protection SAS Apps I mean part of what we talked about before.

00:13:40.710 --> 00:13:53.010
Andy Whiteside: just want to highlight that citrix actually has that single that single identity single sign on multi factor challenge piece, all within the product and a lot of people are looking to third parties, which is fine she's gonna be able to work with those two.

00:13:53.580 --> 00:13:57.210
Andy Whiteside: But it's in the product you're already buying and paying for.

00:13:58.230 --> 00:14:01.770
Andy Whiteside: You don't have to look elsewhere for just the basic things we talked about so far right.

00:14:02.850 --> 00:14:13.230
Geremy Meyers: that's true, and so I think a lot of our conversations with customers who are longtime customers is just exposing them to with audio right, so they don't realize that you know, London, a lot of cases this this functionality they've already got.

00:14:14.070 --> 00:14:19.020
Geremy Meyers: If you've got an adc maybe if you're not using the cloud services is something that we've done in some capacity for a long.

00:14:19.020 --> 00:14:26.250
Geremy Meyers: Time and again just serving up web Apps I mean that is the number one published application.

00:14:26.790 --> 00:14:37.020
Geremy Meyers: In citrix today no the non you know SAS the SBA stuff we're talking about here a web browser publishing an internal web APP or even potentially a public with that, I mean folks are doing that today.

00:14:37.590 --> 00:14:45.870
Geremy Meyers: For some, some of the security reasons that you know we haven't gotten into yet, but just being able to protect that data is pretty important to the customers.

00:14:46.590 --> 00:14:58.650
Andy Whiteside: yeah so JEREMY what beyond single identity single sign on multi factor when it comes to public SAAs what else can you do with citrix to take that security story to another level.

00:14:59.340 --> 00:15:11.130
Geremy Meyers: So let me, let me ask you this question what security reasons were customers deploying citrix I say citrix virtualize windows applications, or even Linux applications like, why did they do this in the past.

00:15:11.850 --> 00:15:18.720
Andy Whiteside: Well, to be honest, most of the time it was that case we're going to talk about a minute ago in a minute where it's private Apps and that's, the only way you get there.

00:15:19.980 --> 00:15:22.080
Andy Whiteside: The other was performance reasons.

00:15:22.350 --> 00:15:22.860
Andy Whiteside: It is.

00:15:23.100 --> 00:15:37.020
Andy Whiteside: It is historically in my world been very rare that they did it for security reasons, even though they got the security benefits of it by doing it, the way they felt like they needed to had to they got security benefits they may may or may not even recognize.

00:15:37.980 --> 00:15:40.380
Geremy Meyers: Well, so I think in some customers i've seen.

00:15:40.830 --> 00:15:49.590
Geremy Meyers: sort of a delineation when they're rationalizing their Apps and they're looking what's out there they'll go hey there are certain Apps in our portfolio that need some additional levels of security, I get that.

00:15:49.860 --> 00:15:56.550
Geremy Meyers: And then, sometimes it doesn't matter right I just need to get this APP in front of this user i'm not so concerned around you know managing.

00:15:57.000 --> 00:16:02.820
Geremy Meyers: printing or copy and paste you know some of this will fall into whatever industry and regulation that you need to protect for.

00:16:03.150 --> 00:16:07.710
Geremy Meyers: But when you look at that application portfolio they realize there's a few that do and here's a few that don't.

00:16:08.130 --> 00:16:16.320
Geremy Meyers: But the fact that we can enable some of those controls on those applications, has been a big selling point for a long time, and so what we're noticing is two things one.

00:16:16.980 --> 00:16:25.770
Geremy Meyers: What if we could provide that same level of control to weapons SAS Apps even Apps that aren't hosted within your data Center that are those SAS Apps that are public facing.

00:16:26.370 --> 00:16:33.090
Geremy Meyers: And then, secondly, you know still provide that same rationalization listen, there are some Apps that I just don't care about right, you know getting you into.

00:16:33.600 --> 00:16:41.760
Geremy Meyers: You know the salesforce, for instance, I might want to lock that down potentially not saying I need to, but I can provide copy and paste and I can provide.

00:16:42.540 --> 00:16:48.330
Geremy Meyers: You know, printing restrictions and things like that I can also turn on things like you know anti key logging right So if I want to protect.

00:16:48.780 --> 00:16:51.660
Geremy Meyers: The user as they're logging into this APP from a local browser.

00:16:52.140 --> 00:17:02.670
Geremy Meyers: You know, maybe I can do that as well right, so you know I think just being able to rationalize and turn on some of those additional controls that we've had for windows Apps that we've published to SAS Apps is pretty powerful know.

00:17:03.180 --> 00:17:14.490
Andy Whiteside: Understanding the need of those things like a watermark like keep logging like turning off printing turning off copy paste turning off download.

00:17:15.000 --> 00:17:21.900
Andy Whiteside: It This is my one I use all the time for us on the podcast for please forgive me, but you know WikiLeaks had he only had access through ICA.

00:17:22.830 --> 00:17:35.130
Andy Whiteside: That wouldn't happen you'd have to take screenshots of 10,000 documents, instead of just a download and had it been in the world of citrix today, even the download piece, we would have seen that happening could have taken action.

00:17:35.250 --> 00:17:40.290
Bill Sutton: We could have restrictively and building do screenshots unless they wanted to take pictures of this monitor right.

00:17:40.860 --> 00:17:41.160

00:17:42.210 --> 00:17:50.460
Geremy Meyers: that's true, but you know, to take it a step further and this goes into probably more of the SBA stuff but you know, being able to go beyond single sign on an MFA to.

00:17:50.880 --> 00:17:56.160
Geremy Meyers: You know what we call adaptive off, but really it's kind of like a contextual access right so being able to posture.

00:17:56.700 --> 00:18:04.530
Geremy Meyers: The device device before you give them access to that SAS APP so what kind of device, you know, whatever you know where you come in from you know.

00:18:04.980 --> 00:18:11.640
Geremy Meyers: And just tying that into even our own security analytics story so being able to say hey based on your risk or to the organization, maybe even.

00:18:11.970 --> 00:18:22.260
Geremy Meyers: You know, turn that application off and on or at least enable additional security controls, based on your your risk or you know these are all things that you can do, and you can do that with something that's either hosted in your data Center which is pretty powerful.

00:18:22.830 --> 00:18:23.520

00:18:24.570 --> 00:18:28.200
Bill Sutton: Because I kind of like the old EPA concept, but to the next level.

00:18:28.860 --> 00:18:31.590
Geremy Meyers: That is absolutely the EPA concept, but to the next level.

00:18:32.550 --> 00:18:37.890
Andy Whiteside: And the next level and from a different, I mean the conceptual stuffs the same.

00:18:38.370 --> 00:18:40.110
Andy Whiteside: But it's coming from somewhere else and.

00:18:40.110 --> 00:18:43.710
Andy Whiteside: it's coming through this browser thing that you know isn't the same as this.

00:18:44.250 --> 00:18:55.650
Andy Whiteside: me look in a lot of times using citrix to provide access to an application some of the security intangibles was just the fact that all you got was the application and you had to find a way to break out of it if you could.

00:18:56.340 --> 00:19:08.820
Geremy Meyers: write well in wealth and just to tag team on that, so you know even once you're in that web or SAS APP being able to do things like isolate links out of that that that that access so, for instance.

00:19:09.120 --> 00:19:12.450
Geremy Meyers: If I go into like a salesforce and you know there's a link.

00:19:13.110 --> 00:19:21.510
Geremy Meyers: buried in that salesforce page and I click it being able to say hey listen what's the status what's the posture of this link is something I trust is there, something I don't trust you know, maybe.

00:19:21.990 --> 00:19:29.820
Geremy Meyers: Maybe it just opens up in a different browser tab or you know I can turn on a feature called browser isolation which will launch that link and a containerized browser.

00:19:30.060 --> 00:19:42.390
Geremy Meyers: So that listen it's not going to impact either a what's in salesforce or you know, this is an internal web APP you know there's not going to impact something in my data Center so I can isolate traffic, depending on the posture of things like embedded links which is pretty pretty slick.

00:19:44.070 --> 00:20:00.000
Andy Whiteside: hey what's the likelihood these days that a right or a salesforce or workday or concur has the ability to turn off public access that doesn't come through this digital workspace and takes advantage of the the citrix or somebody else is offering.

00:20:00.960 --> 00:20:11.820
Geremy Meyers: So it's I mean you tell me if i'm wrong bill, but for a lot of these Apps it's pretty common that you can whitelist and blacklist access from certain locations like I know.

00:20:12.750 --> 00:20:20.730
Geremy Meyers: Maybe this is with office 365 I mean you can you can whitelist and blacklist where traffic can come from so, for instance, you could say hey i'm not going to allow users to hit.

00:20:21.180 --> 00:20:30.120
Geremy Meyers: My website directly from their local browser from wherever they're at, but you know if they're coming into the data Center or they're coming into a certain you know location, we will allow access, so you.

00:20:30.600 --> 00:20:40.260
Geremy Meyers: don't this what you're asking anybody being able to partition off where folks can access from means the only way to access, some of these applications is from this digital workspace yeah yeah.

00:20:41.730 --> 00:20:42.090
Geremy Meyers: Okay.

00:20:42.390 --> 00:20:45.150
Andy Whiteside: forcing us to have to use this digital workspace.

00:20:46.440 --> 00:20:49.260
Andy Whiteside: In some cases, the only way we're ever going to get control over.

00:20:50.340 --> 00:20:51.000
Andy Whiteside: It happening.

00:20:52.290 --> 00:20:54.660
Bill Sutton: To the single identity sso concept.

00:20:54.690 --> 00:21:06.600
Bill Sutton: You know that you cannot get into salesforce unless you authenticate via azure ad or some other identity provider and if you can't go to salesforce.com and enter your credentials, there are no you don't know what they are.

00:21:06.960 --> 00:21:08.160
Bill Sutton: I think that's one way.

00:21:08.400 --> 00:21:15.630
Bill Sutton: But with adaptive off is the ability to say if you're if you're coming from this IP range you're allowed not coming from that IP range you're not allowed.

00:21:15.960 --> 00:21:24.840
Bill Sutton: If your devices have a certain type or you know what what have you then you can get to the application, if you don't have that, then you can't get to the application so on.

00:21:25.740 --> 00:21:35.370
Geremy Meyers: Well, you know the other thing too, and maybe this is where Andy was going is you know your traffic, the traffic to that sasa might not be able to be sourced from your local machine directly so, for instance.

00:21:35.670 --> 00:21:38.730
Geremy Meyers: One of my favorite demos is and i'll publish IP chicken.

00:21:39.360 --> 00:21:47.430
Geremy Meyers: You know into workspace and i've got a secure in an unsecured version and if I run the unsecured version, it shows the IP address of my local machine right.

00:21:47.790 --> 00:21:53.250
Geremy Meyers: But if I run the secured version what i'm doing is i'm forcing it to go through my data Center and proxy through that data Center.

00:21:53.940 --> 00:22:03.570
Geremy Meyers: To tip chickens, it will show the IP address of the data Center so, in other words, you know I can restrict the ability of a user to access directly from the endpoint you forced to go through.

00:22:03.840 --> 00:22:12.150
Geremy Meyers: The data Center all the security controls anything you might have running there as well before you access that that traffic now does that introducing latency probably a little bit depends on the APP.

00:22:12.630 --> 00:22:17.160
Geremy Meyers: But you know again there's another security control, you can enable you know and that's an area.

00:22:20.610 --> 00:22:33.930
Andy Whiteside: So we really in our world have two options one we can make it so great in the digital workspace row with single identity multifactor challenge but single sign on after that that they want to use it, what we try to do as INTEGRA.

00:22:34.320 --> 00:22:42.090
Andy Whiteside: What I noticed that the other day i've still got very smart people my company that are going out and logging in to everything creating links on their browser on their computer and.

00:22:42.420 --> 00:22:44.850
Andy Whiteside: And then creating the same links on their home computer and then.

00:22:45.390 --> 00:22:55.530
Andy Whiteside: we've got multifactor turned out everywhere, but they're building their own system around and i'm like why don't you just use what we sell and the only way i'm ever going to get us all there is to turn off the ability to go around this.

00:22:55.980 --> 00:22:56.250

00:22:57.660 --> 00:23:06.120
Geremy Meyers: yep so a lot of a lot like two points so right, you know sales for some of these sites can do that today just whitelist blacklist work in this traffic come from yep.

00:23:07.170 --> 00:23:13.440
Geremy Meyers: hey what's up some cases it's not like bill said, if you don't know your password, then you have to go to the workspace you can't.

00:23:14.490 --> 00:23:17.250
Geremy Meyers: You can't type it in direct because you just don't know yeah.

00:23:18.630 --> 00:23:32.310
Andy Whiteside: hey did we hit on in this topic deal ability yeah you mentioned the sandbox browser I don't know that we mentioned the browser as a service, yet I think it applies here, we use it we use it for DEMO purposes for our salesforce within our workspace as well as our outlook.

00:23:33.780 --> 00:23:46.740
Andy Whiteside: But you know the sandbox browser that's part of your workspace APP as well as the browser as a service which is you know chromium running on a Linux machine in azure reboots battle gold image that applies is one of the stories here T right.

00:23:47.520 --> 00:23:55.260
Geremy Meyers: It does it does and I guess I don't necessarily delineate when I talk about the isolated browser so we do have a service that is hosted.

00:23:55.620 --> 00:24:09.240
Geremy Meyers: By citrix it is basically a Zen APP delivered, so now it is a virtual APP running a browser that's that's that's taking that link in isolating it for you, but there is a browser built in the workspace APP in fact.

00:24:09.960 --> 00:24:20.640
Geremy Meyers: it's chromium based it's actually super fast and honestly the user experience, based on the first version we had it's pretty impressive, in fact, sometimes I forget that it's not you know it's not chrome.

00:24:21.870 --> 00:24:23.430
Geremy Meyers: There was magic my my local chrome browser.

00:24:23.850 --> 00:24:30.780
Andy Whiteside: dumb question for me, is there a way to call that browser from the workspace APP other than being redirected by the workspace itself.

00:24:33.330 --> 00:24:35.970
Geremy Meyers: Ask that one more time will be the only thing through that as you're saying.

00:24:36.150 --> 00:24:38.370
Andy Whiteside: Like click if you can see my screen here, which I think you can.

00:24:38.730 --> 00:24:52.020
Andy Whiteside: Like is there a way the call the sandbox browser or is it simply a matter of publishing something and it being told us the local sandbox browser to do this under these conditions.

00:24:52.440 --> 00:25:02.880
Geremy Meyers: Right now, if you have to call a link that pulls up the browser but i'll be honest, I wish we would add that function I don't know if it's on the roadmap, but I would love to pull up just that sandbox browser because it's that good.

00:25:03.360 --> 00:25:13.590
Andy Whiteside: and on my computer here i'm essentially doing that i've got chromium on part of my ideal solution that you can probably see on the screen here but it's not not the same as a truly isolated sandbox browser this one is a.

00:25:14.160 --> 00:25:21.600
Andy Whiteside: Part of the idol sandbox which is not I don't think that part's totally read only that that is that can have some residuals.

00:25:22.950 --> 00:25:27.990
Geremy Meyers: Are you showing it any I can't see it, maybe i'm wrong I forgot I forgot to use a computer.

00:25:28.380 --> 00:25:29.910
Andy Whiteside: No, no, no you're good now how about now.

00:25:32.460 --> 00:25:33.780
Geremy Meyers: Other we are yeah I got you.

00:25:34.710 --> 00:25:41.340
Andy Whiteside: that's my real world, I go to death, like a for desktops I really should have one or two, but I own a company, therefore, have four.

00:25:43.320 --> 00:25:49.470
Andy Whiteside: But i've got workspace right here, I would love to be able to just call a you know generic sandbox browser and know that inside that APP.

00:25:49.920 --> 00:26:02.850
Andy Whiteside: i've created this you know truly isolated go away when I close it world and i'm in control of it, the best I have right now in this ideal unit, at least, is to use the the chromium that's included as part I don't.

00:26:03.750 --> 00:26:15.540
Geremy Meyers: yeah we don't we don't have that just yet, the browser service does that I think there's I don't think there's residuals on the workspace hub, but I also can't just call that workspace if either not yet.

00:26:15.810 --> 00:26:17.130
Geremy Meyers: I have to go on a link first.

00:26:17.430 --> 00:26:22.560
Andy Whiteside: On chrome browser secure and it's going to probably use your chrome service.

00:26:22.770 --> 00:26:27.750
Andy Whiteside: I believe and i'm going to have what I need it just takes another click or two but that's okay.

00:26:30.120 --> 00:26:34.350
Geremy Meyers: yeah I think that I think this is probably calling the service to yeah like you said.

00:26:34.410 --> 00:26:41.520
Andy Whiteside: will be, we will see the desktop view or toolbar inside well we'll see we'll see an old school citrix launch but fast and very lightweight.

00:26:42.630 --> 00:26:42.990
Geremy Meyers: yeah.

00:26:45.150 --> 00:26:46.500
Andy Whiteside: yeah yeah dragged around.

00:26:47.040 --> 00:26:49.500
Geremy Meyers: In, even though this is an isolated browser.

00:26:50.940 --> 00:26:59.490
Geremy Meyers: We still got the ability to proxy into your data Center So if you got an internally hosted web APP we can still present that inside of that isolated browser so we've got a.

00:27:00.150 --> 00:27:05.880
Geremy Meyers: We got appliance that sits in your data Center called the connector appliance and it does all of that proxy for here, which is nice.

00:27:06.450 --> 00:27:06.720

00:27:08.280 --> 00:27:13.860
Andy Whiteside: I think we're really talking about this whole conversation is citrix is a massive security company and security play.

00:27:14.250 --> 00:27:14.790
Geremy Meyers: It is.

00:27:15.210 --> 00:27:30.600
Andy Whiteside: it's not the ecosystem you guys want to go disrupt every other partner of yours and ecosystem, so you don't you don't talk about it as much as you could and because it takes one extra level of thinking to get people there, a lot of people don't come to their own conclusions.

00:27:31.710 --> 00:27:38.100
Geremy Meyers: So I think we could do a better job of just understanding when I say we, I mean you know citrix.

00:27:38.430 --> 00:27:46.050
Geremy Meyers: We can do a better job of understanding the applications that are that our customers are deploying outside of what i'm gonna use air quotes citrix right.

00:27:46.860 --> 00:27:52.500
Geremy Meyers: So we'll focus in on, in fact, sometimes customers, just because I don't know we'll just assume we're talking about what they're delivering with citrix.

00:27:52.830 --> 00:28:02.730
Geremy Meyers: And they'll tell us what that is and we'll talk to their use cases and things like that other user groups there are scenarios, but then we don't always go next level and go well, what are you delivering outside of citrix you know and sometimes that's a.

00:28:03.990 --> 00:28:07.260
Geremy Meyers: Sometimes a question that our normal context don't know.

00:28:07.830 --> 00:28:16.950
Geremy Meyers: But sometimes it's just they haven't thought of well heck yeah I mean i'll get all these public websites that i'm sending folks to I never really thought of that is what we're using right so that's just an easy conversation to have.

00:28:18.150 --> 00:28:23.580
Andy Whiteside: What if I could put on my transparent with you real quick I think when your problems is a lot of partners like INTEGRA they're.

00:28:23.850 --> 00:28:34.950
Andy Whiteside: happy to sell the citrix solution but also sell these other security plays that if you execute as a citrix play correctly, you wouldn't be able to sell the other stuff so a lot of times the message never lands.

00:28:36.300 --> 00:28:41.910
Geremy Meyers: Just by on the flip side of the flip side, I might say that you know I think security in general.

00:28:42.330 --> 00:28:48.630
Geremy Meyers: Is a layered approach, and so I mean I think there's space to layer in what citrix we can do from this solution into.

00:28:48.930 --> 00:28:53.580
Geremy Meyers: Maybe some of those I don't we're not getting very specific here, but you know what some of those other solutions are.

00:28:54.180 --> 00:29:03.810
Geremy Meyers: Because again there's not one solution that does security across the board, and you know a lot of our conversations with customers is where to citrix and what we're doing play into maybe their existing security strategy.

00:29:04.290 --> 00:29:08.160
Geremy Meyers: Now, what do we, where do we meet some layers and are we going to display some products, probably.

00:29:08.730 --> 00:29:19.290
Geremy Meyers: But on the flip side I think we're going to find that we need to integrate nicely with some of these other products as well, I mean listen i'll use okta is a great example right so understanding what Dr does and understanding the value there.

00:29:19.650 --> 00:29:30.360
Geremy Meyers: I think there's a great story, I mean we can leverage and integrate okta into the workspace In fact we do it at citrix today but understanding what that solution does and where they live together is pretty important.

00:29:31.230 --> 00:29:34.680
Andy Whiteside: It bill would you like to see the anti virus i'm running on this I gel read only unit.

00:29:35.640 --> 00:29:38.130
Andy Whiteside: Sure Okay, where do I find it.

00:29:38.550 --> 00:29:38.820
This is.

00:29:42.210 --> 00:29:47.700
Andy Whiteside: Just don't need it right, but if I sold you a windows endpoint guess what I could sell you antivirus for the vdi and for the endpoint and.

00:29:51.540 --> 00:30:07.590
Andy Whiteside: it's not the right okay next one is increased private web APP security without disrupting ux or user experience again acronyms everywhere, how does private web APP compared to SAS JEREMY I don't know why we use in different terms, this time.

00:30:09.000 --> 00:30:11.190
Geremy Meyers: And when we get down into that here real quick.

00:30:14.700 --> 00:30:15.840
Andy Whiteside: Oh no man i'm sorry.

00:30:16.530 --> 00:30:23.730
Geremy Meyers: I mean it's it's an internal SAS APP is what it is, so you know, obviously, their public websites, and this is a private website So how do you grant access.

00:30:24.930 --> 00:30:27.420
Geremy Meyers: To those those Apps So what do we do in the past.

00:30:28.860 --> 00:30:29.880
Geremy Meyers: We published a browser.

00:30:30.180 --> 00:30:31.320
Geremy Meyers: We poured us chrome.

00:30:31.380 --> 00:30:35.730
Geremy Meyers: IE whatever right or desktop and that's how we granted access so now.

00:30:36.900 --> 00:30:47.610
Geremy Meyers: You know, we could provide just a link on that same workspace that proxies you right into it, without the virtualization please not mean the desktop but not even windows in the background, the hosted.

00:30:48.450 --> 00:30:58.560
Andy Whiteside: Well, you got a ton of us a while ago, you talked about actually publishing a secure browser service that has a backdoor into your environment you've got external access to your internal.

00:31:00.030 --> 00:31:05.700
Bill Sutton: And without without having to instantiate a vpn client a virtual private network client on your endpoint right.

00:31:06.690 --> 00:31:23.130
Geremy Meyers: Correct, so I think so, the answer is yes, so for public websites, you know absolutely for private websites absolutely you know when we get into vpn you know, I think that maybe is a maybe we'll save that one for the next one, we talked about client server ads but.

00:31:23.580 --> 00:31:23.700
Andy Whiteside: You.

00:31:23.850 --> 00:31:31.650
Geremy Meyers: are correct it's a client was access it's a reverse proxy into an internal website and you're protected, because there's nothing about that into a website that's exposed.

00:31:32.790 --> 00:31:41.190
Andy Whiteside: had a conversation with a college computer science get super smart and I try to explain some of this another day so on the back boards over beer and.

00:31:42.600 --> 00:31:51.810
Andy Whiteside: And he got like a vpn and i'm like get that thought out of your mind if you ever use the vpn and going forward you're doing it wrong just remember I said.

00:31:54.690 --> 00:32:00.150
Geremy Meyers: that's awesome i'm just impressed that he knew what a vpn was, I think we're starting to turn away from that, generally speaking, I always hope we are.

00:32:00.720 --> 00:32:05.310
Andy Whiteside: Well he's doing his college internship now they just hired in full time he's so awesome he's still in.

00:32:05.310 --> 00:32:10.620
Andy Whiteside: kalia um but they're so far behind they're there they're poisoning the water hole.

00:32:13.380 --> 00:32:21.000
Geremy Meyers: yeah so I mean when you think about how vpn work right, you know you've created a tunnel from that end point into the data Center.

00:32:21.300 --> 00:32:22.050
Geremy Meyers: We talked about that he.

00:32:22.320 --> 00:32:24.480
Andy Whiteside: Had in 1997 and the one I could have right now.

00:32:25.410 --> 00:32:29.220
Geremy Meyers: So, to be fair vpn haven't changed that much they might have.

00:32:30.120 --> 00:32:37.800
Geremy Meyers: They might have transitioned from like IP SEC to ssl but the end of the day, it's still does the same thing, which is open up a tunnel to the data Center which by the way.

00:32:38.250 --> 00:32:47.880
Geremy Meyers: isn't explicit allow right, and so it he's got to go into security teams got to go in and actually create access control list and say hey, this is what you can't do once you've connected.

00:32:48.330 --> 00:32:55.200
Geremy Meyers: And that's what we call leaky which means that's hard to maintain like, how do you know you know what's new that you need to go block so.

00:32:55.680 --> 00:33:07.290
Geremy Meyers: I think what we're doing with our Z tna our secure private access with what we're calling the zero trust network access is it's an explicit deny, and then you got to go turn on what's allowed through which is much, much different.

00:33:08.580 --> 00:33:10.650
Andy Whiteside: When we talk about zero trust real quick.

00:33:11.640 --> 00:33:12.990
Andy Whiteside: Because we're even i'm a.

00:33:13.440 --> 00:33:18.720
Andy Whiteside: bill to build a some degree, but you and I live in a place where a lot of folks from the north have moved to the south correct.

00:33:19.350 --> 00:33:21.090
Geremy Meyers: um you are not wrong.

00:33:22.470 --> 00:33:29.280
Andy Whiteside: Is it fair to say that most people from the north have a zero trust posture that people in the south are just now starting to understand.

00:33:30.210 --> 00:33:32.010
Geremy Meyers: we're not even talking about technology are we.

00:33:32.130 --> 00:33:35.490
Geremy Meyers: Just general just life viewpoints.

00:33:36.990 --> 00:33:50.130
Andy Whiteside: i've got a friend of mine, now that lives, it has a condo some some place I do and her name is Linda and I met her and then three days later, I approached Linda again, and she was guard up immediately because she didn't remember meeting me.

00:33:50.610 --> 00:33:50.880

00:33:52.140 --> 00:33:56.850
Andy Whiteside: I went up to give her a hug and she bought she was about to call the police on me because.

00:33:57.810 --> 00:34:01.650
Geremy Meyers: So what you needed to do and zero trust road is re authenticate yourself with her.

00:34:01.710 --> 00:34:02.700
Geremy Meyers: So that she knows.

00:34:03.060 --> 00:34:03.480
it's right.

00:34:04.710 --> 00:34:07.410
Geremy Meyers: Maybe maybe MFA with some knowledge that we met before.

00:34:08.340 --> 00:34:16.800
Andy Whiteside: I should have approached her and said hey man nice meeting you Sunday night at the Homeowners association meeting i'm Andy good to see you again now, can I have a hug.

00:34:18.450 --> 00:34:27.300
Geremy Meyers: Sometimes, sometimes that needs to be, and until the algorithm realizes who you are based on the analytics man, you know what we can really run with this idea if we let ourselves.

00:34:28.290 --> 00:34:29.160
Andy Whiteside: What this is all about.

00:34:29.190 --> 00:34:30.120
Geremy Meyers: it's about is.

00:34:30.540 --> 00:34:38.040
Andy Whiteside: Coming from a world where you know there's bad stuff happening, and you have a guard that you takes two or three authentication before you let it down a little bit.

00:34:40.200 --> 00:34:43.530
Geremy Meyers: Actually really liked it i'm gonna steal that that's good that's true.

00:34:44.910 --> 00:34:53.610
Andy Whiteside: So what have we not covered here in the zero trust world of private web Apps Ak private SAS that we still need to cover.

00:34:54.690 --> 00:35:06.840
Geremy Meyers: um you know I would I would layer on, because this is internal these web Apps that we're talking about our internal it still doesn't it doesn't change, the need to protect the Web APP itself right so even though i've provided access.

00:35:08.040 --> 00:35:16.830
Geremy Meyers: I mean listen folks could still script it right, you can still find a way in and maybe do some cross site scripting all the things that you would normally use a web APP firewall for.

00:35:17.370 --> 00:35:25.410
Geremy Meyers: So just just building awareness around the fact that you know, even though you've allowed access, you know, this is still something internal your networking to protect so.

00:35:25.740 --> 00:35:41.100
Geremy Meyers: The same reason you deployed at CES in the past, is the same reason you'll need to deploy an ABC or you know we've got etc as a service now protect that application, you know, with some sort of you know web APP firewall you know, or even more importantly, these days, protect the API.

00:35:42.180 --> 00:35:54.360
Andy Whiteside: So I thought was going to show you that I i'm in what I put up on the screen, here is my non persistent gpu enabled vdi and until right now bus routes to use the post podcast was blocked.

00:35:55.050 --> 00:35:55.320
Geremy Meyers: or.

00:35:55.560 --> 00:36:04.440
Andy Whiteside: You know, social media consumer or something um so yeah I mean there's firewall at firewall related things inbound and outbound outbound this case.

00:36:04.890 --> 00:36:14.280
Andy Whiteside: I mean all that stuff still matters and and I could show you in my tray running here, I have the citrix workspace APP so I could use that.

00:36:14.760 --> 00:36:28.860
Andy Whiteside: To have rules that prevent where I can go to once I got into here, which is my kind of jumping off point I still need to have control where I go after that and citrix is enabling both the access and the security on both pieces of the equation that same time.

00:36:32.490 --> 00:36:34.350
Geremy Meyers: Oh, and by the way, Nice background wallpaper alone.

00:36:35.310 --> 00:36:35.790

00:36:36.810 --> 00:36:39.120
Andy Whiteside: is missing the citrix one, though I couldn't find exactly the one.

00:36:41.700 --> 00:36:54.660
Andy Whiteside: And I know you've probably heard me say this 10 times I promise on the podcast I had the original Red Bull meeting at the nascar team, this was my and and been grieves idea, long before citrix and the Formula one team to.

00:36:55.530 --> 00:36:58.980
Geremy Meyers: Oh, my man, I want to hear that story at some point that's interesting.

00:37:00.060 --> 00:37:17.790
Andy Whiteside: yep all right did did to do, moving on the next section, and I think it's our last section, it says, simplify secure remote user access to private client server Apps Okay, we talked about publix asked about internal private SAS what is this part talking about.

00:37:18.270 --> 00:37:19.770
Geremy Meyers: So this is.

00:37:20.790 --> 00:37:30.570
Geremy Meyers: Think of it almost like a personal, let me, let me take a step back and say for performance reasons, this might not be a great idea for a lot of clients or application so.

00:37:31.020 --> 00:37:38.910
Geremy Meyers: You know, think about how folks are using vpn today right, so I establish vpn tunnel I fire up the local on my local machine.

00:37:39.240 --> 00:37:45.150
Geremy Meyers: The client side of a server client server APP and then i'm hitting you know the the server APP and the data set right so.

00:37:45.750 --> 00:37:53.580
Geremy Meyers: So the anti version of what we've deployed citrix for years, you know, the idea of putting the client right next to the server in the data Center to make the performance better.

00:37:53.820 --> 00:38:03.240
Geremy Meyers: There might be some scenarios, where you need to put the client on the endpoint or that's maybe that's just how it works and you want to provide access back in right, so we talked about vpn a little little bit ago where.

00:38:03.690 --> 00:38:13.230
Geremy Meyers: You fire up a vpn and it's almost like an explicit allow, so this is zero trust network access, so this is like a restricted vpn where once you've connected.

00:38:13.830 --> 00:38:21.750
Geremy Meyers: it's an explicit you know disallow so you can't pass traffic and you've got to go in and actually allow traffic so, for instance, if I wanted to allow.

00:38:22.170 --> 00:38:34.590
Geremy Meyers: You know, secure Shell because i'm an IT admin I can fire, a party on my local machine through this this service here connect into maybe a server back in the data Center but the only thing i'm allowing through is you know port 22 for secure shell.

00:38:35.670 --> 00:38:39.150
Geremy Meyers: You know, we point out, maybe you know exchange here or potentially sequel.

00:38:40.320 --> 00:38:48.390
Geremy Meyers: same idea applies, but again at the end of that you got to figure out what makes sense to do something like this, because you might impact performance but.

00:38:49.080 --> 00:39:00.390
Geremy Meyers: it's like a more secure vpn is essentially what it is and to take it a step further, we can layer on all of the zero trust access as well, so, for instance, the the multifactor the endpoint analysis.

00:39:01.530 --> 00:39:11.160
Geremy Meyers: Does adding additional security control that's all a part of this access as well and, more importantly, you know some of the security analytics that we can factor as well, so where you're coming from you know that might.

00:39:12.660 --> 00:39:24.810
Geremy Meyers: You know the posture of the machine might, let us know whether or not you can you know access at all, but this is what we're talking about here, this is client server access with the client on your machine the server back in the data Center and providing that access back in.

00:39:25.860 --> 00:39:28.800
Andy Whiteside: And is that client we're talking about really just the citrix workspace out.

00:39:29.880 --> 00:39:39.900
Geremy Meyers: Today it's not it's it's the it's actually a secure access client from citrix that you would use to tie in, but I know the Roadmap is to integrate that functionality and workspace out it's just not there today.

00:39:41.040 --> 00:39:53.280
Andy Whiteside: And I would add one word what you're saying, do we know this and tying all that other stuff together intelligently right, we can do it based on endpoint analysis, we can do it in real time, whatever you're accessing it's like you said.

00:39:54.300 --> 00:39:59.250
Andy Whiteside: Zero trusting, but we can even get smart about how when where we trust things.

00:39:59.730 --> 00:40:05.730
Geremy Meyers: yep and we can segment to specific Apps to so that that's probably one of the key pieces here.

00:40:06.480 --> 00:40:09.540
Andy Whiteside: He built do we have a single customer that's implemented this.

00:40:10.020 --> 00:40:16.560
Bill Sutton: Not all the way through now actually I can't think of one that's done even the basic secure private access.

00:40:17.520 --> 00:40:18.750
Bill Sutton: But yeah we have.

00:40:18.930 --> 00:40:20.460
Andy Whiteside: Lots of customers that need to do this.

00:40:20.670 --> 00:40:21.570
Bill Sutton: Sure yeah.

00:40:21.960 --> 00:40:23.130
Bill Sutton: They just don't know about it.

00:40:24.810 --> 00:40:26.370
Andy Whiteside: I just I don't know how to fix it, I mean.

00:40:27.960 --> 00:40:36.810
Bill Sutton: that's an assumption on my part, but you know they you know when they when they go to the grocery store and they they only want milk that's that's what they gotta go looking for they don't know that there's.

00:40:37.110 --> 00:40:41.490
Bill Sutton: all kinds of other things available to them unless they look or pay attention yeah.

00:40:42.030 --> 00:40:52.020
Geremy Meyers: So here's what i'll say we officially released secure private access beginning April right so it's fairly fresh from a from a skewed perspective now granted.

00:40:52.710 --> 00:40:59.910
Geremy Meyers: The things around CC single sign on multi factor publishing the Web Apps, and this has been something that's been in workspace for a couple of years now, so not.

00:41:00.270 --> 00:41:04.290
Geremy Meyers: not new, but when we talk about adaptive off that's a brand new feature that was just released.

00:41:05.160 --> 00:41:20.910
Geremy Meyers: It the beginning of the quarter the zero trust network access that we just talked about that private access for client server web Apps that's still tech preview so that hasn't released just yet, so I guess what i'm saying is i'm giving you a past but moving forward, we have no excuse.

00:41:20.970 --> 00:41:30.120
Bill Sutton: But I think any customer that's publishing a web browser to get to a SAS APP is right for this and we have customers to do that today.

00:41:30.570 --> 00:41:31.530
Andy Whiteside: I mean, most of them.

00:41:31.860 --> 00:41:32.880
Bill Sutton: Yes, and.

00:41:33.510 --> 00:41:34.530
Geremy Meyers: Very many of them.

00:41:34.950 --> 00:41:40.680
Bill Sutton: yeah all of them and very many of them will use a published APP or even a public desktop, as you said earlier, Jeremy to get.

00:41:40.980 --> 00:41:48.210
Bill Sutton: Internal web APP or an internal application of some sort now if you're talking about you know, on premises dynamics or something like that.

00:41:48.480 --> 00:41:59.250
Bill Sutton: you're not going to want to use this I don't think you're going to want to use this secure remote user access to client server because the shadiness of that APP the whole we did citrix To begin with, or part of the reason of.

00:41:59.850 --> 00:42:13.920
Bill Sutton: Delivering the the the access as close to the data as possible we don't you know if we if we go back a step and do that using the client server concept here from the you know through secure private access that it's not going to perform as well.

00:42:14.280 --> 00:42:20.310
Bill Sutton: But for those that are you know completely web Apps on Prem or completely SAS Apps absolutely.

00:42:20.730 --> 00:42:33.270
Andy Whiteside: But bill, can you argue that when you and I made those decisions back in the day, we were talking 56 K dial up modems in some cases, and now we've got bandwidth and latency that is just near it's faster than the land, we had at the time.

00:42:33.630 --> 00:42:34.500
Bill Sutton: yeah that's true.

00:42:35.580 --> 00:42:36.600
Bill Sutton: that's absolutely true.

00:42:37.230 --> 00:42:39.930
Andy Whiteside: I think a lot of cases citrix is a victim of its own success.

00:42:41.220 --> 00:42:48.930
Geremy Meyers: yeah I told the story of someone else you said 36 K mode on the remember our first farm was a dial up modem bank in a server we do 3D.

00:42:50.010 --> 00:42:55.260
Bill Sutton: Oh yeah HP net servers daltrey 80s digi boards yeah.

00:42:55.350 --> 00:42:57.690
Geremy Meyers: You know the digi board that was the guy right there yeah.

00:42:59.790 --> 00:43:03.570
Andy Whiteside: I remember, I had a bank of like 15 modems and i'd go in there and hear it all the squeaking and.

00:43:03.570 --> 00:43:05.940
Andy Whiteside: squawking it was all working.

00:43:07.500 --> 00:43:08.070
Geremy Meyers: Yes, sir.

00:43:08.730 --> 00:43:21.720
Andy Whiteside: Alright guys got four minutes left i'll give it back to you, thank you for joining and get this posted and i'm going to share it with a couple clients and my sales folks I play the kind of just have people watch this video to listen to podcast something it's invaluable not too.

00:43:23.220 --> 00:43:25.560
Geremy Meyers: yeah yeah bill Andy I was a pleasure.

00:43:25.740 --> 00:43:26.340
Geremy Meyers: till next time.

00:43:26.490 --> 00:43:27.810
Bill Sutton: Thanks JEREMY thanks.