The Citrix Session
Welcome to 'The Citrix Session,' where we bring you the latest in Citrix technologies and solutions. Hosted by XenTegra, this podcast dives deep into the world of Citrix digital workspace solutions, exploring everything from virtual apps and desktops to networking and security. Join us each episode as we discuss best practices, new features, and expert strategies to optimize your Citrix environment and enhance your user experience. Whether you're an IT professional seeking to expand your Citrix knowledge or a business leader looking to improve operational efficiency, 'The Citrix Session' is your essential resource for staying ahead in the ever-evolving tech landscape. Tune in to transform the way you work with the power of Citrix and XenTegra."
The Citrix Session
Quantum-Ready Security with Citrix NetScaler: Protecting Data Today and Tomorrow
In Episode 185 of The Citrix Session, Andy Whiteside, Bill Sutton, and Todd Smith explore how Citrix NetScaler is evolving into a true Swiss Army knife for security—delivering protection not just for Citrix workloads, but for all applications. The conversation dives into the looming challenge of quantum computing and the “harvest now, decrypt later” threat, where bad actors collect encrypted data today to exploit when quantum capabilities emerge.
Todd and Bill unpack how NetScaler is leading the way with post-quantum cryptography (PQC) readiness, new encryption standards aligned with NIST guidelines, and GA support for quantum-resistant algorithms. They also cover key advancements like HTTP/3 over QUIC, enhanced DNS security, reCAPTCHA v3 integration, and the Netscaler Console for fleet-wide visibility, compliance, and automation.
Whether you’re concerned about securing sensitive data, meeting future compliance requirements, or leveraging cutting-edge application firewall capabilities, this episode will help you understand why now—not later—is the time to prepare for the quantum era.
WEBVTT
1
00:00:02.530 --> 00:00:18.320
Andy Whiteside: Hi, everyone welcome to episode 185 of the Citrix session. I'm your host, Andy Whiteside. I guess I'm your host for today. Bill Sutton and Todd Smith are with me. Bill's the normal host. I told Bill he could take a break from kicking this off, and I would do it this time excited to be here excited, to be talking about
2
00:00:18.320 --> 00:00:41.840
Andy Whiteside: Netscaler, and how it really does act like a Swiss army knife. And specifically in today's conversation around being all things security front, ending those applications not just Citrix, but other applications that all need that extra layer of security on the front end before we jump into this. I want to do this integra commercial. If you're a citrix or a cloud software group customer, Citrix, specifically, Citrix Netscaler Zen server.
3
00:00:41.840 --> 00:00:47.450
Andy Whiteside: If you're using those technologies, chances are you don't have a partner, that is all in on them the way we are.
4
00:00:47.450 --> 00:01:16.149
Andy Whiteside: and we can help you. Please reach out, use. Linkedin, reach out to myself. Bill, sudden Ping, Todd, give Todd some accolades for doing this podcast. But if you have needs, if you're just looking for a support contract. I mean, that's probably the number. One thing we can help our clients with is just a minimal support contract, so that when you pick up the phone. Somebody, you know, they know you. Somebody who's invested time into getting to know you is available to help you with work through whatever it is, and if it gets too challenging, and we need to call Citrix support.
5
00:01:16.150 --> 00:01:24.010
Andy Whiteside: we're going to go in and call them together, and it's going to be a hand-in-hand partnership type thing to make sure you're getting what you need, Todd. How many.
6
00:01:24.050 --> 00:01:28.020
Andy Whiteside: how many of your customers these days have some elevated Citrix support contract in place.
7
00:01:30.244 --> 00:01:33.970
Todd Smith: So all all the customers that I have are
8
00:01:34.890 --> 00:01:40.860
Todd Smith: eligible for unified services which is kind of our all encompassing services. Agreement?
9
00:01:43.740 --> 00:01:48.975
Todd Smith: But the majority of them are, you know, they're they're using support as needed.
10
00:01:49.540 --> 00:01:52.179
Andy Whiteside: You know they're leveraging some of the some of the.
11
00:01:52.340 --> 00:01:55.924
Todd Smith: Some of the environment information that we provide and things like that. But
12
00:01:56.660 --> 00:02:06.449
Todd Smith: you know, there's definitely a need out there for partners like yourselves to to step up and and get to know the customer more intimately, and
13
00:02:06.850 --> 00:02:15.220
Todd Smith: kind of embed yourself in the part in the customer's operational responsibilities within the within their environment, and.
14
00:02:15.500 --> 00:02:21.099
Todd Smith: you know, keeping it modern, keeping it stable, keeping it optimized. I mean, those are critical things nowadays.
15
00:02:21.640 --> 00:02:36.849
Andy Whiteside: I tell you this comes up a lot. We we have customers that are our customers. They just don't have support contracts for whatever in place, and I think they don't know we have them, and they get to a point where something's critical, and they've been working with Citrix support for a little bit, and they haven't made progress, and they all of a sudden will call us up and ask us like, why didn't you come to us first, st
16
00:02:36.850 --> 00:02:52.010
Andy Whiteside: then we go to Citrix together, and 9 out of 10 times. Maybe it's 8 out of 14 out of 5. We don't even have to call Citrix support. We know what they've got going on. We know their level of aptitude, and we're able to help them get it. Get it solved beforehand. Bill, would you say? That's a fairly accurate.
17
00:02:52.390 --> 00:03:08.299
Bill Sutton: That's very accurate. A lot of times we don't find out till after the fact, and we're being asked to escalate or other things, and you know, not in every case, but in many cases, I think the we're we're able to help, or at least steer them in the right direction, and even get on the phone with Citrix with them. Which helps a lot.
18
00:03:08.840 --> 00:03:15.459
Bill Sutton: And sometimes that's you know, Citrix, reaching out to us during off hours, and the customer doesn't have to, you know, be standing by the phone. That's there's value there.
19
00:03:16.410 --> 00:03:35.980
Andy Whiteside: All right. So the blog for today that Bill and Todd had brought forward here says, and Bill, apparently there's a webinar. You were introduced to this on last week, I believe, leading the quantum ready transition. How netscalar citrix netscalar I still got to call it citrix netscaler helps prevent a silent data breach
20
00:03:36.090 --> 00:03:48.700
Andy Whiteside: decades in the making. This is by Ablash Varma, good friend of this good friend of Zintegras Todd. Why this one? Why, from your perspective, why this article.
21
00:03:49.840 --> 00:04:02.350
Todd Smith: So this is this is preventing future attacks and and what you can do to not prevent them from happening, but preventing the the potential for an attack to happen.
22
00:04:02.480 --> 00:04:06.110
Todd Smith: Right? So we we refer to this as post quantum computing.
23
00:04:07.060 --> 00:04:09.899
Todd Smith: And think of it as you know what I'm gonna
24
00:04:10.050 --> 00:04:13.520
Todd Smith: I'm going to do something today to collect data.
25
00:04:14.130 --> 00:04:21.999
Todd Smith: and I may not be able to decipher it today. But I can do it in the future. I know the technology is going to be there in the future. So
26
00:04:22.390 --> 00:04:39.029
Todd Smith: classic example, if I were to go and collect someone's usernames and passwords or IP addresses or hash tables, a variety of different security methods that are used today and exploit them in the future. When the technology comes up where I could actually
27
00:04:39.620 --> 00:04:47.350
Todd Smith: do some of these things kind of quicker with more success.
28
00:04:47.640 --> 00:04:58.119
Todd Smith: I'm gonna I'm gonna store some things away, and I'll I'll get to it when I when the opportunity is correct, right? Most by that time most people have forgotten about it, or they weren't even aware that there was an issue.
29
00:04:58.330 --> 00:05:02.760
Todd Smith: So this article really kind of digs into what Citrix is doing now
30
00:05:02.990 --> 00:05:06.480
Todd Smith: to secure our customers in the future.
31
00:05:06.920 --> 00:05:08.989
Andy Whiteside: Yeah, whether they realize it or know it or not.
32
00:05:10.350 --> 00:05:19.679
Andy Whiteside: Yeah, hey, Bill, I'm sorry I kinda did the intro, and then I kind of took over. I'll give it back to you. But what's why this article coming off of last week? And how does that compare to what Todd Todd said.
33
00:05:19.680 --> 00:05:47.990
Bill Sutton: Yeah, I think I think the key thing that folks need to know is that the encryption standards that we use today. The Ssl encryption standards that we use for connectivity, you know, to Citrix, applications to any websites, pretty much anything, are largely it's today with today's computing capabilities. It's very difficult to decrypt those by brute force. So folks have tried, and it's possible to do it. But it takes a very, very long time. Really, it takes so much time. It's really not even feasible.
34
00:05:47.990 --> 00:06:08.590
Bill Sutton: But with quantum computing. Some of what we're using today and have been using is definitely capable within a matter of hours. The article alludes to that. I've read some articles about this. It's rather interesting topic in the sense that these quantum computers, which probably 5 to 10 years out before they really start to be used.
35
00:06:08.995 --> 00:06:13.250
Bill Sutton: Have the ability to crack encryption algorithms that we're using
36
00:06:13.280 --> 00:06:28.780
Bill Sutton: pretty much standard today. And like, Todd, said one of the key problems. With this it may not sound like it's a major issue today. Okay, so we'll we'll evolve our standards down the road. The challenge is this harvest now decrypt later concept, which is where where
37
00:06:28.780 --> 00:06:34.829
Bill Sutton: bad actors can harvest the data like medical information or financial information. Maybe they get.
38
00:06:34.830 --> 00:06:58.969
Bill Sutton: They hack in somehow to a hospital which we know has happened in the world a lot of places recently, but they hack into a medical database, and they capture all the encrypted medical data. They can't look at it now, but 3 to 5 years from now, leveraging quantum computer. They may have the capability probably will have the capability to crack that and have access to that data, and then use it
39
00:06:59.020 --> 00:07:09.409
Bill Sutton: in some manner, I suppose, to get Bitcoin or something else. So that's really where this comes in. And then we'll get into more of the details about how Netscaler impacts this in a few minutes.
40
00:07:09.590 --> 00:07:18.990
Andy Whiteside: Hey, Bill, if you've got the control of the screen, so I'll let you walk through and walk through with Todd, and I'll chime in along the way, but you know what what you just scares, what you just said scares the heck out of me.
41
00:07:18.990 --> 00:07:37.712
Bill Sutton: Yeah, me, too. And there was a there was actually a I think it was a 60 min article about quantum computing several months ago that talked about this not quite in these details, but in the sense that a lot of encryption algorithms are going to be at risk once. This really comes into
42
00:07:38.630 --> 00:07:40.100
Bill Sutton: into production.
43
00:07:40.100 --> 00:07:58.239
Andy Whiteside: You know, it's funny you say that because I saw that that article on 60 min, that episode, and as much as I should be in tune with. You know how we're gonna address that this never once came to me that you would put an application firewall type of device in front of it, and that was gonna be your best bet.
44
00:07:58.690 --> 00:08:02.540
Bill Sutton: Exactly Todd thoughts on what we just talked about.
45
00:08:02.750 --> 00:08:05.100
Todd Smith: Yeah. So so I think a lot of this
46
00:08:05.650 --> 00:08:12.068
Todd Smith: comes down to a lot of the standards that are currently in use, you know,
47
00:08:13.000 --> 00:08:23.509
Todd Smith: are not going to be able to be used in the future. Right? So there's end of life. NIST has already come out with some recommendations around National Institute of Science and Technology.
48
00:08:23.800 --> 00:08:32.779
Todd Smith: which really controls a lot of the policies in the, in the the rules, in the governance that it kind of follows around
49
00:08:33.030 --> 00:08:35.369
Todd Smith: the the cybersecurity world!
50
00:08:37.500 --> 00:08:41.520
Todd Smith: They've come out with some pretty pretty
51
00:08:41.950 --> 00:08:46.719
Todd Smith: strong opinions and guidelines around what should be done
52
00:08:46.950 --> 00:08:52.430
Todd Smith: in the future, and they've end of life a couple of the standards that are used today
53
00:08:52.630 --> 00:08:57.509
Todd Smith: in preparation for some of these changes. Right? So
54
00:08:57.780 --> 00:09:00.139
Todd Smith: as an example, if you have.
55
00:09:00.330 --> 00:09:03.300
Todd Smith: you know, if you're transmitting data securely.
56
00:09:03.620 --> 00:09:12.219
Todd Smith: there's the concept of the hash table which is used to to figure out what the encoding needs to be. The hash table has a time to live
57
00:09:12.740 --> 00:09:18.500
Todd Smith: oftentimes that that lifespan of that could be several years.
58
00:09:18.750 --> 00:09:26.740
Todd Smith: Well, if it's going to be around for several years, that means if I store it. Now, I've got a couple of years that I can still go and hit that hash table
59
00:09:26.840 --> 00:09:28.650
Todd Smith: and decrypt. That information
60
00:09:30.360 --> 00:09:40.849
Todd Smith: question is, how long do we need to have these things live? How long do we need to make sure that the hash table is one of those pieces of data that cannot be stored, replicated.
61
00:09:41.140 --> 00:09:47.380
Todd Smith: duplicated or cop, or or or basically saved right?
62
00:09:48.810 --> 00:09:53.160
Todd Smith: A lot of these things are having impact on the way we think about
63
00:09:53.390 --> 00:10:00.639
Todd Smith: cryptography, the way that we think about computing in general. And the way we think about data transmissions, right? So what is going to be
64
00:10:00.740 --> 00:10:02.230
Todd Smith: what's going to be available
65
00:10:02.520 --> 00:10:11.169
Todd Smith: today. What's going to be available in the future? And how do we make sure that we still have a usable system in the future that is even more secure than
66
00:10:11.550 --> 00:10:13.020
Todd Smith: currently what we're doing
67
00:10:13.500 --> 00:10:22.419
Todd Smith: right? So this is a lot. Some of this is forward thinking. But a lot of this is the reality that we live in today, which is, we need to start
68
00:10:22.540 --> 00:10:29.799
Todd Smith: preparing ourselves to make sure that we're not exposing something in the future that we should have cleared up or locked down today.
69
00:10:31.530 --> 00:10:36.069
Todd Smith: And there's a lot of there's a lot of examples out there, whether it be medical information
70
00:10:36.180 --> 00:10:45.839
Todd Smith: health records. So health records, electronic medical records, financial information, specifically financial information that that was historical in nature.
71
00:10:47.450 --> 00:10:49.980
Todd Smith: Think about it as you know, a way that you can
72
00:10:50.150 --> 00:11:00.520
Todd Smith: prevent your bank from going in the background, you know, looking. Someone exploits a bank, and they go and reverse transactions that were done multiple years ago.
73
00:11:00.870 --> 00:11:01.420
Bill Sutton: Right.
74
00:11:01.580 --> 00:11:09.760
Todd Smith: In having to do things like recalculate interest rates or recalculating service charges, or recalculating transactions
75
00:11:09.950 --> 00:11:20.620
Todd Smith: that are between. I mean, those are those are some pretty considerable risks out there. And then we talk about. You know, those are 2 examples that would impact you as an individual.
76
00:11:20.930 --> 00:11:32.530
Todd Smith: And then we start talking about. Well, what about intellectual property? And what about, you know? State secrets and classified communications? Right? So there's some. There's some critical things there that are at risk.
77
00:11:33.980 --> 00:11:43.699
Bill Sutton: Exactly. Yep. And the next section here says, What should that? What should you do about it? And kind of covers the concept that this sounds like a future problem. But it isn't.
78
00:11:43.720 --> 00:12:00.559
Bill Sutton: You really need to start planning for this now. And even there's even a quote in here. Gartner claims proactive, proud, proactive planning to avoid the devastating and widespread Jose impact of quantum computers on asymmetric cryptography will reduce costs and improve operational efficiency.
79
00:12:00.560 --> 00:12:16.324
Bill Sutton: It says very clearly that only 5% of organizations have a roadmap for this. And I think it's something that we really need to that that customers really need to start looking at and considering, and they talk about a little bit a little bit here about a timeline.
80
00:12:16.960 --> 00:12:19.650
Bill Sutton: you wanna walk through that real quick. One of you.
81
00:12:20.190 --> 00:12:28.230
Todd Smith: Yeah. So so I think the 1st thing we need to to look at before we get into the timeline is, you know, the chip manufacturers are already coming out
82
00:12:29.370 --> 00:12:29.970
Todd Smith: right.
83
00:12:30.110 --> 00:12:30.470
Bill Sutton: Yep.
84
00:12:30.470 --> 00:12:42.040
Todd Smith: They've already they were. They're already coming out with, you know. At first, st at 1st you had chip sets that were that were designed to work in serial with each other right? So every single thread
85
00:12:42.210 --> 00:12:45.489
Todd Smith: could only follow that thread. And then you started getting
86
00:12:45.660 --> 00:12:54.589
Todd Smith: parallel processing where you had multiple threads that could be initiated right? So that increased the the capabilities of the chips of
87
00:12:55.100 --> 00:12:57.230
Todd Smith: capabilities of the processors.
88
00:12:57.500 --> 00:13:04.250
Todd Smith: Then you started getting this mesh capability, which is really what quantum quantum computing is.
89
00:13:04.500 --> 00:13:07.430
Todd Smith: It's a 3 dimensional mesh structure of
90
00:13:07.620 --> 00:13:12.839
Todd Smith: I can have multiple layers, you know. Think of it as a 3D spreadsheet
91
00:13:13.070 --> 00:13:22.779
Todd Smith: of each one of those cells in that 3D spreadsheet is doing its own separate thing. Now, all of a sudden I've increased not only in area, but also in volume.
92
00:13:23.490 --> 00:13:28.409
Todd Smith: Right? So now, all of a sudden, I've got a lot more processing capabilities
93
00:13:28.520 --> 00:13:43.660
Todd Smith: in there which is needed for things like high end graphics for 3D. Modeling for financial services requires a lot of modeling type of interactions or modeling type of equations that they have to go through
94
00:13:44.230 --> 00:13:46.160
Todd Smith: a variety of different things. Right?
95
00:13:47.750 --> 00:13:54.590
Todd Smith: A lot of this is driving the driving the chip manufacturers to build quantum chips.
96
00:13:55.320 --> 00:14:13.519
Todd Smith: The piece of it that we need to understand is, well, how do we make sure that those chips are used for good and not for evil? So we'll start talking about things like, well, what do we do to prepare ourselves for the impact that these new chipsets are coming out with? Right? So we start looking at the timeline associated with it.
97
00:14:15.182 --> 00:14:22.440
Todd Smith: So if we look at it, you know the time to start validation on what your quantum safe encryption
98
00:14:23.180 --> 00:14:27.259
Todd Smith: strategy is for non-production environments is probably now.
99
00:14:27.798 --> 00:14:34.530
Todd Smith: you need to understand and identify what your map, what your roadmap is going to be for an organization, right? So what are we gonna do
100
00:14:34.720 --> 00:14:36.810
Todd Smith: to start planning these things out.
101
00:14:37.070 --> 00:14:56.100
Todd Smith: And then we need to start looking at, you know, by the end of the year, start figure, start phasing out or doing a phase rollout of some of those external sites. Right? So this is preparation for the future, because some of the changes that are coming up, you know, and this is highlighting
102
00:14:56.350 --> 00:15:03.239
Todd Smith: in the article. By 2030 there's going to be a deprecated classical encryption. So the the
103
00:15:03.760 --> 00:15:13.649
Todd Smith: 112 bit encryption has to be phased out right? That's a that's a decision that was made by NIST. This is their recommendations. Right?
104
00:15:14.100 --> 00:15:17.310
Todd Smith: And then by 2035, you have to have
105
00:15:20.030 --> 00:15:27.509
Todd Smith: those those old encryption standards need to be fully disallowed. And you need to have Pqc.
106
00:15:28.070 --> 00:15:35.419
Todd Smith: Fully implemented. Right? So post quantum crytography needs to be fully implemented. The benefit here is really understanding.
107
00:15:35.930 --> 00:15:37.919
Todd Smith: Number one. What do I need to do?
108
00:15:38.400 --> 00:15:40.039
Todd Smith: Number 2? How am I going to do it?
109
00:15:40.340 --> 00:15:49.970
Todd Smith: And the 3rd way is really start moving on getting it done right? So being able to turn around and say, You know what, we've got a fairly significant window
110
00:15:50.360 --> 00:15:51.520
Todd Smith: to follow.
111
00:15:51.770 --> 00:15:54.009
Todd Smith: But if you look at it, you know
112
00:15:54.560 --> 00:15:57.019
Todd Smith: 2035 is 10 years away.
113
00:15:57.790 --> 00:16:03.760
Todd Smith: you know there's a lot of things that have to be done for that, working with
114
00:16:03.910 --> 00:16:15.449
Todd Smith: working with manufacturers and vendors like like Citrix and Netscalar, working with partners like Zintegra, working with your own compliance and risk management teams within your organization
115
00:16:15.720 --> 00:16:21.419
Todd Smith: to make sure that they're aware of the impact of this and start figuring out
116
00:16:22.170 --> 00:16:25.029
Todd Smith: what we need to do and how how soon we need to do it.
117
00:16:25.940 --> 00:16:29.790
Todd Smith: And that can be done through identifying risks and identifying.
118
00:16:30.040 --> 00:16:34.199
Todd Smith: you know, doing doing that risk assessment early
119
00:16:34.540 --> 00:16:36.810
Todd Smith: to determine where the you know
120
00:16:37.100 --> 00:16:39.640
Todd Smith: what is the what is the prioritization for this.
121
00:16:42.030 --> 00:16:53.529
Bill Sutton: So how is citrix helping readiness to the new standards? It looks like from the article it talks about netscalers. Long term vision for this post. Quantum cryptography era.
122
00:16:53.981 --> 00:16:58.948
Bill Sutton: And there's some some release. Milestones listed in here, and it looks like in April.
123
00:16:59.760 --> 00:17:04.359
Bill Sutton: the the net scanner platforms offering some some mistaligned
124
00:17:04.700 --> 00:17:10.915
Bill Sutton: cryptography algorithms. I guess I I don't know what those weird characters are or weird
125
00:17:11.589 --> 00:17:17.460
Bill Sutton: acronyms are that are in the parentheses. But there's a private tech preview, giving customers a head start at this point.
126
00:17:17.730 --> 00:17:18.170
Todd Smith: Correct.
127
00:17:18.170 --> 00:17:20.049
Bill Sutton: What else is Netscaler doing here?
128
00:17:20.230 --> 00:17:30.859
Todd Smith: Yeah. So so the Creek critical thing there is. We introduce that as a private tech preview. Back in April. We're expected to go ga this month which is August.
129
00:17:31.471 --> 00:17:36.880
Todd Smith: That'll be generalized, generally available right? And it's gonna allow customers
130
00:17:37.020 --> 00:17:46.790
Todd Smith: to really deploy quantum resistance. Sorry quantum resistant encryption into their production environments on their netscalars.
131
00:17:47.010 --> 00:17:49.699
Todd Smith: The benefit here is going to be
132
00:17:50.000 --> 00:17:56.430
Todd Smith: start preventing people from getting access to these bad actors. Access to
133
00:17:56.770 --> 00:18:01.770
Todd Smith: some of that cryptography information that could be used in the future
134
00:18:02.330 --> 00:18:09.290
Todd Smith: and could impact business. You know your your company's business in the in in the future, when those
135
00:18:09.560 --> 00:18:15.679
Todd Smith: when the ability to to decipher is, you know.
136
00:18:16.550 --> 00:18:26.219
Todd Smith: a reality as opposed to right now it's right now. It costs too much to to kind of dig through that amount of data and decipher. Everything takes too long.
137
00:18:26.440 --> 00:18:29.400
Todd Smith: very expensive, very time consuming.
138
00:18:30.352 --> 00:18:34.337
Todd Smith: Once that capture. Once that curve starts getting a little bit more
139
00:18:35.500 --> 00:18:40.220
Todd Smith: little faster and a little bit more resilient. That's gonna become an issue.
140
00:18:40.970 --> 00:18:45.979
Todd Smith: So preventing it. Now, you know, doing some prevention steps now is going to pay off in the future.
141
00:18:45.980 --> 00:18:46.640
Bill Sutton: Yeah.
142
00:18:47.050 --> 00:19:02.859
Bill Sutton: I think it bears mentioning that that the article does reflect that Netscaler became the 1st ABC. Platform to offer the mistaligned cryptography in April that bears mentioning, and also but in practical terms.
143
00:19:03.150 --> 00:19:10.730
Bill Sutton: Todd in August or this month or later. Would this? Would it? Would it be
144
00:19:10.830 --> 00:19:40.389
Bill Sutton: understandable for a customer to deploy like a a net scaler that's leveraging this encryption in front of their secure data. And then application servers would only be allowed through that net scaler to get to the secure data. Using that encryption method, you can still use the old encryption method to get to the app. But then, to get the data, you need to use the new one, so it makes it very difficult, if not impossible, probably impossible. If a doctor were to get that post, Pqc. Encrypted data, they would have a very difficult time getting at the core.
145
00:19:40.970 --> 00:19:44.929
Todd Smith: Yeah. And and I think the the critical thing there, Bill, is that you've got.
146
00:19:45.400 --> 00:19:50.739
Todd Smith: You've got Netscaler doing a function it was designed to do, which is an application level firewall.
147
00:19:51.070 --> 00:19:58.010
Todd Smith: right? And it's being able to. Hey, we're not just gonna block the traffic. We're actually going to inspect the traffic as we're going
148
00:19:58.230 --> 00:20:07.639
Todd Smith: and apply additional criteria, additional capabilities or additional controls and parameters onto that data to make sure that it doesn't.
149
00:20:08.530 --> 00:20:10.310
Todd Smith: that it doesn't pass through
150
00:20:10.690 --> 00:20:26.120
Todd Smith: the information, just because the source and destination matches up like a typical firewall. We're actually looking inside the packets and seeing what's what is the critical pieces of information that are going through that port to get out to the destination and blocking it where appropriate.
151
00:20:29.700 --> 00:20:42.869
Bill Sutton: So some additional elements in this article. It looks like these are certain security frameworks. I guess Fips is is referenced here regarding Department of Defense. Do you know much about this, Todd.
152
00:20:42.870 --> 00:20:58.760
Todd Smith: I happen to know a little bit more than the average bear about this. So yeah, so so earlier this year we had a team that focused really hard on getting our dod in. I'm sorry dote in Apl
153
00:20:59.497 --> 00:21:08.259
Todd Smith: certification for our netscalar. Specifically, our Fips appliances. This is basically, it's an approved product list
154
00:21:08.710 --> 00:21:16.971
Todd Smith: that basically allows the Us department of defense and other other agencies that recognize Dod as a standard
155
00:21:17.560 --> 00:21:27.680
Todd Smith: to leverage. The Netscalar in both classify or highly secure environments.
156
00:21:28.150 --> 00:21:34.920
Todd Smith: and it was really a stamp of approval because it needed to be able to say, Hey, you know, this is. This is
157
00:21:35.030 --> 00:21:42.590
Todd Smith: complying with the Fip standards. It's also giving us ability to get into to get that validation.
158
00:21:44.500 --> 00:21:48.420
Todd Smith: It was a lot of testing a lot of, you know, back and forth around.
159
00:21:48.530 --> 00:21:52.509
Todd Smith: you know, testing it, reviewing the results, retesting.
160
00:21:52.780 --> 00:22:01.794
Todd Smith: reviewing the results. And it wasn't just. It wasn't just Citrix and Dod. There were other agencies that were involved in other 3rd parties.
161
00:22:02.660 --> 00:22:08.410
Todd Smith: to get engaged in that in that testing and certification process.
162
00:22:09.700 --> 00:22:18.529
Todd Smith: couple of other things besides, just the the Apl certification is, you know, supporting Http 3
163
00:22:19.410 --> 00:22:21.718
Todd Smith: that was critical as well.
164
00:22:22.320 --> 00:22:26.409
Todd Smith: once again, anytime you get further and further down into the protocol. Stack
165
00:22:26.560 --> 00:22:30.570
Todd Smith: tends to be the more secure and the more optimized that traffic is.
166
00:22:31.133 --> 00:22:37.430
Todd Smith: So there's some. There's some changes there, as well as you know, one of the biggest
167
00:22:37.900 --> 00:22:40.790
Todd Smith: changes as well is the way we handle Dns security.
168
00:22:41.080 --> 00:22:41.710
Bill Sutton: Yeah.
169
00:22:41.710 --> 00:22:45.439
Todd Smith: So you know, the the challenge with Dns
170
00:22:45.550 --> 00:22:51.660
Todd Smith: is it's a very open standard, right? So Dns was one of the original open source projects right.
171
00:22:51.660 --> 00:22:51.990
Bill Sutton: Yeah.
172
00:22:51.990 --> 00:22:59.720
Todd Smith: How do we figure out what the correct name and addresses are? Because humans think in names, computers think in numbers.
173
00:23:00.920 --> 00:23:08.770
Todd Smith: And when you go and say I need to go to www.citrix.com. There's a series of IP addresses associated with that.
174
00:23:09.000 --> 00:23:16.109
Todd Smith: We don't need to know that that URL is associated with
175
00:23:16.410 --> 00:23:23.769
Todd Smith: a dozen or so different IP addresses and know the routing for there. So domain name services, Dns basically
176
00:23:24.140 --> 00:23:27.029
Todd Smith: had to be created to allow
177
00:23:28.000 --> 00:23:31.770
Todd Smith: the Internet, the the inner networking to occur
178
00:23:32.240 --> 00:23:35.940
Todd Smith: and be understandable. For you know, us humans.
179
00:23:37.900 --> 00:23:38.400
Andy Whiteside: Yeah.
180
00:23:38.400 --> 00:23:40.080
Bill Sutton: And go ahead, dandy.
181
00:23:40.080 --> 00:23:46.849
Andy Whiteside: Well, I was gonna I want to go back to the previous one. Http, 3 over quick. QUIC. Is that how you say it. Quick.
182
00:23:46.850 --> 00:23:47.410
Todd Smith: Yep.
183
00:23:47.410 --> 00:23:59.030
Andy Whiteside: Yep, I I had never even heard of that until last week. And now I understand it's basically, when you take Tcp and flip it, I think, to Udp, and it's a something Google invented to make those.
184
00:23:59.260 --> 00:24:06.929
Andy Whiteside: you know, Tcp connections that don't really need to have all the packet loss monitored and captured. Work more efficiently.
185
00:24:08.400 --> 00:24:09.009
Todd Smith: And this is where.
186
00:24:09.010 --> 00:24:11.349
Andy Whiteside: Pretty much where everything's gonna go is what I understand.
187
00:24:11.510 --> 00:24:18.264
Todd Smith: Yeah. And Andy, this goes back to the Tcp versus Udp, right com conversation, you know.
188
00:24:19.580 --> 00:24:27.750
Todd Smith: Udp being kind of connectionless where you don't need to receive an acknowledgement, but yet Tcp. Requires an acknowledgement on every single packet
189
00:24:27.960 --> 00:24:28.870
Todd Smith: which creates.
190
00:24:28.870 --> 00:24:29.390
Andy Whiteside: In order.
191
00:24:29.390 --> 00:24:30.130
Todd Smith: Bonus.
192
00:24:30.440 --> 00:24:31.280
Andy Whiteside: In order.
193
00:24:32.540 --> 00:24:33.020
Todd Smith: Oh!
194
00:24:33.020 --> 00:24:33.490
Andy Whiteside: All the pack.
195
00:24:33.490 --> 00:24:33.940
Todd Smith: Yeah.
196
00:24:33.940 --> 00:24:37.100
Andy Whiteside: So you you have no choice other than to wait.
197
00:24:37.340 --> 00:24:37.880
Todd Smith: Yep.
198
00:24:40.370 --> 00:24:54.030
Bill Sutton: Yeah, it looks like quick is a a relatively new protocol. Leverages Udp versus Tcp, based on clicking through the the link in the article very interesting. I'd never heard of this before until today, either.
199
00:24:56.190 --> 00:25:20.560
Bill Sutton: Alright. So a couple of other things in the in the article apparently there's a new instance. Level security dashboard. In the netscaler console Todd. Why don't you talk a little bit about the Netscaler console that's come up in a couple of situations with our customers recently where they had Abm. And they didn't know what that scalar console was. They didn't realize they were. It's available in the cloud. Talk a little bit about Netscalar, console.
200
00:25:21.130 --> 00:25:24.570
Todd Smith: Yeah. So yeah, so netscale console is an interesting
201
00:25:25.000 --> 00:25:29.019
Todd Smith: product. It's been around for a while. We've had different names for it.
202
00:25:29.020 --> 00:25:29.610
Bill Sutton: Right.
203
00:25:29.780 --> 00:25:30.710
Todd Smith: So.
204
00:25:31.070 --> 00:25:37.030
Todd Smith: you know, if you remember, back in the day we had Nmas NMAS. Which was a
205
00:25:37.160 --> 00:25:39.090
Todd Smith: management.
206
00:25:39.320 --> 00:25:45.590
Todd Smith: an administration console right that would sit in front of the that would sit in front of your fleet of net scalers.
207
00:25:46.080 --> 00:25:51.750
Todd Smith: By the way, a fleet can be anywhere from 2 to 2, 2,000, or even more.
208
00:25:53.420 --> 00:26:04.770
Todd Smith: We always refer to it as if you had more than one net scaler that you needed to keep in sync with each other as far as configurations. You want to do it from a single console or or a single config file that you could push out to all of them.
209
00:26:06.270 --> 00:26:13.960
Todd Smith: so n mass was the 1st piece of it. Then we then we rebranded it called adm, which was application, delivery management
210
00:26:14.130 --> 00:26:18.949
Todd Smith: piece of it, which was very similar to what Nmask could do
211
00:26:19.140 --> 00:26:27.680
Todd Smith: and think of it as I've got a management console that I can control all of my Netscalars, and all of the components of the Netscalar
212
00:26:28.020 --> 00:26:33.299
Todd Smith: in there. The most recent iteration of it is called netscaler console.
213
00:26:33.840 --> 00:26:39.889
Todd Smith: The critical thing is is that Netscaler, Adm and Nmass used to be a separate license
214
00:26:40.040 --> 00:26:46.759
Todd Smith: right? And it was limited as to how many Netscalers you could control, or how many instances of Netscalars you could control.
215
00:26:47.430 --> 00:27:03.179
Todd Smith: We have changed that with netscaler console to include all of your netscalers, regardless of what version they're on, whether they're a virtual appliance. So a Vpx, whether it's a physical appliance being an Mpx or Sdx, or even if it's a containerized version of a Netscalar.
216
00:27:03.600 --> 00:27:06.550
Todd Smith: all those can be managed within the netscaler console.
217
00:27:07.210 --> 00:27:11.400
Todd Smith: What we have added into Netscalar console is
218
00:27:11.880 --> 00:27:20.480
Todd Smith: not only the ability to control and manage the configurations, but also get notifications. When things like certificates are expiring.
219
00:27:20.480 --> 00:27:21.120
Bill Sutton: Right.
220
00:27:21.810 --> 00:27:32.529
Todd Smith: Or when there's been Cve notifications that are applicable to your net scalers. Or if there's any other type of notifications that need to be updated
221
00:27:32.670 --> 00:27:39.910
Todd Smith: as part of the netscalar console and the Netscaler console can also be run as a service. So it doesn't need to be consuming
222
00:27:40.150 --> 00:27:46.430
Todd Smith: servers in your environment. Actually, it can actually be connected to the Internet and have a management console
223
00:27:46.600 --> 00:27:48.679
Todd Smith: as a cloud-based service
224
00:27:49.130 --> 00:28:05.100
Todd Smith: right? Depending on which customers we're talking to. Some of them are all in for for having management consoles in the cloud, and other ones are saying, Hey, we need to. We need to hold off on doing that right now. But it really gives you the ability
225
00:28:05.930 --> 00:28:08.460
Todd Smith: to manage your fleet of net scalers
226
00:28:09.480 --> 00:28:12.360
Todd Smith: across the entire organization. It's got
227
00:28:12.590 --> 00:28:27.830
Todd Smith: all the security tools built into it from an authentication perspective, from a administrative authentications, perspective as well as being able to do things like scheduling, downtime, scheduling, automatic updates doing all of those management tasks
228
00:28:28.150 --> 00:28:30.369
Todd Smith: that used to be manually driven
229
00:28:30.480 --> 00:28:33.289
Todd Smith: can now be automated and optimized.
230
00:28:36.720 --> 00:29:05.050
Bill Sutton: Yep, and and what this makes the point is that it like you just said it. Gives it makes it easier. The Security Advisory dashboard to track vulnerabilities and prioritize updates and stay in compliance across the net scalar fleet. That's important takeaway, I think. Here the last item in the list is our our E capture. V. 3. Support. So this is really around bot detection. Probably. You know, bad actors trying to to
231
00:29:05.180 --> 00:29:08.329
Bill Sutton: brute force websites, or what have you right, Todd?
232
00:29:08.580 --> 00:29:19.459
Todd Smith: Yeah. And and I think this is, this is kind of where we're catching up to a lot of other systems that are out there that used to be a 3rd party system that you'd have to bolt on
233
00:29:20.370 --> 00:29:23.880
Todd Smith: to do advanced authentication, or or
234
00:29:25.480 --> 00:29:31.040
Todd Smith: I like the way they put it low friction, authentication, or low friction.
235
00:29:31.290 --> 00:29:38.370
Todd Smith: additional authentication. Right? So we've all we've all been to those sites where it says, Hey, how many fire hydrants do you see in the.
236
00:29:38.370 --> 00:29:39.741
Bill Sutton: No, I have one of those.
237
00:29:39.970 --> 00:29:50.060
Todd Smith: Which ones that's an example of what recaptcha does right. A bot is not going to be able to go and tell you that a, it's to really identify.
238
00:29:50.250 --> 00:29:55.969
Todd Smith: Is there really a human interacting with my system? And sometimes it's not looking at
239
00:29:56.240 --> 00:30:10.919
Todd Smith: the fact that it's picked. The, you know, the 3 fire hydrants out of the 9 options, the 9 photos. It's actually detecting that the mouse is actually moving and that the the mouse is not. You know it's not an auto select button.
240
00:30:10.920 --> 00:30:11.480
Bill Sutton: Right.
241
00:30:11.480 --> 00:30:24.219
Todd Smith: There's a variety of different tools and techniques of doing that. But it's now part of a lot of the customers, multi-factor authentication workflows. And now Netscaler supports that capability as well.
242
00:30:25.900 --> 00:30:26.660
Bill Sutton: Yes.
243
00:30:27.270 --> 00:30:44.269
Bill Sutton: so we're at the end of the article. And you know it's really kind of summarizes things here regarding Netscalar's commitment. And that Citrix's commitment to security innovation, and bringing things like this to the forefront and taking them and and moving them forward and and investing in
244
00:30:44.380 --> 00:30:48.560
Bill Sutton: better securing the environment and for customers now, and in the future right, Todd.
245
00:30:48.740 --> 00:30:56.910
Todd Smith: Yeah, absolutely. And this is this is once again, you know, commitments that we made several years ago to becoming much more security focused.
246
00:30:56.910 --> 00:30:57.390
Bill Sutton: Right.
247
00:30:57.390 --> 00:31:02.289
Todd Smith: And I'm sure you know, you guys remember the old security by design
248
00:31:02.470 --> 00:31:08.729
Todd Smith: slide that was in all of our presentations that really didn't get into the depth of how we're actually doing it.
249
00:31:08.900 --> 00:31:11.920
Bill Sutton: Now we're starting to explain to customers.
250
00:31:12.080 --> 00:31:16.270
Todd Smith: And partners, and, you know, end users in some cases
251
00:31:16.970 --> 00:31:28.379
Todd Smith: what exactly we're doing around security right? And how we're not only leveraging industry standards, but in some cases kind of expanding our own
252
00:31:28.760 --> 00:31:34.599
Todd Smith: standards to become industry standards. Right? So there's a lot of things that we're doing.
253
00:31:34.700 --> 00:31:48.639
Todd Smith: specifically leveraging our experience doing it, web app firewalls or application, firewalling the ability to actually optimize and and manage the individual packets of information in that flow.
254
00:31:49.093 --> 00:31:55.770
Todd Smith: And then being able to to leverage not only the hardware, but also the software associated with our net scalers.
255
00:31:56.370 --> 00:31:56.990
Bill Sutton: Right.
256
00:31:58.240 --> 00:32:10.499
Bill Sutton: Good stuff. So there is. I want to point out at the very end of the article there's reference to a multi-part blog series on the community site. And we talked about this a couple of weeks ago on the blog. I'm sorry on the podcast
257
00:32:10.580 --> 00:32:17.400
Bill Sutton: about how we'll probably start leveraging the community tech blog sites for some additional content.
258
00:32:17.699 --> 00:32:43.049
Bill Sutton: And there's a couple of articles out there that kind of add to this, and from a technical perspective that explain some of the things we talked about in a in a lot more detail. So I would say, if our listeners are interested in that we, we very well could do another blog another podcast on one of these or both of these. But if you're interested in more information you can reach out to one of us, or or go to the blog series. Any final thoughts? Andy Todd.
259
00:32:44.310 --> 00:32:46.889
Andy Whiteside: Yeah, I'm just excited to see that this
260
00:32:47.770 --> 00:32:53.179
Andy Whiteside: application delivery controller, app firewall thing that's, you know.
261
00:32:53.610 --> 00:32:58.620
Andy Whiteside: been around for I don't know. 15 years now is just continue to evolve, to.
262
00:32:58.620 --> 00:32:59.120
Bill Sutton: Yeah.
263
00:32:59.120 --> 00:33:15.679
Andy Whiteside: To put us in a position where what it's always done, which is, prepare you and and protect you in scenarios where you may not protect yourself through code? Or what have you just becomes more and more applicable as systems around us get smarter.
264
00:33:18.280 --> 00:33:22.740
Todd Smith: Yeah. And I think a critical thing on here as well is.
265
00:33:23.340 --> 00:33:25.729
Todd Smith: You've probably seen over the past
266
00:33:26.070 --> 00:33:32.359
Todd Smith: 6 to 12 months a lot more interaction with customers from a
267
00:33:33.390 --> 00:33:46.475
Todd Smith: from an information sharing perspective. Right? So being able to, you know, up leveling our blogs, increasing our overall text zone messaging right? So we've talked about this on a couple of other podcasts.
268
00:33:47.340 --> 00:33:49.180
Todd Smith: around citrix tech zone.
269
00:33:49.330 --> 00:34:00.370
Todd Smith: which is really the technically focused site that has a lot more detail than just the blogs. Right? This is a community site.
270
00:34:00.772 --> 00:34:19.400
Todd Smith: And it's really driven around. You know the technical content. That's where you go. Get your Poc guides and your evaluation guides and things like that as well as it's a really great place where other contributors put information as well to go deeper into the products and the services.
271
00:34:19.889 --> 00:34:27.689
Todd Smith: But Bill mentioned at the beginning of the the session here that there was a webinar last week, and I'll
272
00:34:27.820 --> 00:34:32.560
Todd Smith: there's a there's a webinar series now called What's new, what's next?
273
00:34:33.090 --> 00:34:38.659
Todd Smith: And that is typically presented by either our
274
00:34:38.800 --> 00:34:42.590
Todd Smith: Svp of global services. So customer success.
275
00:34:42.830 --> 00:34:56.619
Todd Smith: or one of our Ctos tends to drive that. And we've had Ryan Mcclure, who's our senior Vp. Of customer success. And we've also had Bill Gray, who's our one of our field Ctos
276
00:34:56.940 --> 00:35:00.820
Todd Smith: kind of lead the discussions on these what's new? What's next?
277
00:35:01.310 --> 00:35:10.640
Todd Smith: They're scheduled to be a regularly, you know. There's going to be a regular cadence of those, I think right now they're quarterly. Probably there's enough changing that could
278
00:35:10.870 --> 00:35:14.647
Todd Smith: that could require them to be more frequent.
279
00:35:15.540 --> 00:35:37.290
Todd Smith: certainly, because the information is coming out at a much faster pace. But there's also a lot of innovation that's happening very quickly. So definitely take advantage of paying attention to those. What's new? What's next? Webinars? And then there's also a series of sorry there's a series of Citrix connect events which are
280
00:35:37.782 --> 00:35:53.480
Todd Smith: it's pretty much spread out across the globe. They are more customer facing customer interacting. There's actually a citrix connect event coming up in Washington, DC. In September. There's still space available for that as well. So I will
281
00:35:53.620 --> 00:36:08.398
Todd Smith: make sure we talk about that. And then, finally, you know, we've also got great partners like Centegra, who do not only not only podcasts like this, but we also work with them on doing live events and things like that. So
282
00:36:08.900 --> 00:36:14.508
Todd Smith: definitely, you know, leverage this, this is a day when everyone, this is a time of
283
00:36:14.910 --> 00:36:20.459
Todd Smith: time of the industry where a lot of people need to to kind of get up to speed quickly.
284
00:36:20.690 --> 00:36:25.170
Todd Smith: and some of these events and activities are certainly helpful for that.
285
00:36:26.610 --> 00:36:27.810
Bill Sutton: Yep, absolutely.
286
00:36:27.980 --> 00:36:28.400
Todd Smith: Yep.
287
00:36:28.400 --> 00:36:30.720
Bill Sutton: All right. Guys anything else.
288
00:36:33.190 --> 00:36:38.139
Andy Whiteside: No Bill, all right, I guess, just to piggyback on Todd's comments. It's it's good to see
289
00:36:38.750 --> 00:36:45.379
Andy Whiteside: New Citrix getting to be more like old, old Citrix, in terms of community and knowledge, share.
290
00:36:45.840 --> 00:36:47.280
Bill Sutton: Yeah, for sure.
291
00:36:48.490 --> 00:36:50.580
Bill Sutton: All right, we'll see you all next week.
292
00:36:50.580 --> 00:36:52.170
Andy Whiteside: Todd, when's synergy coming back?
293
00:36:52.350 --> 00:36:53.680
Bill Sutton: There you go. That's okay.
294
00:36:53.680 --> 00:36:57.254
Todd Smith: Oh, it's it's coming back in
295
00:36:58.880 --> 00:37:04.299
Todd Smith: in our, in our thoughts and prayers around. And it's being rejuvenated under a citrix connect.
296
00:37:04.300 --> 00:37:10.209
Andy Whiteside: That's fine. Yeah, that's that's the answer. And and truthfully, it does make it more accessible and reachable for more people.
297
00:37:10.510 --> 00:37:17.209
Todd Smith: Yep, yep, and I'll be the I'll be the actual host of Citrix connect in DC. So.
298
00:37:17.210 --> 00:37:20.130
Bill Sutton: Oh, you will. I'm planning to be there, so I'll see you then.
299
00:37:21.550 --> 00:37:24.240
Bill Sutton: All right, thank you, guys. We'll do it again next week.
300
00:37:24.480 --> 00:37:25.290
Todd Smith: Alright. Thank you.
301
00:37:25.290 --> 00:37:29.850
Bill Sutton: Good morning, Andy. It's been a while since you've been on. So appreciate you joining today.
302
00:37:30.280 --> 00:37:36.100
Andy Whiteside: Not a problem, love. I'd rather be doing that than what I am doing. But must get the other stuff done.
303
00:37:36.100 --> 00:37:37.790
Bill Sutton: Yeah. Got it? Alright, thanks. Guys.
304
00:37:37.790 --> 00:37:38.360
Andy Whiteside: Guys.
305
00:37:38.360 --> 00:37:38.950
Bill Sutton: Bye.