Customers implementing Zero Trust Network Access (ZTNA) solutions for secure access to enterprise apps demand greater choice and flexibility with deployment options while ensuring they meet compliance and regulatory requirements. Citrix is unique in offering this choice and deployment flexibility. With our Secure Private Access (SPA) solution we offer a customer-managed ZTNA solution as well as a cloud-based ZTNA solution as a SaaS service — all while delivering an unparalleled unified user experience and consistent security across all types of application resources including SaaS apps, web apps, client-server apps, and virtual apps and desktops.
With Citrix Enterprise Browser included as part of Secure Private Access, IT and security admins can enforce app and data security controls on managed and unmanaged devices to deliver a secure browsing experience for all enterprise SaaS and Web apps.
Today, we are announcing the General Availability of major enhancements to our Secure Private Access on-premises solution as part of the Citrix Virtual Apps and Desktop (CVAD) 2311 release, continuing our innovation to deliver the hybrid work experience.
What’s new?
The latest Secure Private Access on-premises solution enhancements in GA include:
- Dynamic ZTNA security policy enforcement to grant the user just enough access permissions
- An improved policy orchestration engine to allow for the least privilege access based on context
- A new administrative web console experience
- Enhancements to the Citrix Enterprise Browser for last-mile app and data security enforcement
- SPA console integration with Citrix Web Studio for streamlined administration workflows
- Single sign-on enhancement for SaaS & Web apps with StoreFront portal
The streamlined onboarding experience simplifies the first-time installation and setup and policy configuration workflows to make PoCs and production environments faster. With this release, we introduce a new Secure Private Access on-premises software component (i.e., SPA Plugin). Customers already using CVAD and NetScaler can simply extend their environment with a Zero Trust Network Access policy orchestrator. This provides the ability to support all the new enhancements we are discussing in this blog post.
The SPA on-premises console is also integrated with Citrix Web Studio on-premises to enable Citrix Virtual Apps and Desktop admins to seamlessly manage SaaS and Web app policies along with the workflows for Virtual Apps and Virtual Desktops. We have also made special enhancements to simplify the authorization process with automated callout from NetScaler Gateway into the SPA Plugin module when starting an application.
Secure Private Access on-premises use cases
Citrix Secure Private Access on-premises enhances an organization’s overall security and compliance posture with the ability to easily deliver Zero Trust access to browser-based apps (internal web apps and SaaS apps) using StoreFront as a unified access portal, along with virtual apps and desktops as an integrated part of Citrix Workspace. The solution works with existing releases of NetScaler and StoreFront without any change to the versions.
SPA on-premises is designed to address these key use cases via a customer-managed ZTNA solution:
- Use case #1: ZTNA access for employees & contractors to internal web and SaaS apps from managed or unmanaged devices.
- Use case #2: Comprehensive last-mile Zero Trust enforcement with admin configurable browser security controls for app & data protection.
- Use case #3: Accelerate Merger & Acquisitions (M&A) user access across multiple identity providers, ensure consistent security, and provide seamless end-user access across different user groups.
Key capabilities in this release
There are a number of key capabilities in this release:
Let’s take a closer look at a few of them.
Admin console with seamless setup and config workflows
With the new admin console experience, you get:
- Dynamic policy flows & an integrated installer with CVAD
- Real-time dashboards with user, apps, and policy monitoring
- Integrated troubleshooting and log viewer to easily diagnose access failures
- Ability to access the SPA console from Citrix Web Studio or standalone
Watch this video to check out the new administration experience and first-time onboarding workflow integrated with the CVAD installer.
Policy orchestration and dynamic Zero Trust access to web & SaaS apps
The policy orchestration enhancement features:
- Granular contextual access policies, enforced on managed and unmanaged devices
- Identity, location, and device context-aware ZTNA-based private access
- Orchestration of dynamic security controls & app protection policies with Citrix Enterprise Browser
- Policy workflow for traffic and session authorization enforced on NetScaler
Citrix Enterprise Browser enhancements for last-mile security enforcement
The Citrix Enterprise Browser enhancements include:
- Admin-managed mandatory extension list and custom extensions
- Improved browser experience across session reconnects
- Simplified single sign-on for SaaS and web apps
- Citrix Enterprise Browser customization options for privacy, cache management, work browser mode to open all work links, and appearance
Unified Access portal and simplified end-user experience
The Unified Access portal and simplified end-user experience allow you to:
- Consolidate and categorize web, SaaS, and CVAD apps in Citrix Workspace app for optimal user experience
- Access SaaS & web apps using Citrix Enterprise Browser
- Single sign-on to SaaS & web apps accessed via StoreFront w/ SSO along with CVAD apps
Watch this video to see what the end-user experience is like.
StoreFront and NetScaler infrastructure integration
This integration:
- Works seamlessly to support existing NetScaler and LTSR StoreFront versions as well as current release (CR) StoreFront
- Leverages NetScaler multi-factor authentication (MFA), SSO, Endpoint Analysis (EPA), and Smart Access tag configurations
- Works with NetScaler GSLB configurations and StoreFront multi-site deployment configurations
Get Started
To learn about configuration requirements, product details, and how to implement a Zero Trust Network Access (ZTNA) solution for your users, visit the Citrix Secure Private Access documentation page.