IT organizations seeking to implement zero trust network access (ZTNA) often encounter operational challenges that prevent adoption and successful rollouts beyond the pilot phase. To achieve success with ZTNA, they require more than just a feature-rich, best-of-breed solution that promises to meet functional requirements. What they also need is a practical deployment model that offers flexibility in controlling application traffic routing, complies with regulatory requirements regarding data governance, and leverages the simplicity of cloud solutions for administrative tasks.
Our customers tell us that they value the continuous real-time protection of Citrix Secure Private Access service but that they also want the option to keep application traffic on-premises rather than routing it via the internet to the public cloud. At the same time, they want to minimize their on-premises infrastructure and maintenance costs.
Delivering on that request, we are announcing the availability of Citrix Secure Private Access for hybrid deployments, a ZTNA solution that gives you the flexibility to route your sensitive application traffic through your on-premises NetScaler Gateway while using the Citrix Cloud-hosted UI for configuration, policy management, and observability. This end-to-end control of your Citrix environment provides enhanced protection to help you meet regulatory requirements for workloads running in hybrid environments.
What makes Citrix Secure Private Access different
Implementing ZTNA organization-wide is not a trivial undertaking. Because coordination across networking and security teams can be complex and time-consuming, we designed Citrix Secure Private Access to reduce the cognitive burden on IT by making it far simpler to implement than most ZTNA solutions.
No infrastructure changes required
For Citrix DaaS deployments, there is no change to your infrastructure. You’ve already set up Active Directory and deployed Cloud Connector, so you just need to go to Citrix Cloud, click the Citrix Secure Private Access tile, and configure your applications for zero trust access. And because there are no additional infrastructure components to deploy, there is no need to conduct a security assessment or get approvals.
The only ZTNA solution with an on-premises deployment mode
Unlike other ZTNA solutions, Citrix Secure Private Access on-premises deployment mode gives you the ability to easily deliver ZTNA to all private applications. Simply use your existing on-premises NetScaler Gateway and Citrix StoreFront to deliver a secure and unified access portal to web and SaaS applications in your Citrix Virtual Apps and Desktops environment.
The only ZTNA solution with a true hybrid deployment mode
The hybrid deployment mode for Citrix Secure Private Access gives you the flexibility to host your data plane on-premises and your management plane in the cloud. This end-to-end control helps you meet regulatory requirements for workloads running in hybrid environments.
Complements existing security solutions
Citrix Secure Private Access enhances remote access security by ensuring strict application routing directly to on-premises gateways. This is particularly useful in regulated environments when using on-premises secure web gateways (SWG) for secure internet access.
Key use cases
Citrix Secure Private Access for hybrid deployments facilitates the implementation of ZTNA by:
- Providing secure remote access to employees from corporate laptops: Seamless remote access based on zero trust principles improves safety, provides full traffic control, and enhances visibility while optimizing user experience.
- Providing secure remote access to contractor/ third-party from unmanaged devices: Enabling zero trust network access to web applications from unmanaged devices via any locally installed browser offers flexibility and helps reduce infrastructure costs.
- Protecting sensitive data within applications with last-mile security controls: Last-mile security controls safeguard application-related data directly on the endpoint. This reduces the risk of data leakage, as data is only decrypted at the endpoint, and security measures are applied immediately before it appears on the screen.
Key benefits
Simpler management and observability: Citrix Secure Private Access service and Citrix Secure Private Access for hybrid deployments offer simplified administration, configuration, licensing, monitoring, and auditing in the cloud, which helps reduce on-premises infrastructure and maintenance costs.
One unified portal for all applications: Citrix StoreFront on-premises provides a unified application catalog across Citrix Virtual Apps and Desktops, private web applications, and SaaS applications.
Application traffic routing control to ensure low latency: NetScaler Gateway, which is hosted in an on-premises data center or private cloud, serves as a secure connection point for application traffic. It enforces a zero trust policy and provides least privilege access to applications. This approach helps prevent performance or latency issues that could occur when routing traffic through the cloud.
Citrix Cloud connector for ZTNA policies and configurations: If you are already using Citrix Cloud as your control plane with Citrix Cloud connector, you can use the same connector for synchronization of ZTNA policy rules and configurations. The Citrix Cloud connector also provides full redundancy for configurations in case of a cloud outage, further ensuring high availability.
Geo-redundancy for optimal application performance: The NetScaler Global Server Load Balancing (GSLB) feature automates application traffic routing to the nearest NetScaler Gateway, ensuring optimal performance through a single connection point URL.
No additional cost outlay: You can drastically reduce the expense of adopting a ZTNA solution for private web and client-server applications by leveraging your existing NetScaler Gateway on-premises and Citrix StoreFront on-premises infrastructure — further realizing the value of your investment in Citrix, particularly if you are using Citrix Desktop-as-a-Service (DaaS).
Learn more about Citrix Secure Private Access for hybrid deployments
To learn more about how Citrix Secure Private Access can help you implement zero trust-based access to private applications and SaaS applications for all of your users, check out the Citrix Secure Private Access product documentation and community page.
