MetaFrame Security

Citrix has introduced a number of more subtle security enhancements in MPS 4.0. Users who use the existing technology will find these changes beneficial to the operation of the environment. The changes include

• Smart Card Recognition Support Smart Card support is now accessible by applications within Presentation Server without the need to run the SCCONFIG command-line utility. In previous versions of MetaFrame, only the Winlogon.exe and LSASS.exe processes used for Smart Card logon had access. Other applications would not "see" the Smart Card unless they had been configured using the SCCONFIG tool.

• Smart Card Authentication Pass-through User credentials generated using a Smart Card can now be passed through to new sessions on different servers. Users can now access nonSmart Card-enabled servers using credentials generated from their initial Smart Card logon.

• Common Access Card Support In combination with the Win32 client for Presentation Server, Citrix now fully supports the use of the Common Access Card. Common Access Cards provide a mechanism for both authentication and identity validation. Common Access Cards typically are used as a means of digitally signing content such as emails.

• HP ProtectTools Support Citrix has added support for HP ProtectTools through the Win32 clients or the Web Interface. ProtectTools is an HP-developed product that provides access security using products such as Smart Cards, embedded security chips, and USB tokens.

• RSA SecurID and SafeWord on UNIX Support Support for user authentication to the Web Interface using either of these products has been extended from Windows to include UNIX operating systems.

• "Safe for Scripting" Property Addition to the Web Client The Web client now contains the necessary property settings that flag it as being "safe for scripting." When an ActiveX control is marked "safe for scripting," this tells the web browser that is loading the object (such as Internet Explorer) that it contains the necessary precautions to ensure that any web page script attempting to access it cannot violate any of the security mechanisms of the client environment. Without such a mechanism, the control may not load and execute properly, depending on the security settings of the browser.