On-prem and on-cloud

Category archive

Receiver

Citrix in-session watermark

in Citrix Cloud/Receiver/XenApp/XenDesktop by

The fact in VDI security designs is that people are the weakest links in your protection chain. How can you prevent insiders from simply taking the screen and leaking your most brilliant ideas to external sources? How can you trace a leak back to when it first happened?

Citrix In-session Watermark offers a solution for you. It adds traceable information on top of the VDI screen. This provides a deterrent to prevent people from stealing the screen. To take this one step further, even if the information is leaked, you can still easily trace back to follow the identity on the screenshot.

While XenApp & XenDesktop provides a great barrier to information theft for outside attackers, In-session Watermark is provides an additional layer of security against theft from inside users. To clarify, watermarks are primarily a deterrent to inside users – for trustworthy users, yes, who sometimes need a reminder to be honest, and also for malicious insiders who are working to steal intellectual property. Since users control their endpoints running Citrix Receiver, there are security advantages to implementing server-side protections, and this is where we implemented In-session Watermark.

The watermark is added to the image before it is transferred to the endpoint. Compare the approach for implementing Citrix In-session Watermark on server side to other solutions and offerings on the market. The Citrix In-session Watermark cannot be removed without killing the session. If a watermark solution were implemented using a user space process to draw the watermark, the malicious users can kill that process to remove the watermark, which is clearly not a sufficient deterrent.

In the Citrix solution, the watermark is added deep inside the HDX engine and if the user were to kill the process that draws the watermark, it would also kill the user’s session, which is a much more effective deterrent.

The benefits of embedding this security into the HDX engine also include better screen coverage. The Windows 10 start menu and UWP apps will be covered properly with Citrix Watermark while a user mode process might leave some of the screen uncovered.

More details can be read in the original Citrix article at: https://www.citrix.com/blogs/2017/12/04/a-new-option-to-protect-your-workspace-in-session-watermark/

Citrix Receiver users prompted to download, run, open launch.ica file, instead of launching connection

in DaaS/Receiver by

Citrix Receiver launch.ica file

Applicable Products

  • Citrix Receiver for Windows

Symptoms or Error

When launching an application from the Internet browser, users are prompted to save or download the launch.ica file. The prompt Do you want to Open, Save, or Cancel the launch.ica connection file is displayed.The application does not launch immediately. Also, some but not all the users report that they are unable to connect.

For solution and more detailed analysis, see original Citrix Support article at: https://support.citrix.com/article/CTX804493

Go to Top