Published on 21 Jun 2012
Shadow Keys have been around for a very long time and many (including myself) have written about this topic. I feel it is time to compile all the information about shadow keys in one place to provide a comprehensive overview. This article will tell you about the concept of shadow keys, how they affect x64 and why some applications get around writing shadow keys at all.
Published on 14 Jun 2012
Traditionally remote desktop connections to Windows servers have been secured by authentication mechanisms based on username and password. Although current target servers provide the client with a certificate to proove their identity, most users are a certificate warning because hardly any server is configured with a certificate that can be successfully verified by the client. This article describes three measures to increase the security of an remote desktop deployment.
Published on 07 May 2012
In today’s world passwords are necessary for almost anything - this is especially true in a managed corporate environment. Whereas in the past a user was required to memorize many passwords for different applications and databases, IT departments are now expected to implement federated authentication mechanisms to reduce the number of passwords per user.
Consequently, Citrix offers Passthrough Authentication in addition to traditional explicit authentication. Unfortunately, the concept is widely misunderstood resulting in unexpected behaviour expecially in external access scenarios. This article provides a detailed description how Citrix passthrough authentication works, what it does and especially what it does not.
Published on 23 Mar 2012
Last year I started out on a quest for a new laptop. I had two important requirements for a new device: mobility and tablet capabilities. Why is that you may ask yourself.
Published on 13 Mar 2012
Since I have begun working in the virtualization business, customers have been asking for reasons why to spend money for Citrix XenApp and whether Remote Desktop Services (RDS) cuts it for them. For a long time, the answer was easy as hosted sessions on Windows Remote Desktop Services – formerly Terminal Services – have only provided basic functionality. But beginning with Windows Server 2008, Microsoft has put a lot of effort into that space. The underlying roles were steadily improved in every version, e.g. to support rich graphics and virtual desktops. With the public beta of the next Windows Server (8), Microsoft has improved the performance of RDP and built new management capabilities into Server Manager.
Published on 16 Feb 2012
Lately, I have been working on a lot of new reports for EdgeSight along my previous posts about building custom reports. This involves writing SQL query against the EdgeSight database and incorporating EdgeSight parameters to react to user input. Recently I have become annoyed by starting my virtual machine for these jobs and thought that I would be really neat to have an EdgeSight database available at all times. So I decided to migrate my EdgeSight database to the cloud.
Published on 12 Jan 2012
After I have spend several parts of this series discussing the theory of certificates, certificate authorities, certificate requests and file formats, this article focusses on Windows and how it handles certificates. I will also present several pitfalls that can make your life miserable when working with certificates and what tools are available by Microsoft.
Published on 09 Jan 2012
Certificates are often considered to be binary blobs that cannot be expressed in human readable form. In this part of my series about what everybody needs to know about certificates (part 1, part 2 and part 3), I will introduce well-known formats for certificates and private keys and how they can be display in clear text to survey the information therein. When different plattforms are involved, conversions between these formats may be necessary to work with the files.
Published on 23 Dec 2011
After you have now gained extensive knowledge about certificates and the underlying public key cryptography as well as certificate authorities, this part describes how certificates are requested and how the private key is kept secure during this process of public communication with a certificate authority.
Published on 20 Dec 2011
After having introduced the very basic concepts about certificates, we need to dive into the trust issues I raised in the first part of this series. Working with certificates means trusting someone else because a certificate contains a foreign signature combining a public key with identity information. In this part, I will explain why that trust is necessary and how every one of us implicitly places trust in certificates through the operating system.