E2E VC Berlin 2022 Day 2
- Published: Tuesday, 14 June 2022
After the sessions on the first day we had a dinner together at the event location and after that I ended up with a large group of Dutchies and Erik 😉 to drink a couple of beers together. It was a nice evening/night, but it became not too late to be fresh and fruity available at the start of day 2. Pretty much people made it to the first sessions of the day actually, I won’t make any remarks on the state of everyone. Nevertheless read my experiences of day 2 of E2EVC Berlin 2022 further in this blog.
In tradition there were some issues, this time the rooms could not be separated so the sessions were starting a 'bit' later. I attended the session of Carsten Bruns Citrix SPA - Tech Overview. Carsten kicked off with discussing zero trust, followed by the introduction of Secure Private Access including the feature set (zero trust network access, adaptive access/security controls, browser isolation, workspace browser, adaptive authentication, single sign-on, visibility/monitoring). Next topic was the set-up discussing the components like Connector Appliance, the Cloud Service, the agents on clients and the workflow. Within a demo Carsten shows SPA in practice. After the demo Carsten continued with Adaptive Authentication, this requires a Citrix ADC in the Cloud which is managed by Citrix, however the configuration is the responsibility of the customer at this moment (this will be changed). Carsten had a good overview which scenarios are supported by which agent/agentless set-up on the client. Last topic was the ZTNA agentless access.
Next session was Modern Workplaces Needs Modern Application Layering Berry Haveman and Andreas van Wingerden. After a short introduction by Andreas, Berry kicked off the session with the why (of using Liquidware Digital Workspace Management), followed by the features of the product ProfileUnity. They showed the capabilities of the product in a demo for the rest of the session.
The infrastructure as code deployment chain by Sinisa Sokolic was the next session. Sinisa started off with Terraform: he discussed: starting with the stack, going to modules and setting up more stacks (using the same modules), module versioning (in detail), state files. Next topic were best practices to don't get into problems (around versioning, pipelines, developer behavior, cloud provider, testing, security, Terraform on Windows, workflow).
Next session I attended the Defending against the unknown - the reverse proxy myth by Thorsten Rood. Thorsten started with a regular set-up of a reverse proxy. According to Thorsten this set-up is not protecting the back-end only the front-security (safeguards the users) is arranged. He continued with web application scenarios (closed audience/perfectly identified user group versus open/flexible audience) and defense types. A reverse proxy can provide security but only in case you expand its functionally into an Application-Level Gateway. The 7 important rules are invisibility, anonymous pre-authentication, masking, enforcing well-formed access, blurring response, intrusion blocking, rate limiting authentication. For each these rules Thorsten explained how you can implement them: invisibility --> SNI, anonymous pre-authentication --> recaptcha, masking --> not showing version numbers, well-formed access --> approved structure ruleset, blurry responses / intrusion blocking --> accepting ruleset, rate limiting authentication --> rate qualifier. Personally this was one of the best sessions, with lots of useful information.
Sven Jansen from DeviceTRUST with the session Context Everywhere was next. Sven started with explaining their solution. deviceTRUST Contextual Security was next (input: identity, endpoint, network, external information; used for conditional access, conditional application access, conditional configuration, reporting, external action). Next topic was the architecture of the product (agent based + management, no other infra). Sven demoed the product with some use cases. Sven showed also two demo's that are not in the product yet: clipboard restriction and the Igel/AzureAD integration with passthrough authentication. There is community license available for deviceTRUST for those interested to play with the product.
Last session on the Saturday I attended was Benefits and Challenges with Citrix DaaS by René Bigler and Sacha Thomet. Sacha started with the reasons why his company wanted to migrate to Citrix DaaS, followed by the current environment and timelines of the migration steps. Rene followed with describing his environment before and after the migration to Citrix Cloud. Sacha continued with the Automated Configuration Tool, followed by the rewriting the current scripts/automation tasks to REST API. Sacha is mentioning that the token API is connected to the user, if the user is deleted the TOKEN is also deleted. I added to that, that the token also got the rights of that specific user, so that should also be taken into account. René continued with the site aggregation and the DaaS connection optimizations like Direct Workload Connection, Rendezvous and Service Continuity. Next topic were the tips and tricks like Custom Workspace URL (Tech Preview), email-based discovery for workspace, published content, federated identity provider sessions, Autoscale, Tenant Scopes and Maintenance Mode for Cloud Connectors. The session ended with some challenges like one AzureAD, no support for nested AzureAD groups and connectivity issues for MacOS users with EDT.
After this session I stretched the legs with a nice walk. It was my fourth time in Berlin. The city still has the nice atmosphere I remembered and full of history. After the walk I had a nice dinner with a nice group of Belgian, German and Dutch people. After one more beer at the even hotel it was time to go to bed. The train back was already scheduled for 10:45, so unfortunate no time to attend any sessions anymore. I did a quick tour on the e-step to Berlin (as almost everyone tried out those steps I could not stay behind) before I headed to the Hauptbahnhof to travel back to the Netherlands.