In today’s business climate, organizations continue to look for new and innovative ways to increase employee productivity. The complexity of IT environments and proliferation of applications that users must access on a regular basis is often an inhibitor to productivity, particularly where each application requires the user to execute an independent sign-on step (typically by supplying a username and password). As users require access to an increasing number of applications to perform their roles, security risks and support costs often increase dramatically. Users may use weak and insecure shortcuts to help recall and manage passwords (e.g., writing down username/password combinations, failing to secure these written lists, using simple passwords, using the same password for multiple applications). Additionally, IT departments may be forced to relax password strength policies or password expiration cycles in response to user complaints or high support costs.
In many organizations granting access to applications for users (user provisioning) is a manual, multistep process that involves HR, IT and the user’s business unit. Errors and delays at any step will impede user productivity. Once provisioned, users must then connect to their applications and establish their login credentials. In short, traditional user provisioning processes are inefficient, consume significant enterprise resources, and pose significant challenges with respect to regulatory compliance.
Streamlining Application Access and User Provisioning with Citrix and CourionThis technical white paper describes how the integrated CitrixPassword Manager"and Courion AccountCourier user provisioningsolution streamlines provisioning users and enabling user access to business applications.W H I T E P A P E RUntitled DocumentTable of Contents 2Overview3Benefits of Integrated User Provisioning and ESSO5New User Experience without Integrated Provisioning and ESSO Is Manual and Inefficient7New User Experience with Integrated Provisioning and ESSO Is Automated,Efficient and Secure9Capture and Deployment of Credentials to Existing User Groups9User Enrollment9Proactive Enrollment Option Bulk Password Change10Silent Credential Collection Option10Deploying a New Application12Citrix and Courion Technical Integration13Summary14Appendix 1: Courion PasswordCourier Integration with Citrix Password ManagerUntitled DocumentTable of Figures 9Figure 1 Password Manager Credential Enroll Prompt12Figure 2 Citrix Password Manager and AccountCourier Integration Adding a User toa CRM ApplicationUntitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURIONOverviewIn today s business climate, organizations continue to look for new and innovative ways to increase employeeproductivity. The complexity of IT environments and proliferation of applications that users must access on aregular basis is often an inhibitor to productivity, particularly where each application requires the user to executean independent sign-on step (typically by supplying a username and password). As users require access to anincreasing number of applications to perform their roles, security risks and support costs often increasedramatically. Users may use weak and insecure shortcuts to help recall and manage passwords (e.g., writing downusername/password combinations, failing to secure these written lists, using simple passwords, using the samepassword for multiple applications). Additionally, IT departments may be forced to relax password strength policiesor password expiration cycles in response to user complaints or high support costs.In many organizations granting access to applications for users (user provisioning) is a manual, multistep processthat involves HR, IT and the user s business unit. Errors and delays at any step will impede user productivity. Onceprovisioned, users must then connect to their applications and establish their login credentials. In short, traditionaluser provisioning processes are inefficient, consume significant enterprise resources, and pose significantchallenges with respect to regulatory compliance.Citrix and Courion have partnered to create an integrated solution specifically built to increase worker productivityby enabling rapid access to applications and streamlining user provisioning, all while ensuring increased security.There are two primary components to the solution:COURION ACCOUNTCOURIERCourion s AccountCourier user provisioning solution automates the assignment of user access to resources anddata, and ensures that access is granted in keeping with the enterprise s security policies. AccountCouriereliminates repetitive user management tasks, and improves the responsiveness of IT organizations by enablingauthorized individuals to instantly grant, revoke or modify access to any operating system, application, Web portalor other IT asset without manual intervention.CITRIX PASSWORD MANAGERCitrix Password Manager"is an enterprise single sign-on (ESSO) solution that provides single sign-on to Windows ,Web and host-based applications, enforces password strength policies, and even automates primary Windowsdesktop password changes to enable easier, faster, and more secure application access. Password Manager alsohas a fast user switching capability called Hot Desktop that provides immediate access to shared workstationswithout compromising speed, while enforcing user authentication and audit controls.This white paper describes the benefits of integrated user provisioning and enterprise single sign-on by firstcomparing the registration process for a new employee using traditional manual methods to the process when anintegrated provisioning and ESSO solution is utilized. This paper then describes how the Citrix and Courion solutionstreamlines password capture and deployment for existing employees, and the role of password management insimplifying end users access to enterprise resources.2Untitled DocumentBenefits of Integrated User Provisioning and ESSO SEAMLESS ACCESS EXPERIENCE FOR END USERSWith the integrated Citrix and Courion solution, new end users simply log on once to their network domain and,upon launching an application, all of their ESSO-enabled applications are automatically signed on andimmediately available. When AccountCourier grants access to a resource, the associated user credentials areautomatically registered in Citrix Password Manager. When the user launches the application, Citrix PasswordManager recognizes the logon event and supplies the user credentials automatically. This tight integrationstreamlines the establishment of user accounts and eliminates the need for users to enter passwordsmanually simplifying the end user s experience, and improving productivity by connecting users to theirapplications rapidly and with less effort.STREAMLINED ADMINISTRATIONSingle sign-on requires passwords be registered for applications. Typically this is a manual process required of theend user. By integrating user provisioning with enterprise single sign-on, the Citrix and Courion solution automatespassword registration. As user accounts and entitlements are provisioned, no additional effort is required toprovide credentials to users or register them into the single sign-on system. The Citrix and Courion solutionstreamlines access to password protected applications and enterprise information and enables IT to respond tochanges in the business environment in real time.INCREASED SECURITYTypically, passwords are delivered to users using a mechanism that is not secure, such as e-mail, voice mail ordelivery by a manager or IT support staff. With the Citrix and Courion solution, credentials are administeredautomatically. The end user does not need to know the credentials associated with every account he/she uses(unless business needs dictate otherwise). The likelihood of users writing down passwords or creating weakpasswords is eliminated. Passwords composition rules and policies can be made stronger and enforced.Passwords can be refreshed more frequently, with each application or system having a unique, strong password.ENHANCED REGULATORY COMPLIANCEThe Citrix and Courion solution removes the burden from end users for mandated password changes, meetingstrengthened compliance requirements. AccountCourier can deliver new passwords to applications, and CitrixPassword Manager can then automatically authenticate users to applications with the new passwords with noaction required by the end user. Regulatory compliance is improved, while costs and complexities associated withcompliance efforts are reduced.Organizations looking to improve operational efficiencies, reduce the cost of managing identities, and improveend-user experience with reduced sign-on, can do so by providing a secure, single point of access to Windows,Web and host-based applications, and enterprise information. With the integrated Citrix Password Manager andCourion AccountCourier solution, the user experience is enhanced by ensuring that they only have to log in once.Citrix Password Manager and Courion AccountCourier handle the authentication, synchronization and applicationsign-on in the background. User enrollment is streamlined, provisioning is automated and audited, and policycompliance is enforced, all while reducing IT costs and increasing security.3Untitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURIONIn summary, users immediately benefit from single sign-on to all Windows, Web and host-based applications. TheCitrix and Courion integrated provisioning and single sign-on solution provides organizations with a streamlinedaccess experience for end users, and at the same time increases IT security, enhances password and securitypolicy enforcement, and reduces administrative overhead.4Untitled DocumentNew User Experience without Integrated Provisioning and ESSO Is Manual and Inefficient A typical manual user account creation process includes multiple steps involving human resources, IT and the employee s business unit. The steps described below outline how a new user is provided with access toenterprise applications and resources. The process includes registering the user into the applications for whichhe/she is authorized. The user then creates their logon credentials for the first time. Finally, the user can accesspassword-protected applications by entering their credentials each time the application is opened. Typical stepsinclude the following:PROVISIONING APPLICATIONS" The manager or HR notifies IT of a new employee, either through an application, e-mail, phone call or paperform, then requests access to the appropriate applications." IT manually creates accounts and password credentials for the new employee. Credentials required include boththe primary desktop login, as well as credentials for each application and enterprise resource the employee isauthorized to use. Different IT teams may be involved in creating and provisioning the primary desktopcredentials and application credentials which adds complexity to the process." Credentials are delivered to the employee s manager, typically by e-mail." The manager delivers credentials to the new employee.ACCESSING APPLICATIONS FOR THE FIRST TIME" User logs on to the desktop with their primary credentials." Enters the initial login credentials (supplied by IT) for the application." Reconfigures their login credentials during this first login process." Repeats these steps for each application they are authorized to access." User launches and logs in to each application with their username and password.This scenario illustrates several challenges in the provisioning of new employees and the employee s applicationlogin experience:" Many resources are involved: HR, IT, the business unit manager and the employee." The manual steps are inherently inefficient and errors can be introduced at many points." Several individuals have access to the initial user credentials: IT, the manager and the employee." The employee is responsible for reconfiguring their credentials and for conforming to the organization spassword creation policies. This can often lead to help desk or support calls." The employee is responsible for knowing and providing credentials on an ongoing basis each time anapplication is accessed.5Untitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURION" Managing employee application access over time, including removing access when appropriate, requiresmanual intervention." There is no mechanism for reporting and analyzing access rights and usage across the organization to ensureonly appropriate access is granted.Together, these challenges result in reduced security, higher IT administrative costs and reduced employeeproductivity. User provisioning solutions streamline the steps for supplying credentials to users. Enterprise singlesign-on solutions eliminate the need for users to repeatedly enter usernames and passwords to accessapplications. Only an integrated user provisioning and ESSO solution will adequately address all of thesechallenges in a seamless automated way.6Untitled DocumentNew User Experience with Integrated Provisioning and ESSO Is Automated,Efficient and SecureWith the integrated Courion AccountCourier/Citrix Password Manager solution, the process of registering users intoapplications and deploying passwords to applications is automated, enabling rapid access to business applicationsfrom day one. This new rapid process typically includes the following steps:PROVISIONING APPLICATIONS" Provisioning for a new employee is initiated in Courion s AccountCourier by the HR system, a manager or ITsecurity, in accordance with an administrator-defined policy. AccountCourier creates only the accounts that the employee requires for the job function that they performat the company. Account IDs are created and assigned, providing the opportunity to enforce consistent naming conventionswithin the enterprise. Random, complex values are used to set the initial passwords on the new accounts.ESTABLISHING CREDENTIALS INTO THE APPLICATION FOR THE FIRST TIME" Accounts are automatically and securely supplied to applications on the physical systems by AccountCourier no additional effort required from IT.REGISTERING ESSO CREDENTIALS IMMEDIATELY UPON CREATION" Credentials for the newly created accounts are automatically registered into Citrix Password Manager byAccountCourier.ACCESSING APPLICATIONS FOR THE FIRST TIME" User receives their primary credentials from IT." Logs on to the desktop with their primary credentials." Launches an application the username and password is automatically populated by Citrix Password Managerinto the application.The employee s first experience is single sign-on. Citrix Password Manager detects each application login eventand automatically supplies the user s login credentials (username and password), allowing the user to begin usingtheir applications immediately. When additional applications are launched by the user, Password Managerautomatically supplies the appropriate login credentials. The user must only remember one set of credentials their primary desktop credentials. After a desktop logon, all ESSO-enabled applications are automatically loggedon when launched by the user. Users do notneed to know the accounts and passwords for the applications thatthey use on a daily basis. And, requests to refresh or change passwords are handled automatically andtransparently by Citrix Password Manager.7Untitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURIONONGOING CREDENTIAL MANAGEMENTUser credentials managed by AccountCourier are automatically updated in Citrix Password Manager. Thisapproach provides simplified administration, better security and a streamlined, end-user experience on anongoing basis. Each time AccontCourier generates or updates a valid credential, Citrix Password Manager isupdated with that information enabling a seamless automated user logon process after a set of credentials is generated or updated.The Citrix and Courion integrated solution provides benefits in a variety of use cases:" New application accounts provisioned for existing employees are added to Citrix Password Manager facilitating single sign-on for new accounts to existing applications." New applications can be deployed across the enterprise with ESSO enabled. User logon is automated for newapplications which accelerates deployment and helps make users productive immediately." Password expiration in Active Directory can trigger a password refresh in which new complex random valuepasswords are populated into applications increasing application security.The integrated Citrix and Courion provisioning and ESSO solution seamlessly enrolls the user credentials to boththe applications and the ESSO system when new identities are provisioned. IT and business unit tasks associatedwith provisioning accounts and delivering credentials to an employee are automated freeing IT and business unitstaff to concentrate on value-added tasks that contribute to the business, rather than dealing with manualprovisioning tasks.The user is freed from having to establish and manage passwords for the applications they need to perform theirwork. Productivity is improved; users are productive on day one not days or weeks later. End-user applicationlogin is streamlined, resulting in a dramatically improved user experience, while passwords are strengthened andpolicy enforcement is assured, leading to significantly improved security across the enterprise.8Untitled DocumentCapture and Deployment of Credentials to Existing User Groups In the previous sections, this white paper outlined how the Citrix Password Manager and Courion AccountCouriersolution streamlines provisioning accounts and application credentials for newusers. The integratedAccountCourier and Password Manager solution also streamlines the deployment of single sign-on credentials togroups of existingusers across an enterprise. There are several practices that can simplify the capturing andpopulating of credentials into Citrix Password Manager for existing users. Any one of these methods may beappropriate, depending on the specific needs of various user groups and overall business needs.USER ENROLLMENTIn many ESSO deployments, employees are given responsibility for enrolling their credentials into Citrix PasswordManager. This simple, straightforward approach typically includes the following steps:1. Educate employees about creating strong passwords2. Deploy the Password Manager Agent to user desktops3. Employees enter their credentials as they use applications. Figure 1 shows the Citrix PasswordManager prompt to users to enroll an application.PROACTIVE ENROLLMENT OPTION BULK PASSWORD CHANGEAnother deployment approach is for IT to proactively initiate a password change for all accounts on the targetsystems that will be ESSO-enabled. This is referred to as a bulk password change. It is a fast way to capturecredentials into Password Manager, however, it requires coordination with the user community and deployment ofthe Password Manager desktop agent. AccountCourier is used to set passwords to a random, strong value andprovision them to Citrix Password Manager. In this scenario, end users no longer know the application passwords,so enrollment and deployment of Password Manager must be done when the users are off-line. Once complete, users log on with their Active Directory credentials. The Password Manager desktop agent isalready deployed. The employees simply launch their applications and Citrix Password Manager supplies the usercredentials to log the user into their applications. Users no longer have access to secondary credentials. Thisdeployment approach is often considered to support a staged deployment of ESSO to divisions, business units orgeographic locations.9Figure 1. Password Manager Credential Enroll PromptUntitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURIONSILENT CREDENTIAL COLLECTION OPTION1Another approach is to use the Courion PasswordCourier password provisioning solution to silently collectpasswords during password expiration or password synchronization activity. Prior to collection, the Citrix PasswordManager credential store is installed and prepared, however, the Password Manager desktop agent component isnot deployed. In this approach, passwords are silently collected by PasswordCourier and stored in the CitrixPassword Manager credential store. Every password change or reset initiated by PasswordCourier (Active Directoryor individual applications) is silently provisioned to the Password Manager credential store. By performing thecapture over your longest password expiration period, PasswordCourier should be able to collect all credentials forapplications that have been PasswordCourier-enabled.Organizations that use password synchronization, typically use the password expiration period of Active Directoryto drive a password refresh across other applications. The same approach is used, but passwords only need to becollected for a period that corresponds to Active Directory expiration. After the collection period has completed, thePassword Manager desktop agent is deployed. A majority of credentials are enrolled, and the employee base ispre-enrolled for single sign-on by default.DEPLOYING A NEW APPLICATIONThrough mergers and acquisitions or new business needs, organizations will periodically bring new applicationsand systems online. Consider a scenario where a new customer relationship management (CRM) system is beingdeployed and the old CRM system is being retired. New accounts are needed on the new system and should beESSO-enabled for the employees. The proactive enrollment approach described in the previous section can beused here:1. Select a set of users (provisionees) to provision. This might be a group, division, business unitor location.2. Provision new accounts for the new CRM system using AccountCourier, and set the password to arandom, strong value.3. The new credentials are automatically provisioned to Citrix Password Manager.4. Inform employees about the availability of the new CRM system.After these steps are completed, employees launch the CRM interface and Password Manager logs the user intothe CRM application.SUMMARYThe integration of Citrix and Courion provide a number of options for capturing user passwords when deployingCitrix Password Manager to existing user groups. For user groups containing non-technical users who areunfamiliar or unwilling to set strong passwords, and who require instant access to an application, the bulkpassword change or silent credential collection scenarios may be appropriate. In cases where Password Manageris deployed in a phased approach to specific user groups, the self-service user enrollment or proactive enrollment101This capability requires that Courion PasswordCourier product be implemented along with Citrix Password Manager. See Appendix 1 foradditional details regarding Courion PasswordCourier.Untitled Documentscenarios may be appropriate. No two organizations or user groups are the same. By providing organizations withflexible means for capturing passwords, Citrix and Courion allow IT administrators to implement comprehensivepassword management systems in ways that suit the needs of the organization and ensure a positive userexperience for all type of users within the organization.11Untitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURION12Citrix and Courion Technical Integration This section describes the integration between Courion AccountCourier and Citrix Password Manager.AccountCourier will supply credentials to Citrix Password Manager for a number of use cases including provisioningnew users to accounts and applications, provisioning existing users to new applications, and de-provisioning usersfrom applications. Take for example the creation of new accounts for an employee. Each time an account issuccessfully created in AccountCourier, the user credentials are provisioned to Citrix Password Manager.Password attributes may be specified in AccountCourier according to a variety of policies such as:" Password may be gathered from the end user." Password may be synchronized with the password from another system Active Directory is one common example." Password may be set to a random, strong value.In the example diagramed below, a new user is added to a CRM application. After the new account is provisionedinto Active Directory, the CRM application is provisioned and the credentials are sent to both the CRM applicationand the Citrix Password Manager credential store. The Password Manager credential store synchronizes thecredentials with the Password Manager desktop agent. When the user launches the CRM application, thePassword Manager agent automatically supplies the user s credentials to the CRM application and the useraccesses the application.1. Administrator grants access to CRM applicationwith AccountCourier, directory service updated 2. User credentials are provisioned to CRMapplication and to Citrix Password ManagerCentral Store3. Password Manager Agent synchronizes withPassword Manager Central Store 4. User launches application and is automaticallylogged in by Citrix Password Manager Figure 2. Citrix Password Manager and AccountCourier Integration Adding a User to a CRM Application Untitled DocumentSummaryOrganizations looking to improve operational efficiencies, reduce the cost of managing identities, and improveend-user experience with reduced sign-on, can do so by providing a secure, single point of access to Windows,Web and host-based applications, and enterprise information. With the combined Citrix Password Manager andCourion AccountCourier solution, the user experience is enhanced by ensuring that they only have to deal withone login. Citrix Password Manager and Courion AccountCourier handle the authentication, synchronization andapplication sign-on in the background. User enrollment is streamlined, provisioning applications is automatedand audited, and password and security policy compliance is enforced, all while reducing IT costs andimproving security.13Untitled DocumentSTREAMLINING APPLICATION ACCESS AND USER PROVISIONING WITH CITRIX AND COURIONAPPENDIX 1:COURION PASSWORDCOURIER INTEGRATION WITH CITRIX PASSWORD MANAGERCourion s PasswordCourier password provisioning solution provides transparent password managementcapabilities that are vital to simplifying the end-user access experience. PasswordCourier complements CitrixPassword Manager by providing a number of flexible user self-service capabilities for resetting Active Directorypasswords or resetting passwords for individual applications. PasswordCourier can also automatically reset auser s application password whenever their Active Directory password is updated. In short, the combination ofCourion PasswordCourier and Citrix Password Manager can provide any organization with comprehensivepassword management capabilities.The following sections contain examples of business scenarios where PasswordCourier provides additional value tothe Citrix and Courion provisioning and ESSO solution.ACTIVE DIRECTORY CREDENTIALSActive Directory is often the primary mode of authentication in an ESSO environment. Because of this, passwordpolicies are typically strengthened with stronger composition requirements, and more frequent expiration cycles.The increased policies may lead to an increase in forgotten passwords, expired passwords or accounts locked outdue to repeated tries. PasswordCourier is used in this case to provide many access methods for securely resolvingthe issue in a self-service fashion, including Web, telephone, voice and other methods.Additionally, an option for creation and delivery of Active Directory credentials is that the Active Directory passwordmay be initially specified by the new employee using Courion s PasswordCourier. In this scenario, nobody exceptthe employee ever has access to the initial passwords.NEED TO KNOW SECONDARY CREDENTIALSIn some business environments, the employee needs to know credentials because he accesses applications from anon-ESSO desktop. An example is remote access from a home office. In this case, the employee needs to knowthe username and password to an application as opposed to the case where the user simply manages andsupplies their primary network credentials and does not know the secondary credentials for the individualapplications that are ESSO-enabled. Since a majority of the time the user is not supplying credentials, thelikelihood that in some situations the user may forget the password or become locked out is increased. In thisscenario, PasswordCourier is used to reset the password and update the Citrix Password Manager credentialstore, thereby maintaining consistency with the ESSO system. The result is a smooth, end-user experience(service), lower cost and tightened security.SYSTEMS NOT ESSO-ENABLEDIn the enterprise, some systems may not be ESSO-enabled for business, political or technical reasons, but theorganization still wishes to provide a reduced sign-on experience for their systems. And often, the IT departmentwishes to provide automated password reset. Deploying PasswordCourier, along with Citrix Password Manager,addresses both needs. The password for non-ESSO systems can be synchronized to the Active Directory passwordusing Courion s transparent synchronization access option. Self-service password reset for the non-ESSO systemsis also provided by PasswordCourier.14Untitled DocumentDELEGATED PASSWORD MANAGEMENTOften organizations need to delegate password management capabilities to different individuals. The mostcommon example is password management being provided by the support staff organization. PasswordCouriercapabilities can be delegated to a range of individuals for ESSO and non-ESSO applications.15Untitled DocumentAbout Citrix: Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and most trusted name in Virtualization and on-demand access. More than 180,000 organizations around the world rely on Citrix to provide the best possibleaccess experience to any application for any user. Citrix customers include 100% of the Fortune 100 companies and98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and individuals. Citrix hasapproximately 6,200 channel and alliance partners in more than 100 countries. Citrix annual revenues in 2005 were 909 million. Learn more at http://www.citrix.com.About Courion: Courion s rapid business impact approach enables you to avoid the pitfalls of traditional userprovisioning and achieve lasting business value. By eliminating dependencies, prerequisites and other barriers toprovisioning success, Courion is able to address the specific business needs of customers and provide bothextensibility and adaptability to the changes that are the reality of today s business environment. Powered by theindustry s most flexible provisioning technology, Dynamic Community"set-based provisioning, Courion offers anintegrated suite of solutions for user provisioning, role management, enterprise single sign-on, audit compliance andpassword management. For more information, please visit the Courion Web site at www.courion.com. 2006 Citrix Systems, Inc. All rights reserved. Citrix and Citrix Password ManagerTMare trademarks of Citrix Systems, Inc. and/or one or more ofits subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. Courion, Enterprise ProvisioningSuite, AccountCourier, PasswordCourier are either registered trademarks or trademarks of Courion Corp. in the United States and/or other countries.Microsoft, Windows, Windows 2000, Windows XP, and Win32 are either registered trademarks or trademarks of Microsoft Corporation in the UnitedStates and/or other countries. All other trademarks and registered trademarks are property of their respective owners.WORLDWIDE HEADQUARTERS Citrix Systems, Inc.851 West Cypress Creek Road Fort Lauderdale, FL 33309 USATel: +1 (800) 393 1888 Tel: +1 (954) 267 3000EUROPEAN HEADQUARTERSCitrix Systems International GmbHRheinweg 9 8200 SchaffhausenSwitzerlandTel: +41 (52) 635 7700ASIA PACIFIC HEADQUARTERSCitrix Systems Hong Kong Ltd.Suite 3201, 32nd FloorOne International Finance Centre1 Harbour View StreetCentralHong KongTel: +852 2100 5000CITRIX ONLINE DIVISION5385 Hollister AvenueSanta Barbara, CA 93111Tel: +1 (805) 690 6400www.citrix.comCitrix WorldwideNOTICEInformation in this document is subject to change without notice. Companies, names, and data used in examples herein arefictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means,electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.The information presented in this document is subject to change without notice. THIS PUBLICATION IS PROVIDED AS ISWITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. CITRIX SYSTEMS, INC. ( CITRIX ) SHALL NOT BELIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL,CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THISPUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.