NetScaler SDX

SECUREMATRIX GSB

SECUREMATRIX is a highly secure, tokenless, one-time-password (OTP) authentication solution that is easy to use and cost effective. It uses a combination of location, sequence, and image pattern from a matrix table to generate a single-use password. SECUREMATRIX GSB server with SECUREMATRIX Authentication server substantially enhances the security of VPN/SSL-VPN endpoints, cloud based applications and resources, desktop/virtual desktop login, and web applications (Reverse proxy with OTP), providing a solution that is compatible with PCs, Virtual Desktops, tablets, and smart phones.

By using the NetScaler SDX multitenant platform architecture in a software defined network (SDN), SECUREMATRIX’s strong authentication feature can be easily combined or integrated with other tenants or cloud services delivered through the Citrix ADC, such as Web Interface, XenApp, XenDesktop, and many other application services that require authentication.

Note: SR-IOV interfaces (1/x and 10/x) that are part of a channel do not appear in the list of interfaces because channels are not supported on a SECUREMATRIX GSB instance.

For more information, see SECUREMATRIX.

Provisioning a SECUREMATRIX GSB Instance

SECUREMATRIX GSB requires a SECUREMATRIX Authentication server that must be configured outside the SDX appliance. Select exactly one interface and specify the network settings for only that interface.

Note: SR-IOV interfaces (1/x and 10/x) that are part of a channel do not appear in the list of interfaces because channels are not supported on a SECUREMATRIX GSB instance.

You must download an XVA image from the SECUREMATRIX website and upload it to the SDX appliance before you start provisioning the instance. For more information about downloading an XVA image, see the SECUREMATRIX website. Make sure that you are using Management Service build 118.7 or later on the SDX appliance.

On the Configuration tab, navigate to SECUREMATRIX GSB > Software Images.

To upload an XVA image to the SDX appliance:

  1. In the details pane, under XVA Files > Action, click Upload.
  2. In the dialog box that appears, click Browse, and then select the XVA file that you want to upload.
  3. Click Upload. The XVA file appears in the XVA Files pane.

To provision a SECUREMATRIX instance

  1. On the Configuration tab, navigate to SECUREMATRIX GSB > Instances.
  2. In the details pane, click Add.
  3. In the Provision SECUREMATRX GSB wizard, follow the instructions on the screen.
  4. Click Finish, and then click Close.

After you provision the instance, log on to the instance and perform detailed configuration. For more information, see the SECUREMATRIX website.

To modify the values of the parameters of a provisioned SECUREMATRIX instance, in the SECUREMATRIX Instances pane, select the instance that you want to modify, and then click Modify. In the Modify SECUREMATRIX GSB wizard, modify the parameters.

Note: If you modify any of the interface parameters or the name of the instance, the instance stops and restarts to put the changes into effect.

You can generate a tar archive for submission to technical support. For information about generating a technical support file, see Generating a Tar Archive for Technical Support.

You can also back up the configuration of a SECUREMATRIX GSB instance and later use the backup data to restore the configuration of the instance on the SDX appliance. For information about backing up and restoring an instance, see Backing Up and Restoring the Configuration Data of the SDX Appliance.

Monitoring a SECUREMATRIX GSB Instance

The SDX appliance collects statistics, such as the version of SDXTools, the states of SSH and CRON daemons, and the Webserver state, of a SECUREMATRIX GSB instance.

To view the statistics related to a SECUREMATRIX GSB instance:

  1. Navigate to SECUREMATRIX GSB > Instances.
  2. In the details pane, click the arrow next to the name of the instance.

Managing a SECUREMATRIX GSB Instance

You can start, stop, restart, force stop, or force restart a SECUREMATRIX GSB instance from the Management Service.

On the Configuration tab, expand SECUREMATRIX GSB.

To start, stop, restart, force stop, or force restart an in:

  1. Click Instances.
  2. In the details pane, select the instance on which you want to perform the operation, and then select one of the following options:
    • Start
    • Shut Down
    • Reboot
    • Force Shutdown
    • Force Reboot
  3. In the Confirm message box, click Yes.

Upgrading the SDXTools File for a SECUREMATRIX GSB Instance

SDXTools, a daemon running on the SECUREMATRIX GSB instance, is used for communication between the Management Service and the instance.

Upgrading SDXTools involves uploading the file to the SDX appliance, and then upgrading SDXTools after selecting an instance. You can upload an SDXTools file from a client computer to the SDX appliance.

To upload an SDXTools file:

  1. In the navigation pane, expand Management Service, and then click SDXTools Files.
  2. In the details pane, from the Action list, select Upload.
  3. In the Upload SDXTools Files dialog box, click Browse, navigate to the folder that contains the file, and then double-click the file.
  4. Click Upload.

To upgrade SDXTools:

On the Configuration tab, expand SECUREMATRIX GSB.

  1. Click Instances.
  2. In the details pane, select an instance.
  3. From the Action list, select Upgrade SDXTools.
  4. In the Upgrade SDXTools dialog box, select a file, click OK, and then click Close.

Upgrading and Downgrading SECUREMATRIX GSB Instance to a Later Version

The process of upgrading the SECUREMATRIX GSB instance involves uploading the software image of the target build to the SDX appliance, and then upgrading the instance. Downgrading loads an earlier version of the instance.

On the Configuration tab, expand SECUREMATRIX GSB.

To upload the software image:

  1. Click Software Images.
  2. In the details pane, from the Action list, select Upload.
  3. In the dialog box, click Browse, navigate to the folder that contains the build file, and then double-click the build file.
  4. Click Upload.

To upgrade the instance:

  1. Click Instances.
  2. In the details pane, select an instance.
  3. From the Action list, select Upgrade.
  4. In the dialog box that appears, select a file, click OK, and then click Close.

To downgrade an instance:

  1. Click Instances.
  2. In the details pane, select an instance.
  3. From the Action list, select Downgrade.
  4. In the Confirm message box, click Yes.

Troubleshooting a SECUREMATRIX GSB Instance

You can ping a SECUREMATRIX GSB instance from the Management Service to check whether the device is reachable. You can trace the route of a packet from the Management Service to an instance to determine the number of hops involved in reaching the instance.

You can rediscover an instance to view the latest state and configuration of an instance. During rediscovery, the Management Service fetches the configuration and the version of the SECUREMATRIX GSB running on the SDX appliance. By default, the Management Service schedules instances for rediscovery once every 30 minutes.

On the Configuration tab, expand SECUREMATRIX GSB.

To ping an instance:

  1. Click Instances.
  2. In the details pane, select the instance that you want to ping, and from the Action list, click Ping. The Ping message box shows whether the ping is successful.

To trace the route of an instance:

  1. Click Instances.
  2. In the details pane, select the instance for which you want to trace the route, and from the Action list, click TraceRoute. The Traceroute message box displays the route to the instance.

To rediscover an instance:

  1. Click Instances.
  2. In the details pane, select the instance that you want to rediscover, and from the Action list, click Rediscover.
  3. In the Confirm message box, click Yes.