DLP Endpoint Prevent can monitor virtual desktops hosted by Citrix XenDesktop and Citrix XenApp/Application servers and prevent remote users from copying sensitive data that is accessible through a virtual desktop. A DLP Agent can be installed in each virtual desktop. By running a DLP Agent in the virtual host, you can prevent a user from copying confidential data that is accessible from the hosted virtual desktop to a remote computer or device that may not be secure. You can configure the DLP Agent to monitor storage volumes, print and fax requests, clipboards, and network activity on the virtual desktop.
The DLP Agent is installed on Citrix XenDesktop and Citrix XenApp/Application servers, where it can detect confidential data sent to a Citrix client computer.
The DLP Agent monitors the following locations and activities on the Citrix virtualized endpoint:
Scanning Microsoft Office files
Restoring files on Citrix client drives
Monitoring application file access and files uploaded to browsers
Incidents logged from Citrix virtualized endpoints
All incidents that are generated on Citrix drives by the DLP Agent display as Removable Storage Device incidents. In the Enforce Server administration console, you cannot deselect the Removable Storage event for Citrix drives. The Removable Storage event is always monitored by the agents that are deployed to Citrix servers. Note: The IP addresses in incident snapshots contain the IP address of the XenDesktop virtual machine or XenApp server and not a Citrix client.
You must install the DLP Agent software on each XenApp server host and on any individual application servers that publish applications through XenApp.
All detection on Citrix XenApp is performed in a single thread (all user activities are analyzed sequentially).
Symantec tests indicate that the DLP Agent software can support a maximum of 40 simultaneous clients per Citrix server. However, detection performance varies depending on the server hardware, the type of applications that are used, and the activities that Citrix clients perform. You must verify the DLP Agent performance characteristics for your environment.
Note: If XenApp streams an application directly to an endpoint computer, the Symantec DLP Agent that is deployed to the XenApp server cannot monitor the streamed application.
Detection server restriction for Symantec DLP Agents on Citrix XenApp
Symantec does not recommend using a single Endpoint Prevent detection server with both physical endpoint computers and Citrix XenApp servers. When you use the Enforce Server administration console to configure endpoint events to monitor, you must deselect CD/DVD and Local Drive events for Citrix XenApp agents. (These items are present on the Agent Configuration screen, but they are not supported for Citrix XenApp.) Using the same Endpoint Server for non-Citrix agents limits the functionality of those agents because you must disable Local Drive and CD/DVD events for the server as a whole. To support the DLP Agent on both Citrix XenApp servers and physical endpoint computers, Symantec recommends that you deploy two Endpoint Servers and ensure that each server is reserved for either Citrix XenApp agents or physical endpoint agent installations.
You must install the DLP Agent software on each virtual machine on the XenDesktop server.
The DLP Agent software can connect either to a dedicated Endpoint Prevent server or to an Endpoint Prevent server that is shared with non-Citrix agents. You cannot connect to an Endpoint Prevent server that is reserved for Citrix XenApp.
Note: If you use the same server for both Citrix and non-Citrix agents, you cannot configure events independently for each environment.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe