[THIN] Re: CSG and Web Interface on 1 box
- From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 25 Apr 2006 12:20:14 -0700
Since the only connection allowed to the box is SSL (443) everything sent
over the web is encrypted. Backend end connection may not. That depends
on if you use an SSL certificate to secure STA/XML communications.
The 1 URL, 1 IP, 1 SSL Cert makes setup and management easy, however there
are some drawbacks.
No Smart Card Authentication integration with WI
No Client IP address is available (important if you apply setting Citrix
Policies)
No URL redirection from HTTP to HTTPS from the server.
Joe
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:57 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box
I would prefered 1 box with 1 cert but I want to make sure nothing is sent
in clear text over the web.
Brian
Brian Rota,
MTM Technologies, Inc. (formerly NEXL, Inc.)
Sr. Systems Engineer,MCSE,CCEA
Tel. 978.538.3000
Cell 978.886.8127
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Joe Shonk
Sent: Tuesday, April 25, 2006 12:53 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box
I think what you are referring to is socking pooling. If you wanted to have
WI and CSG to have different SSL certs with 2 IPs with each running on port
443 (each with it's own IP) you needed to disable socket pooling using the
CLI command.
CSG 3.0 is basically the same as 2.0 with a few new features to support PS
4.
Joe
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of HBooGz
Sent: Tuesday, April 25, 2006 9:44 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box
There used to an issue with both running on the same box and there needed to
be a command ran from the CLI in order to make sure everything is working.
I'm currently running WI 2.1 and CSG 2.0 running on the same box but
defintely had to plan ahead about the installation and SSL installation.
I'm considering about upgrading WI and CSG to the latest version -- do the
latest versions of the each software account for this type of setup ?
Anything in particular i should look for or prepare/plan for ?
Thanks,
HS
On 4/25/06, Joe Shonk <joe.shonk@xxxxxxxxx> wrote:
Why? You only need 1 public IP address and 1 SSL certificate. The CSG
service will proxy WI traffic for you.
Both can reside on the same server. CSG runs on 443 and WI on 80 so there is
no conflict.
Joe
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:17 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CSG and Web Interface on 1 box
Hello
I have a client with 25 users currently
They are looking to upgrade the hardware that runs their CSG and Web
interface currently on 2 servers.
They would like to consolidate if possible to one box securely.
Can this be done by hosting 2 Ip addresses on the same server?
I know in the past you have had to change the SSL port on IIS to something
like 444 to make it work.
I was thinking 1 ip for CSG using an SSL cert and 1 ip for Web interface
using a different SSL cert.
Thanks
Brian
--
HBooGz:\>
Other related posts:
