[THIN] Re: Citrix on DMZ

 

In these cases I am referring to the security policy dictated that there be
no communication between the DMZ and the private network. Since there was to
be no communication, that host could not effectively be part of an internal
farm. Also, for the most part, these were single server implementations for
specific B to B purposes so having a separate farm really just means a
little more management work to handle and not much more cost.

 

There are many other possible scenarios where some inside communications are
allowed and this would allow the DMZ servers to be part of an internal farm
but still limit end user sessions and connectivity to within the DMZ..

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649

www.thinclient.net

steveg@xxxxxxxxxxxxxx

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Malcolm Bruton
Sent: Wednesday, April 25, 2007 11:46 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix on DMZ

 

Steve

 

Why do you use a different farm?  Do you see it offers significant security
features by doing this.  If so ,What exactly?  If it's a small farm it's
quite costly to build the redundancy.

 

Malcolm

 

 

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Turman, David C.
Sent: 25 April 2007 18:41
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix on DMZ

 

 

    We have external customers (non-employees) that run a Term Server app
(Powerbuilder 6.5).

    The TermServer app talks thru the firewall to an internal SQL server
database.

    We just create user ID's in the external DMZ domain for them to use. 

    What else would you suggest?

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Steve Greenberg
Sent: Wednesday, April 25, 2007 11:58 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix on DMZ

We have done it a number of times for secure government business to business
applications. This is where the app and data is on the Presentation Server
and the security policy disallows internal access. In these cases the server
is usually a standalone farm and if I knew what was running on it they would
have to kill me :-)

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649

www.thinclient.net

steveg@xxxxxxxxxxxxxx

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Joe Shonk
Sent: Wednesday, April 25, 2007 6:03 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix on DMZ

 

Question.   Why would want to put a Presentation server in the DMZ?   I know
there are some valid reasons, so make sure to take the litmus test first.

 

It's 2512, 80 (or whatever the XML port is), 1494, 2598, 27000, the TS
Licensing Port.

 

Joe

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Turman, David C.
Sent: Tuesday, April 24, 2007 12:51 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Citrix on DMZ

 

 

        If I were to put a Presentation Server 4.0 box on a DMZ, what 
        ports would I need to open on the firewall to have it talk to 
        and be a member of a Presentation Server 4.0 Citrix Farm 
        on the insdie of the firewall? I'm assuming at least 1433. 
        Any others or problems with doing this?

Other related posts: