[THIN] Re: ICA over the web

Think of the Web Interface as Program Neighborhood in a browser, and Secure
Gateway as a proxy for the ICA session. They're two different types of
communication. You can use WI with an SSL cert (but don't have to), so that
communication is encrypted, and you don't need Secure Gateway for that. When
the actual ICA session is initiated between the client and the MetaFrame
server, that traffic is unencrypted TCP traffic on port 1494. If you add
Secure Gateway to the equation, the ICA session is proxied through SG
instead, so that traffic then is over 443 encrypted by SSL. 
  Bear in mind that there are a few more types of communication between
DMZ/LAN that are not secure by default, but can be secured using SSL:

- The WI talks to the MetaFrame farm over port 80 to the XML service
- The WI talks to the STA over port 80
- The SG talks to the STA over port 80
- The SG talks to the MetaFrame farm over TCP 1494 (but this can also be 443
using SSL Relay)

  This is all assuming you have a single-stage DMZ. If you have a two-stage
DMZ, there are even more components, but they can all be secured using SSL.
Check out the WI/SG documentation - they're very good.

JD

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Beckett
> Sent: Thursday, 7 October 2004 6:37 a.m.
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: ICA over the web
> 
> So data can in fact be captured unencrypted but not the logon?
> 
> -----Original Message-----
> From: Steve Greenberg [mailto:steveg@xxxxxxxxxxxxxx]
> Sent: Thursday, October 07, 2004 9:08 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: ICA over the web
> 
> 
> 
> If you use only a cert on the Web page then only the session 
> initiatiion is
> encrypted, it will then hand off ICA session to the local 
> client to talk to
> the server directly. If you use Secure Gateway then the 
> entire ICA session
> stream is SSL encrypted and only port 443 is exposed to the 
> Internet at the
> firewall side. 
> 
> 
> Steve Greenberg
> Thin Client Computing
> 34522 N. Scottsdale Rd. suite D8453
> Scottsdale, AZ 85262
> (602) 432-8649
> (602) 296-0411 fax 
> steveg@xxxxxxxxxxxxxx
> 
> 
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Bill Beckett
> Sent: Thursday, October 07, 2004 5:45 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: ICA over the web
> 
> What is the benefit of using Secute Gateway versus just 
> having an SSL cert
> on the web page?
> 
> 
> -----Original Message-----
> From: Dirk Blose [mailto:Dirk.Blose@xxxxxxxxxx]
> Sent: Thursday, October 07, 2004 8:20 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: ICA over the web
> 
> 
> Web Interface, Secure Ticketing Authority, and Secure Gateway 
> are the way to
> go. They're free and don't require too much horsepower to 
> run. You can put
> them both on the Same server in the DMZ and the Secure ticket 
> Authority on
> any IIS server inside. The only thing you open to the outside 
> is 443 to the
> server. Inbound you open the XML port to the Citrix servers 
> and 80 to the
> Secure Ticket Authority. It's that simple.
> 
> Dirk Blose, MCSE, CCA
> Lead Technical Analyst
> (919) 765-4791
> dirk.blose@xxxxxxxxxx
> 
> >>> MineroHB@xxxxxxxxxxxxx 10/07/04 08:13AM >>>
> Hi all,
>       I have been using Citrix MetaFrame in a LAN for many years and I
> have never had to make the servers available to any external 
> sites over the
> web.  Now, I am required to provide secure access to some 
> servers over the
> web.  
> My question is: what other Citrix software do I need to 
> accomplish this?
> 
> A long time ago, I was familiar with Secure Gateway, but 
> Citrix products
> have changed so much lately that I am not sure how to make it happen
> anymore. Could someone point me to any articles or white papers?
> 
> Thanks,
> 
> ________________________________
> Hector Minero
> NSWCDD Code K55
> Ph: (540) 653-8859
> Fax: (540) 653-8575
> 
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? --   Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the 
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id=320 
> ********************************************************** 
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm 
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> 
> 
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? --   Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the 
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id20
> ********************************************************** 
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? --   Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the 
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id=320
> ********************************************************** 
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> 
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? --   Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the 
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id=320
> ********************************************************** 
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? --   Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the 
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id=320
> ********************************************************** 
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> 

********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: