[THIN] Re: Nfuse and ISA server

• From: "Steven Sporen" <steven.sporen@xxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 16 Sep 2003 17:26:48 +0200

Nfuse runs on top of IIS - ISA would publish the website as it would any
other, you could also offload the SSL encryption of the site to ISA.

CSG does pretty much the same, except Citrix offload all SSL traffic
including all the connectivity to it.

So to answer your question, you would just publish the websites behind
the ISA firewall nothing abnormal.

Some things to think about regarding ISA, If you want to run a redundant
system you will need to run Windows 2003, Windows 2003 supports multiple
NLBS groups so you can load balance incoming and outgoing connections
(Oh and don't load the ISA client on your servers!). We had problems
with this and found when we lost one of the firewalls we had to migrate
the IP address (which admittedly isn't difficult) to one of the other
machines (third party scanning DLL's for ISA are problematic - 'ye 'ol
blue screen of death [be warned!]). Another problem which we found
pertained to the applying of service packs to the OS, the question is -
do you want to constantly apply hotfixes and service packs to your
firewall, can you take it down every time? Taking this into account ISA
does have some nice features and it's because of this I know of quite a
few people who have opted for a dual firewall approach with the ISA
behind a FW1 or PIX. (One of which if you are wondering, ISA supports an
RPC filter which in theory allowed you to connect Outlook directly to
Exchange over the Internet - which of course is not necessary now with
RPC over HTTP in Exch2003)

My 2c (This doesn't mean this is how my network is configured - for
those who think like that) :)

Regards
  Steven


-----Original Message-----
From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx] 
Sent: 16 September 2003 04:33
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Nfuse and ISA server


I'm deploying an ISA server to handle all my DMZ traffic.  The ISA
server will be the only machine in the DMZ.  My web servers, ftp
servers, OWA servers, etc., will all be behind the firewall

I'll be moving from Win2000 TS to Citrix in the coming months.  I plan
to exclusive use NFuse and want to have everything SSL secured.  I know
the preferred methods are to use Nfuse with CSG. 

How would an ISA server interact with Nfuse and CSG?  

********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Nfuse and ISA server
• » [THIN] Re: Nfuse and ISA server
• » [THIN] Re: Nfuse and ISA server

1. Home
2. thin
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---