I thought this might get the odd response. The way I see it and evangelize the security thing is this. How else would you easily get a remote client to connect to the desktop on a terminal server farm (if using just Microsoft Terminal services). Usually the answer is some form of VPN technology using something like PPTP, L2TP/IPsec or some other proprietary VPN technology. VPN's are extremely cumbersome, expensive and can be a pain to maintain and get to work, especially when NAT is involved. Also there are inherit security flaws with VPN technologies. Such as, when you establish a VPN session to a site, you are effectively extending the network to that device. This can make control of what's on that device and what's being transmitted to and from that device a chore in itself (Im meaning things like Virus's and other Trojans etc). IPsec's biggest issue is that it's extremely complex and this leaves major issues with configuration. Due to its complexity config issues can occur which could potentially put your network at risk. You guessed it, I'm not a big fan of VPN technology. OK, now for remote connectivity to sites like Citrix Secure Gateway etc. Products like Secure gateway is effectively a SSL based VPN. Which is really a marketing term, but what it does allow is for the server farm to deliver the desktop (or published application) to the remote device without extending the network. Bang, there go your concerns about what's on that remote device effecting the network. Issues with authentication and brute forcing passwords are really your only concern. This can be alleviated with security policies and other technologies like 2 factor authentication devices. This type of technology can be used into the portal space with products like MSAM (Metaframe Secure Access Manager) and I believe Novell portal services (An excellent product) as well. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz <http://www.computerland.co.nz/> CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. _____ From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx] Sent: Thursday, 2 September 2004 7:52 p.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client Tony- Can you expand on how Citrix is more secure? Nick _____ From: Tony Lyne [mailto:Tony.Lyne@xxxxxxxxxxxxxxxxxx] Sent: 02 September 2004 02:23 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client Don't forget the other options. The Metaframe family of products even though may cost a few $$$ initially, usually will allow for growth into the web portal space a lot easier than a Microsoft Terminal Services/WTS Gateway type solution. We run into the argument with clients here a lot, wether to spend the extra $$$ on citrix or just go to terminal services, Some cases there's no justification for citrix (As the site may be a small site with no growth planned) , but if the sites growing and growth in the future is expected (especially into the web portal space securely and easily) Citrix may be a better solution. Just remember that MF is only 1 of Citrix products and it then allows you to get into another whole range of other solutions. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz <http://www.computerland.co.nz/> CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. _____ From: Cláudio Rodrigues [mailto:Claudio.Rodrigues@xxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, 2 September 2004 5:45 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client It is not that simple. The main questions are: - Are you in Subscription Advantage or not? If not how much will you need to spend to get Citrix? - What exactly are you doing? Publishing individual applications to individual groups and/or users or not? If not, TS 2003 will do the trick easily. - Do you need all the fancy features on MetaFrame XPe? If not, you probably need XPa to do load balancing but in this case you can do it without Citrix. - How many servers/users are we talking about? - Have you considered New Moon Canaveral IQ (now called Tarantella Secure Global Desktop)? Has pretty much everything available on MetaFrame XPe at a much lower price. Some stuff is even way better like their EMF based printing solution. Cláudio Rodrigues Microsoft MVP Windows Technologies - Terminal Services http://www.terminal-services.net _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Abshire Sent: September 1, 2004 11:36 AM To: thin@xxxxxxxxxxxxx; Newman, Phil Subject: [THIN] Re: RDP Vs. ICA Client Hi all, I am currently making efforts to justify the continued use of Citrix over regular Terminal Services 2003. I have been using Citrix since 1.8 and have taken the courses so I am able to verbally make my case. However, I would like to know if anyone knows of any white papers on the WEB to back up me up? -----Original Message----- From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx] Sent: Wednesday, September 01, 2004 7:33 AM To: Newman, Phil; thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client 10K. Well that's pretty good. And if it works you that is what matters right? Generally we have found ICA fatter than that (better than RDP) but with bandwidth costs being inexpensive (relatively) some of our smaller clients have opted for the TS only route. 10 K, wow. Ron Oglesby Senior Technical Architect Microsoft MVP, Windows Server RapidApp, Chicago Office 312.372.7188 Mobile 815.325.7618 email roglesby@xxxxxxxxxxxx -----Original Message----- From: Newman, Phil [mailto:Phil.Newman@xxxxxxxxxxx] Sent: Wednesday, September 01, 2004 2:13 AM To: thin@xxxxxxxxxxxxx; Ron Oglesby Subject: RE: [THIN] Re: RDP Vs. ICA Client In the tests we ran - the figures can out at an average of 10k per connection for ICA, and 23k for RDP. In relation to rollout we are doing it makes staying with Citrix the best way forward, as I am looking at a large number of small offices, all using limited bandwidth DSL links. And to support RDP, the investment in WAN costs exceeded the Citrix licensing cost. Let me know what you think. regards, Phil _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Ron Oglesby Sent: 31 August 2004 13:37 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client Your kidding right? What metrics are you using to compare the two protocols, and what is the pay pack? Ron _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Newman, Phil Sent: Tuesday, August 31, 2004 1:58 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client The main driver I have seen for Citrix recently is the bandwidth issue, in implementing a new farm - we found that the bandwidth required for Terminal server, and hence the increase in Network cost - exceeds the cost of the Citrix licenses... -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith Sent: 26 August 2004 15:15 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client Hmmm...upgrade 5 users to Citrix on Win2k = c. $2000(I think). Upgrade 5 usrs from win2k to w2k3 = c. $750. -----Original Message----- From: Tom Howarth [mailto:tom.howarth@xxxxxxxxxxxxx] Sent: 26 August 2004 14:54 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client True, but in a environment where they do not have any terminal services, it is very difficult to see a compelling argument for Ctx -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Beckett Sent: 26 August 2004 14:39 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: RDP Vs. ICA Client Well the cost of 2003 is upgrading to 2003 if you're not there yet. -----Original Message----- From: Tom Howarth [mailto:tom.howarth@xxxxxxxxxxxxx] Sent: Thursday, August 26, 2004 9:39 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: RDP Vs. ICA Client Cost, no Citrix tax. With windows 2003 there is little or no advantage in using ica locally. A native windows 2003 with a WTS gateway will provide almost the same experience as a Citrix XPa environment with none of the added expense -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Miller Sent: 26 August 2004 14:26 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] RDP Vs. ICA Client I'm just curious about something within this group. I've noticed more people than I expcected using RDP to connect their users to their Metaframe servers. I've always been a big ICA client person myself. I'm just curious to see what benefits some folks see w/ the RDP client over the ICA client, or is it just preference? Thanks. Jay ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm