[THIN] Re: Web Interface 2.0
- From: "Cornfield, Scott" <Scott.Cornfield@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 4 Aug 2004 16:48:39 +0100
Mat,
Golden rule is never have your STA beside your CSG. Put it on a farm server!
Scott
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Gentry, Jim (Seta)
Sent: 04 August 2004 16:36
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface 2.0
The STA runs as a service. Run WI and CSG on same box in DMZ. Pick a server
behind your firewall and install the STA. They is no performance impact on
the existing server to run theSTA
-----Original Message-----
From: Matthew Shrewsbury [mailto:MShrewsbury@xxxxxxxxxxxxxxx]
Sent: Wednesday, August 04, 2004 11:23 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface 2.0
We have a good firewall and the Web server will be located in the DMZ behind
that. I need to run on this server Citrix Web Interface, Citrix Secure
Gateway, and Secure Ticket Authority. Do you think I can run all 3 on the
same server? From reading the link it seems to be possible.
Thanks for all your help:-)
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA
Network Administrator
-----Original Message-----
From: Cornfield, Scott [mailto:Scott.Cornfield@xxxxxxxxx]
Sent: Wednesday, August 04, 2004 11:08 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface 2.0
If you only have one server then it should be the CSG. It should be stand
alone in a DMZ and securely locked down within an inch of its life :-) When
I say DMZ even a good Access Control Lists on your routers would be fine,
although I know nothing about Comms!
The STA component could be on one of the Farm servers.
Check this out,
http://support.citrix.com/kb/entry!default.jspa?categoryID=185
<http://support.citrix.com/kb/entry!default.jspa?categoryID=185&entryID=2843
&fromSearchPage=true> &entryID=2843&fromSearchPage=true
Cheers
Scott
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Matthew Shrewsbury
Sent: 04 August 2004 15:55
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface 2.0
Thank you for your input!!!
I like the idea of using CSG because I don't have to open up port 1494 to
the outside world.
1) Our system is low budget and I just can't afford another server to run
STA on. Do you think I could run it on the Web Interface/CSG server or on my
Metaframe datastore server?
2) If I can't do option 1 then I think I should just run Web Interface and
skip the CSG/STA option. If I do this how can I force "128Bit Only" for
external users?
Thanks again for all your help....I am reading the latest Administrator
guides now.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA
Network Administrator
-----Original Message-----
From: Cornfield, Scott [mailto:Scott.Cornfield@xxxxxxxxx]
Sent: Wednesday, August 04, 2004 10:08 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface 2.0
You can have your Secure Gateway and Nfuse / Web Interface on the one
server. Install your SSL cert on this server and put it in your DMZ, only
allow access to port 443 on the CSG.
The only issue here is that you have an additional server which acts as a
Secure Ticket Authority to support the CSG - the STA should sit outside the
DMZ beside the farm. You have the option of letting the CSG talk to the STA
on port 80, or you can install a SSL cert on the STA as well.
You can publish you application with standard security settings, as the CSG
will encrypt all the traffic using 128 bit SSL. The users never need to
connect directly to the farm servers.
Cheers,
Scott
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Matthew Shrewsbury
Sent: 04 August 2004 14:29
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Web Interface 2.0
I am slightly out of touch with Citrix XP Web Interface (I have used NFuse
not Web Interface). My goal is to have a company portal all users can hit
both internal and external to access Citrix applications.
Solution:
1) Single web server running Windows 2003, IIS6 and Citrix Web Interface.
2) Purchase SSL cert to secure all web traffic to and from Citrix Web
Interface.
3) Open 1494 ports into to each Citrix server from the internet.
4) Configure Web Interface for "128Bit only" for ICA traffic
Questions:
1) Do I need secure gateway? What is secure gateway all about?
2) Can I configure Citrix Web Interface to force "128bit only" for external
users and only use "128bit logon only" for internal users? I don't want to
publish applications twice.
I was planning to read up on this but now I have been told this needs to be
done right now...(my manager never sticks to the schedule).
Thanks for any help!!!
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA
Network Administrator
Coscan Homes LLC
C 5555 Anglers Avenue, Suite 1A
Ft. Lauderdale, Florida 33312
* Direct 954.620.1052
* mshrewsbury@xxxxxxxxxxxxxxx <mailto:mshrewsbury@xxxxxxxxxxxxxxx>
.
-----------------------------------------------------------------------
Information in this email may be privileged, confidential and is
intended exclusively for the addressee. The views expressed may
not be official policy, but the personal views of the originator.
If you have received it in error, please notify the sender by return
e-mail and delete it from your system. You should not reproduce,
distribute, store, retransmit, use or disclose its contents to anyone.
Please note we reserve the right to monitor all e-mail
communication through our internal and external networks.
-----------------------------------------------------------------------
.
.
Other related posts:
