[THIN] Re: Web Interface - login process
- From: Angela Smith <angela_smith9@xxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 26 Feb 2008 17:46:13 +1100
Hi
Im still trying to work out what ports get used during Citrix logon.
Ive attached a PowerPoint slide that shows the main
communication flow. I have a few questions I was hoping you could assist with:
1) How do I determine what server is the XML Broker?
2) What ports does the XML Broker use to talk to:
- Active Directory
- Licensing Server (27000 Im assuming)
- Data Collector
- Least Loaded Server
- Client
Our Web Interface does not have a certificate so all communication internally
is on Port 80. Does Port 80 get used for all communication from the XML
Broker? Can anyone let me know what ports are used in question 2
Thanks
Angela
________________________________
> From: andrew.wood@xxxxxxxxxxxxxxxx
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Web Interface - login process
> Date: Mon, 25 Feb 2008 13:04:38 +0000
>
>
> I think the link is wrapped Angela –
>
>
>
> Try this:
>
>
>
> http://tinyurl.com/2mfl74
>
>
>
> And if that doesn’t work, search in google for
> SecuringMonitoringNetworkTrafficwithinCAS_Final_v2
>
>
>
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Angela Smith
> Sent: 25 February 2008 11:48
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Web Interface - login process
>
>
>
> Hi Andrew
>
> Thanks for the reply. The link to the ppt file doesn't seem to work. Do you
> have another link to it?
>
> Thanks
> Angela
>
>> From: andrew.wood@xxxxxxxxxxxxxxxx
>> To: thin@xxxxxxxxxxxxx
>> Subject: [THIN] Re: Web Interface - login process
>> Date: Mon, 25 Feb 2008 11:21:30 +0000
>>
>> You don't need to open up ports from the WI server to AD to perform
>> authentication. The WI server doesn't do user authentication - there's a
>> slidedeck here -
>> www.citrixevents.com/.../dynamic/presentations/3105%20SecuringMonitoringNetw
>> orkTrafficwithinCAS_Final_v2.ppt that gives a graphical view of the
>> authentication process.
>>
>> User credentials are passed from the WI server to the IMA Service running on
>> your Citrix servers via the XML Broker in order for the IMA service to
>> authenticate the user and get their list of available applications. When the
>> user wants to launch a published app, the user's ica file is populated with
>> their ticket information (obtained from an STA) which allows them to log on.
>>
>>
>> So, technically - you *could* just use 80 and 1494, although if you want to
>> use session reliability you'll need to add in 2598.
>>
>> Obviously, that's not very secure.
>>
>> Ideally you've enabled https for the page submitting the user's credentials
>> (otherwise your network passwords are wandering over the internet in plain
>> sight), and you're at least encrypting the XML service from the WI to the
>> Citrix servers by using https.
>>
>> Raw and out of the box, once the user launches an app they are communicating
>> with the Citrix server on 1494 (by default); its 1494 from the client to the
>> citrix server(s) for all the citrix clients, including java. 1494 might not
>> be open at the client end, and isn't encrypted either: a straightforward way
>> to secure that communication would be to have CSG to secure ICA
>> communication to the user by encapsulating it in an SSL tunnel.
>>
>> There is a useful tcp port check document on doug brown's site -
>> http://www.dabcc.com/article.aspx?id=1755
>>
>> Hth.
>>
>>
>> -----Original Message-----
>> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
>> Of Angela Smith
>> Sent: 25 February 2008 09:18
>> To: thin@xxxxxxxxxxxxx
>> Subject: [THIN] Web Interface - login process
>>
>>
>> Hi
>>
>> Ive been tasked to document the Web Interface communication in our
>> environment and the ports that need to be opened between our DMZ and
>> internal network. Im looking at installing a Web Interface in our DMZ which
>> will access our Citrix Farm on the internal network. I need the Web
>> Interface to authenticate against Active Directory. This is what Ive got so
>> far and I was hoping someone could crosscheck or point me in the right
>> direction.
>>
>> 1) Client - Web Interface - Port 80
>> 2) Web Interface - Active Directory (AD on internal network) - not sure what
>> AD ports need to be opened
>> 3) Active Directory - Web Interface
>> 4) Web Interface - Zone Data Collector - Port 80
>> 5) Zone Data Collector - Web Interface - Port 80
>> 6) Web Interface - Client - Port 80
>>
>> User launches Published App
>> 7) Client - Web Interface - Port 80
>> 8) Web Interface - Client - Port 80
>> 8) Client - Citrix Presentation Server - Port 1494
>>
>>
>> A few questions:
>>
>> 1) Is the above correct?
>> 2) When a user launches a Published App, is the client talking 1494 direct
>> to the Citrix Presentation Server? Is the communication going through the
>> Web Interface or is it direct from client to the Citrix Server? Therefore
>> does 1494 need to be open to the client or is it 1494 from Web Interface to
>> Citrix server only?
>> 3) If the client is using JAVA does this still talk 1494 direct to the
>> Citrix Farm or is it a different port?
>>
>> Im trying to document the above login process and would appreciate any
>> assistance or direction.
>>
>> Thanks
>> Angela
>> _________________________________________________________________
>> Overpaid or Underpaid? Check our comprehensive Salary Centre
>> http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fcontent%2Emycareer%2Ecom%2Ea
>> u%2Fsalary%2Dcentre%3Fs%5Fcid%3D595810&_t=766724125&_r=Hotmail_Email_Tagline
>> _MyCareer_Oct07&_m=EXT************************************************
>> For Archives, RSS, to Unsubscribe, Subscribe or
>> set Digest or Vacation mode use the below link:
>> //www.freelists.org/list/thin
>> ************************************************
>>
>> ************************************************
>> For Archives, RSS, to Unsubscribe, Subscribe or
>> set Digest or Vacation mode use the below link:
>> //www.freelists.org/list/thin
>> ************************************************
>
> ________________________________
>
> Find it at www.seek.com.au Your Future Starts Here. Dream it? Then be it!
_________________________________________________________________
Your Future Starts Here. Dream it? Then be it! Find it at www.seek.com.au
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2F%3Ftracking%3Dsk%3Ahet%3Ask%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=OCT07_endtext_Future&_m=EXT
Other related posts:
