[THIN] Re: Adding Web Interface Server to DMZ
- From: Tony Lyne <tony.lyne@xxxxxxxxxxx>
- To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
- Date: Wed, 13 Feb 2008 09:06:35 +1300
Well if their network is essentially coming in on their DMZ, then I cant see
the need for installing a WI server on the DMZ and then opening up a bunch of
ports to the farm etc.... Especially if youre not opting to use the Secure
gateway component.
Without seeing your network (Firewall configs etc...) I would think it would be
far easier to allow access to your internal WI servers and Just open up
2598/1494 and 80. If you're worried about branding and logos etc then setup a
new WI site on your WI server and multi-home the web server and use headers to
redirect to the appropriate web site.
Tony Lyne
Consultant
Senior Systems Engineer
[cid:image001.gif@01C86E1F.BBC76E70]
+64 6 353 7300
[cid:image002.gif@01C86E1F.BBC76E70]<http://www.gen-i.co.nz/>
+64 6 356 6800
+64 27 472 0696
tony.lyne@xxxxxxxxxxx<mailto:tony.lyne@xxxxxxxxxxx>
www.gen-i.co.nz<http://www.gen-i.co.nz/>
53 Queen Street, PO Box 1470,
Palmerston North, New Zealand
"This communication, including any attachments, is confidential. If you are not
the intended recipient, you should not read it - please contact me immediately,
destroy it, and do not copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this communication does not
designate an information system for the purposes of the Electronic Transactions
Act 2002."
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Angela Smith
Sent: Tuesday, 12 February 2008 6:00 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Adding Web Interface Server to DMZ
Hi Tony
The external customer already has access to the DMZ area. Therefore Im
assuming I do not need a secure gateway or access gateway appliance. My
concern is actually how the Web Interface will fit into the existing Citrix
Infrastrustructure.
IE If I install a standalone WI server in DMZ, what ports do I open and how do
I configure the WI to talk to Production Citrix farm? Do I need to use
ALTADDR? Should I install I 4.6 even though the other WI servers are 4.2?
What is the best way to achieve this?
Thanks
Angela
________________________________
From: tony.lyne@xxxxxxxxxxx
To: thin@xxxxxxxxxxxxx
Date: Tue, 12 Feb 2008 16:09:19 +1300
Subject: [THIN] Re: Adding Web Interface Server to DMZ
Hey Angela,
You would be best to configure at least the provided Secure Gateway option
which comes with Presentation Server. Use this in conjunction with Web
interface and you'll be able to securely deliver applications using a secure
means. The PDF's supplied with the Web interface/Secure Gateway components on
the CD tell you the rest.
Alternatively you can use an Access Gateway, but this is an additional expense.
Tony Lyne
Consultant
Senior Systems Engineer
[cid:image001.gif@01C86E1F.BBC76E70]
+64 6 353 7300
[cid:image002.gif@01C86E1F.BBC76E70]<http://www.gen-i.co.nz/>
+64 6 356 6800
+64 27 472 0696
tony.lyne@xxxxxxxxxxx<mailto:tony.lyne@xxxxxxxxxxx>
www.gen-i.co.nz<http://www.gen-i.co.nz/>
53 Queen Street, PO Box 1470,
Palmerston North, New Zealand
"This communication, including any attachments, is confidential. If you are not
the intended recipient, you should not read it - please contact me immediately,
destroy it, and do not copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this communication does not
designate an information system for the purposes of the Electronic Transactions
Act 2002."
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Angela Smith
Sent: Tuesday, 12 February 2008 4:02 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Adding Web Interface Server to DMZ
Hi
We have 2 Web Interface 4.2 servers on our internal network using MS Network
Load Balancing. I now have a requirement where I need to add a Web Interface
Server in our DMZ for access for one of our external customers. They basically
need to run 1 application on our Citrix Farm. All our Citrix components are on
the internal network. We use SQL as our datastore.
What is the best way to achieve this?
What Ports need to be opened in the DMZ firewall for the Web Interface Server
to talk to the Citrix Farm/SQL Data Store server which all reside on the
internal network?
Thanks
Angela
________________________________
Listen now! New music from the Rogue
Traders.<http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=832&referral=hotmailtaglineOct07&URL=http://music.ninemsn.com.au/roguetraders>
________________________________
Find it at www.seek.com.au Your Future Starts Here. Dream it? Then be
it!<http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2F%3Ftracking%3Dsk%3Ahet%3Ask%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=OCT07_endtext_Future&_m=EXT>
Other related posts:
