[THIN] Re: CAG Licenses Required for CSG Replacement
- From: "Matthew Shrewsbury" <MShrewsbury@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 11 Nov 2005 08:33:37 -0500
Right now I have most sites with a frame link and the Cisco router does
the DHCP at that site. Works great as we have no servers or local data
at the remote sites (basically nothing to go wrong). We use mostly thin
clients with IP based printers and maybe one or two fat clients
depending on the site needs. They use Citrix for all applications so
even a small link 100K CIR works for up to 10+ users.
For small sites and locations further away frame is no longer cost
effective. So I'm thinking just drop in a pipe to the Internet maybe
Cable, ADSL, SDSL, or fractional T1 and then VPN back to HQ. This would
allow us to still manage the thin clients and fat PCs and even push out
SUS updates.
Thanks for the info!
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Roger Riggins
Sent: Thursday, November 10, 2005 4:32 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
We do the same thing with PIX 501s also. We let the PIX do the DHCP
since we just have terminals behind it. Works great!
Roger Riggins
Network Administrator
Lutheran Services in Iowa
w: 319.859.3543
c: 319.290.5687
http://www.lsiowa.org
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 3:22 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
Thank you very much for your input. I was thinking about this but I've
personally never seen it done. It seems like it should have a lot of
benefits for us.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Thursday, November 10, 2005 2:19 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
I have PIX 501's in the remote offices, so there is a site-to-site LAN
based VPN, over 70 offices like this, works great. The local DC does
DHCP, but the PIX could do DHCP as well. I'm sure whatever device you
plan to use could do it. DHCP is broadcast based is it not, so I'm not
thinking it would go across the VPN, unless your device has some type of
option to check for DHCP broadcasts across subnets (similar to ip
helper-address in cisco switches/routers)
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 1:57 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
Thank you for the info! I am thinking maybe of using an CheckPoint Edge
type device so that the VPN connection is actually a piece of hardware.
That way when the PC boots it should already have a connection back to
HQ. Can DHCP pass over a VPN connection?
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Thursday, November 10, 2005 1:49 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
I put a DC in every site, even if it's got 5 people. I use an OptiPlex
(since we are Dell shop) tower with 2 HDD's and an $80 Promise RAID card
doing RAID 1. It's inexpensive and gives some failover incase the
internet line goes down. They'll still be able to auth resources and
what not.
If the VPN client runs as a service and connects at startup, then login
scripts should run fine. Once the VPN is connected, all your GPO's will
run in their scheduled intervals.
There could be issues about the GPO's and other work that happens at
boot time. That would depend on if the VPN client connects first or
not.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 1:47 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
By authenticate I mean logon to the PC and process logon scripts GPO etc
on a DC located over the VPN. I'm thinking for our small sites instead
of installing a frame link just purchase a fast Internet connection. We
have a few sites that at the moment just run Citrix over the Internet
but we have no way of managing there PC.
Thanks for the info!
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Thursday, November 10, 2005 12:15 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
Authenticate to be able to login to the computer, or just authenticate
in general? The Cisco VPN client can run at bootup and connect to the
default session, so once it's connected and pulls an IP, it can use your
remote DC to auth the login. I haven't had a need to do this, at least
not yet.
If you just mean auth in general, then yes, I have a couple of users
with no local DC and they do everything against a DC in a remote site.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 11:58 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
A little off topic but does anyone use a VPN where remote Windows
clients over the Internet can authenticate with DCs back at the other
end of the VPN? I'm thinking for smaller sites that don't have the need
for a full DC at that site.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Senior Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Thursday, November 10, 2005 11:45 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
We also already have a VPN solution, free (Cisco), but are evaluating
this CAG, due to it's ease of use, configuration, ease for the end user,
etc.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Durbin
Sent: Thursday, November 10, 2005 10:19 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
Good point about concurrent licensing; I'd have to look at how many
concurrent users we have externally at a given time. But regardless of
the number, I'm not paying for VPN licenses to get CSG functionality.
It's a bummer because I really like the VPN functionality, but other VPN
technologies are on the table at my company. It would have been a great
way to let some users start validating the VPN functionality, which
*could* have ultimately been a huge VPN win for Citrix.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Wednesday, November 09, 2005 8:31 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
Hardware is $2495, list price, a good vendor can cut that some.
We are looking to buy 2, for load balance/redundancy.
We have thousands of VPN users, but only see @ 100-150 concurrent at
peak times.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Wednesday, November 09, 2005 10:17 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
That is a fair point, if they gave away the CSG functionality for the
price of the hardware there would be a lot of shops that would be happy
to move to the new platform. These users could then become VPN users in
the future- point well taken.......
BTW, the hardsware is $2495 and the licenses are concurrent so I doubt
you would need 3500 licenses!
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Durbin
Sent: Wednesday, November 09, 2005 6:43 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
That's pretty crappy. I'm still paying $3,000 for the appliance, to
replace a Windows server that's running free software. I have 3500 users
with access via the CSG, and obviously, there's no way I'm paying
$350,000 to replace our CSG's. Too bad for Citrix, as they could
potentially have gotten a foothold in our VPN space via the CSG
replacement.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Wednesday, November 09, 2005 9:04 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement
Yes it does require licenses. It is a replacement, but not a free
replacement. Once the user connects you can configure whether you give
them a full VPN tunnel, hand off to WI (CSG), or kiosk mode. Any
combination of these features requires a CAG concurrent license. The
good news is that box performs extremely well, is wel integrated with
all the CTX products. The even better news is that it is a hardened
LINUX OS and not Windows pretending to be a security device!
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of techlists@xxxxxxxxxxxxxxxx
Sent: Wednesday, November 09, 2005 9:49 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CAG Licenses Required for CSG Replacement
In addition to being a SSL VPN, the CAG is being positioned as a
replacement for CSG. Does anyone know if the CSG functionality requires
a CAG license?
Thanks,
JD
Lutheran Services in Iowa Confidentiality Notice
==================================================================
The information contained in this communication may be confidential,
is intended only for the use of the recipient(s) named above, and
may be legally privileged. If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of its
contents, is strictly prohibited. If you have received this
communication in error, please return it to the sender immediately
and delete the original message and any copy of it from your computer
system. If you have any questions concerning this message, please
contact the sender.
Other related posts:
