[THIN] Re: CSG and RSA SecureID

• From: Jay.Jukes@xxxxxxxxxx
• To: thin@xxxxxxxxxxxxx
• Date: Wed, 6 Nov 2002 22:38:05 +0930

I've just finished implementing this for a client

I used a total of 3 servers (plus the backend MetaFrame farm).  One server
is the NFuse web server with an SSL certificate for the secure website.
This also has the RSA ACE/Agent for Windows which talks on 5500/UDP to the
RSA ACE/Server to provide the 'dual factor authentication'.  The next
server is the CSG server with another SSL certificate.  Both these servers
are in a DMZ

The final server is internal and holds the STA service as well as the RSA
ACE/Server.  RSA user accounts can be manually syncronised with an LDAP
database (including MS Active Directory).

To get the RSA and CSG authentication working together you will need
Project Williamette from TweakCitrix.  It is a collection of ASP web pages
that are customised specifically to allow users to enter their username,
password and SecureID PASSCODE on the one webpage..  I followed the
instructions that came with the Project files and it worked like a charm.
The only thing I modified was some of the HTML coding to customise the look
and feel.

A summary of the requirements are....
3 Win2k servers
2 SSL certificates (plus more if you want to use HTTPS between the CSG and
internal servers for added security)
RSA Security ACE/Server (per user licensing)
RSA Security ACE/Agent for Windows (comes with the ACE/Server)
RSA Security SecureID tokens (for the users)
Citrix Secure Gateway (comes with Citrix Subscription Advantage)
Citrix MetaFrame (and associated MetaFrame farm equipment/servers)
Project Williamette 2.0 from www.tweakcitrix.com

Of course you can run the NFuse and CSG services on the one server with
some tweaking (search the Citrix knowledgebase for the specifics) to reduce
costs in a small implementation.  On the other hand, if its a large scale
deployment you may want to look at higher levels of redundancy.  You can
easily run redundant servers for all 4 services (NFuse, CSG, STA, RSA).

Cheers
Jay Jukes
***********************************************
    Systems Engineer
    MCSE    MCP+I    CCA
    CSM Technology
    Ph:     61 8 8936 1400
    Fax:    61 8 8941 1657
    Email:  jay.jukes@xxxxxxxxxx
    Web:     http://www.csm.com.au
***********************************************


|--------+------------------------->
|        |          "Andrew Knight"|
|        |          <andrew@xxxxxxx|
|        |          m>             |
|        |          Sent by:       |
|        |          thin-bounce@fre|
|        |          elists.org     |
|        |                         |
|        |                         |
|        |          06/11/2002     |
|        |          20:00          |
|        |          Please respond |
|        |          to thin        |
|        |                         |
|--------+------------------------->
  
>------------------------------------------------------------------------------------------------------------------------|
  |                                                                             
                                           |
  |       To:     "Thin (E-mail)" <thin@xxxxxxxxxxxxx>                          
                                           |
  |       cc:                                                                   
                                           |
  |       Subject:     [THIN] CSG and RSA SecureID                              
                                           |
  
>------------------------------------------------------------------------------------------------------------------------|





All,

Does anyone have a definitive list of the requirements for a CSG/Nfuse in=
stallation and RSA SecureID.  The Citrix docs are a bit woolly on it.

Cheers,
Andrew

> Andrew Knight.          CCI, CCEA, MCP+I, MCSE
>=20
Real Time Systems - 'Citrix Highest Growth Partner in Ireland 2001' =20

> Real Time Systems Ltd,
> Agar House,=09
> 31 Ballynahinch Road,        =09
> Carryduff, BT8 8EH,          =09
> Northern Ireland
>=20
> Tel: +44 (0)28 90817171
> Fax: +44 (0)28 90817172
> Email: andrew@xxxxxxxx
> Web:  www.rtsl.com
>=20
>=20
> This e-mail transmission may contain confidential information that is i=
ntended for the individual or entity named on the e-mail address. If you =
are not the intended recipient, please reply to the sender so that Real T=
ime Systems Ltd can arrange for the proper delivery, and then please dele=
te the message from your inbox.
>=20
> If you have received this e-mail in error, you are hereby notified that=
=20any disclosure, copying, distribution, or reliance upon the contents o=
f this e-mail is strictly prohibited.
>=20
>=20
>=20
#########################################################################=
############
This e-mail message has been scanned for Viruses and Content and cleared =

by MailMarshal
For more information please visit www.marshalsoftware.com or contact sale=
s@xxxxxxxx
#########################################################################=
############

***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm





*********************************************** 
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] CSG and RSA SecureID
• » [THIN] Re: CSG and RSA SecureID

1. Home
2. thin
3. Archive
4. 11-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---