[THIN] Re: CSG and Web Interface on 1 box

• From: "Rota, Brian" <brota@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 25 Apr 2006 14:47:48 -0400

But isnt https://remote.mycompany.com <https://remote.mycompany.com/>
just a IIS page?

So it would be using the IIS ssl port? Since IIS and CSG can not share
it I would think you need to have port 444 (or what ever port IIS is
using for SSL)

Am I missing something here?

 

Thanks

 

Brian Rota,




From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: Tuesday, April 25, 2006 1:03 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

No...  Only CSG communicates with WI,  not the user.

 

User types in:  https://remote.mycompany.com
<https://remote.mycompany.com/> 

Remote.mycompany.com resolves to the IP of the CSG box

User's browser connects to CSG box via port 443

CSG sees client connect request on 443.

CSG talks to WI and gets the logon page

CSG sends the WI logon page to the clients (over the current SSL
connect)

Client types in Password and clicks OK.  CSG sends this request to the
WI for authentication.

WI enumerates apps and sends list to CSG which in turns sends it to the
client (still over SSL)

Client browses apps and click on App.

CSG sends client request Apps to WI,  WI builds the .ica complete an STA
ticket and send the launch.ica file to the client (via the CSG server).

The ICA client is launched with the launch.ica file on the client
machine. 

The client makes a new connection the CSG server over SSL

The CSG validates the STA ticket and setups up a connection the PS
server.

 

Joe

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:49 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

But wouldn't I need to open port 444 to get to the site? So the user
will get the web interface?

Thanks

Brian 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: Tuesday, April 25, 2006 12:42 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

That's not correct. Passwords are encrypted...  The client makes it WI
request to the CSG server over SSL (The 1 IP and 1 SSL I mentioned).
CSG will then proxy the request to the WI Server.  The client NEVER
connects to port 80, only CSG.   It's been like this since CSG 2.0.

 

Remember, only port 443 is exposed... Port 80 is blocked off from the
internet.

 

Joe

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:33 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

You can not log into the web interface using https if they are on one
box.

I have set several up in the past like that but the client does not want
passwords sent over port 80 in clear text.

 

Brian

 

Brian Rota,
MTM Technologies, Inc. (formerly NEXL, Inc.) 
Sr. Systems Engineer,MCSE,CCEA

Tel. 978.538.3000

Cell 978.886.8127

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: Tuesday, April 25, 2006 12:26 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

Why?  You only need 1 public IP address and 1 SSL certificate.  The CSG
service will proxy WI traffic for you.

 

Both can reside on the same server... CSG runs on 443 and WI on 80 so
there is no conflict.

 

Joe

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:17 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CSG and Web Interface on 1 box

 

Hello

I have a client with 25 users currently

They are looking to upgrade the hardware that runs their CSG and Web
interface currently on 2 servers.

They would like to consolidate if possible to one box securely.

Can this be done by hosting 2 Ip addresses on the same server?

I know in the past you have had to change the SSL port on IIS to
something like 444 to make it work.

 

I was thinking 1 ip for CSG using an SSL cert and 1 ip for Web
interface using a different SSL cert.

 

Thanks

Brian

 

• Follow-Ups:
  • [THIN] Re: CSG and Web Interface on 1 box
    • From: Joe Shonk

Other related posts:

• » [THIN] CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box

1. Home
2. thin
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---