[THIN] Re: CSG and Web Interface on 1 box

• From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 25 Apr 2006 12:26:05 -0700

Yes the XML service will authenticate the user and send back a list of
enumerated applications to the WI server.  The WI server will take the list
and generate the web pages for the user.  The pages are then sent from WI
server to the CSG server and back to the user.

 

Remember, CSG acts as a proxy server.  For both ICA (1494 and 2598) and
HTTPS requests.  This is true for both Web Interface and MSAM.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of HBooGz
Sent: Tuesday, April 25, 2006 11:49 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

Thanks for the clarity and comprehensive response.

In this scenario -- doesn't the PS server authenticate and send back to WI
the list of apps that the supplied username/pass has access to ?


Besides XML ( port 80, or custom port) what travels from the CSG(DMZ) to the
PS farm ? rather, what MUST travel between the csg/wi box back over to the
internal farm ? 

Thanks,






On 4/25/06, Joe Shonk <joe.shonk@xxxxxxxxx> wrote:

No.  Only CSG communicates with WI,  not the user.

 

User types in:  https://remote.mycompany.com <https://remote.mycompany.com/>


Remote.mycompany.com resolves to the IP of the CSG box

User's browser connects to CSG box via port 443

CSG sees client connect request on 443.

CSG talks to WI and gets the logon page

CSG sends the WI logon page to the clients (over the current SSL connect)

Client types in Password and clicks OK.  CSG sends this request to the WI
for authentication.

WI enumerates apps and sends list to CSG which in turns sends it to the
client (still over SSL)

Client browses apps and click on App.

CSG sends client request Apps to WI,  WI builds the .ica complete an STA
ticket and send the launch.ica file to the client (via the CSG server).

The ICA client is launched with the launch.ica file on the client machine. 

The client makes a new connection the CSG server over SSL

The CSG validates the STA ticket and setups up a connection the PS server.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto: <mailto:thin-bounce@xxxxxxxxxxxxx>
thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:49 AM


To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

But wouldn't I need to open port 444 to get to the site? So the user will
get the web interface?

Thanks

Brian 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of Joe Shonk
Sent: Tuesday, April 25, 2006 12:42 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

That's not correct. Passwords are encrypted.  The client makes it WI request
to the CSG server over SSL (The 1 IP and 1 SSL I mentioned).  CSG will then
proxy the request to the WI Server.  The client NEVER connects to port 80,
only CSG.   It's been like this since CSG 2.0.

 

Remember, only port 443 is exposed. Port 80 is blocked off from the
internet.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx
<mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:33 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

You can not log into the web interface using https if they are on one box.

I have set several up in the past like that but the client does not want
passwords sent over port 80 in clear text.

 

Brian

 

Brian Rota,
MTM Technologies, Inc. (formerly NEXL, Inc.) 
Sr. Systems Engineer,MCSE,CCEA

Tel. 978.538.3000

Cell 978.886.8127

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto: <mailto:thin-bounce@xxxxxxxxxxxxx>
thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk
Sent: Tuesday, April 25, 2006 12:26 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG and Web Interface on 1 box

 

Why?  You only need 1 public IP address and 1 SSL certificate.  The CSG
service will proxy WI traffic for you.

 

Both can reside on the same server. CSG runs on 443 and WI on 80 so there is
no conflict.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto: <mailto:thin-bounce@xxxxxxxxxxxxx>
thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rota, Brian
Sent: Tuesday, April 25, 2006 9:17 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CSG and Web Interface on 1 box

 

Hello

I have a client with 25 users currently

They are looking to upgrade the hardware that runs their CSG and Web
interface currently on 2 servers.

They would like to consolidate if possible to one box securely.

Can this be done by hosting 2 Ip addresses on the same server?

I know in the past you have had to change the SSL port on IIS to something
like 444 to make it work.

 

I was thinking 1 ip for CSG using an SSL cert and 1 ip for Web  interface
using a different SSL cert.

 

Thanks

Brian

 




-- 
HBooGz:\> 

• References:
  • [THIN] Re: CSG and Web Interface on 1 box
    • From: HBooGz

Other related posts:

• » [THIN] CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box
• » [THIN] Re: CSG and Web Interface on 1 box

1. Home
2. thin
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---