This reply is being sent automatically. I will be out of the office the week of April 25th. In my absence, please contact Matt Mcmahon (mmcmahon@xxxxxxx) or Gary Steffens (Garys@xxxxxxx). Thank you. Mark Holley >>> thin 04/25/06 14:48 >>> Thanks for the clarity and comprehensive response. In this scenario -- doesn't the PS server authenticate and send back to WI the list of apps that the supplied username/pass has access to ? Besides XML ( port 80, or custom port) what travels from the CSG(DMZ) to the PS farm ? rather, what MUST travel between the csg/wi box back over to the internal farm ? Thanks, On 4/25/06, Joe Shonk <joe.shonk@xxxxxxxxx> wrote: > > No* Only CSG communicates with WI, not the user. > > > > User types in: https://remote.mycompany.com > > Remote.mycompany.com resolves to the IP of the CSG box > > User's browser connects to CSG box via port 443 > > CSG sees client connect request on 443. > > CSG talks to WI and gets the logon page > > CSG sends the WI logon page to the clients (over the current SSL connect) > > Client types in Password and clicks OK. CSG sends this request to the WI > for authentication. > > WI enumerates apps and sends list to CSG which in turns sends it to the > client (still over SSL) > > Client browses apps and click on App. > > CSG sends client request Apps to WI, WI builds the .ica complete an STA > ticket and send the launch.ica file to the client (via the CSG server). > > The ICA client is launched with the launch.ica file on the client machine. > > > The client makes a new connection the CSG server over SSL > > The CSG validates the STA ticket and setups up a connection the PS server. > > > > Joe > > > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Rota, Brian > *Sent:* Tuesday, April 25, 2006 9:49 AM > > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: CSG and Web Interface on 1 box > > > > But wouldn't I need to open port 444 to get to the site? So the user will > get the web interface? > > Thanks > > Brian > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Joe Shonk > *Sent:* Tuesday, April 25, 2006 12:42 PM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: CSG and Web Interface on 1 box > > > > That's not correct. Passwords are encrypted* The client makes it WI > request to the CSG server over SSL (The 1 IP and 1 SSL I mentioned). CSG > will then proxy the request to the WI Server. The client NEVER connects to > port 80, only CSG. It's been like this since CSG 2.0. > > > > Remember, only port 443 is exposed* Port 80 is blocked off from the > internet. > > > > Joe > > > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Rota, Brian > *Sent:* Tuesday, April 25, 2006 9:33 AM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: CSG and Web Interface on 1 box > > > > You can not log into the web interface using https if they are on one box. > > I have set several up in the past like that but the client does not want > passwords sent over port 80 in clear text. > > > > Brian > > > > Brian Rota, > MTM Technologies, Inc. (formerly NEXL, Inc.) > Sr. Systems Engineer,MCSE,CCEA > > Tel. 978.538.3000 > > Cell 978.886.8127 > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Joe Shonk > *Sent:* Tuesday, April 25, 2006 12:26 PM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: CSG and Web Interface on 1 box > > > > Why? You only need 1 public IP address and 1 SSL certificate. The CSG > service will proxy WI traffic for you. > > > > Both can reside on the same server* CSG runs on 443 and WI on 80 so there > is no conflict. > > > > Joe > > > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Rota, Brian > *Sent:* Tuesday, April 25, 2006 9:17 AM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] CSG and Web Interface on 1 box > > > > Hello > > I have a client with 25 users currently > > They are looking to upgrade the hardware that runs their CSG and Web > interface currently on 2 servers. > > They would like to consolidate if possible to one box securely. > > Can this be done by hosting 2 Ip addresses on the same server? > > I know in the past you have had to change the SSL port on IIS to something > like 444 to make it work. > > > > I was thinking 1 ip for CSG using an SSL cert and 1 ip for Web interface > using a different SSL cert. > > > > Thanks > > Brian > > > -- HBooGz:\> ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************