[THIN] Re: CSG and Web Interface on 1 box (Out of office)

  • From: "Mark Holley" <Holley@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 25 Apr 2006 14:53:51 -0400

This reply is being sent automatically.  I will be out of the office the week 
of April 25th.  In my absence, please contact  Matt Mcmahon (mmcmahon@xxxxxxx) 
or Gary Steffens (Garys@xxxxxxx).

Thank you.

Mark Holley

>>> thin 04/25/06 14:48 >>>

Thanks for the clarity and comprehensive response.

In this scenario -- doesn't the PS server authenticate and send back to WI
the list of apps that the supplied username/pass has access to ?


Besides XML ( port 80, or custom port) what travels from the CSG(DMZ) to the
PS farm ? rather, what MUST travel between the csg/wi box back over to the
internal farm ?

Thanks,





On 4/25/06, Joe Shonk <joe.shonk@xxxxxxxxx> wrote:
>
>  No*  Only CSG communicates with WI,  not the user.
>
>
>
> User types in:  https://remote.mycompany.com
>
> Remote.mycompany.com resolves to the IP of the CSG box
>
> User's browser connects to CSG box via port 443
>
> CSG sees client connect request on 443.
>
> CSG talks to WI and gets the logon page
>
> CSG sends the WI logon page to the clients (over the current SSL connect)
>
> Client types in Password and clicks OK.  CSG sends this request to the WI
> for authentication.
>
> WI enumerates apps and sends list to CSG which in turns sends it to the
> client (still over SSL)
>
> Client browses apps and click on App.
>
> CSG sends client request Apps to WI,  WI builds the .ica complete an STA
> ticket and send the launch.ica file to the client (via the CSG server).
>
> The ICA client is launched with the launch.ica file on the client machine.
>
>
> The client makes a new connection the CSG server over SSL
>
> The CSG validates the STA ticket and setups up a connection the PS server.
>
>
>
> Joe
>
>
>  ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Rota, Brian
> *Sent:* Tuesday, April 25, 2006 9:49 AM
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: CSG and Web Interface on 1 box
>
>
>
> But wouldn't I need to open port 444 to get to the site? So the user will
> get the web interface?
>
> Thanks
>
> Brian
>   ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Joe Shonk
> *Sent:* Tuesday, April 25, 2006 12:42 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: CSG and Web Interface on 1 box
>
>
>
> That's not correct. Passwords are encrypted*  The client makes it WI
> request to the CSG server over SSL (The 1 IP and 1 SSL I mentioned).  CSG
> will then proxy the request to the WI Server.  The client NEVER connects to
> port 80, only CSG.   It's been like this since CSG 2.0.
>
>
>
> Remember, only port 443 is exposed* Port 80 is blocked off from the
> internet.
>
>
>
> Joe
>
>
>  ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Rota, Brian
> *Sent:* Tuesday, April 25, 2006 9:33 AM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: CSG and Web Interface on 1 box
>
>
>
> You can not log into the web interface using https if they are on one box.
>
> I have set several up in the past like that but the client does not want
> passwords sent over port 80 in clear text.
>
>
>
> Brian
>
>
>
> Brian Rota,
> MTM Technologies, Inc. (formerly NEXL, Inc.)
> Sr. Systems Engineer,MCSE,CCEA
>
> Tel. 978.538.3000
>
> Cell 978.886.8127
>   ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Joe Shonk
> *Sent:* Tuesday, April 25, 2006 12:26 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: CSG and Web Interface on 1 box
>
>
>
> Why?  You only need 1 public IP address and 1 SSL certificate.  The CSG
> service will proxy WI traffic for you.
>
>
>
> Both can reside on the same server* CSG runs on 443 and WI on 80 so there
> is no conflict.
>
>
>
> Joe
>
>
>  ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Rota, Brian
> *Sent:* Tuesday, April 25, 2006 9:17 AM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] CSG and Web Interface on 1 box
>
>
>
> Hello
>
> I have a client with 25 users currently
>
> They are looking to upgrade the hardware that runs their CSG and Web
> interface currently on 2 servers.
>
> They would like to consolidate if possible to one box securely.
>
> Can this be done by hosting 2 Ip addresses on the same server?
>
> I know in the past you have had to change the SSL port on IIS to something
> like 444 to make it work.
>
>
>
> I was thinking 1 ip for CSG using an SSL cert and 1 ip for Web  interface
> using a different SSL cert.
>
>
>
> Thanks
>
> Brian
>
>
>



--
HBooGz:\>

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

Other related posts:

  • » [THIN] Re: CSG and Web Interface on 1 box (Out of office)
  1. Home
  2. thin
  3. Archive
  4. 04-2006