Well, Citrix's stuff is a vanilla install. I happened to have the hardware available to do it, and it was the least hassle for me. Either way, whether you have them on the same box or seperate ones, I still say you need it in the DMZ for security. -Paul > ---------- > From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx] > Reply To: thin@xxxxxxxxxxxxx > Sent: Tuesday, June 03, 2003 10:43 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: CSG implementation > > I'm still in the design phase. Does anyone have any white papers \ best = > practices information on installing and configuring CSG? The stuff I've = > found on Citrix's web site is lacking... > > =20 > > _____ =20 > > =20 > Brian Claus, A+, Network+, MCP > Network Administrator > WESCO Distribution, Inc. > 225 West Station Square Drive, Suite 700 > Pittsburgh, PA 15219-1122 > Phone: 412-454-2412 > Fax: 412-454-2540 > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=20 > _____ =20 > > > > -----Original Message----- > From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx] > Sent: Tuesday, June 03, 2003 10:22 AM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: CSG implementation > > > Well, it depends... are you running the Gateway on the same box as = > NFuse? > I'm not. Anyway, open only the ports you need. It is far more secure. = > And > remember, the XML communication takes place from the DMZ to the internal > network. It does not need to be visible externally. You need 80 so = > that > NFuse can communicate AND so that the certificate can be resolved, and = > 443 > for security communications. I do it the recommended way and run a = > seperate > server for NFuse and for my Secure Gateway box. Both have only 80 and = > 443 > open to them externally. The SG box has IIS disabled. It works well. > > -Paul > > > ---------- > > From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx] > > Reply To: thin@xxxxxxxxxxxxx > > Sent: Tuesday, June 03, 2003 10:04 AM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: CSG implementation > >=20 > > What about custom apps? Will they work if only 80 and 443 are open? > > (I'm assuming you mean that your nfuse server uses port 80 to > > communicate via XML...I don't use 80) > >=20 > > =3D20 > >=20 > > _____ =3D20 > >=20 > > =3D20 > > Brian Claus, A+, Network+, MCP > > Network Administrator > > WESCO Distribution, Inc. > > 225 West Station Square Drive, Suite 700 > > Pittsburgh, PA 15219-1122 > > Phone: 412-454-2412 > > Fax: 412-454-2540 > > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D20 > > _____ =3D20 > >=20 > >=20 > >=20 > > -----Original Message----- > > From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx] > > Sent: Tuesday, June 03, 2003 9:21 AM > > To: 'thin@xxxxxxxxxxxxx' > > Subject: [THIN] Re: CSG implementation > >=20 > >=20 > > I prefer it in the DMZ. Then you can specify the ports that are = > allowed > > to > > pass through to it (80 and 443 only) which really cuts down the > > vulnerability. > >=20 > > -Paul > >=20 > > > ---------- > > > From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx] > > > Reply To: thin@xxxxxxxxxxxxx > > > Sent: Tuesday, June 03, 2003 9:17 AM > > > To: thin@xxxxxxxxxxxxx > > > Subject: [THIN] Re: CSG implementation > > >=3D20 > > > In reading from the Brian Madden book (FR2) I get the following, is > > this > > > correct? > > >=3D20 > > > 1 nFuse server in DMZ or outside of the firewall with a verisign = > cert > > on > > > it > > > 1 STA inside the firewall > > >=3D20 > > > From the book, it looks like having it outside the firewall is the > > best > > > config security wise and easier to set up the open ports in the > > firewall > > > compared to the DMZ model. > > >=3D20 > > > Thoughts? > > > =3D3D20 > > >=3D20 > > > _____ =3D3D20 > > >=3D20 > > > =3D3D20 > > > Brian Claus, A+, Network+, MCP > > > Network Administrator > > > WESCO Distribution, Inc. > > > 225 West Station Square Drive, Suite 700 > > > Pittsburgh, PA 15219-1122 > > > Phone: 412-454-2412 > > > Fax: 412-454-2540 > > > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D20 > > > _____ =3D3D20 > > >=3D20 > > >=3D20 > > >=3D20 > > > -----Original Message----- > > > From: Roger Riggins [mailto:Roger@xxxxxxxxxxxx] > > > Sent: Monday, June 02, 2003 6:03 PM > > > To: thin@xxxxxxxxxxxxx > > > Subject: [THIN] Re: CSG implementation > > >=3D20 > > >=3D20 > > > CSG should be in the DMZ. It can be on the same box as NFuse with a > > > tweak or two. STA should go inside, and can share resources with > > another > > > box. If you are purchasing your certs, you don't need a CA.=3D3D3D20 > > >=3D20 > > > Roger > > >=3D20 > > > -----Original Message----- > > > From: SPerez@xxxxxxxxxxxxxxx = > [mailto:SPerez@xxxxxxxxxxxxxxx]=3D3D3D20 > > > Sent: Monday, June 02, 2003 11:29 AM > > > To: thin@xxxxxxxxxxxxx > > > Subject: [THIN] CSG implementation > > >=3D20 > > > Group, > > >=3D20 > > > Environment is Windows 2K Servers running MF XP FR2 w/w2k sp3. > > >=3D20 > > > I currently use NFuse 1.61 with project columbia for one NFuse site > > > hosting > > > internal and external users. > > >=3D20 > > > I would like to implement CSG 2.0. > > >=3D20 > > > Do I need to have a CA running? > > > Also is it best to have CSG on a separate server then NFuse site? > > > Does CSG need to reside on the inside or can it reside in the DMZ? > > >=3D20 > > > Thank You, > > > Steve > > >=3D20 > > > ******************************************************** > > > This Week's Sponsor - Appsense Technologies > > > New! AppSense Optimizer is a new product from AppSense=3D3D3D20 > > > designed to increase the user capacity of your servers.=3D3D3D20 > > > http://www.appsense.com/ > > > ********************************************************** > > >=3D20 > > > For Archives, to Unsubscribe, Subscribe or=3D3D3D20 > > > set Digest or Vacation mode use the below link: > > > http://thethin.net/citrixlist.cfm > > > ******************************************************** > > > This Week's Sponsor - Appsense Technologies > > > New! AppSense Optimizer is a new product from AppSense=3D3D20 > > > designed to increase the user capacity of your servers.=3D3D20 > > > http://www.appsense.com/ > > > ********************************************************** > > >=3D20 > > > For Archives, to Unsubscribe, Subscribe or=3D3D20 > > > set Digest or Vacation mode use the below link: > > > http://thethin.net/citrixlist.cfm > > > ******************************************************** > > > This Week's Sponsor - Appsense Technologies > > > New! AppSense Optimizer is a new product from AppSense=3D20 > > > designed to increase the user capacity of your servers.=3D20 > > > http://www.appsense.com/ > > > ********************************************************** > > >=3D20 > > > For Archives, to Unsubscribe, Subscribe or=3D20 > > > set Digest or Vacation mode use the below link: > > > http://thethin.net/citrixlist.cfm > > >=3D20 > > ******************************************************** > > This Week's Sponsor - Appsense Technologies > > New! AppSense Optimizer is a new product from AppSense=3D20 > > designed to increase the user capacity of your servers.=3D20 > > http://www.appsense.com/ > > ********************************************************** > >=20 > > For Archives, to Unsubscribe, Subscribe or=3D20 > > set Digest or Vacation mode use the below link: > > http://thethin.net/citrixlist.cfm > > ******************************************************** > > This Week's Sponsor - Appsense Technologies > > New! AppSense Optimizer is a new product from AppSense=20 > > designed to increase the user capacity of your servers.=20 > > http://www.appsense.com/ > > ********************************************************** > >=20 > > For Archives, to Unsubscribe, Subscribe or=20 > > set Digest or Vacation mode use the below link: > > http://thethin.net/citrixlist.cfm > >=20 > ******************************************************** > This Week's Sponsor - Appsense Technologies > New! AppSense Optimizer is a new product from AppSense=20 > designed to increase the user capacity of your servers.=20 > http://www.appsense.com/ > ********************************************************** > > For Archives, to Unsubscribe, Subscribe or=20 > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** > This Week's Sponsor - Appsense Technologies > New! AppSense Optimizer is a new product from AppSense > designed to increase the user capacity of your servers. > http://www.appsense.com/ > ********************************************************** > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** This Week's Sponsor - Appsense Technologies New! AppSense Optimizer is a new product from AppSense designed to increase the user capacity of your servers. http://www.appsense.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm