[THIN] Re: CSG implementation

• From: "Stansel, Paul" <Paul.Stansel@xxxxxxxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Tue, 3 Jun 2003 10:47:51 -0400

Well, Citrix's stuff is a vanilla install.  I happened to have the hardware
available to do it, and it was the least hassle for me.  Either way, whether
you have them on the same box or seperate ones, I still say you need it in
the DMZ for security.

-Paul

> ----------
> From:         Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> Reply To:     thin@xxxxxxxxxxxxx
> Sent:         Tuesday, June 03, 2003 10:43 AM
> To:   thin@xxxxxxxxxxxxx
> Subject:      [THIN] Re: CSG implementation
> 
> I'm still in the design phase.  Does anyone have any white papers \ best =
> practices information on installing and configuring CSG?  The stuff I've =
> found on Citrix's web site is lacking...
> 
> =20
> 
>   _____ =20
> 
> =20
> Brian Claus, A+, Network+, MCP
> Network Administrator
> WESCO Distribution, Inc.
> 225 West Station Square Drive, Suite 700
> Pittsburgh, PA 15219-1122
> Phone:  412-454-2412
> Fax:  412-454-2540
> bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=20
>   _____ =20
> 
> 
> 
> -----Original Message-----
> From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
> Sent: Tuesday, June 03, 2003 10:22 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: CSG implementation
> 
> 
> Well, it depends... are you running the Gateway on the same box as =
> NFuse?
> I'm not.  Anyway, open only the ports you need.  It is far more secure.  =
> And
> remember, the XML communication takes place from the DMZ to the internal
> network.  It does not need to be visible externally.  You need 80 so =
> that
> NFuse can communicate AND so that the certificate can be resolved, and =
> 443
> for security communications.  I do it the recommended way and run a =
> seperate
> server for NFuse and for my Secure Gateway box.  Both have only 80 and =
> 443
> open to them externally.  The SG box has IIS disabled.  It works well.
> 
> -Paul
> 
> > ----------
> > From:       Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> > Reply To:   thin@xxxxxxxxxxxxx
> > Sent:       Tuesday, June 03, 2003 10:04 AM
> > To:         thin@xxxxxxxxxxxxx
> > Subject:    [THIN] Re: CSG implementation
> >=20
> > What about custom apps?  Will they work if only 80 and 443 are open?
> > (I'm assuming you mean that your nfuse server uses port 80 to
> > communicate via XML...I don't use 80)
> >=20
> > =3D20
> >=20
> >   _____ =3D20
> >=20
> > =3D20
> > Brian Claus, A+, Network+, MCP
> > Network Administrator
> > WESCO Distribution, Inc.
> > 225 West Station Square Drive, Suite 700
> > Pittsburgh, PA 15219-1122
> > Phone:  412-454-2412
> > Fax:  412-454-2540
> > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D20
> >   _____ =3D20
> >=20
> >=20
> >=20
> > -----Original Message-----
> > From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
> > Sent: Tuesday, June 03, 2003 9:21 AM
> > To: 'thin@xxxxxxxxxxxxx'
> > Subject: [THIN] Re: CSG implementation
> >=20
> >=20
> > I prefer it in the DMZ.  Then you can specify the ports that are =
> allowed
> > to
> > pass through to it (80 and 443 only) which really cuts down the
> > vulnerability.
> >=20
> > -Paul
> >=20
> > > ----------
> > > From:     Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> > > Reply To:         thin@xxxxxxxxxxxxx
> > > Sent:     Tuesday, June 03, 2003 9:17 AM
> > > To:       thin@xxxxxxxxxxxxx
> > > Subject:  [THIN] Re: CSG implementation
> > >=3D20
> > > In reading from the Brian Madden book (FR2) I get the following, is
> > this
> > > correct?
> > >=3D20
> > > 1 nFuse server in DMZ or outside of the firewall with a verisign =
> cert
> > on
> > > it
> > > 1 STA inside the firewall
> > >=3D20
> > > From the book, it looks like having it outside the firewall is the
> > best
> > > config security wise and easier to set up the open ports in the
> > firewall
> > > compared to the DMZ model.
> > >=3D20
> > > Thoughts?
> > > =3D3D20
> > >=3D20
> > >   _____ =3D3D20
> > >=3D20
> > > =3D3D20
> > > Brian Claus, A+, Network+, MCP
> > > Network Administrator
> > > WESCO Distribution, Inc.
> > > 225 West Station Square Drive, Suite 700
> > > Pittsburgh, PA 15219-1122
> > > Phone:  412-454-2412
> > > Fax:  412-454-2540
> > > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D20
> > >   _____ =3D3D20
> > >=3D20
> > >=3D20
> > >=3D20
> > > -----Original Message-----
> > > From: Roger Riggins [mailto:Roger@xxxxxxxxxxxx]
> > > Sent: Monday, June 02, 2003 6:03 PM
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Re: CSG implementation
> > >=3D20
> > >=3D20
> > > CSG should be in the DMZ. It can be on the same box as NFuse with a
> > > tweak or two. STA should go inside, and can share resources with
> > another
> > > box. If you are purchasing your certs, you don't need a CA.=3D3D3D20
> > >=3D20
> > > Roger
> > >=3D20
> > > -----Original Message-----
> > > From: SPerez@xxxxxxxxxxxxxxx =
> [mailto:SPerez@xxxxxxxxxxxxxxx]=3D3D3D20
> > > Sent: Monday, June 02, 2003 11:29 AM
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] CSG implementation
> > >=3D20
> > > Group,
> > >=3D20
> > > Environment is Windows 2K Servers running MF XP FR2 w/w2k sp3.
> > >=3D20
> > > I currently use NFuse 1.61 with project columbia for one NFuse site
> > > hosting
> > > internal and external users.
> > >=3D20
> > > I would like to implement CSG 2.0.
> > >=3D20
> > > Do I need to have a CA running?
> > > Also is it best to have CSG on a separate server then NFuse site?
> > > Does CSG need to reside on the inside or can it reside in the DMZ?
> > >=3D20
> > > Thank You,
> > > Steve
> > >=3D20
> > > ********************************************************
> > > This Week's Sponsor - Appsense Technologies
> > > New! AppSense Optimizer is a new product from AppSense=3D3D3D20
> > > designed to increase the user capacity of your servers.=3D3D3D20
> > > http://www.appsense.com/
> > > **********************************************************
> > >=3D20
> > > For Archives, to Unsubscribe, Subscribe or=3D3D3D20
> > > set Digest or Vacation mode use the below link:
> > > http://thethin.net/citrixlist.cfm
> > > ********************************************************
> > > This Week's Sponsor - Appsense Technologies
> > > New! AppSense Optimizer is a new product from AppSense=3D3D20
> > > designed to increase the user capacity of your servers.=3D3D20
> > > http://www.appsense.com/
> > > **********************************************************
> > >=3D20
> > > For Archives, to Unsubscribe, Subscribe or=3D3D20
> > > set Digest or Vacation mode use the below link:
> > > http://thethin.net/citrixlist.cfm
> > > ********************************************************
> > > This Week's Sponsor - Appsense Technologies
> > > New! AppSense Optimizer is a new product from AppSense=3D20
> > > designed to increase the user capacity of your servers.=3D20
> > > http://www.appsense.com/
> > > **********************************************************
> > >=3D20
> > > For Archives, to Unsubscribe, Subscribe or=3D20
> > > set Digest or Vacation mode use the below link:
> > > http://thethin.net/citrixlist.cfm
> > >=3D20
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=3D20
> > designed to increase the user capacity of your servers.=3D20
> > http://www.appsense.com/
> > **********************************************************
> >=20
> > For Archives, to Unsubscribe, Subscribe or=3D20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=20
> > designed to increase the user capacity of your servers.=20
> > http://www.appsense.com/
> > **********************************************************
> >=20
> > For Archives, to Unsubscribe, Subscribe or=20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> >=20
> ********************************************************
> This Week's Sponsor - Appsense Technologies
> New! AppSense Optimizer is a new product from AppSense=20
> designed to increase the user capacity of your servers.=20
> http://www.appsense.com/
> **********************************************************
> 
> For Archives, to Unsubscribe, Subscribe or=20
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> ********************************************************
> This Week's Sponsor - Appsense Technologies
> New! AppSense Optimizer is a new product from AppSense 
> designed to increase the user capacity of your servers. 
> http://www.appsense.com/
> **********************************************************
> 
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> 
********************************************************
This Week's Sponsor - Appsense Technologies
New! AppSense Optimizer is a new product from AppSense 
designed to increase the user capacity of your servers. 
http://www.appsense.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation

1. Home
2. thin
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---