[THIN] Re: CSG really necessary?

• From: "Rowlandson, John" <John.Rowlandson@xxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Sun, 11 May 2003 11:11:42 +1000

Mallesons Stephen Jaques
www.mallesons.com

Confidential communication



i'll agree


having just gone thru a rollout of 2000 users on unknown home computers =
coming in thru CSG NFUSE 1.7 and williamette, my helpdesk hates me.

so many things that need to go on a pc somethime like the 128bit =
encryption pack for IE , or the ica client wont push fast enuf down a =
crap modem line. etc etc.

but i guarentee 100% connection success as long as the user installs the =
required patches /updates.

we support win 95 / ie4 and up,  mac os9 and osx either thru local =
client or java client.

we also can get our users in from our client companies networks which is =
always the biggest challenge using java with hacked ini files with proxy =
connection info..

but... IT WORKS :D

roll on v7 java client=20

John

-----Original Message-----
From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx]


Talk about a good post. The only piece I "disagree" with is this:
- Traversing proxies and firewalls on the client side is much easier.
Can you get to https://www.hotmail.com? Yes? You're set.

And I don't think it is a disagreement really. More like a problem with
the rev's of the ICA client that support the CSG up to the 7.0
production rev.

Since the ICA client up to that point doesn't support NTLM
authentication against a proxy you will not be able traverse a MS proxy
using authentication to a CSG but you might get to the Hotmail site...


Of course I get your point, and just wanted to raz you a bit by showing
you a "disagreement" while not really disagreeing with you :-)

Enjoy the weekend guys. As always, you guys smoke the other lists.

Ron

Ron Oglesby
Senior Technical Architect
=3D20
RapidApp
Office 312.372.7188
Mobile 815.325.7618
email roglesby@xxxxxxxxxxxx
=3D20

-----Original Message-----
From: Carlos Sanabria [mailto:csanabria@xxxxxxx]=3D20
Sent: Friday, May 09, 2003 5:59 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG really necessary?


Guys,

I am truly amazed. I have seen the most admirable wisdom reading through
the
hundreds of messages I get in my inbox everyday, and though sometimes I
do
not agree with some opinions, well... That is the best thing of this
list,
getting a second opinion apart from yours is always valuable.

Having said that, I think CSG is the best thing to come around since
Velcro
and burguers with guacamole on them! Here's my view on the topic:

Pros
-----
- More secure. No man-in-the-middle attacks, MF boxes in the Trusted
networks, PKI Certificates, Hidden Ips.
- Citrix Licensing cost: $0
- Hardware + M$ licensing cost: $0 to begin with, but you could build a
more
robust infrastructure with very little money.(see note below).
- Traversing proxies and firewalls on the client side is much easier.
Can
you get to https://www.hotmail.com? Yes? You're set.


Cons
----
- If you're paying a consultant to help you out, she will probably add a
couple of $$ for the extra time.
- If you're using a private CA, installing the CA Root certificate on
the
clients, if you have the dough, go with public CA certificates.
- Nfuse will be your only client option, unless you choose Relay Mode,
but
your MF box's Ips would not be hidden.
- No Automatic Client Reconnect, again, unless you choose Relay Mode.

Note
----
You're probably wondering about the $O hardware choice... Here's how:
- Nfuse/CSG Box on the DMZ.
- MF/STA boxes on the trusted network.

The down side, of course, is that you end up with a single point of
failure
on the NFuse/CSG, but you could fix it with another Nfuse/CSG box and an
external load balancer for the Nfuse page....=3D20

Anyway, we had quite an interesting discussion a couple of weeks back,
whichs show another option to mix boxes...

Oh well, I've rambled on to long... It's Friday, 6PM over here, so I am
off.

You guys have a very very good weekend... I think I will :)

Carlos Sanabria, CCA, MCSA
IT Consultant

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Scott Reichardt
Sent: Thursday, May 08, 2003 1:05 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CSG really necessary?


Im using MF XP 1.0.  If I have NFUSE 1.7 running on a DMZ using SSL
encryption and everyone connecting to the published apps using secureica
RC5
128 bit encryption, is a Citrix Secure Gateway really necessary?  I'd
rather
not have to dedicate another box for a CSG if everything is already
getting
encrypted.
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.474 / Virus Database: 272 - Release Date: 4/18/2003
=3D20

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.474 / Virus Database: 272 - Release Date: 4/18/2003
=3D20

********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?
• » [THIN] Re: CSG really necessary?

1. Home
2. thin
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---