[THIN] Re: Giving expernal parties access to your Citrix published applications

  • From: "Steve Greenberg" <steveg@xxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 5 Sep 2006 09:26:35 -0700

Take a close look at the Citrix Access Gateway with Advanced Access Control.
The intent of this product is to do exactly what you are describing- create
an access platform with extremely granular security. Likely it would be
better to create a new farm and all the resources, but AAC is designed to do
this using the existing resources. Even if you did decide to create a new
farm, AAC is still a better security front end and could service both farms.


Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649





From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Michael Pardee
Sent: Tuesday, September 05, 2006 8:51 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Giving expernal parties access to your Citrix published


We have a MFXP Farm of approximately 4500 concurrent users all on
Windows2003 SP1 servers.  We have always brought Vendors in to a secure area
via VPN to very specific servers.  We now have a need to bring in close to
500 concurrent users from a Vendor/Partner and I'm curious how others are
doing this. 

As with everything, the easiest way is the least secure, so just giving them
accounts in our AD and letting them hit our internal Farm via WI is probably
not the best way to go.  I'm thinking we may actually want to bring up an
external facing PS4 Farm for the Vendors/Partners.  When we do that we need
new ZDCs, license servers, etc.  I guess we'd need an external Microsoft
license server and a bunch of TSCals.  Maybe even a different WI server to
ensure seperation from the regular employee access portal. 

Just curious how others allow external parties access to your applications.

Thanks in advance.


Michael Pardee

Other related posts: