Hi, One way we've used is to create a separate sub-domain for the external users with a one-way trust. That let's you manage them within your existing infrastructure (plus a couple of extra DCs as VMs) but let's you control access with a reasonable degree of control. regards, Rick Ulrich Mack Volante Systems ________________________________ From: thin-bounce@xxxxxxxxxxxxx on behalf of Michael Pardee Sent: Wed 6/09/2006 1:51 To: thin@xxxxxxxxxxxxx Subject: [THIN] Giving expernal parties access to your Citrix published applications We have a MFXP Farm of approximately 4500 concurrent users all on Windows2003 SP1 servers. We have always brought Vendors in to a secure area via VPN to very specific servers. We now have a need to bring in close to 500 concurrent users from a Vendor/Partner and I'm curious how others are doing this. As with everything, the easiest way is the least secure, so just giving them accounts in our AD and letting them hit our internal Farm via WI is probably not the best way to go. I'm thinking we may actually want to bring up an external facing PS4 Farm for the Vendors/Partners. When we do that we need new ZDCs, license servers, etc. I guess we'd need an external Microsoft license server and a bunch of TSCals. Maybe even a different WI server to ensure seperation from the regular employee access portal. Just curious how others allow external parties access to your applications. Thanks in advance. -- Michael Pardee www.blindsquirrel.org ##################################################################################### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. #####################################################################################