[THIN] Re: Giving expernal parties access to your Citrix published applications

  • From: "Jeff Pitsch" <jepitsch@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Tue, 5 Sep 2006 18:37:17 -0400

Put the external users in their own domain.  I believe the external
connector would work for you although I'm not 100% on how that is licensed
in regards to partners and vendors.  The external connector would cover you
from a CAL perspective.  I also think a segmented fam would be the best way
to handle it.  I would also use CSG/WI (separate installation because of
domain and branding (if you wanted different branding for external users)).
The PS license server could easily be shared if needed.  this is exactly the
scenario that it was designed for.

I have to respectfully disagree with use CAG/AAC.  It wouldn't get you any
real advantage over simply using WI/CSG.  The granularity that AAC is for is
controlling the level of trust to your internal network in regards to
shares, websites, etc.  It sounds more like you want to simply deliver
applications and not ahve those users mix with your employees.


Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com



On 9/5/06, Michael Pardee <pardeemp.list@xxxxxxxxx> wrote:

We have a MFXP Farm of approximately 4500 concurrent users all on Windows2003 SP1 servers. We have always brought Vendors in to a secure area via VPN to very specific servers. We now have a need to bring in close to 500 concurrent users from a Vendor/Partner and I'm curious how others are doing this.

As with everything, the easiest way is the least secure, so just giving
them accounts in our AD and letting them hit our internal Farm via WI is
probably not the best way to go.  I'm thinking we may actually want to bring
up an external facing PS4 Farm for the Vendors/Partners.  When we do that we
need new ZDCs, license servers, etc.  I guess we'd need an external
Microsoft license server and a bunch of TSCals.  Maybe even a different WI
server to ensure seperation from the regular employee access portal.

Just curious how others allow external parties access to your
applications.

Thanks in advance.

--

Michael Pardee
www.blindsquirrel.org

Other related posts: