Sounds about right. Look at page 16 of the MSAM 2.2 Supplemental guide. The graphic is for "Single Hop" deployment. Pretty much agrees with what you are saying. Also review the Secure Gateway Pre-Installation checklist. It actually gives options for where components will sit. One thing you will need that has not been mentioned is a certificate for the SSL. I am not sure about the Gateway Client. I am not familiar with that software. Did you read the Secure Gateway For Windows guide? Page 10 lists your scenario and directs to another chapter for configuring CSG to work with Farms. Very good tidbits on page 49. For example, if you will only use CSG for ICA traffic, you don't need the logon agent. adam |---------+----------------------------> | | "Roger Wright" | | | <rwright@sc-bank.| | | com> | | | Sent by: | | | thin-bounce@freel| | | ists.org | | | | | | | | | 03/21/2005 02:03 | | | PM | | | Please respond to| | | thin | | | | |---------+----------------------------> >------------------------------------------------------------------------------------------------------------------------------| | | | To: <thin@xxxxxxxxxxxxx> | | cc: | | Subject: [THIN] Re: Internet Access | >------------------------------------------------------------------------------------------------------------------------------| Okay, for basic config it looks like the Secure Gateway Service and the Agent on the webserver, the Secure Ticket Authority and Gateway Client and the internal network, and the Citrix XML Service on the Citrix box itself. Does that sound right? Roger Wright ___ "Blessed are the young, for they will inherit the national debt." - Herbert Hoover -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Adam.Baum@xxxxxxxxxxxxxx Sent: Monday, March 21, 2005 3:56 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Internet Access Well, we are doing it in a fairly complex manner. There was a diagram in the CSG (or MSAM) 2.2 Supplementary Guide that showed exactly what I was hoping to accomplish. I didn't realize that it was a conceptual diagram and not a physical one. I would go download the latest Methodology-in-a-Box and go from there. It gives step-by-step instructions. CSG and Proxy are easy to install. My mistake was trying to install the Logon Agent on the same box as the Proxy. It can be done, but it's not documented anywhere except for one paragraph in the Supplemental Guide, which really just says something like "Install the software on the server". Not much detail there. adam |---------+----------------------------> | | "Roger Wright" | | | <rwright@sc-bank.| | | com> | | | Sent by: | | | thin-bounce@freel| | | ists.org | | | | | | | | | 03/21/2005 01:29 | | | PM | | | Please respond to| | | thin | | | | |---------+----------------------------> >----------------------------------------------------------------------- -------------------------------------------------------| | | | To: <thin@xxxxxxxxxxxxx> | | cc: | | Subject: [THIN] Re: Internet Access | >----------------------------------------------------------------------- -------------------------------------------------------| No ISA server. I had looked at CSG earlier but became thoroughly confused about the configuration. Any pointers to easy-to-follow setup dos? Internal Citrix box with published application, webserver in DMZ. Roger Wright ___ If you can keep your head when those about you are losing theirs, perhaps you've misunderstood the situation. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Adam.Baum@xxxxxxxxxxxxxx Sent: Monday, March 21, 2005 3:22 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Internet Access You could always the CSG/Proxy route..or is you have ISA Server 2004, use it instead. adam |---------+----------------------------> | | "Roger Wright" | | | <rwright@sc-bank.| | | com> | | | Sent by: | | | thin-bounce@freel| | | ists.org | | | | | | | | | 03/21/2005 01:08 | | | PM | | | Please respond to| | | thin | | | | |---------+----------------------------> >----------------------------------------------------------------------- -------------------------------------------------------| | | | To: <thin@xxxxxxxxxxxxx> | | cc: | | Subject: [THIN] Internet Access | >----------------------------------------------------------------------- -------------------------------------------------------| I have a Citrix box on my internal network used to access a published application. I need to make the application available from a webserver in my DMZ with security and encryption. Which add-ons do I need to be able to do this? Roger Wright ___ If you cannot convince them, confuse them. --Truman _______ _______ NOTICE: Internet e-mail communication is NOT SECURE. Please do not include any personal, private or confidential information in your e-mail messages. The information contained in this electronic message is intended solely for the use of the recipient named above. If the reader is not the recipient named above, you are hereby notified that any dissemination, distribution, copying or disclosure of the contents of this message is prohibited. If you have received this e-mail message in error, please immediately notify the sender and destroy the original message. ******************************************************** This Weeks Sponsor: RTO Software TScale TScale provides a cost-effective way to improve performance, capacity and stability for thin-client servers like Citrix MetaFrame or Microsoft Terminal Services running Windows NT, 2000 or 2003. http://www.rtosoft.com/enter.asp?id)6 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor: RTO Software TScale TScale provides a cost-effective way to improve performance, capacity and stability for thin-client servers like Citrix MetaFrame or Microsoft Terminal Services running Windows NT, 2000 or 2003. http://www.rtosoft.com/enter.asp?id=296 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm