[THIN] Re: Nfuse Design Help

  • From: "Arthur Reyes" <ARTADMIN@xxxxxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Wed, 18 Aug 2004 10:28:25 -0500

Sometimes you have to configure things a specific way, understood.

Keep in mind that a public certificate, from a company such as
verisign, can be distributed to users dynamically (when they
first use the portal), because many of these CAs are trusted by IE.

Secondly, you are exposing the IP address of every citrix server,
because these addresses will be contained within the ica file
distributed by WI.

Lastly, setting 128 bit encryption (I'm assuming) on all your
published apps will create overhead when it isn't needed
(internally).

So my question is, what is your rule for NAT.  I'm assuming here
that you have configured WI for NAT by default, except when the
requestor's IP range is x (internal).  If this is already the
case, confirm this:

External | DMZ | Internal
DMZ -> Internal : Ports 1494, XML Port.  WI has DNS or Hosts to
resolve all server IPs
External -> DMZ : 80/443 to WI or Proxy Applicance
External -> DMZ -> Internal : Port 1494 to all servers

If that's all good, check time-out settings.  I can't think of
anything else at the moment.


********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications,
users, and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: