[THIN] Re: Restricting who can access citrix remotely
- From: "Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 4 Apr 2011 18:20:22 +0100
Are you possibly thinking of the access gateway's ability to have some sort
of host checking and end-point analysis?
The way I've done it in the past (without an access gateway) is to have
multiple WI & CSG boxes & include some additional tweaks.
Outside: CSG.External->WI.External
Internal: WI.Internal or CSG.Internal->WI.Internal
The internal/external WI can be hosted on the same server.
You can use the functions and information on Thomas Koetzing's excellent
resource site (http://www.youtube.com/watch?v=Cj6wgPN2CCg) to hide
folders/applications on the External Site; you can also specify who has
access to the WI site on a group level.
Also bear in mind you can modify a WI sites so that the client name for each
connection is overridden from the default. The default is to use the end
client's own name - but if you enable this feature each remote connection
gets a unique name (starting with WI).
You can change this prefix on a WI site by site basis
(http://support.citrix.com/article/CTX111851
) so for example, the WI.External site has a prefix of EX_* and the
WI.Internal has a prefix of IN_*. You can then set policies that
enable/disable features based on an internal/external connection. Maybe for
internal you allow printing and local drive access, and for external you
don't
This way - internal users get a full set of apps, with one set of policies;
external users get a different set of apps (or a reduced set of apps) with a
different set of policies.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jason Benway
Sent: 04 April 2011 16:19
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Restricting who can access citrix remotely
What I was hoping for is something like
If they are group A that gives them access to the app through CWI
But from outside they go through the CSG first and need to be in Group B and
Group A to logon through CSG=>CWI
jb
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Greg Reese
Sent: Monday, April 04, 2011 11:16 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Restricting who can access citrix remotely
you could always just amp up the IIS security which would force them to
authenticate to the website first.
Greg
On Mon, Apr 4, 2011 at 10:11 AM, Jason Benway <benwayj@xxxxxxxxxxx> wrote:
Currently I have two citrix farms, one old PS4 and the new XA5 (win2003)
that I'm moving toward.
I have two different CSG's installed to access them.
Is it possible with just CSG to require an additional group to access the
web interface.
So if they are inside they can get to their apps, but control who/what is
access from outside?
I think that requires another citrix product. But I thought I remember a CWI
hack from the old days that may let me do this.
Jason Benway
System/Storage Engineer
<http://www.jsjcorp.com> www.jsjcorp.com
JSJ Corporation
700 Robbins Road
Grand Haven, MI 49417
_____
This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose or take any action based on this message or
any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation.
Other related posts:
