I don't know about a gateway... I don't have any machines running RHEL (or OpenSolaris) exposed to the outside world.. I also wanted to re-use my SSL certificate.
I just had another thought... What about port forwarding a single non-standard encrypted port and using the firewall transversal options (so HTTPS and AIP are on the same port). Would there be an issue with the server answering as intranet.domain.com rather than sgdserver.domain.com? Any way to run a different SSL certificate internally (maybe even on the standard SSL port)? -Jon ----- Original Message ----- From: "Richard Butland" <richard.butl...@sun.com> To: "Sun Secure Global Desktop Users mailing list" <sgd-users@filibeto.org> Sent: Friday, October 30, 2009 6:30:21 PM GMT -05:00 Colombia Subject: Re: [SGD-Users] Proxy web/AIP data via another server Have you looked at the Secure Gateway? Basically, that's what it's built to do - proxy both the http(s) traffic, and the AIP(s) traffic. If you want to do it yourself, well, you *can* put up a reverse proxy, and the AIP traffic can be routed through a SOCKS proxy, but I really can't recommend it. For internal connections, you simply connect to sgdserver.domain.com - you don't *have* to go through the gateway. The Secure Gateway isn't separately priced, and this is what it was designed for, so this is what I'd recommend. http://docs.sun.com/source/820-6691/index.html hth, Rick Jonathan C. Bailey wrote: > I'm a bit of an SGD newbie, implementing it as part of our VDI3 install. > > Anyway, we have an existing intranet server (intranet.domain.com). The server > provides HTTP/HTTPS access to intranet resources. We also have a SGD server > at sgdserver.domain.com (running HTTP only, not public). We'd like to proxy > requests to /sgd/ via intranet.domain.com with Apache (using ProxyPass and > ProxyPassReverse), and port forward the secure AIP port to the internal SGD > server (the port forward being the easy part). > > Anyway, is what I'm looking for possible? Anything specific I should be > looking at in the manual? > > Also, we'd like to keep HTTP/unencrypted AIP communications for internal > access to SGD... > > > Thanks! > > -Jon > _______________________________________________ > SGD-Users mailing list > SGD-Users@filibeto.org > http://www.filibeto.org/mailman/listinfo/sgd-users > _______________________________________________ SGD-Users mailing list SGD-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sgd-users _______________________________________________ SGD-Users mailing list SGD-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sgd-users
