I have LOTS of customers who run CSG internally. Some require that all traffic is encrypted and they also have a Citrix policy that says everyone uses RC5 128-bit ICA Encryption.
I would change IIS to use 444 and upgrade CSG to the latest version 3.3.1 (http://support.citrix.com/article/CTX133095). That is also more than likely the last version of CSG. I would also make sure you are running Web Interface 5.4.2 since it addresses known security vulnerabilities. http://support.citrix.com/article/CTX130660 This is also the last version of Web Interface. If this is PS4.5 on Server 2003, just make sure your customer knows that on March 31st, 2013 that any Citrix product on Server 2003 is EOL/EOM/EOS. I would recommend Hotfix Rollup Pack 7. http://support.citrix.com/article/CTX127926 Just make sure you read the prereqs first. Once you install HRP7, install the following updates: http://support.citrix.com/article/CTX133359 (security fix) http://support.citrix.com/article/CTX122214 (Access Mgmt Console 4.6.5 install before the next fix) http://support.citrix.com/article/CTX126734 (Delivery Services Console 4.7.2, install after the previous update) While you are updating stuff to get them all current, I would also upgrade to License Server 11.10 for Windows since it no longer uses IIS. https://www.citrix.com/downloads/licensing/license-server.html You will need to take 1 minute to return your current license file and download a new license file that is formatted for 11.10. This will not affect any currently logged in users. This should get you all up-to-date for all the dead products your customer is using. Thanks Webster From: Ken Cornetet [mailto:[email protected]] Sent: Friday, March 15, 2013 8:04 AM To: NT System Admin Issues Subject: RE: CSG 3.2 and Presenatation 4.5 Why would you run CSG internally? I run a Xenapp 5 farm with just a web interface for internal users. External users come through a different CSG/WI box in the DMZ. From: Greg Sweers [mailto:[email protected]] Sent: Monday, March 04, 2013 2:41 PM To: NT System Admin Issues Subject: CSG 3.2 and Presenatation 4.5 We have a client who their internal guy just left and he basically maintained a Citrix Farm on Xenapp 4.5 with CSG 3.2 They have asked us to take a look and fix a few things. I renewed their SSL cert which is running under their own PKI infrastructure, but the CSG service is disabled and the whole things is running through IIS. They can login and everything works, but I have never seen that configuration before. Usually the SSL on IIS is running 444 and the CSG runs 443. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
