"...You really need to be a serious packet-head like Aaron Rohyans in order to best use and support those beasts."
Should I take offense to this? J Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected] http://www.dpsciences.com/ From: Webster [mailto:[email protected]] Sent: Saturday, November 14, 2009 8:18 PM To: NT System Admin Issues Subject: RE: Citrix question, could use some guidance IMO, Citrix would love to get rid of the Citrix Access Gateway (CAG) and have everyone move to the NetScaler. NetScaler is NOT cheap but provides a huge amount of functionality and provides Global Load Balancing Support (GLBS) [I believe that is the correct term]. GLBS allows every NetScaler in an environment to monitor each other for very intelligent DR. NetScaler has all the functionality of the CAG and also has the Advanced Access Control software built-in. You really need to be a serious packet-head like Aaron Rohyans in order to best use and support those beasts. Webster From: Tom Miller [mailto:[email protected]] Sent: Saturday, November 14, 2009 7:05 PM To: NT System Admin Issues Subject: RE: Citrix question, could use some guidance Or if you have extra funds take a look at the Citrix Access Gateway appliance (might be renamed soon, not too sure about that). it's not free (not much is from Citrix), but it keeps direct connections from your XenApp servers, and you can run end point scanning, which I really like. A bit OT but my new CAG is slower than my old one (which is used for another system), something to do with the interface redesign, I was told. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 >>> "Webster" <[email protected]> 11/14/2009 4:27 PM >>> I wrote a 7-part series on Learning the Basics of XenApp 5 for Server 2003. Part 1 is here http://www.dabcc.com/article.aspx?id=9785 and you can easily find the other parts. All my Citrix articles are here: http://www.dabcc.com/Webster . What you are trying to do is not recommend or safe. You need to add the FREE Citrix Secure Gateway software on that server. I wrote a 3-part series on doing that. Webster > -----Original Message----- > From: Jeremy Anderson [mailto:[email protected]] > Subject: Citrix question, could use some guidance > > Morning / Afternoon everyone. > > I got tossed a project that was a former engineer / consultants baby. > Basically I was given a Citrix XenApp 5.5 server and told to "make it > work". The last time I saw Citrix it was running on NT4, but with > dreams of bonuses and being showered with praise at my amazing tech > skills I said sure. (actually I am afraid of my boss and there was no > way to say no). > > There is no documentation from the former engineer, and he will not > communicate with me. I am ok with that. > > I have the XenApp server running, AD integration, published apps all > working properly. I am sure that there is some cleanup, and security > lock downs that I will have to do, but for now, it works. Published > apps work. > > The Farm and all roles exist on one 2003 server. > > So here is my problem. I can not get this to work from outside of the > firewall. Inside, everything works fine. On the VPN, everything works > fine. From the Internet, I can log into the web page, see my published > apps. When I click on the Published app, it says "Unable to launch > your application, Contact your help desk. Cannot connect to the Citrix > XenApp server. Could not find the specified Citrix Xenapp server." > > So I have made sure that all the ports are open in the firewall, and I > can telnet to the ports. Firewall is open. > > My question here is, I cant just open this to the Internet can I? I > need some sort of SSL relay, or Citrix Gateway server or something > right? Am I missing something here? > > Citrix documentation says " Securing connections to published > applications with SSL/TLS. If plug-ins communicate with your farm > across the Internet, Citrix recommends enabling SSL/TLS encryption when > you publish a resource. If you want to use SSL/TLS encryption, use > either the SSL Relay feature (for farms with fewer than five servers) > or the Secure Gateway to relay ICA traffic to the XenApp server. You > can also use SSL Relay to secure Citrix XML Broker traffic." > http://support.citrix.com/proddocs/index.jsp?topic=/xenapp5fp2-w2k3/ps- > gs-intro-using-xenapp-fp2.html > > So do I need to configure a SSL relay, install a Secure Gateway? I am > so confused on this issue, and I am thinking it doesn't help that > Citrix changes their product names more than I change my pants. > > > Can anyone please just tell me or provide me a link, or some Google > search terms on how to make published apps work on the Internet? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
