Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Citrix® Secure Gateway (CSG) Testing 1

Status
Not open for further replies.
cagen

cagen

IS-IT--Management
Joined
Sep 8, 2004
Messages
6
Location
GB
We have been looking at this solution for a while now but before we implement it we would like to know the following

We already have a MetaFrame XP in use.
1. Are we able to test the CSG solution on our internal network without the STA?

We are planning on installing NFuse & the CSG onto the same box but want to test the whole thing without the STA for now.

2. Is there a more recent version of the documentation that helps you configure NFuse & CSG on the same box. I currently have the one writen by Andrew Wilmot in 2002 but that was for NFuse 1.7

3. Is there anything we need to do on our current Metaframe server? Will it require down time if there is?

I think that's all for now.. Appreciate any feedback.
 
Sort by date Sort by votes
1. CSG requires an STA...unless it is installed in the Relay mode...which I would NOT recommend.

2. I would recommend web interface 3.0 with CSG 2.0 if you want to run both on the same hardware. Citrix did a good job getting these two to play nicely together. Just remember to use a port other than 443 for SSL on the website. The admin docs for these versions are written with combining hardware in mind.

3. Adding CSG to your environment should be seamless. Standing up CSG does not interrupt service...well not if you can afford to reboot the MetaFrame server (if prompted)that will be hosting the STA service.
 
Upvote 0 Downvote
We are hoping we can implement the whole idea like this

1. One Citrix Metaframe Server
2. CSG & NFuse installed on the same server on the DMZ
3. From what I have read. You can authenticate via the STA or NFuse. Is that correct?
4. We understand that the 2 points of entry to this service would be a) the ICA Client and b) a web browser.
5. If using a web browser, the NFuse web server would do the authenticating so there is no need for a secure-id right? or am I wrong there too?

I'm sure we are really not vey far from understanding how this is all done. It's really just the answers to these questions left to understand.

If using a web browser, the NFuse web server would do the authenticating so there is no need for a secure-id right? Or am I wrong there too?

In point 5. I said…
5. If using a web browser, the NFuse web server would do the authenticating so there is no need for a secure-id right? Or am I wrong there too?

By say this I wanted to understand the following sections
6. NFUSE vs MetaFrame Secure Access Manager - where does NFuse and the Secure Access Manager com into all this?
I understand it as NFuse is the front end that the client browsers see.

I saw this in the Secure Gateway for MetaFrame®
Version 2.0 (Page 17) which also mentions the Logon "MetaFrame Secure Access Manager (previously known as Citrix NFuse Elite),Version 2.0"

7. How many servers would we need to purchase here? As mentioned, we already have the Metaframe server and want to combine the 2 services (CSG & NFuse/Logon Agent) onto the same server

8. Is NFuse needed at all if we only want to use the RSA approach?

I'm sorry if there is any confusion here Ok - almost there.

Reading old documentation that uses different terminology and diagrams does not help one bit.

Appreciate your help guys. Thanks.
 
Upvote 0 Downvote
NFuse (Now called Web Interface...hard to keep up w/ name changes LOL) provides a means for your users to provide credentials which passed to the MetaFrame server for authentication.

Our user standard is IE 6sp1 w/ the Citrix Web Client. Giving users the ability to download the client from the NFuse page is extremely convenient and cuts down on admin.

The Secure ID is handy as an additional layer of security, but is not required. It safeguards access in enviroments where users write down their passwords, share them w/ co-workers, or create easy to guess passwords after their first born child whos name/picture is pasted all over the cubicle. Having a randomly generated password that changes at each logon in addition to the users' passwords is great.

It sounds as if Secure Access Manager is not something that you'll be looking at right now. How many users do you expect to access your future CSG solution? How many internal LAN/WAN users? will be accessing applications on your MetaFrame server?
 
Upvote 0 Downvote
This is going to be used as an internal service only. Hence the reason why I wanted to use the Secure Id option to start with.

The amount of users is hoped to increase from at least 150 to start with. As we progressivly begin to increase the amount of applications shared, this should double in the first 12 months..
 
Upvote 0 Downvote
When you say "internal" do you mean your company employees only, or do you mean employees that are on your company network?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattmontalto
  • Locked
  • Question Question
MS Threat Management Gateway Alternative
Replies
0
Views
492
mattmontalto
mattmontalto
damienenglish
  • Locked
  • Question Question
Citrix Replication Fault Detection
Replies
0
Views
491
damienenglish
damienenglish
DreemaGurl
  • Locked
  • Question Question
Can't log on to Citrix through emote access portal
Replies
1
Views
871
ntinlin
ntinlin
SpenceWaller
  • Locked
  • Question Question
Citrix CSG - Allow users to change password
Replies
0
Views
325
SpenceWaller
SpenceWaller
Hfnet
  • Locked
  • Question Question
Office 2010 KMS stoppped working on PVS Citrix
Replies
0
Views
457
Hfnet
Hfnet

Part and Inventory Search

Sponsor

Back
Top