Академический Документы
Профессиональный Документы
Культура Документы
Andrew Wilmot
Citrix Technical Business Development Manager
IT
Citrix Secure Gateway Presentation
NAT 192.168.5.1-192.68.0.100
Citrix
Secure
Gateway
Client Citrix
ll a weri F
ll a weri F
Workstations NFuse
.ICA file
Web Secure
Secure Web
Web
Browser 443 Server
Server
HTTP/S
Citrix XML
NFuse
NFuse
XML- Service
Service
HTTP/80
CSG Components
• CSG Service
– The CSG program itself.
ICA/1494
ICA/SSL CSG
CSG
ICA
ICA Client
Client Server
Server Ticket MetaFrame
MetaFrame
Verification Server Farm
SSecure
ecure
ICA TTicketing
icketing
File Secure AAuthority
uthority
Web
Web Secure Web
Web
Browser
Browser Server
Server
Ticket Generation
Citrix XML
Service
Service
NFuse
NFuse Classic and CSG Connection Process
• User accesses NFuse Classic portal page over Https://
connection from Web browser and logs in.
• The Web browser passes the ICA file to the ICA Client, which
launches an SSL connection to the CSG server.
NFuse Classic and CSG Connection Process
• CSG server accepts the ticket from the ICA Client and uses
information in the ticket to identify and contact the STA for
ticket validation.
Citrix Secure
Gateway
• Solaris edition.
CSG and Java Client
• Install Certificates
Certificate Server - Creating Certificates
• Issue Certifcate Request in IIS, use 1024 bit and name with
the domain name of the server eg. citrix.company.com.
• From within IIS Admin, choose Web Site TAB, and add
the SSL port 443. Then choose the Directory Security
TAB and ‘Edit’ under Secure Communications area.
Certificates Required – Web and CSG
• A Certificate is required for the NFuse web site, ie
https://citrix.company.com and also for the client to
authenticate using SSL to the CSG server, using the FQDN of
the CSG Server ie csg.company.com.
• Set the IP Address that CSG will listen to port 443 on.
http://download.microsoft.com/download/iis50/
Utility/2.1/NT45/EN-US/iislockd.exe