[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Citrix PS3 secure gateway, web interface and STa install

Posted on 2004-11-23
8
Medium Priority
?
351 Views
Last Modified: 2010-04-19
Hi,

I have created my Citrix farm and it is working on a 2003 domain. I have placed a 2003 server workgroup in the DMZ ready for SG and Web interface.  I am just about to install STa on a server in the domain, is there any order for the installs or any other advice
0
Comment
Question by:jrinns
  • 4
  • 4
8 Comments
 
LVL 4

Expert Comment

by:brownmattc
ID: 12669456
1. Secure Ticket Authority
2. Secure Gateway
3. Web Interface

Make sure you download the new version of WI.  It is 3.0.  It is much easier to use and configure than the old version.

Matt
0
 
LVL 4

Expert Comment

by:brownmattc
ID: 12669461
Oh and make sure you have a Server Certificate installed BEFORE you install the rest.  It will save you alot of time in the long run.

Matt
0
 

Author Comment

by:jrinns
ID: 12670164
hi,

never got your reply in time and went with sta then web interface, citrix uk told me this ?havnt begun with SG yet as had some NAT issues. its now working via our firewalls ip address which forwards this onto the WI server, I thought this was all that was needed but also had to open 1494 and forward this onto the citrix server or no apps would launch. now working fine although. i had published some content but when i hovered the mouse on them they had an external path to them where as outlook and desktop started with the external ip address.

any ideas and is this very secure?, this way the PN can also access the external ip but I was advised this isnt very secure but might add safeword for the WI access. It will take alot of installs until im used to the web access side of things, i suppose one youve done it a few times you ge the hang like anything else

thanks

jason
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:jrinns
ID: 12670183
sorry typo - when i hovered over the pulished content ie files / media it showed an internal path on the domain which as you know aint gonna work
0
 
LVL 4

Expert Comment

by:brownmattc
ID: 12671208
If you would like to secure it then you should implement HTTPS.  It isn't to hard to do.  Basicly in IIS (I assume you published it using IIS settings) you need to do a couple of things. Check this citrix doc for the steps:
http://support.citrix.com/kb/entry!default.jspa?categoryID=242&entryID=4683&fromSearchPage=true

Use the second method that starts on Page 8.  That way when someone tries to connect to your site they will be automatically redirected to a secure website.

You can also add Safeword to the logon process if you want to make sure that it is doubley secure but Safeword only secures the logon not the data sent back and forth. For that you need SSL (HTTPS)

Matt
0
 

Author Comment

by:jrinns
ID: 12673132
So is it too late to go with Secure Gateway?
0
 
LVL 4

Accepted Solution

by:
brownmattc earned 2000 total points
ID: 12700763
Nope. Go ahead and install it.
0
 

Author Comment

by:jrinns
ID: 12708070
Thanks for your help. Did the redirection to https which worked a treat. everyone is pleased with it so thats a job well done. Might go ahead with secure gateway, its just allocating time to look at it
jason
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question