Member_2_3414284
asked on
XenApp 6 : securing internet surfing
Hello !
I've got some workstations with critical informations which I would like to isolate from Internet. Currently, their users don't have any network connexion and use separate computer for internet surfing.
I'd like to simplify this, and use virtualisation instead.
I've thought of XenApp, and publish a browser such IE8, Firefox or whatever, which will run on a server inside the DMZ.
Unfortunatly, I don't have any experiences with Citrix.
1- Is this a good idea ? Will the security be safe enough ?
2- What about the user experience ? (e.g. : the user click on a hypertext link, will XenApp intercept it and run it in the streamed browser ?) Of course, I'd like a solution as transparent as possible for the users...
Thank you for your opinions,
Best regards
I've got some workstations with critical informations which I would like to isolate from Internet. Currently, their users don't have any network connexion and use separate computer for internet surfing.
I'd like to simplify this, and use virtualisation instead.
I've thought of XenApp, and publish a browser such IE8, Firefox or whatever, which will run on a server inside the DMZ.
Unfortunatly, I don't have any experiences with Citrix.
1- Is this a good idea ? Will the security be safe enough ?
2- What about the user experience ? (e.g. : the user click on a hypertext link, will XenApp intercept it and run it in the streamed browser ?) Of course, I'd like a solution as transparent as possible for the users...
Thank you for your opinions,
Best regards
ASKER
Yes, I've thought of that too, but I'd like to find a solution as transparent as possible for the user and some of the computers are thin client so I can't add a new NIC...
Thx anyway.
Nobody here with good XenApp skills ?
Thx anyway.
Nobody here with good XenApp skills ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
You could install a virtual guest OS and an additional NIC on each PC. Configure the guest OS to use the new NIC and connect it to the Internet network.
This way all internet traffic would go through a different route and there would be no connection between the OS used for internet and the one containing the critical information.
Regards