?
Solved

Running Two Citrix Farms - How will external access work?

Posted on 2011-03-17
4
Medium Priority
?
1,055 Views
Last Modified: 2012-05-11
Easy question for all the pros: I have always had 1 citrix server that gave access to users via PN ica clients. I recently configured a second server, in a new farm, and setup web interface. The WI uses Translated secure access with NAT on the firewall.  From WI i can access applications from the original citrix server but I can only acces applications from the new server when I am inside of our network. The ICA file has the server address as my internal address instead of my public IP. Im guessing this is because I need to setup the new server's NAT on my firewall? But I cannot do so because my original server is already configured for port 1494. How do I do this? Does the new server need to be setup to use a different port number?
0
Comment
Question by:EJC9999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
Carl Webster earned 2000 total points
ID: 35156314
Port 1604??????????  What old version of the product are you using?

The way I always do multiple farms (same versions, different versions - it doesn't matter) is to have one Web Interface server that is a seprate server from any of the farms.  To me, it is best if it is not a domain member or member of any farm.

Preferably, I use Citrix Secure Gateway but you could use AltAddr.  Using CSG only requires one public IP address. Using AltAddr requires a public IP for each MF/PS/XA server.

In the Web Interface site, you go to Manage Farms and create an entry for each farm.  The farm name you enter there has no bearing on the real farm name.  For each farm entry you create, you enter the name or IP address of the Zone Data Collector(s).

When a user logs in to the web interface, the XML broker service is contacted in each farm you have setup for the web interface site and authenticates the user.  If authentication is successful, the ZDC is contacted to get a list of the apps in each farm the user has access to run.  Web Interface then builds a custom interface for each user showing the apps and or desktops.

When the user clicks an icon, the ZDC for the farm that hosts the app or desktop is contacted to get the least busy server and the user is directed to the server.  (that changes if you are running PS4.5/XA5 and have HRP3 or higher installed)  The launch.ica file is built with the info for the server, the launch.ica file is sent to the client and the ICA client then handles the launch.ica file, goes to the IP address in the ICA file and attempts to launch the app/desktop.
0
 
LVL 1

Author Comment

by:EJC9999
ID: 35156382
(haha @ 1604. I had to quickly edit that.) OK, I thought there was a citrix product that would help me. I wasnt sure if it was SG or Access Gateway, or something else. Just so I know, CSG is needed to do this? Or is it option 1 or 3?  I'm not looking for any crazy workarounds, just the easiest and best solution.

Thanks for the quick reply.
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 35156424
Safest and cheapest solution is to use CSG.  CSG is free, WI is free and you can get an SSL cert for cheap.

Look at these:

http://dabcc.com/Webster/CSG
http://dabcc.com/Webster/AltAddr

Use one WI server and it will aggregate multiple farms.  It starts to bog down at 5 farms but two is very simple to do.
0
 
LVL 1

Author Comment

by:EJC9999
ID: 35156435
Great. Thanks so much for your help!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question