1 / 40
Télécharger la présentation

Citrix Web Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Citrix Web Technologies A Technical Overview Douglas Brown, SE – Northern CaliforniaCitrix Systems, Inc.douglas.brown@citrix.com

  2. Agenda • Intro to NFuse • Backgrounder • What is it? • The user experience • Under the covers • Intro to Project Columbia • Who, what, where, why, how! • Intro to the Citrix Secure Gateway • What’s New in MetaFrame XP?

  3. Intro to NFuse The Citrix ‘Application Portal’

  4. Final Deliverable – Application Set (PN) Published Apps = Server Farm (app set) = Farm XP ‘Control’ Server = Primary Silo = Secondary Silo

  5. Final Deliverable – Application Set (NFuse) Published Apps = Server Farm (app set) = Farm XP ‘Control’ Server = Primary Silo = Secondary Silo

  6. Win32 ICA Client Options 3 Win32 ICA Client Versions Now! • Choose the right version for your needs • All clients share the same ‘Connector’, with the same features • The UI functions are handled differently with each • They all support NFuse Win32 Client UI ‘Connector’

  7. The User Experience

  8. Step 1: Connect and Authenticate

  9. Step 2: Launch Applications

  10. Step 3a: Interact! (single app and Connection Center)

  11. Step 3b: Interact! (multiple apps and Connection Center)

  12. The browser is just the UI…

  13. Under the Covers

  14. Technically speaking… Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  15. Technically speaking… HTTPS/SSL 443 Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  16. Technically speaking… HTTPS/SSL 443 HTTPS/SSL Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  17. Technically speaking… HTTPS/SSL 443 HTTPS/SSL *.ica Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  18. Technically speaking… (ICA file contents) HTTPS/SSL 443 HTTPS/SSL *.ica Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  19. Technically speaking… HTTPS/SSL 443 HTTPS/SSL ICA/RC5 - TCP 1494 *.ica Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  20. Technically speaking… HTTPS/SSL 443 HTTPS/SSL ICA/RC5 - TCP 1494 *.ica Ports exposed to Public: 443 to NFuse (SSL encrypted) 1494 to MetaFrame (RC5) Ports Exposed to DMZ: 443 to XP Control server(s) 1494 to MetaFrame (RC5) Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

  21. Demos ‘Turnkey’ NFuse NFuse UI Guided Tour Installing and Configuring NFuse

  22. Intro to Project Columbia An Advanced IIS5/ASP NFuse Site

  23. Project Columbia? • What is it? • An Advanced IIS5/ASP based NFuse site • Written by Citrix Technical Support • Why do I want to use it? • Makes advanced NFuse site configuration child’s play • Where do I get it? • From the Citrix Developer Network site (http://www.citrix.com/cdn) • Is it supported by Citrix? • Yes, as long as only the config.txt file is modified • How do I use it? • Download, extract all files to NFuse web server directory, modify config.txt, ‘IISRESET’, go… • What does it do?

  24. Columbia 6.x: What does it do? • Multi Farm support (single credential set) • Override of default NFuse server/port • Backup XML servers • Round robin load balancing of XML servers • Multi-option password validation/change • Multi-option ICA client CAB file delivery (including forced delivery) • NAT support • PAT support • CSG support • App launch and display options • Multi-option domain population • Drop down dialog • Pre-populated single domain with hidden domain field • Auto populate UN/Domain • Disable right click • Pre-configured Embedding options (including JAVA/CSG!) • Hidden folders / apps • Initial app auto launching • Enable/disable ticketing • Multi-option logging and debugging

  25. Demo Project Columbia

  26. Intro to the Citrix Secure Gateway The most secure way to deliver MetaFrame apps over the Web, WITHOUT a VPN

  27. What is CSG? • Think of it as an ‘ICA/SSL secure proxy server’ • Gateway between an SSL enabled ICA client and one or more MetaFrame servers • Tunnels ICA traffic inside SSL • Limited to ICA only – not a general purpose VPN • Runs independently from MetaFrame, links into NFuse for authorization • Allows you to deliver Published Apps SECURELY over the Internet • Provides a simple, clean user experience (especially vs. a VPN)

  28. CSG 1.0 Technical Requirements • Two Windows 2000 servers with SP2 • CSG Gateway Server • Server Certificate • Secure Ticket Authority • IIS Web Server capable of running NFuse • NFuse 1.61 (or a modified earlier version) for IIS • IIS5 if you are using Project Columbia • NFuse 1.61 for other platforms • Win32, Java, Mac or Linux 6.20 ICA client • MetaFrame Server Farm

  29. Details, details! HTTPS/SSL 443 HTTPS/SSL = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

  30. Details, details! HTTPS/SSL 443 HTTP / XML HTTPS/SSL *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

  31. Details, details! (ICA file contents) HTTPS/SSL 443 HTTP / XML HTTPS/SSL *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

  32. Details, details! HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

  33. Details, details! HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL ICA - TCP 1494 *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

  34. Details, details! HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL ICA - TCP 1494 *.ica Ports exposed to Public: 443 to NFuse (SSL encrypted) 443 to CSG (SSL encrypted) = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Ports Exposed to DMZ: 443 to XP Control server(s) 80 to STA(s) 1494 to MetaFrame servers Public Network DMZ Private Network

  35. Extra Security: NFuse/RSA SecureID HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL ICA - TCP 1494 *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network SecureID • Adding 2-factor authentication systems (RSA, Secure Computing, etc.) increases security level

  36. Great user experience, hella secure!

  37. ICA Secure ICA SSL Relay CSG Citrix Extranet CSG Versus Extranet Lower security Highest Security • Compared to Extranet, CSG is fairly limited. If you are already using Extranet, you don’t need CSG.

  38. Could I see some ID please? • SSL Certificates are like Driver’s Licenses

  39. Important – Print the Checklist • The CSG distribution includes an installation checklist that takes the guesswork out of installing the components • It is recommended that you sketch your network, print this page, fill in the blanks, and then begin installing the servers

More Related