Citrix Web Technologies

Citrix Web Technologies A Technical Overview Douglas Brown, SE – Northern CaliforniaCitrix Systems, Inc.douglas.brown@citrix.com

Agenda • Intro to NFuse • Backgrounder • What is it? • The user experience • Under the covers • Intro to Project Columbia • Who, what, where, why, how! • Intro to the Citrix Secure Gateway • What’s New in MetaFrame XP?

Intro to NFuse The Citrix ‘Application Portal’

Final Deliverable – Application Set (PN) Published Apps = Server Farm (app set) = Farm XP ‘Control’ Server = Primary Silo = Secondary Silo

Final Deliverable – Application Set (NFuse) Published Apps = Server Farm (app set) = Farm XP ‘Control’ Server = Primary Silo = Secondary Silo

Win32 ICA Client Options 3 Win32 ICA Client Versions Now! • Choose the right version for your needs • All clients share the same ‘Connector’, with the same features • The UI functions are handled differently with each • They all support NFuse Win32 Client UI ‘Connector’

The User Experience

Step 1: Connect and Authenticate

Step 2: Launch Applications

Step 3a: Interact! (single app and Connection Center)

Step 3b: Interact! (multiple apps and Connection Center)

The browser is just the UI…

Under the Covers

Technically speaking… Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Technically speaking… HTTPS/SSL 443 Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Technically speaking… HTTPS/SSL 443 HTTPS/SSL Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Technically speaking… HTTPS/SSL 443 HTTPS/SSL *.ica Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Technically speaking… (ICA file contents) HTTPS/SSL 443 HTTPS/SSL *.ica Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Technically speaking… HTTPS/SSL 443 HTTPS/SSL ICA/RC5 - TCP 1494 *.ica Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Technically speaking… HTTPS/SSL 443 HTTPS/SSL ICA/RC5 - TCP 1494 *.ica Ports exposed to Public: 443 to NFuse (SSL encrypted) 1494 to MetaFrame (RC5) Ports Exposed to DMZ: 443 to XP Control server(s) 1494 to MetaFrame (RC5) Public Network DMZ Private Network = XP Control Server(s) = XP App Servers = NFuse Web Server (s)

Demos ‘Turnkey’ NFuse NFuse UI Guided Tour Installing and Configuring NFuse

Intro to Project Columbia An Advanced IIS5/ASP NFuse Site

Project Columbia? • What is it? • An Advanced IIS5/ASP based NFuse site • Written by Citrix Technical Support • Why do I want to use it? • Makes advanced NFuse site configuration child’s play • Where do I get it? • From the Citrix Developer Network site (http://www.citrix.com/cdn) • Is it supported by Citrix? • Yes, as long as only the config.txt file is modified • How do I use it? • Download, extract all files to NFuse web server directory, modify config.txt, ‘IISRESET’, go… • What does it do?

Columbia 6.x: What does it do? • Multi Farm support (single credential set) • Override of default NFuse server/port • Backup XML servers • Round robin load balancing of XML servers • Multi-option password validation/change • Multi-option ICA client CAB file delivery (including forced delivery) • NAT support • PAT support • CSG support • App launch and display options • Multi-option domain population • Drop down dialog • Pre-populated single domain with hidden domain field • Auto populate UN/Domain • Disable right click • Pre-configured Embedding options (including JAVA/CSG!) • Hidden folders / apps • Initial app auto launching • Enable/disable ticketing • Multi-option logging and debugging

Demo Project Columbia

Intro to the Citrix Secure Gateway The most secure way to deliver MetaFrame apps over the Web, WITHOUT a VPN

What is CSG? • Think of it as an ‘ICA/SSL secure proxy server’ • Gateway between an SSL enabled ICA client and one or more MetaFrame servers • Tunnels ICA traffic inside SSL • Limited to ICA only – not a general purpose VPN • Runs independently from MetaFrame, links into NFuse for authorization • Allows you to deliver Published Apps SECURELY over the Internet • Provides a simple, clean user experience (especially vs. a VPN)

CSG 1.0 Technical Requirements • Two Windows 2000 servers with SP2 • CSG Gateway Server • Server Certificate • Secure Ticket Authority • IIS Web Server capable of running NFuse • NFuse 1.61 (or a modified earlier version) for IIS • IIS5 if you are using Project Columbia • NFuse 1.61 for other platforms • Win32, Java, Mac or Linux 6.20 ICA client • MetaFrame Server Farm

Details, details! HTTPS/SSL 443 HTTPS/SSL = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

Details, details! HTTPS/SSL 443 HTTP / XML HTTPS/SSL *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

Details, details! (ICA file contents) HTTPS/SSL 443 HTTP / XML HTTPS/SSL *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

Details, details! HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

Details, details! HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL ICA - TCP 1494 *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network

Details, details! HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL ICA - TCP 1494 *.ica Ports exposed to Public: 443 to NFuse (SSL encrypted) 443 to CSG (SSL encrypted) = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Ports Exposed to DMZ: 443 to XP Control server(s) 80 to STA(s) 1494 to MetaFrame servers Public Network DMZ Private Network

Extra Security: NFuse/RSA SecureID HTTPS/SSL HTTPS/SSL 443 443 HTTP / XML HTTPS/SSL ICA - TCP 1494 *.ica = XP Control Server(s) = XP App Servers = NFuse Web Server (s) = Secure Gateway Server(s) = Secure Ticket Agent (s) Public Network DMZ Private Network SecureID • Adding 2-factor authentication systems (RSA, Secure Computing, etc.) increases security level

Great user experience, hella secure!

ICA Secure ICA SSL Relay CSG Citrix Extranet CSG Versus Extranet Lower security Highest Security • Compared to Extranet, CSG is fairly limited. If you are already using Extranet, you don’t need CSG.

Could I see some ID please? • SSL Certificates are like Driver’s Licenses

Important – Print the Checklist • The CSG distribution includes an installation checklist that takes the guesswork out of installing the components • It is recommended that you sketch your network, print this page, fill in the blanks, and then begin installing the servers

Citrix Web Technologies

Citrix Web Technologies

Presentation Transcript

Web Technologies

Citrix Web Interface 5.3

web technologies

Web Technologies

WEB Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web Technologies

Web - Technologies

Citrix Web Interface

Citrix Courses in Gurgaon : SSDN Technologies

Web Technologies