Web-Enabled Technology
Wireless ISP (Wi-Net)

  
 
 

Citrix MetaFrame
Citrix Secure Gateway(CSG)
What solution does CSG enable?
CSG allows customers to simply and securely deliver existing applications across the Internet, on demand, to any device.
A typical solution also includes:

•NFuse
•Secure Web Server and/or Portal (e.g. Citrix XPS, South Beach)
•Replaceable authentication (e.g. SecurID)
•SSL-enabled clients

Components of CSG

CSG consists of three components:

Secure Gateway Service

This component is deployed in Demilitarized Zone (DMZ) and provides SSL encryption as well as connection routing (gateway) functionality. This component interacts with the Secure Ticketing Authority (STA) to validate/resolve CSG tickets.

Secure Ticketing Authority (STA)
This component is responsible for generating and validating CSG Authorization tickets, as well as storing real destination address during ticket generation and recovering that address during ticket generation.

NFuse Extensions

This component is based on the standard NFuse Java Object component. NFuse extensions will request CSG Authorization tickets from CSG Ticketing Authority during ICA file generation using STA XML protocol.
CSG includes scripting updates for NFuse v1.51 and 1.6. Versions of NFuse above 1.6 natively support CSG.


How does CSG compare to other Citrix security solutions?
CSG is not meant to supplant Citrix Extranet™, and is one more option in our complete line of Citrix security solutions:


There is overlap in the security provided by SSL Relay and SSL Gateway. Both provide SSL access to MetaFrame, however SSL Relay:


•Needs to be configured on each MetaFrame server requiring SSL access
•Requires certificates to be installed and managed on all servers
•Does not perform any independent authorization/authentication

Use SecureICA when:
•Security on LAN, WAN, or Intranet
•Secure DOS or Win 16 access is necessary
•Have old devices/ ICA clients that cannot be upgraded
•Risk of “man-in-the-middle” attack is acceptable
Use SSL Relay (MetaFrame, FR1) when:
•Small number of MetaFrame servers to support (<5)
•No need to secure access at DMZ
•No need to hide server IP addresses, or address translation (NAT) is sufficient
•Need end-to-end encryption of data between client and server
Use CSG when:
•Large number of servers to support
•Want to hide internal network addresses
•Want to secure from DMZ
•Need 2 factor authentication (in conjunction with NFuse)
•Need non-intrusive client install e.g. access from Internet cafes
Use Citrix Extranet when:
•Need 2 factor authentication
•Need to create a secure pipeline for full (beyond ICA) network access from remote
•Need to create secure tunnels between sites
•Want to secure from within DMZ
•Access is normally via same workstation i.e. OK to install additional client (2.5 will
include a zero-install Java client)

 

 
      Copyright © 2006 PT. Sarana Usaha Abadi. All Rights Reserved.
Powered By Cyberindo.net