Chapter 9: Network and Firewall Configuration

Introduction

One of the biggest challenges faced by many Citrix administrators is how to provide remote access to the farm resources without compromising the security of the network. Additionally, such access needs to be easy to use, very secure, and provide as close to local area network (LAN) performance as possible. Fortunately, Citrix has always been a company that produces products with a single goal in mind access. Over the years, Presentation Server (and more particularly, the MetaFrame Access Suite) has become a highly secure solution for allowing remote and mobile access to your company s internal network.

In this chapter, we look at the various methods of providing secure access to our remote and mobile users. We investigate the complexities of leading user sessions through the firewall. We see how the methods of access we choose to implement will impact the firewall, the Presentation Servers, and ultimately the users themselves as they attempt to make use of the solutions we provide them. We examine many legacy methods that are still quite popular for connecting to Presentation Servers remotely, including:

• Network Address Translation (NAT)

• Port Address Translation (PAT)

• Proxy servers

• HyperText Transfer Protocol (HTTP)

• HyperText Transfer Protocol Secure (HTTPS)

• Secure Sockets Layer Relay (SSL Relay)

We spend most of our time and efforts in this chapter discussing the more modern ways of securing the communications between Citrix clients and Presentation Servers via Citrix Secure Gateway server and the new state-of-the-art Citrix Access Gateway.

Methods of Remote Access

Remote and mobile access is...