Juniper Networks Secure Access SSL VPN Configuration Guide

Not all applications work through the Juniper Core Clientless Access Services commonly called Web Services. Client/server applications like Lotus Notes and Microsoft Exchange, and Thin Client solutions like Microsoft Terminal Services and Citrix are good examples. These systems need an access method that is not an application-aware web proxy, which is how the Juniper content intermediation engine (CIE) works. Yet, security professionals want to maintain the vital separation provided by a hardened intermediate device. Both the Secure Application Manager (SAM) and Juniper's Terminal Services proxy can perform this task without provisioning a full VPN tunnel.
Client/server applications and Thin Client Computing (TCC) are similar in many ways. They both attempt to use server resources to minimize the client resources required and to make the best use of bandwidth that exists between client and server. However, they are very different in their approach. Client/server applications require a "fat" client that in many cases can act independently of the server. Thin-client technology on the other hand requires very little client processing because all the work of the application takes place on the server. The client portion of the technology is limited to sending input (such as mouse movements and keystrokes) to the server, and receiving output (such as screen writes) from the server.
Because of the similarities, SAM and Terminal Services will be covered back-to-back in this chapter and the next. You will notice some overlap for example, SAM can be used to transport Citrix. But the in-depth discussion of this will be...