Re: Citrix ICA - Published apps

[Chris Brenton <cbrenton () sover net>]

Mailing Lists wrote:
> Let's say I have a server farm of 3 computers, exporting 4 apps (Word,
> Excel, Access and Powerpoint) load balanced.  You talked about setting "A"
> refs in your dns instead of using the load balancing feature.  I would like
> to know more about this option, it sounds interesting!

OK, here's what you do:
1) Setup internal Citrix access as per normal only make sure you use
legal DNS names for the names of the published Apps (i.e. no under
scores, etc.). In the case above, lets say I name the first app
word.bohica.edu. 
2) On your external DNS, setup 3 "A" records pointing the app
(word.bohica.edu) to each of the three Citrix servers
3) Open up port 1494 on your firewall to these three systems

So let's say I've got a laptop user that needs WinFrame/MetaFrame access
from both the office and from home. In the office, I easily find the
master browser and I'm able to use Citrix load balancing. When I'm home,
I dial-up my ISP and then launch the same word.bohica.edu application.
When the MSB look up fails, the client falls back on DNS and resolves
the IP address in a round robin fashion.

For extra security, you could setup some form of authentication prior to
connection. For example in the FW-1 world you could have users run the
fwclient utility in order to do client authentication. Till you
authenticate, port 1494 is not open to your IP address. Given that ICA
traffic can be encrypted anyway, a full blown VPN is probably over kill.

Hope this helps,
Chris
-- 
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet