For internal users using the web site we do not use SSL. For external users they must go through the Citrix Access Gateway, and I have a cert on that. Regardless of location or type, users always see the same apps: office applications, tools, e-mail, and our enterprise application (runs over a web front-end). If you save user profiles to a server, I see no reason users could not access their profiles. We don't do that here, as our policies require all work-related files to be stored on file-servers. We map several drives during logon, several of which are shared files. And then there is application streaming, which seems pretty cool. I'm testing that now. Tom
>>> "Joe Heaton" <[EMAIL PROTECTED]> 8/7/2008 11:58 AM >>> We do have the PnAgent available, and that's what I've recently moved my internal users over to, for their apps. With the web interface, you use an SSL cert for security, correct? What exactly are you publishing for those users? You mention that they are able to access their files through web interface, do you mean like accessing their My Documents, or network shares, or? I like the VPN because that pretty much eliminates the need to publish a desktop, as they would have access through the VPN tunnel to normal network stuff, as if they were sitting at their desk. Joe Heaton -----Original Message----- From: Tom Miller [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 8:44 AM To: NT System Admin Issues Subject: Re: Best practice suggestion Here's what we do: - offer users the web interface. We have many staff in residential locations with broadband connections. This works for them and they are happy they can finally get to their files on the file servers. I like this option as I can set the web interface to time out. and/or - not sure if PS 4.0 has it, but 4.5 has it and it works great: the Program Agent. Can be used internally or externally. For internal users we have the agent auto-logon. For external users, we have them use the Citrix Access Gateway VPN client then login. You could probably use whatever VPN client you have though and then have users login to the agent. We don't present a desktop or any users. We make no promises about desktop or appearance - just that the application will be available. Tom >>> "Joe Heaton" <[EMAIL PROTECTED]> 8/7/2008 11:29 AM >>> Scenario: We have Citrix Presentation Server 4.0, with 2 published apps at the moment. We also have an old Citrix server, running 1.8 Metaframe, which is acting as a remote desktop for our Executive Director. We have received a shipment of 7 new laptops. Two separate situations to consider: 1) One of the laptops is going to the Executive Director (Our head muckety-muck). He currently is using Citrix Program Neighborhood to access a published desktop on our old Citrix server (1.8 Metaframe). My thoughts on his situation are to setup a mobile VPN for him, and just have him VPN in, and voila, it's like he's sitting at his desk. 2) Another laptop is going to a person who says they need to be able to access the published apps while on the road. I have tested Web Interface, internally, which seems ok, but we don't have an SSL cert for it. Should I make a redirection within IIS, setting it up so that outside users would hit it as a sub-page of our public site (i.e. https://www.etp.ca.gov/citrix ( https://www.etp.ca.gov/citrix ))? Or should I go with a VPN there also, and have them connect as they do normally, through a shortcut on the desktop? We don't have Secure Gateway, and I don't think we're going to purchase it for a handful of people, so that is not an option. The VPN would be using my Watchguard x750 firewall's built-in mobile client VPN feature. Any suggestions/tips/advice is appreciated, as I need to come up with a good, secure, viable solution soon. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt ( http://www.sunbelt/ )-software.com/SunbeltMessagingNinja.cfm> ~ No virus found in this incoming message. Checked by AVG - http://www.avg.com ( http://www.avg.com/ ) Version: 8.0.138 / Virus Database: 270.5.12/1597 - Release Date: 8/7/2008 5:54 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt ( http://www.sunbelt/ )-software.com/SunbeltMessagingNinja.cfm> ~ Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
