|
Considering Security(安全方面考虑) The location in your environment for the Web Interface and the XML Broker, depends on your organization’s security requirements: 在你的环境中,web interface和xml broker部署的位置取决于你组织安全性要求。 When users access the Web Interface from the Internet, Citrix recommends locating the Web Interface server on the internal network and the Citrix XML Broker with the XenApp farm. Shielding the XML Broker from the external Internet, protects the XML Broker and the farm from Internet security threats. 当用户从互联网访问web interface,citrix建议把web interface服务器放到内网上,把and the Citrix XML Broker 部署在farm中。屏蔽从外网访问xml broker,以保护xml broker 和farm避免受到互联网安全威胁。 If you must place the Web Interface in the DMZ and want to secure the connection between the XML Broker and the Web Interface, put the Web Interface server in the DMZ with Secure Gateway or Access Gateway. This configuration requires putting the Web Interface on a separate Web server.Install a certificate on the Web Interface server and configure SSL Relay on the servers hosting the Citrix XML Broker. 如果你必须把web interface放到DMZ区域,同时想要xml broker和web interface进行安全连接,把web interface服务器和secure gateway或者access gateway一起放到DMZ区域。这种配置方法需要把web interface配置到一台单独的网页服务器。在web interface服务器上安装认证服务,并为托管xml broker的服务器配置SSL中继。
In very small farms, configuring the Web Interface and the XML Broker on the same server eliminates having to secure the link from the Web Interface to the farm. This deployment is primarily used in environments that do not have users connecting remotely. However, this might not be possible if your organization does not want Web servers, such as Internet Information Services (IIS), in the farm. 在小型farm部署中,把web interface和xml broker部署在同一服务器上可以解决从web interface 到farm 安全连接问题。这种部署方式最初是用在不需要用户远程访问的环境中。如果你的组织不要web服务器,这种方式是不可行的。 You can use any of these protocols for connections between the XML Broker and Web Interface: HTTP. HTTPS. If you secure the connection with HTTPS, IIS must host the XML Broker with port sharing enabled. Select the Share default TCP/IP port with Internet Information Server option during XenApp Setup (and enable HTTPS in the IIS Manager.) SSL/TLS.If you secure the connection with SSL/TLS, the XML Broker can share a port with IIS or use its own dedicated port. Use SSL Relay to configure SSL/TLS support on the XML Broker and Web Interface servers. However, if the XML Broker is sharing a port with secure IIS (HTTPS), ensure SSL/TLS does not conflict with the IIS port. You can display the port in use by checking what port number appears in the SSL Relay tool for the Relay Listener port. By default, XenApp uses port 444.
你可以为xml broker和web interface间选择任何一个协议进行通信: http:默认就是http https:如果你想用https进行安全连接,IIS必须通过启用端口共享来托管xml broker。在xenapp安装过程中,选择与IIS共享默认TCP/IP端口复选框。 ssl/tls:如果你想用ssl/tls进行安全连接,xml broker可以使用与iis共享的端口,也可以使用自己指定的端口。在xml broker和web interface服务器上用ssl中继来配置ssl/tls。如果xml broker 与iis(htts)使用共享端口,要确认ssl/tls不会与iis端口冲突。你可以通过SSL Relay工具查看那个端口在使用中。默认情况下,xenapp使用444端口。 6.0中 ssl中继端口默认使用的是443,看上图 |
|
|
