Install NFUSE after the fact

[rjs]

I have an existing XP 1.0 FR2 production 4 server farm and need to go back and install NFUSE. I'm not sure exactly how to do this (I know the IIS part) or what impact it would have on the existing configuration.

Do I just rerun the Citrix install and deselect all the components except for NFUSE?

There will be limited access (once done). The farm is load balanced, so do I need to install it on all 4 servers or do I just put it on one?

R.Sobelman

http://www.tracklogins.com

 

[Ogi]

Hi,

It's best to put NFuse on an IIS server on it's own, you don't need to have Citrix installed, but be able to point to it!

I'd not recommend putting NFuse/IIS on your Citrix Application Server.

Cheers,
Carl.

 

[SimonPGreen]

As Carl says it is not really best practice to do this from a performance point of view but can be done by simply doing what you have stated.

The thing to watch out for however if you do it is that when NFuse is installed during the Metaframe install the correct port sharing in IIS is setup (80). When you do it retrospectively you have to manually set up the port sharing. If you don't your users will have to point to another port i.e.

http://metaframe:8080.

Oh and one more thing - you definately wouldn't want to be popping that web interface anywhere near a public IP address for obvious reasons.

Regards,

Simon

 

[rjs]

Thanks. Unfortunately it has to be a public IP address. The whole reason we need to do this is a person with a Pocket PC 2002 OS-based phone that wants to connect. Based on what I've read, the Citrix client for Pocket PC 2002 depends on the Citrix Web interface - which I take to mean NFUSE.

Is that correct?

R.Sobelman

http://www.tracklogins.com

 

[SimonPGreen]

If you want to get to it via the SPV then yes you need a public IP to point at.

However from a security perspective I would strongly recommend against doing this. The accepted practice is to pop the web interface on a dedicated web server in a dmz and lock it down. You would also want to secure the comms via SSL at least as you don't want the users credentials floating about in clear text.

Security for this sort of stuff is really best left for people who know what they are doing tbh

Regards,

Simon

 

[Mimulla]

Hi,

You can use Citrix 128 Bit Encyption to make the applications available across the Internet. If you Install IIS 5.0, 6.0 server then add the NFuse component. Configure the IIS server to connect to the citrix server inside your network.
You can use group policy mmc to add the IP Security Policies snap in. To add the traffic filter policies on the server. You can also use the security templates to lockdown your server.
Then place the server in the DMZ and only allow traffic for port that is need to establish connect to the IIS server on the firewall.

Do not add use domain name but the IP address. Also change the default port from 80 to 8080.
You will have to educate your users to use

https://IP-address:8080.

This will make hacking your server more difficult, also by the very fact that the technology is remote viweing your data is secure on the citrix server.