Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

To domain or not to domain...

Status
Not open for further replies.
AjayM

AjayM

IS-IT--Management
Joined
Jan 3, 2002
Messages
48
I'm in the process of upgrading a new server for use with Win2k and MF XP, this is going to replace our old NT4-TS/MF 1.8 server. Now our old server was setup and part of our internal domain for user accounts, everything else the system needs (databases, etc) is located in the DMZ area. I'd like to get away from that and basically have the system be standalone. Are there downsides to this? I'd like to cut the link between our internal network and our DMZ area and this one place where I could do it easily. But my familiarity of Citrix MF is currently lacking a little bit. Thoughts, ideas?

TIA
Andrew
 
Sort by date Sort by votes
If I understand you right, then I agree on the first part - you should not keep databases in the DMZ area. The only servers in the DMZ should be bastion hosts. Don't forget that the whole point of a DMZ is that it's an area which the outside world can get to _without_ being able to access the LAN (but this depends on how your firewall and other security devices are set up). Many smaller organisations simply have a firewall/router setup with no servers at all in the DMZ. It depends how much public access you need to give.

As far as the Citrix server goes, you should treat it like any host on the network, since it is essentially a glorified client machine (to the databases, etc); All users should be authenticated to the domain, and put into global groups that are members of local groups on the Citrix server to access the resources.

What this boils down to, AFAICS, is not an understanding of Citrix MetaFrame per se, but an understanding of a terminal server's function.

I hope this is helpful CitrixEngineer@yahoo.co.uk
 
Upvote 0 Downvote
Well I'll try and clear up a few items, first I inherited this network a couple of months ago with a new job, and it is setup in a way that I would never have done myself. For instance the current Citrix server is multihomed to both the external subnet and the nat'd lan subnet. The only reason was for the user accounts to have that "internal" connection and nothing else, there are no other resources on the LAN side that the Citrix machine needs or should have access to. The DB server is sitting in the DMZ area, but with our firewall we are denying all outside access to it (so only machines behind the firewall LAN/DMZ can access it), but it is only doing DB work for our production/public servers. Not the most perfect situation, but I can only change it slowly over time. As to the Citrix box and it's use, it is a service we provide for our customers to use software we develop, so basically we are using it in an ASP role, it isn't used for internal/employee use.

What I would like to do is to remove that LAN link on that machine, security wise it's a pain as it basically circumvents the firewall for LAN access, if that machine were to be compromised they basically have free access with a minimal amount of hassle.

I already know that it's going to be a little more work on my side with user account's and such, although duplicate accounts between it and the domain will be fairly minor considering it's use.

Hope that clears some items up, and thanks for the info.

Andrew
 
Upvote 0 Downvote
This looks like a job for CSG and NFuse (the boy wonder...?) ;-) CitrixEngineer@yahoo.co.uk
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Locked
  • Question Question
Recovery Disc failing to verify correct PC even though it is. 2006 Palvilion a1410y
Replies
0
Views
568
PalBadium
P
VicM
  • Locked
  • Question Question
Win7 backup on Win11 Pro box not completing as it had in the past
Replies
2
Views
1K
VicM
VicM
gazonk.del
  • Locked
  • Question Question
How to Copy save_set from Tape to Disk -- Continuation
Replies
0
Views
568
gazonk.del
gazonk.del
SBTBILL
  • Locked
  • Question Question
How to get to files
Replies
1
Views
546
Provogeek
Provogeek
DreemaGurl
  • Locked
  • Question Question
Can't log on to Citrix through emote access portal
Replies
1
Views
883
ntinlin
ntinlin

Part and Inventory Search

Sponsor

Back
Top