Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What does a VPN offer that Citrix Secure Gateway does not? 1

Status
Not open for further replies.
PsyCloner

PsyCloner

IS-IT--Management
Oct 10, 2002
3
US
I am researching the implementation of Citrix MetaFrame XPe with NFuse and possibly a CSG (Citrix Secure Gateway). My local telco providers are selling me on the need for a VPN. Since both products (CSG and VPN) offer certificate authentication and data packet encryption, I am missing the key points of difference between CSG and VPN functionality. I think the light would go on if I could see this comparison with respect to the OSI model. Considering L2TP technology over PSTN and PPP with NAS servers on each end, I'm starting to get that glassy eyed look!
Any straight forward definitive observations or article references would be greatly appreciated.
 
Sort by date Sort by votes
CSG is effectively a VPN for MetaFrame only, and works well with NFuse.

If your MetaFrame servers all provide connectivity to your other network resources via the ICA client, that rather makes a full-blown VPN redundant, unless you need to deliver applications or services that cannot be run over MetaFrame.

CSG is free, if you've got Subscription Advantage with MetaFrame, which is another major advantage.

Hope this helps CitrixEngineer@yahoo.co.uk
 
Upvote 0 Downvote
Some other considerations:

1) With CSG, you do not have the headache of configuring the VPN client on the remote machines. A VPN will require the client on every remote machine - this can be an administrative headache. With CSG, the configuration and administration is centralized and does not require a separate client install.

2) VPN is slightly more secure that CSG. CSG uses 128-Bit SSL to connect, VPN is usually better encryption. However, unless your transmitting deep trade secrets, 128-Bit is more than sufficient. Most major financial institutions are using 129-Bit encryption.

3) CSG allows you to restrict external access to the Citrix box because you can close port 1494 on your firewall and run everything through NFuse. Simply put, nobody will be able to access that box directly. With a VPN, your external users will be able to access the Citrix server directly simply by making an ICA file.

Overall suggestion...

Without knowing your specific business goals, you are probably better off with CSG if your remote users are only accessing the Citrix environment. It's MUCH easier to administer and works very well with Citrix. If you want to use the secure remote access for items other than Citrix, a VPN might be a better choice.

As an FYI - we have installed CSG at one of the top financial institutions in the country. They run all of their remote access activities through Citrix and as such, CSG was a great solution for them. Best of all, it's free (aside from the extra servers you will need for the install).

- Erik

- - - - - - - - - - - - - - - - - -
Enterprise Project Director
DeVA Systems Group
Citrix Platinum Partner
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Question
Win7 backup on Win11 Pro box not completing as it had in the past
Replies
2
Views
435
VicM
VicM
Sebastian42
  • Question
Possibly a timing problem
Replies
0
Views
366
Sebastian42
Sebastian42
mattmontalto
  • Locked
  • Question
MS Threat Management Gateway Alternative
Replies
0
Views
121
mattmontalto
mattmontalto
damienenglish
  • Locked
  • Question
Citrix Replication Fault Detection
Replies
0
Views
104
damienenglish
damienenglish
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
261
ntinlin
ntinlin

Part and Inventory Search

Sponsor

Back
Top