Configuring Citrix MetaFrame for Windows 2000 Terminal Services

Скачать в pdf «Configuring Citrix MetaFrame for Windows 2000 Terminal Services»


The second factor, routing, is probably not an issue if you are communicating exclusively in a LAN environment. Install a protocol that is compatible with your server and you are ready to connect. If you are connecting over the Internet or a company WAN, then TCP/IP is by far the most widely used and effective protocol for routing over remote networks. Security using the MetaFrame client is an improvement over most other types of remote connections in that all communication is encrypted. While the default client uses only a weak XOR encryption, the SecureICA client allows 40-, 56-, or even 128-bit RC5 Rivest-Shamir-Adleman (RSA) encryption. Performance may suffer slightly with the higher encryption, but companies that require high encryption should be used to that.

NOTE


The SecureICA encryption is currently available only with the following clients:




■ DOS


■    Windows CE clients


   Web clients (Netscape plug-in and Microsoft ActiveX)


Future SecureICA support for UNIX, Java, and Macintosh is planned but not currently available.


While many restrictions for exporting «high” encryption products have been lifted, be sure to check the most current regulations before exporting to clients outside the United States or Canada. Current foreign trade relations prohibit exportation to Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria, and Yugoslavia. Check the Citrix Export FAQ at the following address or consult with your attorney before exporting to avoid potential legal conflicts.


www.citrix.com/products/sica/introfaq.asp


Another important issue is modem access. Many administrators place a single modem on their server for emergency back-up access. However, if you are going to be providing dial-up access for numerous users, you are better off providing a separate RAS, Remote Authentication Dial-In User Service (RADIUS), or other dial-up authentication resource. Installing a multimodem interface card is a viable solution if you don’t have a lot of users or heavy usage, but this extra overhead can place an unnecessary burden on a high-usage server and possibly increase security risks and exposure. Having a separate RAS, RADIUS, or other type of authentication server adds an additional layer of security an intruder would have to break through. This reduces the load on your Citrix MetaFrame server. Most large companies already have an existing dial-up infrastructure in place that can be used with little or no modification.

Скачать в pdf «Configuring Citrix MetaFrame for Windows 2000 Terminal Services»