Extentrix Web Services 2.0 - Application Edition - Extentrix Systems

learningsnortΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

100 εμφανίσεις




Extentrix Web Services

Application Edition
3.0 CAG Integration




Notice

© Copyright
2007
-
200
8

Extentrix Systems.


Page
1


NOTICE

Extentrix

Systems
, FZE

make
s

no representations or warranties with respect to the contents or use of this
publication. Extentrix specifically disclaim
s

any express or implied warranties, merchantability, or fitness for
any particular purpose. E
xtentrix reserve
s

the right to make any changes in specifications and other
information contained in this publication without prior notice and without obligation to notify any person or
entity of such revisions or changes.

© Copyright 200
7

All Rights Rese
rved

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information and retrieval systems, for any purpose other
than the purchase’s personal use, withou
t express written permission of:


Extentrix
Systems
, FZE

P.O.Box 43659

Dubai, UAE

http://www.extentrix.com


The following marks are service marks, trademarks or registered trademarks of their respective owners:


M
ark

Owner

Citrix®, ICA®,
XenApp( formally Presentation Server)
4.0®
,
4.5
®

,
Web Interface®

Citrix Systems, Inc.

Microsoft®, Windows®

Microsoft Corporation

Extentrix Web Services

Application Edition
3.0 CAG Integration



Table of Contents

© Copyright
2007
-
200
8

Extentrix Systems.


Page
2


TABLE OF CONTENTS



NOTICE

................................
................................
................................
................................
.............................

1

TABLE OF CONTENTS

................................
................................
................................
................................
........

2

OVERVIEW

................................
................................
................................
................................
.......................

3

CONFIGURATION PROCED
RE

................................
................................
................................
............................

3

C
ONFIGURING THE
STA

S
ETTINGS ON THE
C
ITRIX
A
CCESS
G
ATEWAY

................................
................................
.................

4

C
ONFIGURING THE
W
EB
S
ERVICE TO INTEGRATE
WITH THE
C
ITRIX
A
CCESS
G
ATEWAY AND THE
STA

................................
........

5

C
ONFIGURING
C
ERTIFICATES

................................
................................
................................
................................
......

7

SUPPORT

................................
................................
................................
................................
........................

12

GLOSSARY

................................
................................
................................
................................
......................

13

INDEX

................................
................................
................................
................................
...........................

14

ABOUT EXTENTRIX

................................
................................
................................
................................
.........

15




Exten
trix Web Services

Application Edition
3.0 CAG Integration

Configuration Pr
oced
u
re


© Copyright
2007
-
200
8

Extentrix Systems.


Page
3


OVERVIEW

Extentrix Web Services
Application Edition
3.0

can be configured to integrate with Citrix Access Gateway 4.0 or
later to deliver secure access to XenApp Server applications. Citrix Access Gateway is a universal Secure Socket
Layer (SSL) virtual private network (VPN) appliance that provides a secure si
ngle point
-
of
-
access to any
information resource combining the best features of Internet Protocol Security (IPSec) and SSL VPN, without
costly and cumbersome implementation and management, the Access Gateway works through any firewall and
supports all appl
ications and protocols.

Extentrix Web Service which is built on the open standard SOAP protocol allows all web service consuming
applications to access Citrix farms seamlessly for published application and it allows developers to launch
published applicati
ons from within their own applications or portals.

Extentrix Web Services
Application Edition
3.0

provides the ability to combine these two powerful technologies
(Citrix Access Gateway and Extentrix Web Services). It is a web service that allows users to a
ccess the XenApp
published applications and launches them through a Citrix Access Gateway which guarantees a secure access to
the published applications. The Extentrix Web Service

Application Edition

3.0

is deployed parallel to the Citrix
Access Gateway in

the demilitarized zone (DMZ) as the following figure demonstrates.


As the figure shows, to provide secure remote access to Citrix XenApp Server, the Access Gateway and
Extentrix Web Service work with a Secure Ticket Authority (STA) which generates ticke
ts for users after
authenticating them. When a client requests to launch an application by a web service consumer the web
service interacts with the STA and generates an ICA file to ensure that ICA traffic is routed through the Access
Gateway to the server

farm, if users have valid STA tickets, the gateway assumes that they passed the
authentication’s checks at the Web server and should be permitted access.


CONFIGURATION PROCED
RE



D
D
M
M
Z
Z


T
T
r
r
u
u
s
s
t
t
e
e
d
d


N
N
e
e
t
t
w
w
o
o
r
r
k
k


I
I
n
n
t
t
e
e
r
r
n
n
e
e
t
t


Client:
Web Service
consumer and
Citrix Client

Citrix Access Gateway

Web Server running
Extentrix Web Services

Citrix XenApp Servers Farm
running STA

Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

4



CONFI GURING THE STA
SETTINGS ON THE CI TR
IX ACCESS GATEWAY


The Secure Ticket Authority (STA) is an ISAPI extension installed automatically with the Citrix XenApp
Server in the "scripts" folder of the IIS, its default path is "
\
scripts
\
ctxsta.dll", to configure the Citrix Access
Gateway to use the STA follow the f
ollowing steps.




Connect to the Administration Tool, click the
Authentication

tab and then click the
Secure Ticket
Authority

tab.



In
Server running the STA
, type the IP address or the FQDN of the server where the STA is installed.



In
STA Path
, type the pat
h of the STA. The default is /Scripts/CtxSTA.dll.



If the STA server supports HTTPS connections, change the
connection type

to Secure
.





Click
Add
.



When the STA is configured, the server, STA path, STA Identifier, and connection type are listed under
Secur
e Ticket Authority Details
.


Note: You can add more than one server running the STA to the list. The STAs that are listed in the Web
Interface must match those that are configured on the Access Gateway.



Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

5


CONFIGURING THE WEB
SERVICE TO INTEGRATE

WITH THE C
ITRIX ACCESS GATEWAY

AND THE STA




While creating a new web service, in the "Citrix Access Gateway Settings" step of the "Create Web Service"
wizard enable the "
Connect to Citrix XenApp Server through Citrix Access Gateway
" check box as shown
in the followi
ng image.



Note
.

If the web service is already created, you can change its setting by write clicking it and then choose
"
Citrix Access Gateway Settings
", the form shown above will be shown and you can change the web
service settings.




In the
Address (FQD
N)

field enter the address or the FQDN of the Citrix Access Gateway e.g.
"cag.extentrix.com"; please note that you should enter here the FQDN that uses to request the CAG
certificate (See the section "Configuring Certificates for more information), if you
are not sure about the
Citrix Access Gateway port’s number, leave it as default 443.



In the
Secure Ticket Authorities

section click "Add" button, the dialog shown below will appear, enter the
full URL of the STA ISAPI extension which is "http://[ServerFQDN
]/scripts/ctxsta.dll" by default.


Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

6






Click
OK
, the STA URL will be added to the STA URLs list.


Note
.

I
t is recommended to have the same list of STA URLs in both the Web Service instance and the Citrix
Access Gateway.




If you checked the "Use for load bal
ancing" check box the ticket requests will be distributed over the
configured STA servers and all will not be directed to the same STA.


Note
.

After configuring the Access Gateway to connect to the STA, import a server certificate to the Access
Gateway so
XenApp Server Clients can connect to the Access Gateway.






Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

7



CONFI GURING CERTI FI C
ATES

In order to connect successfully to the Citrix XenApp Server through the Citrix Access Gateway (CAG), the
CAG must have a valid certificates signed by a server which t
he clients trust. The following procedure shows
how to add the certificate to the CAG and the
clients;

in the following procedure we are using a trial test
certificate.




Make sure the FQDN of the Citrix Access Gateway is configured successfully and remembe
r this FQDN
because you will need it when generating the certificate request file. To check the FQDN of the Citrix
Access Gateway, go to the Access gateway Cluster tab in the CAG Administration Tool as shown in the
following figure:




In the
External FQDN

check the entered FQDN of the CAG or enter a new name, restart the CAG if you
change the FQDN from the
Action

menu. You should be able to ping the CAG machine from the machine
running the web service using this FQDN if you can't add this machine to your do
main and DNS server.




To generate a certificate request file, from the Access Gateway Cluster tab go to
certificate signing request

and fill the form with your info; the following figure shows a sample for that info:

Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

8







Click
Generate Request

and save the

requested file in your machine.



Go to any certificate signing authoring to request a certificate file, in our example we used the site
http://www.thawte.com
, select "
Trials
" from the top links stripe on the home page
and then select
"
Download Trial
" in the section "
SSL FREE Trial Certificate
". Fill the form and then click
continue
. After
generating the certificate, you need also to download the thawte Test Root Certificate.



Save the certificate supplied by the site in
a .cer file and then go back to the Administration Tool, in the
"
Administration
" Tab as shown below click the "
Manage
" button beside "
Manage trusted root
certificates
" and add the Test Root certificate.



Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

9





Then, click the "
Browse
" button next to “
Upload a

.crt file signed certificate
" and upload the certificate
you have just got from the site.



The following message should appear if the certificate upload was successful.






After applying the new certificate, restart the CAG server. When the server starts
again it should display
the following dialog:


Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

10





Now the certificate is ready on the Citrix Access Gateway server, the last step is to import the Test Root
Certificate on the client machines so that they will trust the server which was used to sign the CAG

certificate which is in our case thawte server.



Copy the Test Root Certificate on the client machine and double click the .cer file to import the certificate.
Or go to the internet options on the client machine and in the "Content" tab press "Certificates
".


Extentri
x Web Services

Application Edition
3.0 CAG Integration


Configuration
Procedure




© Copyright
2007
-
200
8

Extentrix Systems.





Page

11





Click "
Import
" and then browse for the Test Root Certificate, in the Certificate Store step select
Trusted
Root Certification Authorities

as shown below:




Continue the wizard and you should be able to launch the applications using Extentrix Web Serv
ice through
the Citrix Access Gateway.

Extentrix Web Services

Application Edition
3.0 CAG Integration


Support



© Copyright
2007
-
200
8

Extentrix Systems.


Page
12


SUPPORT


Support for Extentrix Web Services

Application Edition

3.0

is available at

Extentrix Forum


For any support

issues, please email y
our questions or problems to
:

support@extentrix.com

Extentrix Web Services

Application Edition
3.0 CAG Integration


Glossary




© Copyright
2007
-
200
8

Extentrix Systems.


Page
13


GLOSSARY



CAG
Citrix Access Gateway

Virtual

Directory

is a server for a directory protocol such as LDAP, but unlike a traditional direc
tory server, does
not master the data itself in its own database. Instead a virtual directory will dynamically translate requests it
receives to operations in other protocols or data models, such as to a relational database.


IIS

Internet Info
rmation Services (formerly called Server) is a set of Internet
-
based services for servers using
Microsoft Windows. It is the world's second most popular web server in terms of overall websites.


Event Viewer

is a component of Microsoft
's Windows NT line of operating systems that lets administrators and
users view the event logs on a local or remote machine.



Extentrix Web Services

Application Edition
3.0 CAG Integration


Index

© Copyright
2007
-
200
8

Extentrix Systems.


Page
14


INDEX



C


Configuring the STA Details on the Citrix Access Gateway
,
4


Configuring the Web Service

to integrate with the Citrix Access Gateway and the STA
,
5


Configuring Certificates
,
7



O

Overview, 3


S

support,
15










Extentrix Web Services

Application Edition
3.0 CAG Integration



About Extentrix

© Copyright
2007
-
200
8

Extentrix Systems.





Page

15



ABOUT
EXTENTRIX


Founded in 2006, Extentrix Systems is a leading sof
tware development company specializing in virtualization
and developing access and security software solutions for Citrix and Microsoft customers. Established by
former software engineers at Citrix, Extentrix have developed access solutions that simplify a
nd speed users’
access to Terminal Services and Citrix platforms.


Extentrix Systems headquarter is located in Dubai, UAE. For more information, please visit the company’s Web
site at
www.extentrix.com

or call
+971
-
4
-
208
-
8496
.