Citrix.

BoomAM · 11 Jun 2007 at 12:25

Hi.
Am i correct in thinking that Citrix would allow users to access programs on our network from any computer with the Citrix client installed on anywhere in the world?

Just something im researching really.

Thanks.

.

Uhtred · 11 Jun 2007 at 12:35

You can yes, however it is highly recommended to use security tokens with it and not just username/password

Bash · 11 Jun 2007 at 14:21

Yep. Nice and securely as well

http://www.citrix.com/English/ps2/products/product.asp?contentID=15005

BoomAM · 12 Jun 2007 at 14:18

Which product would do the job that i need?
And does it require a seperate server to be 'host' it?

Bash · 12 Jun 2007 at 14:21

If you want anywhere access over the Internet, then your looking at the Citrix CAG (Citrix Access Gateway). It is an appliance. Follow the link above, all the info is there.

BoomAM · 14 Jun 2007 at 09:41

How much do CAGs cost, roughly?
Im still awaiting prices from my supplier and wouldnt mind a rough idea.

.
Thanks.

The_KiD · 14 Jun 2007 at 10:47

Couldnt tell you exactly as it depends on a few things, such as no. of users, however I can tell you it isnt cheap.

BoomAM · 14 Jun 2007 at 18:23

£1000? £2000? £3000?
Just rough figures. Number of users would be a maximum of about 70. Although thats a extreme maximum, asuming every staff member logged in at the same time, which isnt very likely.

.
Thanks.

DarkHorizon472 · 14 Jun 2007 at 21:07

Another approach is to give your users access to your citrix farm via a VPN client. This means they will get the same access remotely as they do when they are in the Office. I did this for a consultancy firm who's engineers spent a lot of time in random locations in the middle of nowhere. You may find this is cheaper and easier to manage.

Just make sure you have the bandwidth, Firewall connection availability and capacity on your Citrix Farm to support your needs. I ran the system on a single server with up to 20 people connecting in to it to use various applications. It worked OK even over a normal landline but now you can use other methods to access the internet remotely as this was going back a few years.

BoomAM · 15 Jun 2007 at 23:26

DarkHorizon472 said:
Another approach is to give your users access to your citrix farm via a VPN client. This means they will get the same access remotely as they do when they are in the Office. I did this for a consultancy firm who's engineers spent a lot of time in random locations in the middle of nowhere. You may find this is cheaper and easier to manage.

Just make sure you have the bandwidth, Firewall connection availability and capacity on your Citrix Farm to support your needs. I ran the system on a single server with up to 20 people connecting in to it to use various applications. It worked OK even over a normal landline but now you can use other methods to access the internet remotely as this was going back a few years.

Do what now? lol.

.

Im lost, i thought Citrix was a VPN?

DarkHorizon472 · 16 Jun 2007 at 08:42

Citrix is effectively windows terminal services with extra bits added on. It does have a gateway you can use to connect to it via the internet but this was quite expensive last time I looked at it.

FrankJH · 16 Jun 2007 at 09:21

for 35 token users (but 25 concurrent connections) I seem to believe my company just bought a SSl/VPN box from Net -CRTL for about £10k ( I will check on the exact price later if you wish)

we are just setting it up now, but its mindboggling how good it is and how many differnt options you have.

We even have some databases which run from the local machine but need drive mappings for uptodate data links to servers etc, and these are currently working over coffeebar wifi now (via office laptop), and will soon be working on non secure terminals, which we will force not to cache any data and strict time out policies.

Of course things like Terminal Services and Remote Desktop work practically out of the box, just need to configure ip addresses etc for your particulars.

Yes its a lot of money - and maybe too much for your budget (just because you were mentioning £1-5k as examples) but its really worth it imo

Phemo · 16 Jun 2007 at 11:23

FrankJH said:
for 35 token users (but 25 concurrent connections) I seem to believe my company just bought a SSl/VPN box from Net -CRTL for about £10k ( I will check on the exact price later if you wish)

Out of curiousity, what box is it? I'm pretty familiar with the Juniper SA series and I know a bit about the F5 FirePass - I work at a Juniper and F5 distributor

FrankJH · 17 Jun 2007 at 16:48

Phemo said:
Out of curiousity, what box is it? I'm pretty familiar with the Juniper SA series and I know a bit about the F5 FirePass - I work at a Juniper and F5 distributor

I will have to check - think its a 2000 (certainly dont recognise the name F5 Firepass though)

BoomAM · 18 Jun 2007 at 17:42

Are there any alternatives to Citrix btw? or another way to do what i want to do?

Phemo · 18 Jun 2007 at 17:49

Well, F5's FirePass and Juniper's SA are SSL VPNs, so you just fire up a web browser, connect to whatever IP/URL the box is available on and then you have access to your company network. You can specify file share bookmarks, internal web servers, terminal servers and so on that you can connect to - all via a web interface. Or if you prefer, Juniper's SA has a feature available called Network Connect which downloads a client that provides full network access all tunnelled via SSL on port 443.

This is great if you mainly use web-based applications or for remote workers with laptops which have whatever software preinstalled. As an example, when I log into our SSL VPN box at work I'm presented with a list of web bookmarks, one of which is OWA or I can start up Network Connect then use my full Outlook client.

So it's different to Citrix in that you'd still need to have applications installed locally - with Citrix you can run the applications straight off the Citrix gateway whereas an SSL VPN just provides network access (or bookmarks for file shares/web links etc) tunnelled via port 443. Depends which way you'd like to go really, but I'm quite certain an SSL VPN solution is cheaper than a full blown Citrix AG setup.

BoomAM · 18 Jun 2007 at 22:41

Hmm.
Theres only really the one app we need to be able to run on a station, and if what you suggest can make a 'tunnel' to one of our network drives so that anyone with the software locally can access the stuff over the net, then that sounds good.

FrankJH · 19 Jun 2007 at 07:56

BoomAM said:
Hmm.
Theres only really the one app we need to be able to run on a station, and if what you suggest can make a 'tunnel' to one of our network drives so that anyone with the software locally can access the stuff over the net, then that sounds good.

Yes I can concur (even with my awful description above) this is exactly what it does, and it works well.

Even if you are on a standard home machine, which has never been near the office, netowrk connect still provides a lot of functionality (even remote printers etc if required) that otherwise would be impossible to implement.

I dont know about anyone else, but one thing we have found is that even with network connect working, a couple of database installs over the network (clicking on an MS Access file from an office machine installs db locally and runs it from C drive) just wont work remotely -either wired or wireless on an 8mb connection, I dont know what it is but they just refuse to install. This is however very minor, and we as a company are still looking at how major this is going to be in getting exectutives etc working from home (or whilest travelling) more conveniently and with fewer problems thsn the fixed lines /propreitary Cisco routers we have used in the past.

Net -Ctrl will even give you access to a remote box and a limited amount of concurrent conections to test it if you ask nicely

I have nothing at all to do with them, but they are incredibly professional and seeminly a good bunch of people.

FrankJH · 20 Jun 2007 at 11:25

One thing we forgot to budget for which may be of relevance when buying a SSL or Citrix box is a Verisign Certificate to classify the external box as a "safe" connection - you may also require a seperate certificate for OWA (Outlook Web Access) if you have /use it

Bash · 20 Jun 2007 at 12:37

BoomAM said:
£1000? £2000? £3000?
Just rough figures. Number of users would be a maximum of about 70. Although thats a extreme maximum, asuming every staff member logged in at the same time, which isnt very likely. .
Thanks.

You really need to go with the Citrix CAG. One would support up to 2000 user sessions. That may mean 200 users with ten apps (seesions) open concurrently. A CAG will cost around 3000 grand. You will then need a licence upgrade to your existing user Citrix licences. That cost will depend on how many users you currently have. 70 users wouldn't be much but you would need to contact your reseller.

You are also correct that the CAG is a tunnelled SSL VPN applicance that tunnels to your citrix farm through an AAC. It allows double authenitcation, you can create user policies before and after connection such as making sure the endpoint machine has the latest virus updates and patches before it will allow a connection onto your network. Once connected the user can be added to a policy where they are unable to copy any files from your network to their local remote machine etc etc. Another plus is that you have an end to end Citrix solution for remote connectivity that will help in the event of failures as you only need to engage with one supply to fix any issues.