Citrix Gateway

Preparing for a Double-Hop DMZ Deployment

To prepare appropriately and avoid unnecessary problems when configuring a double-hop DMZ deployment, you must answer the following questions:

  • Do I want to support load balancing?
  • What ports do I must open on the firewalls?
  • How many SSL certificates do I need?
  • What components do I need before I begin the deployment?

The topics in this section contain information to help you answer these questions as appropriate for your environment.

Components Required to Begin the Deployment

Before you begin a double-hop DMZ deployment, ensure that you have the following components:

  • At minimum, two Citrix Gateway appliances must be available (one for each DMZ).

  • Servers running Citrix Virtual Apps must be installed and operational in the internal network.

  • The Web Interface or StoreFront must be installed in the second DMZ and configured to operate with the server farm in the internal network.

  • At minimum, one SSL server certificate must be installed on Citrix Gateway in the first DMZ. This certificate ensures that the Web browser and user connections to Citrix Gateway are encrypted.

    You need extra certificates if you want to encrypt connections that occur among the other components in a double-hop DMZ deployment.

Preparing for a Double-Hop DMZ Deployment