Secure Director deployment
This article highlights areas that might have an impact on system security when deploying and configuring Director.
Configure Microsoft Internet Information Services (IIS)
You can configure Director with a restricted IIS configuration.
You can set the following Application Pool recycling limits:
- Virtual Memory Limit: 4,294,967,295
- Private Memory Limit: The size of the physical memory of the StoreFront server
- Request Limit: 4,000,000,000
You can disallow unlisted file name extensions.
Director requires these file name extensions in Request Filtering:
Director requires the following HTTP verbs in Request Filtering. You can disallow unlisted verbs.
Director does not require:
- ISAPI filters
- ISAPI extensions
- CGI programs
- FastCGI programs
- Director requires Full Trust. Do not set the global .NET trust level to High or lower.
- Director maintains a separate application pool. To modify the Director settings, select the Director site and modify.
Configure user rights
When Director is installed, its application pools are granted the following:
- Log on as a service logon right
- Adjust memory quotas for a process, Generate security audits, and Replace a process level token privileges
The rights and privileges mentioned are normal installation behavior when application pools are created.
You do not need to change these user rights. These privileges are not used by Director and are automatically disabled.
In a production environment, use the Internet Protocol security (IPsec) or HTTPS protocols to secure the data passing between Director and your servers.
IPsec is a set of standard extensions to the Internet Protocol that provides authenticated and encrypted communications with data integrity and replay protection. Since IPsec is a network-layer protocol set, higher level protocols can use it without modification. HTTPS uses the Transport Layer Security (TLS) protocols to provide strong data encryption.
- Citrix strongly recommends that you restrict access to Director console within the intranet network.
- Citrix strongly recommends that you do not enable unsecured connections to Director in a production environment.
- Secure communications from Director require configuration for each connection separately.
- The SSL protocol is not recommended. Use the more secure TLS protocol instead.
- Secure your communications with Citrix ADC using TLS, not IPsec.
To secure communications between Director and Citrix Virtual Apps and Desktops servers (for monitoring and reports), refer to Data Access Security.
To secure communications between Director and Citrix ADC (for Citrix Insight), refer to Configure network analysis.
To secure communications between Director and License server, refer to Secure the License Administration Console.
Director security separation
You can deploy any web applications in the same web domain (domain name and port) as Director. However, any security risks in those web applications can potentially reduce the security of your Director deployment. Where a greater degree of security separation is required, Citrix recommends that you deploy Director in a separate web domain.