Product Documentation

Preparing for a Double-Hop DMZ Deployment

To prepare appropriately and avoid unnecessary problems when configuring a double-hop DMZ deployment, you should answer the following questions:.

  • Do I want to support load balancing?
  • What ports do I need to open on the firewalls?
  • How many SSL certificates will I need?
  • What components do I need before I begin the deployment?

The topics in this section contain information to help you answer these questions as appropriate for your environment.

Components Required to Begin the Deployment

Before you begin a double-hop DMZ deployment, ensure that you have the following components:

  • At minimum, two NetScaler Gateway appliances must be available (one for each DMZ).

  • Servers running XenApp must be installed and operational in the internal network.

  • The Web Interface or Storefront must be installed in the second DMZ and configured to operate with the server farm in the internal network.

  • At minimum, one SSL server certificate must be installed on NetScaler Gateway in the first DMZ. This certificate ensures that the Web browser and user connections to NetScaler Gateway are encrypted.

    You need additional certificates if you want to encrypt connections that occur among the other components in a double-hop DMZ deployment.

Preparing for a Double-Hop DMZ Deployment