Use TLS to secure
the connections between user devices and the Secure Gateway. To do this, deploy
SSL/TLS-enabled plug-ins and configure the Secure Gateway at the network
perimeter, typically in a demilitarized zone (DMZ).
You ca secure the
connections between users’ seb browsers and the Web Interface by using the
secure protocol HTTPS. Additionally, secure communication between the Web
Interface and the XenApp servers using TLS.
shows a detailed view of this deployment.
In this deployment,
the Secure Gateway removes the need to publish the address of every XenApp
server in the farm and provides a single point of encryption and access to the
farm. The Secure Gateway does this by providing a gateway that is separate from
the XenApp servers and reduces the issues for firewall traversal to a
widely-accepted port for ICA traffic in and out of the firewalls.
deployment is highly scalable, the trade-off is that ICA communication is
encrypted only between user devices and the Secure Gateway, not between the
Secure Gateway and the XenApp servers.
Note: The SSL Relay In
this deployment is used to encrypt communication between the Web Interface and
the XML Service running on the XenApp servers. The Secure Gateway communicates
with the XenApp servers directly, so the SSL Relay is not used for
communication between the Secure Gateway and the server farm.
You can secure the
communication between the Secure Gateway and the server farm using IPSec, as
shown in this deployment.
shows a detailed view of this deployment, which includes IPSec.