IT Employment

General discussion

Locked

Citrix Enviornment

By Starbury ·
Hi everyone,
we are currently expanding the amount of users that we have using our citrix metaframe connection. I was wondering how are people addressing the issue of web surfing. I dont want to personally use IE since it is located on the server, I do not want users navigating to sites that could potentially have malicious content and possible compromise the whole system. My suggestion is to use Mozilla or maybe even firefox as a web browser. The only thing is that my boss doesnt see a real need to switch. we also are utilizing more thin clients so this is the only means for people connecting to the system..... I'm curious about how people are running similar systems.

please advise
thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Proxy Server

by BFilmFan In reply to Citrix Enviornment

Allow the surfing through a proxy server and only allow the users to see the sites that are approved.

This works for clients from 10 users to hundreds of thousands.

Collapse -

Proxy

by Starbury In reply to Proxy Server

Would setting up a proxy server be the only option to securely allow users to surf via the citrix connection. To my understanding a proxy server just basically screens (or caches ) the approved websites . The client machines have to contact the proxy and then depending on our settings the proxy lets them view the sites that they are requesting.

Also, would this work? We currently have software that controls the websites that users are currently allowed to view. Can we use this instead of the Proxy server. Therefore if the unfortunate user wanders to some random site, they would be blocked and we would know. Is this a viable alternative. Are they any vunerabilities involved with this approach..

Thank you for all your ideas and comments.

Collapse -

IE and safety

by Ben "Iron" Damper In reply to Proxy

If you combine a good firewall, proxy, and use policy's to look down Internet Explorer options for the regular users you should be just fine. My company has 21 Citrix servers with about 700 users and we have been running just fine with IE using my above set up for three years now without a hitch. And naturally keep your AV up to date as well as server patch management.

Collapse -

I Agree

by bullitch_1978 In reply to IE and safety

i guess updated antivirus, firewall, proxy is fine. during my early months at work my systems and network administrator doesn't have a good antivirus, no firewall and no proxy. sometime our systems crashed. he was fired. lol. i tried to using a good AV, updates it when there's available and now it works fine for five months.

Collapse -

IE & Safety Agreement

by CrazyHickman In reply to IE and safety

I have been involved in an environment where there are over 100 Citrix servers in one farm and there has been no issues using a good firewall, proxy and GPOs to lock down IE. I must agree completely with this suggestion.

Collapse -

I Concur

by isapp In reply to IE and safety

We've been running three Citrix servers for almost four years with no major issues. One thing that saves us is that our users have NO rights to install anything. They can look but can't download. We also have AV, very specific policies, etc. It would be impossible for us to allow users to surf only approved sites as we do lots of research on line. We don't know what we need to see until we see it.

We see no need to use anything other than IE, nor will we be instituting access lists. Simply not an issue here.

Collapse -

Citrix Enviornment

by D-MAN7257 In reply to Citrix Enviornment

i have used several different browser base for Citrix. the best thing i have found is a good AV solution for internal system. for external that you can not control i would recommend using Content redirection for IE. if you where to publish IE as an application and set GPO or local policy to control activeX and other user prefs. this should keep your user a little more safer as well as your system more out of harms way.

Collapse -

AV and policy

by skc In reply to Citrix Enviornment

Use policy to lock down IE to desire level and keep AV definition up to date (religiously). Than using IE should be fine. Of cause there must be a firewall as well.

**** luck!!

Kit

Collapse -

Not all is as it appears

by tundraroamer In reply to Citrix Enviornment

While I agree about policies and redundant servers, I have all 50 or so users on a single Citrix server that also provides MS Office. All users are on thinclients. All users surf the net with IE 5.5 through Citrix. We have other application servers for the rest of our needs. The only consistent surfing problems are related to Adobe files. One website that several users may be on at one time reading plans and specifications can cause some server slowness because Adobe reader is a resource hog. Otherwise it works well. We even have branch locations that all go through the same server through VPN's. We have been doing this for about 6 years or so. While we need to upgrade to two servers, we are doing okay.
However, I should also note that we use Trend's ServerProtect, OfficeScan and ScanMail products along with a Barracuda device for anti-spam/AV. I am looking into another appliance for web monitoring and control that is Citrix compatible and configurable. This helps to maintain control on problems that may come up from users getting into trouble while on the net. User training is a must! I tried using a proxy server for Internet control/filter but it was cumbersome and slowed the response time too much (Surfwatch over IIS on separate NT server). Plus after it was all set up, users could disable the proxy server setting through IE and directly surf the net. The policy to prevent that does not always work for all users as I later found out. A problem with the NT Term Server profiles I suspect. If you farm out the servers, surfing should not be a real issue as long as users know that certain types of functions are not allowed like downloaded mpeg or mp3's for non business use.
Once, in testing our new Internet connection, at the end of the day, I had the majority of the users connect to a NASA website at the exact same time to view a mpeg of a shuttle launch. It slammed the server hard but it did not crash and everyone saw the video.

Collapse -

Web Browsing in Citrix

by JayMiller25 In reply to Citrix Enviornment

Here's what I'd look at:

- Does your organization place any restrictions on web surfing? If so, then just set it up so the Citrix servers can only browse to approved web sites.

- Firefox will work in a Citrix session (as you probably already know). There's a little more config. you have to do to the browser to get it how you want....but it's worth it.

As far as convincing your boss: Fire up Adware on his machine and scan for spyware. THEN, install firefox and tell him to use that for a week...then scan again. If that doesn't convince him, I don't know what will.

Good luck.

Related Discussions

Related Forums