Stneware Inc. Citrix NFuse Cnfiguratin Stneware, Inc. Cnfiguratin Sheet Date: January 2005
Intrductin This dcument prvides the infrmatin necessary t cnfigure Citrix Metaframe and NFuse behind the webnetwrk Server/Relay. Objectives Create Virtual HTTP Server cnfiguratin fr NFuse Server. Users will access the list f published applicatins thrugh this secure cnnectin. Create HTTP Prxy cnfiguratin t prvide SSL access t all Citrix Metaframe Servers. Users will access all Citrix Metaframe servers thrugh this single secure cnnectin. Create Frm bject fr Single Sign-n t NFuse Server. This bject will prvide single sign-n services t the NFuse server. Supprts Citrix Farms and lad balancing Requirements webnetwrk 4.0e (htfix 1) r abve Citrix Metaframe NFuse 1.7 r abve Enable a Lgin Plicy n the Relay A lgin plicy is required t supprt IP security Brwse and lcate the Default Relay cnfiguratin bject Select the AUTHENTICATION panel Brwse and select the LginPlicy bject Restart the webnetwrk Relay
* The new lgin page is /stneware/webserv/lginplicy.jsp. Yu may wish t custmize this lgin page with yur wn lk and feel. Refer t the lgin plicy chapter in yur webnetwrk 4.0 manual. Steps 1) Create a NFuse Single Sign-n Frm a) Under the Relay Cnfiguratin bject create a FORM bject b) Give the Frm bject a name (i.e. NfuseFrm) c) Enter the Frm URL f /citrix/nfuse17/lgin.asp d) Enter the Actin f the frm /citrix/nfuse17/lgin.asp e) Enter the Methd f the frm POST f) Enter the fllwing INPUT names and values i) Name = user Value = @@typelessuserid@@ ii) Name = Lgin Type Value = Explicit iii) Name = dmain iv) Name = passwrd Value = [Dmain Name] Value = @@passwrd@@ g) Save the frm bject 2) Create web applicatin fr the NFuse Server a) In the cntainer hlding the webnetwrk bjects create a HOST bject i) Give the HOST bject a name (i.e. Nfuse Server) ii) Enter the IP address r DNS name f the NFuse Server iii) Enter the prt number f the NFuse Server (i.e. 80) iv) Save the Hst bject b) In the cntainer hlding the webnetwrk bjects create a WebApplicatin bject i) Give the WebApplicatin an bject name (i.e Nfuse) ii) Select the Web Applicatin Type f HTTP Virtual Server iii) Enter a DNS name fr the Virtual Server (i.e. - nfuse.stne-ware.cm) (1) This name shuld be in the same DNS dmain as the relay (2) This name shuld reslve t the webnetwrk Relay
(3) Requests t this DNS name will be securely redirected by the webnetwrk Relay t the NFuse Server. iv) Select a Hst fr the NFuse applicatin (1) Brwse and select the NFuse Server created in step 2a. v) Select the Relay r Relays that will prvide access t the hst (1) Brwse and select the Relay cnfiguratin bject that will allw access t the Nfuse server. vi) Enter the Startup URL (1) Enter the Frm URL that will trigger the single sign-n (2) /citrix/nfuse17/lgin.asp vii) Select NEXT buttn viii) Select NEXT thrugh the OPTIONS panel ix) Select the NFuseFrm created in Step 1 n the Authenticatin Panel (1) Brwse and select the NFuseFrm bject under the relay cnfiguratin x) Select NEXT thrugh the Rules panel xi) Create an NFuse Link (1) Enter the Link Name (i.e. Citrix Applicatins) (2) Select a menu where the link shuld be created (3) Brse and select the users that shuld be assigned t the link (4) Select the SAVE buttn 3) Create a hst fr each Citrix Metaframe Server a) In the cntainer hlding the webnetwrk bjects create a HOST bject b) Give the HOST bject a name (i.e. Metaframe 1) c) Enter the DNS name r IP address f the Metaframe Server (i.e. metaframe1.stneware.cm) d) Enter the Prt number f the Metaframe Server (i.e. 1494) e) Save the Hst bject 4) Create a web applicatin fr the Citrix Server(s) a) In the cntainer hlding the webnetwrk bjects create a Web Applicatin bject b) Give the WebApplicatin an bject name (i.e. Citrix Metaframe) c) Select HTTP Prxy as the web applicatin type
d) Enter an External Prt (i.e. 8080) e) Select the HOST bject r bjects (Citrix Metaframe Hsts) f) Select the Relay that will prvide access t the g) Select the NEXT buttn t cntinue h) Check the Launch n Start bx n the OPTIONS panel i) Select the NEXT buttn t cntinue j) Select the NEXT buttn n the AUTHENTICATION panel k) Select the NEXT buttn n the RULES panel l) Select the SAVE buttn n the ACCESS CONTROL panel i) Enter a Link Name, Descriptin, and assign the link t users 5) Restart the webnetwrk Relay t lad the changes * Or enable autmatic web applicatin updates n the relay cnfiguratin bject 6) Cnfigure ICA client t use the Citrix HTTPS Prxy a) The ICA client can be cnfigured directly thrugh Prgram Neighbrhd r NFuse Administratin t use a Secure Prxy lcated under Firewall Settings. Enter the fllwing infrmatin: i) Prxy server address (Relay s DNS name r IP address) ii) Prxy server prt (HTTPS Prxy prt f 8080) r the prt set in step 4d 7) Test cnfiguratin a) Lgin t webnetwrk Server Diagram The webnetwrk Relay and Server are cnfigured t secure bth the NFuse Server (IIS r Apache) and the Citrix Metaframe Servers. The webnetwrk Relay can access the NFuse and Citrix servers directly r via the Pipeline service.
The webnetwrk Relay perfrms a backgrund authenticatin t the NFuse server via the frm bject created. The webnetwrk user is presented with a list f published applicatins thrugh the NFuse interface. When a user selects a published applicatin the Citrix Client (Windws, Java, ActiveX, etc) will cnnect ver the Secure HTTPS Prxy n the webnetwrk Relay access the desired Citrix Metaframe server.