We are using Citrix Xen App 4.5. Our clients come from outside our network using a wi. We also have internal clients using Thinclients configured to use tcp+https
We are wanting to turn Trust requests sent to the XML Service. Citrix says if you turn this on make sure to secure with IPSec, firewalls or other tech before hand.
When we started looking at firewall settings we are fine with securing port 80/443 on the ZDC to allow access only from WI servers but then we run into problems with our TC's as they also point to our ZDC.
At this point we don't think it is practical or the best practice to allow all the ip ranges for our tc to access.
So what to do.
A couple of idea's we came up with was to setup an XML server (citrix) and point to it from the TC's (thus being able to secure the ZDC). Not sure if this makes sense.
The other option is to change the TC configuration to use PNA (if it is available (not sure)) and then I think it would query the WI rather than ZDC.
Can anyone else out there provide some guidance. Thanks a bunch.