SafeWord 1.1 for Citrix MetaFrame Installation and Configuration

Notes, updates, and corrections for this video: Since recording this video, several people have emailed me with more information and answers to some of the questions that I raised during the video. What is the "after installation" dialog box for?

Notes, updates, and corrections for this video:

Since recording this video, several people have emailed me with more information and answers to some of the questions that I raised during the video.

What is the "after installation" dialog box for?

Berdt van der Lingen, from The Netherlands, sent me this answer:

It's quite simple. As you know, you have to switch to install mode before installing something on a Terminal Server in application mode. As a system administrator you could forget this, so in Windows 2003 server Microsoft is helping us a bit. When you start a file named install.exe or setup.exe, as in your demo, Windows automatically switches to install mode. After clicking "Finish" your server is switched back to execute mode. The after installation wizard seen here is the same as you see when you are installing an application on a Terminal Server using add/remove programs in your control panel.

More technical information about SafeWord for Citrix

I also received an email from Matt Westby, a systems engineer from Secure Computing. He writes:

One thing I noticed during the configuration of the Web Interface... you went to http://server3/ ..... and enabled "Require SafeWord authentication", you may have noticed that the other buttons are greyed out. This is by design for security reasons. If you connect to http://127.0.0.1/Citrix/MetaFrameXP/wiadmin then these buttons can be clicked and other features accessed. The main one (and one that a lot of my Citrix contacts and customers have really loved) is the ablity to require SafeWord authentication for all users in the domain, or users in a particular group in the domain, or users not in a particular group. (I have found that on some installations - you need to add 127.0.0.1 into the addresses that your IIS server is listening on in order to connect.)

Although not a requirement for using SafeWord for Citrix MetaFrame, I would personally also implement Citrix Secure Gateway. If the CSG and STA are not used, it may still be possible for a user to directly connect (via ICA protocol - tcp 1494) to the MetaFrame farm and launch applications. Most internet facing deployments of Citrix would be implemented with NFuse, CSG and STA anyway so that all communications are over port 443 (otherwise you have to start opening access to your internal LAN MetaFrame farm from the outside world, and need any remote connections not to block TCP1494).

SafeWord_Installation_config.zip

Join the conversation

4 comments

Send me notifications when other members comment.

Please create a username to comment.

This message was originally posted by an anonymous visitor on September 29, 2004
This video was a brilliant help with understanding the install process for Safeword. The more of these on your site the better. Keep it up!
Cancel
Hello Brian,
 
I am big Fan of the work you do surrounding citrix... keep it up mate.
 
Now this is a strange one, I am working for an insurance company help with a citrix migration. Now they are currently using RSA for secure Access to apps, but part of the project is to test Safe word. What I find really strange is when I try to install the agent on the *External Web Interface/CSG Box running windows 2003 and PS4. I get an error “failed to parse manifest file”. Now this works fine on other server either 2000 or 2003 but not on the server in the DMZ, Any Ideas?
 
Rick
London
rick@compuwareconsultants.com
Cancel
You may want to assign more than one username to a single token if (real) users use more than one username for different privileges or parts of the system.
 
Although not ideal, security policies may dictate this, like for example an administrator having both an un-privileged account as well as one with (some less limited) administrator privileges.
 
Regards,
George.
 
P.S. Keep up the great work!
Cancel
The installer needs to download a file from a website to verify the install.
You need to make sure that the machine has internet access either directly or via a proxy server before running the setup program.
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close