Notes, updates, and corrections for this video:
Since recording this video, several people have emailed me with more information and answers to some of the questions that I raised during the video.
What is the "after installation" dialog box for?
Berdt van der Lingen, from The Netherlands, sent me this answer:
It's quite simple. As you know, you have to switch to install mode before installing something on a Terminal Server in application mode. As a system administrator you could forget this, so in Windows 2003 server Microsoft is helping us a bit. When you start a file named install.exe or setup.exe, as in your demo, Windows automatically switches to install mode. After clicking "Finish" your server is switched back to execute mode. The after installation wizard seen here is the same as you see when you are installing an application on a Terminal Server using add/remove programs in your control panel.
More technical information about SafeWord for Citrix
I also received an email from Matt Westby, a systems engineer from Secure Computing. He writes:
One thing I noticed during the configuration of the Web Interface... you went to http://server3/ ..... and enabled "Require SafeWord authentication", you may have noticed that the other buttons are greyed out. This is by design for security reasons. If you connect to http://127.0.0.1/Citrix/MetaFrameXP/wiadmin then these buttons can be clicked and other features accessed. The main one (and one that a lot of my Citrix contacts and customers have really loved) is the ablity to require SafeWord authentication for all users in the domain, or users in a particular group in the domain, or users not in a particular group. (I have found that on some installations - you need to add 127.0.0.1 into the addresses that your IIS server is listening on in order to connect.)
Although not a requirement for using SafeWord for Citrix MetaFrame, I would personally also implement Citrix Secure Gateway. If the CSG and STA are not used, it may still be possible for a user to directly connect (via ICA protocol - tcp 1494) to the MetaFrame farm and launch applications. Most internet facing deployments of Citrix would be implemented with NFuse, CSG and STA anyway so that all communications are over port 443 (otherwise you have to start opening access to your internal LAN MetaFrame farm from the outside world, and need any remote connections not to block TCP1494).