Saturday, July 12, 2008

[THIN] Re: Typing Latency

Jim, that is exactly how ours are setup, auto for gb. Can you keep a constant ping up to the server without dropping a packet?


From: "Jim Cannon" <Mach1-70@mchsi.com>
Date: Sat, 12 Jul 2008 21:10:18 -0500
To: <thin@freelists.org>
Subject: [THIN] Re: Typing Latency

For the 10/100 NICS yes they are forced at 100 / FULL as are the switches but let me ask you a question….For GB there are no settings for forced GB so I assume they are just Auto right?

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Greenberg
Sent: Saturday, July 12, 2008 8:57 AM
To: thin@freelists.org
Subject: [THIN] Re: Typing Latency

 

How about something basic and stupid here- NIC speed/duplex settings matching with the switch?

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Cannon
Sent: Saturday, July 12, 2008 6:49 AM
To: thin@freelists.org
Subject: [THIN] Typing Latency

 

Well we are at our wits end with this one and looking for some advice…….

 

First our background: 

Windows 2003 Enterprise Server with SP2 - 32 BIT

Xenapp 4.0 with R04

Compaq C Series blades, Dual Quad Core Proc with 16 GB RAM, NICS are attached GB connection

Clients are connecting with the newest Full PN ICA Client 10.2 through Web Interface 4.5

 

We are experiencing typing delays and some random disconnects.  Session Reliability is kicking in from time to time with some session disconnects.  We have opened a case with Citrix and checked the normal stuff such as Network QOS traces, perfmon traces, and speedscreen settings to no avail……Clients are hard wired to the dual T1 network and the SMC traces appear clean even while the issue is occurring……Norton AV is installed on the workstations and Citrix Servers but real time scanning is disabled on the Citrix Servers and a nightly scan is conducted at 2:00 AM….Servers are rebooted weekly as well…..

 

Any ideas?

[THIN] Re: Typing Latency

For the 10/100 NICS yes they are forced at 100 / FULL as are the switches but let me ask you a question….For GB there are no settings for forced GB so I assume they are just Auto right?

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Greenberg
Sent: Saturday, July 12, 2008 8:57 AM
To: thin@freelists.org
Subject: [THIN] Re: Typing Latency

 

How about something basic and stupid here- NIC speed/duplex settings matching with the switch?

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Cannon
Sent: Saturday, July 12, 2008 6:49 AM
To: thin@freelists.org
Subject: [THIN] Typing Latency

 

Well we are at our wits end with this one and looking for some advice…….

 

First our background: 

Windows 2003 Enterprise Server with SP2 - 32 BIT

Xenapp 4.0 with R04

Compaq C Series blades, Dual Quad Core Proc with 16 GB RAM, NICS are attached GB connection

Clients are connecting with the newest Full PN ICA Client 10.2 through Web Interface 4.5

 

We are experiencing typing delays and some random disconnects.  Session Reliability is kicking in from time to time with some session disconnects.  We have opened a case with Citrix and checked the normal stuff such as Network QOS traces, perfmon traces, and speedscreen settings to no avail……Clients are hard wired to the dual T1 network and the SMC traces appear clean even while the issue is occurring……Norton AV is installed on the workstations and Citrix Servers but real time scanning is disabled on the Citrix Servers and a nightly scan is conducted at 2:00 AM….Servers are rebooted weekly as well…..

 

Any ideas?

[THIN] Re: Typing Latency

How about something basic and stupid here- NIC speed/duplex settings matching with the switch?

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Cannon
Sent: Saturday, July 12, 2008 6:49 AM
To: thin@freelists.org
Subject: [THIN] Typing Latency

 

Well we are at our wits end with this one and looking for some advice…….

 

First our background: 

Windows 2003 Enterprise Server with SP2 - 32 BIT

Xenapp 4.0 with R04

Compaq C Series blades, Dual Quad Core Proc with 16 GB RAM, NICS are attached GB connection

Clients are connecting with the newest Full PN ICA Client 10.2 through Web Interface 4.5

 

We are experiencing typing delays and some random disconnects.  Session Reliability is kicking in from time to time with some session disconnects.  We have opened a case with Citrix and checked the normal stuff such as Network QOS traces, perfmon traces, and speedscreen settings to no avail……Clients are hard wired to the dual T1 network and the SMC traces appear clean even while the issue is occurring……Norton AV is installed on the workstations and Citrix Servers but real time scanning is disabled on the Citrix Servers and a nightly scan is conducted at 2:00 AM….Servers are rebooted weekly as well…..

 

Any ideas?

[THIN] Typing Latency

Well we are at our wits end with this one and looking for some advice…….

 

First our background: 

Windows 2003 Enterprise Server with SP2 - 32 BIT

Xenapp 4.0 with R04

Compaq C Series blades, Dual Quad Core Proc with 16 GB RAM, NICS are attached GB connection

Clients are connecting with the newest Full PN ICA Client 10.2 through Web Interface 4.5

 

We are experiencing typing delays and some random disconnects.  Session Reliability is kicking in from time to time with some session disconnects.  We have opened a case with Citrix and checked the normal stuff such as Network QOS traces, perfmon traces, and speedscreen settings to no avail……Clients are hard wired to the dual T1 network and the SMC traces appear clean even while the issue is occurring……Norton AV is installed on the workstations and Citrix Servers but real time scanning is disabled on the Citrix Servers and a nightly scan is conducted at 2:00 AM….Servers are rebooted weekly as well…..

 

Any ideas?

Friday, July 11, 2008

[THIN] Re: How to set UPD printers to default to draft?

Thanks for that, Anthony. The UPD Tuner tool creates the registry settings alright – need to play around with it a bit now.

 

Thanks again,

 

Enda.

 

Enda Martin

Group IT Manager
WINDSOR MOTOR GROUP 


Belgard Road,
Tallaght,
Dublin 24
Phone: +353 1 4633500
Fax: +353 1 4633518
email: emartin@windsor.ie 
Web: www.windsor.ie             

-----Original Message-----
From: Anthony_Baldwin@mhsnr.org [mailto:Anthony_Baldwin@mhsnr.org]
Sent: 11 July 2008 14:14
To:
thin@freelists.org
Subject: [THIN] Re: How to set UPD printers to default to draft?

 


Enda,

I ran across this, http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/12/XenApp-UPD-Tuner-Documentation.aspx the other day.  I've never used the tool myself, but it looks like it'll help you tune the UPD.

There's an article on CitrixTools.net to go along with the tool as well, http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/6.aspx .

To answer your original question, if the Print key doesn't exist you need to create it.

Tony



"Enda Martin" <emartin@windsor.ie>
Sent by: thin-bounce@freelists.org

07/11/2008 04:04 AM

Please respond to
thin@freelists.org

To

<thin@freelists.org>

cc

 

Subject

[THIN] How to set UPD printers to default to draft?

 

 

 




Hi,
 
Running Citrix PS4.5 Advanced on W2k3 SP2 servers.
 
I am trying to set printers using the Citrix UPD to default to draft quality. This was apparently handled in the Presentation Server 4.5 Rollup 2.
 
I installed the rollup on one server, rebooted the machine and attempted to follow the instructions to change a value in the registry on that server. The value to change is in:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print\UPDDevmode
 
My problem is that the HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print\ folder does not exist in the registry.
 
Do I simply create it?
 
Any help much appreciated.
 
Thanks & Regards,
 
Enda.

Enda Martin
Group IT Manager
WINDSOR MOTOR GROUP



Belgard Road,
Tallaght,
Dublin 24

Phone: +353 1 4633500
Fax: +353 1 4633518
email:
emartin@windsor.ie
Web:
www.windsor.ie            
 


This e-mail message has been scanned for Viruses and Content


Important Notice: Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Windsor Motor Group. This e-mail is intended only for the use of the intended recipient(s) and may contain information that is privileged and/or confidential. If you are not the intended recipient, or a person responsible for delivering the message to the intended recipient, please note that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please notify us immediately by telephone and destroy the original. Thank you for your co-operation.

Windsor Motors
Company registered in Ireland, Registration No 26650
Registered office: Belgard Road, Dublin 24

 
 
 
CONFIDENTIALITY NOTICE:  This message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure or distribution 
is prohibited.  If you are not the intended recipient, please contact the 
sender by reply e-mail and destroy all copies of the original message.

This e-mail message has been scanned for Viruses and Content


Important Notice: Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Windsor Motor Group. This e-mail is intended only for the use of the intended recipient(s) and may contain information that is privileged and/or confidential. If you are not the intended recipient, or a person responsible for delivering the message to the intended recipient, please note that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please notify us immediately by telephone and destroy the original. Thank you for your co-operation.

Windsor Motors
Company registered in Ireland, Registration No 26650
Registered office: Belgard Road, Dublin 24

[THIN] Re: How to set UPD printers to default to draft?


Enda,

I ran across this, http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/12/XenApp-UPD-Tuner-Documentation.aspx the other day.  I've never used the tool myself, but it looks like it'll help you tune the UPD.

There's an article on CitrixTools.net to go along with the tool as well, http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/6.aspx .

To answer your original question, if the Print key doesn't exist you need to create it.

Tony




"Enda Martin" <emartin@windsor.ie>
Sent by: thin-bounce@freelists.org

07/11/2008 04:04 AM

Please respond to
thin@freelists.org

To
<thin@freelists.org>
cc
Subject
[THIN] How to set UPD printers to default to draft?





Hi,
 
Running Citrix PS4.5 Advanced on W2k3 SP2 servers.
 
I am trying to set printers using the Citrix UPD to default to draft quality. This was apparently handled in the Presentation Server 4.5 Rollup 2.
 
I installed the rollup on one server, rebooted the machine and attempted to follow the instructions to change a value in the registry on that server. The value to change is in:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print\UPDDevmode
 
My problem is that the HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print\ folder does not exist in the registry.
 
Do I simply create it?
 
Any help much appreciated.
 
Thanks & Regards,
 
Enda.

Enda Martin
Group IT Manager
WINDSOR MOTOR GROUP



Belgard Road,
Tallaght,
Dublin 24

Phone: +353 1 4633500
Fax: +353 1 4633518
email:
emartin@windsor.ie
Web:
www.windsor.ie            
 


This e-mail message has been scanned for Viruses and Content


Important Notice: Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Windsor Motor Group. This e-mail is intended only for the use of the intended recipient(s) and may contain information that is privileged and/or confidential. If you are not the intended recipient, or a person responsible for delivering the message to the intended recipient, please note that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please notify us immediately by telephone and destroy the original. Thank you for your co-operation.

Windsor Motors
Company registered in Ireland, Registration No 26650
Registered office: Belgard Road, Dublin 24

   CONFIDENTIALITY NOTICE:  This message, including any attachments, is for  the sole use of the intended recipient(s) and may contain confidential and  privileged information.  Any unauthorized review, use, disclosure or distribution  is prohibited.  If you are not the intended recipient, please contact the  sender by reply e-mail and destroy all copies of the original message. 

[THIN] How to set UPD printers to default to draft?

Hi,

 

Running Citrix PS4.5 Advanced on W2k3 SP2 servers.

 

I am trying to set printers using the Citrix UPD to default to draft quality. This was apparently handled in the Presentation Server 4.5 Rollup 2.

 

I installed the rollup on one server, rebooted the machine and attempted to follow the instructions to change a value in the registry on that server. The value to change is in:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print\UPDDevmode

 

My problem is that the HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print\ folder does not exist in the registry.

 

Do I simply create it?

 

Any help much appreciated.

 

Thanks & Regards,

 

Enda.

Enda Martin

Group IT Manager
WINDSOR MOTOR GROUP 


Belgard Road,
Tallaght,
Dublin 24
Phone: +353 1 4633500
Fax: +353 1 4633518
email: emartin@windsor.ie 
Web: www.windsor.ie             

 


This e-mail message has been scanned for Viruses and Content


Important Notice: Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Windsor Motor Group. This e-mail is intended only for the use of the intended recipient(s) and may contain information that is privileged and/or confidential. If you are not the intended recipient, or a person responsible for delivering the message to the intended recipient, please note that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please notify us immediately by telephone and destroy the original. Thank you for your co-operation.

Windsor Motors
Company registered in Ireland, Registration No 26650
Registered office: Belgard Road, Dublin 24

[THIN] Frequently Citrix sessions disconnected

Hi
I have a client with three Citrix servers running pm4
 
Policy settings for session is no time out, no disconnected session end and no more than on session per user.
 
Issue 1
I will have about 4 to 5 user (from LAN) sessions abruptly disconnected per day and I have to close all user opened files and log them off before they can reconnect again.
 
Issue 2
A user (from remote through CAG) will end up with more than one session. This never happens to local users.
 
Can anyone shed some lights on how to start trouble-shooting this. First issue may be difficult as it may have lots of parameter to consider.
Thanks
 
Thomas Mackey
 
T 02 8801 3453 | M 0413 059 022 | F 02 8875 7852 | E thomas.mackey@tecala.com.au | W www.tecala.com.au
 
Head Office: Level 9 | 123 Epping Road | North Ryde 2113 | T 1300-TECALA
 
Operations Centre: Level 4 | Suite A36-A37 | 32 Lexington Drive | Norwest Business Park 2153
 
 
 

Thursday, July 10, 2008

[THIN] Re: wisptis.exe remove?

Talk about a brain fart -- i thought there was a way to go a bout within Citrix PS

On Thu, Jul 10, 2008 at 5:10 PM, Joe Shonk <joe.shonk@gmail.com> wrote:

Right Click on the file and goto the security tab…  Remove any entries (Users, Domain Users, Everyone, etc)  from the list.   You may need to click the advanced button to prevent the file from inheriting permissions from the folder.

 

Joe

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Harry Singh
Sent: Thursday, July 10, 2008 2:00 PM
To: thin@freelists.org
Subject: [THIN] Re: wisptis.exe remove?

 

Joe -  how could you deny users access to the file ?

On Thu, Jul 10, 2008 at 4:39 PM, Joe Shonk <joe.shonk@gmail.com> wrote:

Yup.. Easiest way is to deny users access to the file.

Joe


-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Holley, Mark
Sent: Thursday, July 10, 2008 1:20 PM
To: thin@freelists.org
Subject: [THIN] wisptis.exe remove?

I found this on some of my servers and I was wondering if I should treat
this process the same as CTFMON.exe.

I seem to remember this was installed with abode or Office 2003 and I
was hoping to find out how popular removing this process was.

Thanks,

Mark Holley
Technology Engineering & Deployment Group
City of Jacksonville
Holley@coj.net

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

 


[THIN] Re: wisptis.exe remove?

Right Click on the file and goto the security tab…  Remove any entries (Users, Domain Users, Everyone, etc)  from the list.   You may need to click the advanced button to prevent the file from inheriting permissions from the folder.

 

Joe

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Harry Singh
Sent: Thursday, July 10, 2008 2:00 PM
To: thin@freelists.org
Subject: [THIN] Re: wisptis.exe remove?

 

Joe -  how could you deny users access to the file ?

On Thu, Jul 10, 2008 at 4:39 PM, Joe Shonk <joe.shonk@gmail.com> wrote:

Yup.. Easiest way is to deny users access to the file.

Joe


-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Holley, Mark
Sent: Thursday, July 10, 2008 1:20 PM
To: thin@freelists.org
Subject: [THIN] wisptis.exe remove?

I found this on some of my servers and I was wondering if I should treat
this process the same as CTFMON.exe.

I seem to remember this was installed with abode or Office 2003 and I
was hoping to find out how popular removing this process was.

Thanks,

Mark Holley
Technology Engineering & Deployment Group
City of Jacksonville
Holley@coj.net

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

 

[THIN] Re: wisptis.exe remove?

Joe -  how could you deny users access to the file ?


On Thu, Jul 10, 2008 at 4:39 PM, Joe Shonk <joe.shonk@gmail.com> wrote:
Yup.. Easiest way is to deny users access to the file.

Joe

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Holley, Mark
Sent: Thursday, July 10, 2008 1:20 PM
To: thin@freelists.org
Subject: [THIN] wisptis.exe remove?

I found this on some of my servers and I was wondering if I should treat
this process the same as CTFMON.exe.

I seem to remember this was installed with abode or Office 2003 and I
was hoping to find out how popular removing this process was.

Thanks,

Mark Holley
Technology Engineering & Deployment Group
City of Jacksonville
Holley@coj.net

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: wisptis.exe remove?

Yup.. Easiest way is to deny users access to the file.

Joe

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Holley, Mark
Sent: Thursday, July 10, 2008 1:20 PM
To: thin@freelists.org
Subject: [THIN] wisptis.exe remove?

I found this on some of my servers and I was wondering if I should treat
this process the same as CTFMON.exe.

I seem to remember this was installed with abode or Office 2003 and I
was hoping to find out how popular removing this process was.

Thanks,

Mark Holley
Technology Engineering & Deployment Group
City of Jacksonville
Holley@coj.net

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] wisptis.exe remove?

I found this on some of my servers and I was wondering if I should treat
this process the same as CTFMON.exe.

I seem to remember this was installed with abode or Office 2003 and I
was hoping to find out how popular removing this process was.

Thanks,

Mark Holley
Technology Engineering & Deployment Group
City of Jacksonville
Holley@coj.net

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: ICA Client Encryption

My understanding of how this works is that for external traffic, your ICA
traffic between the client and CAG is encrypted. The strength depends on
the cert you purchase. If you add RSA then of course you have two factor
authentication. You can use another cert to encrypt the traffic between WI
and Presentation server to secure the XML traffic. By turning on ICA
encryption you are essentially protecting the internal ICA traffic. Anyone
using certs to secure their XML traffic between WI and Presentation server
if both are in internal network?

Mike
Original Message:
-----------------
From: Steve Greenberg steveg@thinclient.net
Date: Thu, 10 Jul 2008 07:05:22 -0700
To: thin@freelists.org
Subject: [THIN] Re: ICA Client Encryption


Yes, Briforum rocked!!

If all external connections are AG then the outside is "protected", the
question is how important is it to encrypt traffic on the inside. Keep in
mind that ICA is not your biggest internal exposure, the html and xml stuff
between WI, AG and the XML service is actually more vulnerable. To secure
this stuff you need certs between these boxes. As far as 128 ICA encryption
I would always turn it on, the few % of CPU it might take is worth knowing
that the ICA traffic is secure as it travels around, also consider
encrypting authentication in any scenario .

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

_____

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Jensen, Jay
Sent: Thursday, July 10, 2008 5:58 AM
To: thin@freelists.org
Subject: [THIN] ICA Client Encryption

Hello gang, BriForum 2008 at Chicago Navy's Pier rocked!! What a relaxed
and awesome venue!

My new boss wants to put the ICA (XenApp Client 10.20) encryption level
from our previous 128-bit encryption to Basic encryption when we migrate to
our new XenApp 4.5 Farm. In the past we have always used 128-bit encryption
due to security to reduce any chance a hacker could intercept our ICA TCP/IP
packets and jeopardize our Citrix Farm / Corporate data. We are an
international business with over a 250-server farm so it is imperative we
get it right!

We use CSG today for our External Citrix connection and we are in the
process of migrating to Access Gateway both internally and externally.

What is everyone else using for ICA client encryption and/or can you point
me to a whitepaper or recommendation site what is the best practice on ICA
Client encryption? I guess I am old school and maybe I am being stupid in
recommending 128-bit encryption on the ICA client and I would like one of
experts in this list to guide me in the rigiht direction and ease my fears
that Basic ICA encryption is what should be used!

Thank You in advance for your assistance.

Jay Jensen
Citrix Team
Americas Sales and Distribution IT
Trane Commercial Systems
Ingersoll Rand

3600 Pammel Creek Road, La Crosse, WI 54601
Tel: 608-787-4619

E-mail: jjensen@trane.com

www.trane.com

The information in this message is the property of Ingersoll Rand Company.
This message is intended only for the use of the addressee named above and
may contain legally privileged and/or confidential information. If you are
not the intended recipient of this message, you are hereby notified that any
use, dissemination, distribution or copying of this message is strictly
prohibited. If you receive this message in error, please notify us
immediately by telephone or return e-mail and delete the message, all copies
thereof and any attachments. We thank you for your cooperation.

--------------------------------------------------------------------
mail2web.com – Enhanced email for the mobile individual based on Microsoft®
Exchange - http://link.mail2web.com/Personal/EnhancedEmail


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

[THIN] Re: ICA Client Encryption

I think if you read the Citrix documentation they call basic “scrambling” and define it as something like switching things around so passwords and logins are not obvious to a sniffer/snooper, not the kind of thing that makes you sleep well at night!

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Robert K Coffman Jr. -Info From Data Corp.
Sent: Thursday, July 10, 2008 7:14 AM
To: thin@freelists.org
Subject: [THIN] Re: ICA Client Encryption

 

I think Steve's recommendation is solid.

 

Why does he want to useBasic encryption?  It's really not secure and I don't know that Citrix should even call it encryption.

 

- Bob

 

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jensen, Jay
Sent: Thursday, July 10, 2008 5:58 AM
To: thin@freelists.org
Subject: [THIN] ICA Client Encryption

 

Hello gang, BriForum 2008 at Chicago Navy’s Pier rocked!!  What a relaxed and awesome venue!

 My new boss wants to put the ICA (XenApp Client 10.20) encryption level from our previous 128-bit encryption to Basic encryption when we migrate to our new XenApp 4.5 Farm.  In the past we have always used 128-bit encryption due to security to reduce any chance a hacker could intercept our ICA TCP/IP packets and jeopardize our Citrix Farm / Corporate data.  We are an international business with over a 250-server farm so it is imperative we get it right!

We use CSG today for our External Citrix connection and we are in the process of migrating to Access Gateway both internally and externally.

What is everyone else using for ICA client encryption and/or can you point me to a whitepaper or recommendation site what is the best practice on ICA Client encryption?  I guess I am old school and maybe I am being stupid in recommending 128-bit encryption on the ICA client and I would like one of experts in this list to guide me in the rigiht direction and ease my fears that Basic ICA encryption is what should be used!

Thank You in advance for your assistance.

Jay Jensen
Citrix Team
Americas Sales and Distribution IT
Trane Commercial Systems
Ingersoll Rand

3600 Pammel Creek Road, La Crosse, WI  54601
Tel: 608-787-4619

E-mail: jjensen@trane.com
www.trane.com
The information in this message is the property of Ingersoll Rand Company. This message is intended only for the use of the addressee named above and may contain legally privileged and/or confidential information.  If you are not the intended recipient of this message, you are hereby notified that any use, dissemination, distribution or copying of this message is strictly prohibited.  If you receive this message in error, please notify us immediately by telephone or return e-mail and delete the message, all copies thereof and any attachments. We thank you for your cooperation.

 

 

[THIN] Re: ICA Client Encryption

I think Steve's recommendation is solid.
 
Why does he want to use Basic encryption?  It's really not secure and I don't know that Citrix should even call it encryption.
 
- Bob
 
 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jensen, Jay
Sent: Thursday, July 10, 2008 5:58 AM
To: thin@freelists.org
Subject: [THIN] ICA Client Encryption

 

Hello gang, BriForum 2008 at Chicago Navy’s Pier rocked!!  What a relaxed and awesome venue!

 My new boss wants to put the ICA (XenApp Client 10.20) encryption level from our previous 128-bit encryption to Basic encryption when we migrate to our new XenApp 4.5 Farm.  In the past we have always used 128-bit encryption due to security to reduce any chance a hacker could intercept our ICA TCP/IP packets and jeopardize our Citrix Farm / Corporate data.  We are an international business with over a 250-server farm so it is imperative we get it right!

We use CSG today for our External Citrix connection and we are in the process of migrating to Access Gateway both internally and externally.

What is everyone else using for ICA client encryption and/or can you point me to a whitepaper or recommendation site what is the best practice on ICA Client encryption?  I guess I am old school and maybe I am being stupid in recommending 128-bit encryption on the ICA client and I would like one of experts in this list to guide me in the rigiht direction and ease my fears that Basic ICA encryption is what should be used!

Thank You in advance for your assistance.

Jay Jensen
Citrix Team
Americas Sales and Distribution IT
Trane Commercial Systems
Ingersoll Rand

3600 Pammel Creek Road, La Crosse, WI  54601
Tel: 608-787-4619

E-mail: jjensen@trane.com
www.trane.com
The information in this message is the property of Ingersoll Rand Company. This message is intended only for the use of the addressee named above and may contain legally privileged and/or confidential information.  If you are not the intended recipient of this message, you are hereby notified that any use, dissemination, distribution or copying of this message is strictly prohibited.  If you receive this message in error, please notify us immediately by telephone or return e-mail and delete the message, all copies thereof and any attachments. We thank you for your cooperation.