GoToMyPC Corporate Advanced Firewall Support Features



Similar documents
Citrix GoToAssist Corporate 9.0. Reviewer s Guide. Featuring the New Addition of. Mac Support

GoToMyPC Technology Making Life Simpler for Remote and Mobile Workers

WHITE PAPER. GoToMyPC. Citrix GoToMyPC Corporate Security FAQs. Common security questions about Citrix GoToMyPC Corporate.

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

GoToAssist. Technology and Security Overview. Citrix Online Division 5385 Hollister Avenue Santa Barbara, CA Like being there.

GoToMyPC. Remote Access Technologies: A Comparison of GoToMyPC and Microsoft Windows XP Remote Desktop

GoToMyPC Corporate Security FAQs

CMPT 471 Networking II

FortKnox Personal Firewall

GoToMyPC and. pcanywhere. expertcity.com. Remote-Access Technologies: A Comparison of

Expertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition

Driving IT help desk efficiency with customer-centric remote support

WHITE PAPER Citrix Secure Gateway Startup Guide

Sync Security and Privacy Brief

Citrix Access Gateway Plug-in for Windows User Guide

Click Studios. Passwordstate. Installation Instructions

Unisys Internet Remote Support

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Remote Management Reference

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

NEFSIS DEDICATED SERVER

NETASQ SSO Agent Installation and deployment

SSL VPN Technology White Paper

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

athenahealth Interface Connectivity SSH Implementation Guide

Windows Remote Access

Where do you work? Where do you work?

SSL SSL VPN

GoToAssist Remote Support HIPAA compliance guide

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Proxies. Chapter 4. Network & Security Gildas Avoine

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Setting Up Scan to SMB on TaskALFA series MFP s.

Kaseya Server Instal ation User Guide June 6, 2008

Step-by-Step Configuration

Overview - Using ADAMS With a Firewall

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Overview - Using ADAMS With a Firewall

IMF Tune Quarantine & Reporting Running SQL behind a Firewall. WinDeveloper Software Ltd.

TFS ApplicationControl White Paper

Networking Best Practices Guide. Version 6.5

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

Security Overview Introduction Application Firewall Compatibility

Network Configuration Settings

GoToAssist Integration White Paper

Docufide Client Installation Guide for Windows

Corporate and Payment Card Industry (PCI) compliance

System Management. What are my options for deploying System Management on remote computers?

Chapter 9 Firewalls and Intrusion Prevention Systems

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Remote Management Reference

ENABLING RPC OVER HTTPS CONNECTIONS TO M-FILES SERVER

NETWRIX EVENT LOG MANAGER

Chapter 6 Virtual Private Networking Using SSL Connections

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

7.1. Remote Access Connection

Microsoft Labs Online

ProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

SiteCelerate white paper

System Planning, Deployment, and Best Practices Guide

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Executive Brief for Sharing Sites & Digital Content Providers. Leveraging Hybrid P2P Technology to Enhance the Customer Experience and Grow Profits

Locking down a Hitachi ID Suite server

MadCap Software. Upgrading Guide. Pulse

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Barracuda Link Balancer Administrator s Guide

How to Secure a Groove Manager Web Site

Firewalls. Ahmad Almulhem March 10, 2012

Network Defense Tools

PLATO Learning Environment System and Configuration Requirements. for workstations. April 14, 2008

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA USA. November v1.0

NetSpective Global Proxy Configuration Guide

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

MaaS360 Mobile Enterprise Gateway

Content Page. 1 Remote Access - HEIDELBERG's interactive remote service approach 2. 2 How HEIDELBERG's remote service approach works 3

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

F-SECURE MESSAGING SECURITY GATEWAY

V Series Rapid Deployment Version 7.5

CSCI Firewalls and Packet Filtering

Sage ERP Accpac Online

CTERA Agent for Mac OS-X

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Cornerstones of Security

CBE system requirements

Fig : Packet Filtering

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

FileMaker Pro 13. Using a Remote Desktop Connection with FileMaker Pro 13

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Transcription:

F A C T S H E E T GoToMyPC Corporate Advanced Firewall Support Features Citrix GoToMyPC Corporate features Citrix Online s advanced connectivity technology. We support all of the common firewall and proxy configurations found on corporate LANs today. There is usually no need to adjust your network or firewall. Our software makes smart, secure use of your existing firewall and proxy configurations. And, with our comprehensive set of additional security features, you can take a flexible approach to balancing maximum performance with modern network security. The intended audience for this document: Network Administrators desiring assistance with the setup of GoToMyPC Corporate in environments where it does not function optimally upon the initial setup. Network Administrators looking to maximize the performance of GoToMyPC Corporate by tuning their environment. Security Administrators needing to understand the communication behavior of GoToMyPC Corporate to evaluate any impact on network security. Briefly, let s revisit the main purpose of your network s firewall and proxies: Firewalls prevent intruders from communicating directly with machines on the inside where they might exploit vulnerabilities. Firewalls prevent compromised machines on the inside from contacting arbitrary services on the outside to leak information or attack further machines. Firewalls may scan and filter incoming documents for viruses and other attacks. Proxies are similar to firewalls in the way they filter, but they additionally provide an audit trail of accessed Web resources. Proxies reduce bandwidth usage through caching. Our lightweight software components dynamically analyze your firewall/proxy setup and conditions and find the best paths for connectivity. In establishing this connectivity, Citrix Online s communication technology does not open any new communication channels that an intruder could exploit, nor does it require any new holes to be opened in the firewall. It does not accept any incoming connections and it does not establish VPN-like network links that other software could hijack. Security is built in from the system architecture to the protocols. The following sections will detail how our communication technology works and will show you how you can best achieve the behavior and performance that you require.

THE SOFTWARE COMPONENTS AND THEIR NETWORK CONNECTIONS GoToMyPC Corporate requires connectivity with Citrix Online s servers to operate. The types of connections required to operate broadly fall into two categories: Long-lived JEDI connections (JEDI is the name of our streaming connection protocol) to the servers for receiving notifications and for streaming real-time data. Each JEDI connection uses one persistent TCP/IP socket. Periodic short HTTP requests to the server for control information. GOTOMYPC CORPORATE USES THESE CONNECTIONS AS FOLLOWS: The GoToMyPC Corporate service running on a host PC uses persistent JEDI connections to Citrix Online s Web server to check for connection requests. The GoToMyPC Corporate host and the Viewer use standard HTTP GETs and POSTs to Citrix Online s communication server to control the session and to push chat text back and forth, and they use a JEDI connection to the comm server for screen-sharing data as well as for keyboard and mouse event. The file transfer module uses a JEDI connection to the comm server to transmit files. FIREWALL NAVIGATION/NEGOTIATION All of the various modules of Citrix Online software use identical communication code. Upon startup, each module always performs a number of communication initialization tasks to find the best network path to Citrix Online s servers. In environments with firewalls and/or proxies, the challenges are twofold: first, to detect and locate the appropriate firewall/proxy, and second, to determine the best protocols with which to speak to or through that firewall/proxy. Specifically, the initialization tasks perform the following actions: 1. Collect all available proxy information and compile a list of potential proxy addresses. Proxy information is collected from: User settings in Internet Explorer, Netscape and Firefox. Automatic proxy configuration files indicated in the browser settings and stored on the LAN. The connections used by any currently active browser. A Citrix Online software registry entry used to keep track of previously discovered proxies. 2. Open connections to Citrix Online s servers using: a. Direct TCP connections to ports 80, 443 and 8200 of Citrix Online s servers b. Indirect connections to Citrix Online s servers via the proxies detected in the initialization tasks detailed above. 3. Test the successfully opened connections by performing a few requests on each connection. The test depends on the module: Modules needing standard HTTP perform a few simple HTTP requests. Modules needing a JEDI connection perform a sequence of custom streaming requests. During the testing of connections via a proxy, the proxy may return authentication requests, i.e., require that the user authenticate himself/herself to the proxy to gain access to the Internet. Citrix Online s software supports both Basic and NTLM proxy authentication methods.

G O T O M Y P C C O R P O R A T E A D V A N C E D F I R E W A L L S U P P O R T After the software has determined the best connection route to use, it can use HTTP, JEDI or JEDI/SSL. The SSL variant of the protocol is used to navigate certain firewalls and proxies, and not for encryption. Our encryption always uses the 128-bit AES cipher. For HTTP, GETs and POSTs are made as either direct requests to Citrix Online s servers or standard requests via an HTTP proxy. For JEDI connections, direct connections to Citrix Online s servers are made, or, if a proxy is involved, the HTTP/1.1 CONNECT method is used. DNS (Domain Name System) resolutions may not be available in all environments. This means that Citrix Online s software cannot resolve poll.gotomypc.com to the corresponding IP address. For these cases, hostname resolution information is stored in the registry. The most convenient method for setting and modifying these entries is using the Wizard as described later. Once a successful connection has been established, the details are stored as last known good connection method in the registry as follows: HKEY_LOCAL_MACHINE\SOFTWARE\CitrixOnline.com\ConnectionInfo\ A list of SOCKS proxies A list of HTTP proxies Scrambled User ID + password for Basic Proxy Authentication A lookup table of Citrix Online server hostnames to their IP addresses ADDITIONAL CONSIDERATIONS REGARDING THE GOTOMYPC CORPORATE SERVICE GoToMyPC Corporate installs as a service and must be installed by a user with administrative privileges. The benefit of this is that GoToMyPC Corporate starts as soon as the PC boots, thus allowing a user to log in remotely. Also, a user can log out remotely and then log in again under the same or a different user ID. Although GoToMyPC Corporate can be set to start manually or at log in, the user must be logged in for the PC to be accessible remotely, and it is impossible to log out and log back in remotely. THE WIZARD CONNECTIVITY TESTS When you want to optimize or analyze the performance of Citrix Online software on your network, or if you need to update the Citrix Online settings in the registry, you can use a small downloadable Wizard to do so. The Wizard will create a detailed report from all of its connection tests and can optionally store some of the optimal configuration info determined by those tests into the registry. Information you might need to store in the registry is your last known good connection method and the authentication information needed to get through any proxies that require that. Wizard Connectivity Test: www.gotomypc.com/wizard The Wizard Connectivity Test works just like the software connections described previously, but the Wizard lets you email a detailed summary of this process to Citrix Online for diagnosis, as well as optionally store some of the results in the registry for automatic use by the other software components. This is what the Wizard performs: 1. Dynamic Proxy Detection a. Gather all possible info from system to locate proxies. 2. Ping Tests a. Ping possible proxies to discover initial responses. b. Try direct connections to our servers on ports 8200, 80 and 443.

3. HTTP Connection Tests a. Find out how each proxy is going to treat HTTP variations. b. Test connection quality for HTTP. c. Discover transparent proxies and their behavior. 4. JEDI Connection Tests a. Find out how each proxy is going to treat our JEDI stream. b. Test connection quality for JEDI. 5. DNS Test a. Test DNS resolutions and, if not available, store our current server IP addresses in the registry. 6. Connectivity Profile Summary a. The Wizard then lets you email us the test results for analysis. This is only recommended if connectivity problems are encountered. b. Steps for possible performance optimizations are revealed. c. Connectivity info is stored in the registry for use by other software components. You might want to run the Wizard at times of network congestion to help reveal the cause of any performance degradation. If you have an isolated problem, run it on a workstation that is having trouble, then run it on one with no problems for comparison. The minimum requirement for GoToMyPC Corporate to work well is that JEDI must work on at least one of the connections. The Wizard results show this readily, as well as provide information useful for performance tuning or analysis. UPDATING CONNECTION INFORMATION IN THE REGISTRY WITH THE WIZARD The ability to update connection information in the registry is an important Wizard feature. By using certain data and results from the tests it performs, the Wizard can store some important settings in the registry to assist all future connections. When the Wizard detects changes to connection information, it displays this check box near the end of the test run: [X] Update settings in Registry This box will be checked by default if something was discovered during the tests that might be beneficial if made available for use by our other software components. The Wizard registry updates are important when: DNS is not available, so we store a lookup table of Citrix Online host names to their IP addresses. One or more proxies that require basic proxy authentication are discovered, so we store the authentication info in an encoded format to use for all future accesses. In the case of GoToMyPC Corporate, proxy information is not available to the service. Of all of the discovered or known proxies, a better/faster one has been found, so we note that this is the new preferred proxy to use. TUNING YOUR FIREWALL/PROXY FOR MAXIMUM PERFORMANCE The ideal environment for operating GoToMyPC Corporate is one in which direct outgoing connections, without intermediate proxies, can be established to Citrix Online s servers. If our Wizard Connectivity Test indicates that no such direct route is available, our recommendation is to open up one or more ports for outgoing connections.

To do so, adjust your firewall to allow outbound connections to port 8200. You may limit the destination IP addresses to our servers, e.g., 63.251.224. and 64.94.164., although this is not recommended because additional IP addresses will be added as Citrix Online s service expands. If you don t run a proxy (transparent or not) for your average Web surfers on ports 80 and/or 443, and if these ports are open to allow surfing via direct connections, then you will not need to open port 8200 to get maximum throughput. Maximum speed can be achieved by having any one of ports 8200, 80 or 443 open as described. The next-best connection route is through a fast proxy that can handle HTTP requests without unreasonable delays. This proxy can be transparent, running on ports 80 and 443, or visible on some other port such as 8080. To initiate the JEDI protocol for screen sharing, the proxy must allow HTTP/1.1 CONNECTs, which are used by browsers for SSL. Citrix Online software is very economical with bandwidth thanks to excellent compression and a protocol that forwards data only when necessary. For example, if you stop moving the mouse in a screen-sharing session, the network packets slow to a tiny trickle. On average, each session uses approximately 2KB/sec. For more information on GoToMyPC Corporate, please visit corp.gotomypc.com Please contact your Citrix Online representative if you need any additional technical information or assistance. Citrix Online A Division of Citrix Systems, Inc. 5385 Hollister Avenue Santa Barbara, CA 93111 USA Product Information: corp.gotomypc.com www.gotomypc.com/security Sales Inquiries: gotosales@citrixonline.com Phone: (888) 646-0016 Channel Partners: resellers@citrixonline.com Phone: (805) 690-5711 Citrix Online, a division of Citrix Systems, Inc. (Nasdaq: CTXS), is a leading provider of easy-to-use, on-demand applications for remote desktop access, Web conferencing and collaboration. Its "Simpler Is Better" approach to empowering business productivity online offers small and mid-sized businesses, consumers and professionals an easier, more cost-effective and secure way to access and interact with information, customers, partners and employees in real time. Citrix Online's award-winning services, which are used by more than 20,000 businesses and hundreds of thousands of individual subscribers, include: Citrix GoToMyPC for easy, secure remote PC access from anywhere; Citrix GoToAssist for live, easy remote support; Citrix GoToMeeting for online meetings made easy; and Citrix GoToWebinar, the industry's first do-it-yourself solution for Web events. Based in Santa Barbara, California, Citrix Online has satellite offices and data centers distributed around the world. For more information, please visit www.citrixonline.com. Media Inquiries: pr@citrixonline.com Phone: (805) 690-2961 www.citrixonline.com 2006 Citrix Online, LLC. All rights reserved. Citrix is a registered trademark of Citrix Systems, Inc., in the United States and other countries. GoToMyPC, GoToAssist, GoToMeeting and GoToWebinar are trademarks or registered trademarks of Citrix Online, LLC, in the United States and other countries. All other trademarks and registered trademarks are the property of their respective owners. #11499/12.8.06/PDF

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information