I've read the manual, looked at some examples on this site but am still having problems setting up Secure-IT.
Maybe I've got he whole idea wrong but what I require is a single SSL gateway for users to connect to vWorkspace sessions from using the Web Access site, i.e. users browse to the secure https://vworkspace.domain.tld website, logon using their credentials then click the Desktop app and they are securely connected over SSL to the backend.
The requirement come sabout as as some of our staff use another network which *only* uses RIPE addresses, and we're on 10.x.x.x addresses, so we have NAT rules to present out environment to their network. Without using a secure GW we'd need to create a lof of NAT rules, which isn't supportable.
As a POC I've installed the Secure-IT role on a test server, internal on our 10.x.x.x network, which is the same network as the vWorkspace farm, brokers, web access etc, and tried getting the system to work on this network only.
Now do I check the RDP session is secured via the Secure-IT server?
When I secure the vWorkspace Web Access site in IISm the pit files cannot be downloaded... ??
Essentially I need help...
Thought I'd ask here before logging a suport ticket.
Like most things Secure-IT (Secure gateway) is really easy to set up once you've done it at least one time.
You are correct in deciding that the Secure Gateway will handle your NATing a lot more easily.
However there are some traps.
For your test scenario, the most critical thing is that you have a valid SSL certificate. Self-generated SSL certs can be a real pain unless you remember that the CA root certificate has to be installed on both the Secure gateway server and on the client. Also the friendly name and FQDN have to match and of course the FQDN the client uses to connect to Secure GAteway has to match the FQDN of the SSL certificate.
The next piece, assuming the Secure Gateway is set up properly and has a valid certificate, is to make sure the client browser (IE etc) is configured properly. When you launch a managed app via web access and the secure gateway, you will be downloading 2 separate encrypted files (PIT files) and launching an application (vWorkspace client) from your browser. That's not going to work unless the web access site is trusted (gets worse as IE version increases), and stuff like "do not save encrypted files to disk" is disabled.
The quickest way to sort this stuff out is to have someone helping so if this doesn't help you get going, call support to get more focussed help.
We have some information on how to configure the Secure-IT (SSL gateway) available on our SupportLink site. The configuration is done in 2 parts. Firstly you are required to obtain and import a certificate as per Rick's post. You then need to apply this to the Secure-IT applet in the Windows Control Panel and configure the relevant proxy services. If using web access you will want to enable the RDP Proxy and the Web Proxy, if you require AppPortal access from the Internet then add the Connection Broker Proxy as well.
The second part of the setup is within the web access Admin, were you will need to configure the Firewall/SSL VPN page with the appropriate settings.
Please follow this link to a video clip showing how to configure Secure-IT https://support.quest.com/Search/SolutionDetail.aspx?id=SOL58849&category=Solutions&SKB=1
If you are using our Secure-It to provide SSL access then you will not need to secure web access using IIS. IIS should be left on port 80, as our Secure-IT will provide the https front end connectivity to web access.
If you have any more specific questions on the setup or configuration, let us know.
The Certificate isn't a problem as I've got a wildcard cert from a well-known public CA...
It's simply the configuration at the backend... which I'm looking at the suggestions you've posted as a guide
I'm sure it's simple once you've done it but seems a liitle wierd sitting here with people breathing down my neck asking me if it's done yet
I'll take a look and report back