2X Client Gateway on standalone server?

Consider the following network topology...

INTERNETS (PUBLIC)
|
|
FIREWALL ------- TERMSRV (LAN/AD-DOMAIN)
|
|
2X-CL-GW (DMZ)

This is working well, but right now I need to punch a large number of holes through the firewall to allow the 2X Client Gateway to be a member of the domain. Can 2X simply authenticate against LDAP or RADIUS without the underlying Windows OS being a full blown member of the Windows AD Domain (i.e. acting as a Stand Alone Server)?

 

i guess not?

 

Hi there,

The 2X Application Server & Loadbalancer is made out 3 main components:

1) Application Server & Loadbalancer
2) Terminal server Agent
3) Client Gateway

Only the Application Server & Loadbalancer needs to be part of the AD.

The Client Gateway can be set up in 2 modes:
1) Normal Gateway
2) Forwarding gateway (forwards requests to another Client Gateway)

So basically I would change your scenario as follows:

1) Install Application Server & Loadbalancer with a Client Gateway in the LAN
2) Install a Client Gateway in the DMZ and set it as a Forwarding gateway pointing to the Gateway in the LAN.

Code:

/\/\/\/\/\/\         -------- DMZ-------           -------- LAN--------
| Internet  | -------| 2X Forwarding GW | ------- | 2X GW & 2X APP Srv.|
\/\/\/\/\/\/         -------------------           -------------------- 

Nixu

 

great, that should work, thanks.

question - what about licensing? do i need a license for the forwarding server AND the appserver/loadbalancer?

 

Hi,

A forwarding GW does not require a license.

Nixu

 

Hi,

Another solution is to have the GW in the DMZ connected with the 2X Application Server in the LAN.

This will be more efficient then using the forwarding gateway but you need to allow connections from the GW in the DMZ to access port 3389 on the Terminal Servers & the Application Server in the LAN.

Nixu