This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Secure Director deployment
This article highlights areas that might have an impact on system security when deploying and configuring Director.
Configure Microsoft Internet Information Services (IIS)
You can configure Director with a restricted IIS configuration. Note that this is not the default IIS configuration.
Filename extensions
You can disallow unlisted file name extensions.
Director requires these file name extensions in Request Filtering:
- .aspx
- .css
- .html
- .js
- .png
- .svc
- .woff
- .woff2
- .gif
- .eot
- .svg
- .ttf
- .json
- . (for redirections)
Director requires the following HTTP verbs in Request Filtering. You can disallow unlisted verbs.
- GET
- POST
- HEAD
Director does not require:
- ISAPI filters
- ISAPI extensions
- CGI programs
- FastCGI programs
Important:
- Director requires Full Trust. Do not set the global .NET trust level to High or lower.
- Director maintains a separate application pool. To modify the Director settings, select the Director Site and modify.
Configure user rights
When Director is installed, its application pools are granted the logon right Log on as a service and the privileges Adjust memory quotas for a process, Generate security audits, and Replace a process level token. This is normal installation behavior when application pools are created.
You do not need to change these user rights. These privileges are not used by Director and are automatically disabled.
Director communications
In a production environment, Citrix recommends using the Internet Protocol security (IPsec) or HTTPS protocols to secure data passing between Director and your servers. IPsec is a set of standard extensions to the Internet Protocol that provides authenticated and encrypted communications with data integrity and replay protection. Because IPsec is a network-layer protocol set, higher level protocols can use it without modification. HTTPS uses the Transport Layer Security (TLS) protocols to provide strong data encryption.
Note:
- Citrix strongly recommends that you do not enable unsecured connections to Director in a production environment.
- Secure communications from Director requires configuration for each connection separately.
- The SSL protocol is not recommended. Use the more secure TLS protocol instead.
- You must secure communications with NetScaler using TLS, not IPsec.
To secure communications between Director and XenApp and XenDesktop servers (for monitoring and reports), refer to Data Access Security.
To secure communications between Director and NetScaler (for NetScaler Insight), refer to Configure network analysis.
To secure communications between Director and License server, refer to Secure the License Administration Console.
Director security separation
If you deploy any web applications in the same web domain (domain name and port) as Director, any security risks in those web applications could potentially reduce the security of your Director deployment. Where a greater degree of security separation is required, Citrix recommends that you deploy Director in a separate web domain.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.