Windows Terminal Server - PowerPoint PPT Presentation

About This Presentation
Title:

Windows Terminal Server

Description:

3800 hosts (1400 Windows networking), Solaris, Mac OS, Linux & numerous other operating systems ... for more features in MS' RDP clients. Windows 2000 ... – PowerPoint PPT presentation

Number of Views:1202
Avg rating:3.0/5.0
Slides: 18
Provided by: gda6
Category:

less

Transcript and Presenter's Notes

Title: Windows Terminal Server


1
Windows Terminal Server Citrix MetaFrame
Stanford Linear Accelerator Center NT Support
Group www.slac.stanford.edu/comp/winnt Gregg Daly
gdaly_at_slac.stanford.edu Supported by U.S. D.O.E.
contract DE-AC03-76SF005515
2
General Information
  • Stanford University operated - U.S.D.O.E funded
    unclassified research center
  • Heterogeneous computing environment supporting
    high-energy physics research
  • 3800 hosts (1400 Windows networking), Solaris,
    Mac OS, Linux numerous other operating systems
  • Exponential growth at the facility

3
Responding to 98 Security Incident
  • Hackers compromised 25 systems and 50 user
    accounts
  • Perform data service analysis on areas of the
    network
  • Decision to safeguard critical HR and Financial
    Data on PeopleSoft and Oracle
  • Safeguard personnel data in Human Resource
    database
  • Safeguard purchasing and budget data in Financial
    database

4
Options to securing data
  • Corporate type lock down including limiting
    access to and from the Internet and other
    research facilities
  • Two physical networks - one SLAC only other
    Internet accessible
  • Moving the data (but not the people) into a
    highly secured zone. Use encrypted access and
    extensive monitoring

5
Business Services Network
  • Created a highly secure machine/data only
    network
  • Created a user/workstation network to access the
    secure network
  • Secure all aspects of data access
  • Secured workstations
  • Encrypted application access via Citrixs Secure
    ICA
  • Encrypted host connections via Secure Shell
    (3DES/Blowfish)
  • Two Phase authentication process for secure
    domain login

6
PeopleSoft WTS-MetaFrame Farm
Data
Data
MetaFrame Farm
Data
Data
Oracle
Secure BSDnet
MS Windows Terminal Server Citrix
MetaFrame MetaFrame Load Balance Secure ICA
MS Windows Terminal Server Citrix
MetaFrame MetaFrame Load Balance Secure
ICA PeopleSoft
Connection Secure ICA (future 2-factor
authentication)
BSDnet
SLAC
Internet
7
Secure Business System
8
WTS Citrix Farm
Test PeopleSoft
Prod PeopleSoft
UserMC
Secure BSDnet
Air Gap
BIS Web Server
File Server
User01
UserYY
UserXX
Air Gap
BSDnet
Rest of SLAC
Gigabit Ethernet
9
(No Transcript)
10
Lessons of the implementation
  • SLACs business process application, PEOPLESOFT
    is not native to the Windows Terminal
    Server/Citrix Metaframe environment
  • Increased session security incompatible with
    cross-platform access
  • 3rd Party applications (Crystal Reports) has to
    be reconfigured to not only run on WTS but also
    run with a non-standard implementation of a
    multi-user PeopleSoft
  • Securing the application servers running WTS
  • Staff intensive installation and troubleshooting

11
Securing WTS/MetaFrame
  • Physical security critical - Log on Locally to
    all users
  • Restrict anonymous connections
  • Separate rootdrive and systemroot from apps
  • Apply Microsoft ZAK for WTS
  • Create bin folder on apps with system32 user
    apps
  • Remove everyone access from everywhere file
    registry
  • Apply security based Service Packs and hot fixes
    immediately
  • Recommend encrypted client
  • Run highest NT authentication hash compatible
    with your site

12
Securing Business Services
  • Standardized workstations
  • Addl filtering router on business subnet
  • Secure application publishing - MetaFrame
  • Two phase authentication
  • Encrypted host, app remote access
  • Active monitoring
  • Air gap fail-safe measure in the event of
    intrusion

13
General Use App Farm
  • Goal To provide non-Windows clients access to
    Windows applications encourage single
    platform clients
  • Based on Dell Dual PII-400, 1/2 GB RAM,
    RAID 0 servers
  • Master to clone maintenance plan
  • Provide most every app needed/requested by users

14
General Use App Farm
  • Strong support for LINUX and Solaris clients
  • Beware of potential bad apps on WTS
  • NetMeeting (www.shenton.org/chris/nasa-hq/netme
    eting)
  • DOS applications
  • Using Basic encryption for general sessions,
    considering 128-bit SecureICA for all access to
    both farms

15
Future of Thin Client
  • Windows 2000 servers natively support thin
    client - Watch for more features in MS RDP
    clients
  • Windows 2000 Applications Deployment Services
  • Rental applications
  • Watch for significant changes in licensing
    requirements and fees from Microsoft and other
    software vendors
  • Microsofts 2000 logo program requires WTS
    compliance
  • Return to the mainframe-like methodology with
    Win2K and thin client solutions

16
WTS/Citrix Paper
  • NT Security in an Open Academic Environment -
    SLAC 8172
  • Find the document at http//www.slac.stanfor
    d.edu/pubs/fastfind.html
  • http//www.slac.stanford.edu/pubs/slacpubs/8000/sl
    ac-pub-8172.html

17
HEPNT 99
Questions
www.slac.stanford.edu/comp/winnt gdaly_at_slac.stanfo
rd.edu
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Windows Terminal Server" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!