I would like to deploy an Application using XenApp on a linux server. Is it possible to do this via virtual box on a remote linux machine?
So far I have installed virtual box on a centos based linux machine.
I installed a Windows 2008 R2 Server virtual machine.
I then tried to install XenApp on the windows 2008 server.
After updating the windows 2008 server with the latest stuff and adding .net 3.5 and sql server express I got XenApp installed.
I am stuck at the point of deploying the Single Sign-On service. It wants a "UNC path to the central store of the citricl signle sign on". Does anyone know how to set that up?
I don't have a domain controller, nor do I have active directory installed. Do I need those things? I was really hoping to avoid that.
What does XenApp require? I kind of figured it would be plug and play but it doesn't appear that way and the installation instructions are very vague about system requirements.
Thanks
Single Sign-On is not required for XenApp.
From the documentation
Citrix Single Sign-on (formerly Citrix Password Manager) provides password security and single sign-on access to Windows, Web, and terminal emulator applications running in the Citrix environment as well as applications running on the desktop. Users authenticate once and Single Sign-on does the rest, automatically logging on to password-protected information systems, enforcing password policies, monitoring all password-related events, and even automating user tasks, including password changes.
Basically: SSO needs a place to put the Central Password Store.
Just give it a path to a network share that all XenApp servers can access. If you're using a single machine; create a local network share and point to it using UNC
\\localhost\SSO_Store
Related
Need suggestions how to automate user login to Amazon WorkSpaces from Ubuntu 18.04 desktops.
We're a small Engineering shop of 20 users all using Ubuntu 18.04 desktops to connect to Amazon WorkSpaces (mix of Windows and Linux). Since there isn't a WorkSpaces client yet for Linux, we use the Windows version over WINE.
Our Intranet portal allows for somewhat automated login process where clicking a Connect button does 4 things:
Use the URI syntax workspaces://username#registrationcode to launch WorkSpaces Client.
Display the username, registration code, and disposable password in the Intranet page.
Populate Username and Registration Code in the WorkSpaces Client.
Copy password to clipboard.
Details in https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-workspaces-user-login.html
User would still need to copy password from Intranet page and paste to WorkSpaces Client to complete login. We're trying to eliminate this step as users are in & out of WorkSpaces multiple times a day.
I'm considering zenity but unsure if this is the correct approach.
Please suggest options in Ubuntu 18.04 to automate auto-pasting password to WorkSpaces Client.
There is a native Linux Client https://clients.amazonworkspaces.com/linux-install.html and it looks promising. I'm just trying to get it going myself and can log in but I'm getting an error connecting to the desktop. It might be the Ubuntu image we're using.
I want to setup all my devices as COPE. WSO2 EMM setup is complete and working fine. Only thing is left is to sign the system service application with the firmware key. I am using Google devices only (Android one, Motorola G2). From where I can find the key and password to sign the application.
Is there any other alternative way to get the application signed?
As per documentation, "Sign the application via the device firmware signing key. If you don’t have access to the firmware signing key, you have to get the system application signed via your device vendor."
But I am not able to find the device firmware signing key.
Any guidance will be really helpful.
There are couple of COPE enrollment types WSO2 IoT server supports,
1. Device owner mode
2. Kioski mode
3. System application
The first 2 options can be used with any out of the box Android device. However system app is targetted towards original equipment manufacturers(OEM) who builds Android devices and maintain their own Android versions. This mean they maintain a version of Android OS image and does the installation to some customer device. If you are an OEM, you should have these keys with you. If you are not an OEM and still needs to use out of the box devices such as Motorola or Samsung to install system app, you need to form a partnerships with those vendors to get the sign the system service app. Unless you need to perform operations such as reboot or firmware upgrade. You do not need systrm service app. In that case i would recommend you to go for option 1 or 2. What are the features that you are looking at? Also it is best to seek wso2 professinal services if thats an option for you https://wso2.com/contact/
I have developed a REST web service using JAX-RS, hosted on Apache Tomcat server. I used Eclipse for developing this and hosted on a Windows 7 Enterprise machine. Now I need to provide Kerberos Authentication to access my service from any client (for example SoapUI). I have tried to get information from many sites but, all I get is configurations on linux machines.
I'm a newbie to the security concepts and authentication mechanisms and architectures, I would appreciate a good detailed explanation.
Here is a good description of how to integrate Tomcat with Windows authentication:
https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
Please note that there might be 2 separate things you might want, I'm not sure which one you are looking for.
Authenticate transparently with the Kerberos tickets the user already has.
Authenticate with username+password always, using MS AD to check them.
The first is always transparent, meaning the user does not have to enter username+password again. In the second one she obviously has to.
If you are looking for other services (like SoapUI) to access your services with Kerberos tickets, then those services would need to get a ticket themselves. If you just want those services to use username+password (instead of Kerberos), then you don't need a ticket of course.
Edit after clarification: Using username+password from a windows domain actually does not involve Kerberos at all. It is using LDAP to authenticate, which maps to JNDI in Java. There is a JNDIRealm in Tomcat to set it up, described here:
https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm
I need to create a C# 3.0 Web service which is capable to retrieve (only) the userid of the CALLER in an intranet environment. I realise I could possibly pass the information from the caller program but in my case it is not feasible. The Web service is going to be consumed by a Windows app (Infopath 2003 to be precise)..and retrieve the userid from my Windows app is not practical in this circumstances.
Is that achievable? The IIS (hosted in windows 2003 standard server) uses windows authentication. I have tried a few things using WindowsIdentity but it only works for localhost.
Have you tried this? HttpContext.Current.User.Identity.Name
Simple problem, actually. I am trying to evaluate the possibilities of Google Apps, using Python as development language. It seems practical to create a web application or web site with it, but how about creating web services?
I am not too interested in solutions to create a SOAP or REST service in Python for Google Apps, since a simple Google search should provide plenty of solutions. I am more interested in experiences and ease of use.
But the real question is: When comparing a web service in Google Apps with web services in the Microsoft Azure environment, which would provide the better performance? The best user experience? I don't care for the actual development languages but need a good comparison of pro's and cons of web services in both the Google App Engine and Microsoft Azure.
Somehow, Azure seems better suited for services while Google seems better for sites. A tough choice...
Would be very interesting to see if both could be combined into a single solution. :-)
Btw, choosing which engine to use also means choosing the proper development environment and programming language. While I'm proficient in .NET and Python and many other languages, the choice for the service engine determines my focus for future projects.
When building services in Windows Azure, they'd simply be processes running in your VM (Windows Server 2008 SP2 or R2 SP1). You can host services easily in any of the three role types:
Web Role (essentially Windows Server with IIS running) - just add a WCF endpoint to IIS or self-host from your own process).
Worker role (Windows Server with IIS not running) - self-host from your own process
VM role (your own Windows 2008 Server VM pushed to Windows Azure) - Host with whatever mechanism you install / set up.
Each VM in Windows Azure may expose a total of 5 endpoints. These can be a combination of input (external facing) and internal endpoint, each port supporting tcp, http, or https. You define endpoints in your vm role's properties.
Internal endpoints are only usable by other VMs in your deployment. You can't see them / access them from anywhere else, including other Windows Azure deployments. Input endpoints are accessible by the outside world.
If you want an app running in Google to access your Windows Azure service, simply connect to the endpoint via ip+port. The one thing you'll want to be aware of is bandwidth usage. Because your Google-hosted app will be in one data center and your Windows Azure service in another, you'll pay ingress / egress for data going in and out of your Windows Azure service (and I'm guessing there's an associated bandwidth charge on the Google side, but I'm not sure).
It's actually pretty simple to set up a service. For .NET-based examples, look at the labs in the Windows Azure Platform Training Kit (this also other good examples, such as setting up your first Windows Azure application). For a python service host, you'll need to execute python.exe from your VM role's OnStart() event handler, passing in your script name (and optionally port number to listen on). For a simple example of launching python.exe, look at Steve Marx's blog post here.
EDIT: If you're looking to host multiple services (e.g. multiple ports), you can choose to host them in a single VM role or in separate roles, to optimize for cost (with the known limit of 5 endpoints) or performance (scale each service independently).