CGP - Common Gateway Protocol && SSL - Secure Sockets Layer
2015-06-15 16:56
369 查看
SSL - Secure Sockets Layer
In the
Internet Protocol Suite, TLS and SSL
encrypt the data of
network connections in the
application layer. In
OSI model equivalences, TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (thepresentation
layer).[citation
needed] The session layer has a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for that session; then the presentation layer encrypts the rest of the communication using a symmetric cipher
and that session key. In both models, TLS and SSL work on behalf of the underlyingtransport layer, whose segments carry encrypted data.
Secure Sockets Layer (SSL) is a
protocol developed by
Netscape for transmitting private documents via the
Internet. SSL uses a
cryptographic system that uses two
keys to
encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
Web browsers support SSL, and manywebsites use the protocol to obtain confidential user information, including credit card numbers. By convention,URLs
that require an SSL connection start withhttps: instead of http:.
Practical products conforming to ICA are Citrix's
WinFrame,
Citrix XenApp (formerly called MetaFrame/Presentation Server), and
Citrix XenDesktop products. These permit ordinary
Windows applications to be run on a suitable Windows server, and for any supported client to gain access to those applications. Besides Windows, ICA is also supported on a number ofUnix
server platforms and can be used to deliver access to applications running on these platforms. The client platforms need not run Windows; for example, there are clients forMac,
Unix,
Linux, and various smartphones. ICA client software is also built into variousthin client platforms.
This feature is especially useful for mobile users with wireless connections. For example, a user with a wireless connection enters a railroad tunnel and momentarily loses connectivity. Ordinarily, the session is disconnected and disappears from
the user’s screen, and the user has to reconnect to the disconnected session. With Session Reliability, the session remains active on the machine. To indicate that connectivity is lost, the user’s display freezes and the cursor changes to a spinning hourglass
until connectivity resumes on the other side of the tunnel. The user continues to access the display during the interruption and can resume interacting with the application when the network connection is restored. Session Reliability reconnects users without
reauthentication prompts.
Citrix Receiver users cannot override the Controller setting.
You can use Session Reliability with Secure Sockets Layer (SSL). SSL encrypts only the data sent between the user device and NetScaler Gateway.
|4 Comments
When a Citrix ICA client connects to a Citrix Presentation Server, it either uses TCP/IP port 2598 or port 1494. Port 2598 is used with session reliability and internally it uses SSL with the Citrix CGP protocol. The communication over port 2598 is like
a private network link for a small selection of information related to Citrix.
The History of CGP
I always like to understand the history of things in order to understand them better, so I thought a brief trip down memory lane was in order before we dive into CGP. As Jeff Muir describes in his“Two
Port ICA” article, we developed CGP over a decade ago when Citrix was originally looking at extending the ICA protocol. Specifically, we needed a way to wrap ICA traffic and maintain the session if a network link fails. As it turns out, network speeds
and connections were pretty crappy over 10 years ago and our customers were tired of constantly being disconnected from their session and having to reconnect whenever there was any type of network blip. So we requesteda
port from IANA, they assigned us 2598, we wrote CGP (and Secure Gateway) and the rest is history.
In the
Internet Protocol Suite, TLS and SSL
encrypt the data of
network connections in the
application layer. In
OSI model equivalences, TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (thepresentation
layer).[citation
needed] The session layer has a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for that session; then the presentation layer encrypts the rest of the communication using a symmetric cipher
and that session key. In both models, TLS and SSL work on behalf of the underlyingtransport layer, whose segments carry encrypted data.
Secure Sockets Layer (SSL) is a
protocol developed by
Netscape for transmitting private documents via the
Internet. SSL uses a
cryptographic system that uses two
keys to
encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
SSL URLs
MostWeb browsers support SSL, and manywebsites use the protocol to obtain confidential user information, including credit card numbers. By convention,URLs
that require an SSL connection start withhttps: instead of http:.
Practical products conforming to ICA are Citrix's
WinFrame,
Citrix XenApp (formerly called MetaFrame/Presentation Server), and
Citrix XenDesktop products. These permit ordinary
Windows applications to be run on a suitable Windows server, and for any supported client to gain access to those applications. Besides Windows, ICA is also supported on a number ofUnix
server platforms and can be used to deliver access to applications running on these platforms. The client platforms need not run Windows; for example, there are clients forMac,
Unix,
Linux, and various smartphones. ICA client software is also built into variousthin client platforms.
Session reliability
Session Reliability keeps sessions active and on the user’s screen when network connectivity is interrupted. Users continue to see the application they are using until network connectivity resumes.This feature is especially useful for mobile users with wireless connections. For example, a user with a wireless connection enters a railroad tunnel and momentarily loses connectivity. Ordinarily, the session is disconnected and disappears from
the user’s screen, and the user has to reconnect to the disconnected session. With Session Reliability, the session remains active on the machine. To indicate that connectivity is lost, the user’s display freezes and the cursor changes to a spinning hourglass
until connectivity resumes on the other side of the tunnel. The user continues to access the display during the interruption and can resume interacting with the application when the network connection is restored. Session Reliability reconnects users without
reauthentication prompts.
Citrix Receiver users cannot override the Controller setting.
You can use Session Reliability with Secure Sockets Layer (SSL). SSL encrypts only the data sent between the user device and NetScaler Gateway.
Two Port ICA
Posted onMarch 14, 2008|4 Comments
When a Citrix ICA client connects to a Citrix Presentation Server, it either uses TCP/IP port 2598 or port 1494. Port 2598 is used with session reliability and internally it uses SSL with the Citrix CGP protocol. The communication over port 2598 is like
a private network link for a small selection of information related to Citrix.
The History of CGP
I always like to understand the history of things in order to understand them better, so I thought a brief trip down memory lane was in order before we dive into CGP. As Jeff Muir describes in his“Two
Port ICA” article, we developed CGP over a decade ago when Citrix was originally looking at extending the ICA protocol. Specifically, we needed a way to wrap ICA traffic and maintain the session if a network link fails. As it turns out, network speeds
and connections were pretty crappy over 10 years ago and our customers were tired of constantly being disconnected from their session and having to reconnect whenever there was any type of network blip. So we requesteda
port from IANA, they assigned us 2598, we wrote CGP (and Secure Gateway) and the rest is history.
相关文章推荐
- 核心事件布点,让数据分析更简单
- Linux 驱动之块设备结构体 (二)
- java 反射访问成员属性
- Android NDK开发入门(一)
- python内置函数
- Java for LeetCode 220 Contains Duplicate III
- JSON: jasckson 字段 过滤
- elasticsearch bulk报错EsRejectedExcutionException[rejected execution(queue capacity 50) on.......]
- 正则表达式学习笔记
- 诸葛:为何数据化运营如此重要?
- ORA-25143: 默认存储子句与分配策略不兼容
- oracle闪回表详解
- 《魔幻记忆100%》有感笔记
- 进入博客园,开启新的人生
- 1 课务 iOS 概述
- GRE填空:性格类词汇
- Mysql 收集统计信息
- 查看mysql日志错误
- webApp——媒体查询
- C++第6,7,8章