DMZ and DMZ2
The concept of a
Demilitarized Zone (DMZ) in security architectures has been around for a long time. A DMZ essentially provides a separate network in front of a firewall to only allow connections into the web portal in the private network; in our case, the StoreFront server. When you set up a DMZ, you create an additional layer of security, or zone, that hackers have a hard time penetrating, and you only let in the specific connections on the port numbers that need to gain access, such as HTTP on port 80
or HTTPS on port 443
. When you set up a DMZ to secure XenDesktop, you will need to use HTTPS or port 443
and SSL certificates. The best way to do this is to install NetScaler running SSL and a load balancing service in the DMZ connected to StoreFront and the remaining XenDesktop components behind the second firewall. You open port 443
on the outside firewall, and only open the required ports for XenDesktop on the second firewall. Now, for an additional layer of security beyond...