With Apple Notifications Service Push for Citrix WorxMail safe

5:11 PM
With Apple Notifications Service Push for Citrix WorxMail safe -

Are you a Citrix XenMobile user? Have WorxMail notifications in your area push?

If so, you might be a little concerned about your Exchange server to cloud-hosted Citrix exposed push notification services. And why should not you? Finally, the Exchange Server is one of the most sensitive units in an organization

There is no need to worry. You will not be deprived elegant push notification services for Citrix WorxMail. Here is a practical solution.

What is pain? Once the device for push notifications with Exchange Server with Citrix Push Notification Services (CPNS) is drawn, you must have Exchange Server CPNS informing for new events in the user's mailbox. Many organizations are concerned about security when the Exchange server receives traffic from public Internet in their internal network.

Add

IT administrators new firewall rules, Exchange servers need to allow to communicate with CPNS. Of course, no one would be convenient to do so, and if there are multiple CAS servers, it is to add a big pain firewall rules for each CAS server.

So what do you do?

As already mentioned, there is no reason for concern. There is still a possibility to use Citrix sexy push notification services, making any firewall changes, regardless of where and how many CAS servers are there.

exists as a XenMobile customer, Citrix NetScaler has already in your environment with load balancing (LB) and SSL functions.

This solution is referred to as "reverse-LB" approach. Usually when LB is used VIP is always accessible from the Internet and internal resources to be added as a service. In this particular solution has VIP from internal resources of Exchange Server and CPNS public FQDN should be ie available to be added as a service.

, is required also as an SSL bridge feature along with LB, so no additional server certificate is used to NetScaler for the LB vServer. See Citrix eDocs for more details on SSL-bridge.

As shown in the chart above, the NetScaler LB CPNS is bound as a service. The Exchange server in the internal network sends requests to LB VIP which in turn forwarded to CPNS and so on. In this way, all the traffic goes through LB, which can be monitored in NetScaler and additional rules can be added as needed for more safety.

An important note for this solution to work is , the CPNS listeners FQDN service must be solved instead of real IP LB VIP. This can by adding a DNS entry or make host file entry in Exchange Server are performed. Ensure only in Exchange Server FQDN LB VIP is corrected, where as on NetScaler need it to solve real IP

The following are NetScaler LB vServer commands create .:

  • enable ns feature SSL IB
  • Server SVR cpns_listener_fqdn add
  • Add service src SVR SSL_BRIDGE 443
  • Add lb vserver ssl_bridge_vip SSL_BRIDGE vserver_ip_address 443
  • bind lb vserver ssl_bridge_vip src

Enjoy push notifications !!

Previous
Next Post »
0 Komentar