Question
Can authentication retention be used in an environment with terminal servers?
Answer
Definitions
Authentication Rentention mechanisms allow a Vital Security Appliance to temporarily cache a user's name. This means that the user does not need to reauthenticate with each transaction, thereby improving performance.
Terminal servers are powerful computers that host multiple interactive sessions from different users simultaneously. Many organizations use Windows-based terminal server solutions, such as Microsoft's Terminal Services and similar offerings from Citrix. With these solutions, several users can simultaneously run individual Windows sessions on the same server. The applications within these sessions run on the server itself, rather than on the user's own client PC.
Answer Explanation
It is possible to use the Cookie authentication retention mechanism in terminal server environments. This method sends a temporary identification cookie to the browser, which works well on a multi-session system because cookies are not shared between sessions from different users.
The IP Caching authentication retention mechanism should not be used in terminal server environments. This method temporarily associates usernames with client IP addresses. In a terminal server environment, all transactions that originate from the terminal server will have the same client IP address. Since the terminal server can simultaneously host sessions from different users, a request from the IP address of the terminal server could have been made by any of the users on that server. Therfore, it is not possible to associate a specific transaction with a specific user by simply recognizing that the request came from the terminal server's IP.
Software Version
8.4.3
8.5.0
9.0
- This article applies to:
- NG 1000
- NG 5000
- NG 6000
- NG 8000
- This article was previously published as:
- Finjan KB 1763