CGP - Common Gateway Protocol && SSL - Secure Sockets Layer

SSL - Secure Sockets Layer

In the Internet Protocol Suite, TLS and SSL encrypt the data of network connections in the application layer. In OSI model equivalences, TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (thepresentation layer).^{[citation needed]} The session layer has a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for that session; then the presentation layer encrypts the rest of the communication using a symmetric cipher and that session key. In both models, TLS and SSL work on behalf of the underlyingtransport layer, whose segments carry encrypted data.

Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.

SSL URLs

Most Web browsers support SSL, and manywebsites use the protocol to obtain confidential user information, including credit card numbers. By convention,URLs that require an SSL connection start withhttps: instead of http:.

Practical products conforming to ICA are Citrix's WinFrame, Citrix XenApp (formerly called MetaFrame/Presentation Server), and Citrix XenDesktop products. These permit ordinary Windows applications to be run on a suitable Windows server, and for any supported client to gain access to those applications. Besides Windows, ICA is also supported on a number ofUnix server platforms and can be used to deliver access to applications running on these platforms. The client platforms need not run Windows; for example, there are clients forMac, Unix, Linux, and various smartphones. ICA client software is also built into variousthin client platforms.

Session reliability

Session Reliability keeps sessions active and on the user’s screen when network connectivity is interrupted. Users continue to see the application they are using until network connectivity resumes.

This feature is especially useful for mobile users with wireless connections. For example, a user with a wireless connection enters a railroad tunnel and momentarily loses connectivity. Ordinarily, the session is disconnected and disappears from the user’s screen, and the user has to reconnect to the disconnected session. With Session Reliability, the session remains active on the machine. To indicate that connectivity is lost, the user’s display freezes and the cursor changes to a spinning hourglass until connectivity resumes on the other side of the tunnel. The user continues to access the display during the interruption and can resume interacting with the application when the network connection is restored. Session Reliability reconnects users without reauthentication prompts.

Citrix Receiver users cannot override the Controller setting.

You can use Session Reliability with Secure Sockets Layer (SSL). SSL encrypts only the data sent between the user device and NetScaler Gateway.

Two Port ICA

Posted on March 14, 2008 |4 Comments

When a Citrix ICA client connects to a Citrix Presentation Server, it either uses TCP/IP port 2598 or port 1494. Port 2598 is used with session reliability and internally it uses SSL with the Citrix CGP protocol. The communication over port 2598 is like a private network link for a small selection of information related to Citrix.

The History of CGP

I always like to understand the history of things in order to understand them better, so I thought a brief trip down memory lane was in order before we dive into CGP.  As Jeff Muir describes in his“Two Port ICA” article, we developed CGP over a decade ago when Citrix was originally looking at extending the ICA protocol.  Specifically, we needed a way to wrap ICA traffic and maintain the session if a network link fails. As it turns out, network speeds and connections were pretty crappy over 10 years ago and our customers were tired of constantly being disconnected from their session and having to reconnect whenever there was any type of network blip.  So we requesteda port from IANA, they assigned us 2598, we wrote CGP (and Secure Gateway) and the rest is history.