Providing Access to Windows Terminal Services or
Citrix Resources
To give users access to an individual Windows Terminal Services or Citrix host, or a Citrix server
farm:
1 Install or update the Windows Terminal Services agent or the Citrix agent on the Configure Graphical
Terminal Agents page.
2 Define a resource on the Add/Edit Resource page for the Windows Terminal Services or Citrix host, or
the Citrix server farm.
3 Create a rule on the Add/Edit Access Rule page referencing the terminal‐server resource.
4 Create a WorkPlace shortcut for accessing the Windows Terminal Services host or Citrix resource on the
Add/Edit Terminal Shortcut page.
Authentication Scenarios
Realms are used by the appliance for the following key purposes:
• Referencing external authentication servers
• Provisioning access agents to VPN users, based on community membership
• Determining which End Point Control restrictions are imposed on users' devices
• Controlling the user's login experience at a WorkPlace portal
Using Multiple Realms vs. a Single Realm
If your organization uses only one authentication server, you'll probably need to configure only one realm in
AMC. There are other situations in which multiple authentication servers are required:
• Multiple user repositories—If your users are stored in multiple directories, you must create a separate
realm for each one. For example, if your employees are stored on an LDAP server, while your business
partners are stored on an Active Directory server, create a separate realm for each directory server.
• Chained authentication—For increased security, you can require users to authenticate to a single realm
using two different authentication methods. For example, you set up RADIUS or a digital certificate as the
first authentication method, and LDAP or Active Directory as the second one. To make the login
experience for your users a one‐step process, configure AMC such that users see only one set of
prompts.
Access Component Provisioning
All of the user access components are provisioned or activated through the WorkPlace portal.
Optionally, you can make the Connect Tunnel client components available for users to download and install from
another network location (such as a Web server, FTP server, or file server), without requiring them to log in to
WorkPlace.
SonicWall SMA Connect Tunnel 12.0 Deployment Planning Guide
Common VPN Configurations
46