How can a Citrix Administrator disallow the Delivery Controller from accepting unencrypted XML
traffic from StoreFront and NetScaler?
A.
Change Port 80 to 443 using the IIS console on the Delivery Controller.
B.
Disable Port 80 in the StoreFront and NetScaler properties.
C.
Disable listening for HTTP request in the registry of the Delivery Controller.
D.
Install SSL certificate on NetScaler and StoreFront
i think it’s “B”
0
0
Disabling te port wont help. I think its C if anyone knows anything more your wisdom wll be highly appreciated! (Especially if a link is provided with the information)
0
0
I think D. Securing mens installing a SSL certificate for using HTTPS
https://support.citrix.com/article/CTX200415
https://www.citrix.com/blogs/2016/11/03/securing-the-xenappxendesktop-xml-service-important-steps-to-prevent-theft-of-user-passwords/
0
0
C might be correct also
It is also recommended to Enforce HTTPS traffic only, disabling HTTP by using the XmlServicesEnableNonSsl registry key (see here for details)
https://www.citrix.com/blogs/2016/11/03/securing-the-xenappxendesktop-xml-service-important-steps-to-prevent-theft-of-user-passwords/
0
0
XML Service is on Storefront. Controller receives XML traffic from Storefront. Storefront, Netscaler and Controller need certificate (Controller is not listed in answer). Answer C might be a better answer
https://www.citrix.com/blogs/2016/11/03/securing-the-xenappxendesktop-xml-service-important-steps-to-prevent-theft-of-user-passwords/
0
0
There is no IIS on a delivery controller unless you also install Storefront on it (not recommended). Therefore A is wrong
0
0
Regarding how is the question build I would go for C
https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6/xad-security-article/xad-ssl.html
Enforce HTTPS traffic only
If you want the XML Service to ignore HTTP traffic, set the following registry value in HKLM\Software\Citrix\DesktopServer\ on the Controller and then restart the Broker Service.
To ignore HTTP traffic, set XmlServicesEnableNonSsl to 0.
There is a corresponding registry value to ignore HTTPS traffic: XmlServicesEnableSsl. Ensure that this is not set to 0.
0
0
What it, through option B, you would configure the STAs/DDCs on port 443 instead of port 80? This is what I mean
From the Storefront console, browse to the delivery controllers and use only HTTPS for the transport type?
Then from Storefront, from Netscaler config, use HTTPS STAs
Wouldn’t this accomplish what’s requested in this scenario or am I misreading it?
0
0