Acquiring Identities in a Terminal Server Environment

Scenario: Identifying Users Accessing the Internet through Terminal Servers

The ACME organization defined a new policy that only allows users to access the internet through Terminal Servers. The ACME organization wants to make sure that only the Sales department will be able to access Facebook. The current Rule Base uses static IP addresses to define access for Facebook, but now all connections are initiated from Terminal Server IP addresses.

Amy, the IT administrator wants to leverage the use of the Terminal Servers solution so that:

• Sales users will automatically be authenticated with Identity Awareness when logging in to the Terminal Servers.
• All connections to the internet will be identified and logged.
• Access to Facebook will be restricted to the Sales department users.

To enable the Terminal Servers solution, Amy must:

• Configure Terminal Server/Citrix Identity Agents as an identity source for Identity Awareness.
• Install a Terminal Servers Identity Agent on each of the Terminal Servers.
• Configure a shared secret between the Terminal Servers Identity Agents and the gateway.
• After configuration and installation of the policy, users that log in to Terminal Servers and browse to the internet will be identified and only Sales department users will be able to access Facebook.