ICA¶
This chapter contains an example of a basic Fudo PAM configuration, to monitor direct ICA protocol connections.
Prerequisites¶
The following description assumes that the system has been already initiated. For more information on the initiation procedure refer to the System initiation topic.
Configuration¶
Adding a server
is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | ica_server |
Blocked | |
Protocol | ICA |
Description | |
Permissions | |
Granted users | |
Destination host | |
Address | 10.0.0.21 |
Port | 1494 |
Use TLS |
- Click .
Adding a listener
determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | ica_listener |
Blocked | |
Protocol | ICA |
Permissions | |
Granted users | |
Connection | |
Mode | proxy |
Local address | 10.0.150.151 |
Port | 2494 |
Use TLS |
- Click .
Adding an account
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | admin_ica_server |
Blocked | |
Type | regular |
Session recording | all |
OCR sessions | |
Delete session data after | 61 days |
Permissions | |
Granted users | |
Server | |
Server | ica_server |
Credentials | |
Domain | |
Login | citrixuser |
Replace secret with | password |
Password | password |
Repeat password | password |
Password change policy | Static, without restrictions |
Password changer | |
Password changer | none |
Privileged user | |
Privileged user password |
- Click .
Adding a user
User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.
- Select > .
- Click .
- Provide essential user information:
Parameter | Value |
---|---|
General | |
Login | john_smith |
Fudo domain | |
Blocked | |
Account validity | Indefinite |
Role | user |
Preferred language | English |
Safes | |
Full name | John Smith |
john@smith.com |
|
Organization | |
Phone | |
AD Domain | |
LDAP Base | |
Permissions | |
Granted users | |
Authentication | |
Authentication failures | |
Enforce static password complexity | |
Type | Password |
Password | john |
Repeat password | john |
- Click .
Defining a safe
directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | ica_safe |
Blocked | |
Login reason | |
Notifications | |
Policies | |
Users | john_smith |
Protocol functionality | |
RDP | |
SSH | |
VNC | |
Accounts | |
admin_ica_server |
ica_listener |
- Click .
Note
In case of TLS encrypted connections, Fudo returns an .ica configuration file to the Citrix client, which has the FQDN server address (Address) set to the common name defined in the TLS certificate.
Creating .ica
file with connection parameters¶
Direct connection with remote server over ICA protocol requires preparing a connection configuration file. This file specifies the listener used to connect to the remote host.
Note
Refer to ICA configuration file topic for details on the configuration file.
- Create configuration file containing the following:
[ApplicationServers]
ica_connection_example=
[ica_connection_example]
ProxyType=SOCKSV5
ProxyHost=10.0.150.151:2494
ProxyUsername=*
ProxyPassword=*
Address=john_smith
Username=john_smith
ClearPassword=john
TransportDriver=TCP/IP
EncryptionLevelSession=Basic
Compress=Off
- Save the file with
.ica
extension.
Connecting to remote resource¶
- Double-click the connection configuration file to launch ICA protocol client software.
- Proceed with using the service.
Viewing user session¶
- Open a web browser and go to the Fudo PAM administration page.
- Enter user login and password to log in to Fudo PAM administration panel.
- Select > .
- Find John Smith’s session and click i.
Related topics: