• No results found

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

N/A
N/A
Protected

Academic year: 2021

Share "Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only"

Copied!
58
0
0

Loading.... (view fulltext now)

Full text

(1)

Application Note

(2)

Preface

ii

All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information.

Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Gemalto’s information.

This document can be used for informational, non-commercial, internal and personal use only provided that:

• The copyright notice below, the confidentiality and proprietary legend and this full warning notice appear in all copies.

• This document shall not be posted on any network computer or broadcast in any media and no modification of any part of this document shall be made.

Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided “AS IS” without any warranty of any kind. Unless otherwise expressly agreed in writing, Gemalto makes no warranty as to the value or accuracy of information contained herein.

The document could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Furthermore, Gemalto reserves the right to make any change or improvement in the specifications data, information, and the like described herein, at any time.

Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Gemalto be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Gemalto products. Gemalto disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective, incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy.

© Copyright 2008 Gemalto N.V. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of Gemalto N.V. and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners.

GEMALTO, B.P. 100, 13881 GEMENOS CEDEX, FRANCE. Tel: +33 (0)4.42.36.50.00 Fax: +33 (0)4.42.36.50.90

Printed in France. Document Reference:

(3)

Contents

Preface ... vi

Who Should Read This Book ... vi

For More Information... vi

Conventions ... vii

Contact Our Hotline... vii

Overview ... 1

Main steps ... 1

Architecture ... 2

Elements description... 3

Authentication process... 4

Configure the Domain Controller Server... 5

Configure Citrix Web Interface ... 8

Configure the Internet Authentication Service ... 17

IAS RADIUS prerequisites ... 17

Add a RADIUS Client ... 18

Configure Access Policies ... 19

Install and configure SA Server agent for IAS... 24

Restart IAS ... 26

Configure the Gemalto Strong Authentication Server... 28

Configure the ISA Server 2006 ... 29

Rule creation ... 29

Authentication server configuration ... 42

Saving the rule changes and restarting the firewall service ... 46

GXO/OSG SMS Layer Connector ...Error! Bookmark not defined. Modifying the CLASSPATH ... Error! Bookmark not defined. OTACS Size Allocation ... Error! Bookmark not defined.

Terminology ...Error! Bookmark not defined. Abbreviations ... Error! Bookmark not defined. Glossary ... Error! Bookmark not defined.

(4)

Preface

iv

Web Site Addresses... Error! Bookmark not defined. Other Gemalto Documentation ... Error! Bookmark not defined.

Index...Error! Bookmark not defined.

List of Figures

Figure 1 - Architecture ... 2

Figure 2 - Authentication process... 4

Figure 3 - Allowing authentication delegation to the ISA 2006 Server ... 5

Figure 4 - Selecting authentication protocol ... 6

Figure 5 - Select Users or Computers ... 6

Figure 6 - Add Services ... 7

Figure 7 - ISA 2006 Server Properties ... 7

Figure 8 – Access Management Console... 8

Figure 9 – Create Site... 9

Figure 10 - Specify IIS Location ... 9

Figure 11 - Specify Configuration Source... 10

Figure 12 - Specify Authentication Settings... 10

Figure 13 - Confirm Settings For New Site... 11

Figure 14 - Creating Site... 11

Figure 15 - Welcome to the Specify Initial Configuration Wizard ... 12

Figure 16 – Specify Server Farm... 13

Figure 17 - Select Application Type... 14

Figure 18 - Confirm Settings... 15

Figure 19 - Access Management Console ... 15

Figure 20 - Configure Authentication Methods ... 16

Figure 21 - Properties ... 16

Figure 22 - IAS RADIUS Server ... 18

Figure 23 - New RADIUS Client 1 ... 18

Figure 24 - New RADIUS Client 2 ... 19

Figure 25 - Policy Configuration Method ... 19

Figure 26 - Policy Conditions... 20

Figure 27 - Attribute type ... 20

Figure 28 - Client IP Address ... 20

Figure 29 - Policy Conditions... 21

Figure 30 - Selecting Permissions... 21

Figure 31 - Editing Dial-In Profile... 22

Figure 32 - Encryption Type ... 22

Figure 33 - Connection Request Authentication... 23

Figure 34 - Connection Request Policies ... 24

Figure 35 - SA Server Agent install Shield Wizard ... 24

Figure 36 - License Agreement ... 25

Figure 37 - Configuring SA Server URL ... 25

Figure 38 - Installing the SA IAS Agent ... 26

Figure 39 - Finishing the Installation... 26

Figure 40 - Stopping the IAS Service ... 27

Figure 41 - Starting the IAS Service ... 27

Figure 42 - Firewall Policy ... 29

Figure 43 - Create Access Rule ... 30

(5)

v

Figure 45 - Publishing Type... 31

Figure 46 - Server Connection Security ... 32

Figure 47 - Internal Publishing Details... 33

Figure 48 - Setting Public Name Details... 33

Figure 49 - Selecting Web Listener ... 34

Figure 50 - Web Listener Name ... 35

Figure 51 - Client Connection Security... 35

Figure 52 - Web Listener IP Addresses... 36

Figure 53 - Listener SSL Certificates... 36

Figure 54 - Select Certificate ... 37

Figure 55 - Listener SSL Certificates... 38

Figure 56 - Authentication Settings ... 38

Figure 57 - Single Sign On Settings ... 39

Figure 58 - Completing the New Web Listener Wizard ... 40

Figure 59 - Select Web Listener ... 40

Figure 60 - Authentication Delegation ... 41

Figure 61- User Sets... 41

Figure 62 - Completing the New Web Publishing Rule Wizard ... 42

Figure 63 - Kerberos Constrained Delegation ... 42

Figure 64 - Web Listener properties ... 43

Figure 65 - Authentication Properties ... 43

Figure 66 - Authentication Servers ... 44

Figure 67 - Adding RADIUS Server ... 44

Figure 68 - Shared Secret ... 45

Figure 69 - IAS server... 45

Figure 71 - Applying changes ... 46

Figure 72 - Saving Configuration Changes ... 46

Figure 73 - Monitoring... 46

Figure 74 - Stopping the Firewall service ... 47

(6)

Preface

vi

Preface

The Gemalto two-factor authentication solution provides strong authentication based on smart cards for the enterprise, banking, and internet service provider (ISP) markets.

This solution enables organizations to deploy a strong authentication solution for their end-users, whether local or remote. The system can service a broad range of deployments, from small corporations with less than 100 users to ISPs with potentially millions of usersWho Should Read This Book

Who Should Read This Book

This guide is intended for system administrators responsible for configuring the ISA, SA Server and Citrix Web Interface in order to use Gemalto OTP devices to authenticate mobile users with ISA 2006.

Administrators should be familiar with:

• Citrix Web Interface.

• The Gemalto SA Server system architecture.

• Microsoft Internet Security and Acceleration Server 2006.

For More Information

For a complete list of the documentation for the Gemalto Strong Authentication (SA) Server, refer to the release notes (README.txt) on the Gemalto SA Server CD (or zip image of the CD).

(7)

vii

Conventions

The following conventions are used in this document:

In this manual, the following highlighting styles are used:

 Bold – Instructions, commands, file names, folder names, key names, icons, menus, menu items, field names, buttons, check boxes, tabs, registry keys and values .

 Italic – Variables that you must replace with a value, book titles, news or emphasized terms.

In this manual, hyperlinks are marked as described below

 Internal Links – Displayed in quotation marks. When viewing this book online, click an internal link to jump to a different section of the book.

 External Links – Displayed in blue, underlined text. When viewing this book online, click an external link to launch your default browser (or email program) to navigate to that Web address or compose an email.

In this manual, notes and cautions are marked like this:

Notes: Information that further explains a concept or instruction, tips, and tricks.

Caution: Information that alerts you to potentially severe problems that might result in loss of data or system failure.

Contact Our Hotline

If you do not find the information you need in this manual, or if you find errors, contact the Gemalto hotline at

http://support.gemalto.com/.

(8)
(9)

1

Overview

This document provides a deployment scenario to show you how it is possible to configure the Microsoft ISA 2006 Server to use Gemalto SA Server to authenticate Mobiles Users in order to get access to applications through Citrix Web Interface.

Caution: Consequently, this document should not be considered as an instruction manual on how to configure your system.

Main steps

The main steps are:

1. SA Server installation

2. RADIUS Server configuration a. Installation

(10)

Preface

2

(11)

3

Elements description

To provide SA Server authentication for mobile users, your system requires the following pre-requisites: A Microsoft Internet Security and Acceleration Server 2006 installed on a Microsoft Windows

2003 Server.

The server has got two physical interfaces and is able to act as a gateway from the Internal

Network to the External Network.

o <IP internal address> allows access to the Internal Network. This network is seen as a trusted network.

In our laboratory <IP internal address> was 10.10.180.69.

o <IP external address> represents the IP address of the physical interface visible from the External Network. This address will be set during the appliance configuration.

The External Network is seen as a not trusted network. In our laboratory <IP external address> was 192.168.83.128.

o We named the ISA Server isawi, this name will appear in the next screenshots. An AD Domain machine hosting an Active Directory LDAP and acting as domain controller.

In our laboratory the domain hosted by AD Domain was “w2k3.gemsafe.gem”.

We will use the term Mobile Users to refer to users who have an account in AD Domain and who will access from the External Network to the Internal Network through the ISA 2006 Server. Their accounts must be configured to allow remote access control.

A Microsoft Certification Authority used to issue web certificates to the web servers.

In our laboratory, the Certification Authority was installed on the server hosting the Domain Controller.

A Citrix Web Interface. You will have to create and configure a website. These steps will not be treated in the following document; we will mention only the creation of the website and the configuration steps taking part in the authentication process.

In our laboratory, the Citrix Web Interface server was named wi.w2k3.gemsafe.gem. <IP web

interface address> was 10.10.180.169.

A Citrix Presentation Server. You will have to provide the applications for mobiles users. The provision of the applications will not be explained in this document. In our laboratory the Citrix Presentation Server is citrixpsonly.

A Gemalto SA Server,

We have installed the server in a Mixed mode. It is supposed to be provisioned for devices and users.

<Base URL SA Server> will be used to refer to the URL that should be used to access SA Server. In our laboratory <Base URL SA Server> was http://saserver.w2k3.gemafe.gem.

A RADIUS Server,

This server is the link between ISA 2006 Server and the Gemalto SA Server.

o IAS RADIUS for which <IP IAS address> will be used to refer to IAS RADIUS server IP address. In our laboratory, <IP IAS address> was 10.10.180.57.

o You will have to install the Gemalto IAS Agent. In order to demonstrate a successful authentication, we also need:

VPN Client machines.

(12)

Preface

4

Users.

Authentication process

To allow mobile users getting access to the published applications, we use the Kerberos Constrained Delegation feature available on Microsoft ISA 2006. The following schema shows the authentication process based on the Kerberos Constrained Delegation feature.

Figure 2 - Authentication process

Step 1, receipt of client credentials: The client sends a request to connect to the applications in the internal network. The client provides the credentials in an HTML form.

Steps 2 and 3, sending credentials: ISA Server sends the credentials to the authentication provider. The authentication provider in our case is a RADIUS server, the Gemalto agent snaps the credentials and send them to the Strong Authentication Server. Once the credentials accepted, the RADIUS server sends an acknowledgment notifying that the user is authenticated. The ISA 2006 server generates a Kerberos ticket.

Step 4, authentication delegation: ISA Server forwards the client's request to the Citrix Web Interface, and authenticates itself to the Citrix Web Interface using the client's credentials.

Step 5, server response: The Citrix Web Interface sends a response to the client, which is intercepted by ISA Server.

(13)

2

Configure the Domain

Controller Server

Here is the main configuration steps needed to be accomplished on the Domain Controller.

Figure 3 - Allowing authentication delegation to the ISA 2006 Server

(14)

6 Configure the Domain Controller Server Figure 4 - Selecting authentication protocol

3. On Delegation tab, check Trust this computer for delegation to specified services only,

4. Check Use any authentication protocol. 5. Click on Add.

Figure 5 - Select Users or Computers

(15)

Configure the Domain Controller Server 7

Figure 6 - Add Services

8. Select the http as Service Type. 9. Click on OK.

Figure 7 - ISA 2006 Server Properties

(16)

3

Configure Citrix Web Interface

To configure Kerberos with Citrix Web Interface, you must launch Access Management Console. Figure 8 – Access Management Console

(17)

Configure Citrix Web Interface 9

Figure 9 – Create Site

2. Select Access Platform site and click on Next.

Figure 10 - Specify IIS Location

(18)

10 Configure Citrix Web Interface

Figure 11 - Specify Configuration Source

4. Select Local File(s) and click on Next.

Figure 12 - Specify Authentication Settings

(19)

Configure Citrix Web Interface 11

Figure 13 - Confirm Settings For New Site

6. Click on Next.

Figure 14 - Creating Site

(20)

12 Configure Citrix Web Interface

Figure 15 - Welcome to the Specify Initial Configuration Wizard

(21)

Configure Citrix Web Interface 13

Figure 16 – Specify Server Farm

9. In Farm name field, type your farm name, in our case we choice Farmgemsafe. Then in Server field

click on Add and type your Presentation Server. In our case, it’s citrixpsonly.w2k3.gemsafe.gem and in XML service port enter 8888.

(22)

14 Configure Citrix Web Interface

Figure 17 - Select Application Type

10. Select Remote and click on Next.

(23)

Configure Citrix Web Interface 15

Figure 18 - Confirm Settings

12. Click on Finish.

Figure 19 - Access Management Console

13. In Access Management Console, in Web Interface select

https://wi.w2k3.gemsafe.gem/Citrix/AccessPlatform. In Common Task, click on Configure

(24)

16 Configure Citrix Web Interface

Figure 20 - Configure Authentication Methods

14. Check Pass-through and click on Properties. Figure 21 - Properties

(25)

4

Configure the Internet

Authentication Service

We used the IAS server version embedded in Windows Server 2003 SP1.

IAS RADIUS prerequisites

The IAS RADIUS installation is not described in this document. It is presumed to be already done.

Check IAS RADIUS Server domain

The IAS RADIUS server must be part of the AD Domain as IAS RADIUS has to check that each Mobile User has an account in the directory.

Access to IAS administration You have to:

(26)

18 Configure the IAS

Figure 22 - IAS RADIUS Server

Add a RADIUS Client

You now have to add the ISA 2006 Server as a RADIUS client:

Right click on RADIUS Clients and Select New RADIUS Client

Figure 23 - New RADIUS Client 1

In Friendly name enter a name for Microsoft ISA Server 2006, In Client address (IP or DNS) enter the <IP internal address>.

(27)

19

Figure 24 - New RADIUS Client 2

Select RADIUS Standard for Client-Vendor:

Enter the chosen shared secret in Shared secret: and in Confirm shared secret:. This must be the same value as the one you entered when you configured the authentication type page 42)

• Click on [Finish] to validate those parameters.

Configure Access Policies

You have to add a new remote access policy:

Right click on Remote Access Policies and Select New Remote Access Policy Click on Next in the wizard windows

Figure 25 - Policy Configuration Method

Select Set up a custom policy choice in How do you want to set up this policy and add a friendly name in Policy name.

(28)

20 Configure the IAS

Figure 26 - Policy Conditions

Click on Add… in Policy Conditions window Figure 27 - Attribute type

Select Client-IP-Address in Attribute types: and click on Add… Figure 28 - Client IP Address

(29)

21

Figure 29 - Policy Conditions

Click on Next.

Figure 30 - Selecting Permissions

(30)

22 Configure the IAS

Figure 31 - Editing Dial-In Profile

Click on Edit Profile… in the profile window

Select Authentication tab and uncheck all boxes except Unencrypted authentication (PAP, SPAP)

Select Encryption tab Figure 32 - Encryption Type

(31)

23

In the Profile window, click on Next.

In the New Remote Access Policy Wizard window, click on Finish.

The new policy is now available.

Configure Connection Request Policies

You have to add a new connection request policy:

In Connection Request Processing, right click on Connection Request and select New Connection Request Policy

Click on Next in the wizard window

Select A custom policy, enter a name in Policy name and click on Next In the Policy conditions windows, click on Add…, select Client-IP-Address,

Click on Add…, enter <IP Internal Address>, click on OK and cick on Next. In the Request Processing Method, click on Edit Profile.

Figure 33 - Connection Request Authentication

In the Authentication tab, select Authenticate requests on this server and click on OK.

(32)

24 Configure the IAS

Figure 34 - Connection Request Policies

The new policy is now available.

Install and configure SA Server agent for IAS

You now have to install the SA Server IAS agent on the IAS RADIUS server. This component will forward all authentication requests received by IAS to SA Server.

Double-click on “IAS_AgentSetup.exe” on the IAS RADIUS server, Figure 35 - SA Server Agent install Shield Wizard

(33)

25

Figure 36 - License Agreement

Select I accept the terms in the license agreement and click on Next. Figure 37 - Configuring SA Server URL

• You now have to enter

<Base URL SA Server>/saserver/servlet/UserRequestServlet

in Protiva Authentication Servlet URL:

Caution: During the installation, you have to replace “localhost” by the real IP address of

SA Server. You also have to set the port if this is not the standard port 80.

Don’t forget to replace the proposed “protiva” path by “saserver” as it is now the default choice used during SA Server installation.

(34)

26 Configure the IAS

Figure 38 - Installing the SA IAS Agent

Click on Install.

Figure 39 - Finishing the Installation

Click on Finish.

Restart IAS

To launch the installed agent, you now have to re-start IAS.

(35)

27

Figure 40 - Stopping the IAS Service

• Then, click on the green arrow in the same toolbar to restart the server and take the changes into account.

(36)

28 Configure the IAS

5

Configure the Gemalto

Strong Authentication

Server

(37)

29

6

Configure the ISA Server

2006

As represented in the figure 1, we chose to install the Microsoft ISA Server 2006 as a front end firewall. This configuration devises space on two different networks: an internal one, which represents the corporation local area network, and an external network (Internet). We will now describe the access rules that must be created in order to manage mobile user’s access.

Rule creation

Launch the ISA Server Management,

Figure 42 - Firewall Policy

(38)

30 Configure the IAS

Figure 43 - Create Access Rule

• In the Tasks tab, click on Publish Web Sites, • The New Web Publishing Rule Wizard will appear,

Figure 44 - New Web Publishing Rule Wizard

(39)

31

Figure 45 - Publishing Type

• In the Publishing Type window, select the type that meet your enterprise infrastructure,

(40)

32 Configure the IAS

Figure 46 - Server Connection Security

(41)

33

Figure 47 - Internal Publishing Details

• In Internal Site name, enter the Web site name,

Note: In our laboratory, the web internal site name was wi.w2k3.gemsafe.gem.

(42)

34 Configure the IAS

• In Accept requests for, select Any domain name. • In Public name, enter the site name,

Note: In our laboratory, the web internal site name was wi.w2k3.gemsafe.gem.

Figure 49 - Selecting Web Listener

(43)

35

Figure 50 - Web Listener Name

• In Web listener name, enter a name,

Note: In our laboratory, we chose Web Interface listener as listener name.

Figure 51 - Client Connection Security

(44)

36 Configure the IAS

Figure 52 - Web Listener IP Addresses

In Web Listener IP Addresses window, Check External,

Check ISA Server will compress content sent to clients through this Web Listener[…],

Click on Next.

(45)

37

Check Use a single certificate for this Web Listener, Click on Select Certificate…

Figure 54 - Select Certificate

• Select the valid web certificate that meets your configuration, • Click on Select.

(46)

38 Configure the IAS

Figure 55 - Listener SSL Certificates

Click on Next.

Figure 56 - Authentication Settings

In Select how clients will provide credentials to ISA Server, select HTML Form Authentication.

(47)

39

Click on Next .

Figure 57 - Single Sign On Settings

In the Single Sign On Setting window, check Enable SSO for Web sites published with this Web listener,

(48)

40 Configure the IAS

Figure 58 - Completing the New Web Listener Wizard

Click on Finish. Figure 59 - Select Web Listener

(49)

41

Figure 60 - Authentication Delegation

In Select the method used by ISA Server […], select Kerberos constrained delegation,

In Type the Service Principal Name (SPN) […], enter your Web Interface. Note: In our laboratory, the SPN was http:/wi.w2k3.gemsafe.gem.

(50)

42 Configure the IAS

In the User Sets window, make sure that the All Authenticated Users item is selected,

Click on Next.

Figure 62 - Completing the New Web Publishing Rule Wizard

Click on Finish.

Figure 63 - Kerberos Constrained Delegation

Note: This window refers to the Domain Controller configuration step. We must allow the Kerberos Constrained Delegation to ISA 2006 Server. Please refer to the Domain Controller Configuration part.

Authentication server configuration

After you create the Web publishing rule, you need to set up the authentication server. The Gemalto strong authentication solution is based on the RADIUS Protocol. This section describes the configuration steps that need to be done on the ISA 2006 Server.

(51)

43

Figure 64 - Web Listener properties

On the Citrix Web Interface window, select Listener tab, Click on Properties,

Figure 65 - Authentication Properties

(52)

44 Configure the IAS

Click on Configure Validation Servers… Figure 66 - Authentication Servers

• On the Authentication Servers window, select RADIUS Servers tab, • Click on Add…

(53)

45

In Server name, enter the IAS server name or <IP IAS address>, In Server description, enter a description,

In Shared secret Click on Change… Figure 68 - Shared Secret

• Enter the RADIUS shared secret, • Click on OK twice.

Figure 69 - IAS server

(54)

46 Configure the IAS

Saving the rule changes and restarting the firewall service

Figure 70 - Applying changes

Click on Apply to save the changes. Figure 71 - Saving Configuration Changes

Click on OK.

To restart the Microsoft ISA 2006 Server service proceed as follows,

Figure 72 - Monitoring

(55)

47

Figure 73 - Stopping the Firewall service

Right-click on Microsoft Firewall, Click on Stop.

Figure 74 - Starting the Firewall service

(56)

48 Configure the IAS

7

Client connection

On the client workstation, open your web browser and type the ISA Server external IP address or the DNS name associated to it,

Figure 75 - Security Alert

(57)

49

Figure 76 - User authentication web page

In the User name, enter the user name,

Note: In our laboratory, we have created a user named sasadmin.

In Passcode, enter the OTP given by the Gemalto token followed by the user password.

(58)

50 Configure the IAS

Figure 77 – Citrix Web Interface

References

Related documents

  Trening za pripremu certifikata  Microsoft Certified Technology  Specialist (MCTS): SQL Server 2005   

• Enriched account statement and transaction advice • Extend statement retention period to 6 months • Enquire on trade import, export, and loan limits • Check available

Incorporation Contingent Search Payroll &amp; HR Payroll Compensation Licensing Executive Search Accounting HRMS Benefits Immigration RPO Government Relations ATS Labor Law

(As with any EdgeSight deployment, you will also need SQL Server Reporting Services and Citrix License Server for Windows, as specified in this document.) For instructions on

This clearly reveals that the growth in the dematerialization process was not keeping pace with the growth in the total turn over of shares in the Indian capital

• Run cross-sectional regressions of firm level equity returns for each month from July of year t+1 through June of year t+2 on set of characteristics.. • Average the

On-board loads Alighting Flow Residual Seat K Residual Load Residual Vehicle K Seat allocation to ancient passengers Residual Service K Service frequency Service

The database server remains an important aspect of a SharePoint 2010 farm; it is used to store SharePoint configuration details, to host user data and farm content, and to