Weve had a SA4500 cluster running for about a year and I thought Id put some comments in. Some of what your asking we havent done so ive left those parts out. One upfront comment - Juniper support is brilliant, lots of help working thru user issues as well as technical ones; regular updates - its for that reason I wanted to give something back. - implementing single signon to citrix was a no brainer, you can do it AD or use web based credentials. You will need to decide on going with a Java or native client (not a juniper issue but something that does crop up). - file services is built in, our users map their own resources or you can do it for them. - RDP is built in, we found that a tad slow (their are comments on the forum about changing resolution to speed up the process). In the end we use RDP for external parties and our people use the VPN option which is brilliant. - VPN gives you integrated DNS so your users dont have to remember 'inside' and 'outside' configurations. Addresses are from a VPN pool that your DHCP can pass out or get the Juniper to do it. The separate addressing allows you to differentiate at the firewalls between different user groups. - We use host checker, just be aware the more functionality you put into it (firewall checks, antivirus etc.) the larger the code and signature base that needs to be downloaded - its a once off but does need updating as you update the backend with the latest sigs. - If our users fail hostchecker they dont get VPN - they get a message to that effect. This typically happens when theyve updated to the latest free virus checker which unfortunately we have to support. - You will need admin for installation of the VPN, not too run it, we opted to do it pre-installed on our SOE laptops and remote devicesrather then the wrapper, but thats just our process not a comment on the wrapper. - We have MAC users, though they are not power users - everything works the same. - Id very much recommend gettting secure meeting so you can support your remote users, it was very unexpected win and our help desk uses it for troubleshooting a lot of internal issues as well as external. - We also use the integrated Juniper IDP feature so if an attack is detected the user is 'jailed' and only gets a limited number of functions. * hope these points help Mark
... View more