Chapter 7. NetScaler Gateway™

NetScaler Gateway (formerly known as Access Gateway Enterprise Edition) is the remote access feature of NetScaler. It has all the usual bells and whistles of an enterprise class hardened VPN solution, and is also the secure frontend of choice for XenApp, XenDesktop, and XenMobile.

As a frontend for XenApp and XenDesktop solutions, NetScaler Gateway understands how to work with ICA (Independent Computing Architecture) and can provide policy-based control for published applications and desktops.

Note

ICA is a Citrix proprietary protocol which is optimized for published applications and desktop delivery.

As a frontend for XenMobile, NetScaler provides a MicroVPN capability that is critical for enabling Worx applications to communicate securely with the backend services.

We will cover the necessary background and troubleshooting for these features in the following order:

  • Basic and Smart Access modes
  • NetScaler Gateway VPNs
  • NetScaler integration with XenApp and XenDesktop
  • NetScaler integration with XenMobile

Basic and Smart Access Modes

Before we look at the individual features, it's important to understand the different modes that the Gateway VPN Vserver can be set to. Depending on the vServer mode chosen, which in turn permits specific functionalities, you might require additional licenses called Concurrent User (CCU) licenses for its functioning. Here's a quick summary of what Basic and Smart Access Modes provide.

Basic mode

The following are the characteristics of Basic Mode:

  • Does not consume or need any CCUs
  • Provides secure (encrypted) access to published applications or desktops (ICA Proxy)
  • No VPNs or Endpoint Analysis (EPA) capabilities are provided
  • This mode is very similar in functionality to the legacy Secure Gateway product

Smart Access mode

This consumes one CCU per session. Here are the additional things you can do with a Smart Access vServer:

  • SSL VPN tunnels
  • Split tunneling
  • EPA and quarantining
  • Policy-based access to published apps and desktops (Smart Access)
  • MicroVPNs for XenMobile
  • RDP Proxy

Following is a show license screenshot, which shows that 105 CCUs are installed; these can be used for VPN tunnels, Smart Access or for XenMobile Micro VPNs. On the other hand, the number of ICA proxy sessions has no limit:

Smart Access mode

Note

CCU licenses are tied to the configured hostname of NetScaler, unlike feature licenses, which are tied to the HostID (which is a MAC address).

NetScaler Gateway comes installed with five free Smart Access licenses. The 105 licenses seen in the screenshot are because I added a 100-CCU license.

Also, XenApp and XenDesktop Platinum licenses already provide you with a certain number of CCU licenses, so you might not need to purchase them separately if you are using NetScaler Gateway with the platinum versions of these products.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.15.136.88