NetScaler Gateway has a set of features, which can be used to grant end users remote access, such as:
There are more features of NetScaler Gateway, which we will cover as we go through the chapter. One important thing to note is that all of these features require that we have a legitimate license installed on our NetScaler. For the use of the regular ICA Proxy feature, we only need a regular platform license, which we have covered in the previous chapter. If we want to use any of the other features in the preceding list, we also need a license called the universal license.
When we purchase a regular NetScaler platform license, either for an MPX or a VPX, we are given five universal licenses. We can verify this from the GUI by navigating to System | Licenses.
We can also verify this through the CLI using the following command:
show license
These licenses are concurrent, which means that we can have five users using a VPN-based solution at any given time. If we need more concurrent users, we have to buy more universal licenses.
The most commonly used feature of NetScaler Gateway is ICA Proxy, which allows remote access for users to XenApp or XenDesktop solutions, and requires only that the users have Citrix Receiver installed. It requires no additional licenses. The solution is quite simple as it tunnels all ICA traffic through the gateway and back to the user via port 443. This port is commonly used for secure HTTP traffic, is open on most firewalls, and is allowed on remote locations such as hotels and airports.
Let us take a look at a sample scenario to see how ICA Proxy operates, and how a user can access their applications or desktops. This scenario describes an example, and might be different from deployment to deployment depending on the network layout and infrastructure.
We have a company that has the NetScaler Gateway feature set up to allow remote users to access their XenApp solution. The example gateway is available at https://login.company.com
, and the NSIP and SNIP are set up according to the design shown in the following figure:
When a user tries to access the solution, for example, using the web portal, the following happens:
https://login.company.com
, which is accessible via the VIP on NetScaler.Now, the user has a portal which shows all the resources that are available. If the user was to click on an application/desktop, the following would happen:
We have now seen how a sample scenario might look like and how the different Citrix components communicate and generate an ICA connection with an external user. Even though we looked at how ICA Proxy operates, the procedure is not so much different for a regular VPN connection.
Now, let us look closer at the configuration of the Gateway feature within NetScaler, and how we can set it up to reflect the sample scenario.
3.144.161.116