Submit Search
Upload
Cloud gateway v1.6
•
1 like
•
668 views
S
sivakumaroduru
Follow
installation guide
Read less
Read more
Report
Share
Report
Share
1 of 126
Download now
Download to read offline
Recommended
Xi31 sp3 bip_admin_en
Xi31 sp3 bip_admin_en
subhash70786460
Not all XML Gateways are Created Equal
Not all XML Gateways are Created Equal
CA API Management
Deploying the XenMobile 8.5 Solution
Deploying the XenMobile 8.5 Solution
Nuno Alves
EMC Hybrid Cloud Solution with VMware: Hadoop Applications Solution Guide 2.5
EMC Hybrid Cloud Solution with VMware: Hadoop Applications Solution Guide 2.5
EMC
Network Virtualization and Security with VMware NSX - Business Case White Pap...
Network Virtualization and Security with VMware NSX - Business Case White Pap...
Błażej Matusik
Business and Economic Benefits of VMware NSX
Business and Economic Benefits of VMware NSX
Angel Villar Garea
Qlik view connector manual
Qlik view connector manual
msreeks
A Cloud Decision making Framework
A Cloud Decision making Framework
Andy Marshall
Recommended
Xi31 sp3 bip_admin_en
Xi31 sp3 bip_admin_en
subhash70786460
Not all XML Gateways are Created Equal
Not all XML Gateways are Created Equal
CA API Management
Deploying the XenMobile 8.5 Solution
Deploying the XenMobile 8.5 Solution
Nuno Alves
EMC Hybrid Cloud Solution with VMware: Hadoop Applications Solution Guide 2.5
EMC Hybrid Cloud Solution with VMware: Hadoop Applications Solution Guide 2.5
EMC
Network Virtualization and Security with VMware NSX - Business Case White Pap...
Network Virtualization and Security with VMware NSX - Business Case White Pap...
Błażej Matusik
Business and Economic Benefits of VMware NSX
Business and Economic Benefits of VMware NSX
Angel Villar Garea
Qlik view connector manual
Qlik view connector manual
msreeks
A Cloud Decision making Framework
A Cloud Decision making Framework
Andy Marshall
Microsoft retail sdd bo_v01
Microsoft retail sdd bo_v01
alsendepad
Visual Studio 2015 and MSDN Licensing Whitepaper - November 2015
Visual Studio 2015 and MSDN Licensing Whitepaper - November 2015
David J Rosenthal
IBM Storwize 7000 Unified, SONAS, and VMware Site Recovery Manager: An overvi...
IBM Storwize 7000 Unified, SONAS, and VMware Site Recovery Manager: An overvi...
IBM India Smarter Computing
Essbase database administrator's guide
Essbase database administrator's guide
Chanukya Mekala
121poug
121poug
Nawaz Sk
ESM Administrator's Guide for ESM 6.0c
ESM Administrator's Guide for ESM 6.0c
Protect724
D64974 gc10 odi-11g-integration-and-administration-ag
D64974 gc10 odi-11g-integration-and-administration-ag
Chanukya Mekala
Disaster Recovery using Veritas Storage Foundation Enterprise HA & IBM DS8000...
Disaster Recovery using Veritas Storage Foundation Enterprise HA & IBM DS8000...
IBM India Smarter Computing
Best practices for_virtualizing_and_managing_exchange_2013
Best practices for_virtualizing_and_managing_exchange_2013
Khalid Al-Ghamdi
Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)
Nuno Alves
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
Curtis Brenneman
Firstcup
Firstcup
PrinceGuru MS
Tems optimization and-log-file-analysis-in-gsm (1)
Tems optimization and-log-file-analysis-in-gsm (1)
mysritech
Youwe sap-ecc-r3-hana-e commerce-with-magento-mb2b-100717-1601-206
Youwe sap-ecc-r3-hana-e commerce-with-magento-mb2b-100717-1601-206
Dennis Reurings
actix lte
actix lte
Dragos Biciu
Q T P Tutorial
Q T P Tutorial
rosereddy
Cloud computing
Cloud computing
Ravi Sharma
connectivity_service.pdf
connectivity_service.pdf
Jagadish Babu
El valor de la migración y Modernizacion a Microsoft azure
El valor de la migración y Modernizacion a Microsoft azure
Cade Soluciones
Livre blanc technique sur l’architecture de référence
Livre blanc technique sur l’architecture de référence
Microsoft France
V mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaper
EMC
ESM_InstallGuide_5.6.pdf
ESM_InstallGuide_5.6.pdf
Protect724migration
More Related Content
What's hot
Microsoft retail sdd bo_v01
Microsoft retail sdd bo_v01
alsendepad
Visual Studio 2015 and MSDN Licensing Whitepaper - November 2015
Visual Studio 2015 and MSDN Licensing Whitepaper - November 2015
David J Rosenthal
IBM Storwize 7000 Unified, SONAS, and VMware Site Recovery Manager: An overvi...
IBM Storwize 7000 Unified, SONAS, and VMware Site Recovery Manager: An overvi...
IBM India Smarter Computing
Essbase database administrator's guide
Essbase database administrator's guide
Chanukya Mekala
121poug
121poug
Nawaz Sk
ESM Administrator's Guide for ESM 6.0c
ESM Administrator's Guide for ESM 6.0c
Protect724
D64974 gc10 odi-11g-integration-and-administration-ag
D64974 gc10 odi-11g-integration-and-administration-ag
Chanukya Mekala
Disaster Recovery using Veritas Storage Foundation Enterprise HA & IBM DS8000...
Disaster Recovery using Veritas Storage Foundation Enterprise HA & IBM DS8000...
IBM India Smarter Computing
Best practices for_virtualizing_and_managing_exchange_2013
Best practices for_virtualizing_and_managing_exchange_2013
Khalid Al-Ghamdi
Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)
Nuno Alves
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
Curtis Brenneman
Firstcup
Firstcup
PrinceGuru MS
Tems optimization and-log-file-analysis-in-gsm (1)
Tems optimization and-log-file-analysis-in-gsm (1)
mysritech
Youwe sap-ecc-r3-hana-e commerce-with-magento-mb2b-100717-1601-206
Youwe sap-ecc-r3-hana-e commerce-with-magento-mb2b-100717-1601-206
Dennis Reurings
actix lte
actix lte
Dragos Biciu
Q T P Tutorial
Q T P Tutorial
rosereddy
What's hot
(16)
Microsoft retail sdd bo_v01
Microsoft retail sdd bo_v01
Visual Studio 2015 and MSDN Licensing Whitepaper - November 2015
Visual Studio 2015 and MSDN Licensing Whitepaper - November 2015
IBM Storwize 7000 Unified, SONAS, and VMware Site Recovery Manager: An overvi...
IBM Storwize 7000 Unified, SONAS, and VMware Site Recovery Manager: An overvi...
Essbase database administrator's guide
Essbase database administrator's guide
121poug
121poug
ESM Administrator's Guide for ESM 6.0c
ESM Administrator's Guide for ESM 6.0c
D64974 gc10 odi-11g-integration-and-administration-ag
D64974 gc10 odi-11g-integration-and-administration-ag
Disaster Recovery using Veritas Storage Foundation Enterprise HA & IBM DS8000...
Disaster Recovery using Veritas Storage Foundation Enterprise HA & IBM DS8000...
Best practices for_virtualizing_and_managing_exchange_2013
Best practices for_virtualizing_and_managing_exchange_2013
Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
Firstcup
Firstcup
Tems optimization and-log-file-analysis-in-gsm (1)
Tems optimization and-log-file-analysis-in-gsm (1)
Youwe sap-ecc-r3-hana-e commerce-with-magento-mb2b-100717-1601-206
Youwe sap-ecc-r3-hana-e commerce-with-magento-mb2b-100717-1601-206
actix lte
actix lte
Q T P Tutorial
Q T P Tutorial
Similar to Cloud gateway v1.6
Cloud computing
Cloud computing
Ravi Sharma
connectivity_service.pdf
connectivity_service.pdf
Jagadish Babu
El valor de la migración y Modernizacion a Microsoft azure
El valor de la migración y Modernizacion a Microsoft azure
Cade Soluciones
Livre blanc technique sur l’architecture de référence
Livre blanc technique sur l’architecture de référence
Microsoft France
V mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaper
EMC
ESM_InstallGuide_5.6.pdf
ESM_InstallGuide_5.6.pdf
Protect724migration
Presentation data center deployment guide
Presentation data center deployment guide
xKinAnx
ITSM Approach for Clouds
ITSM Approach for Clouds
HCL ISD (Infrastructure Services Division)
ISE-802.1X-MAB
ISE-802.1X-MAB
Emerson Barros Rivas
Cisco Cloud Computing White Paper
Cisco Cloud Computing White Paper
lamcindoe
Cloud Computing Sun Microsystems
Cloud Computing Sun Microsystems
danielfc
Esm admin guide_5.5
Esm admin guide_5.5
Protect724v2
Configuring a highly available Microsoft Lync Server 2013 environment on Dell...
Configuring a highly available Microsoft Lync Server 2013 environment on Dell...
Principled Technologies
White Paper: EMC Compute-as-a-Service
White Paper: EMC Compute-as-a-Service
EMC
Cloud view platform-highlights-web3
Cloud view platform-highlights-web3
Enterprise Technology Management (ETM)
Vce vdi reference_architecture_knowledgeworkerenvironments
Vce vdi reference_architecture_knowledgeworkerenvironments
Itzik Reich
Cloud Catalyst Programme | Torry Harris Whitepaper
Cloud Catalyst Programme | Torry Harris Whitepaper
Torry Harris Business Solutions
Aerohive whitepaper-cooperative control WLAN
Aerohive whitepaper-cooperative control WLAN
Altaware, Inc.
04367a
04367a
Francisco Pinheiro
Oracle Lead to Order Integration Pack for Oracle CRM On Demand and Oracle E-B...
Oracle Lead to Order Integration Pack for Oracle CRM On Demand and Oracle E-B...
Apps Associates
Similar to Cloud gateway v1.6
(20)
Cloud computing
Cloud computing
connectivity_service.pdf
connectivity_service.pdf
El valor de la migración y Modernizacion a Microsoft azure
El valor de la migración y Modernizacion a Microsoft azure
Livre blanc technique sur l’architecture de référence
Livre blanc technique sur l’architecture de référence
V mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaper
ESM_InstallGuide_5.6.pdf
ESM_InstallGuide_5.6.pdf
Presentation data center deployment guide
Presentation data center deployment guide
ITSM Approach for Clouds
ITSM Approach for Clouds
ISE-802.1X-MAB
ISE-802.1X-MAB
Cisco Cloud Computing White Paper
Cisco Cloud Computing White Paper
Cloud Computing Sun Microsystems
Cloud Computing Sun Microsystems
Esm admin guide_5.5
Esm admin guide_5.5
Configuring a highly available Microsoft Lync Server 2013 environment on Dell...
Configuring a highly available Microsoft Lync Server 2013 environment on Dell...
White Paper: EMC Compute-as-a-Service
White Paper: EMC Compute-as-a-Service
Cloud view platform-highlights-web3
Cloud view platform-highlights-web3
Vce vdi reference_architecture_knowledgeworkerenvironments
Vce vdi reference_architecture_knowledgeworkerenvironments
Cloud Catalyst Programme | Torry Harris Whitepaper
Cloud Catalyst Programme | Torry Harris Whitepaper
Aerohive whitepaper-cooperative control WLAN
Aerohive whitepaper-cooperative control WLAN
04367a
04367a
Oracle Lead to Order Integration Pack for Oracle CRM On Demand and Oracle E-B...
Oracle Lead to Order Integration Pack for Oracle CRM On Demand and Oracle E-B...
Cloud gateway v1.6
1.
Proof of Concept
Guide | Citrix CG Marketing CloudGateway Enterprise PoC Best Practice Guide Citrix CloudGateway & Receiver Group www.citrix.com Citrix Systems, Inc. © 2012 Confidential Page i of 126
2.
Citrix CloudGateway
Proof of Concept Guide Contents CloudGateway Enterprise PoC Best Practice Guide ................................................................................................ i Purpose and Scope .................................................................................................................................................2 CloudGateway Components ....................................................................................................................................2 Recommended Product Versions ............................................................................................................................................. 3 Integrating CloudGateway with XenDesktop/XenApp .............................................................................................3 Leveraging Existing WI/PNA Infrastructure ............................................................................................................................. 3 Deploying StoreFront ............................................................................................................................................................... 4 Recommended Product Versions ............................................................................................................................................. 5 3 Phases to a successful PoC .................................................................................................................................6 Phase 1: Deploying AppController and Receiver ...................................................................................................................... 6 Phase 2: Deploying Access Gateway ........................................................................................................................................ 6 Phase 3: Integrating with XD / XA ............................................................................................................................................ 7 Best practice Deployment flowchart ........................................................................................................................................ 8 Phase 1: Deploying AppController and Receiver ....................................................................................................9 Downloading, Importing and Configuring Citrix AppController ............................................................................................... 9 Basic Configuration of the Web Admin Console..................................................................................................................... 20 Adding Categories, Configuring Roles, and Assigning Applications ....................................................................................... 28 Configuring Data .................................................................................................................................................................... 37 Endpoint Configuration .......................................................................................................................................................... 46 Phase 2: Deploying Access Gateway ....................................................................................................................49 Authentication Server Configuration ..................................................................................................................................... 49 Authentication Policy Configuration ...................................................................................................................................... 50 Virtual Server – Basic Configuration ...................................................................................................................................... 51 Virtual Server – Authentication Configuration ....................................................................................................................... 53 Access Gateway Session and Access Policy & Profile Configuration ...................................................................................... 54 AppController Configuration .................................................................................................................................................. 68 Endpoint Configuration .......................................................................................................................................................... 70 Phase 3: Integrating StoreFront .............................................................................................................................73 AppController Configuration .................................................................................................................................................. 73 StoreFront Configuration ....................................................................................................................................................... 76 AccessGateway Configuration ............................................................................................................................................... 88 Endpoint Configuration .......................................................................................................................................................... 90 Deploying through Web Interface ..........................................................................................................................93
3.
Citrix CloudGateway
Proof of Concept Guide Endpoint Configuration .......................................................................................................................................................... 93 Appendix ................................................................................................................................................................96 PNA Session Policy and Profile: .............................................................................................................................................. 96 Clientless Access Policy and Profile: ..................................................................................................................................... 101 Receiver for Web Session Policy and Profile: ........................................................................................................................ 104 Native Receiver Session Policy and Profile: .......................................................................................................................... 109 ChromeOS Session Policy and Profile: .................................................................................................................................. 114 Access Gateway Plugin Policy and Profile: ........................................................................................................................... 118
4.
Citrix CloudGateway
Proof of Concept Guide Purpose and Scope The purpose of this document is to help Citrix sales, partners and customers recommend a staged approach to CloudGateway Proof of Concept deployments. It provides a high-level view of the product versions required and a detailed list of prerequisites to get the best user experience across different Receivers all while reducing the complexity of the deployment. Each PoC is unique and requires careful assessment of the current environment and in some cases hands-on consulting engagement. As such, this document should be used in conjunction with other admin and deployment guides. As a level set, it is important to recognize the features that CloudGateway offers, distinct from XenDesktop and XenApp. Generally, customers are interested in CloudGateway because they want to leverage Enterprise Mobility features, specifically, the product features listed below: MDX App Vault - Mobile App Management MDX Web Connect – Secure Browser for Intranet Resources Secure Mobile Mail Web & SaaS applications – Single Sign On and Provisioning ShareFile – Corporate Directory Integration & Data Security CloudGateway Components CloudGateway is comprised of three key technology components: 1. Citrix Receivers are used to deliver CloudGateway enabled applications to the end users 2. AppController is the key infrastructure component in CloudGateway that integrates with Active Directory, ShareFile, Web/SaaS applications and native mobile apps to deliver enterprise mobility features 3. Access Gateway allows secure access to enterprise resources from outside of the corporate network and is an integral part of the CloudGateway solution suite The following diagram illustrates CloudGateway deployment at a high level. Figure 1 CloudGateway Deployment Diagram Citrix Systems, Inc. © 2010 Page 2 of 126
5.
Citrix CloudGateway
Proof of Concept Guide In this deployment, users will need to download the latest Receiver on the device and create an account that points to AppController or Access Gateway to access CloudGateway delivered applications. See the CloudGateway Deployment guide for further instructions on setting up infrastructure components. Recommended Product Versions Infrastructure AppController 2.0 or latest Access Gateway 10.0.70 or latest Receivers Customers should use the latest versions of Citrix Receivers to get best user experience. More specifically, the following Receiver versions are recommended for CloudGateway deployments. iOS 5.6 Android 3.1 Windows 3.3 Mac 11.6 Integrating CloudGateway with XenDesktop/XenApp CloudGateway can easily fit into an existing XenDesktop and XenApp deployment to deliver unified application experience for Windows applications, desktops, Web & SaaS applications and native mobile apps through Citrix Receivers. The following sections describe two separate approaches to accomplish this integration. Leveraging Existing WI/PNA Infrastructure A large majority of the existing XenDesktop/XenApp install base will have Web Interface or PNA Site optionally fronted by Access Gateway for remote worker use case. In this scenario adding AppController atop the current environment will allow customers to leverage CloudGateway features. Receivers can continue to talk to Web Interface or PNA Site (Standalone or Netscalar) for Windows applications and can now integrate with AppController (optionally through Access Gateway) for Web, SaaS and Mobile apps. Citrix Systems, Inc. © 2010 Page 3 of 126
6.
Citrix CloudGateway
Proof of Concept Guide The following diagram illustrates the recommended deployment architecture at a high-level: Figure 2 CloudGateway with WI/PNA Infrastructure The benefit with this approach is that it minimizes the number of moving parts and allows customers to easily augment their current environment with CloudGateway components. With this approach, users will need to configure Receiver to create separate connections - one to their existing WI/PNA site and another to AppController (or Access Gateway for remote use cases) for CloudGateway delivered apps. Deploying StoreFront In this deployment, StoreFront replaces or deploys in parallel with WI/PNA Site for new Receivers. Legacy Receivers can continue to connect to the existing WI server. StoreFront is used to aggregate Windows applications & desktops through XenDesktop/XenApp and Web, SaaS, Mobile and ShareFile data through CloudGateway for new Receivers. StoreFront allows single sign-on capabilities across the delivery controllers (XenDesktop, XenApp Farms, CloudGateway) and provides a unified view of the applications to the end user. For large scale deployments it is recommend phasing out WI in stages. Citrix Systems, Inc. © 2010 Page 4 of 126
7.
Citrix CloudGateway
Proof of Concept Guide The following diagram illustrates the recommended deployment model Figure 3 CloudGateway with StoreFront Recommended Product Versions Infrastructure AppController 2.0 StoreFront 1.2 Access Gateway 10.0.70 XenApp & XenDesktop – See StoreFront and CloudGateway Admin guide for recommended versions Receivers Customers should use the latest versions of Citrix Receivers to get best user experience. More specifically, the following Receiver versions are recommended for CloudGateway deployments. iOS 5.6 Android 3.1 Windows 3.3 Mac 11.6 Citrix Systems, Inc. © 2010 Page 5 of 126
8.
Citrix CloudGateway
Proof of Concept Guide Known StoreFront Limitations Relative to Web Interface The limitations listed below are related to StoreFront and are relative to the other alternative, which is to leverage (Web Interface or PNA Site) for windows applications and desktops. Multi-Site support: StoreFront doesn’t support redundancy across multiple sites and disaster recovery yet. Advanced Authentication Methods: StoreFront currently supports AD & OTP authentication methods only. Advanced methods such as SmartCard, Proximity Cards, ADFS, SAML are not yet supported. Advanced Features: o Desktop appliance site o Elective AD password change In the next major release of StoreFront, we intend to bridge some of the critical feature gaps relative to StoreFront. Customers who deem these features as critical to their deployment can continue to use Web Interface for delivering Windows applications and desktops. 3 Phases to a successful PoC Breaking down the PoC deployment into 3 phases will make the configuration process easy. Each phase presents its own unique set of challenges, so completing all 3 phases at the same time will cause the entire PoC to be delayed or fail. This deployment guide builds upon the previous so that issues are isolated to a single phase, creating a path of least resistance. Phase 1: Deploying AppController and Receiver Deploying AppController and Receiver in a controlled environment is only accessible on the internal network. Deployment on an internal network allows us to focus on the success of application delivery without the distraction of dealing with DMZ firewalls or XenApp or XenDesktop integration. Phase 2: Deploying Access Gateway Phase 2 adds Access Gateway to the successfully deployed AppController and Receiver. This allows access from the internet to all the applications already tested internally. Access Gateway deployments have their own set of challenges which are different from deploying AppController. It is suggested that users approach this as a separate project altogether. Deploying Access Gateway in the DMZ will most likely involve other individuals and or departments within an Enterprise. Citrix Systems, Inc. © 2010 Page 6 of 126
9.
Citrix CloudGateway
Proof of Concept Guide Phase 3: Integrating with XD / XA The last phase is to include already existing XenDesktop or XenApp into the deployment. There are two possible approaches: First, the easier approach, is to configure the Receiver on the endpoint to connect to the existing Web Interface server. In this case the Receiver has two stores configured. The user is required to switch between stores depending on what application he or she would like to access. Citrix Systems, Inc. © 2010 Page 7 of 126
10.
Citrix CloudGateway
Proof of Concept Guide The second approach requires the deployment of StoreFront. With StoreFront all application delivery services are aggregated through a single StoreFront service. In this case users will have all their applications available through a single store, no switching is required. Best practice Deployment flowchart Citrix Systems, Inc. © 2010 Page 8 of 126
11.
Citrix CloudGateway
Proof of Concept Guide Phase 1: Deploying AppController and Receiver Downloading, Importing and Configuring Citrix AppController Before proceeding, the virtual imagine containing the package you need to install AppController must be downloaded. To install AppController on the XenServer platform, the VM file with .xva extension must be downloaded To install AppController on the VMWare platform, the VM file with .ova extension must be downloaded Download the AppController Virtual Image Here Step Action Log on to www.mycitrix.com using your MyCitrix ID Click Downloads 1. Citrix Systems, Inc. © 2010 Page 9 of 126
12.
Citrix CloudGateway
Proof of Concept Guide Step Action Select CloudGateway from the Select Product drop-down menu 2. Select Product Software from the Select Download Type drop-down menu 3. Citrix Systems, Inc. © 2010 Page 10 of 126
13.
Citrix CloudGateway
Proof of Concept Guide Step Action Click Find 4. Click the + sign 5. Citrix Systems, Inc. © 2010 Page 11 of 126
14.
Citrix CloudGateway
Proof of Concept Guide Step Action Click CloudGateway Enterprise 6. Click the Download button that corresponds to the type of virtual appliance you need 7. Citrix Systems, Inc. © 2010 Page 12 of 126
15.
Citrix CloudGateway
Proof of Concept Guide Step Action Click Yes, I accept 8. Check the download agreement box and click Accept 9. Citrix Systems, Inc. © 2010 Page 13 of 126
16.
Citrix CloudGateway
Proof of Concept Guide Step Action Click Download your file manually and save the file 10. Open XenCenter Right click the name of the XenServer and click Import 11. Citrix Systems, Inc. © 2010 Page 14 of 126
17.
Citrix CloudGateway
Proof of Concept Guide Step Action Click Browse and select the .xva image file from Step 10 Click Next 12. Select the Home Server you want to import the image on Click Next 13. Select a Storage repository Click Import 14. Citrix Systems, Inc. © 2010 Page 15 of 126
18.
Citrix CloudGateway
Proof of Concept Guide Step Action Click Add to add the Network Interface Click Next 15. Click Finish to import the VM 16. Click the Logs tab to view the status of the import process Once complete, click the Console tab 17. Citrix Systems, Inc. © 2010 Page 16 of 126
19.
Citrix CloudGateway
Proof of Concept Guide Step Action The login prompt for AppController will show up once the import process is complete. 18. Log in to the AppController CLI 19. Username: admin Password: password The Main Menu is displayed Enter 0 to perform Express Setup 20. Citrix Systems, Inc. © 2010 Page 17 of 126
20.
Citrix CloudGateway
Proof of Concept Guide Step Action Enter 1 to configure the IP Address, Subnet Mask Configure AppController with the following: IP Address: <AppController IP address> Subnet Mask: 255.255.255.0 21. Enter 2 to configure the Default Gateway Enter Default Gateway address 22. Citrix Systems, Inc. © 2010 Page 18 of 126
21.
Citrix CloudGateway
Proof of Concept Guide Step Action Enter 5 to Commit Changes Enter Y to restart AppController 23. Citrix Systems, Inc. © 2010 Page 19 of 126
22.
Citrix CloudGateway
Proof of Concept Guide Basic Configuration of the Web Admin Console Here, administrators will perform basic configurations with the Web Admin Console. The basic configurations include changing the administrator password, configuring the Active Directory settings, and configuring the DNS and NTP server information. Step Action 1. Open a browser and navigate to https://<AppController IP Address>:4443 to access the Web Admin Console. NOTE: You are taken to the /ControlPoint/index.html site. You can type the full path if you would like. However, the URL is not case sensitive. Ignore the certificate warning and continue to the site. Log on with Username: Administrator Password: password NOTE: This is not the same password you changed from the XenServer console. The previous password was for account ‘admin’. This ‘Administrator’ account is used to configure the AppController via the web console. However, both administrator and admin accounts use the same password. Citrix Systems, Inc. © 2010 Page 20 of 126
23.
Citrix CloudGateway
Proof of Concept Guide Step Action 2. You will be presented with the following screen. First we are going to run through the Configure Network wizard. Click Configure to continue. 3. You will be prompted to change the Administrator password. Type Current password: password New password: <Type in a unique password> Administrator email: <Type in an Administrator email in UPN format> Click Next Citrix Systems, Inc. © 2010 Page 21 of 126
24.
Citrix CloudGateway
Proof of Concept Guide Step Action 4. Enter the following parameters for the System settings: Hostname: <Type in your Hostname> DNS suffixes: <Type in your DNS suffixes> Primary IP Address: <Enter your DNS server’s IP address> Citrix Systems, Inc. © 2010 Page 22 of 126
25.
Citrix CloudGateway
Proof of Concept Guide Step Action 5. Enter the following parameters for the Active Directory configuration: Server: <Enter the Active Directory IP address> (this is the IP address of your Domain Controller) Domain name: <Type in a Domain name> Service account: <Type in a Service account in UPN format> Base DN: Point to the user DN Password: <Type in the password created in step 3> Citrix Systems, Inc. © 2010 Page 23 of 126
26.
Citrix CloudGateway
Proof of Concept Guide Step Action 6. Enter the following parameters for the NTP Server Configuration: NTP server: <Enter NTP server’s IP address> (general best practice is to use the DC as time server) Time Zone: US/Eastern Enter the following information for your Workflow Email Settings: Email Server: <Enter your mail server’s IP address> Port: 25 Email: <Type in an Email in UPN format>(the sending account for the workflow) Citrix Systems, Inc. © 2010 Page 24 of 126
27.
Citrix CloudGateway
Proof of Concept Guide Step Action 7. A summary of all your defined settings is displayed. Click Save 8. When the Configure dialog pop up is displayed, click Yes to continue The AppController logs off when settings are saved and users are retrieved from Active Directory 9. Log back into the AppController Web Admin UI Citrix Systems, Inc. © 2010 Page 25 of 126
28.
Citrix CloudGateway
Proof of Concept Guide Step Action 10. Click on the sprocket symbol in the upper right 11. Select Certificates from the left menu Citrix Systems, Inc. © 2010 Page 26 of 126
29.
Citrix CloudGateway
Proof of Concept Guide Step Action 12. Create a PKCS#12 certificate on your certificate authority. Once created, select Server (.pfx) from the Import drop-down menu on the right and select the certificate For more information on AppController certificates, please refer to the following link: http://support.citrix.com/proddocs/topic/appcontroller-20/clg-appc-config-certs-wrapper-c-con.html 13. Enter the certificate associated with the certificate when prompted 14. Select the newly imported certificate and click Make Active on the right side and confirm the Activation when prompted NOTE: You will be logged out. Simply log back into the AppController ControlPoint UI to continue Citrix Systems, Inc. © 2010 Page 27 of 126
30.
Citrix CloudGateway
Proof of Concept Guide Adding Categories, Configuring Roles, and Assigning Applications Here, administrators will create categories, configure roles, and assign applications that are specific to those roles. Roles are a primary way for administrators to deploy, provision and control applications. Step Action 1. Click on the Apps tab 2. Click on + next to the All categories drop-down Enter the following parameters for Add Category: Name: <Type in a unique category name> Description: <Type in a unique description> Repeat the above steps to create more categories as required Citrix Systems, Inc. © 2010 Page 28 of 126
31.
Citrix CloudGateway
Proof of Concept Guide Step Action 3. Click Roles in the top menu 4. At the bottom left hand corner of the screen, click Add role 5. In the Add Role dialog enter the following information Role name: <Type in a unique role name> Move the required group from Available groups to Role members. Then click Add NOTE: In the current version of AppController, only a single group can be assigned to a role Citrix Systems, Inc. © 2010 Page 29 of 126
32.
Citrix CloudGateway
Proof of Concept Guide Step Action 6. Repeat steps 3 and 4 to create new roles and assign groups to them 7. Click Apps in the top menu 8. Click Web and SaaS App at the left hand panel 9. Search for an application from the available catalog Click on Add to configure the connector Citrix Systems, Inc. © 2010 Page 30 of 126
33.
Citrix CloudGateway
Proof of Concept Guide Step Action 10. From the Category drop-down menu select a category From the Assigned Role drop-down menu select one or more roles Click Save 11. Repeat step 9-10 to add more applications to the Store. 12. Click Mobile App at the top left hand panel Citrix Systems, Inc. © 2010 Page 31 of 126
34.
Citrix CloudGateway
Proof of Concept Guide Step Action 13. Click Browse… and select the wrapped .cma file Click Next Citrix Systems, Inc. © 2010 Page 32 of 126
35.
Citrix CloudGateway
Proof of Concept Guide Step Action 14. Enter the following parameters for Mobile App Details: Minimum OS version: <Type appropriate version> Maximum OS version: <Type appropriate version> Excluded devices: <Type list (comma separated) of devices to exclude> Category: <Select a category> Assigned role: <Assign one or more roles> Click Next Citrix Systems, Inc. © 2010 Page 33 of 126
36.
Citrix CloudGateway
Proof of Concept Guide Step Action 15. Review and assign the appropriate policies you would like to apply to the application Click Finish 16. Repeat steps 13 – 16 to add more applications to the Store 17. Click Add Web Link at the top left pane Web links enable users to browse your enterprise’s internal websites from their mobile devices without needing full VPN connectivity Citrix Systems, Inc. © 2010 Page 34 of 126
37.
Citrix CloudGateway
Proof of Concept Guide Step Action 18. Enter the following details: App Name: <Provide a unique name> Description: <Enter a description for this web link> URL: <Enter the URL used to reach this application internally> Assign a Category and Role, and then click Save Citrix Systems, Inc. © 2010 Page 35 of 126
38.
Citrix CloudGateway
Proof of Concept Guide Step Action Citrix Systems, Inc. © 2010 Page 36 of 126
39.
Citrix CloudGateway
Proof of Concept Guide Configuring Data ShareFile enables users to securely share data with anyone, and sync files across all of their devices. Unlike consumer file sync and sharing tools, ShareFile enables IT to deliver an enterprise-class file sharing service that secures intellectual property while delivering the service users expect. CloudGateway delivers transparent single sign-on access to apps and the ability to view or edit, sync and share files as users roam between devices. This document will help you understand how to configure Follow Me Data from the AppController ControlPoint portal, so that apps and data are seamlessly available everywhere, across every type of device including tablets, smartphones, PCs, Macs, and thin clients allowing you to access your data anywhere. Before you begin this step-by-step process, you will need the following: 1. A ShareFile service account 2. A .pem certificate for SAML If you already have a ShareFile account with your own subdomain, go to step 4. Step Action 1. Open a browser and navigate to http://www.citrix.com/lang/English/lp/lp_2324434.asp 2. Click on Sign-up free and create a test account Citrix Systems, Inc. © 2010 Page 37 of 126
40.
Citrix CloudGateway
Proof of Concept Guide Step Action 3. Complete the required information 4. After the account is created, log in to the newly created account. Select the Admin link located at the top right side of the page Citrix Systems, Inc. © 2010 Page 38 of 126
41.
Citrix CloudGateway
Proof of Concept Guide Step Action 5. The Admin page comes up. Select Edit Subdomains 6. Configure a subdomains (Your Last Name for example) and click Save 7. Log out of ShareFile 8. Open a browser and navigate to https://<AppController FQDN>:4443 9. Log in with the administrator username and password Citrix Systems, Inc. © 2010 Page 39 of 126
42.
Citrix CloudGateway
Proof of Concept Guide Step Action 10. Select the sprocket symbol on the top right side of the screen 11. The System Configuration is shown. Click Certificates Citrix Systems, Inc. © 2010 Page 40 of 126
43.
Citrix CloudGateway
Proof of Concept Guide Step Action 12. Click New in the right pane and follow the wizard to create a new private key and CSR (Certificate Signing Request). Submit the CSR to your certificate authority and request for a certificate in the PEM format. 13. Once you receive the certificate, click the Import drop-down menu and select the Saml (.pem) option Browse and select the PEM certificate Citrix Systems, Inc. © 2010 Page 41 of 126
44.
Citrix CloudGateway
Proof of Concept Guide Step Action 14. You are prompted to input the certificate credentials. Enter and confirm the password and click Ok 15. Select the Docs tab 16. Click Edit Citrix Systems, Inc. © 2010 Page 42 of 126
45.
Citrix CloudGateway
Proof of Concept Guide Step Action 17. Enter the following settings: Domain: <Subdomain configured when account was created> Assigned Role: <Select a role> Service Account: <username and password used to create your ShareFile account> (Format: e-mail address) Click Save 18. Once complete, you should see SAML Configuration with your SAML certificate’s FQDN Citrix Systems, Inc. © 2010 Page 43 of 126
46.
Citrix CloudGateway
Proof of Concept Guide Step Action 19. Select the sprocket symbol on the top right hand side of the screen 20. Log out of the AppController 21. In Internet Explorer, navigate to http://www.sharefile.com 22. Log in with your account credentials 23. Select your Subdomain. If you have more than one subdomain, please select the one you configured with AppController 24. Click on Admin and then Configure Single Sign-on Citrix Systems, Inc. © 2010 Page 44 of 126
47.
Citrix CloudGateway
Proof of Concept Guide Step Action 25. Notice that the SAML configuration has automatically been configured Citrix Systems, Inc. © 2010 Page 45 of 126
48.
Citrix CloudGateway
Proof of Concept Guide Endpoint Configuration Here, administrators will learn how to configure Receiver for iOS on their iPad. Step Action Open Safari on an iPad that’s connected to the same network as the AppController and navigate to https://<AppController FQDN> You are automatically redirected to the AppController Receiver for Web Enter an Active Directory account username and password and click Log On 1. Citrix Systems, Inc. © 2010 Page 46 of 126
49.
Citrix CloudGateway
Proof of Concept Guide Step Action Tap on the user’s name at the upper right corner and tap Activate… 2. Tap on Open in “Receiver” and when prompted log in with your Active Directory credentials 3. When prompted, enter your Active Directory username, password and domain 4. Citrix Systems, Inc. © 2010 Page 47 of 126
50.
Citrix CloudGateway
Proof of Concept Guide Step Action Click the large green plus sign on the left to slide out the blade. Go to the category containing your mobile applications and tap the + sign corresponding to one of them to install on your iPad. Once installed, launch the application NOTE: The app will be installed on your springboard as well 5. Tap on Log Off at the top left corner of the Store 6. 7. If you log in as a user that belongs to a different role on AppController, the applications associated with that role will show up Citrix Systems, Inc. © 2010 Page 48 of 126
51.
Citrix CloudGateway
Proof of Concept Guide Phase 2: Deploying Access Gateway Complete the basic NetScaler configuration and then use the following Access Gateway configurations: 1. Create an Authentication Server and corresponding Authentication policy 2. Create and configure an Access Gateway virtual server Authentication Server Configuration The Authentication Server is where you configure Access Gateway to communicate with your authentication server. This is typically Active Directory, but since Access Gateway is not a trusted domain member, you must use LDAP as the communication protocol. Step Action To configure a new Authentication Server or modify an existing one: Expand the Access Gateway node Expand the Policies node Click Authentication Click LDAP In the right pane click Servers Click Add to create a new Authentication Server Select LDAP as the authentication type Give the Authentication Server a unique name Fill in the LDAP bind information highlighted above NOTE: The Administrator account specified in the “Administrator Bind DN” field does not need to be a domain or forest administrator. It needs to be a user account with directory read privileges. It’s advisable to use a service account with a non-expiring password. Click Retrieve Attributes to test connection settings. 1. Citrix Systems, Inc. © 2010 Page 49 of 126
52.
Citrix CloudGateway
Proof of Concept Guide Authentication Policy Configuration After creating an Authentication Server, you must configure an Authentication Policy that determines when that authentication server will be used for authentication requests. Step Action To create a new Authentication Policy or modify an existing one: Expand the Access Gateway node Expand the Policies node Click Authentication Click the Policies tab Click Add to create a new Authentication Policy Type the following in the Create Authentication Policy window: Name: <Give the Authetication Server a unique name> Authentication type: LDAP Server: <Select the Authentication Server created in “Authentication Server Configuration”> Client is from different geographical reg…drop-down menu: True Value Click Add Expression Click Create 1. Citrix Systems, Inc. © 2010 Page 50 of 126
53.
Citrix CloudGateway
Proof of Concept Guide Virtual Server – Basic Configuration The Access Gateway Virtual Server is the primary configuration point for remote access. It is where you configure IP Address, Certificate, and Authentication and where you bind access policies. Step Action To configure a new Virtual Server or modify an existing one: Expand the Access Gateway node Click Virtual Servers Click Add 1. Citrix Systems, Inc. © 2010 Page 51 of 126
54.
Citrix CloudGateway
Proof of Concept Guide Step Action Type the following for each category: Give the Virtual Server a unique name IP address: use an IP address that is externally accessible or is mapped to an externally accessible IP address Protocol: <Leave as is> Port: <Leave as is> Select the radio button for SmartAccess Mode Available certificates: Select the appropriate server certificate Click Add > 2. Citrix Systems, Inc. © 2010 Page 52 of 126
55.
Citrix CloudGateway
Proof of Concept Guide Virtual Server – Authentication Configuration The authentication server created is bound to the newly created virtual server by way of the authentication policy. Step Action To associate an Authentication Server with an Access Gateway virtual server: Expand the Access Gateway node Click Virtual Servers Click the Virtual Server created in the previous section Click Open Click the Authentication tab Check Enable Authentication Click Primary Click Insert Policy Authentication Policy: <Select the Authentication Policy created in Authentication Policy Configuration> Priority: <Leave as is> Click OK 1. Citrix Systems, Inc. © 2010 Page 53 of 126
56.
Citrix CloudGateway
Proof of Concept Guide Access Gateway Session and Access Policy & Profile Configuration The steps below provide the steps used to create and bind the required session and access policies to the Access Gateway virtual server. These policies enable the various Citrix Receivers to connect to CloudGateway. 1. Navigate to Access Gateway->Policies->Clientless Access 2. In the right panel on the lower left click Add 3. In the Create Clientless Access Policy window click New Citrix Systems, Inc. © 2010 Page 54 of 126
57.
Citrix CloudGateway
Proof of Concept Guide 4. In the Create Clientless Access Profile configure the following settings: Name: <Provide a unique name> Example: SF_cvpn URL Rewrite: ns_cvpn_default_inet_url_label Click the Client Cookies tab 5. Click New Citrix Systems, Inc. © 2010 Page 55 of 126
58.
Citrix CloudGateway
Proof of Concept Guide 6. Enter the following: Name: <Enter a unique name with no white spaces> Example: StoreFront_cookies (Enter the Pattern and Index, and then click Add one at a time for the following): Pattern=CsrfToken, Index=1 Pattern=ASP.NET_SessionId, Index=2 Pattern=CtxsPluginAssistantState, Index=3 Pattern=CtxsAuthId, Index=4 Click Create twice to create the pattern set 7. Back in the Configure Clientless Access Policy window configure Name: <Enter a unique name with no white spaces> Example: SF_cvpn_pol Expression: true (Simply type within the Expression window) Click Create to create the policy Click Close Citrix Systems, Inc. © 2010 Page 56 of 126
59.
Citrix CloudGateway
Proof of Concept Guide 8. Go to Access Gateway->Policies->Session In the right panel click Add Citrix Systems, Inc. © 2010 Page 57 of 126
60.
Citrix CloudGateway
Proof of Concept Guide 9. Click New in the Create Access Gateway Session Policy window 10. Select the Client Experience tab and configure the following settings: Name: <Enter a unique name> Example: prof_cvpn Home Page: <Enter the AppController Receiver for Web URL> Example: https://ac.training.lab/Citrix/StoreWeb Clientless Access: On (Default is Allow, change to On) Clientless Access URL Encoding: Clear Check the Single Sign-on to Web Applications check-box Citrix Systems, Inc. © 2010 Page 58 of 126
61.
Citrix CloudGateway
Proof of Concept Guide 11. Select the Security tab and ensure the Default Authorization Action is set to Allow 12. Click the Published Applications tab and configure the following profile options: Ensure that ICAProxy is set to OFF Web Interface Address: <Enter the AppController Receiver for Web URL> Example: https://ac.training.lab/Citrix/StoreWeb Single Sign-on Domain: <Enter the Active Directory domain name> Click Create Citrix Systems, Inc. © 2010 Page 59 of 126
62.
Citrix CloudGateway
Proof of Concept Guide 13. Configure the following settings in the Create Access Gateway Session Policy window: Name: <Enter a unique name> Example: pol_cvpn Request Profile: <Select the profile created in the previous step> Example: prof_cvpn Click Add under the Expression box 14. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: EXISTS Header Name: Referer Click OK Citrix Systems, Inc. © 2010 Page 60 of 126
63.
Citrix CloudGateway
Proof of Concept Guide 15. Click Create and then click Close 16. Make sure you are still at the following location: Access Gateway->Policies->Session Click Add in the right panel 17. Click New in the Create Access Gateway Session Policy window Citrix Systems, Inc. © 2010 Page 61 of 126
64.
Citrix CloudGateway
Proof of Concept Guide 18. Select the Client Experience tab and configure the following settings: Name: <Enter a unique name> Example: prof_native Clientless Access: On (Default is Allow, change to On) Clientless Access URL Encoding: Clear Check the Single Sign-on to Web Applications check-box 19. Select the Security tab and ensure the Default Authorization Action is set to Allow and the Secure Browse check-box is checked Citrix Systems, Inc. © 2010 Page 62 of 126
65.
Citrix CloudGateway
Proof of Concept Guide 20. Click the Published Applications tab and configure the following profile options: Single Sign-on Domain: training Ensure that ICAProxy is set to OFF Click Create 21. Configure the following settings in the Create Access Gateway Session Policy window: Name: <Enter a unique name> Example: pol_native Request Profile: <Select the profile created in the previous step> Example: prof_native Click Add under the Expression box Citrix Systems, Inc. © 2010 Page 63 of 126
66.
Citrix CloudGateway
Proof of Concept Guide 22. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: CONTAINS Value: CitrixReceiver Header Name: User-Agent Click OK and then click Add under the Expression box, once again 23. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: EXISTS Header Name: X-Citrix-Gateway Click OK Citrix Systems, Inc. © 2010 Page 64 of 126
67.
Citrix CloudGateway
Proof of Concept Guide 24. hSet the drop-down to Match All Expressions Click Create and then click Close 25. Go to Access Gateway->Virtual Servers and double-click the Access Gateway vserver 26. Click the Policies tab and then do the following to bind the polices to the vserver: Click Insert Policy and select the first of the two session policies created in the previous section, from the Policy Name drop-down menu. Repeat this step to add the second policy as well. Citrix Systems, Inc. © 2010 Page 65 of 126
68.
Citrix CloudGateway
Proof of Concept Guide 27. Select Clientless under the Policies tab and click Insert Policy. Choose the Access Policy created in this document to bind the policy to the vserver Click Ok and close the vserver configuration window 28. Close the vserver configuration window and go to Access Gateway->Global Settings Click Configure Domains for Clientless Access Citrix Systems, Inc. © 2010 Page 66 of 126
69.
Citrix CloudGateway
Proof of Concept Guide 29. The Configure Domains for Clientless Access window is shown Select the radio button for Allow domains. Add the StoreFront server FQDN and the AppController FQDN to his list. Example: receiverstorefront.training.lab and ac.training.lab Click OK and close the configuration window 30. Log out of the NetScaler Configuration Utility. Click OK to save the configuration Citrix Systems, Inc. © 2010 Page 67 of 126
70.
Citrix CloudGateway
Proof of Concept Guide AppController Configuration This step-by-step guide will demonstrate how to configure AppController with Access Gateway. Step Action Access the ControlPoint portal using the URL: https:// <AppController FQDN>:4443 Log in to the ControlPoint portal as administrator 1. Click system settings 2. Citrix Systems, Inc. © 2010 Page 68 of 126
71.
Citrix CloudGateway
Proof of Concept Guide Step Action Click Trust Settings Click Edit 3. Select Netscaler Access Gateway In the Trust Settings window, enter the following: Display Name: <Enter a unique “Display name”> Callback URL: <Enter the Access gateway URL> External URL:< Enter the externally accessible, fully qualified, URL of your Access Gateway> Select authentication type from the Log on type drop-down menu Click Save 4. Citrix Systems, Inc. © 2010 Page 69 of 126
72.
Citrix CloudGateway
Proof of Concept Guide Endpoint Configuration So far, we have configured Receiver to communicate with AppController directly. At this point, remove the previously configured store from your Receiver for iOS. This step-by-step guide will demonstrate how to configure Receiver for iOS on an iPad to connect through Access Gateway. Step Action Open Safari on the iPad and navigate to https://<Access Gateway URL> Log in using a set of Active Directory credentials 1. Citrix Systems, Inc. © 2010 Page 70 of 126
73.
Citrix CloudGateway
Proof of Concept Guide Step Action Tap on the account name at the upper right corner and tap Activate… 2. Tap on Open in “Receiver” 3. Log in to Receiver using your Active Directory credentials 4. Citrix Systems, Inc. © 2010 Page 71 of 126
74.
Citrix CloudGateway
Proof of Concept Guide Step Action Go to the category that contains your mobile applications and tap the + sign corresponding to one of the mobile applications to install on your iPad NOTE: The app will be installed on your springboard as well. 5. Click on one of your published web links to test the web connect microvpn as well Tap Log Off at the top right corner of the Store when complete 6. Citrix Systems, Inc. © 2010 Page 72 of 126
75.
Citrix CloudGateway
Proof of Concept Guide Phase 3: Integrating StoreFront AppController Configuration This step-by-step guide assumed that the basic AppController configuration has been complete. The guide below will demonstrate how to configure AppController so that users can deploy CloudGateway through StoreFront. Step Action 1. Access the AppController ControlPoint portal using the following URL: https://<AppController’s FQDN>:4443 Login with the following credentials: User name: Administrator Password: <Enter the password> 2. Click the sprocket symbol Citrix Systems, Inc. © 2010 Page 73 of 126
76.
Citrix CloudGateway
Proof of Concept Guide Step Action 3. Click Trust settings under System Configuration Click Edit 4. Select StoreFront Citrix Systems, Inc. © 2010 Page 74 of 126
77.
Citrix CloudGateway
Proof of Concept Guide Step Action 5. Enter the StoreFront’s FQDN prefixed with https in the web address field provided. Click Save Citrix Systems, Inc. © 2010 Page 75 of 126
78.
Citrix CloudGateway
Proof of Concept Guide StoreFront Configuration This step-by-step guide will demonstrate how to configure StoreFront and integrate it with Access Gateway. Step Action 1. Connect to your StoreFront server. 2. Log on to StoreFront using your local administrator credentials. 3. Copy the StoreFront installer to your StoreFront server. Double click the CitrixStoreFront-x64 installer. 4. Check the I accept the terms of this license agreement check-box and click Next Citrix Systems, Inc. © 2010 Page 76 of 126
79.
Citrix CloudGateway
Proof of Concept Guide Step Action 5. Click Install 6. Once the installation completes, click Finish Citrix Systems, Inc. © 2010 Page 77 of 126
80.
Citrix CloudGateway
Proof of Concept Guide Step Action 7. In the Citrix StoreFront snap-in console click Deploy Single Server 8. Open IIS manager Expand the server node Expand Sites Expand Default Web Site Click Bindings in the right pane Click Add in the Site Bindings window Citrix Systems, Inc. © 2010 Page 78 of 126
81.
Citrix CloudGateway
Proof of Concept Guide Step Action 9. Select https from the Type drop-down in the Add Site Binding window Click the associated certificate from the SSL certificate drop-down and click OK 10. Since the certificate has already been applied to your StoreFront server the Server address field will auto populate with the correct URL Example: https://receiverstorefront.training.lab Click Create Citrix Systems, Inc. © 2010 Page 79 of 126
82.
Citrix CloudGateway
Proof of Concept Guide Step Action 11. Type the Store name of your choice and click Next 12. Click Add in the Create Store window Citrix Systems, Inc. © 2010 Page 80 of 126
83.
Citrix CloudGateway
Proof of Concept Guide Step Action 13. Configure the following settings in the Add Delivery Controller window: Display Name: <Name of your choice> Type: CloudGateway Enterprise Server: <AppController FQDN> Port: 443 Click OK 14. If you would like to add additional delivery controllers such as XenDesktop and XenApp, click Add in the Create Store window 15. Configure the following settings in the Add Delivery Controller window: Display Name: <Display name of your choice> Type: XenApp Click Add from just below the Servers section Citrix Systems, Inc. © 2010 Page 81 of 126
84.
Citrix CloudGateway
Proof of Concept Guide Step Action 16. Type the XenApp server FQDN in the Server name field and click OK 17. Assign the appropriate transport type (HTTP/HTTPS) and the port number will automatically change. Repeat steps 14-16 to add additional delivery controllers. Click OK Citrix Systems, Inc. © 2010 Page 82 of 126
85.
Citrix CloudGateway
Proof of Concept Guide Step Action 18. Click Next 19. Select the Full VPN tunnel radio button from the Remote access section and then click Add Citrix Systems, Inc. © 2010 Page 83 of 126
86.
Citrix CloudGateway
Proof of Concept Guide Step Action 20. Configure the following details in the Add Gateway Server window: Display name: <Enter a unique display name> Gateway URL: < Enter the externally accessible, fully qualified, URL of your Access Gateway> Deployment mode: Appliance Check the Set server as Access Gateway Enterprise Edition check-box Subnet IP address: <Enter the NetScaler subnet IP address> Logon type: Domain only Click Next Citrix Systems, Inc. © 2010 Page 84 of 126
87.
Citrix CloudGateway
Proof of Concept Guide Step Action 21. In the Callback URL filed type URL: <Enter the externally accessible, fully qualified, URL of your Access Gateway> Click Next 22. Click Add Citrix Systems, Inc. © 2010 Page 85 of 126
88.
Citrix CloudGateway
Proof of Concept Guide Step Action 23. Type the STA server URL in the STA URL field and click OK 24. Repeat steps 22-23 to add more STA servers if required. Click Create Citrix Systems, Inc. © 2010 Page 86 of 126
89.
Citrix CloudGateway
Proof of Concept Guide Step Action 25. Click Create 26. Click Finish Citrix Systems, Inc. © 2010 Page 87 of 126
90.
Citrix CloudGateway
Proof of Concept Guide AccessGateway Configuration Now that we have integrated StoreFront in the CloudGateway environment, this guide provides the steps to change the session policies to point to StoreFront instead of AppController. Step Action 1. Login to NetScaler and navigate to Access Gateway->Policies->Session Click the Profiles tab in the right pane and then highlight the Receiver for Web profile created previously and then click Open 2. Select the Client Experience tab and configure the following settings: Name: prof_cvpn Home Page: <Change the home address from the AppController Receiver for Web URL to the StoreFront Receiver for Web URL> Example: https://receiverstorefront.training.lab/Citrix/StoreWeb Citrix Systems, Inc. © 2010 Page 88 of 126
91.
Citrix CloudGateway
Proof of Concept Guide Step Action 3. Click the Published Applications tab and configure the following profile options: Uncheck the Override Global check-box for Web Interface Address Click OK Citrix Systems, Inc. © 2010 Page 89 of 126
92.
Citrix CloudGateway
Proof of Concept Guide Endpoint Configuration This step-by-step guide will demonstrate how to configure receiver for iOS on an iPad. Step Action Open Safari in the iPad and navigate to https://<Access Gateway URL> Log in using your Access Gateway credentials 1. Tap on username at the upper right corner and tap Activate… 2. Citrix Systems, Inc. © 2010 Page 90 of 126
93.
Citrix CloudGateway
Proof of Concept Guide Step Action Tap on Open in “Receiver” 3. Log in to Receiver using your Active Directory credentials 4. You can now see the apps delivered from all your delivery controllers, in a single Store. 5. Citrix Systems, Inc. © 2010 Page 91 of 126
94.
Citrix CloudGateway
Proof of Concept Guide Step Action Tap on one of the categories containing the applications delivered from XenApp. Click the + sign corresponding to the application to your home screen and launch it 6. Go the category containing your mobile applications and tap on the + sign corresponding to one of the apps NOTE: The app will be installed on your springboard as well 7. 8. Click on one of your published web links to test the web connect microvpn as well. Tap Log Off at the top left corner of the Store when done. Citrix Systems, Inc. © 2010 Page 92 of 126
95.
Citrix CloudGateway
Proof of Concept Guide Deploying through Web Interface This section assumes that you already have configured Access Gateway to communicate with Web Interface in order to deliver XenDesktop/XenApp applications to Receiver. This guide walks you through the process to connect Receiver to a PNAgent/Legacy site. Endpoint Configuration Step Action Open Receiver on your iPad and click Add Account 1. Citrix Systems, Inc. © 2010 Page 93 of 126
96.
Citrix CloudGateway
Proof of Concept Guide Step Action When prompted, enter the Access Gateway URL in the format below and click Next https://<Access Gateway URL> 2. Once Receiver verifies the Access Gateway URL, you’re prompted for details Description: <Enter an appropriate description> Enter your Active Directory Username, Password and Domain Click Save 3. Citrix Systems, Inc. © 2010 Page 94 of 126
97.
Citrix CloudGateway
Proof of Concept Guide Step Action The apps and desktops from your PNAgent/Legacy appear 4. Citrix Systems, Inc. © 2010 Page 95 of 126
98.
Citrix CloudGateway
Proof of Concept Guide Appendix The steps below provide the procedure used to create session and access policies to the Access Gateway virtual server. These policies enable the various Citrix Receivers to connect to CloudGateway. PNA Session Policy and Profile: The session policy and profile described below is applicable to CloudGateway Express and is related to configuring remote access to PNA/legacy sites only. This policy does not have to be configured when setting up CloudGateway Enterprise. 1. Navigate to: Access Gateway->Policies->Session Click Add in the right pane Citrix Systems, Inc. © 2010 Page 96 of 126
99.
Citrix CloudGateway
Proof of Concept Guide 2. Click New in the Create Access Gateway Session Policy window 3. Select the Client Experience tab and configure the following settings: Name: <Provide a unique name> Example: prof_PNA Citrix Systems, Inc. © 2010 Page 97 of 126
100.
Citrix CloudGateway
Proof of Concept Guide 4. Select the Security tab and ensure the Default Authorization Action is set to Allow 5. Click the Published Applications tab and configure the following profile options: ICA Proxy: ON Web Interface Address: <Provide the PNA site address> Example: https://store.training.lab/Citrix/Store/PNAgent/config.xml Click Create Citrix Systems, Inc. © 2010 Page 98 of 126
101.
Citrix CloudGateway
Proof of Concept Guide 6. Configure the following settings in the Create Access Gateway Session Policy window: Name: <Provide a unique name> Example: pol_PNA Request Profile: <Select the profile created above>In this example: prof_PNA Click Add under the Expression box 7. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: CONTAINS Value: CitrixReceiver Header Name: User-Agent Click OK and then click Add under the Expression box, once again Citrix Systems, Inc. © 2010 Page 99 of 126
102.
Citrix CloudGateway
Proof of Concept Guide 8. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: NOTEXISTS Header Name: X-Citrix-Gateway Click OK 9. Set the drop-down to Match All Expressions Click Create and then click Close Citrix Systems, Inc. © 2010 Page 100 of 126
103.
Citrix CloudGateway
Proof of Concept Guide Clientless Access Policy and Profile: The access policy and profile described below is applicable to CloudGateway Enterprise and is related to configuring remote access to CloudGateway stores only. This policy is used in conjunction with the Receiver for Web, Native Receiver, ChromeOS and Access Gateway Plugin policies and profiles described later in this appendix. Step Action 1. Navigate to Access Gateway->Policies->Clientless Access Click Add in the right pane 2. The Create Clientless Access Policy window is shown Click New, next to the Profile drop-down menu Citrix Systems, Inc. © 2010 Page 101 of 126
104.
Citrix CloudGateway
Proof of Concept Guide Step Action 3. The Create Clientless Access Profile opens. Configure the following settings: Name: <Provide a unique name> Example: SF_cvpn URL Rewrite: ns_cvpn_default_inet_url_label Click the Client Cookies tab 4. Click New Citrix Systems, Inc. © 2010 Page 102 of 126
105.
Citrix CloudGateway
Proof of Concept Guide Step Action 5. Name the Pattern Set something unique (Example: StoreFront_cookies) and configure the following cookies (Enter the Pattern and Index, and then click Add one at a time for the following): Pattern=CsrfToken, Index=1 Pattern=ASP.NET_SessionId, Index=2 Pattern=CtxsPluginAssistantState, Index=3 Pattern=CtxsAuthId, Index=4 Click Create to create the pattern set 6. Configure the following settings in the Configure Clienless Access Policy window: Name: <Provide a unique name> Example: SF_cvpn_pol Expression: true Click Create to create the policy Citrix Systems, Inc. © 2010 Page 103 of 126
106.
Citrix CloudGateway
Proof of Concept Guide Receiver for Web Session Policy and Profile: The access policy and profile described below is applicable to CloudGateway Enterprise and is related to configuring remote access to CloudGateway stores via web browsers. This policy is used in conjunction with the Clientless Access policy and profile described in this appendix. 1. Navigate to Access Gateway->Policies->Session Click Add in the right pane 2. Click New in the Create Access Gateway Session Policy window Citrix Systems, Inc. © 2010 Page 104 of 126
107.
Citrix CloudGateway
Proof of Concept Guide 3. Select the Client Experience tab and configure the following settings: Name: <Provide a unique name> Example: prof_cvpn Home Page: <Provide the Receiver for Web Address> Example https://receiverstorefront.training.lab/Citrix/StoreWeb Clientless Access: On Clientless Access URL Encoding: Clear Check the Single Sign-on to Web Applications check-box 4. Select the Security tab and ensure the Default Authorization Action is set to Allow Citrix Systems, Inc. © 2010 Page 105 of 126
108.
Citrix CloudGateway
Proof of Concept Guide 5. Click the Published Applications tab and configure the following profile options: Single Sign-on Domain: <Provide your Active Directory domain name> Example: training Ensure that ICAProxy is set to OFF Click Create 6. Configure the following settings in the Create Access Gateway Session Policy window: Name: <Provide a unique name> Example: pol_cvpn Request Profile: <Select the profile created above>In this example: prof_cvpn Click Add under the Expression box Citrix Systems, Inc. © 2010 Page 106 of 126
109.
Citrix CloudGateway
Proof of Concept Guide 7. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: NOTCONTAINS Value: CitrixReceiver Header Name: User-Agent Click OK and then click Add under the Expression box, once again 8. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: EXISTS Header Name: Referer Click OK Citrix Systems, Inc. © 2010 Page 107 of 126
110.
Citrix CloudGateway
Proof of Concept Guide 9. Click Create and then click Close Citrix Systems, Inc. © 2010 Page 108 of 126
111.
Citrix CloudGateway
Proof of Concept Guide Native Receiver Session Policy and Profile: The access policy and profile described below is applicable to CloudGateway Enterprise and is related to configuring remote access to CloudGateway stores via native Receivers installed on desktops and mobile devices. This policy is used in conjunction with the Clientless Access policy and profile described in this appendix. 1. Navigate to: Access Gateway->Policies->Session Click Add in the right pane 2. Click New in the Create Access Gateway Session Policy window Citrix Systems, Inc. © 2010 Page 109 of 126
112.
Citrix CloudGateway
Proof of Concept Guide 3. Select the Client Experience tab and configure the following settings: Name: <Provide a unique name> Example: prof_native Clientless Access: On Clientless Access URL Encoding: Clear Check the Single Sign-on to Web Applications check-box 4. Select the Security tab and ensure the Default Authorization Action is set to Allow and the Secure Browse check-box is checked Citrix Systems, Inc. © 2010 Page 110 of 126
113.
Citrix CloudGateway
Proof of Concept Guide 5. Click the Published Applications tab and configure the following profile options: Ensure that ICAProxy is set to OFF Single Sign-on Domain: <Provide your Active Directory domain name> Example: training Click Create 6. Configure the following settings in the Create Access Gateway Session Policy window: Name: <Provide a unique name> Example: pol_native Request Profile: <Select the profile created above>In this example: prof_native Click Add under the Expression box Citrix Systems, Inc. © 2010 Page 111 of 126
114.
Citrix CloudGateway
Proof of Concept Guide 7. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: CONTAINS Value: CitrixReceiver Header Name: User-Agent Click OK and then click Add under the Expression box, once again 8. Configure the following settings: Flow Type: REQ Protocol: HTTP Qualifier: HEADER Operator: EXISTS Header Name: X-Citrix-Gateway Click OK Citrix Systems, Inc. © 2010 Page 112 of 126
115.
Citrix CloudGateway
Proof of Concept Guide 9. Set the drop-down to Match All Expressions Click Create and then click Close Citrix Systems, Inc. © 2010 Page 113 of 126
116.
Citrix CloudGateway
Proof of Concept Guide ChromeOS Session Policy and Profile: The access policy and profile described below is applicable to CloudGateway Enterprise and is related to configuring remote access to CloudGateway stores via devices that run the Chrome Operating System. This policy is used in conjunction with the Clientless Access policy and profile described in this appendix. 1. Go to Access Gateway->Policies->Session Click Add in the right pane 2. Click New in the Create Access Gateway Session Policy window Citrix Systems, Inc. © 2010 Page 114 of 126
Download now