Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Citrix Remote Access Solution Soup


Published on

BriForum London 2012 Lightning Round session

Published in: Technology
  • Be the first to comment

Citrix Remote Access Solution Soup

  1. 1. WelcomeBriForum | © TechTarget
  2. 2. Citrix Remote Access SolutionSoup - CSG, AG, AGEE, NSDan Brinkmann @dbrinkmannblog.danbrinkmann.comSolutions Architect, VMware vExpertLewan & Associates (Denver, CO)BriForum | © TechTarget
  3. 3. Agenda● Architecture● Citrix Secure Gateway (CSG)● Citrix Access Gateway Standard (CAG)● Citrix Access Gateway Enterprise Edition (CAG-EE)● Netscaler platform● What do you choose?BriForum | © TechTarget 3
  4. 4. Remote Access ArchitectureBriForum | © TechTarget 4
  5. 5. Remote Access● ICA Proxy - Included in AG platform licenses - Most common requirement● SSL VPN - Included in Platinum or Universal License● Endpoint Analysis ● Included in Platinum or Universal LicenseBriForum | © TechTarget 5
  6. 6. Citrix Secure Gateway● Windows based● Proxies all traffic to Web Interface● “Free”● No built in HA/LB● ICA Proxy only● Long path for Pnagent● No authentication● No support for Storefront/CloudGateway (no 2 factor in SF)● Effectively it’s finally deadBriForum | © TechTarget 6
  7. 7. Citrix Access Gateway Standard (5.04)● Physical or virtual appliance - Both “rated” to 500 users for SSL VPN - Model 2000 (EOL) or Model 2010 physical appliance - *Also a model MPX 5500 but is using EE* - VPX (virtual appliance) model● ICA Proxy and SSL VPN● Opswat integration for Endpoint Analysis● Long path for pnagent● Supports HA/Clustering● Supports multistream ICA● No built-in LB for WI/SF/XMLBriForum | © TechTarget 7
  8. 8. Citrix Access GatewayBriForum | © TechTarget 8
  9. 9. Citrix Access Gateway Enterprise Edition (AG 10)● Physical (MPX 5500) and virtual appliance (VPX) - VPX rated for 500/100 SSL trans/sec (1K/2K) - VPX rated for 300 concurrent SSL VPN users● ICA proxy and SSL VPN● Endpoint Analysis isn’t using Opswat● HTTP header policy● Supports multistream ICA● Supports HA/Clustering● Web socket support HTML5 Receiver● No built-in LB for WI/SF/XMLBriForum | © TechTarget 9
  10. 10. Netscaler● All versions Standard/Enterprise/Platinum include CAG-EE● Adds additional functionality for LB/AF….● Physical or virtual appliance - Adds throughput options on VPX 10, 200, 1000, 3000 - Additional scalability options in physical appliance● Health monitors for WI/XML and aware of STA availability● Load balancing of WI/SF/XML● GSLB for XA/XD infrastructure● Support for WI on NS BriForum | © TechTarget 10
  11. 11. Physical vs Virtual● Limited SSL scalability on virtual platform● Network placement (resources available internal vs dmz)● SSL transactions/sec● Certificate size● Throughput● Other usesBriForum | © TechTarget 11
  12. 12. Want me to make it easy for you?● Secure Gateway – dead/dying…move on● Access Gateway● Access Gateway Enterprise Edition● Netscaler Standard/Ent/Plat● Physical or virtualBriForum | © TechTarget 12