Archive

Posts Tagged ‘Access Gateway’

#Citrix #XenMobile 8.5 MAM upgrade! Part 1 – #StoreFront, #AppController, #NetScaler

September 1, 2013 7 comments

In this little blog series series you’ll follow a little upgrade process to XenMobile 8.5 for Mobile Application Management (previously known as CloudGateway).

Ok, I don’t exactly know where to begin. I must first say that Citrix is THE master when it comes to renaming products, updating/changing the architecture, changing consoles (claiming to reducing the number of them like every year but at the same time introduce new ones).

How hard can it be to make crystal clear documentation and upgrade processes that works and are easy? I feel already that my tone in this blog post is “a bit” negative… but I think that Citrix actually deserves it this time.

I must now take a step back and calm down and point out that Citrix is delivering some MAJOR changes and good news/features in the new XenMobile 8.5 release though! It’s great (when you’ve got it up and running) and I must say that I don’t see anyone that is near them in delivering all these capabilities in a nice end-to-end  delivery!! 🙂

Have a look at everything that is new, deployment scenarios etc. here before you even start thinking to upgrade or change your current NetScaler, StoreFront and AppController environment!

Once you’ve started to read the different design scenarios you’ll see that App Controller can be placed in front of StoreFront, in the back of StoreFront or totally without StoreFront… all the options just make your head spin! Because Citrix doesn’t really make it clear on how all of this should work with a Receiver and Worx Home depending if the device is on the internal network, external through NetScaler or what the capabilities that you need are supported in the different scenarios in a simple way, just text that explains it. And I find the pictures and text a bit misleading:

You can include StoreFront in your deployment, which allows users access to published applications from XenApp and virtual desktops from XenDesktop, along with apps configured in App Controller. When users log on with Citrix Receiver, all of their apps appear in the store. The following figure shows how you can deploy NetScaler Gateway, App Controller, and StoreFront in your network.

Deploying App Controller with StoreFront and NetScaler Gateway

As you see above the App Controller is added as a “Farm” just as in 2.6, but is that the truth now in version 2.8 of App Controller?

If you have a look at the text from this page it’s getting even more confusing: Read more…

Upgrading to #Citrix #Receiver for #Windows – why and how?

This is something that all Citrix admins should read! How many questions don’t U get about which version of the client to use and why etc?

This document describes the various versions of Receivers for Windows, lists the reasons for upgrading, and recommends best practices for upgrading to the latest version of Receiver based on specific circumstances.

Note: The Online Plug-in 12.x will reach end of its maintenance in March 2013. Customers using Online Plug-in with XenApp 5, XenApp 6.x, XenDesktop 4.x, or XenDesktop 5.x must upgrade to the latest version of Receiver for Windows 3.X prior to that date where practical.

Citrix Receiver is the latest Citrix software you install on Windows end points to gain access to virtualized apps and desktops. It is also regularly installed on virtual desktops to enable access to virtualized apps.

The name of Citrix client software and the built-in functions are changed over the years. The clients in common use today are the Online Plug-in for Windows 12.X and the Receiver for Windows 3.X.

Where the Online Plug-in for Windows 12.X provided Web and PNAgent support, Receiver for Windows 3.X provides additional support. It can be configured for self-service access to applications, VPN-less remote access, single sign-on the Windows, Web, and SaaS applications, and has a built-in method to check for updates.

Both the Online Plug-in and Receiver have two versions.

  • The Online Plug-in Web is used solely for Web access to applications and the Online Plug-in (Full) supports Web access as well as PNA Services. The Full version supported SSO, Smart Cards, and access to apps through the Start menu 
    The standard Receiver for Windows, CitrixReceiver.exe, can be considered is a complete replacement for the Online Plug-in Web and largely a replacement for the Online Plug-in (Full). It can be used for web access. It can be configured to access PNA Services. And it can also be used with the latest versions of StoreFront, CloudGateway (App Controller), and Access Gateway to provide a rich set of services. It contains the latest, multithread, multi-stream HDX engine.

  • The CitrixReceiverEnterprise.exe version essentially…

Continue reading here!

//Richard

#Citrix #Receiver for Win 8 and RT 1.3 now on the Windows Store

Blog post from Citrix on Windows RT and Win 8 pro devices and Receiver!

Our first official update for our touch-enabled Receiver for Windows RT and Windows 8 Pro devices! This version adds the ability to use multiple sessions as well as a number of usability improvements.   It can be used with  StoreFront  or Web Interface deployments. Connections can be direct or through Access Gateway Enterprise Edition version 10.

Click here to try this version. It is still a good idea to ask your IT department if it can be used in your environment. IT managers  can find details on configurations supported and settings at Citrix eDocs.

What’s new?

  • Users can run multiple apps within a single session, switching between them with the in-session app bar.
  • Sessions now use the keyboard layout and input language in effect on the device (as configured on the Windows 8 Language bar) whether its a physical and touch keyboard.
  • A Refresh button on the My Apps and All Apps pages enables users to easily refresh the apps list.
  • A default icon appears in My Apps, All Apps, and Search results until the correct app icon downloads.

And we have even more great things planned for the next update, including support for Access Gateway Enterprise 9.3 with…

Continue reading here!

//Richard

#Citrix #NetScaler 10 on Amazon Web Services – #AWS

Yes, it’s here! 🙂

Mainstream IT is fast embracing the enterprise cloud transformation and selecting the right cloud networking technologies has thus quickly emerged to be an imperative. As mainstream IT adopts IaaS (Internet as a service) cloud services, they will require a combination of the elasticity and flexibility, expected of cloud offerings and the powerful advanced networking services used within emerging enterprise cloud datacenters. 

Citrix® NetScaler® 10 delivers elasticity, simplicity and expandability of the cloud to enterprise cloud datacenters and already powers the largest and most successful public clouds in the world. With NetScaler 10, Citrix delivers a comprehensive cloud network platform that mainstream enterprises can leverage to fully embrace a cloud-first network design. 

Citrix and Amazon Web Services (AWS) have come together to deliver industry-leading application delivery controller technology. NetScaler on AWS delivers the same services used to ensure the availability, scalability and security of the largest public and private clouds for AWS environments. Whether the need is to optimize, secure or control delivery of enterprise and cloud services, NetScaler for AWS can help accomplish these initiatives economically, and according to business demands. 

The full suite of NetScaler capabilities such as availability, acceleration, offload and security functionality is available in AWS, enabling users to leverage tried-and-true NetScaler functionality such as rewrites and redirects, content caching, Citrix Access Gateway™ Enterprise SSL VPN, and application firewall within their AWS deployments. Additional benefits include usage of Citrix CloudBridge™ and Citrix Branch Repeater™ as a joint solution. 

Citrix NetScaler transforms the cloud into an extension of the datacenter by eliminating the barriers to enterprise-class cloud deployments. Together, NetScaler and AWS delivers a broad set of capabilities for the Enterprise IT: 

Hybrid Cloud Environment 

Hybrid clouds that span enterprise datacenters and extend into AWS can benefit from the same cloud networking platform, significantly easing…

Continue reading here!

//Richard

Heads Up – issues with Access Gateway Plug-in for Mac OS X Version 2.1.4 – #Citrix, #NetScaler

Well, I guess that you’ve already read all the good things about the new capabilities of the newer Access Gateway plug-in, Receiver and Access Gateway Enterprise that together with StoreFront will add additional features and functions that haven’t existed before. It’s now built to work together with the Receiver on the Windows and Mac OS X platforms and promises a lot by various blog posts from Citrix and others (incl. myself).

Here is an example of what it can (should) do: What’s new with Access Gateway MAC Plug-in release 2.1.4

But is the Access Gateway Plug-in that great? Well, before you plan to implement version 2.1.4 on OS X and especially if you want to leverage the SSL VPN functionality and host checks (EPA) then read the Important notes and Known issues for this release:

Important Notes About This Release:

  1. The Access Gateway Plug-in for Mac OS X Version 2.1.4 supports Citrix Receiver Version 11.7
  2. Import the secure certificate for Access Gateway into the Keychain on the Mac OS X computer.
  3. The Access Gateway Plug-in for Mac OS X Version 2.1.2 and earlier versions are not supported on Mac OS X Version 10.8.
  4. Endpoint analysis scans for antivirus, personal firewalls, antispam, Internet security, and EPAFactory scans are not supported for Mac OS X.
  5. Client certificate authentication is not supported for Mac OS X.

First of all I’d say that these notes are not that great if you ask me! Why do I have to add the cert into the Mac Keychain? Why doesn’t the plug-in support the more “advanced” host checks like personal firewalls, certificates etc.?

Wait, it get even worse!! And before you go to the whole list I’d highlight these top ones that I’m kind of surprised about:

  • It doesn’t support LAN access
  • Upgrading doesn’t work
  • Doesn’t apply proxy settings configured in session profile
  • It doesn’t support SAN certificates
  • Users cannot start the Access Gateway plug-in if the Receiver is already started, you first have to shut down the Receiver

Here you see the full Known Issues list for this release:

  1. When users disable wireless on a Mac OS X computer and connect by using a 3G card, the Access Gateway Plug-in does not upgrade automatically through Citrix Receiver. If users select Check for Updates to upgrade the plug-in, the upgrade fails and users receive the error message “Updates are currently not available.” [#45881]
  2. If you run stress traffic for HTTP, HTTPS, and DNS simultaneously, the Access Gateway Plug-in fails. [#46348]
  3. When users disable wireless on a Mac OS X computer and connect by using a Vodafone Mobile Broadband Model K3570-Z HSDPA USB 3G stick, the Access Gateway plug-in does not tunnel traffic. [#256441]
  4. If you configure an endpoint analysis policy and also enable the client choices page and proxy servers in a session profile, occasionally a blank choices page appears after users log on. When you disable the choices page in the session profile, the choices page appears correctly. [#316331]
  5. If users connect to Access Gateway with the Access Gateway Plug-in for Mac OS X and then run ping with a payload of 1450 bytes, the plug-in fails to receive the ICMP reply. [#321486] Read more…

#Citrix #AppController 2.5 Implementation Tips – #CloudGateway, #BYOD

February 19, 2013 Leave a comment

Great blog post by Matthew Brooks!

AppController is a component of the Citrix CloudGateway Enterprise suite that orchestrates access to Enterprise Cloud applications.  Those applications may take many forms including Mobile Applications, Software-as-a-Service hosted in public clouds, and Web links.  Below I provided some tips to help with the implementation of AppController 2.5 (which is the latest version as of the publishing of this blog).

System Related

Including settings such as the Hostname, SSL certificates, and Restore.

TIPs:

  • Take a hypervisor level snapshot after the initial installation so that you can easily return to that base level if configuration or integrations efforts go awry.
  • The hostname cannot contain special characters in the AppController certificate signing request.
  • The hostname must match SSL certificate.
  • The system cert must be chained to its CA/(s).

Active Directory Related

Including settings such as the Server (Domain Controller), Base DN, and Service Account credentials.

TIPs:

  • The AppController only supports integration with a single domain.  Multiple domains require multiple AppControllers.  The NetScaler Access Gateway may be configured to allow users to access a single fully qualified domain name, yet be directed to their respective domain AppController through the use of Global Groups.  See CTX116169 for more informationhttp://support.citrix.com/article/CTX116169
  • All user accounts must have a first name, last name, and email address configured or they will receive an authorization error when attempting to launch applications.  The bind Administrator account must also have email address configured or directory integration will fail.
  • Only LDAP (TCP 389) may be configured through the wizard that must be completed initially.  Thereafter LDAPS (TCP 636) may be configured through the full administration menu.
  • If the server name domain name is a load balanced DNS entry the initial import may work, yet subsequent bind attempts will fail.  Alternatively you may use the IP address of an LDAPS load balancer on a Netscaler with specific domain controllers configured as services.  See CTX135092 for more information http://support.citrix.com/article/CTX135092

Network Related

Including settings such as the IP address, @Workweb and NTP server.

TIPs:

  • Use IP private addresses as system addresses if possible.  When Trust Settings are configured for NetScaler Access Gateway it does not allow SSO to public addresses.  If public addresses must be used the NetScaler may be configured with an SSL Bridge to access the AppController.  See NetScaler Traffic Management document for more information.
  • NTP must be configured or SAML authentication may fail for SaaS sites if the time difference is significant.
  • When Trust Settings are configured for NetScaler Access…

Continue reading here!

//Richard

SSO to StoreFront not working in CVPN mode – #Citrix, #NetScaler, #StoreFront

January 31, 2013 3 comments

Single Sign-On from Access Gateway to StoreFront not working in CVPN mode

There is yet another “thing” to have in mind when setting up Access Gateway and StoreFront in CVPN mode!

It’s been an interesting day (or days/weeks/months I must admit) with some “issues” with a NetScaler ADC, Access Gateway with CVPN profiles and StoreFront 1.2. And one thing that we have been struggling with was Single Sign-On to StoreFront when we had the AG configured for CVPN access. And it was just this environment where I’ve seen this issue!!

After a lot of troubleshooting the Citrix guys came up with an explanation on why SSO from AG doesn’t work in this specific environment! And it’s not an obvious one to find I must say… but I now understand why it doesn’t work!

So let’s explain the design reason for why it doesn’t work (so bear with me, solution at the end!!)…

The following picture tries to give a VERY rough picture of how it could look like, clients on the Internet on the left, then a NetScaler ADC with the Access Gateway feature enabled and a vServer configured. This AG vServer has session policies and profiles for ICA proxy (old traditional ICA proxy policy) and the little newer CVPN mode. And YES; I’ve left out a lot of stuff like AD etc. to simplify this picture A LOT…

High_Level_Design_overview_SSO_not_working

The overall idea and config is that AG authenticates the user and then shall do SSO to StoreFront. The CVPN policy have been created according to all best practices etc. (Citrix CloudGateway Express 2.0 – Implementation Guide).

But SSO still doesn’t work!! If you login through a browser when having the CVPN policy linked to the vServer you’ll see that authentication works perfectly but then when it tries to passthrough the authentication to StoreFront it fails.

This picture just shows the login to the NetScaler ADC Access Gateway vServer:

NetScaler_Access_Gateway_login

Read more…

Host checks/EPA scans are not for everyone – #Citrix, #NetScaler, #AccessGateway

January 30, 2013 Leave a comment

This is an interesting blog post from Citrix… It captures a scenario that I know one of my previous customers was thinking of, so have a look at it!

The main thing that think of when reading this though is that EPA scans are NOT for everyone, I agree. And please also read my earlier posts on why it cannot be done with todays products from Citrix.

#Citrix #Receiver 3.4 and 11.7 = is the #SmartAccess story more real now? – #CloudGateway, #AGEE, #NetScaler, #StoreFront

#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA

Even though the latest Receiver Receivers changed some scenarios and enables host checks/EPA scans it still doesn’t provide the full picture. But I’ll be publishing a more detailed picture on why later, some late night I’ll be able to complete it! 😉

Here you have the blog post from Tobias Frigger:

A customer of one of my Citrix Consulting colleagues recently came up with an interesting request.

Like many others they are using Citrix NetScaler’s Access Gateway Enterprise Edition module to grant remote secure remote access to applications and desktops.
Additionally, they use a client management and software distribution solution to deploy the EPA plugin to client computers and therefore wanted to suppress Access Gateway offering the EPA scan plugin for download through the browser. This introduces some additional level of control over which client is entitled to connect through Access Gateway.

An approach restricting certain user groups from logging in by using group memberships is a more common scenario, but in this case the customer intended to restrict the end points and not the users. When end users lack administrative permissions to install custom software, preventing the download is indeed an effective measure.

A job for Citrix Consulting!

As you know, Access Gateway Enterprise Edition offers two ways of running Endpoint Analysis (EPA) scans – before and after authentication. Consequently, there are two procedures.

The formal requirements

  • Remove the download button displayed when accessing the AGEE virtual server and the plugin is not detected by the browser or if the plugin is outdated
  • Alter the message text such that it refers user to contact their system administrator if they think the plugin should be installed.
  • When using a post-authentication EPA scan, add a “logout” button.

EPA Scan dialogue

Backup
As a precaution, we want to make backup copies…

Continue reading here!

//Richard

#Citrix Receiver for HTML5 Version 1.1 Released – #Receiver

January 30, 2013 Leave a comment

Citrix Receiver for HTML5 Version 1.1 is released.. And it now has the support for all the Major Desktop Browsers.

Version 1.1 supports the latest updates of the following Desktop browsers

  • Internet Explorer 10
  • Safari 6
  • Google Chrome
  • Firefox

You can download this from https://www.citrix.com/content/citrix/en_us/downloads/citrix-receiver/receivers-by-platform/receiver-for-html5/

eDocs Location : http://support.citrix.com/proddocs/topic/receiver-html5-11/receiver-html5-version-wrapper.html

 

Key things to check out for while installing and configuring Citrix Receiver for HTML5 v1.1

Direct Internal Acces

  • XenApp 6.5 server to be updated with FP1 and latest Hotfix
  • Install the NEW Citrix Receiver for HTML5 Version 1.1  on your Storefront 1.2 server (Uninstall the old version manually before installing this new version)
  • Open the installed “Citrix HTML5 HDX Engine Configuration” tool and Add the “Receiver for Web” URLs to configure for HTML5 access
  • You can now open the supported browsers listed above on the client side and enter the “Receiver for Web” URL
  • If you are prompted with the logon screen where you have the option to download the native Citrix Receiver, just click on “Log on”
  • Now, add your application/desktop and click on it to launch
  • You have your application running in a browser Tab!!
External Access

Forum : You can use Receiver for HTML5 Forum for reporting issues, questions, and general discussions.

KB articles : You can refer to the below KB articles to troubleshoot some of the cases.

Known Issue : With Internet…

Continue reading here!

//Richard

Jan. Edition of XenDesktop Technical Newsletter Now Available – #XenDesktop, #Citrix

January 22, 2013 Leave a comment

It’s out again with more exciting topics! Check it out!!!

Using XenDesktop? Then you need to get the XenDesktop Technical Newsletter! The newsletter is comprised of the best technical resources from across Citrix Services: Consulting, Technical Support, Education, and Technical Readiness. In its third year the newsletter is designed to help customers run their XenDesktop optimally and get more out of their investment in Citrix desktop virtualization. And its FREE!

I am pleased to announce that the January 2013 edition of the newsletter is now available.

Check out the archive page, where you can access both the current and past issues, as well as subscribe to the FREE monthly newsletter.

The January edition of the newsletter is packed with great content, including:

  • Optimal XenApp 6.5 VM Configuration (Blog)
  • Introduction to the new Project Accelerator (Blog)
  • Deploying XenApp 6.5 using PVS (Blog)
  • Insider Troubleshooting tips for Administrators (eBook)
  • Whats new with Excalibur (Blog)
  • Top Knowledge Center content for December 2012 (Articles, hotfixes, whitepapers, etc…)
  • How to configure Access Gateway 5 standalone for use with XD5 (tech note)
  • XenDesktop Tools & Hotfixes
  • And much more.

If you have any..

Continue reading here!

//Richard

<span>%d</span> bloggers like this: