Archive
Put Citrix Receiver App Banners in Web Interface for Android and iOS – #Citrix, #Receiver
A good blog post from Roy Tokeshi about Citrix Receiver setup and provisioning.
I’ve used the Citrix Mobile Receiver Setup URL Generator for quite some time and like it (but now of course you’ll get pretty far with email-based enrolment if you can use that), but it’s still valid for some use cases and scenarios. But to add the banner to the download of the app itself is something I’ve not done, interesting!
One of the cool things you can do to help your users connect to your XenDesktop and XenApp environments is the Citrix Mobile Receiver Setup URL Generator at:http://community.citrix.com/MobileReceiverSetupUrlGenerator/
The output of this generator is a couple of links. The first is an iOS configuration link and the second is the Android configuration link. What is great about this is once the user gets this link on their iOS or Android device, via email, text message, or carrier pigeon with a micro SD card strapped to its leg , all the user has to do is click on the link and the local instance of the mobile Citrix Receiver is auto-configured.
- VCDC Email
- Application warning iOS
Something that Apple had made available is called a Smart App Banner. (I suggest that you don’t shout “Smart App Banners!” across the cube farm unless you want to start a bunch of prairie dogging or HR emails.) Regardless, the folks at Apple created an easy way for you to advertise the Citrix Receiver app itself from within web interface. At Citrix Systems we have had had a couple of different temporarily consistent hostnames we point at to get our apps and desktops. Among my customers, apps.company.com or atwork.company.com have popped up a few times. The point being, the user puts a name in the browser and the web interface client detect takes over, suggests a client version for Mac, Windows, Java and off they go to application or desktop nirvana. But what about the lonely neglected mobile devices. We tell our bosses that we need iPhones, iPads, and Androids for work. So the smart thing to do is to get a few work apps on there before bosses catch us playing Angry Birds, or Radical.FM So the question is, “How do I use this on my web interface?” That is an excellent question. We are going to take the cute little meta tag referenced in that Apple Dev article and paste that right into the login.aspx file in our web interface site. For the purposes of demonstration, I’m going to use our Virtual Computing Demo Center or VCDC as an example. The default web interface that acts as a front end of the demo instance is hosted on a virtual machine acting as the DDC for XenDesktop. The screenshots I am using are based on the connection I make to a XenApp desktop logged on as administrator. \\ddc\c$\inetpub\wwwroot\Citrix\DesktopWeb\auth\login.aspx looked like this:
Now, modified at the top line it looks like this.
Remember that this is something that is only supported in iOS and in fact from the default Safari browser. Here are some screenshots…
Continue reading here!
//Richard
What’s new with Access Gateway MAC Plug-in release 2.1.4 – #Citrix, #AG, #Receiver
Another great blog post from Prashant! You rock! 😉
The new Citrix Access Gateway Appliance release 10.0.71.6014.e brings along with it the new MAC plug-in release 2.1.4. MAC OS, along with Microsoft Windows, are the two main desktop platforms supported by Citrix Access Gateway for full SSL Tunnel. The AG plug-in is most commonly used in tandem with Citrix Receiver, to provide access to your virtual applications and desktops, provided by XenApp & XenDesktop respectively. The Receiver and AG plug-in also work together to provide end users access to intranet web and SaaS resources via Citrix CloudGateway.
The new 2.1.4 plug-in brings the following new enhancements for Citrix Receiver users:
- Seamless Desktop Receiver experience: With this release of Access Gateway plug-in, end users will no longer have to sign into the plug-ins as a manual step, to access apps / sites that require a full SSL tunnel. Receivers automatically launch a SSL VPN session via Access Gateway as needed. Result is – end user just deals with Citrix Receiver and Receiver internally (and automatically) deals with Access Gateway on user’s behalf.
- EPA with ICAProxy / CVPN: Receivers can now seamlessly launch AG plug-ins to connect to an Access Gateway vServer configured with End Point Analysis policies, in ICAProxy and CVPN modes as well. Earlier, this was supported only for Full Tunnel access.
- ….
Continue reading here!
//Richard
Great UI Theme improvement setting – #AccessGateway, #NetScaler, #Citrix
I must say finally! It’s not a 100% yet for everyone out there but it’s a step in the right direction. The NetScaler, Access Gateway, Web Interface, StoreFront and Receiver has not really been in synch when it comes to UI and end-user experience…. But now Citrix has improved it!
Access Gateway is a secure remote access product and hence tends to be the entry point for corporate users, wanting to access their enterprise applications and desktops. Given this, it makes sense for corporates, to try and customize the logon experience on Access Gateway, to match their corporate look and feel.
Access Gateway has always allowed for this customization, though, it’s been somewhat of a tedious process. With the new 10.0.71.6014.e release, we are making an attempt to simplify this experience.
UI Customization on Access Gateway is a multi-step process:
- Access the built in theme web pages and customize them, to match the corporate requirements
- Apply the modified theme (collection of web pages) at the right location
- Modify certain scripts to make this change persistent
- Every time the firmware has to be upgraded, take a backup of the customized pages and scripts and re-apply the same after the upgrade.
A quick Google search will give you a number of helpful and very accurate blogs/articles, on how to tweak the web pages to customize and create your corporate look and feel. Some of my favorites are:
- http://blogs.citrix.com/2012/04/19/green-bubble-theme-for-citrix-netscaler/
- http://jariangibson.com/2012/04/16/apply-citrix-receiver-theme-to-netscaleraccess-gateway-10/
With this new release, we have automated all the other steps (i.e. 2-4) for you. Instead of having to worry about how to apply this theme, or having to take backups every time you upgrade, the new release will automatically handle this for you.
To see the new offering in this r…
Continue reading here!
//Richard
Why no Snaphot feat. on NetScaler like on AG? – #Citrix, #NetScaler
Ok, I had the “pleasure” to be working with an Access Gateway setup a little while ago… and I don’t know if I should actually say that it was a pleasure when I all did was missing the NetScaler.
But there is one feature that Access Gateway has that NetScaler doesn’t that I like and see a need for; Snapshots!
Why hasn’t Citrix build the same EASY way to make a snapshot of a config on NetScaler??? This would simplify things a lot from a change management point of view. You could of course make this happen yourself but need to be savvy and it’s hazzle… It would also ensure that admins that aren’t hardcore NetScaler nerds actually could get some confidence to change stuff and have a back out plan to revert to a previous snapshot if something goes wrong.
And the great thing about a snapshot is that it represents all the Access Gateway settings, licenses, and certificates at a specific time. If you have multiple software versions installed on Access Gateway, you can have snapshots that span the different software versions. Imagine if there was a button you could press to do that done on the NetScaler!
Video of how it works: How To: Take and Restore Snapshots on Citrix Access Gateway 5.0
Creating Snapshots to Manage Access Gateway Configuration Settings
I think that this will be a good thing to add now when more shops will setup Access Gateway Enterprise on NetScaler and only use it for just that…especially now when it’s also going End of Life (EOL).
Citrix: Please make this happen! 😉
//Richard
New Citrix Access Gateway Release – #AG, #SmartAccess, #Receiver, #Citrix
Ok, just as we expected there is now a new release of Access Gateway that goes hand in hand with the new Receivers as I wrote about in the following posts:
Receiver for Windows 3.4 released
Receiver for Mac 11.7 Released
And of course as you could read in the first post above there are great improvements of the end-user experience when accessing resources, now you have ONE login for both the Receiver and to the Access Gateway plugin. And as that posts also highlights is the support for host check (EPA scans) on Receiver use cases as well! Finally! 😉
More info on the new Access Gateway release 10.0.71.6014.e below:
With the release of Citrix CloudGateway 2.5, comes the release of Citrix Access Gateway 10.0.71.6014.e. Citrix CloudGateway as you are aware, is the Citrix Enterprise Mobility offering, complete with Citrix Receiver running enterprise applications on the end point, Citrix Storefront running your enterprise app store, Citrix AppController running your mobile policy management and Citrix Access Gateway providing remote access to all this infrastructure.
With every CloudGateway release, Access Gateway continues to build incredible integration and smart abilities, which makes it the de-facto remote access solution for your CloudGateway deployments. Access Gateway is the only remote access solution today, which can offer seamless Receiver configuration using Email based discovery and provide intelligent integration with Storefront and AppController, to provide single sign-on to all your enterprise applications.
With this new release, Citrix Access Gateway will be able to provide the following value additions in your CloudGateway deployments:
- Seamless Desktop Receiver experience: With this release of Access Gateway, end users will no longer have to sign into their Access Gateway plug-ins as a manual step, to access apps / sites that require a full SSL tunnel. Receivers automatically launch a SSL VPN session via Access Gateway as needed. Result is – end user just deals with Citrix Receiver and Receiver internally (and automatically) deals with Access Gateway on user’s behalf.
- EPA with ICAProxy / CVPN: Receivers can now seamlessly launch AG plug-ins to connect to an Access Gateway vServer configured with End Point Analysis policies, in ICAProxy and CVPN modes as well. Earlier, this was supported only for Full Tunnel access.
- Session Sharing: Receiver and AG plug-in have always been two separate entities, and because of that, they establish two parallel sessions with Access Gateway. With this release, we have added the smarts in our Receiver and Access Gateway integration, to understand each other, and be able to share the same session with Access Gateway appliance. Good News – this now leads to simplified access from end user perspective, and optimal session/license consumption from Administrator perspective.
- Device Wipe/Lock support for AppController: With CloudGateway 2.5, AppController is launching the ability to register and track mobile devices via AppController. These registered mobile devices can then be locked / wiped, if the..
Continue reading here!
//Richard
Receiver for Windows 3.4 released
About Receiver for Windows 3.4
Citrix Receiver for Windows provides users with self-service access to resources published on XenApp or XenDesktop servers. Receiver combines ease of deployment and use, and offers quick, secure access to hosted applications, desktops, and data. Receiver also provides on-demand access to Windows, Web, and Software as a Service (SaaS) applications. You can use it for Web access or configure it for use with Citrix CloudGateway.
What’s new
Citrix Receiver for Windows 3.4 (CitrixReceiver.exe) provides the following new features and enhancements.
- Single authentication to the Access Gateway:
- Use of a single session for both VPN and clientless access so that a Receiver user logs on once for both types of access and consumes only one license. This feature requires StoreFront.
- Automatic routing of ICA traffic through the Access Gateway ICA proxy for optimal user experience.
- Automatic start-up of a VPN tunnel when a user logs on. This feature requires that you disable the Single Sign-On with Windows setting on the Access Gateway.
- Support for Access Gateway SmartAccess controls.
- Improved logon and logoff operations:
- Users are prompted to log on to Receiver only when a logon is required. Actions that require a log on include starting an app from Receiver or the Start menu, using the Refresh Apps command, viewing or searching for apps, or adding an account. A user is logged on only to the account associated with the requested resource.
- Users remain logged on until choosing to log off or exit Receiver, roam from the internal network to an external network, or delete passwords.
- A VPN tunnel is established when a remote user performs an action that results in a logon. Internal users are logged on to StoreFront.
- Support for Windows 8. You can use Receiver for Windows 3.4 on Intel-based Windows 8 devices. (Receiver for Windows 8/RT is available on the Windows App Store for ARM-based Windows 8 devices.)
- Support for Windows Server 2012 R2, 64-bit edition.
- Support for Project Thor Technical Preview (XenApp Connector). Receiver for Windows 3.4 can be used with Project Thor Technical Preview to deliver apps with Microsoft System Center 2012 Configuration Manager.
- Usability improvements, including:
- App and desktop Start menu shortcuts are no longer copied to other devices, enabling users to control the location of shortcuts on each of their devices.
- The Request button is removed. Users can now simply click to add an app and, if a request for permission to add the app is required, a dialog box appears.
- Arrow keys can be used to navigate search results.
- Users will experience fewer dialog boxes when adding and removing apps.
- Error messages and certificate warnings are clearer.
- Users can reset Receiver to factory defaults. For information of preventing user resets, see http://support.citrix.com/article/CTX135941 in the Citrix Knowledge Center.
- Support for session pre-launch. The session pre-launch feature reduces launch times for applications delivered through Web Interface sites.
- Support for ShareFile StorageZones. Receiver for Windows supports both ShareFile-managed cloud storage and on-premises StorageZones.
- Upgraded FIPS support. Receiver for Windows 3.4 supports certificates with a minimum public key of 2,048-bit RSA and a SHA256 signature hash algorithm.
Receiver for Windows Enterprise
The Receiver for Windows Enterprise 3.4 package (CitrixReceiverEnterprise.exe) provides the following enhancements:
- Support for smart card single sign-on for Windows 7 devices. When used with Web Interface, Receiver for Windows Enterprise 3.4 enables smart card pass-through authentication from Windows 7 devices.
- Support for Fast Connect. Fast Connect provides the necessary technology for partners to rapidly authenticate users to Citrix sessions or desktops.
For information about Receiver for Windows Enterprise, including compatible systems, refer to the Receiver for Windows 3.2 documentation in Citrix eDocs.
Receiver for Mac 11.7 Released
About Receiver for Mac 11.7
Updated: 2012-12-19
Citrix Receiver for Mac provides users with self-service access to resources published on XenApp or XenDesktop servers. Receiver combines ease of deployment and use, and offers quick, secure access to hosted applications, desktops, and data.
Receiver also provides on-demand access to Windows, Web, and Software as a Service (SaaS) applications. You can use it for Web access or configure it for use with Citrix CloudGateway.
What’s new
- Single authentication to the Access Gateway:
- Use of a single session for both VPN and clientless access so that a Receiver user logs on once for both types of access and consumes only one license.
- Automatic routing of ICA traffic through the Access Gateway ICA proxy for optimal user experience.
- Automatic start-up of a VPN tunnel when a user logs on. This feature requires that you disable the Single Sign-On with Windows setting on the Access Gateway.
- Improved logon and logoff operations:
- Users are prompted to log on to Receiver only when a logon is required. Actions that require a log on include starting an app from Receiver or the Finder, using the Refresh Apps command, viewing or searching for apps, or adding an account. A user is logged on only to the account associated with the requested resource.
- Users remain logged on until choosing to log off or exit Receiver, roam from the internal network to an external network, or delete passwords.
- A VPN tunnel is established only if needed. Internal users are logged on to StoreFront.
- Usability improvements, including:
- Upgraded FIPS support. Receiver supports certificates with a public key of 2,048-bit RSA and a SHA256 signature hash algorithm.
- Support for ShareFile StorageZones. Receiver provides support for ShareFile StorageZones. StorageZones enable you to optimize ShareFile performance by locating data storage close to users and also allow you to control storage for compliance purposes. For more information about StorageZones, see the Sharefile documentation in eDocs.
#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA
This little blog post is about Citrix SmartAccess. I’ve been a fan of SmartAccess for a long time, and it’s also something that Citrix has been talking a lot about in their story. The way that Citrix technology can provide applications, desktops and information to end-users on any device in a secure and controlled way.
But the purpose of this blog post is to give you my view of this story, and how true the SmartAccess story is. Remember that this is my personal view and that I’ve actually not tested all my theories below so parts of it is purely theoretical at this stage.
So a bit of background first to build my case…
Citrix has been going on about SmartAccess, and it’s been true that the Access Gateway capabilities once added to Web Interface and XenApp/XenDesktop where great in terms of adding another layer of functionality that the IT supplier could use to determine how the XenApp and XenDesktop environments where accessed, and from what type of device. The device detection/classification is done through host checks (Endpoint Analysis Scans, EPA) that the Access Gateway feature provided as a pre- or post-authentication scan. This scan then resulted that either the device met the policies or didn’t, and then this policy could be leveraged by the other internal components (XenApp/XenDesktop) to control/manage which apps, desktops and functionality (virtual channels like printing, drive mapping etc.) that the end-user should get for that specific session.
And this was/is working well for certain scenarios from a technical point of view. But is it really working for the whole story that Citrix and the whole IT-industry is driving now with BYOD etc.? Think about the message that is being pushed out there today, use any device, we can control and deliver according to security policies, we can provide access from anywhere, etc…
And this is where it becomes interesting. All of a sudden then you as an architect are to take this vision that your CIO or IT-board has and realise it into manageable IT services that combined deliver a fully fledged IT delivery of Windows, Internal Web, SaaS, Mobile and Data for this great set of use cases and scenarios. Wow… you’ve got yourself a challenge mate!
This text is from the Citrix homepage about SmartAccess;
SmartAccess allows you to control access to published applications and desktops on a server through the use of Access Gateway session policies. This permits the use of preauthentication and post-authentication checks as a condition for access to published resources, along with other factors. These include anything you can control with a XenApp or XenDesktop policy, such as printer bandwidth limits, client drive mapping, client clipboard, client audio, and client printer mapping. Any XenApp or XenDesktop policy can be applied based on whether or not users pass an Access Gateway check.
So let’s start of then with going back to the SmartAccess which is the topic of this blog!
#Netscaler authentication based on nested groups
Ok, I have to thank my colleague Roger Eklund for this great post! Check it out if you want to use nested AD groups for AGEE authentication!
So i needed to create an LDAP authentication policy in the Netscaler where the users are divided into different groups (DEPT1, DEPT2, DEPT3), and those groups are themselves inside a group (MAINGRP). So i want to authenticate the users based on nested membership in MAINGRP.
Normally without nested groups you would use a LDAP filter with something like this:
memberOf=CN=DEPT1,OU=users,OU=subou,OU=ou,DC=domain,DC=com
Which would return a result to the Netscaler if the user…
Continue reading here!
//Richard
Access Gateway Licensing Demystified
Ok, this is a good blog post from Prashant Batra and touches an area that I get so many questions about!
Access Gateway Licensing Demystified
Access Gateway discussed in this blog is the Access Gateway based on NetScaler, which is popularly referred to as Access Gateway Enterprise. Citrix has recently announced End of Life for all non-NetScaler based Access Gateway platforms, which then makes Enterprise edition, the de-facto Access Gateway.
In this blog, we will discuss the two license types used on your Access Gateway appliance, the two kinds of vServers you can set up to leverage these licenses to provide standard / advanced functionalities, and an example scenario towards the end, to help illustrate these concepts in a real scenario.
License Types
Access Gateway is licensed at two levels:
- Platform License
- Universal License
Platform Licenses
Every Access Gateway (VPX/MPX) comes with a… continue reading here!
//Richard
The IT Melting Pot! 