Deployment GuideDeploying NetScalerGateway in ICA ProxyModeDeployment GuideThis deployment guide defines the configuration required for using theNetScaler Gateway in ICA Proxy

Deployment GuideDeploying NetScaler Gateway in ICA Proxy ModeTable of ContentsIntroduction 3Product Versions 4Prerequisites4Topology 5Section A: Configure NetScaler Gateway5Section B: Configure Storefront for remote access11Section C: Login to NetScaler Gateway and launch applications16Conclusion 20citrix.com2

Deployment GuideDeploying NetScaler Gateway in ICA Proxy ModeThe Citrix NetScaler application delivery controller (ADC) is aworld-class product with the proven ability to load balance,accelerate, optimize, and secure enterprise applications. NetScalerGateway provides users with secure remote access to XenApp,XenDesktop and XenMobile applications across a range of devicesincluding laptops, desktops, thin clients, tablets and smart phones.IntroductionThis document takes the user through the steps of configuring a NetScaler Gateway andStorefront for a XenApp/XenDesktop VDI solution. The document first describes the steps forconfiguring the NetScaler Gateway component and then, for configuring the Storefront.citrix.com3

Deployment GuideDeploying NetScaler Gateway in ICA Proxy ModeProduct VersionsThe table below lists the software versions used for testing this integration. The integrationprocess should also work with higher versions of the same.ProductMinimum Required VersionNetScaler equisitesBefore starting the configuration steps provided in this document, please ensure that the belowinformation is readily available.1.Admin login credentials for NetScaler Gateway management console2.NetScaler Gateway IP address. This is the public facing IP to which users connects to fromhome or remotely3.Corporate firewall must have rules to allow traffic to NetScaler Gateway IP address andport4.Server certificate (cert-key pair) on NetScaler Gateway appliance. This certificate is boundto the NetScaler Gateway and should have the same common name as the FQDN used by theend users to access NetScaler Gateway. Know more about server certificates (cert-key pair) onNetScaler at CTX1092605.Active Directory/LDAP server and admin bind details6.Storefront server, site path and Store details that would be configured on Storefront7.STA server and communication protocol (HTTP/HTTPS) details8.Delivery controller and communication protocol (HTTP/HTTPS) detailscitrix.com4

Deployment GuideDeploying NetScaler Gateway in ICA Proxy ModeTopologyThis document uses the following topology for this deployment. The topology has one Storefrontserver, one XML broker & one DDC server (both represented using Delivery controllers), and oneNetScaler Gateway. Since there will be one server of each type, the document does not specify anyload balancing configurations as they are not necessary.Section A: Configure NetScaler Gateway1.Log into the management console of NetScaler Gateway by providing the admin credentials.citrix.com5

Deployment Guide2.Deploying NetScaler Gateway in ICA Proxy ModeClick on the “XenApp and XenDesktop” tab under the “Integrate with Citrix Products” sectionon the left hand side after loginClick the Get Started button on the NetScaler for XenApp and XenDesktop

Deployment Guide4.5.Deploying NetScaler Gateway in ICA Proxy ModeSelect the Storefront option from the dropdown titled What is your Citrix integrationpoint and click Continue.Provide the NetScaler Gateway IP address and name.citrix.com7

Deployment GuideDeploying NetScaler Gateway in ICA Proxy Mode6.Select the existing “Server Certificate” (cert-key pair on NetScaler) that will be assigned toNetScaler Gateway and click Continue7.In the Authentication section’s Primary authentication method dropdown, select ActiveDirectory/LDAP option.citrix.com8

Deployment GuideDeploying NetScaler Gateway in ICA Proxy Mode8.Provide the active directory details (IP address, port, Base DN, bind admin account andpassword, logon name attribute) and click Continue. Here,IP Address: IP address where active directory service is runningPort: port on which active directory service is reachableBase DN: search filter in the active directory where user details are availableService account:: Administrative account that will be used for LDAP binding and user searchServer logon name attribute: LDAP logon name attribute type that will be provided by the userPassword: Administrative account password9.Provide Storefront details and click Continue. Here,Storefront FQDN: Storefront server’s FQDNSite Path: Path for the Store that would be created on Storefront. Ensure “Web” is attached to thename of the Store.Single Sign-On Domain: Domain in which Storefront server residesStore: Name of the Store that will be created on the StorefrontSecure Ticket Authority Server: The STA server info in http[s]://IP format. If HTTPS is required,ensure that SSL is enabled on STA serverStorefront Server: IP address of the Storefront serverProtocol: Protocol (HTTP or SSL) using which Storefront should be accessedPort: Port on which Storefront is availablecitrix.com9

Deployment GuideDeploying NetScaler Gateway in ICA Proxy Mode10.Configuring the Xen Farm (the next step) is optional. Although the Configure dropdownshows an asterisk (“*”) next to it indicating that it is a mandatory field, this step can be skippedunless there is a load balancing requirement for the XML broker service or the DDC servers.Note: In this document, this step is skipped.11.Click “Done” to finish the NetScaler Gateway configurationcitrix.com10

Deployment GuideDeploying NetScaler Gateway in ICA Proxy ModeSection B: Configure StoreFront for remote access1.Open the Citrix Storefront management console on the Storefront server and go to“Stores” tab on the left hand side.2.Click the Create Store link on the right hand side of the console. The wizard shown belowwill open. Provide a store name and click Next.citrix.com11

Deployment Guide3.Deploying NetScaler Gateway in ICA Proxy ModeClick to “Add” to provide delivery controllers information.4.Provide the details of delivery controllers and click OK.Display-name: Any name to identify the controllerType: The type of deploymentServers: Actual controller servers available in the environment (provide FQDNs)Transport type: HTTP/HTTPS (if HTTPS is required, ensure the SSL is enabled on controller server)Port: 80/443citrix.com12

Deployment Guide5.Deploying NetScaler Gateway in ICA Proxy ModeClick Next to go to the remote access configuration section6.Under the Remote Access section, select the No VPN tunnel option. Then click on theAdd button for the NetScaler Gateway appliances option.citrix.com13

Deployment Guide7.Deploying NetScaler Gateway in ICA Proxy ModeUnder the Add NetScaler Gateway Appliance section, provide the details of Gateway and clickNext.Display name: Any name for referring to the NetScaler Gateway.NetScaler Gateway URL: The FQDN of the NetScaler Gateway that the end-user will access.Note: The FQDN must match the common name in the server certificate that was associated onthe NetScaler Gateway (Section-A, Step-6 of this document)Version: Retain the default valueSubnet IP address: This parameter is optional, can be left blankLogon type: Retain the default value (Domain) since we are using Active Directory basedauthenticationCallback URL: Required only for SmartAccess type deployment. Since this document doesn’t coverSmartAccess, leave this field blankcitrix.com14

Deployment GuideDeploying NetScaler Gateway in ICA Proxy Mode8.Under the Secure Ticket Authority section, provide the STA server info (FQDN) and clickCreate.9.Under the Create Store section, the newly added NetScaler Gateway appliance will beadded and visible. Select the new appliance and click Create.citrix.com15

Deployment Guide10.Deploying NetScaler Gateway in ICA Proxy ModeClick on Finish to complete the Storefront Store creation process.Section C: Login to NetScaler Gateway and launch applications1.Access the NetScaler Gateway from a browser on the client machine. Ensure that theFQDN of NetScaler Gateway is used for the access and no SSL warning is received.citrix.com16

Deployment Guide2.3.Deploying NetScaler Gateway in ICA Proxy ModeProvide Active Directory/LDAP user credentials and click on “Log On” buttonThe user should be successfully logged into the Storefront. The virtual desktops and appsshould be available for access. By default, the user is taken to the Desktops sectioncitrix.com17

Deployment Guide4.Deploying NetScaler Gateway in ICA Proxy ModeFor accessing apps, click on the Apps button at the bottom of the page. The user will beshown the following page.5.Click on the button on the left hand side, then click on the All Apps link and click on anyapp that you want to add to the portal.citrix.com18

Deployment Guide6.Deploying NetScaler Gateway in ICA Proxy ModeClick the application icon (in this case, Calculator) for launching the application.citrix.com19

Deployment GuideDeploying NetScaler Gateway in ICA Proxy ModeConclusionThe NetScaler Gateway provides a seamless and secure experience with XenApp and XenDesktopwith the StoreFront integrated ICA proxy configuration described above.Corporate HeadquartersFort Lauderdale, FL, USAIndia Development CenterBangalore, IndiaLatin America HeadquartersCoral Gables, FL, USASilicon Valley HeadquartersSanta Clara, CA, USAOnline Division HeadquartersSanta Barbara, CA, USAUK Development CenterChalfont, United KingdomEMEA HeadquartersSchaffhausen, SwitzerlandPacific HeadquartersHong Kong, ChinaAbout CitrixCitrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management,networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobilitythrough secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device,over any network and cloud. With annual revenue in 2014 of 3.14 billion, Citrix solutions are in use at more than 330,000 organizations andby over 100 million users globally. Learn more at 2015 Citrix Systems, Inc. All rights reserved. Citrix and NetScaler are trademarks of Citrix Systems, Inc. and/or one of itssubsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may betrademarks of their respective companies.1215/PDFcitrix.com20

world-class product with the proven ability to load balance, accelerate, optimize, and secure enterprise applications. NetScaler Gateway provides users with secure remote access to XenApp, XenDesktop and XenMobile applications across a range of devices including laptops, desktops, thin clients, tablets and smart phones. Introduction