Professional Documents
Culture Documents
Citrix Cloudgateway Express 1.2: Proof of Concept Implementation Guide
Citrix Cloudgateway Express 1.2: Proof of Concept Implementation Guide
www.citrix.com
Contents
Contents .............................................................................................................................................................. 2 Introduction ........................................................................................................................................................ 3 Architecture ........................................................................................................................................................ 4 Installation and Configuration ......................................................................................................................... 5 Section 1: Receiver Storefront Server Initial Deployment ....................................................................... 6 Receiver Storefront Initial Server Configuration ................................................................................... 9 Create Authentication Service ................................................................................................................14 Create Store ...............................................................................................................................................15 Section 2: Configure Second Receiver StoreFront Server .....................................................................20 Section 3: Accessing Applications through Receiver ..............................................................................24 Receiver for Web ......................................................................................................................................27 Section 4: Configure Citrix Access Gateway Authentication ................................................................29 Section 5: NetScaler Load Balancing Configuration ...............................................................................36 Design Considerations ....................................................................................................................................41 Remote Users ...................................................................................................................................................41 Conclusion ........................................................................................................................................................41 Acknowledgments............................................................................................................................................42 References .........................................................................................................................................................42 Revision History ...............................................................................................................................................42
Page 2
Introduction
Citrix CloudGateway Express provides users with a common access experience across devices. Each CloudGateway Express user is able to subscribe to their favorite application and desktop resources, these favorite resources then automatically follow the user between devices. With Citrix Web Interface reaching end-of-life in 2015, it is important that administrators become familiar with CloudGateway Express to facilitate a successful transition between products. CloudGateway Expresss new modular architecture improves upon the existing design of Web Interface. It includes a new user authentication method which directly queries Active Directory rather than the existing double-hop Web Interface process where user credentials are sent from the Web Interface server to the XML broker who then negotiates authentication with the Domain Controller. CloudGateway Express also makes the process of deploying multiple servers easier through its configuration synchronization feature. Customers that require a single point of access and self-service for Windows, Web, and SaaS applications should utilize the Enterprise version of CloudGateway. CloudGateway Enterprise is a premium product that must be purchased. CloudGateway Express is a no-cost product that is freely available for download for Citrix XenDesktop and XenApp customers. For a complete list of both CloudGateway Express and Enterprise features, please reference the CloudGateway section of Citrix.com. This document will guide the reader through the steps required to create a successful CloudGateway Express proof of concept environment. To allow users and administrators transition time to become familiar with CloudGateway Express as compared to the well-known Web Interface, Citrix Consulting recommends that a small subset of Windows users should be selected for the CloudGateway Express proof of concept in parallel to an existing Web Interface environment. To experience the full self-service ability of CloudGateway Express this user group should primarily access XenApp published applications from multiple locations both inside and outside the corporate network.
Page 3
Architecture
CloudGateway Express consists of the Citrix Receiver Storefront and Citrix Merchandising Server components. Receiver Storefront is a server component which resides on Windows 2008 R2 server while Merchandising Server is a virtual appliance. This document only focuses on Receiver Storefront which performs the authentication and enumerating of applications and desktops. Receiver Storefront integrates seamlessly with an existing XenDesktop and XenApp infrastructure which allows users to have a consistent experience from multiple devices. Receiver StoreFront employs a modular architecture, as shown in the following diagram:
Figure 1: Citrix Storefront Receiver Architecture Authentication Service. Authenticates users to XenDesktop sites, XenApp farms, and AppController, handling all interactions to ensure that users only need to log on once. Store Services. Retrieves user credentials from the authentication service to authenticate users to the XenApp and XenDesktop servers providing the application and desktop resources. Enumerates the resources currently available from the servers and sends the details to Citrix Receiver. Receiver for Web. Enables users to access applications and desktop resources through a web page providing the same user experience as accessing those resources through Citrix Receiver.
Page 4
Resource Subscription Database. Stores details of individualized user subscriptions plus associated shortcut names and locations. Beacon. Citrix Receiver uses beacon points to determine whether users are connected to internal or public networks and then selects the appropriate access method.
Page 5
Page 6
Before the Receiver StoreFront installation can begin, the SQL database must be manually created To create the Receiver Storefront database, use SQL Server Management Studio to run the commands located on this page Three variables must be changed before the script is run:
Page 7
Once the database is created, begin the Receiver StoreFront installation by double clicking on the installation media previously downloaded
Select Install Any pre-requisites missing such as the Web Server will be installed automatically by Receiver StoreFront installer.
Page 8
The installation has now been completed Select Finish The StoreFront Receiver administration console will automatically appear
Receiver Storefront Initial Server Configuration The first setup in configuring Receiver StoreFront is binding a SSL certificate (self-signed or procured through an internal certificate authority), defining a load balancing hostname, and specifying the database. The following section walks through the steps needed to complete these tasks.
Initial Server Configuration Screenshot 1
Description Before beginning the configuration, a SSL certificate matching the hostname chosen must be imported and bound to the default IIS Web Site This is accomplished in IIS Manager Select the local Server from the left menu Select Server Certificates from the features menu
Page 9
Page 10
Select Add
Select https as the Type Select the SSL Certificate from the dropdown menu Select OK
Page 11
The https binding is now listed Return to the Receiver Storefront console
When deploying a multiserver configuration, only the bottom two options are available The Deploy a Single Server option is greyed out because SQL Server is not installed locally Select Deploy a multiple server group
Page 12
10
Since a SSL certificate has already been bound, the hostname will automatically be filled in This is the Hostname of the load balancing vServer on the NetScaler for the Storefront servers If the hostname is blank, go back to the SSL certification installation steps Enter the SQL Database server Enter the Database name chosen Choose Test Connection
11
Select OK
12
Select Create
Page 13
13
Once the server group has been created, the initial screen will be returned
Create Authentication Service Before any Citrix resources can be configured, an authentication service must be created. This process defines the access method allowed for the environment.
Initial Server Configuration Screenshot 1
Page 14
Create Store Use the Store menu to add the XenApp farms and XenDesktop sites that will be made available to users. Administrators can create as many stores as needed; for example, the administrator may want to create a store for a particular group of users or to aggregate a specific set of resources. While all the stores in a Receiver Storefront deployment use the same authentication service, they each require their own database. A Store is created using the following instructions:
Page 15
Choose a name for the Store Recommend choosing a name that matches the XenApp farm so that it is easily identifiable Select Next
Page 16
This is the screen where the address of the XML server for XenApp or XenDesktop is entered Enter the Server address and choose the Transport Type and Port number Select Create
Select Finish
Page 17
The newly created Store will now be listed Additional XML servers can now be added to the Store by selecting Manage Server Farms
A generic farm name and the XenApp XML server entered in the previous screen are listed Select Edit
Page 18
Enter in the desired new Farm name Select Add to have an additional XML server listed to this farm
Enter the Server name for the additional XML server Select OK
Page 19
Page 20
This server will now show an Authorization code that must be entered on the next server joined to the deployment Make a note of this information
Enter the hostname of the primary Storefront server Enter the Authorization code presented earlier (Step 1) Select Join
Page 21
On the primary Storefront server (cloudgateway2), the following dialog box appears indicating that the secondary server (cloudgateway3) was added. Select OK Switch back to the primary Storefront server Click Refresh to now see two servers listed Select Propagate Changes
Select OK
Page 22
10
Back on the administration panel, the Synchronization Status has been updated
Page 23
Page 24
Enter a Name for the account Enter in the URL of your Storefront listed in the Stores menu.
Page 25
If Pass-Through is not enabled, the end user will need to login with their domain credentials
Page 26
Receiver for Web In addition to accessing Receiver Storefront stores within Citrix Receiver, users can also access Stores through a web page. This Proof of Concept guide focuses on Windows users because they are able to access Storefront via both Receiver and Receiver for Web (via website). If users of any other operating systems such as Mac, iOS, or Linux require access, either the PNAgent URL enabled via legacy support or the Receiver for Web site must be used. A website is created using the following instructions:
Receiver for Web Configuration Screenshot 1
Select the Store that the Website will serve Choose a Website path Select Create when finished
Page 27
The following screen will appear when the Website has been created successfully The URL for the Website is also displayed
Page 28
At this point, Citrix Receiver Storefront can be accessed via the Website URL. As long as the User name and Password authentication method was selected earlier, a user can logon and access their applications or desktops The Storefront is not ready at this point to be accessed from Citrix Access Gateway
Page 29
Enter a Display name for the Gateway server Enter the Gateway URL for the Access Gateway server. This is the address from which users will be accessing the environment Choose the deployment mode: Appliance Select Set server as Access Gateway Enterprise Edition Enter in the SNIP or MIP address configured on your NetScaler Select Next
Page 30
Choose to enable Session reliability or the ability to request tickets from two STAs Select Add to enter in a STA server
Page 31
Select Finish
The newly created Gateway is now shown Before a Store can be assigned to the Gateway, two Beacons must be configured To do this, select Beacons from the left menu
Page 32
Select Add
10
Enter in any URL that can be resolved on the public Internet Select OK
Page 33
11
Repeat Step 10 again so that there are two Beacon URLs listed Select OK
12
The two Beacon URLs are now listed Now remote access must be enabled for the Store Select Stores from the left menu
13
Page 34
14
15
Page 35
First, select a name for the Service Group Change the Protocol from HTTP to SSL Under Specify Members, enter the IP address, port number, and weight for one of the Receiver StoreFront servers Select Add when all the information has been entered
Page 36
Once the second Receiver StoreFront server has been added, select Monitors
In the Settings box, select Override Global Check Client IP Header Type in X-Forward-For Select the SSL Settings tab
Page 37
Select the appropriate SSL certificate that corresponds to your load balancing hostname Select Create when all the steps have been completed
Select Virtual Servers under the Load Balancing feature menu Select Add
Page 38
Select the Service Groups tab Enter in a Name for the Load Balancing vServer Select the Service Group created earlier In the Protocol dropdown box, select SSL Choose an IP address for the vServer Select the Method and Persistence tab
At the bottom under Persistence, choose SourceIP Choose None under Backup Persistence Select the SSL Settings tab
Page 39
10
Select the corresponding SSL certificate and click Add Select Create
11
Page 40
Design Considerations
As discussed earlier, while CloudGateway Express offers new functionality such as application subscriptions, it does have some additional considerations that need to be taken into account. For these reasons, it is important to properly choose the users who should be a part of the proof of concept. Since Windows and Mac are the only operating systems that currently support direct access to stores through Citrix Access Gateway, it is recommended that the proof of concept be limited primarily to these users in an effort to showcase the consistent user experience across access methods. Other operating systems and earlier Receiver clients require legacy support to be enabled for users to access applications remotely. Direct access to stores through mobile devices on iOS and Android is supported when connecting from the internal network. It is recommended that the user base be restricted primarily to XenApp users since Receiver Storefront currently is limited in some of XenDesktop features such as desktops restarts, Desktop Group, and visual separation of desktops and applications, but it should be noted that these features will be incorporated in the future.
Remote Users
Users can access their resources from either their locally installed Citrix Receiver or via the Receiver for Web site. For an optimal deployment that allows users to easily connect from inside and outside the organization, it is recommended that a Receiver Provisioning file be used. This file can either be distributed by the administrator or manually downloaded by the end user. This file contains information that allows Citrix Receiver to determine if the user is located on the corporate network or if a remote connection should be made through Access Gateway. This decision is made using the beacon addresses specified during the Gateway configuration on the Receiver Storefront panel. If the internal beacon can be resolved, Receiver will connect using the local address. If the internal address cannot be resolved, Receiver will instead make a connection through the Access Gateway URL specified during the setup of Gateways inside the Receiver Storefront console. For more information on configuring the Receiver Provisioning file, please reference Citrix eDocs.
Conclusion
CloudGateway Express should be piloted to users that are constantly switching between multiple devices and would like to have a consistent access experience. Citrix Consulting currently recommends installing CloudGateway Express for the aforementioned user group in parallel to the existing Web Interface environment to ensure that administrators start to become familiar with the new technology and features. Citrix Consulting strongly recommends a full analysis of user needs and CloudGateway Express 1.2 version functionality before migrating users away from Web Interface. By developing an understanding the CloudGateway Express now in a proof of concept
Page 41
capacity, administrators will be better prepared for the Web Interface migration process they will be facing in the future.
Acknowledgments
Citrix Consulting Solutions would like to thank all of the individuals that offered guidance and technical assistance during the course of this project - Carisa Stringer, Ray De Varona, Peter Schulz, and Adolfo Montoya. Additionally, thanks go to Peter Smeryage who helped with the build out of the environment.
References
How to Configure Access to Citrix Receiver StoreFront 1.0 through Access Gateway Enterprise Edition: http://support.citrix.com/article/CTX131908
Revision History
Revision 1.0 1.2 Change Description Initial Document Document Update Updated By Citrix Consulting Solutions Citrix Consulting Solutions Date March 27, 2012 April 12, 2012
About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service technologies for more than 230,000 organizations worldwide. Its Citrix Delivery Center, Citrix Cloud Center (C3) and Citrix Online Services product families radically simplify computing for millions of users, delivering applications as an on-demand service to any user, in any location on any device. Citrix customers include the worlds largest Internet companies, 99 percent of Fortune Global 500 enterprises, and hundreds of thousands of small businesses and prosumers worldwide. Citrix partners with over 10,000 companies worldwide in more than 100 countries. Founded in 1989, annual revenue in 2009 was $1.61 billion. 2012 Citrix Systems, Inc. All rights reserved. Citrix, Access Gateway, Branch Repeater, Citrix Repeater, Citrix Receiver, HDX, XenServer, XenApp, XenDesktop, XenClient and Citrix Delivery Center are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners. Page 42