The age-old problem of legacy Citrix Receiver client access on a common NetScaler Gateway has now been solved! Starting with N etScaler 10.5 Build 51.1017.e + , you can create and bind now can Content Switching Policies directly to NetScaler Gateway VServer .
terminals for the gateway are determined, stopped and processed as normal but before any action at the meeting to be called, checked the policy engine, if any content switching policy bound to apply. When was laid down in the Directive are met, connections to the target load balancing vserver define sent in the respective content switching policies.
Although this particular extension developed for Share File and XenMobile customers, another primary use case is subordinated Citrix clients as PNAgent or embedded custom clients found in thin clients to identify. The extension allows you to simplify your deployment design for this customer, by use of the same DNS namespace, IP and SSL certificate already for modern receiver and browser clients. This was previously not possible, because the subordinate client authentication methods are required incompatible with the NetScaler Gateway VPN VServer. These connections must terminate normally at the Web Interface Services Web site, or legacy services URL to storefront.
The combination of this new feature with the Web Interface on NetScaler , you can consolidate more infrastructure and provide an elegant solution that both older and current Citrix client for hybrid deployments or migration strategies.
legacy Citrix clients as PNAgent were hosts never be able to authenticate to NetScaler Gateway be improved. This meant that any application for remote or secure connections from these clients requirements had a separate DNS entry point involved provisioning, IP address and SSL certificate, to name any additional NAT rules, firewall policies, and the end user Support in connection with him. In some cases more unsavory methods such as authentication all together on the NetScaler Gateway Disabling were used to work the defect. must This method will not include this make more.
conditions
- NetScaler Build 51.1017.e + or 11.x
- Existing or configured VPN VServer
- Web interface or storefront legacy services
- Existing content switching target LB VServer for Web interface, storefront, or Web interface on NetScaler
- Legacy client Identifier - ie user agent
- Web Interface installed on NetScaler
implementation
Web Interface on NetScaler
Before a web interface on NetScaler Services Web site you must create a LB VServer target for use in your content switching configuration. Since the Web Interface on NetScaler Wizard does not permit LB VServer this type to create, this step must be performed manually
Add Service svc_wionns_xa65lab_http_80 127.0.0.1 HTTP 8080 -gslb NONE -maxClient 0. - MAXREQ 0 - CIP DISABLED -usip YES YES -useproxyport -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO NO -TCPB -cmp NO
Add lb vserver lb_wionns_xa65lab_http_80 HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
bind lb vserver lb_wionns_xa65lab_http_80 svc_wionns_xa65lab_http_80
VPN vserver and content switching policies
patset policy Legacy_Citrix_Client_UA
bind policy patset Legacy_Citrix_Client_UA PNAMAIN.EXE index 2
Add lb vserver lb_wionns_xa65lab_http_80 HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
service svc_wionns_xa65lab_http_80 127.0.0.1 HTTP 8080 -gslb NONE Add -maxClient 0 0 -maxReq -CIP DISABLED -usip YES YES -useproxyport -sp OFF -cltTimeout 180 - svrTimeout 360 - CKA NO NO -TCPB -cmp NO
bind lb vserver lb_wionns_xa65lab_http_80 svc_wionns_xa65lab_http_80
Add cs policy pol_pnagent_ng rule "HTTP.REQ.HEADER (" user-
Agent "). SET_TEXT_MODE (IGNORECASE) .CONTAINS_ANY ( "Legacy_Citrix_Client_UA ") "action act_pnagent_ng
Add cs Action act_pnagent_ng -targetLBVserver lb_wionns_xa65lab_http_80
bind vpn vserver csv Test ng -policy pol_pnagent_ng -priority 10
Web Interface on NetScaler services site
Add wi website "/ Citrix / PNAgent /" "https: //csv-ng.pnwlab.local" "http://192.168.15.0" - sessionReliability oN -authenticationPoint WebInterface -defaultAccessMethod Gateway Direct -siteType XenAppServices
Add wi website "/ Citrix / DesktopWeb /" "https: //csv-ng.pnwlab.local" "http://192.168.15.0" -sessionReliability ON - authenticationPoint Access Gateway -agAuthenticationMethod Explicit -defaultAccessMethod
bind wi website "/ Citrix / PNAgent /" PNWLAB xa65lab-a.pnwlab.local
This is what you really need to do anything.
Note that it is not necessary to actually configure a content switching vserver - only the policies and appropriate measures need to be established. want
If you insert the Web Interface LB existing, you have already setup or window is activated with the legacy services URL, there is not a whole lot of changes here - just create your LB VServer and appropriate CS VServer policy actions rather than to use these resources. Also, if you use the user interface, you can already noticed that there is there is an option in the breadcrumbs menu for adding content switching policies to a VPN VServer:
Testing
Testing is fairly straightforward. Just change the URL by the compatible client is used, the NetScaler Gateway VPN VServer to be
Here's how PNAgent to change, for example.
When everything is in place, you should see that the client properly to obtain in fact the first configuration, to connect, ask for the required authentication and finally enumerate / start applications. On the NetScaler, you can check the appropriate policy to be taken as an additional check you defined by checking the user interface or via the CLI
CLI .:
policy: pol_pnagent_ng rule: HTTP.REQ.HEADER(“User-Agent”).SET_TEXT_MODE(IGNORECASE).CONTAINS_ANY(“Legacy_Citrix_Client_UA”) Action: act_pnagent_ng
Hits: 16
1) CS Vserver: csv Test ng
Priority: 100
Hits: 16
Done
>
Advanced use cases
this new feature here many applications presented outside of it has - especially around:
- legacy PNAgent support
- Web Interface to storefront migrations
- legacy thin client / Device Support
- Share File Sync> controller
- Worx client> XenMobile Server
- OWA / Sharepoint
- EPA Remediation Site Redirection
additional resources
- How Web Interface install NetScaler
- content switching eDocs reference
0 Komentar