you age-old problem of legacy Citrix Receiver client access via a common NetScaler Gateway is now solved been!
NetScaler From 10.5 Build 51.1017.e + You can now can content switching policies create directly to NetScaler Gateway VServer and binding. Connections for the gateway are determined, stopped and processed as normal but before any actions are invoked on the session, review the policy engine, when to see guidelines any content switching are bound to find the application. If the conditions laid down in the Directive are met, connections to the target load balancing vserver be sent in the respective content switching policies defined.
Although this particular enlargement for Share File and XenMobile developed customer, another primary use case is to identify downward plane Citrix clients as PNAgent or embedded user customers in thin clients found. , the extension allows you to simplify your deployment design for these customers by the same DNS namespace, use IP and SSL certificate already. For modern receiver and browser clients This was previously not possible, because the subordinate client authentication methods are required incompatible with the NetScaler Gateway VPN VServer. These connections must terminate normally at the Web Interface Services Web site, or legacy services URL to storefront. this new feature with the Web Interface on NetScaler combination It enables infrastructure to consolidate further and an elegant solution that accommodates both old and current Citrix client for hybrid deployments or migration strategies.
legacy Citrix clients as PNAgent were to never authenticate to NetScaler Gateway be improved. This meant that any application for remote or secure connections from these clients requirements had a separate DNS entry point involved provisioning, IP address and SSL certificate, to name any additional NAT rules, firewall policies, and the associated end-user support with him. In some cases more unsavory methods such as authentication all together on the NetScaler Gateway Disabling were used to work the defect. must This method will not include this make more.
before
After
conditions
- NetScaler Building 51.1017.e + or 11.x
- existing or configured VPN VServer
- Web Interface or storefront legacy services [1945016SchaltzielLBVServerfürWebInterfaceStorefront] existing content or Web Interface on NetScaler
- Legacy client Identifier - ie user agent
- Web Interface installed on NetScaler
implementation
Web Interface on NetScaler
Before a web interface on NetScaler Services- configure site, you must create a LB VServer target for use in your content switching configuration. Since the Web Interface on NetScaler Wizard does not permit LB VServer this type to create, this step must be performed manually
Add Service svc_wionns_xa65lab_http_80 127.0.0.1 HTTP 8080 -gslb NONE -maxClient 0. - MAXREQ 0 - CIP DISABLED -usip YES YES -useproxyport -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO NO -TCPB -cmp NO
Add lb vserver lb_wionns_xa65lab_http_80 HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
bind lb vserver lb_wionns_xa65lab_http_80 svc_wionns_xa65lab_http_80
VPN vserver and content switching policies
patset policy Legacy_Citrix_Client_UA
bind policy patset Legacy_Citrix_Client_UA PNAMAIN.EXE index 2
Add lb vserver lb_wionns_xa65lab_http_80 HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
service svc_wionns_xa65lab_http_80 127.0.0.1 HTTP 8080 -gslb NONE Add -maxClient 0 0 -maxReq -CIP DISABLED -usip YES YES -useproxyport -sp OFF -cltTimeout 180 - svrTimeout 360 - CKA NO NO -TCPB -cmp NO
bind lb vserver lb_wionns_xa65lab_http_80 svc_wionns_xa65lab_http_80
Add cs policy pol_pnagent_ng rule "HTTP.REQ.HEADER (" user-
Agent "). SET_TEXT_MODE (IGNORECASE) .CONTAINS_ANY ( "Legacy_Citrix_Client_UA ") "action act_pnagent_ng
Add cs Action act_pnagent_ng -targetLBVserver lb_wionns_xa65lab_http_80
bind vpn vserver csv Test ng -policy pol_pnagent_ng -priority 10
Web Interface on NetScaler services site
Add wi website "/ Citrix / PNAgent /" "https: //csv-ng.pnwlab.local" "http://192.168.15.0" - sessionReliability oN -authenticationPoint WebInterface -defaultAccessMethod Gateway Direct -siteType XenAppServices
Add wi website "/ Citrix / DesktopWeb /" "https: //csv-ng.pnwlab.local" "http://192.168.15.0" -sessionReliability ON - authenticationPoint Access Gateway -agAuthenticationMethod Explicit -defaultAccessMethod
bind wi website "/ Citrix / PNAgent /" PNWLAB xa65lab-a.pnwlab.local
This is what you really need to do anything.
Note that it is not necessary to actually configure a content switching vserver - only the policies and appropriate measures need to be established. want
If you insert the Web Interface LB existing, you have already setup or window is activated with the legacy services URL, there is not a whole lot of changes here - just create your LB VServer and appropriate CS VServer policy actions rather than to use these resources. Also, if you use the user interface, you can already noticed that there is there is an option in the breadcrumbs menu for adding content switching policies to a VPN VServer:
testing and Validation
testing is fairly straightforward. Just change the URL by the compatible client is used, the NetScaler Gateway VPN VServer to be
Here's how PNAgent to change, for example.
When everything is in place, you should see that the client properly to obtain in fact the first configuration, to connect, ask for the required authentication and finally enumerate / start applications. On the NetScaler, you can check the appropriate policy to be taken as an additional check you defined by checking the user interface or via the CLI
UI .:
CLI:
policy: pol_pnagent_ng rule: HTTP.REQ.HEADER(“User-Agent”).SET_TEXT_MODE(IGNORECASE).CONTAINS_ANY(“Legacy_Citrix_Client_UA”) Action: act_pnagent_ng
Hits: 16
1) CS Vserver: csv Test ng
Priority: 100
Hits: 16
Done
>
Advanced use cases
this new feature presented here many applications outside of it has - especially around:
- legacy PNAgent support
- Web Interface to storefront migrations
- legacy thin client / Device Support
- Share File Sync> controller
- Worx client> XenMobile Server
- OWA / Sharepoint
- EPA Remediation Site Redirection
additional resources
- How Web Interface install NetScaler
- content switching eDocs reference
0 Komentar