SSL VPN offered by NetScaler Access Gateway uses the Web browser systems to connect to the network.
This brings some advantages, for example the login option can be made based on the result of endpoint security controls, it provides a way to deploy the VPN client for users who are not not installed it yet and allows integration with its own internal portals or websites of NetScaler to display for users who have successfully established a tunnel.
However, there are circumstances where this functionality is not required for a particular environment or use case. One time, I was approached by one of our clients to explain how to display the form of native log can be displayed for all users by default or even deployed this automatically, without the web browser as the user interface for the VPN client.
The capture of screen below shows how it looks. The displayed input fields can be modified, a combination of password and token authentication is possible the same way as the web browser is the user interface.
The configuration for this user connection mode is done in the VPN profile Secure Client Access client. In your VPN connection options (check the tray icon), you can edit your profile. The head shape adjustment logon, is on the "Options" tab. The check box labeled "Use the plug-in Access Gateway Logon" must be checked in order to have the open form of native session coming on the screen the next time you want to connect with Client
Although it is not very new to many of you and most of it is already documented in other places, my client wanted something which is not documented anywhere. He needed to automatically deploy the plug-in access gateway new machinery and would not let users go through the dialogues to change the default behavior of their own. Therefore, we need to set the option to login manually for the opening session native form available from the first use on.
As described above, the adjustment is part of the VPN client profile. It is not stored in the register of customers but in an ini file in the% APPDATA% folder users. So, on my machine, for example, the file is located here:
C: Users David AppData Local Citrix AGED ns1profile.ini
It contains in my case a few lines of options from which "native connection" is the one we're after:
[global]
= current user David
[David]
native login = 0
what is 0 in this case means
native connection = 0: the Web browser acts as user interface (default)
native connection = 1: the application form native logon is used as the interface to connect to the VPN.
It's just a text file with a few lines of options, automatic deployment of these parameters can be done in different ways (MSI, etc.)
My client was however still not satisfied with the look and customer friendly and asked for something more flexible and extensible (for example, the execution of some programs to the tunnel being or not). To accomplish this, it became clear that I needed to reconnect with long lost the developer in me and use Access Gateway client API. Since this is not really documented anywhere, a separate blog post covers this topic in more detail (Access Gateway client API library)
0 Komentar