With Content Switching Policies NetScaler Gateway for legacy Citrix clients

10:41 PM
With Content Switching Policies NetScaler Gateway for legacy Citrix clients -

you age-old problem of legacy Citrix Receiver client access via a common NetScaler Gateway is now solved been!

NetScaler From 10.5 Build 51.1017.e + You can now can content switching policies create directly to NetScaler Gateway VServer and binding. Connections for the gateway are determined, stopped and processed as normal but before any actions are invoked on the session, review the policy engine, when to see guidelines any content switching are bound to find the application. If the conditions laid down in the Directive are met, connections to the target load balancing vserver be sent in the respective content switching policies defined.

Although this particular enlargement for Share File and XenMobile developed customer, another primary use case is to identify downward plane Citrix clients as PNAgent or embedded user customers in thin clients found. , the extension allows you to simplify your deployment design for these customers by the same DNS namespace, use IP and SSL certificate already. For modern receiver and browser clients This was previously not possible, because the subordinate client authentication methods are required incompatible with the NetScaler Gateway VPN VServer. These connections must terminate normally at the Web Interface Services Web site, or legacy services URL to storefront. this new feature with the Web Interface on NetScaler combination It enables infrastructure to consolidate further and an elegant solution that accommodates both old and current Citrix client for hybrid deployments or migration strategies.

legacy Citrix clients as PNAgent were to never authenticate to NetScaler Gateway be improved. This meant that any application for remote or secure connections from these clients requirements had a separate DNS entry point involved provisioning, IP address and SSL certificate, to name any additional NAT rules, firewall policies, and the associated end-user support with him. In some cases more unsavory methods such as authentication all together on the NetScaler Gateway Disabling were used to work the defect. must This method will not include this make more.

before

before

After

after

conditions

  • NetScaler Building 51.1017.e + or 11.x
  • existing or configured VPN VServer
  • Web Interface or storefront legacy services
  • [1945016SchaltzielLBVServerfürWebInterfaceStorefront] existing content or Web Interface on NetScaler
  • Legacy client Identifier - ie user agent
  • Web Interface installed on NetScaler

implementation

Web Interface on NetScaler

Before a web interface on NetScaler Services- configure site, you must create a LB VServer target for use in your content switching configuration. Since the Web Interface on NetScaler Wizard does not permit LB VServer this type to create, this step must be performed manually

Add Service svc_wionns_xa65lab_http_80 127.0.0.1 HTTP 8080 -gslb NONE -maxClient 0. - MAXREQ 0 - CIP DISABLED -usip YES YES -useproxyport -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO NO -TCPB -cmp NO
Add lb vserver lb_wionns_xa65lab_http_80 HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
bind lb vserver lb_wionns_xa65lab_http_80 svc_wionns_xa65lab_http_80

VPN vserver and content switching policies

patset policy Legacy_Citrix_Client_UA
bind policy patset Legacy_Citrix_Client_UA PNAMAIN.EXE index 2
Add lb vserver lb_wionns_xa65lab_http_80 HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
service svc_wionns_xa65lab_http_80 127.0.0.1 HTTP 8080 -gslb NONE Add -maxClient 0 0 -maxReq -CIP DISABLED -usip YES YES -useproxyport -sp OFF -cltTimeout 180 - svrTimeout 360 - CKA NO NO -TCPB -cmp NO
bind lb vserver lb_wionns_xa65lab_http_80 svc_wionns_xa65lab_http_80
Add cs policy pol_pnagent_ng rule "HTTP.REQ.HEADER (" user-
Agent "). SET_TEXT_MODE (IGNORECASE) .CONTAINS_ANY ( "Legacy_Citrix_Client_UA ") "action act_pnagent_ng
Add cs Action act_pnagent_ng -targetLBVserver lb_wionns_xa65lab_http_80
bind vpn vserver csv Test ng -policy pol_pnagent_ng -priority 10

Web Interface on NetScaler services site

Add wi website "/ Citrix / PNAgent /" "https: //csv-ng.pnwlab.local" "http://192.168.15.0" - sessionReliability oN -authenticationPoint WebInterface -defaultAccessMethod Gateway Direct -siteType XenAppServices
Add wi website "/ Citrix / DesktopWeb /" "https: //csv-ng.pnwlab.local" "http://192.168.15.0" -sessionReliability ON - authenticationPoint Access Gateway -agAuthenticationMethod Explicit -defaultAccessMethod
bind wi website "/ Citrix / PNAgent /" PNWLAB xa65lab-a.pnwlab.local

This is what you really need to do anything.

Note that it is not necessary to actually configure a content switching vserver - only the policies and appropriate measures need to be established. want

If you insert the Web Interface LB existing, you have already setup or window is activated with the legacy services URL, there is not a whole lot of changes here - just create your LB VServer and appropriate CS VServer policy actions rather than to use these resources. Also, if you use the user interface, you can already noticed that there is there is an option in the breadcrumbs menu for adding content switching policies to a VPN VServer:

image

testing and Validation

testing is fairly straightforward. Just change the URL by the compatible client is used, the NetScaler Gateway VPN VServer to be

Here's how PNAgent to change, for example.

image

When everything is in place, you should see that the client properly to obtain in fact the first configuration, to connect, ask for the required authentication and finally enumerate / start applications. On the NetScaler, you can check the appropriate policy to be taken as an additional check you defined by checking the user interface or via the CLI

UI .:

image

CLI:

policy: pol_pnagent_ng rule: HTTP.REQ.HEADER(“User-Agent”).SET_TEXT_MODE(IGNORECASE).CONTAINS_ANY(“Legacy_Citrix_Client_UA”) Action: act_pnagent_ng

Hits: 16

1) CS Vserver: csv Test ng
Priority: 100
Hits: 16
Done
>

Advanced use cases

this new feature presented here many applications outside of it has - especially around:

  • legacy PNAgent support
  • Web Interface to storefront migrations
  • legacy thin client / Device Support
Some of the other use cases that had gone to my head:
  • Share File Sync> controller
  • Worx client> XenMobile Server
  • OWA / Sharepoint
  • EPA Remediation Site Redirection

additional resources

  • How Web Interface install NetScaler
  • content switching eDocs reference
Previous
Next Post »
0 Komentar