How to Configure NetScaler Gateway 11.1 with StoreFront 3.6 and XenApp/XenDesktop 7.9

Similar documents
How to Configure NetScaler Gateway 10.5 to use with StoreFront 2.6 and XenDesktop 7.6.

XenDesktop 5 with Access Gateway

App Orchestration 2.5

Deploying NetScaler Gateway in ICA Proxy Mode

WHITE PAPER Citrix Secure Gateway Startup Guide

App Orchestration 2.0

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below.

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Hands-on Lab Exercise Guide

Installing and Configuring vcloud Connector

609: Front-ending and load balancing XenDesktop and XenApp with NetScaler

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

XenDesktop Implementation Guide

Deployment Guide ICA Proxy for XenApp

Citrix Receiver for Mobile Devices Troubleshooting Guide

Installing and Configuring vcloud Connector

ECA IIS Instructions. January 2005

Virtual Appliance Setup Guide

WHITE PAPER Citrix Service Provider Secure Multi-tenant Desktop as a Service with NetScaler VPX

Improving Microsoft Exchange 2013 performance with NetScaler Hands-on Lab Exercise Guide. Johnathan Campos

Installing and Using the vnios Trial

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

F-Secure Messaging Security Gateway. Deployment Guide

Citrix Access on SonicWALL SSL VPN

This guide identifies two possible enterprise integration scenarios for NetScaler and Azure AD.

Microsoft Exchange 2010 and 2007

603: Enhancing mobile device experience with NetScaler MobileStream Hands-on Lab Exercise Guide

MultiSite Manager. Setup Guide

Chapter 7 Managing Users, Authentication, and Certificates

Copyright 2012 Trend Micro Incorporated. All rights reserved.

simplify monitoring Consolidated Monitoring, Analysis and Automated Remediation For Hybrid IT Infrastructures

Configuration Guide. BES12 Cloud

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

VMware Identity Manager Administration

PineApp Surf-SeCure Quick

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Wavecrest Certificate

How do I set up a branch office VPN tunnel with the Management Server?

Exchange 2010 PKI Configuration Guide

Hands-on Lab Exercise Guide

Smart Auditor 1.3 Installation and Configuration

App Orchestration 2.5

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

2X ApplicationServer & LoadBalancer Manual

SSL-VPN 200 Getting Started Guide

Citrix XenApp 6.5 and XenDesktop 5.6 Security Standards and Deployment Scenarios Supplementary scenarios

Single Sign On for ShareFile with NetScaler. Deployment Guide

Secure IIS Web Server with SSL

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Deployment Guide ICA Proxy for XenApp

Implementing PCoIP Proxy as a Security Server/Access Point Alternative

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Citrix StoreFront 2.0

Hands-on Lab Exercise Guide

VMware Identity Manager Connector Installation and Configuration

Polycom RealPresence Access Director System Administrator s Guide

Dell SonicWALL SRA 7.5 Citrix Access

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Deploying the BIG-IP LTM and APM with Citrix XenApp or XenDesktop

Setting Up SSL on IIS6 for MEGA Advisor

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

VMware Identity Manager Administration

IIS 6.0SSL Certificate Deployment Guide

MultiSite Manager. Setup Guide

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

7. Configuring IPSec VPNs

Consolidated Monitoring, Analysis and Automated Remediation For Hybrid IT Infrastructures. Goliath Performance Monitor Installation Guide v11.

Consolidated Monitoring, Analysis and Automated Remediation For Hybrid IT Infrastructures. Goliath Performance Monitor Installation Guide v11.

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

2X ApplicationServer & LoadBalancer Manual

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

PHD Virtual Backup for Hyper-V

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

How To Integrate An Ipm With Airwatch With Big Ip On A Server With A Network (F5) On A Network With A Pb (Fiv) On An Ip Server On A Cloud (Fv) On Your Computer Or Ip

Savvius Insight Initial Configuration

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

VPN Web Portal Usage Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Lync Online Deployment Guide. Version 1.0

Smart Card Authentication Client. Administrator's Guide

Sophos Mobile Control Installation guide. Product version: 3

Manual Wireless Extender Setup Instructions. Before you start, there are two things you will need. 1. Laptop computer 2. Router s security key

Weston Public Schools Virtual Desktop Access Instructions

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

vcloud Director User's Guide

Citrix XenApp 6 Fundamentals Edition for Windows Server 2008 R2 Administrator's Guide

User's Guide. Product Version: Publication Date: 7/25/2011

How to Configure Certificate Based Authentication for WorxMail and XenMobile 10

Deployment Guide for Citrix XenDesktop

APNS Certificate generating and installation

Deployment Guide: Transparent Mode

Transcription:

How to Configure NetScaler Gateway 11.1 with StoreFront 3.6 and XenApp/XenDesktop 7.9 Introduction The purpose of this document is to provide the steps required to configure a NetScaler Gateway to work with StoreFront, XenApp, and XenDesktop. During configuration, you will use the built-in NetScaler tools for creating a server certificate request for NetScaler Gateway, and associating the certificate with the NetScaler Gateway virtual server. In this document, you will use a Microsoft Certificate Server to create the server certificate and provide the associated CA certificate. The target audience for this document includes developers and testers who wish to set up a representative environment for testing external access scenarios. While this document only shows a single configuration, it can be used as the basis to create similar or more advanced configurations.

Contents How to Configure NetScaler Gateway 11.1 with StoreFront 3.6 and XenApp/XenDesktop 7.9... 1 Introduction... 1 Network Diagram... 3 NetScaler Gateway Configuration... 3 To install the NetScaler VPX appliance in the XenCenter Console... 3 To continue setup from the NetScaler configuration utility... 4 Server Certificates, CA Certificates, and SSL... 8 NTP Server... 17 Backups and why you might want one at this stage... 17 Create a NetScaler Gateway Virtual Server... 18 StoreFront Configuration... 27 Test the deployment from a Windows computer connected to the Internet... 34

Network Diagram The following diagram shows an example of the components in a NetScaler Gateway, XenApp/XenDesktop and StoreFront deployment. NetScaler Gateway will use the following network IP addresses: NetScaler Gateway: 192.168.18.20 Subnet: 192.168.18.21 Virtual: 192.168.18.22 NetScaler Gateway Configuration This section assumes that you will create a NetScaler VPX virtual appliance hosted on XenServer. The process for configuring the physical and virtual appliance is similar. To install the NetScaler VPX appliance in the XenCenter Console 1. Download the NetScaler VPX virtual appliance from the Citrix website. 2. Import the virtual appliance into XenCenter. 3. In XenCenter, start the NetScaler VM and go to the NetScaler console.

4. Enter the following information into the first-time use wizard: a. NetScaler's IPv4 address 192.168.18.20 b. Netmask 255.255.255.0 c. Gateway IPv4 address 192.168.18.1 5. Press 4 to save and quit. The NetScaler appliance restarts. To continue setup from the NetScaler configuration utility 1. Open a web browser and in the address bar, enter http://192.168.18.20.

2. In User name and Password, enter nsroot in both fields and click Log On. The Citrix User Experience Improvement Program screen appears. 3. For the purposes of this document, click Skip. The NetScaler Welcome wizard guides you through the configuration of the subnet IP address, host name, DNS details, time zone and installing licenses. 4. In the Welcome wizard, click Subnet IP Address. 5. In Subnet IP Address, enter the address 192.168.18.21, in Netmask, enter 255.255.255.0 and click Done.

6. In the Welcome wizard, click Host Name, DNS IP Address, and Time Zone. 7. In Host Name, enter the host name. 8. In DNS IP Address, enter the address 192.168.80.1. 9. In Time Zone, select the time zone and click Done. 10. In the Welcome wizard, click Licenses. 11. Add your licenses and click Reboot. The licenses in the following illustration are Citrix test licenses. Your license names will differ.

When the appliance restarts and you log on to the appliance, you can enable features that are disabled by default. Note: NetScaler and NetScaler Gateway features are available based on the licenses installed on the appliance. 12. On the Configuration tab, in the navigation pane, right-click NetScaler Gateway and click Enable. 13. On the Configuration tab, in the navigation pane, expand Traffic Management, right-click SSL and click Enable. Next, change the administrator password for the appliance. 14. On the Configuration tab, in the navigation pane, expand System > User Administration and click Users.

Server Certificates, CA Certificates, and SSL NetScaler Gateway supports many different types of certificates, including server, intermediate, and root certificates. You can use wizards on NetScaler Gateway to obtain a server certificate from a Certificate Authority (CA) for NetScaler Gateway. For production environments, you can use the Certificate Signing Request (CSR) to generate a certificate for signing by a Certificate Authority (CA). For the purposes of this document, we'll be creating an RSA key and using the Microsoft Active Directory Certificate Services to create a test certificate. Within Development and Test environments, a possible source for a security certificate for a web service is from a private Windows Certificate Server. In this sample environment, VirtDC01 is a Windows Certificate Server. To create an RSA key 1. In the NetScaler GUI, on the Configuration tab, in the navigation pane, click Traffic Management, and then click SSL.

2. In the details pane, under SSL Keys, click Server Certificate Wizard. 3. Complete the fields (it s a good idea to encrypt the key file with a passphrase) and click Create. After you create the RSA key, create the CSR. To create a Certificate Signing Request 1. In the NetScaler GUI, on the Configuration tab, in the navigation pane, click Traffic Management, and then click SSL. 2. In the details pane, under SSL Certificates, click Create Certificate Signing Request.

3. Complete the fields and then click Create. Important: The Common Name is the fully qualified domain name (FQDN) of NetScaler Gateway. The FQDN is the address to which users connect and is resolved by public DNS. After you complete the CSR, the next step in the SSL Certificate Wizard is to create the certificate. Do not do this. Instead, copy the certificate from the /flash/nsconfig/ssl/directory on the NetScaler appliance to a Windows computer. You can use the utility WinSCP to transfer the certificate.

After you save the certificate to your Windows computer, use the Microsoft Active Directory Certificate Services to Request a certificate. [Optional you can use SSL to communicate from NetScaler Gateway to your StoreFront and XenApp/XenDesktop farm.] You can return to this page to Download a CA Certificate (Base 64). Installing the CA certificate on NetScaler Gateway is described later in this section. To create a certificate by using Microsoft Active Directory Certificate Services 1. On a Windows computer, navigate to Microsoft Active Directory Certificate Services. 2. On the Active Directory Certificate Services page, click Request a certificate.

3. On the Request a Certificate page, click advanced certificate request. 4. On the Advanced Certificate Request page, click Submit a certificate request by using a base-64- encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

5. Open the CSR saved to your computer and copy the contents. Then, paste the contents into Submit a Certificate Request or Renewal Request. 6. In Certificate Template, use Notepad to copy the contents in Saved Request and paste it in the Microsoft Certificate Request page. 7. In Certificate Template, select Web Server and click Submit. 8. Return to the NetScaler SSL Server Certificate Wizard, skip step 3, and go to step 4 to install the certificate. To install the Microsoft-generated certificate

1. In Certificate-Key Pair Name, enter the name. 2. In Certificate File Name, select Choose File, navigate to the saved Microsoft certificate on your computer, and click Open. 3. Click Create and click Done. 4. When the certificate uploads, a prompt appears for the name and password of the Key File that you created earlier. Enter these details and click Create and then click Done.

5. To view your certificate in the NetScaler GUI, go to Traffic Management > SSL > Certificates > Server Certificates. A list of installed certificates appears.

[Optional] To install a CA certificate on NetScaler Gateway You can use SSL to communicate between NetScaler Gateway, StoreFront, and XenApp/XenDesktop. To do so, install a CA certificate on the appliance. This procedure is optional and is not required to complete the setup described in this document. 1. In the NetScaler UI, on the Configuration tab, in the navigation pane, expand Traffic Management > SSL > Certificates and then click CA Certificates. 2. In the CA Certificates details pane, click Install. 3. On the Install CA Certificate page, enter a name in Certificate-Keypair Name. 4. In Certificate File Name, click Choose File and then navigate to file with the extension.cer and click Open. 5. To view your certificate in the NetScaler GUI, go to Traffic Management > SSL > Certificates > CA Certificates.

A list of installed certificates appears. NTP Server Citrix recommends using an NTP server to keep time on NetScaler Gateway. Secure connections with SSL work easier when all the clocks are synchronized. To configure an NTP server 1. In the NetScaler GUI, go to System > NTP Servers and then click Add 2. Add the NTP server details and then click Create. Backups and why you might want one at this stage The NetScaler appliance now has its network configuration, licenses and certificates in place, and the next stage is to run a wizard to create the NetScaler Gateway Virtual Server and its associated elements. The wizard used to establish the NetScaler Gateway Virtual Server is a series of sub-wizards, and the NetScaler Gateway configuration is updated after completing each sub-wizard. By having a backup or snapshot at this point one has an option to: Accept the configuration and move forward Rerun parts of the wizard Fall back to this point and start again To save and backup the configuration 1. In the NetScaler GUI, on the System panel, click the Save button on the top right of the page.

2. On the Configuration tab, in the navigation pane, expand System > Backup and Restore. 3. In the details pane, complete the details and then click Backup. Create a NetScaler Gateway Virtual Server NetScaler Gateway contains new wizards that allow you to integrate with other Citrix products. For our purposes, we are creating a virtual server to work with XenApp and XenDesktop. To create a virtual server 1. On the Configuration tab, under Integrate with Citrix Products, click XenApp and XenDesktop.

2. On the Welcome page, click Get Started. 3. In What is your Citrix Integration Point? Select StoreFront and click Continue.

4. On the NetScaler Gateway Settings page, enter the IP address (192.168.18.22), port (443), the name of the virtual server and click Continue. 5. In Server Certificate, click the Use existing certificate tab, select the server certificate that you previously created, and click Continue. 6. The next setting is authentication. In this example, users authenticate by using Active Directory or LDAP. Enter the following values and then click Continue: a. Primary authentication method: Select Active Directory\LDAP.

b. IP Address: 192.168.80.1, which is the address of the Domain Controller. c. Port: 389 for unsecure connections. d. Time-out (seconds): 3 (this is the default). e. Base DN: dc=virtdom,dc=chsys3,dc=com f. Service Account: administrator@virtdom.chsys3.com g. Server Logon Name Attribute: samaccountname h. Password and Confirm Password: Enter the password for the Service Account. 7. Enter the details of the StoreFront server as shown in the following illustration and then click Continue. Note: The Test Connection button will not work until you configure the StoreFront server. You will configure StoreFront later in this document.

8. Under Xen Farm, in Configure, select None and click Continue. Note: This section configures load balancing the XenDesktop Controllers and XenApp servers, which is not covered in this document. However, you can configure the settings in this section at any time.

9. Review your settings and click Done. After you click Done, the Dashboard page appears. You can close the page and return to the Configuration tab. [Optional]To add the CA certificate to the NetScaler Gateway Virtual Server Note: This procedure is optional and is not required to complete the setup of NetScaler Gateway. 1. On the Configuration tab, expand NetScaler Gateway and click on Virtual Servers. 2. In the details pane, select _XD_TestGW and click Edit. 3. On the VPN Virtual Server page, under Certificate, click No CA Certificate.

4. Select the CA certificate that you installed previously, select OCSP Optional, and click Bind. 5. Scroll to the bottom of the VPN Virtual Server page and click Done.

6. Save your work to date by clicking on the Save icon in the upper right corner. If you do not save after making changes to the NetScaler Gateway configuration, there is a risk of losing your changes when the appliance restarts.

StoreFront Configuration Before you start to configure StoreFront, check that the DNS entries configured on the NetScaler Gateway virtual server (testgw.hopto.org) point to the correct servers. On Internet DNS needs to resolve to a public address that is accessible from the Internet. Typically, the public address is configured on a firewall or router that is forwarded to the NetScaler Gateway virtual server IP address. On the internal LAN the DNS needs to point to the local address of the NetScaler Gateway virtual server in the DMZ, 192.168.18.22 To install and configure StoreFront 1. Install StoreFront from your distribution media and click Finish. 2. After installing StoreFront, the Management Console offers a choice of options. Click Create a new deployment. 3. Accept the default Base URL and click Next.

4. Click through the Getting Started section to Store Name. 5. In Store name and access, under Receiver for Web Site Settings, click Set this Receiver for Web site as IIS default and click Next. 6. In Delivery Controllers, click Add, and enter the XenApp Delivery Controller. 7. Repeat step 6 to add the XenDesktop Delivery Controller.

8. On the Remote Access page, click Enable Remote Access. 9. Click Allow users to access only resources delivered through StoreFront (No VPN tunnel). 10. Click Add to configure the NetScaler Gateway settings. 11. On the General Settings page, enter the NetScaler Gateway information and click Next.

12. On the Secure Ticket Authority (STA) page, click Add, enter the STA server information and click Next. Make sure that any STA referenced here is also included in the NetScaler Gateway virtual server list of STAs.

13. On the Authentication Settings page, complete the details to connect to the NetScaler Gateway appliance and then click Create. Unless you have a complex environment, leave the VServer IP address blank. 14. On the Summary page, click Finish.

The NetScaler Gateway appears on the Remote Access page and is the default appliance. 15. Click Next. 16. On the Configure Authentication Methods page, select the authentication methods and click Next. 17. On the Configure XenApp Services URL page, make sure to select both options and click Next.

18. The Summary page appears showing that you configured StoreFront successfully. Click Finish.

Test the deployment from a Windows computer connected to the Internet On the Windows PC 1. Confirm that a recent Citrix Receiver is installed. 2. Confirm that the Trusted Root CA Certificate is installed in the Trusted Root Certification Authorities > Certificates container. 3. In Internet Explorer, turn off certificate revocation checking. This step is required because our private server in unknown on the Internet. a. On the Tools menu in Internet Explorer, click Internet Options > Advanced. b. Check that the publisher's certificate revocation is set to Off. c. Check that the server certificate revocation is set to Off. 4. If you use a browser other than Internet Explorer (such as Firefox, Chrome, or Safari) you might need to import the Trusted Root CA Certificate into the Certificate Manager, and turn off Online Certificate Status Protocol checking. 5. Use Internet Explorer to browse to your NetScaler Gateway. The logon page appears.

6. After logging on, the Citrix StoreFront page appears. You can launch Apps and Desktops.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information