Access Gateway discussed in this blog is the access gateway based on NetScaler, which is popularly known as Access Gateway Enterprise. Citrix recently announced the end of life for all Access Gateway platforms with non-base NetScaler, which makes then Enterprise Edition, the de-facto Access Gateway.
In this blog we will discuss the two types of licenses used on your Access Gateway appliance, both types of vservers you can put in place to take advantage of these licenses to provide classic features / Advanced, and an example scenario towards the end, to help illustrate these concepts in a real scenario.
License Types
Access Gateway is licensed at two levels:
- Platform License
- Licensing Universal
platform Licenses
Each Access Gateway (VPX / MPX) comes with a platform license, which allows all the basic features in Access Gateway. After buying a device, the license is automatically available in your account MyCitrix, and can be easily downloaded and installed on your device
platform licenses can be used to provide seamless access at:.
- ICAProxy access to XenApp / XenDesktop, using the Web interface
- ICAProxy access to XenApp / XenDesktop, using Storefront (CloudGateway Express)
Universal licenses
Universal licenses are used to enable additional functionality / advanced on the devices of the access gateway. These are add-on licenses and work as well as the platform licenses to provide seamless access to your Citrix deployments. Universal licenses are purchased separately from the device, and can be installed in the same way that the license of the platform
Universal licenses can be used to enable the following advanced features :.
- End Point Analysis
- Smart Access to XenApp / XenDesktop
- CVPN - client access to internal Web resources
- Full Tunnel (SSL VPN)
- MDX Micro VPN
universal Licenses are required to support the following Citrix deployments:
- ICAProxy access to XenApp / XenDesktop with Smart access ( both Web and Storefront Interface)
- CloudGateway Enterprise Mobility (AppController)
- CloudGateway Enterprise (AppController + Storefront)
virtual servers
on Access Gateway, it must be established vservers (virtual servers) to act as connection points for all incoming remote connections. These vservers can be implemented in two modes:
- Basic Mode
- Smart Access Mode
Basic Mode vServer
vServer basic mode is a server that consumes platform licenses and can therefore be used to provide access to your ICAProxy deployments XenApp / XenDesktop, both via the web interface and Storefront. A basic mode vServer mainly works out of the box, without the need to purchase additional licenses. Once the platform licenses are consumed, vServer can start consuming universal licenses, if available. This leads to increased support of simultaneous users that can go beyond the default that ships with the device.
Mode Smart Access vServer
An intelligent access mode consumes vServer essentially universal licenses and can be used to provide access to all Citrix deployment. Including XenApp / XenDesktop / CloudGateway. From which we can implement such a vServer if additional licenses are purchased universal or are received as a beam placement with CloudGateway Enterprise / Platinum XenApp / XenDesktop Platinum offers. Note that a Smart Access vServer can consume Universal licenses and start dropping connections once all universal licenses are consumed.
Both vservers can be implemented using the new simplified wizard that was included in the last access gateway offers. This new wizard simplifies the creation of these vservers and automates the process of integrating into your existing Citrix infrastructure. This wizard automatically sets up all the policies required on Access Gateway to provide authentication and integration with other Citrix products. More details about these policies can be found on my blog earlier available - / blogs / 2012/08/06 / what's new with-citrix-access-bridge-10-0-69-6 /
scenario
Consider an example scenario of how a Citrix deployment would look like and how access Gateway can best be used in such a scenario, providing seamless access to applications and desktops.
to take a client who needs to provide:
- 3000 users with access to their critical applications
- 1000 users with access to a full desktop computer blown
- 1000 users who need access to their web / saas / native mobile apps on the move
to support the above scenario, lets say the customer buys:
- 3000 XenApp Enterprise license
- 1000 licensing XenDesktop Platinum
- 1000 licenses CloudGateway Enterprise
With the above, the client would have received the following Access Gateway Universal licenses (CCU):
- 0 CCU AG
- 1000 AG CCU
- 1000 AG CCU
given the scenario and the above licenses, the customer would have to make the following purchases and Access Gateway configurations to provide, at any time of the secure remote access and transparent in their Citrix infrastructure:
- Provides two platforms AG MPX implemented in HA, which will be able to support the required number of users - 5000.
- Download platform licenses for both. Download 00 CCU AG, which came with purchases XD CG Platinum and Enterprise. Install licenses on MPX appliances.
- Configuring a vServer in basic mode, to allow access to 3000 users who need to access their database applications. Use the simplified wizard to do so, which will be implemented all the policies so that users redirected to their virtual applications when they connect.
- Set up a second vServer in Smart Access mode. It will be used to provide access to 1000 users and 1000 XD CG users. Use the simplified wizard again, to put in place, which should implement all relevant policies for both.
- Note that since 2 e vServer is a Smart Access vServer, it is possible to implement EPA policies (End Point Analysis) this to control granularly the level of access based on the end point of health. Essentially, since the users on this vServer have access to a full blown desktop computer, the administrator may want to be more careful and calculated on the conditions when a user should be granted access to the office. This is done through the establishment of EPA policies to ensure that the endpoint is in compliance with all necessary corporate policies, such as a firewall work, latest updates security, no malicious software, ... Only when the required compliance is met, users have access to their office. Better yet, based on the results of detailed analyzes that run on the endpoint, Access Gateway can transmit this information to XD, which can then enable / disable certain functionality within these desktops to really control the extent of access.
- also note that if you choose to implement the EPA's policy on the 2 e vServer above, you may have to put in place on March 1 e vServer in Smart access mode to provide access to CloudGateway users. Indeed, the Citrix mobile receivers (iOS / Android) Today, EPA does not support and therefore will not be allowed access through vServer implemented with the EPA. They will then have to talk about this 3 e vServer configured to provide access to their web / saas / native mobile applications access
UPDATE :. To cover the details of how AG Licensing works in High Availability (HA) configurations, I wrote a follow-up post here - Access Gateway Licensing Demystified Part 2 (HA)
0 Komentar