Citrix Gateway Connector

Citrix Gateway Connector is a Citrix component which serves as a channel of communication between Cloud services (Citrix Gateway service, ADM, and so on) and on-premises components such as Web servers. It is a virtual appliance compatible with Citrix Hypervisor VMware ESXi, and Microsoft Hyper-V with a small form factor. Citrix Gateway Connector facilitates the remote access to the Enterprise web apps.

How it works

Citrix Gateway Connector authenticates and encrypts all communication between Citrix Cloud and your resource locations. The communication between the Citrix Gateway Connector and Citrix Cloud is outbound. All connections are established from the Citrix Gateway Connector to the cloud using the standard HTTPS port (443) and the TCP protocol. No incoming connections are accepted. TCP port 443, with the following FQDNs are permitted outbound:

  • *.nssvc.net
  • *.netscalermgmt.net
  • *.citrixworkspacesapi.net
  • *.citrixnetworkapi.net
  • *.citrix.com
  • *.servicebus.windows.net
  • *.adm.cloud.com

Important: If there are SSL intercepting devices in the on premises data center where the Citrix Gateway Connector must be deployed, the connector registration does not succeed if SSL interception is enabled for these FQDNs. The SSL interception must be disabled for these FQDNs for successful connector registration.

System requirements

Citrix Gateway Connector is a virtual appliance. The VM specification must have at least:

  • Number of vCPUs must be exactly 2.
  • 4 GB RAM minimum.
  • 1 Network Adapter (virtual NIC). You can add an extra virtual NIC upon requirement.
  • Firewall:

    • UDP port 53 to DNS server
    • TCP and UDP port 389 to Active Directory Domain Controllers (optional * - * is described at the end of the page)
    • TCP port 636 to Active Directory Domain Controllers (optional *)
    • TCP port 3268 to Active Directory Domain Controllers (optional *)
    • TCP port 3269 to Active Directory Domain Controllers (optional *)
    • TCP port 443, with the following FQDNs are permitted outbound:
      • *.nssvc.net
      • *.netscalermgmt.net
      • *.citrixworkspacesapi.net
      • *.citrixnetworkapi.net
      • *.citrix.com
      • *.servicebus.windows.net
      • *.adm.cloud.com
    • TCP ports (*2) to Web servers accessed using Citrix Gateway Connector
    • Open port 8443 inbound for web-based management

Recommended: Network with DHCP enabled to simplify the initial configuration.

* - Required to perform domain-based single sign-on to Web applications

Continuous availability of the Citrix Gateway Connector

As long as you ensure continuous availability of the Citrix Gateway Connector in each resource location, you can manage the machines where they are installed one at a time to avoid outage periods.

For continuous availability, install multiple Citrix Gateway Connectors in each of your resource locations. Citrix recommends at least two (2) Citrix Gateway Connectors in each resource location. If one Citrix Gateway Connector is unavailable for any period of time, the other Citrix Gateway Connectors can maintain the connection. As long as there is one Citrix Gateway Connector available, there is no loss in communication with Citrix Cloud. Citrix Gateway Connectors can be restricted to upgrade during a specified maintenance window every 24 hour, controlled per Resource Location.

Load management

Manage load by installing multiple Citrix Gateway Connectors in each resource location. Since each Citrix Gateway Connector is stateless, the load can be distributed across all available Citrix Gateway Connectors. There is no need to configure this load balancing function. It is automated.

Ways to install Citrix Gateway Connector

Citrix Gateway Connector can be installed in one of the following ways:

Set up resource location and install Citrix Gateway Connector using Citrix Cloud user interface

The following are the steps to set up a resource location and install Citrix Gateway Connector using Citrix Cloud user interface:

  1. On top left of the Citrix Cloud screen, click the hamburger icon and select Resource Locations. Click the plus icon next to Resource Locations.

    localized image

  2. Provide a name for the resource location and click Save.

    localized image

  3. Double-click the plus icon next to Citrix Gateway Connectors under the newly created resource location.

    localized image

  4. Select the hypervisor and click Download Image. Import the locally downloaded image to your hypervisor and create a new virtual machine (Citrix Gateway Connector).

    localized image

  5. Click Get Activation Code.

    localized image

  6. The activation code is generated as follows.

    localized image

  7. Once the installation is complete, Click Detect.

    localized image

You can access the Citrix Gateway Connector user interface by using the URL that is displayed in one of the messages on the newly installed Citrix Gateway Connector VM. You can also log on to the Citrix Gateway Connector CLI as an administrator and execute the show ipcommand for viewing the IP address assigned to the Citrix Gateway Connector through DHCP. Then you can open https://<IP address>:8443 on your browser to access the Citrix Gateway Connector admin user interface.

Set-up resource location and download Citrix Gateway Connector while adding Web app

While adding Web app using the Citrix Gateway service user interface, you can set up a new resource location and download connectors. To set up a resource location and download connectors, perform the following steps:

  1. In the Web app connectivity section, select the Create New radio button. Provide a name for the resource location and click Save.

    localized image

  2. Click Install Citrix Gateway Connector.

    localized image

  3. Select the required hypervisor from the Hypervisor list, click Download Image.

    localized image

  4. Click Get Activation Code.

    localized image

  5. The activation code is generated as follows.

    localized image

  6. Once the installation is complete, Click Detect.

You can access the Citrix Gateway Connector user interface by using the URL that is displayed in one of the messages on the newly installed Citrix Gateway Connector VM. You can also log on to the Citrix Gateway Connector CLI as an administrator and execute the show ipcommand for viewing the IP address assigned to the Citrix Gateway Connector through DHCP. Then you can open https://<IP address>:8443 on your browser to access the Citrix Gateway Connector admin user interface.

Log on and set up the Citrix Gateway Connector

After the Citrix Gateway Connector installation is complete, look for the following message on the newly installed VM (Citrix Gateway Connector).

localized image

Type the mentioned URL in a browser to access the Citrix Gateway Connector user interface. You can also log on to the Citrix Gateway Connector CLI as an administrator and execute the show ipcommand. The command displays the IP address assigned to the Citrix Gateway Connector through DHCP. Then open <https://IP address:8443> on your browser to access the Citrix Gateway Connector admin user interface.

  1. The user name and password for the following screen is administrator for the first time user.

    localized image

  2. Change the password by providing a password of your choice in Set administrator password section and click Continue.

  3. Enter the following configuration details in System settings section and click Continue.
    • Connector IP Address – IP address of Gateway Connector.
    • Subnet Mask – Subnet mask of the Gateway Connector IP address.
    • Default Gateway – IP address of default gateway.
    • DNS Server – IP address DNS server.
    • Proxy IP – Your internal proxy server IP address.
    • Proxy Port – Port of the proxy server.

      localized image

  4. In the Single sign on section, check Enable Kerberos Single Sign On for capabilities beyond the basic authentication. Enter the following Kerberos configuration details and click Continue.
    • Active Directory Domain – Active Directory domain for the users to be granted access.
    • Service Account Name – Delegated user name for authentication.
    • Service Account Password – Delegated password for Service Account.

      localized image

  5. Finally enter the activation code to register the connector with Citrix Cloud and click Save and Finish.

    localized image

The following figure displays the Citrix Gateway Connector dashboard.

localized image