Citrix Gateway Connector

Note: Support for Citrix Gateway Connector feature is currently in technical preview release.

Citrix Gateway Connector is a Citrix component which serves as a channel of communication between Cloud services (Citrix Gateway service, ADM and so on) and on-premises components such as Web servers. It is a virtual appliance compatible with Citrix Hypervisor VMware ESXi, and Microsoft Hyper-V with a small form factor. Citrix Gateway Connector facilitates the remote access to the Enterprise web apps.

Set up resource location and install Citrix Gateway Connector using Citrix Cloud user interface

The following are the steps to set-up a resource location and install Citrix Gateway Connector using Citrix Cloud user interface:

  1. On top left of the Citrix Cloud screen, click the hamburger icon and select Resource Locations. Click the plus icon next to Resource Locations.

    localized image

  2. Provide a name for the resource location and click Save.

    localized image

  3. Double-click the plus icon next to Citrix Gateway Connectors under the newly created resource location.

    localized image

  4. Select the hypervisor and click Download Image. Import the locally downloaded image to your hypervisor and create a new virtual machine (Citrix Gateway Connector).

    localized image

  5. Click Get Activation Code.

    localized image

  6. The activation code is generated as follows.

    localized image

  7. Once the installation is complete, Click Detect.

    localized image

  8. Now look for the following message on the newly installed VM (Citrix Gateway Connector). Type the mentioned URL in a browser to access the Citrix Gateway Connector user interface. In case the message mentioning the URL gets lost among the numerous syslog messages, you must log on to the Citrix Gateway Connector CLI as an administrator and type the following command “show ip”. The command displays the IP assigned to the Citrix Gateway Connector through DHCP. Now open https://IP:8443 on your browser to access the Citrix Gateway Connector admin user interface.

    localized image

  9. The username and password for the following screen is “administrator” for the first time user.

    localized image

  10. Change the password by providing a password of your choice in Set administrator password section and click Continue.

  11. Enter the following configuration details in System settings section and click Continue.
    • Connector IP Address – IP address of connector.
    • Subnet Mask – Subnet mask of the connector IP address.
    • Default Gateway – IP address of Default Gateway.
    • DNS Server – IP address DNS Server.
    • Proxy IP – Your internal proxy server IP address.
    • Proxy Port – Port of the proxy server.

      localized image

  12. In the Single sign on section, check Enable Kerberos Single Sign On for capabilities beyond the basic authentication. Enter the following Kerberos configuration details and click Continue.
    • Active Directory Domain – Active Directory domain for the users to be granted access.
    • Service Account Name – Delegated username for authentication.
    • Service Account Password – Delegated password for Service Account.

      localized image

  13. Finally enter the activation code generated in step 6 to register the connector with Citrix Cloud and click Save and Finish.

    localized image

  14. Installed Citrix Gateway Connector dashboard appears as follows.

    localized image

Set-up resource location and download Citrix Gateway Connector while adding Web app

While adding Web app using the Citrix Gateway service user interface, you can set up a new resource location and download connectors. To set up a resource location and download connectors, perform the following steps:

  1. In the Web app connectivity section, select the Create New radio button. Provide a name for the resource location and click Save.

    localized image

  2. Click Install Citrix Gateway Connector.

    localized image

  3. Select the required hypervisor from the Hypervisor drop-down menu, click Download Image.

    localized image

  4. Click Get Activation Code.

    localized image

  5. The activation code is generated as follows.

    localized image

  6. To install the connector, follow steps 7 to 12 in the preceding section named Setup resource location and install Citrix Gateway Connector using Citrix Cloud user interface.

Citrix Gateway Connector communication

Citrix Gateway Connector authenticates and encrypts all communication between Citrix Cloud and your resource locations. The communication between the Citrix Gateway Connector and Citrix Cloud is outbound. All connections are established from the Citrix Gateway Connector to the cloud using the standard HTTPS port (443) and the TCP protocol. No incoming connections are accepted. TCP port 443, with the following FQDNs are permitted outbound:

  • *.nssvc.net
  • *.netscalermgmt.net
  • *.citrixworkspacesapi.net
  • *.citrixnetworkapi.net
  • *.citrix.com
  • *.servicebus.windows.net
  • *.adm.cloud.com

Citrix Gateway Connector availability

For continuous availability, install multiple Citrix Gateway Connectors in each of your resource locations. Citrix recommends at least two (2) Citrix Gateway Connectors in each resource location. If one Citrix Gateway Connector is unavailable for any period of time, the other Citrix Gateway Connectors can maintain the connection. As long as there is one Citrix Gateway Connector available, there is no loss in communication with Citrix Cloud. Citrix Gateway Connectors can be restricted to upgrade during a specified maintenance window every 24 hour, controlled per Resource Location.

Load management

Manage load by installing multiple Citrix Gateway Connectors in each resource location. Since each Citrix Gateway Connector is stateless, the load can be distributed across all available Citrix Gateway Connectors. There is no need to configure this load balancing function. It is completely automated.

Support for Citrix Gateway Connector

As long as you ensure continuous availability of the Citrix Gateway Connector in each resource location, you can manage the machines where they are installed one at a time to avoid outage periods.

System requirements

Citrix Gateway Connector is a virtual appliance. The VM specification must have at least:

  • 3 vCPU (The appliance fails to boot with less than 2 vCPU). A maximum of 6 vCPU can be installed. 4 GB memory per vCPU is recommended for optimum performance.

  • 6 GB RAM

  • 1 Network Adapter (virtual NIC). You can add an additional virtual NIC upon requirement.

  • Firewall:

    • UDP port 53 to DNS server
    • TCP and UDP port 389 to Active Directory Domain Controllers (optional * - * is described at the end of the page)
    • TCP port 636 to Active Directory Domain Controllers (optional *)
    • TCP port 3268 to Active Directory Domain Controllers (optional *)
    • TCP port 3269 to Active Directory Domain Controllers (optional *)
    • TCP port 443, with the following FQDNs are permitted outbound:
      • *.nssvc.net
      • *.netscalermgmt.net
      • *.citrixworkspacesapi.net
      • *.citrixnetworkapi.net
      • *.citrix.com
      • *.servicebus.windows.net
      • *.adm.cloud.com
    • TCP ports (*2) to Web servers accessed using Citrix Gateway Connector
    • Open port 8443 inbound for web-based management

Recommended: Network with DHCP enabled to simplify the initial configuration.

* - Required to perform domain-based single sign-on to Web applications

** - Ports determined by the customers environment – ports 80 and 443 are typical