How Users Connect to Applications, Desktops, and ShareFile

If you have Citrix Endpoint Management in your deployment, users can connect in the following ways:

  • Citrix Gateway plug-in that establishes a full VPN tunnel to resources in the internal network. You create a session profile to select the Citrix Gateway plug-in for Windows or the Citrix Gateway plug-in for Mac. When users log on by using the plug-in , endpoint analysis scans can run on the user device.

    Note: To allow endpoint analysis scans to run on Mac computers, you must install Citrix Gateway 10.1, Build 120.1316.e or newer.

  • Citrix Receiver to connect to web, SaaS, and Enterprise applications, web links, and documents from ShareFile through Endpoint Management. When users log on with Receiver, Citrix Gateway routes the connection to Endpoint Management. When Receiver establishes the connection, users’ applications and documents appear in Receiver. If users log on with Receiver and connect to Endpoint Management directly, you must enable clientless access in Citrix Gateway. This deployment does not require StoreFront.
  • Receiver to connect to published applications and virtual desktops through StoreFront or the Web Interface. When users log on with Receiver, Citrix Gateway routes the connection to StoreFront or the Web Interface. When Receiver establishes the connection, user applications and desktops appear in Receiver.
  • Secure Hub to connect to iOS and Android apps, including WorxMail and WorxWeb, from mobile devices through Endpoint Management. When users log on to Secure Hub, they have access to the mobile apps that you configure in Endpoint Management, When Citrix Gateway establishes the Micro VPN connection, users mobile apps appear in the Secure Hub window. Users can start the apps from Secure Hub. Some apps require users to download and install the app on the mobile device.

In any of the preceding scenarios, if users want to connect through Citrix Gateway, they do the following:

  • Users log on by using the Citrix Gateway plug-in or Receiver. To log on for the first time, users open a web browser and type the fully qualified domain name (FQDN) of Citrix Gateway or Receiver. Users with mobile devices log on with Secure Hub.
  • On the logon page, users enter their credentials and are authenticated.
  • After authentication, the user session redirects to StoreFront or Endpoint Management depending on your deployment.
  • If you deploy both StoreFront and Endpoint Management, Citrix Gateway contacts the first server in the deployment. For example, if you configure MDX mobile apps in Endpoint Management, you deploy StoreFront behind Endpoint Management. If you are not providing access to MDX mobile apps, you deploy Endpoint Management behind StoreFront.
  • All of the users’ desktops, documents, and web, SaaS, and Windows-based applications appear in Receiver or Secure Hub.

If users need to access other resources in the internal network, such as Exchange, file shares, or internal web sites, they can also log on with the Citrix Gateway plug-in. For example, if users want to connect to a Microsoft Exchange server in the network, they start Microsoft Outlook on their computer. The secure connection is made with the Citrix Gateway plug-in which connects to Citrix Gateway. The SSL VPN tunnel is created to the Exchange Server and users can access their email.

Important: Citrix recommends configuring authentication on the Citrix Gateway virtual server. When you disable authentication in Citrix Gateway, unauthenticated HTTP requests are sent directly to the servers running the Web Interface, StoreFront or Endpoint Management in the internal network.

How Users Connect to Applications, Desktops, and ShareFile