Gateway

Deploying the web interface parallel to Citrix Gateway in the DMZ

In this deployment, the Web Interface and Citrix Gateway both reside in the DMZ. Users connect directly to the Web Interface by using a web browser or Citrix Receiver. User connections are first sent to the Web Interface for authentication. After authentication, the connections are routed through Citrix Gateway. After users log on successfully to the Web Interface, they can access published applications or desktops in the server farm. When users start an application or desktop, the Web Interface sends an ICA file containing instructions for routing ICA traffic through Citrix Gateway as if it were a server running the Secure Gateway. The ICA file delivered by the Web Interface includes a session ticket produced by the Secure Ticket Authority (STA).

When Citrix Receiver connects to Citrix Gateway, the ticket is presented. Citrix Gateway contacts the STA to validate the session ticket. If the ticket is still valid, the user’s ICA traffic is relayed to the server in the server farm. The following figure shows this deployment.

Figure 1. The Web Interface installed parallel to Citrix Gateway

Web Interface Running Parallel to Citrix Gateway

When the Web Interface runs parallel to Citrix Gateway in the DMZ, you do not need to configure authentication on Citrix Gateway. The Web Interface authenticates users.

Deploying the web interface parallel to Citrix Gateway in the DMZ