Set up Secure Private Access

You can set up Secure Private Access by creating a new site or by joining an existing site. In both scenarios, you can use the web admin console to set up the Secure Private Access environment.

Prerequisites

  • You must sign into the Secure Private Access admin console with a domain user which is also a local machine administrator for the machine where Secure Private Access is installed.
  • The SQL database server must be installed before creating a site.

Set up Secure Private Access by creating a new site

Step 1: Set up a Secure Private Access site

A site is the name of your Secure Private Access deployment. You can either create a site or join an existing site.

  1. Launch the Secure private access web admin console.
  2. On the Creating or Joining a Site page, Create a new Secure Private Access site is selected, by default.
  3. Click Next.

Site selection

When you choose to create a site, you must automatically or manually configure a database for the new site as the database corresponding to the site name might not be available in the setup.

Step 2: Configure databases

You must create a database for the new Secure Private Access site. This can be done manually or automatically.

  1. In SQL Server Host, enter the server host name. For example, sql1.fabrikam.local\citrix.

    You can specify a database address in one of the following forms:

    • ServerName
    • ServerName\InstanceName
    • ServerName,PortNumber

    For more information, see Databases.

  2. In Site, type a name for the Secure Private Access site.

    Note:

    The site name that you enter is suffixed to the database name. The database name format is CitrixAccessSecurity<sitename> and cannot be modified. If you need to customize the database name, contact Citrix Support.

  3. Click Test connection to check that the SQL server instance is valid and also to confirm that the specified database exists for the site.

Database configuration new site

Note:

  • If an SQL server is not available for the site, the connectivity check fails.
  • If an SQL server is available but the database does not exist, the connectivity check passes. However, a warning message is displayed.
  • Secure Private Access uses Windows authentication using machine Identity to authenticate to an SQL server.

Automatic configuration:

  • You can use the Automatic Configuration option only if the machine identity has the required database privileges.
  • If a database does not exist at the specified address, a database is automatically created.
  • When you create a database, ensure that it is empty but has the required database privileges. For details about the privileges, see Permissions required to set up databases.

Manual configuration:

You can use the Manual Configuration option to set up the databases.

In manual configuration, you must first download the scripts and then run the scripts on the database server that you have specified in the SQL Server Host field.

Note:

The database creation might fail if the machine does not have the READ, WRITE, UPDATE permissions to create tables within the database on the SQL server. You must enable appropriate permissions on the machine. For details, see Permissions required to set up databases.

Step 3: Integrate servers

You must specify StoreFront and NetScaler Gateway server details to connect Secure Private Access with StoreFront and NetScaler Gateway servers. This connection must be established to enable StoreFront and NetScaler Gateway to route traffic to Secure Private Access. You must also specify the Director server and license server details.

  1. Enter the following details.
    • Secure Private Access server address. For example, https://secureaccess.domain.com.
    • StoreFront Store URL. For example, https://storefront.domain.com/Citrix/StoreMain.
    • Public NetScaler Gateway Address – URL of the NetScaler Gateway. For example, https://gateway.domain.com.
    • Virtual IP address – This virtual IP address must be the same as the one configured in StoreFront for callbacks.
    • Callback URL – This URL must be the same as the one configured in StoreFront. For example, https://gateway.domain.com.
    • Director URL: - The Director server IP address or FQDN to connect Secure Private Access with Citrix Director.
    • License server URL: - The License server IP address to collect and process licensing data.
  2. Click Validate all URLs
  3. Click Next and then click Save.

Integrations tab

Step 4: Configuration summary

After the configuration is complete, validation is done to ensure that the servers that are configured are reachable. Also, a check is done to ensure that the Secure Private Access server is reachable.

If the configuration summary page displays any errors, see Troubleshooting errors for details. If this does not solve the issue, contact Citrix Support.

Summary

After the setup is complete, the following page displayed once you click Close on the Summary page.

Setup complete

Note:

  • After you have set up the environment, you can modify the settings from Settings > Integrations in the web admin console.
  • The administrator that installs Secure Private Access the first time is granted full permission. This administrator can then add other administrators to the setup. You can view the list of administrators from Settings > Administrators.
  • You can also add administrator groups so that access is enabled for all the administrators in that group.

For details, see Manage settings after installation.

Set up Secure Private Access by joining an existing site

  1. On the Creating or Joining a Site page, select Join an existing site, and then click Next.

    Database configuration

  2. In SQL Server Host, enter the server host name. Ensure that a database corresponding to the site name that you enter is already present in the SQL server that you have selected. You can specify a database address in one of the following forms:
    • ServerName
    • ServerName\InstanceName
    • ServerName,PortNumber

    For more information, see Databases.

  3. In Site, type a name for the Secure Private Access site.
  4. Click Test connection to check that the SQL server instance is valid and also to confirm that the specified site exists in the database.

    Database configuration

    If there is no corresponding database for the site, the connectivity check fails.

  5. Click Save.

The configuration validation check happens to ensure that the SQL database server is configured and to check that the Secure Private Access server is reachable.

Next steps

Set up Secure Private Access