Cloud Connector for hybrid deployment

The Secure Private Access provider for the hybrid deployment is installed as part of Citrix Cloud Connector. After Citrix Cloud Connector is installed, the Citrix Secure Private Access service can be found in the Windows services. The Secure Private Access service operates under the network service account.

Important:

Once the Cloud Connector is updated, the Secure Private Access service is disabled. To enable the feature, customers must contact Citrix Support. Once enabled, the service status changes to Running and the Secure Private Access service automatically starts on the connector machine.

Windows services

For details on Cloud Connector installation, see Cloud Connector Installation.

Port configuration for Citrix Secure Private Access

Points to note:

  • By default, Citrix Secure Private Access uses port 8443 as a plain HTTP service. Ensure that you add the inbound rule for port 8443 from the data center network.
  • The internal load balancer for Citrix Secure Private Access adds the Cloud Connector back-end service using port 8443.
  • The port 8443 can be opened by manually configuring the firewall rules or by running the Citrix Secure Private Access config tool.

    Perform the following steps to run the config tool:

    1. Navigate to the Citrix Secure Private Access installation folder (default path - C:\Program Files\Citrix\AccessSecurityService).
    2. Run the command .\Citrix.AccessSecurityService.exe /ENABLE_SPA_PORTS 8443.

    After the command is run successfully, the firewall is configured automatically.

Cloud Connector for hybrid deployment