NetScaler Gateway

How Users Connect to Applications, Desktops, and ShareFile

If you have Endpoint Management in your deployment, users can connect in the following ways:

  • NetScaler Gateway plug-in that establishes a full VPN tunnel to resources in the internal network. You create a session profile to select the NetScaler Gateway plug-in for Windows or the NetScaler Gateway plug-in for Mac. When users log on by using the plug-in, endpoint analysis scans can run on the user device.

Note: To allow endpoint analysis scans to run on Mac computers, you must install NetScaler Gateway 10.1, Build 120.1316.e or newer.

  • Citrix Receiver to connect to web, SaaS, and Enterprise applications, web links, and documents from ShareFile through Endpoint Management. When users log on with Receiver, NetScaler Gateway routes the connection to Endpoint Management. When Receiver establishes the connection, users’ applications and documents appear in Receiver. If users log on with Receiver and connect to Endpoint Management directly, you must enable clientless access in NetScaler Gateway. This deployment does not require StoreFront.
  • Receiver to connect to published applications and virtual desktops through StoreFront or the Web Interface. When users log on with Receiver, NetScaler Gateway routes the connection to StoreFront or the Web Interface. When Receiver establishes the connection, user applications and desktops appear in Receiver.
  • Citrix Secure Hub to connect to iOS and Android apps, including WorxMail and WorxWeb, from mobile devices through Endpoint Management. When users log on to Citrix Secure Hub, they have access to the mobile apps that you configure in Endpoint Management, When NetScaler Gateway establishes the Micro VPN connection, users mobile apps appear in the Citrix Secure Hub window. Users can start the apps from Citrix Secure Hub. Some apps require users to download and install the app on the mobile device.

In any of the preceding scenarios, if users want to connect through NetScaler Gateway, they do the following:

  • Users log on by using the NetScaler Gateway plug-in or Receiver. To log on for the first time, users open a web browser and type the fully qualified domain name (FQDN) of NetScaler Gateway or Receiver. Users with mobile devices log on with Citrix Secure Hub.
  • On the logon page, users enter their credentials and are authenticated.
  • After authentication, the user session redirects to StoreFront or Endpoint Management depending on your deployment.
  • If you deploy both StoreFront and Endpoint Management, NetScaler Gateway contacts the first server in the deployment. For example, if you configure MDX mobile apps in Endpoint Management, you deploy StoreFront behind Endpoint Management. If you are not providing access to MDX mobile apps, you deploy Endpoint Management behind StoreFront.
  • All of the users’ desktops, documents, and web, SaaS, and Windows-based applications appear in Receiver or Citrix Secure Hub.

If users need to access other resources in the internal network, such as Exchange, file shares, or internal websites, they can also log on with the NetScaler Gateway plug-in. For example, if users want to connect to a Microsoft Exchange server in the network, they start Microsoft Outlook on their computer. The secure connection is made with the NetScaler Gateway plug-in which connects to NetScaler Gateway. The SSL VPN tunnel is created to the Exchange Server and users can access their email.

Important: Citrix recommends configuring authentication on the NetScaler Gateway virtual server. When you disable authentication in NetScaler Gateway, unauthenticated HTTP requests are sent directly to the servers running the Web Interface, StoreFront, or Endpoint Management in the internal network.

How Users Connect to Applications, Desktops, and ShareFile

In this article