- NetScaler Gateway Release Notes
- About NetScaler Gateway
- Common Deployments
- What's New
- Known Issues
- Client Software Requirements
- Compatibility with Citrix Products
- Licensing
- FAQ
- Before Getting Started
- Upgrading
-
Installing the System
- Configuring NetScaler Gateway
- Using the Configuration Utility
- Policies and Profiles on NetScaler Gateway
- Viewing NetScaler Gateway Configuration Settings
- Configuring the NetScaler Gateway by Using Wizards
- Configuring the Host Name and FQDN on NetScaler Gateway
- Installing and Managing Certificates
- Testing Your NetScaler Gateway Configuration
- Creating Virtual Servers
- Configuring IP Addresses on NetScaler Gateway
- Resolving DNS Servers Located in the Secure Network
- Configuring DNS Virtual Servers
- Configuring Name Service Providers
- Configuring Server-Initiated Connections
- Configuring Routing on NetScaler Gateway
- Configuring Auto Negotiation
-
Authentication and Authorization
- Configuring Default Global Authentication Types
- Configuring Authentication Without Authorization
- Configuring Authorization
- Disabling Authentication
- Configuring Authentication for Specific Times
- How Authentication Policies Work
- Configuring Local Users
- Configuring Groups
- Configuring LDAP Authentication
- Configuring Client Certificate Authentication
- Configuring RADIUS Authentication
- Configuring SAML Authentication
- Configuring TACACS+ Authentication
- Configuring Multifactor Authentication
- Configuring Single Sign-On
- Configuring One-Time Password Use
- nFactor for Gateway Authentication
- Unified Gateway Visualizer
-
Configuring the VPN User Experience
- How User Connections Work with the NetScaler Gateway Plug-in
- Choosing the User Access Method
- Deploying NetScaler Gateway Plug-ins for User Access
- Selecting the NetScaler Gateway Plug-in for Users
-
Integrating the NetScaler Gateway Plug-in with Citrix Receiver
- How User Connections Work with Citrix Receiver
- Adding the NetScaler Gateway Plug-in to Citrix Receiver
- Decoupling the Citrix Receiver Icon
- Configuring IPv6 for ICA Connections
- IConfiguring the Receiver Home Page on NetScaler Gateway
- Applying the Receiver Theme to the Logon Page
- Creating a Custom Theme for the Logon Page
- Customizing the User Portal
- Configuring Clientless Access
- Configuring the Client Choices Page
- Configuring Access Scenario Fallback
-
Configuring Connections for the NetScaler Gateway Plug-in
- Configuring the Number of User Sessions
- Configuring Time-Out Settings
- Connecting to Internal Network Resources
- Configuring Split Tunneling
- Configuring Client Interception
- Configuring Name Service Resolution
- Enabling Proxy Support for User Connections
- Configuring Address Pools
- Supporting VoIP Phones
- Configuring Application Access for the NetScaler Gateway Plug-in for Java
- Configuring the Access Interface
- How a Traffic Policy Works
- Configuring Session Policies
-
Configuring Endpoint Polices
- How Endpoint Policies Work
- Evaluating User Logon Options
- Setting the Priority of Preauthentication Policies
- Configuring Preauthentication Policies and Profiles
- Configuring Post-Authentication Policies
- Configuring Security Preauthentication Expressions for User Devices
- Configuring Compound Client Security Expressions
- Advanced Endpoint Analysis Scans
- Managing User Sessions
- AlwaysON
- Configuring Unified Gateway
-
Deploying in a Double-Hop DMZ
- Deploying NetScaler Gateway in a Double-Hop DMZ
- How a Double-Hop Deployment Works
- Communication Flow in a Double-Hop DMZ Deployment
- Preparing for a Double-Hop DMZ Deployment
-
Installing and Configuring Netscaler Gateway in a Double-Hop DMZ
- Configuring Settings on the Virtual Servers on the NetScaler Gateway Proxy
- Configuring the Appliance to Communicate with the Appliance Proxy
- Configuring NetScaler Gateway to Handle the STA and ICA Traffic
- Opening the Appropriate Ports on the Firewalls
- Managing SSL Certificates in a Double-Hop DMZ Deployment
-
Using High Availability
- How High Availability Works
- Configuring Settings for High Availability
- Configuring Communication Intervals
- Synchronizing NetScaler Gateway Appliances
- Synchronizing Configuration Files in a High Availability Setup
- Configuring Command Propagation
- Configuring Fail-Safe Mode
- Configuring the Virtual MAC Address
- Configuring High Availability Pairs in Different Subnets
- Configuring Route Monitors
- Configuring Link Redundancy
- Understanding the Causes of Failover
- Forcing Failover from a Node
- Using Clustering
- Maintaining and Monitoring the System
- Integrating with Citrix Products
- How Users Connect to Applications, Desktops, and ShareFile
- Deploying with XenMobile App Edition, XenApp, and XenDesktop
-
Accessing XenApp and XenDesktop Resources with the Web Interface
- Integrating NetScaler Gateway with XenApp or XenDesktop
- Establishing a Secure Connection to the Server Farm
- Deploying with the Web Interface
- Setting Up a Web Interface Site to Work
- Configuring Communication with the Web Interface
- Configuring Additional Web Interface Settings on NetScaler Gateway
- Configuring Access to Applications and Virtual Desktops in the Web Interface
- Configuring SmartAccess
- Configuring SmartControl
-
Configuring Single Sign-On to the Web Interface
- To configure single sign-on to Web applications globally
- To configure single sign-on to Web applications by using a session policy
- To define the HTTP port for single sign-on to web applications
- Additional Configuration Guidelines
- To test the single sign-on connection to the Web Interface
- Configuring Single Sign-On to the Web Interface by Using a Smart Card
- To configure single sign-on for XenApp and file shares
- Allowing File Type Association
-
Integrating with App Controller or StoreFront
- How NetScaler Gateway and App Controller Integrate
- Creating Policies with the Quick Configuration Wizard
- Configuring NetScaler Gateway and App Controller
- Configuring Session Policies and Profiles for App Controller and StoreFront
- Configuring Custom Clientless Access Policies for Receiver
- Configuring Custom Clientless Access Policies for Receiver for Web
- Using WebFront to Integrate with StoreFront
- Integrate NetScaler Gateway with StoreFront
-
Configuring Settings for Your XenMobile Environment
- Configuring Load Balancing Servers for XenMobile
- Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
- Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering
- Allowing Access from Mobile Devices with XenMobile Apps
- Configuring Domain and Security Token Authentication for XenMobile
- Configuring Client Certificate or Client Certificate and Domain Authentication
- Optimizing Network Traffic with CloudBridge
- RfWebUI Persona on Gateway UX Configuration
- RDP Proxy
- HDX Enlightened Data Transport Support
- Microsoft Intune Integration
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
Translation failed!
Configuring NetScaler Gateway Enabled PCoIP proxy for VMWare Horizon View
Prerequisites
Version - NetScaler 12.0 or above
Universal License - PCoIP Proxy uses the Clientless Access feature of NetScaler Gateway, which means every NetScaler Gateway connection must be licensed for NetScaler Gateway Universal. On the NetScaler Gateway Virtual Server, ensure ICA Only is unchecked.
Horizon View infrastructure - A functional internal Horizon View infrastructure. Ensure you are able to connect to Horizon View Agents internally without NetScaler Gateway. Ensure that the Horizon View HTTP(S) Secure Tunnel and PCoIP Secure Gateway are not enabled on the View Connection Servers that NetScaler will proxy connections to. Following versions of VMware Horizon view are supported.
- Connection Server: 7.0.1 and above
- Horizon Client: 4.2.0 and above (Windows and Mac)
Firewall Ports:
Ensure the following:
- UDP 4172 and TCP 443 must be open from Horizon View Clients to the NetScaler Gateway VIP.
- UDP 4172 must be open from the NetScaler SNIP to all internal Horizon View Agents.
- PCoIP Proxy is supported on NetScaler deployed behind NAT. Following are the important points to consider:
- Support is based on VPN vServer FQDN parameter setting
- Supports only publicly accessible FQDN and not IP
- Supports only 443 and 4172 ports
- Must be a static NAT
Certificate – A valid certificate for the NetScaler Gateway Virtual Server.
Authentication – An LDAP authentication policy/server using Classic Syntax.
Unified Gateway (optional) – If Unified Gateway, create the Unified Gateway before adding PCoIP functionality.
RfWebUI Portal Theme – For web browser access to Horizon View, the NetScaler Gateway Virtual Server must be configured with RfWebUI theme.
Horizon View Client – The Horizon View Client must be installed on the client device, even if accessing Horizon published icons using the NetScaler RfWebUI portal.
To configure NetScaler Gateway to support PCoIP proxy for VMWare Horizon View:
1. In the NetScaler management GUI, navigate to Configuration> NetScaler Gateway> Policies> PCoIP.
2. Create a VServer profile and a PCoIP profile on the PCoIP Profiles and Connections page.
3. To create a VServer profile, on the VServer Profiles tab, click Add.
a. Enter a name for the VServer profile.
b. Enter an Active Directory Domain Name that will be used for Single Sign-on to View Connection Server, and then click Create.
Note: Only a single Active Directory domain is supported per NetScaler Gateway Virtual Server. Also, the domain name specified here is displayed in the Horizon View Client.
c. Click Login.
4. To create a PCoIP profile, on the Profiles tab, click Add.
a. Enter a name for the PCoIP profile.
b. Enter the connection URL for the internal VMware Horizon View Connection Server, and then click on Create.
5. Navigate to Configuration> NetScaler Gateway> Policies> Session.
6. On the right, select the Session Profiles tab.
7. On the NetScaler Gateway Session Policies and Profiles page, create or edit a NetScaler Gateway Session Profile.
a. To create a NetScaler Gateway session profile, click Add, and provide a name.
b. To edit a NetScaler Gateway session profile, select the profile, and click Edit.
8. On the Client Experience tab, ensure that the Clientless Access value is set to On.
9. On the Security tab, ensure that the Default Authorization Action value is set to ALLOW.
10. On the PCoIP tab, select the required PCoIP profile, and then click Create. You can also create or edit PCoIP Profiles from this tab.
11. Click Create or OK to finish creating or editing the Session Profile.
12. If you created a new Session Profile, then you must also create a corresponding Session Policy.
a. Navigate to Configuration> NetScaler Gateway> Policies> Session.
b. On the right, select the Session Policies tab.
c. Click Add, provide a name for the Session Policy, and select the required session profile name from the Profile drop-down.
d. If you wish to create the Session Policy using Default Syntax, in the Expression area, type “true” (without the quotes), and then click on Create. Note: Unified Gateway defaults to Classic Syntax.
e. If you wish to create the Session Policy using Classic Syntax, first click on Switch to Classic Syntax. Then in the Expression area, type “ns_true” (without the quotes), and then click on Create.
13. Bind the created PCoIP VServer profile and session policy to a NetScaler Gateway Virtual Server.
a. Go to NetScaler Gateway > Virtual Servers.
b. On the right, either Add a new NetScaler Gateway Virtual Server, or Edit an existing NetScaler Gateway Virtual Server.
c. If you are editing an existing NetScaler Gateway Virtual Server, in the Basic Settings section, click the pencil icon.
d. For both adding and editing, in the Basic Settings section, click More.
e. Use the PCoIP VServer Profile drop-down to select the required PCoIP VServer Profile.
f. Scroll down and ensure that ICA Only is unchecked. Then click OK to close the Basic Settings section.
g. If you are creating a new NetScaler Gateway Virtual Server, bind a certificate, and bind an LDAP authentication policy.
h. Scroll down to the Policies section and click on the plus icon.
i. The Choose Type page defaults to Session and Request. Click Continue.
j. In the Policy Binding section, click on Click to select.
k. Select the required Session Policy that has the PCoIP Profile configured, and click on Select.
l. In the Policy Binding page, click Bind.
m. If you want to use a web browser to connect to VMware Horizon View, then on the right, under Advanced Settings, add the Portal Themes section. If you are only using Horizon View Client to connect to NetScaler Gateway, then you don’t need to perform this step.
n. Use the Portal Theme drop-down to select RfWebUI and click OK.
o. Horizon View published icons are added to the RfWebUI portal.
Update Content Switching Expression for Unified Gateway
If your NetScaler Gateway Virtual Server is behind a Unified Gateway (Content Switching Virtual Server), then you must update the Content Switching Expression to include the PCoIP URL paths.
1. In the NetScaler GUI, navigate to Configuration> Traffic Management > Content Switching > Policies.
2. Append the following expression under the Expression area, and then click OK.
http.req.url.path.eq(“/broker/xml”) | http.req.url.path.contains(“/broker/resources”) | http.req.url.path.eq(“/pcoip-client”) |
Use PCoIP Gateway
1. To connect, you must have Horizon View Client installed on the client device. Once installed, you can either use the Horizon View Client’s User Interface to connect to NetScaler Gateway, or you can use the NetScaler Gateway RfWebUI portal page to view the icons published from Horizon.
2. To view the active PCoIP connections, go to NetScaler Gateway > PCoIP.
3. On the right, switch to the Connections tab. The active sessions are displayed with the folllowing data: user name, Horizon View Client IP, and Horizon View Agent Destination IP.
4. To terminate a connection, right-click on connection tab and click Kill Connection. Or click Kill All Connnections to terminate all PCoIP connections.