NetScaler Gateway

Configuring Server-Initiated Connections

For each user logged on to NetScaler Gateway with IP addresses enabled, the DNS suffix is appended to the user name and a DNS address record is added to the appliance’s DNS cache. This technique helps in providing users with a DNS name rather than the IP addresses of the users.

When an IP address is assigned to a user’s session, it is possible to connect to the user’s device from the internal network. For example, users connecting with Remote Desktop or a virtual network computing (VNC) client can access the user device for diagnosing a problem application. It is also possible for two NetScaler Gateway users with internal network IP addresses who are remotely logged on to communicate with each other through NetScaler Gateway. Allowing discovery of the internal network IP addresses of the logged-on users on the appliance aids in this communication.

A remote user can use the following ping command to discover the internal network IP address of a user who could be logged on to NetScaler Gateway at that time:

ping <username.domainname>

A server can initiate a connection to a user device in the following different ways:

  • TCP or UDP connections. The connections can originate from an external system in the internal network or from another computer logged on to NetScaler Gateway. The internal network IP address that is assigned to each user device logged on to NetScaler Gateway is used for these connections. The different types of server-initiated connections that NetScaler Gateway supports are described below. For TCP or UDP server-initiated connections, the server has prior knowledge about the user device’s IP address and port and makes a connection to it. NetScaler Gateway intercepts this connection.

    Then, the user device makes an initial connection to the server and the server connects to the user device on a port that is known or derived from the first configured port.

    In this scenario, the user device makes an initial connection to the server and then exchanges ports and IP addresses with the server by using an application-specific protocol where this information is embedded. This enables the NetScaler Gateway to support applications, such as active FTP connections.

  • Port command.. This is used in an active FTP and in certain Voice over IP protocols.

  • Connections between plug-ins. NetScaler Gateway supports connections between plug-ins through the use of the internal network IP addresses.

    With this type of connection, two NetScaler Gateway user devices that use the same NetScaler Gateway can initiate connections with each other. An example of this type is using instant messaging applications, such as Office Communicator or Yahoo! Messenger.

If a user logs off NetScaler Gateway and the logoff request did not reach the appliance, the user can log on again by using any device and replace the previous session with a new session. This feature might be beneficial in deployments where one IP address is assigned per user.

When a user logs on to NetScaler Gateway for the first time, a session is created and an IP address is assigned to the user. If the user logs off but the logoff request gets lost or the user device fails to perform a clean logoff, the session is maintained on the system. If the user tries to log on again from the same device or another device, after successful authentication, a transfer logon dialog box appears. If the user chooses to transfer logon, the previous session on NetScaler Gateway is closed and a new session is created. The transfer of logon is active for only two minutes after logoff, and if logon is attempted from multiple devices simultaneously, the last logon attempt replaces the original session.

Configuring Server-Initiated Connections

In this article