Product Documentation

Configure NetScaler Gateway connection settings

May 22, 2017

The tasks below enable you to update details of the NetScaler Gateway deployments through which users access your stores. For more information about configuring NetScaler Gateway for StoreFront, see Using WebFront to Integrate with StoreFront.   

If you make any changes to your NetScaler Gateway deployments, ensure that users who access stores through these deployments update Citrix Receiver with the modified connection information. Where a Citrix Receiver for Web site is configured for a store, users can obtain an updated Citrix Receiver provisioning file from the site. Otherwise, you can export a provisioning file for the store and make this file available to your users.

Important: In multiple server deployments, use only one server at a time to make changes to the configuration of the server group. Ensure that the Citrix StoreFront management console is not running on any of the other servers in the deployment. Once complete, propagate your configuration changes to the server group so that the other servers in the deployment are updated.

Change general NetScaler Gateway settings

Use the Change General Settings task to modify the NetScaler Gateway deployment names shown to users and to update StoreFront with changes to the virtual server or user logon point URL, and the deployment mode of your NetScaler Gateway infrastructure.

  1. On the Windows Start screen or Apps screen, locate and click the Citrix StoreFront tile.
  2. Select the Stores node in the left pane of the Citrix StoreFront management console and pane, click Manage Netscaler Gateways.
  3. Specify a name for the NetScaler Gateway deployment that will help users to identify it.

    Users see the display name you specify in Citrix Receiver, so include relevant information in the name to help users decide whether to use that deployment. For example, you can include the geographical location in the display names for your NetScaler Gateway deployments so that users can easily identify the most convenient deployment for their location.

  4. Enter the URL of the virtual server or user logon point (for Access Gateway 5.0) for your deployment. Specify the product version used in your deployment.

    The fully qualified domain name (FQDN) for your StoreFront deployment must be unique and different from the NetScaler Gateway virtual server FQDN. Using the same FQDN for StoreFront and the NetScaler Gateway virtual server is not supported.

  5. If your deployment is running Access Gateway 5.0, continue to Step 7. Otherwise, specify the subnet IP address of the NetScaler Gateway appliance, if necessary. A subnet IP address is required for Access Gateway 9.3 appliances, but optional for more recent product versions.

    The subnet address is the IP address that NetScaler Gateway uses to represent the user device when communicating with servers on the internal network. This can also be the mapped IP address of the NetScaler Gateway appliance. Where specified, StoreFront uses the subnet IP address to verify that incoming requests originate from a trusted device.

  6. If your appliance is running NetScaler Gateway 10.1 - 11.0, Access Gateway 10 - 11.0, or Access Gateway 9.3, select from the Logon type list the authentication method you configured on the appliance for Citrix Receiver users.

    The information you provide about the configuration of your NetScaler Gateway appliance is added to the provisioning file for the store. This enables Citrix Receiver to send the appropriate connection request when contacting the appliance for the first time.

    • If users are required to enter their Microsoft Active Directory domain credentials, select Domain.
    • If users are required to enter a tokencode obtained from a security token, select Security token.
    • If users are required to enter both their domain credentials and a tokencode obtained from a security token, select Domain and security token.
    • If users are required to enter a one-time password sent by text message, select SMS authentication.
    • If users are required to present a smart card and enter a PIN, select Smart card.

    If you configure smart card authentication with a secondary authentication method to which users can fall back if they experience any issues with their smart cards, select the secondary authentication method from the Smart card fallback list.

  7. If your deployment consists of NetScaler Gateway 10.1 - 11.0, Access Gateway 10 - 11.0, Access Gateway 9.3, or a single Access Gateway 5.0 appliance, complete the NetScaler Gateway authentication service URL in the Callback URL box. StoreFront automatically appends the standard portion of the URL.

    Enter the internally accessible URL of the appliance. StoreFront contacts the NetScaler Gateway authentication service to verify that requests received from NetScaler Gateway originate from that appliance.

Manage Access Gateway 5.0 appliances

Use the Manage Appliances task to add, edit, or remove from StoreFront the IP addresses or FQDNs of the appliances in your Access Gateway 5.0 cluster.

Enable silent user authentication through Access Controller

Use the Enable Silent Authentication task to add, edit, or remove URLs for the authentication service running on the Access Controller servers for your Access Gateway 5.0 cluster. Enter URLs for multiple servers to enable fault tolerance, listing the servers in order of priority to set the failover sequence. StoreFront uses the authentication service to authenticate remote users so that they do not need to re-enter their credentials when accessing stores.

Manage Secure Ticket Authorities

Use the Secure Ticket Authority task to update the list of Secure Ticket Authorities (STAs) from which StoreFront obtains user session tickets and to configure session reliability. The STA is hosted on XenDesktop and XenApp servers and issues session tickets in response to connection requests. These session tickets form the basis of authentication and authorization for access to XenDesktop and XenApp resources.

  1. On the Windows Start screen or Apps screen, locate and click the Citrix StoreFront tile.
  2. Select the Stores node in the left pane of the Citrix StoreFront management console and, in the results pane, select a NetScaler Gateway deployment. In the Actions pane, click Manage NetScaler Gateways.
  3. Click Add to enter the URL for a server running the STA. Specify URLs for multiple STAs to enable fault tolerance, listing the servers in order of priority to set the failover sequence. To modify a URL, select the entry in the Secure Ticket Authority URLs list and click Edit. Select a URL in the list and click Remove to stop StoreFront obtaining session tickets from that STA.
  4. If you want XenDesktop and XenApp to keep disconnected sessions open while Citrix Receiver attempts to reconnect automatically, select the Enable session reliability check box. If you configured multiple STAs and want to ensure that session reliability is always available, select the Request tickets from two STAs, where available check box.

    When the Request tickets from two STAs, where available check box is selected, StoreFront obtains session tickets from two different STAs so that user sessions are not interrupted if one STA becomes unavailable during the course of the session. If, for any reason, StoreFront is unable to contact two STAs, it falls back to using a single STA.

Remove NetScaler Gateway deployments

In the Actions pane, use the Remove task from Manage NetScaler Gateways to delete the details of a NetScaler Gateway deployment from StoreFront. Once a NetScaler Gateway deployment is removed, users are no longer be able to access stores through that deployment.