You can deploy NetScaler Gateway at the perimeter of your organization's internal network (or intranet) to provide a secure single point of access to the servers, applications, and other network resources that reside in the internal network. In this deployment, all remote users must connect to NetScaler Gateway before they can access any resources in the internal network.
You can deploy NetScaler Gateway with the following Citrix products:
Users can connect to resources in your internal network by using the following methods:
The way you deploy App Controller in your internal network depends on how users connect: with Worx Home or with Receiver. In either scenario, you install NetScaler Gateway in the DMZ.
You can deploy the App Controller virtual machine (VM) on XenServer, VMware ESXi, or Microsoft Hyper-V located in your internal network. Users can connect to App Controller from an external connection (the Internet) or from the internal network. If users connect from the Internet or a remote location, the connection must route through NetScaler Gateway. App Controller resides in the internal network behind the firewall.
If users connect with Worx Home and you have MDX mobile apps installed on App Controller, you place StoreFront behind App Controller in your internal network. Users can connect to App Controller through NetScaler Gateway in the DMZ to obtain their web, SaaS, Android and iOS mobile apps, along with documents from ShareFile. StoreFront resides behind App Controller to deliver Windows-based apps and virtual desktops as shown in the following figure:
You can deploy two App Controller virtual machines (VM) as a high availability pair. A high availability configuration prevents downtime and ensures that the services provided by App Controller remain available, even if one App Controller VM is not working.
The following figure shows a high availability deployment in which one App Controller VM is not receiving connections.