When you configure NetScaler Gateway using XenMobile, you establish the authentication mechanism for remote device access to the internal network. This functionality enables apps on a mobile device to access corporate servers located in the intranet. XenMobile creates a micro VPN from the apps on the device to NetScaler Gateway.
You configure NetScaler Gateway for use with XenMobile Server by exporting a script from XenMobile that you run on NetScaler Gateway. This article contains the following sections:
In the XenMobile web console, click the gear icon in the upper-right corner of the console. The Settings page appears.
Under Server, click NetScaler Gateway. The NetScaler Gateway page appears. In the following example, a NetScaler Gateway instance exists.
Configure these settings:
After you save the authentication settings, you add a NetScaler Gateway instance to XenMobile.
In the XenMobile console, click the gear icon in the upper-right corner of the console. The Settings page opens.
Under Server, click NetScaler Gateway. The NetScaler Gateway page appears.
Click Add. The Add New NetScaler Gateway page appears.
Configure these settings:
If you have multiple domains, use Certificate and domain.
If you use Certificate and security token, some additional configuration is required on NetScaler Gateway to support Secure Hub. For information, see Configuring XenMobile for Certificate and Security Token Authentication.
For more information, see Authentication in the Deployment Handbook.
Click Save. The new NetScaler Gateway is added and appears in the table. You can edit or delete an instance by clicking the name in the list.
To configure an on-premises NetScaler Gateway for use with XenMobile Server, you perform the following general steps, detailed in this article:
Download a script and related files from XenMobile Server. See the readme file provided with the script for the latest detailed instructions.
Verify that your environment meets the prerequisites.
Update the script for your environment.
Run the script on NetScaler.
Test the configuration.
The script configures these NetScaler Gateway settings required by XenMobile:
The script doesn't handle the following configuration:
To download, update, and run the script:
If you're adding a NetScaler Gateway, click Export Configuration Script on the Add New NetScaler Gateway page.
Or, if you add a NetScaler Gateway instance and click Save before you export the script: Return to Settings > NetScaler Gateway, select the NetScaler, click Export Configuration Script, and then click Download.
After you click Export Configuration Script, XenMobile creates a .tar.gz script bundle. The script bundle includes:
Edit the script (NSGConfigBundle_CREATESCRIPT.txt) to replace all placeholders with details from your environment.
Run your edited script in the NetScaler bash shell, as described in the readme file included in the script bundle. For example:
/netscaler/nscli -U :<NetScaler Management Username>:<NetScaler Management Password> batch -f "/var/NSGConfigBundle_CREATESCRIPT.txt"
When the script completes, the following lines appear.
Validate that the NetScaler Gateway Virtual Server shows a state of UP.
Validate that the Proxy Load Balancing Virtual Server shows a state of UP.
Open a web browser, connect to the NetScaler Gateway URL, and attempt to authenticate. If the authentication fails, this message appears: HTTP Status 404 - Not Found
Enroll a device and ensure it gets both MDM and MAM enrollment.
After adding the NetScaler Gateway instance, you can add a callback URL and specify a NetScaler Gateway virtual IP address. Note: These settings are optional, but can be configured for extra security, especially when the XenMobile Server is in the DMZ.
In Settings > NetScaler Gateway, select the NetScaler Gateway and then click Edit.
In the table, click Add.
For Callback URL type the fully qualified domain name (FQDN). The callback URL verifies that a request originated from NetScaler Gateway. Ensure that the callback URL resolves to an IP address that is reachable from XenMobile Server. The callback URL can be an external NetScaler Gateway URL or some other URL.
Type the NetScaler Gateway Virtual IP address and then click Save.