Product Documentation

How Users Connect to Applications, Desktops, and ShareFile

May 18, 2015

If you have App Controller in your deployment, users can connect in the following ways:

  • NetScaler Gateway Plug-in that establishes a full VPN tunnel to resources in the internal network. You create a session profile to select the NetScaler Gateway Plug-in for Windows or the NetScaler Gateway Plug-in for Mac. When users log on by using the plug-in , endpoint analysis scans can run on the user device.
    Note: To allow endpoint analysis scans to run on Mac computers, you must install NetScaler Gateway 10.1, Build 120.1316.e or newer.
  • Citrix Receiver to connect to web, SaaS, and Enterprise applications, web links, and documents from ShareFile through App Controller. When users log on with Receiver, NetScaler Gateway routes the connection to App Controller. When Receiver establishes the connection, users' applications and documents appear in Receiver. If users log on with Receiver and connect to App Controller directly, you must enable clientless access in NetScaler Gateway. This deployment does not require StoreFront.
  • Receiver to connect to published applications and virtual desktops through StoreFront or the Web Interface. When users log on with Receiver, NetScaler Gateway routes the connection to StoreFront or the Web Interface. When Receiver establishes the connection, user applications and desktops appear in Receiver.
  • Worx Home to connect to iOS and Android apps, including WorxMail and WorxWeb, from mobile devices through App Controller. When users log on to Worx Home, they have access to the mobile apps that you configure in App Controller, When NetScaler Gateway establishes the Micro VPN connection, users mobile apps appear in the Worx Home window. Users can start the apps from Worx Home. Some apps require users to download and install the app on the mobile device.

In any of the preceding scenarios, if users want to connect through NetScaler Gateway, they do the following:

  • Users log on by using the NetScaler Gateway Plug-in or Receiver. To log on for the first time, users open a web browser and type the fully qualified domain name (FQDN) of NetScaler Gateway or Receiver. Users with mobile devices log on with Worx Home.
  • On the logon page, users enter their credentials and are authenticated.
  • After authentication, the user session redirects to StoreFront or App Controller depending on your deployment.
  • If you deploy both StoreFront and App Controller, NetScaler Gateway contacts the first server in the deployment. For example, if you configure MDX mobile apps in App Controller, you deploy StoreFront behind App Controller. If you are not providing access to MDX mobile apps, you deploy App Controller behind StoreFront.
  • All of the users' desktops, documents, and web, SaaS, and Windows-based applications appear in Receiver or Worx Home.

If users need to access other resources in the internal network, such as Exchange, file shares, or internal web sites, they can also log on with the NetScaler Gateway Plug-in. For example, if users want to connect to a Microsoft Exchange server in the network, they start Microsoft Outlook on their computer. The secure connection is made with the NetScaler Gateway Plug-in which connects to NetScaler Gateway. The SSL VPN tunnel is created to the Exchange Server and users can access their email.

Important: Citrix recommends configuring authentication on the NetScaler Gateway virtual server. When you disable authentication in NetScaler Gateway, unauthenticated HTTP requests are sent directly to the servers running the Web Interface, StoreFront or App Controller in the internal network.