Product Documentation

Deploying the Web Interface Parallel to NetScaler Gateway in the DMZ

Jan 15, 2014

In this deployment, the Web Interface and NetScaler Gateway both reside in the DMZ. Users connect directly to the Web Interface by using a web browser or Citrix Receiver. User connections are first sent to the Web Interface for authentication. After authentication, the connections are routed through NetScaler Gateway. After users log on successfully to the Web Interface, they can access published applications or desktops in the server farm. When users start an application or desktop, the Web Interface sends an ICA file containing instructions for routing ICA traffic through NetScaler Gateway as if it were a server running the Secure Gateway. The ICA file delivered by the Web Interface includes a session ticket produced by the Secure Ticket Authority (STA).

When Citrix Receiver connects to NetScaler Gateway, the ticket is presented. NetScaler Gateway contacts the STA to validate the session ticket. If the ticket is still valid, the user’s ICA traffic is relayed to the server in the server farm. The following figure shows this deployment.

Figure 1. The Web Interface installed parallel to NetScaler Gateway
Web Interface Running Parallel to NetScaler Gateway

When the Web Interface runs parallel to NetScaler Gateway in the DMZ, you do not need to configure authentication on NetScaler Gateway. The Web Interface authenticates users.