- Migrating from the Secure Gateway to NetScaler Gateway
This topic discusses how to prepare to migrate from the Secure Gateway to NetScaler Gateway, and the two migration options you can choose: In-place migration or parallel migration.
Before migrating from the Secure Gateway to NetScaler Gateway, consider the following:
You can choose from the following two options for migrating from the Secure Gateway to NetScaler Gateway:
Each option is valid; however, the in-place migration has the potential to temporarily disrupt access to internal resources when compared with a new installation.
After the migration is complete, users can log on with their current credentials and do not have to perform any configuration to their device. Each option requires minimal user support.
When you choose an in-place migration from the Secure Gateway to NetScaler Gateway, you export the Secure Gateway certificate, upload it to NetScaler Gateway and bind it to a virtual server.
An in-place migration is identical to a new installation of NetScaler Gateway, except for the following items:
Although in-place migration results in the least amount of user support (users do not need to be notified of a new Web address), if any mistakes are made in the configuration of the NetScaler Gateway that were not identified by proper testing procedures, all of your users are directly impacted. Mistakes could prevent users from logging on or connecting to published applications or desktops in the server farm.
Citrix recommends as a best practice that you run Secure Gateway parallel to NetScaler Gateway until all users are properly migrated to the appliance. To perform a parallel migration, you need to do the following:
A parallel migration gives you a greater level of control over configuration. You can undertake a phased migration approach, rather than transferring all users at one time as you would do during an in-place migration. You can migrate users to NetScaler Gateway in groups, thereby preventing downtime for connections.
Performing a parallel migration is identical to a new installation of NetScaler Gateway. You follow the steps to install the appliance, licenses, and certificates, in addition to configuring authentication and other settings on the appliance. Users continue to connect to the Secure Gateway until configuration of NetScaler Gateway is complete. The Secure Gateway runs parallel to NetScalter Gateway until you migrate all users successfully to the new environment. This option requires you to purchase or generate a new server certificate. A significant benefit, however, is that users do not experience a disruption in their access to internal resources.
To perform a parallel migration to NetScaler Gateway, complete the following steps:
This step configures the basic TCP/IP settings for NetScaler Gateway.
If you have configured single sign-on to the Web Interface, users are logged on automatically and have access to published applications and desktops. If not, users log on to the Web Interface and can then can access their published applications or desktops.