Use the Add NetScaler Gateway Appliance task to add NetScaler Gateway deployments through which users can access your stores. You must enable the pass-through from NetScaler Gateway authentication method before you can configure remote access to your stores through NetScaler Gateway. For more information about configuring NetScaler Gateway for StoreFront, see Using WebFront to Integrate with StoreFront.
Users see the display name you specify in Citrix Receiver, so include relevant information in the name to help users decide whether to use that deployment. For example, you can include the geographical location in the display names for your NetScaler Gateway deployments so that users can easily identify the most convenient deployment for their location.
The fully qualified domain name (FQDN) for your StoreFront deployment must be unique and different from the NetScaler Gateway virtual server FQDN. Using the same FQDN for StoreFront and the NetScaler Gateway virtual server is not supported.
The subnet address is the IP address that NetScaler Gateway uses to represent the user device when communicating with servers on the internal network. This can also be the mapped IP address of the NetScaler Gateway appliance. Where specified, StoreFront uses the subnet IP address to verify that incoming requests originate from a trusted device.
The information you provide about the configuration of your NetScaler Gateway appliance is added to the provisioning file for the store. This enables Citrix Receiver to send the appropriate connection request when contacting the appliance for the first time.
If you configure smart card authentication with a secondary authentication method to which users can fall back if they experience any issues with their smart cards, select the secondary authentication method from the Smart card fallback list. Continue to Step 8.
Enter the internally accessible URL of the appliance. StoreFront contacts the NetScaler Gateway authentication service to verify that requests received from NetScaler Gateway originate from that appliance.
StoreFront uses the authentication service to authenticate remote users so that they do not need to re-enter their credentials when accessing stores.
The STA is hosted on XenDesktop and XenApp servers and issues session tickets in response to connection requests. These session tickets form the basis of authentication and authorization for access to XenDesktop and XenApp resources.
When the Request tickets from two STAs, where available check box is selected, StoreFront obtains session tickets from two different STAs so that user sessions are not interrupted if one STA becomes unavailable during the course of the session. If, for any reason, StoreFront is unable to contact two STAs, it falls back to using a single STA.
For more information about updating the details of your deployments, see Configure NetScaler Gateway connection settings.
To provide access to stores through NetScaler Gateway, one internal beacon point and at least two external beacon points are required. Citrix Receiver uses beacon points to determine whether users are connected to local or public networks and then selects the appropriate access method. By default, StoreFront uses the server URL or load-balanced URL of your deployment as the internal beacon point. The Citrix website and the virtual server or user logon point (for Access Gateway 5.0) URL of the first NetScaler Gateway deployment you add are used as external beacon points by default. For more information about changing beacon points, see Configure beacon points.
To enable users to access your stores through NetScaler Gateway, ensure that you configure remote user access for those stores.