Product Documentation

Deploying NetScaler Gateway with App Controller and StoreFront

Apr 03, 2014

You can deploy NetScaler Gateway at the perimeter of your organization's internal network (or intranet) to provide a secure single point of access to the servers, applications, and other network resources that reside in the internal network. In this deployment, all remote users must connect to NetScaler Gateway before they can access any resources in the internal network.

You can deploy NetScaler Gateway with the following Citrix products:

  • XenMobile App Edition
  • StoreFront
  • XenApp
  • XenDesktop
  • Web Interface

Users can connect to resources in your internal network by using the following methods:

  • Worx Home for users who connect with mobile devices and need access to MDX mobile apps. Users must connect with Worx Home on the mobile device to access MDX apps.
  • Receiver so users can access Windows-based applications and desktops hosted by XenApp or XenDesktop. To allow users access to their Windows-based apps, you must deploy StoreFront or the Web Interface. If users connect with Receiver on a Windows or Mac computer, MDX apps are not available to users.
  • Optionally, users can also connect with the NetScaler Gateway Plug-in for full VPN access to the internal network. Users can access email servers, files shares, and web servers with the NetScaler Gateway Plug-in for Windows or the NetScaler Gateway Plug-in for Mac.

You can deploy the App Controller virtual machine (VM) on XenServer, VMware ESXi, or Microsoft Hyper-V located in your internal network. Users can connect to App Controller from an external connection (the Internet) or from the internal network. If users connect from the Internet or a remote location, the connection must route through NetScaler Gateway. App Controller resides in the internal network behind the firewall.

Allowing Access to MDX Apps Through NetScaler Gateway

If users connect with Worx Home and you have MDX mobile apps installed on App Controller, you place StoreFront behind App Controller in your internal network. Users can connect to App Controller through NetScaler Gateway in the DMZ to obtain their web, SaaS, Android and iOS mobile apps, along with documents from ShareFile. StoreFront resides behind App Controller to deliver Windows-based apps and virtual desktops as shown in the following figure:

Figure 1. Deploying NetScaler Gateway with MDX Apps

Deploying NetScaler Gateway with App Controller for Worx Home

Deploying App Controller in a High Availability Configuration

You can deploy two App Controller virtual machines (VM) as a high availability pair. A high availability configuration prevents downtime and ensures that the services provided by App Controller remain available, even if one App Controller VM is not working.

The following figure shows a high availability deployment in which one App Controller VM is not receiving connections.

Figure 2. App Controller High Availability Deployment

Deploying App Controller as a high availablity pair