Use the Secure Gateway to provide SSL/TLS encryption between a secure Internet gateway server and an SSL-enabled client, combined with encryption of the HTTP communication between the Web browser and the Web server. Using the Secure Gateway makes firewall traversal easier and improves security by providing a single point of entry and secure access to your server farms.
In general, use the Secure Gateway when:
- You want to hide internal IP addresses
- You want to secure public access to your farm’s servers
- You need two-factor authentication (in conjunction with the Web Interface)
Using the Secure Gateway provides the following benefits:
- Secure Internet access
- Removes the need to publish the addresses of every server running XenApp
- Simplifies server certificate management
- Allows a single point of encryption and access to the servers
Use the Secure Gateway to create a gateway that is separate from the computers running XenApp. Establishing the gateway simplifies firewall traversal because ICA traffic is routed through a widely accepted port for passage in and out of firewalls. The Secure Gateway provides increased scalability.
However, because ICA communication is encrypted only between the client and the gateway, you may want to use SSL Relay to secure the traffic between the gateway and the servers running XenApp, including the servers hosting the Citrix XML Service.
For more information, see the Secure Gateway for Windows administrator documentation.