Skip to main content
A20 XenApp CCA

A20 Lesson 18 Secure remote access with the Citrix Access Gateway

By October 2, 2013September 12th, 2022No Comments

In this final lesson we look at how we can gain secure remote access to XenApp ( and Xendesktop ) using the Citrix Access Gateway or CAG. The CAG comes as a virtual appliance that can be run in XenServer or VMware. This is also available to be run on a NetScaler Model 2010 hardware appliance. We need a license for the VPX edition and this must consist of at least one platform license. this allows up to 500 simultaneous connections to Basic Login Points. To access SmartAccess logon points Universal licenses are required in addition to the platform license. The exam will look at the Basic Logon points that give access via ICA-Proxy to XenApp and Xendesktop. The user needs https access top the public address of the CAG and then the CAG needs to be able to connect into private network where you XenApp and XenDesktop servers are.

For full details going beyond what is required for the exam you may want to look at may Citrix Access Gateway book.

We need to configure both the Web Interface and the Citrix Access Gateway. It does not matter which is set up first. In the video we set the CAG first and then the WI. For the CAG we need to set up the Access Control rules to XenApp and Xendesktop and the STAs or XML brokers. With this done we can create a basic logon point. This is all that is required but we may also set authentication profiles to allow for authentication at the CAG.

For the Web Interface we need to set the secure access method to “gateway direct”. This says the the CAG has direct access to the farm servers and client access is made via the CAG.