Sunday, March 11, 2012

Configuring Citrix NetScaler VPX (1000) Access Gateway for Apple iPad and Blackberry Playbook tablet access

There’s actually a Citrix KB that describes how to configure the Citrix Access Gateway for mobile devices:

How to Configure Citrix Access Gateway Enterprise Edition for Use with Citrix Receiver for Mobile Devices
http://support.citrix.com/article/CTX124937

… but as usual, I always prefer to document my work as it serves to be something familiar that I can quickly reference to when having to go through the same steps so this blog post serves to be just that.

Start by logging into your Citrix Access Gateway (for this example, we’ll be configuring a NetScaler VPX appliance on VMware). 

Note: Make sure you’ve configured the access gateway for remote access already.  For more information on how to do this, see one of my previous posts:

Configuring Citrix NetScaler VPX (1000) 9.3 for publishing Web Interface server access by authenticating against Active Directory
http://terenceluk.blogspot.com/2012/02/configuring-citrix-netscaler-vpx-1000.html

Navigate to the Session node under Access Gateway –> Policies:

image

Right click on the Sessions node and select Add…:

image

A new Create Access Gateway Session Policy window will be presented.  Give the new policy a name for the Name text field:

image

Next, we’ll need to add an expression for this policy (a rule to match the device connecting) so click on the Add… button:

image

In the Add Expression window, click on the Qualifier drop down box and select Header:

image

In the Operator drop down box, select CONTAINS:

image

In the Value text field, type in CitrixReceiver then in the Header Name type in User-Agent, in the Offset text field, type in 0 then click on the OK button to create the expression:

image

You should now see an expression created:

image

Next, create a new Request Profile by clicking on the New button:

image

Give the new Session Profile a name:

image

Under the Client Experience tab, check the checkbox Single Sign-on to Web Applications:

image

Under the Security tab, check the checkbox Override Global and select Allow for the Default Authorization Action:

image

Under the Published Applications tab, type configure the following settings:

ICA Proxy:  ON

Web Interface Address: yourWebInterfaceServerPNAgentDirectory/config.xml

Single Sign-on Domain:  yourDomain

Note that the Web Interface Address is going to be a directory we’ll configure after we’ve completed the access gateway configuration:

image

Click the Create button and you’ll see a new Request Profile created for your Access Gateway Session Policy:

image

Clicking the OK button and you’ll now see a new Access Gateway Session Policy:

image

Proceed with navigating over to the Virtual Servers node under Access Gateway and open up the properties of it:

image

Once you have the properties opens, we’ll need to proceed to create add the policy we created earlier:

image

Right click on the empty white space and select Insert Policy:

image

Click on the new policy row and select the policy we created earlier (Web Interface NLB Policy – Citrix Receiver):

image

Once the policy has been selected, we need to change the priority to a value that’s lower than your policy for web browser access:

image

For this example, we’re going to set it to 90, 10 lower than the 100 assigned to the web access policy:

image

image

image

Now that we have the NetScaler VPX appliance configured, the next step is to create a XenApp Services Site for the tablet requests going into the NetScaler VPX through the internet so log onto your Web Interface server, open the Citrix Web Interface Management, select the XeNApp Services Site, right click on the node and select Create Site:

image

Give you’re the services site a name and path that matches the value you put into the policy you created for the NetScaler:

image

Proceed with creating the site:

image

image

Continue with configuring the site:

image

Specify the servers in your farm:

image

Choose the resources you’d like to publish:

image

Complete the configuration of the site:

image

With the site created, open up the Server Farms properties:

image

If you have 2 XenApp servers, ensure you select the Use the server list for load balancing option:

imageimage

Once you’ve set the load balancing option for your server farm, right click on the services site and select Secure Access:

image

Click on the Edit button:

image

Select Gateway direct for Access method:

image

Specify the public FQDN that your receiver will be using to connect from the internet:

image

Enter your Secure Ticket Authority URLs (in this example, the servers are the XenApp servers):

image

Complete the configuration by clicking the Finish button:

image

… and we’re done.  From start to finish configuring the NetScaler for tablet access:

image

1 comment:

Anonymous said...

Thanks Terence that helped.