There’s actually a Citrix KB that describes how to configure the Citrix Access Gateway for mobile devices:
How to Configure Citrix Access Gateway Enterprise Edition for Use with Citrix Receiver for Mobile Devices
http://support.citrix.com/article/CTX124937
… but as usual, I always prefer to document my work as it serves to be something familiar that I can quickly reference to when having to go through the same steps so this blog post serves to be just that.
Start by logging into your Citrix Access Gateway (for this example, we’ll be configuring a NetScaler VPX appliance on VMware).
Note: Make sure you’ve configured the access gateway for remote access already. For more information on how to do this, see one of my previous posts:
Configuring Citrix NetScaler VPX (1000) 9.3 for publishing Web Interface server access by authenticating against Active Directory
http://terenceluk.blogspot.com/2012/02/configuring-citrix-netscaler-vpx-1000.html
Navigate to the Session node under Access Gateway –> Policies:
Right click on the Sessions node and select Add…:
A new Create Access Gateway Session Policy window will be presented. Give the new policy a name for the Name text field:
Next, we’ll need to add an expression for this policy (a rule to match the device connecting) so click on the Add… button:
In the Add Expression window, click on the Qualifier drop down box and select Header:
In the Operator drop down box, select CONTAINS:
In the Value text field, type in CitrixReceiver then in the Header Name type in User-Agent, in the Offset text field, type in 0 then click on the OK button to create the expression:
You should now see an expression created:
Next, create a new Request Profile by clicking on the New button:
Give the new Session Profile a name:
Under the Client Experience tab, check the checkbox Single Sign-on to Web Applications:
Under the Security tab, check the checkbox Override Global and select Allow for the Default Authorization Action:
Under the Published Applications tab, type configure the following settings:
ICA Proxy: ON
Web Interface Address: yourWebInterfaceServerPNAgentDirectory/config.xml
Single Sign-on Domain: yourDomain
Note that the Web Interface Address is going to be a directory we’ll configure after we’ve completed the access gateway configuration:
Click the Create button and you’ll see a new Request Profile created for your Access Gateway Session Policy:
Clicking the OK button and you’ll now see a new Access Gateway Session Policy:
Proceed with navigating over to the Virtual Servers node under Access Gateway and open up the properties of it:
Once you have the properties opens, we’ll need to proceed to create add the policy we created earlier:
Right click on the empty white space and select Insert Policy:
Click on the new policy row and select the policy we created earlier (Web Interface NLB Policy – Citrix Receiver):
Once the policy has been selected, we need to change the priority to a value that’s lower than your policy for web browser access:
For this example, we’re going to set it to 90, 10 lower than the 100 assigned to the web access policy:
Now that we have the NetScaler VPX appliance configured, the next step is to create a XenApp Services Site for the tablet requests going into the NetScaler VPX through the internet so log onto your Web Interface server, open the Citrix Web Interface Management, select the XeNApp Services Site, right click on the node and select Create Site:
Give you’re the services site a name and path that matches the value you put into the policy you created for the NetScaler:
Proceed with creating the site:
Continue with configuring the site:
Specify the servers in your farm:
Choose the resources you’d like to publish:
Complete the configuration of the site:
With the site created, open up the Server Farms properties:
If you have 2 XenApp servers, ensure you select the Use the server list for load balancing option:
Once you’ve set the load balancing option for your server farm, right click on the services site and select Secure Access:
Click on the Edit button:
Select Gateway direct for Access method:
Specify the public FQDN that your receiver will be using to connect from the internet:
Enter your Secure Ticket Authority URLs (in this example, the servers are the XenApp servers):
Complete the configuration by clicking the Finish button:
… and we’re done. From start to finish configuring the NetScaler for tablet access:
1 comment:
Thanks Terence that helped.
Post a Comment