Citrix Cloud Gateway, a wrap-up so far
Table of contents :
1 : Introduction
2 : Cloud Gateway Editions
3 : Storefront services
4 : Access Gateway services
5 : Cloud Gateway Enterprise and the Access Gateway Universal License
6 : Cloud Gateway Express and the Platform License
7 : Webinterface V.S. Receiver for Web
8 : Conclusion
1 : Introduction
In this blog post I wanted to talk about Citrix Cloud Gateway, as you may already know, Cloud Gateway will replace Citrix Webinterface and Webinterface will go end of live in 2015. Webinterface has grown into a key component in almost every Citrix environment, and it is a so called “proven technology” product. Webinterface is great in providing access to XenApp and XenDesktop environments in many different ways and different scenarios, but that is also its limitation, there is no possibility to integrate it with Cloud services like follow-me-data or SaaS applications. This is why Citrix made a new product from scratch, called Cloud Gateway. This blog post is a wrap-up so far about Cloud Gateway, because Citrix is working hard on the product things in this blog post may be very soon changed or outdated.
2 : Cloud Gateway Editions
Cloud Gateway Enterprise is the paid version and provides the following features :
- Access to XenApp and XenDesktop (through Storefront)
– ShareFile integration (new in version 2.0)
– Single Sign On (SSO) and account provisioning for Web and SaaS applications through AppController
– Mobile (native) app management + remote wipe (new in version 2.0)
– Access Gateway Universal License included
Cloud Gateway Express is free for XenApp and XenDesktop customers and provides access to XenApp and XenDesktop and Merchandising services only.This version will be the direct replacement of Webinterface.
With Merchandising services you can manage the complete Citrix Receiver (and other plugins) life cycle.
3 : Storefront Services
As you can see in the above pictures Storefront is one of the key components in Cloud Gateway, it’s the broker for all the services behind it and provides a SSO experience for the users.
Storefront provides access to XenApp and XenDesktop in the following 3 ways :
1 : Access through the Native Receiver (Self Service plugin)
2: Access through StoreWeb (Receiver for Web)
3: Access through Legacy mode (PNAgent)
The native receiver can be configured with a provisioning file (.cr file which is XML based) downloaded from the Receiver for Web or distributed by Email or something like that.
To make the internal access to Storefront more clear I made the following drawing :
Every login point is used by different type of client devices, some Receivers (older Thinclients, Android devices and Iphones) still uses the legacy mode (PNAgent). But newer Receivers will talk to Storefront directly and not using Legacy mode anymore.
4 : Access Gateway Services
Another key component in Cloud Gateway is the Access Gateway, there are 2 types of Access Gateways that can be used with Cloud Gateway:
1: Access Gateway VPX (with or without advanced controller software)
2: Access Gateway Enterprise (Netscaler VPX\MPX)
Whether you go for Cloud Gateway Express or Enterprise you need to buy a Access Gateway Platform license for one of this Access Gateways. The platform license will give you unlimited access to XenApp and XenDesktop, this is called ICA proxy. With ICA proxy you are allowed to land on the Webinterface and launch a XenApp and/or a XenDesktop session but you cannot use any advanced features of the Access Gateway (for example Clientless Access, VPN plugin, EPA scans, etc), if you want to use this features you need to purchase a Access Gateway Universal License per concurrent user (included with Cloud Gateway Enterprise license).
In Access Gateway you can choose between the following logon point\virtual server modes :
1: Basic Mode (ICA Proxy only) (Platform license needed)
2: Smart Access Mode (Advanced Features) (Platform license + Universal License needed)
To make this more clear I made a drawing how the access to storefront looks like with the Access Gateway Enterprise edition :
As you can see the Netscaler will check, if it is correctly configured, the type of Receiver based on expression filters and HTTP headers. Netscaler will then contact Storefront the right way depending on the Receiver type. With Access Gateway VPX you cannot configure this expression filters, Access Gateway VPX works with Receiver for Web, but I have not yet seen this working with the native receiver from the outside.
My guess is that Citrix will enable this in a feature release of Access Gateway VPX.
5: Cloud Gateway Enterprise and the Access Gateway Universal License
If you purchase Cloud Gateway Enterprise you are also entitled to use the Access Gateway Universal License, i think this is a logical step because Cloud Gateway Enterprise leverages the clientless access and VPN features of the Access Gateway, for example Appcontroller can be configured with keywords to start the VPN plugin and for access to Storefront clientless access is used.
6: Cloud Gateway Express and the Platform License (ICA Proxy)
As you may have noticed you need clientless access when you want to use the Native Receiver through Access Gateway, though it works on a VIP in basic mode the documentation says that you need a VIP in Smart Access mode to make this work. I can imagine that Citrix is going to allow one of the following when using Cloud Gateway Express with the platform license only :
1: Only allow landing on the Receiver for Website (same as ICA proxy using Webinterface)
2: Allow access for all type of Receivers, but only for use with XenApp and XenDesktop
Option 2 is most preferred imho! ;)
6 : Webinterface V.S. Receiver for Web
First : Webinterface cannot be directly compared to Storefront, because Storefront enables a lot more other features then Webinterface (SSO to other services, Application subscription, more advanced HA, etc.) But if we compare Webinterface with the Receiver for Website, it is safe to say that Webinterface has still a lot more features. Thomas Koetzing made a list of missing features here, but I am certain that Citrix is working hard on this feature list, remember that they are only at version 1.1 so there is a lot more to come.
The total redesign has also some very positive points, for example a big plus of Storefront is that it includes a new user authentication method which directly queries Active Directory rather than the existing double-hop Web Interface process where user credentials are sent from the Web Interface server to the XML broker who then negotiates authentication with the Domain Controller.
I think Cloud Gateway and Storefront have a lot of potential, it gives the user a true single logon experience with all of the applications and data they need in one place on almost every device. Integration is the key here as more and more companies are starting to use Cloud services, Cloud Gateway aggregates and secures this services into one logical logon point with the same look and feel on every device.
On the down side, Storefront is still missing a lot of features compared to Webinterface, if you already installed Storefront and walked through the console you were probably done in 30 seconds ;) not much to customize there. This is why Storefront is not yet a tight fit in scenarios with special needs and requirements. I hope Citrix will make it as flexible and customizable as Webinterface is today in feature releases!
If you want to know more about Fine-tuning Adaptive Display, please read my previous blog post and follow me on twitter or subscribe on this blogsite if you want to be notified when a new blog post is available! thanks!
Please note that the information in this blog is provided as is without warranty of any kind, it is a mix of own research and information provided by Citrix.