So the fuzz for the last couple of months is, what is Unified Gateway ?
From what we can read from the Citrix blog
One URL: Provides consolidation of remote access infrastructure
something revolutionary ? not really.
It is however a combination of features that the Netscaler already has and some of it has been rewamped. It is a combination of bookmarks, content switching rules and clientless access to be able to give users access to all their applications using a single URL. So how to set it up?
First head on over to the management GUI, you should have your own Unified Gateway wizard there.
Next we have the option to choose between a regular Netscaler Gateway or a Unified Gateway deployment
Next we define the parameters of the Unified Gateway vServer (Note that this IP is being defined on the content switching vserver)
Next add the certificates, incluing the RootCA and/or intermidiate cert
Next we need to add a authentication method, like LDAP
Next we choose a portal theme, from here now I can easily choose from my own custom created from a template or choose the built-in themes.
Lastly we need to add our applications.
Now I’m going to start with adding web applications to the gateway. Now when adding a web application I have four options, either choosing (Taken from the Citrix documentation)
- Intranet Application ( Intranet applications can be any internal network resident, web-based application which needs to be made available to VPN users.
To provide access to intranet resident applications through the Unified Gateway URL please check the option below. NetScaler creates a custom URL for HTTP transactions to switch VPN user site requests. To create this custom URL, an application’s root relative url and site strings must be provided. These strings are derived from the application’s real URL. NetScaler uses these strings to create specific Content Switching rules that filter the web requests for each application and direct the VPN user accordingly.)
Clientless Access (NetScaler with Unified Gateway supports clientless access to Outlook Web Access and SharePoint web sites. The full URL for these sites must be specified.
- SaaS (Software as a Service) applications are usually externally hosted web based applications that require authentication. This might be a service such as ShareFile, SalesForce, SAP, or NetSuite.
NetScaler with Unified Gateway supports access through the VPN for these applications and facilitates the user authentication process with single sign-on (SSO) through SAML where available. If the SAML SSO is required, a SAML profile must be configured.
- Unified Gateway supports VPN access to applications already configured locally as a NetScaler load balancing virtual server.
The application’s URL must be given, along with the virtual server configured with the application. The URL must resolve in DNS to the virtual server’s IP address.
Note if you want this application to be configured with the NetScaler to provide single sign-on authentication, an appropriate authentication setting needs to be created on the virtual server.
For instance if we were to add Office365 to the gateway, we also have the option to add SAML based authentication to the mix to allow for SSO based authentication from the Netsacler.
I can also choose Internal based application which are already load balancing using the Netscaler
Now if I want to have SSO here I need to have pre-configured the vServer with the right AAA paramteres. Now important here tha the vServer IP and the URL name resolves using DNS. And that the URL has a / at the end of the address.
Then we can also add clientless access applications like Exchange and SharePoint
And after we have added the other applications we can also integrate with XenApp / XenDesktop
(NOTE Web-front is not an option here)
Now after we are done with adding the resources, we will now be brought back to the dashboard which will show us the status of the gateway. We can also show that the applications are added under resources and bookmarks
You can also see that the vServer Gateway is defined in the content switching policy
and voila! more to come!🙂