This article is a summary of how to configure Access Gateway Enterprise Edition to support simultaneous remote access using all versions of Receiver, by all relevant access methods. This can be done with a single virtual server.
The network architecture for this configuration is meant to be representative of many environments, from basic to advanced configurations.
A XenApp farm is used to host applications and a XenDesktop farm is used to access XenDesktops (XenDesktop can be accessed, though some of the pooled assignment models and functionality like desktop restart do not work with Storefront Services.)
A Storefront server sits in front of XenApp and XenDesktop, and is joined to the same Active Directory forest. LAN-based client machines using native Receiver can access Storefront directly or connect through a browser to the Receiver for web URL. A Program Neighborhood Agent Protocol interface is also available in Storefront, to support Mac OS X, iOS, and other similar Receivers.
Access Gateway Enterprise Edition is deployed in the DMZ, and Storefront Services is configured to accept connections from the Access Gateway Enterprise Edition.
The configuration documented here has been confirmed to work with the following Access Gateways:
- VPX NetScaler 9.3-50.3.nc
- VPX NetScaler 9.3-52.3.nc
- VPX NetScaler 9.3-53.5.nc
The configuration documented here has been confirmed to work with the following clients:
- Windows Receiver 3.1
Windows 7 Enterprise 16-bit and 64-bit
Windows 7 Home 16-bit and 64-bit
- Mac Receiver 11.4.3
OS X Lion
- Receiver 5.0.1
iPhone iOS 5.0.1
iPad iOS 5.0.1
Basic Storefront Services VPN-less Configuration – LDAP Authentication
In this scenario, a remote user can connect to Receiver for Web using an Access Gateway URL using a browser, or can connect to the Storefront Server with Citrix Receiver for Windows using the native service protocols, or can connect to Storefront Server with Citrix Receiver for other platforms using the legacy Program Neighborhood Agent protocol. In all three cases, the user does not need to establish a Virtual Private Network (VPN) connection, connections are made in VPN-less / clientless mode.
VPN-less access to Receiver for Web
A remote user launches a browser and enters the Access Gateway Enterprise Edition URL https://agee.tek.com and after successfully authenticating with Domain credentials, the user is able to access the Receiver for Web portal https://ds.tek.com/Citrix/StoreWeb. The user can now launch Auto-Provisioned applications or subscribe to published applications or desktops.