XenApp with out access gateway?
Right now we have the Citrix Access Gateway authenticating outside users for our XenApp. Is there any other way we can do this with out the CAG?
ASKER
better yet can i NAT to XenApp web interface login? Vs using the CAG?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
what is a WI?
Awesome that helps man. Any other good advice on the subject? we are trying to avoid the CAG
Awesome that helps man. Any other good advice on the subject? we are trying to avoid the CAG
Sorry I shorten "Web Interface" to WI.
Why are you trying to avoid the CAG?
Why are you trying to avoid the CAG?
ASKER
We are going to switch our VPN solution. Our CAG is end of life. XenApp has been good but the CAG has to go. Right now we are using the CAG to authenticate to XenApp. I'm not the citric guy. I am just helping doing some research. Thanks for your help.
There may be other in the community was other options, but I'll lend you these:
Citrix is replacing their CAG with their Netscaler which has the CAG functionality built in. The Netscaler can also provide VPN access. The Netscaler can do a LOT of things, but I'm not versed in it enough to go into detail. You'd have to buy a Netscaler or dual Netscalers for high availability. The CAG module might be free and depending on the licenses you have with XenApp.
Citrix still has the Secure Gateway solution that runs on Windows Server, but as I said they are trying to phase that out because they want people to move to their Netscaler solution. Even if you implement it, you may not have support.
You can open up your WI's and XenApp servers to the internet (Firewall Ports/NAT), but I'm not sure if that is the most secure way since you're opening up your servers to the internet. You also have to decide if you what level of encryption you want to place on your ICA traffic since with the CAG it was SSL encrypted.
If you have a VPN, then why do you need users to access XenApp over the internet? Will some people not have VPN access?
Citrix is replacing their CAG with their Netscaler which has the CAG functionality built in. The Netscaler can also provide VPN access. The Netscaler can do a LOT of things, but I'm not versed in it enough to go into detail. You'd have to buy a Netscaler or dual Netscalers for high availability. The CAG module might be free and depending on the licenses you have with XenApp.
Citrix still has the Secure Gateway solution that runs on Windows Server, but as I said they are trying to phase that out because they want people to move to their Netscaler solution. Even if you implement it, you may not have support.
You can open up your WI's and XenApp servers to the internet (Firewall Ports/NAT), but I'm not sure if that is the most secure way since you're opening up your servers to the internet. You also have to decide if you what level of encryption you want to place on your ICA traffic since with the CAG it was SSL encrypted.
If you have a VPN, then why do you need users to access XenApp over the internet? Will some people not have VPN access?
ASKER