Integrate NetScaler with XenApp, XenDesktop and XenMobile


In part 1, I created certificates for my environment with Microsoft Certification Authority

In part 2, I integrated XenMobile into my XenApp and XenDesktop environment

In part 3, I will provide secure remote access to XenMobile, XenApp and XenDesktop with NetScaler.

NetScaler and XenMobile

  1. In a browser, navigate to http://172.16.0.14.
  2. Go to the Configuration screen
  3. Select XenMobile at the bottom of the left pane


4.
Select XenMobile 10 and Get Started
5.
Select only the following: Access through NetScaler Gateway6. For NetScaler Gateway Settings, enter the following:

a. IP Address: 172.16.0.16
b.
Port: 443
c.
Virtual Server Name: XenMobileGateway

6. For the certificate, choose the file from the appliance: WildcardCert.cer
7.
For the key file name, choose the file from the appliance: Wildcard-snpp-local.key
8.
Enter in the private key password we used when we created the key
9. For Authentication, enter in Active Directory information:

a. Primary authentication method: Active Directory/LDAP
b.
IP Address: 172.16.0.10
c.
Base DN: DC=SNPP,DC=local
d.
Service Account: Administrator@snpp.local
e.
Password: password for service account
f.
Test the connection
g.
Server Logon Name Attribute: sAMAccountName (this matches with the LDAP items we used for XenMobile)

10. For XenMobile App Management Settings, enter the following:

a. XenMobile Server FWDN: xm01.snpp.local
b.
Internal load balancing IP Address: 172.16.0.17 (just an unused IP Address)
c.
Communication with XenMobile Servers: HTTPS

11. XenMobile Server Certificate: Use existing certificate – WildcardCert.cer_CERT_KEY
12.
XenMobile Server: 172.16.0.13


NetScaler and XenDesktop

  1. In the left pane, select NetScaler Gateway – Virtual Servers
  2. Select _XM_XenMobileGateway in the virtual servers screen


3.
Scroll to the STA section and select


4.
Select Add Binding
5.
Enter in the following:

a. Secure Ticket Authority Server: https://ddc01.snpp.local
b.
Secure Ticket Authority Server Address Type: IPv4

6. Once entered, revisit the STA list to verify the XenMobile and XenDesktop STAs are green. If not, you must fix before continuing.


XenMobile

In the XenMobile Console (https://XM01.SNPP.local:4443), we do the following

  1. Select the gear icon in the upper right corner
  2. Select NetScaler Gateway
  3. Select Add
  4. Enter the following:
    a. Name: Gateway

    b. External URL: https://Gateway.snpp.local
    c.
    Logon Type: Domain only
    d.
    Password required: Yes
    e.
    Set as Default: Yes


5.
Enable authentication
6.
Save

StoreFront

In the StoreFront console, we do the following

  1. Navigate to Stores
  2. Select the appropriate store at the top


3.
In the right pane, select Configure Remote Access Settings
4.
Select

a. Enable Remote Access
b.
Allow users to access only resources delivered through StoreFront (no VPN tunnel)
c.
Add

5. Enter the following:

a. Display Name: Gateway
b.
NetScaler Gateway URL: https://gateway.snpp.local
c.
Usage or role: Authentication and HDX routing

6. For Secure Ticket Authority, add the following:

https://ddc01.snpp.local (this should be the same one added in the NetScaler Gateway configuration. You only need the XenApp/XenDesktop STA and not the XenMobile)


7.
For Authentication Settings, leave default options


8. Verify the remote access settings for the store


Test

On the Android phone used earlier, do the following:

  1. While logged into Citrix Secure Hub, select the menu in the upper left
  2. Select Preferences – Account – Delete Account (We need to reconfigure Secure Hub for our Gateway address. You can also uninstall/reinstall the app from the app store)
  3. Enter in the following: gateway.snpp.local


4.
Enter in user ID and password



5.
Select Add apps from Store


6.
Launch a XenApp/XenDesktop resource


With the session running, launch Director from the delivery controller. Look at the detailed information for the session to verify the Connected via address is the SNIP address (172.16.0.15) for the NetScaler.

 

Daniel (Follow on Twitter @djfeller)
Citrix XenApp and XenDesktop 7.6 VDI Handbook
XenApp Best Practices
XenApp Video

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s