Aggregate, provision and manage your applications with CloudGateway Express Curtis Kegler Readiness Specialist May 7, 2012 Andrew Innes Sr Architect, Receivers

Aggregate, provision and manage your applications with CloudGateway Express

Curtis KeglerReadiness Specialist

May 7, 2012

Andrew InnesSr Architect, Receivers & CloudGateway

2#CitrixSummit

• Introduction to CloudGateway

• Technical Deep Dive

• System Requirements and Compatibility

• Citrix Receiver 3.2 Standard vs. Enterprise

• Receiver for Web vs. Store

• High Availability

• CloudGateway Integration with AGEE 10.0

• CloudGateway and Mobile Devices Integration

Agenda

Introduction to CloudGateway

3

#CitrixSummit

Windows

Web, SaaS, Mobile

Data

Citrix CloudGateway

PCsMacs

TabletsSmartphones

Thin Clients

Citrix Receiver

Aggregate & Control

Access & Self-Service

#CitrixSummit

CitrixCloudGateway

Express

Windows apps & desktops

CitrixCloudGateway

Enterprise

Windows apps & desktops,Web & SaaS apps

#CitrixSummit

• Enables self-service upgrade to Receiver○ Supports both browser and native experience

• ‘Follow-Me’ Windows apps & desktops○ Supports XenApp & XenDesktop

• Easy installs in minutes○ Runs simultaneously with legacy Web Interface

• No new hardware required○ Runs as a service on Windows Server

• Easy upgrade to CloudGateway Enterprise

Citrix

CloudGatewayExpress

#CitrixSummit

Citrix

CloudGateway

Express

FREE!

for all XenApp & XenDesktop customers

Technical Deep Dive

#CitrixSummit

Gateway services

XenAppXenDesktop

Web & SaaS

Mobile

Sto

refr

ont

™se

rvic

es

Citrix CloudGateway

pcmac

smartphonetablet

thin clientData

#CitrixSummit

Storefront services

Storefront services

Native Receivers

Browser desktopsappsSaaSdatamobile

#CitrixSummit

Native Receivers

Browser

Authentication

Receiverfor

Web

Store

Launch

desktopsappsSaaSdatamobile

Storefront services

#CitrixSummit

New auth system

Auth Service

Give me a token for Store

Core User Directory

“Do Something” Store Services

Some otherService

“who you are”“where you are”

“what device”…

Trust

Denied (talk to Auth)

Denied (…)

Give me a token for AuthHow do you want to login?

Login using ‘Generic Forms’Fill in this form

Username=… Password=….Here is a Token for Auth

Give me a token for StoreHere is a Token for Store

“Do Something”

“Do Something”

#CitrixSummit

AG

New auth system – with Access Gateway

Auth Service

Give me a token for Store

Core User Directory

Present auth tokenStore

Services

EPA & Auth

SSO Detect call is via AG and offer AG SSO as an auth

method.Here is a Token for Store

Detect call is via AG and include as extra information

in call context.

#CitrixSummit

One Store for All Receivers

Storefront Services

Site 1

Site 2

Access Gateway

HA Pair or scale-out

cluster

Scale-out cluster with web LB

#CitrixSummit

Provisioning files

Store = https://itdevstores.citrite.net/Showcase Gateway = ftlagx.citrix.com, “US-East” Gateway = sjcagx.citrix.com, “US-West” Gateway = lonagx.citrix.com, “EMEA” Default = ftlagx.citrix.com

Beacons Internal = http://mycitrite.net External = http://www.citrix.com External = http://www.google.com

ftlagx.citrix.com

lonagx.citrix.com

sjcagx.citrix.com

itdevstores.citrite.net

#CitrixSummit

itdevstores.citrite.net

Roaming

lonagx.citrix.com

sjcagx.citrix.comftlagx.citrix.com

#CitrixSummit

Mac and Windows

Storefront Services Tier

Storefront Services architectureXenApp Farms

InternalWeb Apps

Browser

Thin Clients

XML ServiceAdaptor

?

WebReceiver

Future CitrixAdaptors

MobileDevices

SaaS Apps

List All Apps

Launch App

“Value Adds”

List My Apps

Subscribe

Stor

eSe

rvic

esAu

then

ticati

onSe

rvic

e

Update Service(Merchandising Server)

3rd PartyAdaptors

3rd Party Web

Password

OTP

Kerberos

...

?

3rd Party Apps

Smartcard

AppController

Acce

ss G

atew

ayXenDesktop Farms

System Requirements and Compatibility

#CitrixSummit

System requirements

• Supported only on Windows 2008 R2 SP1

• Internet Information Services (IIS) 7.5

• SQL Express 2008 R2 or SQL 2008 R2

• .NET Framework 3.5 SP1

• No more Microsoft J# 2.0!

#CitrixSummit

Supported XenApp versions

Product Name Operating System

XenApp 6.x Windows 2008 R2

XenApp 5.0 with FP2/FP3Windows 2008 (32-bit / 64-bit)

Windows 2003 (32-bit / 64-bit)

XenApp 5.0 with FP1 Windows 2003 (32-bit / 64-bit)

XenApp 5.0 Windows 2008 (32-bit / 64-bit)

Windows 2003 (32-bit / 64-bit)

XenApp 4.0 with FP1/FP2 Unix Operating Systems

#CitrixSummit

Supported XenDesktop versions

Product Name Operating System

XenDesktop 5.6 Windows 2008 Standard/Enterprise (32-bit / 64-bit) with SP2Windows 2008 R2 Standard/Enterprise (64-bit) only



XenDesktop 4.0 Windows 2003 Standard/Enterprise with SP2Windows 2003 R2 with SP2

22#CitrixSummit

Supported XenDesktop versions

• Windows 2008 Standard/Enterprise

(32-bit / 64-bit) with SP2

• Windows 2008 R2

Standard/Enterprise (64-bit) only

XenDesktop 5.x• Windows 2003 Standard/Enterprise

with SP2

• Windows 2003 R2 with SP2

XenDesktop 4.x

23#CitrixSummit

Receiver for web recommendationsClient Operating System Browser ConnectionCitrix Receiver Windows 3.2

Windows 7 64-bit with SP1Windows 7 32-bit with SP1

IE 9 (32-bit mode)IE 8 (32-bit mode)Mozilla Firefox 10Mozilla Firefox 9Google Chrome 17Google Chrome 16

Local network and Access Gateway

Windows Vista 64-bit with SP2Windows Vista 32-bit with SP2Windows XP Professional x64 with SP2Windows XP Professional with SP3

IE 8 (32-bit mode)

RfMac 11.5 Mac OS X 10.7 Lion Safari 5.1Mozilla Firefox 10

Local network and Access Gateway

Mac OS X 10.6 Snow Leopard Safari 5.0

RfLinux 12.1 Red Hat Enterprise Linux 6 DesktopUbuntu 11.1 32-bit

Mozilla Firefox 10Mozilla Firefox 9

Local network only

RfChromebook 1.0

Google Chrome OS 17 Google Chrome OS 17 Local network and Access Gateway

#CitrixSummit

Ports usedComponent PortsStoreFront services – (Authentication)

Kerberos (88) / LDAP (389) / Kpasswd (464)

StoreFront services – (XML Communication) HTTP (80) / HTTPS (443)

ICA 1494

CGP – Session Reliability 2598

Receiver for Windows HTTP (80) / HTTPS (443)

Receiver for Web HTTP (80) / HTTPS (443)

Citrix Receiver 3.2 Standard vs. Enterprise

#CitrixSummit

Standard vs. Enterprise

• Web plug-in

• Authentication Manager

• Single Sign-on

• Self-service

• Generic USB (XenDesktop)

Citrix Receiver Standard – plug-ins

• Desktop Viewer (XenDesktop)

• HDX Media Stream for Flash

• Aero desktop experience

#CitrixSummit


• Web plug-in

• PNA plug-in

• Single sign-on/pass-through

authentication

• Generic USB (XenDesktop

Citrix Receiver Enterprise – plug-ins

• Desktop Viewer (XenDesktop)

• HDX Media Stream for Flash

• Aero desktop experience

#CitrixSummit


StoreFront Services Feature

Citrix Receiver 3.2 Standard

Citrix Receiver 3.2 Enterprise

Store support

Receiver for Web support

Legacy PNAgent support

Pass-thru authentication to Store

Provisioning Files support

AG clientless-VPN support1

Receiver for Web vs. Store

#CitrixSummit

Receiver for web vs. storeReceiver for web

• Receiver for Web = Web-browser site

• Does not contain farm(s) information

• Beacons are not applicable

#CitrixSummit

Receiver for web vs. storeReceiver for web

#CitrixSummit

Receiver for web vs. storeStore

• Store = XenApp Services site

• Contains farm(s) information

• Beacons are applicable

• Remote access with Citrix Receiver 3.2 (Standard)

#CitrixSummit

Receiver for web vs. storeStore

Lab 1 Prepare the SQL Database for StoreFront Installation

#CitrixSummit

Lab Environment Login

Launch your browser and type http://

training.citrixsynergy.net

Your session code is:

“session code”

http://training.citrixsynergy.net/

http://training.citrixsynergy.net/

High Availability

#CitrixSummit

AccessGateway

StoreFront

XA or XDFarm

AccessGateway

XA or XDFarm

XA or XDFarm

DatabaseServer

LoadBalancer

(NS)StoreFront

Active/ PassivePair

MultipleActive(Stateless)

ClusterDatabaseServer

Non critical.If DB fails, UX

degrades on Web Receiver, but access from all Receivers is

possible

HIG

H A

VA

ILA

BIL

ITY

#CitrixSummit

High Availability deployment

• Great for Enterprise-level deployments

• Provides high availability / failover to Stores

• Needs a load balancer – e.g. NetScaler

• Subscription database is remote

• No master / slave setup

#CitrixSummit

Multiple server group deployment – checklist

• Minimum of 2 server setup

• Prepare remote database by using scripts

• Hardware/Software load balancer configured

• Install/Configure StoreFront Services on primary server

#CitrixSummit

Multiple server group deployment – checklist

• Install StoreFront Services on secondary server

• Join secondary server to the Server Group

#CitrixSummit

Multiple server group deployment – primary

Deploy a single server

Deploy a multiple server group

Join existing server group

#CitrixSummit


• Enter the hostname (FQDN) of the

load balancer

• Enter the Database server IP,

hostname or FQDN

• Enter the Database name

#CitrixSummit


1 Authentication Service

#CitrixSummit


• Select the authentication method

desired

• User name and password

• Domain pass-through

• Pass-through from Citrix Access

Gateway

#CitrixSummit


2 Stores

#CitrixSummit


• Specify Store name

• Default name is “Store”

#CitrixSummit


• Define Server (Content Connector)

• Define Transport type

• Port

#CitrixSummit


3 Receiver for Web

#CitrixSummit


#CitrixSummit

Multiple server group deployment – secondary

Single server deployment

Multi-server deployment

Join an existing server group

#CitrixSummit


• From Secondary Server…

#CitrixSummit


• From Primary Server…

Citrix Confidential - Do Not Distribute

#CitrixSummit


• From Secondary Server…

#CitrixSummit



#CitrixSummit



#CitrixSummit



#CitrixSummit



#CitrixSummit


• Once “Propagate Changes” is complete:

• Verify Authentication Service URL

• Verify Stores

• Verify Receiver for Web

• (Optional) – Verify Gateways

Lab 2 Installation and Configuration Multi-Server Deployment

CloudGateway Integration with AGEE 10

#CitrixSummit

High Availability Deployment

StoreFront Services (Primary)

Access Gateway 10.0

StoreFront Services (Secondary)

Internet LANDMZ

AppController/XenApp/

XenDesktop

#CitrixSummit

StoreFront Services / AG IntegrationStoreFront Checklist

• Enable “Pass-through from Citrix Access Gateway”

• “Set server as Access Gateway Enterprise Edition”

• Define SNIP or MIP

• Define ‘callback’ service URL

#CitrixSummit

StoreFront Services / AG IntegrationStoreFront Checklist

• Define Secure Ticket Authority servers

• Configure Beacons – internal / external (Mandatory)

• “Enable Remote Access” to select Gateway(s)

#CitrixSummit

StoreFront Services / AG IntegrationAccess Gateway Enterprise Checklist

• (ICA Proxy) Create session policy for Receiver for Web

• Clientless (CVPN) access supported

• Session policy for Legacy PNAgent support – e.g. Mobile devices

• (Multi-server) Create AGEE LB VIP

• (Optional) Enable VPN to access Web/SaaS apps

#CitrixSummit

AG Integration – Receiver for Web

• (ICA Proxy) create expression

for web browser access only

#CitrixSummit

AG Integration – Receiver for Web (Cont.)

• (ICA Proxy) settings to configure

under session profile

#CitrixSummit

AG Integration – Store

• (ICA Proxy) create expression

Store access using Receiver

#CitrixSummit

AG Integration – Store (Cont.)

• (ICA Proxy) settings to

configure under session

profile

#CitrixSummit

AG Integration – Legacy PNAgent site

• Legacy PNAgent support

• Create expression for Citrix

Receiver access

#CitrixSummit

AG Integration – Legacy PNAgent site (Cont.)

• (ICA Proxy) settings to

configure under session

profile

Lab 3 Configure AGEE for Single Sign On to StoreFront Services

CloudGateway and Mobile Devices Integration

#CitrixSummit

Supported Citrix Receiver (Mobile)

Type Version Supported?

Receiver for Android 3.0.60

Receiver for iOS 5.0.21

Receiver for BlackBerry 2.21

Receiver for Playbook 1.01

Receiver for Windows Mobile 11.5

#CitrixSummit

StoreFront Services / mobile device integration

• Legacy Support enabled by default

○ BlackBerry

○ Playbook

StoreFront checklist (Internal Access)

#CitrixSummit

StoreFront Services / mobile device integrationAG Checklist (External Access)

• Enable “Enable Remote Access” on the Store

• (AGEE) configure session policy with ICA Proxy for

Mobile devices CTX124937

http://support.citrix.com/article/CTX124937

#CitrixSummit

#CitrixSummit

Lab 4 Testing High Availability

#CitrixSummit

References

• Planning Your StoreFront Deployment - http://tinyurl.com/7a7w392

• CloudGateway Express POC Guide - http://tinyurl.com/7ca93o5

• Receiver for Windows (System Requirements) - http://tinyurl.com/7xndvry

• XenDesktop 5.6 with StoreFront Services and Access Gateway -


• Integrating Access Gateway and StoreFront Services - http://tinyurl.com/83rq37s

http://tinyurl.com/7a7w392

http://tinyurl.com/7a7w392

http://tinyurl.com/7ca93o5

http://tinyurl.com/7ca93o5

http://tinyurl.com/7xndvry

http://tinyurl.com/7xndvry


http://tinyurl.com/83rq37s




#CitrixSummit

Tweet about this session with hashtag #SUM618D and #CitrixSummit

#CitrixSummit

We value your feedback!Take a survey of this session now in the mobile app

• Click 'Sessions' button

• Click on today's tab

• Find this session

• Click 'Surveys'

82#CitrixSummit

Before you leave…

• Recommended related breakout sessions: ○ (Attn: Speaker – if applicable – please list session name and number AND date/time and

room name of when/where the related session(s) is happening – DELETE THIS TEXT ONCE YOU FILL IN INFORMATION)

○ If there no related sessions, delete this bullet

• Session surveys are available online at www.citrixsummit.com starting Thursday, May 10○ Provide your feedback and pick up a complimentary gift at the registration desk

• Download presentations starting Monday, May 21, from your My Organizer tool located in your My Account

http://www.citrixsummit.com/

Documents

Aggregate, provision and manage your applications with CloudGateway Express Curtis Kegler Readiness Specialist May 7, 2012 Andrew Innes Sr Architect, Receivers