Citrix Access Gateway 5.0 VPX
I am proud to inform you all that Citrix have released Citrix Access Gateway 5.0 VPX.
The CAG 5 VPX is a major breakthrough, thats going to change how we use Secure solutions from Citrix. The VPX means that is a virtual appliance, that you can implement on either XenServer or VmWare. You can also upgrade your existing 2010 appliance to Citrix Access Gateway 5.0. Access Controller is a new functionality that replace the old “Advanced Access Control” So all you people using Access Gateway, Secure Gateway. Jump on the wagon and virtualize your Access Gateway. For best redundancy i recommend that you look at Netscaler.
Access Gateway 5.0 includes the following new features:
- Access Gateway Management Console. The Management Console replaces the Administration Tool and Administration Portal in earlier versions of the appliance. The Management Console, a Web-based application, makes it easy to install certificates, configure access control, and monitor activity from any Flash-enabled Web browser. For more information, see Introducing the Access Gateway Management Console.
- Authentication profiles. Authentication profiles replace authentication realms. You can configure LDAP, RADIUS, and RSA profiles on the appliance. You can configure double source authentication using logon points. You can also use Active Directory authentication on Access Controller. For more information about configuring authentication on Access Gateway or Access Controller, see either Configuring Authentication and Authorization or Configuring Authentication and Authorization on Access Controller.
- Network resources. A network resources identifies those areas in the secure network that users are allowed to access. You can allow or deny access to a network resource in SmartGroups. For more information, see Network Resources Overview.
- Logon points. Each Access Gateway appliance can host multiple logon points to support different features or different user communities. You can configure Basic and SmartAccess logon points. Basic logon points allow users to connect with Citrix online plug-ins or Desktop Receiver only, providing access to published applications or desktops. Users do not need a Universal license to log on using a basic logon point. SmartAccess logon points allow users to connect with the Access Gateway Plug-in and have greater access to network resources. For more information, see Logon Points Overview.
- SmartGroups. SmartGroups in Access Gateway contain a collection of settings that group users according to their identity, location, authentication and authorization type, and the results of endpoint analysis (as defined in device profiles). First, you define the criteria users must match to become a member of a SmartGroup, and then you define the network resources, actions, and other settings for the SmartGroup. For more information, see SmartGroups Overview.
- Device profiles. You can configure endpoint analysis scans using device profiles. If you enable a device profile within a logon point, the endpoint analysis scan determines if users receive the logon page and subsequently log on. If you enable a device profile in a SmartGroup, the device profile you select determines the user access permissions for that SmartGroup. For more information, see Device Profiles Overview.
- Snapshots. You can take a snapshot of the appliance configuration at a given point of time. You can export snapshots to your computer and you can revert to an earlier snapshot. Using the Snapshots tab in the Management Console, you can upgrade to new Access Gateway software versions. For more information, see Snapshots Overview
- Appliance failover.You can configure two Access Gateway appliances for appliance failover. The appliances operate in active/passive mode, in which the primary appliance services all user connections, and the secondary appliance monitors the primary appliance and synchronizes session information. If the primary appliance fails, the secondary appliance takes over. For more information, see Deploying Additional Access Gateway Appliances for Load Balancing and Appliance Failover.
- Clustering. In Access Gateway 5.0, when multiple servers are running Access Controller, the servers are referred to as a cluster. When you have a cluster, you can share sessions across multiple Access Gateway appliances.
- Native Active Directory authentication. Access Controller supports native Active Directory with Windows authentication.
- Advanced endpoint analysis options.
- Advanced authentication options.
- Centralized control of multiple Access Gateway appliances.
- Centralized access logging.
- Delivery Services Console. The Access Controller administration tool is more closely aligned with XenApp and XenDesktop.
Platform License Required
Each appliance running Access Gateway 5.0 requires a platform license in order to function. Without the platform license installed, the gateway will not allow logins after a 48-hour grace period. Platform licenses are delivered electronically when an appliance is ordered. If you have an existing Access Gateway Model 2010 appliance covered by Warranty, you can obtain your Access Gateway Platform License using the Upgrade My Products toolbox on MyCitrix.
User Licenses Optional
The required Access Gateway platform license enables unlimited logins through Basic logon points. Each concurrent login to a SmartAccess logon point requires an Access Gateway user license. Access Gateway Standard Edition or Access Gateway Universal licenses may be used for this purpose.
Subscription Advantage Eligibility Date
To use your existing Access Gateway licenses with this version, the Subscription Advantage on those licenses must be valid on or after September 1, 2010.
Access Gateway 5.0 is supported only on the following appliance platforms:
- Access Gateway Model 2010
- Access Gateway VPX
Discontinued Features and Functionality
The following table below lists the features that are deprecated or removed in Access Gateway 5.0.
|Feature||Access Gateway||Access Controller||Comment|
|Double-hop demilitarized zone (DMZ)||x|
|Dynamic routing with the Routing Information Protocol (RIP)||x|
|Windows NT LAN Manager (NTLM) as an authentication method||x|
|Locally defined users on Access Gateway||x|
|Administration Tool||x||This feature is replaced by the Access Gateway Management Console.|
|Administration Portal||x||This feature is replaced by the Access Gateway Management Console.|
|HTML Preview||x||This feature was part of Access Gateway Advanced Edition and is removed from Access Controller.|
|LiveEdit||x||This feature was part of Access Gateway Advanced Edition and is removed from Access Controller.|
|Licensing||x||All licensing is handled on the appliance or by Citrix License Server. You do not have to install licenses on Access Controller.|
|Web e-mail||x||This feature is replaced by Outlook Web Access or Outlook Web App.|
Citrix Access Gateway 5.0 Plug-in for Windows
Citrix Access Gateway Demo
How To: Overview of new EPA Client in Access Gateway 5.0
How To: Overview of Authentication Profiles in Access Gateway 5.0