Citrix Netscaler Gateway 11
Citrix have released Netscaler Gateway 11
This is a major release and one thing I love about this release is that the entire GUI is again changed and now there is support for VPN access with Android, IOS, Linux.
NetScaler Gateway 11.0 adds the following new features and enhancements:
This feature extends NetScaler Gateway connectivity with access to any web application through a single URL, along with seamless single sign-on and sign-off. Single URL access can be configured for:
- Internal organizational web applications
- Software as a Service applications, including SAML based single sign-on when available
- Outlook Web Access and SharePoint as clientless applications
- Load balanced applications served through NetScaler load balancing virtual servers
- XenApp and XenDesktop published resources.
The feature can be configured and managed with the Unified Gateway wizard in the NetScaler configuration utility. [#00552862, #0438356, #0519875, #0519875]
SmartControl allows policy-based management decisions for ICA connections through the VPN. SmartControl policies can be applied at the session level to control user’s ICA environment and to further manage ICA connections with SmartGroup sorting decisions.
The Portal Customization options have been expanded to allow end-to-end customization of the VPN user portal. Administrators can apply themes to their VPN portal design or use themes as a foundation for their own customization or branding. An option to present VPN users an End User License Agreement (EULA) has also been added to the portal design. Portal themes and EULAs can be bound to a VPN virtual server or specified as global VPN parameters.
NetScaler Gateway release 11.0 adds new plug-in clients for the following operating systems:
- Android 4.1 or later
- iOS 7 or later
- Linux (Ubuntu 12.04 and 14.04)
Each of these clients provides full SSL VPN tunnel functionality through NetScaler Gateway and supports all authentication methods available in NetScaler Gateway 11.
Additionally, the Mac OS and Windows plug-ins have been refreshed and updated for the 11.0 release, including OS X 10.10 (Yosemite) support for the Mac OS X plug-in.
The NetScaler Gateway client plug-ins are no longer coupled to the Citrix NetScaler Gateway 11 release versioning. Settings for version requirement per client OS type can be configured globally and within session policies.
The desktop client plug-ins icons can now be configured to operate independently from Native Citrix Receiver clients. Settings to manage Receiver integration with the NetScaler Gateway Plug-ins can be configured globally and within session policies.
This enhancement adds an option in client Endpoint Analysis (EPA) to prevent automatic client updates by disabling the “EnableAutoUpdate” registry key.
This feature allows administrators to deploy NetScaler Gateway with XenApp and XenDesktop in a striped cluster configuration. Administrators can use existing Gateway configurations and scale seamlessly in a cluster deployment without having to restrict the VPN configuration to a single node.
Note that this feature is limited to ICA Proxy basic-mode virtual servers and does not support SmartAccess.
NetScaler Gateway has improved support for access to Outlook Web Access 2013 and SharePoint 2013 through Clientless VPN (CVPN) sessions.
WebFront is an alternative integration point for XenApp and XenDesktop deployments served by StoreFront. Resident on NetScaler, WebFront uses caching and packet flow optimization in the distribution of user stores. These techniques improve end user experience for Receiver for Web users and speed up single sign-on for native Receiver users. In the NetScaler configuration utility, the WebFront feature is on the Configuration tab at System > WebFront.
Automatic session timeout can be enabled for ICA connections as a VPN parameter. Enabling this parameter forces active ICA connections to time out when a VPN session closes.
NetScaler Gateway virtual servers have improved intelligence for handling CGP traﬃc destined for the common CGP port, 2598, over WebSockets. This enhancement allows Receiver for HTML5 user sessions through NetScaler Gateway to support Session Reliability.
NetScaler now uses SPNEGO encapsulation on Kerberos tickets that are sent to back-end web applications and servers.
This enhancement adds support for cross-domain Kerberos constrained delegation when both the user and the service realm have a two-way shortcut trust. That is, if the user and service belong to different domains/realms, constrained delegation fails. However, if a user logs on with a user name and password, Kerberos Single Sign-On works for cross-domain access, because the NetScaler Gateway appliance does Kerberos impersonation with the user password. NetScaler Gateway currently does not otherwise support cross-domain constrained delegation.
Download Citrix Netscaler Gateway 11 build 55.20 here (requires MyCitrix ID)
Citrix technology professional – CTP, and Microsoft Most Valuable Professional MVP, Thomas Poppelgaard provides professional services. Write to me on my email firstname.lastname@example.org or call on my cell +45 53540356