Skip to main content

How to Configure Citrix VDI-in-a-Box 5.1 Remote Access with Citrix NetScaler Access Gateway 10

Citrix have released a new version of VDI-in-a-box 5.1. Citrix have created this article that describes how you get access to you VDI external with Netscaler Access Gateway 10 & VDI-in-a-box 5.1

It cant be more easy to configure with this guide.. so go get your netscaler access gateway 10 and configure it with VDI-in-a-box.

Enjoy /Poppelgaard


Configure VDI-in-a-Box 5.1 Remote Access with NetScaler Access Gateway 10


• VDI-in-a-Box 5.1 grid

• NetScaler 10 build 69.4 or later (VPX, MPX, SDX)

o NetScaler Platform License


This document provides instructions to configuring remote access to VDI-in-a-Box virtual desktops. The latest NetScaler versions (build 69.4 or later) now include an Access Gateway wizard to allow for quick remote access setup. Configuring the VDI-in-a-Box will consist of adding HDX gateway information and adding a Grid IP address.


Configure the VDI-in-a-Box Grid IP Address:

1. Log into the VDI-in-a-Box web console as an administrator.

2. Go to the Admin > Advanced Properties menu.

3. Scroll down to the Grid section.

4. Enter an IP address to use in the Grid IP address.

Configure the VDI-in-a-Box HDX Gateway:

5. Log into the VDI-in-a-Box web console as an administrator.

6. Go to the Admin > Advanced Properties menu.

7. Scroll down to the Gateways section.

8. Enter the FQDN and port of the Access Gateway in the External HDX Gateway field.

9. Enter the NetScaler MIP or SNIP to be used by VDI-in-a-Box in the Internal HDX Gateway field.

  • Configure the NetScaler appliance:
  • Import to support hypervisor if using the NetScaler VPX (virtual appliance).
  • Configure NetScaler IP Address (NSIP) via the Console and restart.
  • Log into the NetScaler web console with default credentials: nsroot/nsroot.
  • Provide a Host Name and configure the type of IP address to use for communication with the VDI-in-a-Box servers and desktops.
  • More information about SNIPs and MIPs found in these links:

14. Complete the Setup Wizard using default values.

15. Click the Manage License link to upload a NetScaler Platform License.

16. Click Finish.

17. Save the configuration when prompted and restart the NetScaler.

Configure Access Gateway virtual server:

  • Log back into the NetScaler web console.
  • Select Access Gateway feature and then Create/Monitor Access Gateway to open the Access Gateway 10 Home page.
  • Click the Get Start button to open the Access Gateway Setup page.

21. Fill out the Access Gateway Setting section. The IP address is typically in a perimeter network or a public IP address that users connect to. Optionally, enable https redirection so the gateway will accept (and redirect) http requests to https.

22. Fill out the LDAP Authentication section. This is required when configuring the wizard, but the authentication policy can be disabled later.

• IP Address: Active Directory domain controller.

• Port: Usually 389 or 636.

• Base DN: Provide the Distinguished Name for the users in AD, such as OU=Users,OU=VDI,DC=domain,DC=com.

• Admin Base DN: Provide the Distinguished Name for a domain admin, such as CN=Administrator,CN=Users,DC=domain,DC=com.

• Logon Name: This should be SAMAccountName.

• Password: Provide the domain admin’s password.

23. Select one of the options from the Certificate section.

• Install Certificate: Select this option to upload the server certificate and private key that has already been generated (valid or self-signed). Certificates can be generated using the SSL feature of the NetScaler or any other certificate utility, such as OpenSSL or Java KeyTool.

• Use Test Certificate: Select this option if a self-signed test certificate is needed. Provide a name and FQDN for the certificate.

Important: Upon completion of this wizard the test certificate and root certificate must be exported from the NetScaler and installed on client devices. This is found in Configuration > SSL > Manage Certificates / Keys / CSRs section.

24. Check the box to show DNS and type the IP address of the DNS server to be used. For production environments this should be an external-facing DNS server that will be used to redirect http to https requests based on the FQDN, if enabled in the Access Gateway Settings section.

25. Select the Web Interface option in the CloudGateway/Web Interface section. The WI and STA fields must use https instead of http.

Note: VDI-in-a-Box 5.1 does not support CloudGateway.

• Web Interface Address: Provide the URL for the VDI-in-a-Box Grid IP Address, such as https://vdiGridIP.

• Single Sign-on Domain: Provide the Active Directory domain. This will be used for SSO with PNAgent used by the Citrix Receiver.

• Secure Ticket Authority: Provide the STA URL using the VDI-in-a-Box Grid IP, such as https://vdiGridIP/dt/sta.

• Leave both Single sign-on domain and ICA Proxy boxes enabled.

26. Click Done. This will create the Access Gateway virtual server using the settings and polices defined in this setup page.

27. Return to the NetScaler web console and click Save to ensure the running configuration is saved to disk in the event the NetScaler needs a restart.

More Information

Citrix Receiver Session Policy

A Citrix Receiver session policy needs to be configured on the Access Gateway that will help mobile devices connect to the VDI-in-a-Box grid. This will allow all supported mobile devices (iOS, Android, PlayBook, etc) to connect to VDI-in-a-Box desktops through the Access Gateway.

Please follow the instructions in the following article to create such a session policy:

• For the Web Interface Address field, use the VDI-in-a-Box Grid IP address in the following format (path is case-sensitive):https://vdiGridIP/dt/PNAgent/config.xml

• Type the AD domain into the Single Sign-On Domain field.

• No additional authentication policy needs to be created.



Leave a Reply

Your email address will not be published. Required fields are marked *

Turn on pictures to see the captcha *