You Can Still Creating a Secure Portal to Your Applications Using Citrix Secure Gateway!


In a perfect world, all the applications published on a XenApp farm would only need to be accessed internally, behind the firewall, using company equipment. But, unfortunately in today’s world, that perfect environment rarely exists. In most instances, applications on the internal network need to be accessed by users outside the firewall. And, these users can range from trusted resources such as remote employees, to non-employee resources such as third-party vendors and outside contractors.

For many, the solution to this problem has been to allow secure access to the internal network via dedicated B-to-B lines or software VPN connections. Although these are solid solutions for allowing internal access, these are also drawbacks. Dedicated B-to-B VPN lines can be expensive, and unless the number of remote users is substantial, in many cases the costs are hard to justify. And for those have had to use software VPN clients, we all know that they are not always the most dependable or user-friendly pieces of software out there! And, unless properly configured, software VPN connections require users to deal with multiple logins.

In many cases, the Citrix Access Gateway (CAG) is the most viable solution to supplying SSL VPN connectivity to remote users. It provides the highest level of security by allowing complete customization, allows for high numbers of concurrent users (up to 10,000 users on a Series 10000 CAG), and provides increased flexibility for a broad range of end-user devices.

However, depending on the needed scalability level of your XenApp farm, the number of users, and other determining factors, you may not NEED all of the benefits that a CAG can offer. But, that does not mean that you need to fall back onto the “same old ways” of providing SSL VPN access to your remote users. With Citrix Secure Gateway (CSG) you can provide secure access to your internal applications for farms not requiring all the features available within CAG.

The Citrix Secure Gateway is an application that runs as a service on a server that is deployed in the DMZ. The server running the Secure Gateway represents a single point of access to the secure, enterprise network. The Secure Gateway acts as an intermediary for every connection request originating from the Internet to the enterprise network.

A CSG is installed in a network’s demilitarized zone (DMZ) to form a secure perimeter around the Citrix components in your enterprise network. The CSG authenticates users connecting over the Internet and establishes a secure channel for data exchange between the client device and the Citrix Presentation Server.

The CSG eases firewall traversal and provides a secure Internet gateway between Citrix Presentation Server and client devices. All data traversing the Internet between a remote workstation and the Secure Gateway is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. The CSG transparently encrypts and authenticates all user connections to protect against eavesdropping and data tampering.

The Secure Gateway has features for enhanced security, certificate management, deployment, scalability, logging and instrumentation, and support for networking protocols.

For more information on Citrix Secure Gateway, configuration options, and proposed farm implementations, you can refer to the following Citrix documents:

Citrix Secure Gateway Administrator’s Guide

Detailed Description of the Secure Gateway Connection Process (CTX117728)