CloudGateway is truly an exciting product for us, and with version 2 that shipped recently, we’ve introduced two new capabilities that are exciting for me personally, because they let me do something i couldnt do before – browse my enterprise’s internal websites from my iPad, without needing full VPN connectivity, or having to see broken links because of failed CVPN rewrites (Those of you using rewrites know what i am talking about!)
This capability is made possible using the MDX Web Connect and Micro VPN technologies. The diagram below attempts to explain how this works.
With CloudGateway 2, it is possible to add explicit web links that users need to be allowed access to, and associate that with groups of users based on Active Directory group memberships. You can even designate these links differently, with a custom icon. Once configured, if the user logging in from the Citrix Receiver on an iPad has the appropriate privileges as configured via the policy on the AppController, the web link is rendered as another application within the Citrix Receiver. Launching this application will invoke the embedded MDX Web Connect browser, to render the page.
Now consider the scenario, where there are two web links – one pointing to a public site, accessible over the internet, and another, which is a protected enterprise resource. The MDX Web Connect browser can render both, but for the first site, it connects directly over the internet. This access is secure without the device’s native browser being able to access the cookies, and other data exchanged within the session.
In the case of the second web site, which is a protected intranet resource, Web Connect leverages the MDX Micro VPN capability, which allows the Receiver to securely transport the web traffic through the NetScaler or Access Gateway, present in the enterprise’s DMZ, offering intranet site access. This way, i am able to browse all of my SharePoint 2010 web applications (or any other intranet web site), without my native Safari browser even being aware that such an intranet connection channel exists. For that matter, nothing outside the Receiver is aware of this communication mechanism, because the entire connection is controlled by the Citrix Receiver. Even better, doesnt matter how complicated the web site is, and how dynamically generated the URLs within the web app are, nothing fails – because there is no rewrite!