Citrix Access Gateway announced support for CVPN access to OWA 2010 (Outlook Web Access) a few months back, starting with the 10.0-69.4 release. Access Gateway has long supported OWA 2007 and SharePoint 2007, and now with OWA 2010, adds a punch to Clientless access.

CVPN is essentially the Clientless VPN access mode, where access is done solely via a web browser and no client is required. This is great for casual access from a kiosk or a random pc, and also helps in locked down conditions where end users do not have any installation privileges. This also adds to the security of remote access, by giving limited access to certain CVPN enable web applications only.

Note that Access Gateway could theoretically support any web application running in the intranet, as long as apt re-write policies are configured. The idea is that a web page when fetched from the web server, is rewritten on the Access Gateway server, to redirect all the links to Access Gateway. So when such a page is rendered on the client device, and a link is clicked, the URL takes the browser to Access Gateway while the URL has the actual link embedded as a parameter. Access Gateway can read this embedded link, fetch the original page, rewrite all the links again and return it back to the client browser.

Access Gateway provides a generic rewrite engine, using which an admin can define CVPN policies on how to rewrite various links. Though this is a very powerful engine and can often be used to make any web resource work, it can be sometimes challenging, based on the nature of the web resource being accessed. Often some URLs can be dynamically generated on the client side, which makes server side rewriting of these links challenging.

Thus announcing OWA 2010 support essentially means that Citrix Access Gateway comes with all the required policies to make OWA 2010 work, built into the appliance. It doesn’t mean that other web resources can not be accessed over CVPN. They can be; OWA 2010 is built into the appliance.

To set up your OWA 2010 access:

  1. Set up an Access Gateway vServer in Smart Access mode. This is used to enable CVPN policies. Note that Smart Access mode requires Universal licenses to be available on the appliance.
  2. Set up your authentication, XA/XD integration in the usual manner. Also create a Session policy with CVPN enabled, SSO enabled and NT Domain set to work with your OWA domain, and bind it to this vServer.
  3. Publish a bookmark for your OWA 2010 site.

You are done!