Citrix Access Gateway is the best secure remote access device, for all your Citrix deployments. While a lot of your HDX applications and desktops can be accessed over Access Gateway, without requiring any client installation on the end points, there are times / use cases, when you do need to install a client as well. You would do so if:

  • You need to access corporate websites, that do not offer great experience over Clientless VPN.
  • You need to access services that are non-HDX and non-HTTP, like running a SSH session, FTP, CVS, …
  • You need to run VoIP software
  • As IT, you need better control and visibility into what users are accessing what kind of resources (better auditing based on IIP)

Access Gateway plug-in / client lets you do all the above, by establishing a full SSL tunnel from your end point to the corporate network. Once this tunnel is established, the user is pretty much on the corporate LAN itself and has access to all resources he needs.

Have you used the latest Citrix Receiver? If you have, you would have realized how seamless it is. End user logs into Receiver, and everything just becomes accessible – not just the HDX / MDX applications on your receiver, but also the non-HDX and non-HTTP access as well. Of course, this assumes that your Access Gateway appliance is set to allow full SSL tunnel. But how and when did Access Gateway plug-in log in the user and create the SSL tunnel? That’s the point – it all happened behind the scenes. Receiver used the same credentials to automatically log in the user on the Access Gateway plug-in, establish the tunnel and then leverage that tunnel for Receiver needs, as the need may be.

Isn’t that cool! Yes it is, and the reason this happens is, because Access Gateway plug-in provides automation APIs. Using these APIs, another software may do the following:

  • Invoke the plug-in to establish a tunnel
  • Call the API to destroy the tunnel
  • Query plug-in status
  • Set Proxy

So how is this useful for you?

  • Just like Citrix Receiver, if you have developed a corporate application / portal for your end users, you could integrate Access Gateway into the system and make the whole experience so much more delightful, by not requiring that extra log on. Even more importantly, you can make the plug-in disappear, from an end user perspective. The experience is so seamless, that he/she has no idea that the plug-in is even in the picture.
  • Automate tunnel creation / deletion as the end user roams in and out of corporate network. This means that the end user continues to simply access all his applications, least bothered that he may / may not require establishing a full tunnel for such an access. Of course, if an external logon requires an extra password, you may prompt him for only that, and provide access.
  • Using these APIs you can create seamless Auto-logon-VPN experiences. As soon as the user logs into Windows, you could invoke the Access Gateway plug-in and creates a tunnel.

I bet there are a lot more interesting ways to use these APIs. So feel free to leverage these and make the end-user experience for your employees, delightful.

Please refer to the excellent blog by David here, which details the APIs, as well as offers sample code.