Citrix has come out with the next major release 10.5 for NetScaler and NetScaler Gateway products. There are a lot of new and exciting features in 10.5 release, for a complete list of the what’s new, please refer the link. In this blog, let us look into the NetScaler Gateway specific features in this release.

NetScaler Gateway is a secure remote access solution for all your XenApp, XenDesktop and Mobile/Enterprise applications which provides unmatched scalability, control and performance benefits. In the 10.5 release, there are many features which increased the benefits of NetScaler Gateway even further. The new features add more flexibility, control and functionality to the product.

New features in 10.5 release are:

  1. Proxy selection using traffic policy: NetScaler Gateway supports proxy servers. Administrator can configure inbound proxy (proxy server between client and Gateway) and outbound proxy (proxy server between Gateway and backend services). The proxy setting is applicable for the whole user session. The new feature “Proxy selection using traffic policies” enables the administrator to specify different proxy within the same user session for different traffic. This provides lot more control and flexibility on which traffic is going where.
  2. SSL Renegotiation: SSL Renegotiation feature enables a new SSL handshake over existing SSL connection. With SSL Reneg feature on NetScaler Gateway, we can now control the number of times users are prompted for user-certificate during login process. User will be prompted only one time during the login process even if there are pre-authentication, post-authentication and browser login steps involved.
  3. RADIUS accounting:  In the new release, NetScaler Gateway supports RADIUS accounting in addition to RADIUS authentication. There are a lot of enterprises who use accounting infrastructure based on RADIUS protocol. NetScaler Gateway can now feed information to this accounting infrastructure about the user sessions. Having accurate user session information is a very critical controlling factor for many organizations like banking, healthcare etc.
  4. FQDN in Authentication configuration: Specifying the fully-qualified domain name in your configurations has lot of portability benefits. One configuration entity can be easily used at different locations without any changes. In the new release, the authentication server information can be specified using FQDN. NetScaler Gateway first resolves the FQDN by contacting the local DNS server and then, use the IP obtained from the DNS server for authentication. The DNS server will provide the nearest authentication server IP for the FQDN.
  5. Single-Sign On to public IP: The SSO best practices suggest that SSO should not be triggered for any services running on public IP. NetScaler Gateway provides ability to SSO to public IPs using traffic policies. Traffic policies can be used for providing SSO to only those public IPs which are controlled by the trusted entities only.
  6. Advanced EPA policies: NetScaler Gateway End-Point Analysis (EPA) feature is now integrated with OPSWAT third-party end-point scanning library. The OPSWAT integration provides the NetScaler Gateway the ability to scan for a very large number of vendor products. The OPSWAT integration is available for both pre-authentication as well as post-authentication (session) policies.
  7. Mac OS: The new release supports 10.9 Mac OS software. The earlier NetScaler Gateway release had beta support but now, 10.9 is a supported platform. Another important feature for Mac OS is, NetScaler Gateway now supports browser based EPA scan on Mac OS as well.
  8. XenMobile in-built monitors: There will be two in-built monitors for XenMobile environment. The new monitors are XenMobile Device Manager (XDM) monitor and XenMobile NetScaler Connector (XNC) monitor. In a XenMobile+Gateway deployment, you can now monitor the backend XenMobile entities very easily using these monitors.
  9. Cluster (spotted) support: NetScaler Gateway now supports Cluster deployment in spotted mode. In spotted mode, one node actively handles the Gateway traffic.