How do I Configure Unified Gateway for Common Enterprise Applications

This article describes how to configure Unified Gateway for common enterprise applications.

Use Case

To do AAA and single sign-on for common enterprise applications like SharePoint or Exchange at NetScaler Unified Gateway. Unified Gateway is a single point of access for all corporate applications including Citrix XenApp, XenDesktop, SaaS applications and Enterprise applications like SharePoint or Exchange. Most of these applications have common requirement of AAA and single sign-on. Hence, unify the application access through single point where you can do AAA and take single sign-on action across all applications.

Introduction

Authentication, Authorization and Auditing (AAA) of application traffic allows a site administrator to manage access controls with the NetScaler appliance instead of managing these controls separately for each application. To use AAA, you must configure authentication virtual servers or Gateway virtual server(s) to handle the authentication process and traffic management virtual servers to handle the traffic to web applications that require authentication.

Unified Gateway which unifies remote access of all enterprise, web, cloud, SaaS and Citrix applications into a single end-to-end solution, also allows integration with enterprise identity stores such as Active Directory, as well as federation with other systems through SAML. It thus provides a secure single-sign on functionality.

To configure Unified Gateway , see the guide “How do I configure Unified Gateway” or http://docs.citrix.com/en-us/netscaler-gateway/11/unified-gateway.html .

Step 1: Add Web Application

Go to the Unified Gateway section under Configuration tab > Integrate with Citrix Products division and select the Unified Gateway to which you want to add the AAA-TM application. Inside the Unified Gateway configuration, go to “Applications” section and click “+” button. Select “Web Application” as the application type and click continue.

The utility allows the configuration of below web applications:

• Intranet Applications – intranet portal or other enterprise applications
• Clientless Applications – OWA, SharePoint, etc.
• Software as a Service Applications (SaaS) using SAML for single sign-on. – ShareFile, Salesforce, Office365, etc.
• Preconfigured applications on NetScaler

For AAA-TM applications, select application type as “Intranet Applications” or “Preconfigured applications on this NetScaler”. AAA can be configured on NetScaler for any enterprise application in intranet.

If you select application type as “Intranet Application”, make sure to select the check-box to make the application accessible through the Unified Gateway URL. Select the virtual server front ending the application.

Step 2: Enable Authentication

On the virtual server make sure that authentication is enabled. To enable authentication, edit the virtual server by selecting the row and clicking Edit and add Authentication from the “Advanced Settings” panel.

Authentication can be configured as “Form Based Authentication” or “401 Based Authentication”. In Unified Gateway FQDN, type the FQDN that users will use to reach the Unified Gateway and same is mapped to the public IP configured in Unified Gateway.

From the drop down menu, choose the authentication virtual server type as “NetScaler Gateway Virtual Server” and select the Gateway virtual server name from the next drop down menu. By selecting authentication virtual server type as Gateway virtual server, you make sure that Gateway virtual server handles the authentication process.

Step 3: Complete Application Addition

Add relative URL for the application. The application would be available at the Unified Gateway domain with this relative URL. Site relative string will auto populate with the first virtual directory of the relative URL

Applications configured this way will not need individual authentication and Unified Gateway will take care of their authentication.

To get more information on HDX Insight, see document -  https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/hdx-insight-powered-by-citrix-netscaler-insight-center.pdf

For information on how to deploy NetScaler Insight Centre, see document -  https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-insight-center-deployment-and-sizing-guide.pdf

Refer to "NetScaler: How Do I?" page for more easy to implement articles on commonly used features of NetScaler.