Download Citrix Access on SonicWALL SSL VPN

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts
no text concepts found
Transcript 
Citrix Access on SonicWALL SSL VPN
Document Scope
This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL
SSL VPN 3.5. It also includes information about configuring relevant settings on a Citrix server.
This document contains the following sections:
•
“Feature Overview” section on page 1
•
“Administrator Tasks for Configuring Citrix Access” section on page 4
•
“User Tasks for Configuring Citrix Access” section on page 16
•
“Technical FAQs” section on page 22
•
“Glossary” section on page 23
Feature Overview
This section provides an introduction to accessing Citrix through SonicWALL SSL VPN using Citrix
bookmarks. This section contains the following subsections:
•
“What are Citrix Bookmarks?” section on page 1
•
“Benefits of Citrix Bookmarks” section on page 2
•
“Accessing Citrix Applications via an SSL VPN” section on page 2
•
“Supported Platforms” section on page 3
What are Citrix Bookmarks?
SonicWALL SSL VPN uses bookmarks to access Citrix services, which are supported as a third-party
application running on a separate server. Citrix is a remote access, application sharing service, similar to
Terminal Services such as RDP. It employs an application virtualization technology, in which an application
is hosted on a central server. There are many management capabilities over a Citrix deployment such as
allocation of priority and a minimum set of resources to certain users, and data synchronization between
different server farms.
Citrix uses the ICA protocol to communicate with the client. The Citrix ICA Client is now renamed as the
Citrix XenApp Web plug-in. With the Citrix XenApp Web plug-in, users can access Windows applications
as a service available from anywhere.
Citrix Access on SonicWALL SSL VPN
1
Feature Overview
Benefits of Citrix Bookmarks
Using SonicWALL SSL VPN to access Citrix provides the following benefits:
•
Secure access – SonicWALL SSL VPN provides secure access from anywhere.
•
Granular Control – Bookmarks, access policies, and other SSL VPN features provide full access control.
•
Strong Authentication – SonicWALL SSL VPN supports various strong authentication methods which
provides an added layer of security to your Citrix applications.
•
Consolidated access – The SonicWALL SSL VPN Virtual Office portal can provide multiple Citrix
bookmarks from a single location.
Some of the benefits of using Citrix to virtualize applications are the following:
•
Reduces the expense of individual application licenses for each user. You can purchase one copy of the
application for your Citrix server along with a limited number of access licenses. When the client access
limit is reached, clients must wait to connect to the Citrix server.
•
Facilitates auditing and reporting. You can track who uses which applications and when they are
accessed.
•
CPU-intensive applications can run on a powerful Citrix server, allowing access by less-powerful clients.
•
Operating system and file system security may be better on a Citrix server than on client systems or
systems accessed with RDP.
•
Citrix provides load balancing.
•
Citrix can act as a Web gateway providing comprehensive access policies.
Accessing Citrix Applications via an SSL VPN
There are two ways to use Citrix that are supported by SonicWALL SSL VPN:
•
The agent or client behaves seamlessly, accessing the application on the Citrix server as soon as the user
logs into the client. This method is supported by SonicWALL SSL VPN NetExtender.
•
The user accesses the application on the remote Citrix server through a Web interface. SonicWALL SSL
VPN Bookmarks support this access method.
SonicWALL SSL VPN provides secure remote Citrix access in a fashion similar to Remote Desktop access.
This provides a subset of Citrix functionality, since it does not support Program Neighborhood
functionality, but is sufficient for access to any Citrix application or desktop.
Citrix can be compared to applications that use the Remote Desktop Protocol (RDP), in that both allow
clients to access remote systems or servers. The fundamental difference is that RDP provides terminal
session access control with access to the remote desktop itself, including the C drive and system files,
whereas with Citrix, client access is usually restricted to application level access.
Access to the Citrix desktops and applications requires installation of client software, although this software
ranges from a full stand alone client fully integrated into Windows (Start Menu, Context menus) to a
lightweight installation of an ActiveX control or a download of a Java applet.
Citrix servers and applications are accessible through the Citrix NFuse portal. Access to the NFuse portal
is provided by the SonicWALL SSL VPN HTTP/HTTPS reverse proxy feature. After the Citrix server is
configured, the SonicWALL SSL-VPN appliance administrator creates one or more Citrix (reverse proxy)
bookmarks for use by client users. Client users initiate a Citrix session by first logging into the SonicWALL
SSL VPN Virtual Office portal and then clicking on the Citrix bookmarks to the NFuse server. After
authenticating with the NFuse portal, the user will see the Citrix applications and desktops that are
accessible to him/her. This interface is provided by the Citrix server, but is reverse-proxied by the SSL-VPN
2
Citrix Access on SonicWALL SSL VPN
Feature Overview
appliance. When the user clicks on an application icon, Internet Explorer launches an ActiveX control
similar to the one used by Remote Desktop, while other browsers use the Java version which launches an
applet.
Citrix support requires Internet connectivity in order to download the ActiveX client or the Java applet from
the Citrix Web site. The server will automatically decide which Citrix client version to use. Citrix is accessed
from Internet Explorer using ActiveX by default, or from other browsers using Java. Java can be used with
Internet Explorer by selecting an option in the bookmark configuration in SonicWALL SSL VPN. For Citrix
access using Java, the Java applet download uses HTTP which is likely to have outbound access based on
usual firewall deployments.
When using the Java applet, the local printers are available in the Citrix client. However, under some
circumstances it might be necessary to change the Universal Printer Driver to PCL mode.
Supported Platforms
Citrix bookmarks with ActiveX and Java applet Citrix support are available on SonicOS SSL VPN 2.0 or
newer for the SSL-VPN 2000 and 4000 appliances, and on SonicOS SSL VPN 3.5 and newer for the SRA
4200.
The following XenApp or Presentation Servers are supported:
•
Presentation Server 4.5 (with Web Interface 4.5)
•
Presentation Server 4.0
•
MetaFrameXP Feature Release III
Citrix client software is available as either an ActiveX plugin (for Internet Explorer only) or a Java plugin.
The Citrix ActiveX client is supported on systems running Windows XP with Internet Explorer 6.0 or
higher.
The Java plugin can be used with Internet Explorer, Firefox, Safari, or Opera browsers on Windows XP,
Vista, Linux, or Mac OS client systems as noted in Table 1. For browsers requiring Java to run Citrix, you
must have Sun Java 1.4 or above.
Table 1
Citrix (Java 1.4+) Client - Supported Browsers per OS
Windows XP
Windows Vista
Internet Explorer
6.0 or higher
7.0 or higher
Firefox
2 or 3
2 or 3
Linux
Mac OS X
2 or 3
2 or 3
2
Safari
Opera
9
1
9
1
1. MetaFrameXP FR3 works, but Presentation Server 4 login screen is not accessible.
The following Presentation Server clients are supported:
•
XenApp Web Plug-in (previously called Windows ICA client) version 11.0 or earlier
•
ICA Java client version 9.0 or earlier
•
The minimum supported version of the Citrix ICA Client for Vista is 10.0
Single sign-on is not supported for the Web Interface authentication or within the Citrix session.
Citrix Access on SonicWALL SSL VPN
3
Administrator Tasks for Configuring Citrix Access
Administrator Tasks for Configuring Citrix Access
This section contains the following subsections:
•
“Deployment Scenario” section on page 4
•
“Assumptions and Dependencies” section on page 5
•
“Configuring Authentication on the Citrix Server” section on page 5
•
“Creating a Citrix Access Policy” section on page 12
•
“Creating a Citrix Bookmark” section on page 14
•
“Editing a Citrix Bookmark” section on page 15
Deployment Scenario
The recommended deployment scenario for Citrix environments places the Citrix server(s) on the LAN
behind a SonicWALL Unified Threat Management (UTM) appliance acting as the gateway firewall. A
SonicWALL SSL-VPN or SRA 4200 appliance is connected to a firewall interface in the DMZ. Traffic
passing between the SSL-VPN and the LAN passes through the UTM appliance where it is examined for
threats.
SonicWALL UTM Firewall
X1
PRO 5060
X0
X2
Switch
Switch
Router
DMZ
Remote Users
LAN
X0
Secure Remote Access
Citrix Servers
SRA 4200
SRA 4200
Internet Zone
Apps, Email, AD, SQL
4
Citrix Access on SonicWALL SSL VPN
Administrator Tasks for Configuring Citrix Access
Assumptions and Dependencies
•
The administrator must have the Citrix Web Interface installed and functioning for the Citrix
installation.
•
Microsoft Loopback hotfix (KB884020) is required, although this can be avoided if the ActiveX control
does not use loopbacks higher than 127.0.0.1.
•
ActiveX: Users must have enough privileges in order to be able to install an ActiveX control if they
don’t already have one installed.
•
Java: JRE 1.4.x and above is required by the Citrix Java client. If a lower version is detected, the
connection is refused and the user is advised to upgrade Java.
•
ActiveX & Java: Firewall rules must allow for Internet Explorer and for the JRE to be able to open
server sockets on the system.
•
Java: The SonicWALL SSL-VPN appliance must have a DNS server set up (critical).
Configuring Authentication on the Citrix Server
You can configure the Citrix server for anonymous or authenticated access. If you select anonymous access,
you can configure the Citrix server for explicit, or forms-based, authentication to make sure that there is at
least some type of authentication available for users.
See the following sections:
•
“Configuring Anonymous or Authenticated Access” on page 5
•
“Configuring Explicit Authentication on the Citrix Server” on page 9
Configuring Anonymous or Authenticated Access
Microsoft IIS Manager must be configured on the Citrix server to enable anonymous access for Citrix.
When Windows Integrated Authentication is configured on IIS and the Citrix server is accessed by a client
through the SonicWALL SSL-VPN, the SSL-VPN will display a message indicating that it does not support
the HTTPS authentication scheme used by Citrix.
To configure authentication for Citrix access through SonicWALL SSL VPN, perform the following steps:
Step 1
On the Citrix server (a Windows Server system), click Start > All Programs.
Citrix Access on SonicWALL SSL VPN
5
Administrator Tasks for Configuring Citrix Access
6
Step 2
Select Administrative Tools > Internet Information Services (IIS) Manager.
Step 3
In the Internet Information Services (IIS) Manager window, expand the entries for the local computer,
Web Sites, Default Web Site, and Citrix.
Step 4
Under Citrix, right-click the service name, for example MetaFrame, and select Properties from the
right-click menu.
Step 5
In the MetaFrame Properties window, click the Directory Security tab.
Citrix Access on SonicWALL SSL VPN
Administrator Tasks for Configuring Citrix Access
Step 6
Under Authentication and access control, click Edit.
Step 7
For anonymous access to the Citrix server, select the Enable anonymous access check box in the
Authentication Methods window. (To configure authenticated access, skip to Step 12.)
Step 8
In the User name field, type in the account name to be used for anonymous access or click Browse to select
it from the account list.
Step 9
In the Password field, type in the password for this account.
Step 10 Click OK.
Citrix Access on SonicWALL SSL VPN
7
Administrator Tasks for Configuring Citrix Access
Step 11 An IIS Manager dialog box warns that the anonymous authentication option will result in unencrypted
passwords being transmitted over the network except when HTTPS or SSL connections are used. Since we
are using HTTPS/SSL in this case, you can safely click Yes to continue.
Step 12 To configure authenticated access to the Citrix server rather than anonymous access as described above,
clear the Enable anonymous access check box in the Authentication Methods window.
Step 13 Under Authenticated access, select the Basic authentication (password is sent in clear text) check box.
Step 14 Click OK.
8
Citrix Access on SonicWALL SSL VPN
Administrator Tasks for Configuring Citrix Access
Configuring Explicit Authentication on the Citrix Server
Explicit, or forms-based, authentication is used in conjunction with the anonymous access setting on
Microsoft IIS to provide some form of authentication for users. The administrator selects the Explicit
authentication method on the Citrix server, if it is not already selected. If only anonymous authentication is
configured, Citrix may automatically detect it and force Explicit authentication, which will present a login
form to the user. Explicit authentication performs the necessary encryption.
To configure explicit authentication on the Citrix server, perform the following steps:
Step 1
Log in to the Citrix server as the administrator, open the Start menu, and click Access Suite Console for
Presentation Server.
Step 2
In the MetaFrame Presentation Server window, expand Suite Components > Configuration Tools >
Web Interface, and then select the MetaFrame URL, for example:
http://CTX-EDU-1.csm.demo/Citrix/MetaFrame.
Citrix Access on SonicWALL SSL VPN
9
Administrator Tasks for Configuring Citrix Access
10
Step 3
In the middle pane under Common Tasks, click Configure Authentication Methods.
Step 4
In the Configure Authentication Methods window, for the Specify Authentication Methods step, select
the Explicit check box.
Step 5
Select the desired settings for Enforce 2-factor authentication and Allow user to change password.
Step 6
Click Next.
Citrix Access on SonicWALL SSL VPN
Administrator Tasks for Configuring Citrix Access
Step 7
For the Define Selected Method Settings step, select the Windows or NIS (UNIX) radio button.
Step 8
Click Next.
Step 9
For the Specify Authentication Type Settings step, under Domains, select the Display Domain field
radio button.
Step 10 Click the Add button and add your domain, if necessary.
Step 11 Select Selection in the Optionally, specify domains for drop-down list, and select your domain.
Step 12 Click Next.
Citrix Access on SonicWALL SSL VPN
11
Administrator Tasks for Configuring Citrix Access
Step 13 For the Check Summary step, verify your settings and then click Finish.
Creating a Citrix Access Policy
You can configure access policies on the SonicWALL SSL-VPN appliance to provide different levels of
access to the Citrix server. There are three levels of access policies: global, group, and user. You can deny
or permit access to the Citrix server by creating access policies for a Citrix server IP address, an IP address
range (for a server farm), or a network object.
User policies take precedence over group policies and group policies take precedence over global policies,
regardless of the policy definition. For policies at the same level, the most specific policy takes precedence.
Tip
When using Citrix bookmarks, in order to restrict proxy access to a host, a Deny rule must be configured
for both Citrix and HTTP services.
For more information about access policies, including policy hierarchy rules, see the “Users Configuration”
chapter in the SonicWALL SSL VPN 3.5 Administrator’s Guide.
The procedure is the same for configuring user, group, or global access policies, except for the initial page
(Users > Local Users or Users > Local Groups) and the selection of either a user, a group, or the global
option for which to configure the policy.
To configure an access policy for a user, perform the following steps:
Step 1
12
In the SonicWALL SSL VPN management interface, navigate to Users > Local Users (or Users > Local
Groups).
Citrix Access on SonicWALL SSL VPN
Administrator Tasks for Configuring Citrix Access
Step 2
Click the configure icon next to the user (or group or Global Policies) that you want to configure.
Step 3
In the Edit User Settings window, select the Policies tab.
Step 4
Click Add Policy...to display the Add Policy window.
Step 5
In the Add Policy window, in the Apply Policy To drop-down list, select whether the policy will be applied
to an individual host, a range of addresses, or a network object. You can also select an IPv6 host or a range
of IPv6 addresses. The Add Policy dialog box changes depending on what type of object you select in the
Apply Policy To drop-down list.
Note
Step 6
The SonicWALL SSL VPN policies apply to the destination address(es) of the SonicWALL
SSL VPN connection (the Citrix server), not the source address. You cannot permit or block
a specific IP address on the Internet from authenticating to the SonicWALL SSL VPN
gateway with a policy created on the Policies tab. However, it is possible to control source
logins by IP address with a login policy created on the user's Login Policies tab.
Type a descriptive name into the Policy Name field.
Citrix Access on SonicWALL SSL VPN
13
Administrator Tasks for Configuring Citrix Access
Step 7
Step 8
Note
Step 9
Do one of the following, depending on your selection in the Apply Policy To field:
•
Type an IP address in the IP Address field.
•
Type a starting IP address in the IP Network Address field and type a subnet mask value in the Subnet
Mask field in the form 255.255.255.0.
•
Select the network object from the Network Object drop-down list. The port number is included in
the network object definition.
In the Port Range/Port Number field, optionally enter a port range or an individual port.
The Citrix Web interface and Citrix ICA server listen on different ports, typically 80/443 and
1494 respectively, which are both needed for a Citrix session. When creating a port-based
access policy, you will need to create two policies in order to specify both ports. Standard
TCP ports used by Citrix are mentioned in the knowledge base article available at:
http://support.citrix.com/article/CTX101810
In the Service drop-down list, optionally select one of the following:
•
Citrix Portal (Citrix) – Select this if the Citrix bookmark uses HTTP
•
Citrix Portal (Citrix_https) – Select this if the Citrix bookmark uses HTTPS
If the Citrix server can be accessed using either HTTP and HTTPS, then you may need to create two access
policies, one for each service. An IP address based policy may be simpler in this case.
Step 10 In the Status drop-down list, click on an access action, either PERMIT or DENY.
Step 11 Click Add.
Creating a Citrix Bookmark
You can configure a Citrix bookmark for a user or for a group. The procedure is the same, except for the
initial page (Users > Local Users or Users > Local Groups) and the selection of either a user or a group
for which to configure the bookmark.
To configure a Citrix bookmark for a user, perform the following steps:
Step 1
In the SonicWALL SSL VPN management interface, navigate to Users > Local Users.
Step 2
Click the configure icon next to the user you want to configure.
Step 3
In the Edit User Settings window, select the Bookmarks tab.
Step 4
Click Add Bookmark...
Step 5
Enter a descriptive name for the bookmark in the Bookmark Name field.
Step 6
Enter the name or IP address of the bookmark in the Name or IP Address field.
Note
14
A Citrix bookmark will accept a port option with the IP address (IP_address:portnum).
Step 7
From the Service drop-down list, select Citrix Portal (Citrix). The display will change.
Step 8
To enable SSL encryption for communication between the SSL-VPN appliance and the Citrix server, select
the HTTPS Mode check box.
Citrix Access on SonicWALL SSL VPN
Administrator Tasks for Configuring Citrix Access
Step 9
Optionally select the Always use Java in Internet Explorer checkbox to use Java to access the Citrix Portal
when using Internet Explorer. Without this setting, a Citrix ICA client or XenApp Web plug-in (an ActiveX
client) must be used with Internet Explorer. This setting lets users avoid installing a Citrix ICA client or
XenApp Web plug-in specifically for Internet Explorer browsers. Java is used with Citrix by default on other
browsers and also works with Internet Explorer. Enabling this check box leverages this portability.
When using the Java applet, the local printers are available in the Citrix client. However, under some
circumstances it might be necessary to change the Universal Printer Driver to PCL mode.
Step 10 Click Add.
Editing a Citrix Bookmark
You can edit an existing Citrix bookmark by clicking the edit icon on the Virtual Office page.
To edit an existing Citrix bookmark, perform the following steps:
Step 1
In the SonicWALL SSL VPN management interface, navigate to the Virtual Office page.
Step 2
Click Show Edit Controls to expose the Edit and Delete icons for each bookmark.
Step 3
Click the Edit icon for the bookmark you wish to edit.
Citrix Access on SonicWALL SSL VPN
15
User Tasks for Configuring Citrix Access
Step 4
In the Edit Bookmark page, you can view information about the available settings.
Step 5
To make changes to the Bookmark Name, Name or IP Address, or Description fields, type in the new
value(s).
Step 6
To change ability of users to edit the bookmark, select a new value from the Allow user to edit/delete
drop-down list. The default is Use user policy.
Step 7
To enable SSL encryption for communication between the SSL-VPN appliance and the Citrix server, select
the HTTPS Mode check box.
Step 8
To force Internet Explorer to use the Citrix Java applet rather than the default ActiveX control, select the
Always use Java in Internet Explorer check box. This setting lets users avoid installing a Citrix ICA client
or XenApp Web plug-in specifically for Internet Explorer browsers.
When using the Java applet, the local printers are available in the Citrix client. However, under some
circumstances it might be necessary to change the Universal Printer Driver to PCL mode.
Step 9
Click OK.
User Tasks for Configuring Citrix Access
Access to the Citrix server and its shared applications is provided with bookmarks on the SonicWALL SSL
VPN Virtual Office portal. The administrator may have created either ActiveX or Java bookmarks.
When the user launches a Citrix bookmark, the interaction is identical to reverse proxy browsing until an
application icon is clicked. At that point a window containing an ActiveX control or a Java applet will pop
up.
Users might encounter several warnings and dialog boxes the first time they launch a Citrix application. The
causes for these are certificate mismatches, applet security warnings, ActiveX security warnings, and pop-up
blocking.
16
Citrix Access on SonicWALL SSL VPN
User Tasks for Configuring Citrix Access
For the ActiveX version to be functional, the XenApp Web plug-in (which was previously called Windows
ICA client) must be installed on the client machine. If the client machine does not have a pre-installed ICA
client, then the ActiveX control invokes an installer that downloads the necessary plugin and prompts the
user for installation. The user has to go through the installation process only once, and will not be prompted
for installation again for future Citrix sessions. This step requires connectivity to www.citrix.com from the
SSL-VPN appliance.
See the following sections for information about using ActiveX or Java bookmarks for Citrix access:
•
“Using ActiveX Bookmarks” on page 17
•
“Using Java Bookmarks” on page 21
Using ActiveX Bookmarks
To access applications on the Citrix server with a Citrix(ActiveX) bookmark, perform the following steps:
Step 1
Using an Internet Explorer browser, log in to the SonicWALL SSL-VPN Virtual Office portal where the
Citrix bookmarks are available.
Step 2
Click the desired bookmark to access the Citrix server, such as the Web Interface for MetaFrame
Presentation Server.
Step 3
Type your Citrix credentials into the User name and Password fields, select the approriate domain from
the Domain drop-down list, and click the Log In button.
Citrix Access on SonicWALL SSL VPN
17
User Tasks for Configuring Citrix Access
Step 4
If pop-ups are blocked when the MetaFrame Presentation Server applications are displayed, you will see a
warning from your Internet Explorer browser.
Click OK in the dialog box, and then enable pop-ups for this site. To enable pop-ups, perform the following
steps:
18
a.
In your browser, navigate to Tools > Internet Options.
b.
In the Internet Options window, click the Privacy tab.
c.
Under Pop-up Blocker, click the Settings button.
d.
In the Pop-up Blocker Settings window, type the IP address of the Citrix server into the Address of
website to allow field, click Add, and then click Close.
e.
In the Internet Options window, click OK.
Step 5
In the Citrix Web Interface window, click the desired application, such as Microsoft Word.
Step 6
If you see a warning that the page contains both secure and nonsecure items, click Yes in the dialog box to
display all items.
Citrix Access on SonicWALL SSL VPN
User Tasks for Configuring Citrix Access
Step 7
The Citrix Web Client (an ActiveX control) must be running on your system in order to access the
application. If this ActiveX control is not installed on your system, the Citrix server attempts to download
it for you. The server displays a message to wait while the Citrix Web Client loads. If you see a warning in a
yellow bar at the top of the display, click in the yellow bar and select Install ActiveX Control in the popup
menu.
Step 8
In the Security Warning dialog box, click Install.
Step 9
You are prompted to log in to the Citrix server. Enter your credentials (you do not have to be an
Administrator) and select the domain, and click OK.
Citrix Access on SonicWALL SSL VPN
19
User Tasks for Configuring Citrix Access
Step 10 The shared application opens and you may begin using it.
Step 11 When you are finished, save your changes and close the application. On the Citrix Web Interface page, click
the Log Off button to log off the MetaFrame Presentation Server.
20
Citrix Access on SonicWALL SSL VPN
User Tasks for Configuring Citrix Access
Using Java Bookmarks
To access applications on the Citrix server with a Citrix(Java) bookmark, perform the following steps:
Step 1
Using any supported browser, log in to the SonicWALL SSL-VPN Virtual Office portal where the Citrix
bookmarks are available.
Step 2
Click the desired bookmark to access the Citrix server, such as the Web Interface for MetaFrame
Presentation Server.
Step 3
If you see a certificate warning such as those shown below, click the Yes or Run button to continue.
Step 4
In the Citrix Web Interface window, type your Citrix credentials into the User name and Password fields,
select the approriate domain from the Domain drop-down list, and click the Log In button.
Citrix Access on SonicWALL SSL VPN
21
Technical FAQs
Step 5
Click the desired application, such as Microsoft Word.
Step 6
You are prompted to log in to the Citrix server. Enter your credentials (you do not have to be an
Administrator) and select the domain, and click OK.
Step 7
If you are using Internet Explorer with Java, you may see a warning dialog that the page uses Java. Click OK.
Step 8
The application opens and you may begin using it.
Step 9
When you are finished, save your changes and close the application. On the Citrix Web Interface page, click
the Log Off button to log off the MetaFrame Presentation Server.
Technical FAQs
How do I find more technical information about Citrix?
Technical information is available at the following links:
22
•
http://www.citrix.com
•
http://en.wikipedia.org/wiki/Citrix
Citrix Access on SonicWALL SSL VPN
Glossary
Glossary
Basic Authentication – For Citrix bookmarks and other HTTP transactions, using basic authentication
means that the client requests a Web page, the server responds with an authentication request, the user sees
a popup login window and enters his or her credentials, the user name and password are encoded with the
Base 64 algorithm (not for security, but rather to encode non-HTTP-compatible characters), the encoded
credentials are appended to the Web page request and sent back to the server.
Citrix – A product by Citrix Inc. that provides Terminal Services-like access to a server farm. This product
allows desktop and application sharing, provides load balancing, Web gateway, and comprehensive access
policies. For more detail, see http://www.citrix.com.
Citrix ICA Client – ICA stands for Independent Computing Architecture. The Citrix ICA Client is the
client software that is now replaced by the Citrix XenApp plug-in and Citrix XenApp Web plug-in.
Citrix Web Interface – The Citrix Web Interface provides SonicOS SSL VPN users with access to
MetaFrame Presentation Server applications and content through a standard Web browser. The Web
Interface uses Java and .NET technology to dynamically create an HTML representation of server farms for
MetaFrame Presentation Server sites. All applications published in the server farms can be made available
and presented to users. The Citrix Web Interface also provides user access through the Program
Neighborhood Agent, but this is not currently supported in SonicOS SSL VPN.
ICA file – A configuration file that adheres to the INI format. This file is used to launch Citrix clients and
contains all the options necessary for connection.
Integrated Windows Authentication – Integrated Windows Authentication (IWA) is more secure than
basic authentication, and can be selected when configuring Microsoft IIS. IWA is used in environments
where users have Windows domain accounts and the applications in use are Active Directory aware. When
using IWA, the user's domain logon credentials are encrypted and sent to the Web server with Web page
requests. The Kerberos authentication protocol is used, or if unavailable, NTLMSSP is used. If the domain
logon credentials cannot be used, the user is prompted to enter a user name and password. IWA cannot be
used over an HTTP proxy server, but works with most modern browsers. It can also be used with filesharing,
Windows service programs, and Microsoft SQL Server.
Java Applet – A Java application that runs in a limited environment in the Web browser. Unlike ActiveX, it
is platform independent.
MetaFrame XP – MetaFrame XP runs on a server and allows multiple users to log on and run applications
in separate, protected sessions. You install and publish the applications or other resources that you want to
deploy. You can group a number of servers together to form a MetaFrame XP server farm that you manage
as a single entity.
NFuse – NFuse Classic is a Web-based application deployment system that provides users with access to
MetaFrame applications through a standard Web browser. Each user sees all the applications published in
the MetaFrame server farm for that user. NFuse provides centralized application management and places
complete control over the application deployment process in the hands of the administrator.
Presentation Server – Presentation Server allows delivery of applications as a service, providing
on-demand access to users. It provides application virtualization and application streaming delivery.
Presentation Server runs on a server and allows multiple users to log on and run applications in separate,
protected sessions. You install and publish the applications or other resources that you want to deploy. You
can group a number of servers together to form a server farm that you manage as a single entity.
Program Neighborhood Agent – Program Neighborhood Agent is a feature in Citrix MetaFrame and
Presentation Server products that allows applications to be assigned to users. The name was originally
inspired by Windows “Network Neighborhood” and was changed to “Citrix Applications” in Citrix
XenApp. The Program Neighborhood Agent client uses the Access Management Console and published
application settings to provide centralized management of the client settings. It also provides pass-through
Citrix Access on SonicWALL SSL VPN
23
Glossary
authentication and integrates with the user's desktop and Start menu. It provides client to server content
redirection, changing the local Windows File Type Association so that local files automatically launch the
associated Citrix published application.
Reverse Proxy – Such a proxy is deployed between a remote user outside the intranet and a target Web
server within the intranet. The proxy intercepts packets flowing across it.
XenApp Server – Citrix XenApp™ is the new name for Citrix Presentation Server. Citrix XenApp™ is an
application virtualization solution. Virtualizing applications lets IT manage a single instance of each
application in the data center. Applications can be run on high-powered servers in the data center for online
access by remote clients, or delivered via application streaming directly to Windows PC’s.
XenApp Plug-in – Users run the Citrix XenApp Plug-in on their client devices to access resources
published on XenApp servers. The XenApp Plug-in requires the Citrix Web Interface. The Citrix XenApp
Plug-in allows users to access published resources from a Windows desktop environment, including the
Start menu and the Windows notification area, by icons that behave like local icons.
XenApp Web Plug-in – Citrix XenApp Web Plug-in is a smaller plugin that can be installed from the
XenAppWeb.msi or the XenAppWeb.exe file. Users access published resources by clicking links on a Web
page you publish on your corporate intranet or the Internet.
Solution Document Version History
24
Version Number
Date
Notes
1
2/5/2009
This document was created by Susan Weigand.
2
10/15/2009
Added content from functional spec and screenshots.
3
11/6/2009
Incorporated feedback and added user bookmark access
sections, Explicit auth section, deployment diagram, info
from Citrix Support spec. Added supported browsers,
glossary items.
Citrix Access on SonicWALL SSL VPN
232-000704-00 Rev A
Related documents
WebInterface
WebInterface
Access to Citrix for PC (see page 2 for Mac)
Access to Citrix for PC (see page 2 for Mac)
RAP Windows General User Instructions
RAP Windows General User Instructions
Example 1 - Sandbox Advisors
Example 1 - Sandbox Advisors
Connecting to CareConnect Playground with Citrix Web Interface
Connecting to CareConnect Playground with Citrix Web Interface
RGHS Citrix Connection for IE, Firefox, Safari or Chrome browsers
RGHS Citrix Connection for IE, Firefox, Safari or Chrome browsers
UNC Health Care Learning Management System
UNC Health Care Learning Management System
Kuldeep Pathak Wintel Server Engineer Mob: 962-044-0010
Kuldeep Pathak Wintel Server Engineer Mob: 962-044-0010
Protocols which provide Remote Desktop
Protocols which provide Remote Desktop
Connecting to nasoutions
Connecting to nasoutions