VDI often involves complex remote access configurations that can introduce vulnerabilities, but Citrix NetScaler Unified Gateway helps simplify remote access and improve security.
Citrix introduced the unified gateway as a part of NetScaler 11. It is part of the Enterprise Edition of the NetScaler Application Delivery Controller, but is not part of the singular NetScaler gateway appliance. The gateway provides users with a single URL they can use to access their virtual desktops and applications. It also provides access to many different types of applications. Admins can make any applications they publish with Citrix XenApp or XenDesktop available through a NetScaler Unified Gateway.
Specifically, a unified gateway provides access to:
- Intranet applications
- Cloud-hosted software-as-a-service (SaaS) applications
- Applications admins preconfigure to be served by NetScaler
- Clientless applications
- XenApp and XenDesktop applications
A single point of network entry
For VDI administrators the NetScaler Unified Gateway provides three main advantages. First, it provides a single point of entry into the network. Obviously, this is a major convenience to virtual desktop users who only have to access the network in one location, but it benefits administrators as well.
For one thing, because the unified gateway uses a single IP address to provide access to a variety of applications, administrators may be able to reclaim some IP addresses, and possibly even simplify the organization's domain name system records. As such, administrators no longer have to provision multiple public IP addresses in an effort to provide external access to applications.
A single point of entry also simplifies security. A single unified gateway could replace multiple VPNs and the organization might be able to simplify its perimeter firewall configuration.
Unified gateways enable single sign-on
Next, NetScaler Unified Gateway provides single sign-on (SSO) services for applications. End users can access the applications the gateway exposes by authenticating through its web interface to browse the available applications. A user can access an application from the gateway portal simply by clicking on the application. In most cases, the user does not have to enter any application-specific credentials.
The unified gateway supports a variety of authentication types including Active Directory, Lightweight Directory Access Protocol, Remote Authentication Dial-In User Service and certificate-based authentication. It is designed to use Security Assertion Markup Language-based single sign-on, although the mechanisms it uses to provide application access vary by application type. In the case of applications admins publish through XenApp or XenDesktop, for example, admins must specify the integration point (typically, a storefront or web interface), the site path, the SSO domain and the Secure Ticket Authority server's URL.
NetScaler makes for a consistent user experience
Finally, the NetScaler Unified Gateway provides users with a consistent experience, both from an application standpoint and a device standpoint. All the applications a user has access to are listed on a single screen, regardless of the application type. A user launches each application in exactly the same way, regardless of whether the application is a SaaS app, a XenApp-hosted application or something else. Admins can brand the interface with their organization's logo and other custom text and graphics.
Admins can also configure the gateway to support iOS and Android devices. As such, users can work with the same URL and receive access to the same applications regardless of their location and device type. The consistency benefits administrators by potentially reducing user confusion and help desk calls.
Although administrators can provide consistent application access from a variety of device types, they can also use Citrix SmartAccess to create policies to restrict access to specific applications based on a user's location or other factors.
Is NetScaler really necessary?
Citrix adds NetScaler to containers
How to ensure a quality VDI user experience