Using Citrix Cloud with Remote Access to Azure using NetScaler Gateway Services

Citrix has recently announced the public beta of a new cloud feature called NetScaler Gateway services. This feature is a Windows based NetScaler solution which allows remote access to a citrix enviroment using the windows server that has the cloud connector component installed.

When setting up Citrix Cloud Apps services you need to install a Citrix Cloud Connector which can only be installed on a Windows Server 2012 R2 server. With the new offering, which can be enabled within the citrix cloud managmenet console

image

Next time the cloud connector calls back to the cloud service it will detect that this feature is enabled and download and install it. This will essentially use the cloud connector server as an NetScaler Gateway, but do not worry! it does not require any chances to the server and it does not connect automatically back to clients who connect to it.

I configured my Azure Resource Manager enviroment with this service to see what was going on in the back!

image

When a user tries to start an application using the Citrix cloud hosted storefront, it would generate an ICA session which pointed to the NetScaler Proxy service which Citrix hosts in Amazon. This proxy service was responding at port 443, which also was the same port that the cloud gateway uses to communicate with that service on. The cloud gateway server communicated with the VDA agents on port 2598 as a “regular” NetScaler would.

image

As seen here, this is an output from my cloud connector virtual machine. It communicates with the netscaler proxy endpoint in AWS using port 443 and the internal VDA agent on (10.0.0.12) on port 2598.

Now the downside to this service compared to setting up a regular NetScaler Gateway is that this is kind of a “double-hop” scenario where traffic first needs to go from the client, to AWS and then to Azure and back again. While with a regular NetScaler it could go directly to the VDA and back to the client. On the other hand, this might be a good enough solution depending on the price point, but the cloud connector will most likely become the bottleneck and won’t be able to handle a large amount of users.(NOTE: There is currently a limit of 30 users) and it is also alot simpler to configure compared to a regular NetScaler

Leave a Reply

Scroll to Top