Category Archives: netscaler

Citrix Netscaler Gateway 11.0 What’s New

What’s New.

 

NetScaler Gateway 11.0 adds the following new features and enhancements:

NetScaler with Unified Gateway

This feature extends NetScaler Gateway connectivity with access to any web application through a single URL, along with seamless single sign-on and sign-off. Single URL access can be configured for:

  • Internal organizational web applications
  • Software as a Service applications, including SAML based single sign-on when available
  • Outlook Web Access and SharePoint as clientless applications
  • Load balanced applications served through NetScaler load balancing virtual servers
  • XenApp and XenDesktop published resources.

The feature can be configured and managed with the Unified Gateway wizard in the NetScaler configuration utility. [#00552862, #0438356, #0519875, #0519875]

SmartControl

SmartControl allows policy-based management decisions for ICA connections through the VPN. SmartControl policies can be applied at the session level to control user’s ICA environment and to further manage ICA connections with SmartGroup sorting decisions.   [#0525947]

Portal Customization and EULA

The Portal Customization options have been expanded to allow end-to-end customization of the VPN user portal. Administrators can apply themes to their VPN portal design or use themes as a foundation for their own customization or branding. An option to present VPN users an End User License Agreement (EULA) has also been added to the portal design. Portal themes and EULAs can be bound to a VPN virtual server or specified as global VPN parameters.  [#0489467]

New and Updated Gateway Clients

NetScaler Gateway release 11.0 adds new plug-in clients for the following operating systems:

  • Android 4.1 or later
  • iOS 7 or later
  • Linux (Ubuntu 12.04 and 14.04)

Each of these clients provides full SSL VPN tunnel functionality through NetScaler Gateway and supports all authentication methods available in NetScaler Gateway.

Additionally, the Mac OS and Windows plug-ins have been refreshed and updated for the 11.0 release, including OS X 10.10 (Yosemite) support for the Mac OS X plug-in. [#0495767, #0520483]

Plug-in Version Decoupling

The NetScaler Gateway client plug-ins are no longer coupled to the NetScaler release versioning. Settings for version requirement per client OS type can be configured globally and within session policies.  [#0236620]

Plug-in Icon Decoupling from Citrix Receiver

The desktop client plug-ins icons can now be configured to operate independently from Native Citrix Receiver clients. Settings to manage Receiver integration with the NetScaler Gateway Plug-ins can be configured globally and within session policies.   [#0406312]

Disabling Automatic Update for the Windows Gateway Client and EPA Plug-ins

This enhancement adds an option in client Endpoint Analysis (EPA) to prevent automatic client updates by disabling the “EnableAutoUpdate” registry key.  [#236620]

Striped Cluster for NetScaler Gateway in ICA Proxy Mode

This feature allows administrators to deploy NetScaler Gateway with XenApp and XenDesktop in a striped cluster configuration. Administrators can use existing Gateway configurations and scale seamlessly in a cluster deployment without having to restrict the VPN configuration to a single node.

Note that this feature is limited to ICA Proxy basic-mode virtual servers and does not support SmartAccess. [#0490329]

Clientless VPN support for Outlook Web Access 2013 and SharePoint 2013

NetScaler Gateway has improved support for access to Outlook Web Access 2013 and SharePoint 2013 through Clientless VPN (CVPN) sessions. [#0494995]

WebFront

WebFront is an alternative integration point for XenApp and XenDesktop deployments served by StoreFront. Resident on NetScaler, WebFront uses caching and packet flow optimization in the distribution of user stores. These techniques improve end user experience for Receiver for Web users and speed up single sign-on for native Receiver users. In the NetScaler configuration utility, the WebFront feature is on the Configuration tab at System > WebFront. [#0497619, #0497625]

ICA Proxy Connection Termination after Session Time Out

Automatic session timeout can be enabled for ICA connections as a VPN parameter. Enabling this parameter forces active ICA connections to time out when a VPN session closes.  [#0358672]

Support for Common Gateway Protocol (CGP) over WebSockets

NetScaler Gateway virtual servers have improved intelligence for handling CGP traffic destined for the common CGP port, 2598, over WebSockets. This enhancement allows Receiver for HTML5 user sessions through NetScaler Gateway to support Session Reliability. [#0519889]

SPNEGO Encapsulation for Kerberos Tickets

NetScaler now uses SPNEGO encapsulation on Kerberos tickets that are sent to back-end web applications and servers. [#404899]

Cross Domain Kerberos Constrained Delegation 

This enhancement adds support for cross-domain Kerberos constrained delegation when both the user and the service realm have a two-way shortcut trust. That is, if the user and service belong to different domains/realms, constrained delegation fails. However, if a user logs on with a user name and password, Kerberos Single Sign-On works for cross-domain access, because the NetScaler Gateway appliance does Kerberos impersonation with the user password. NetScaler Gateway currently does not otherwise support cross-domain constrained delegation. [#444387]

Advertisements