Citrix Receiver is available on many devices and is a vast improvement on the old mish-mash of online/offline plugins etc. Combining it with the power of Citrix Cloud Gateway and Netscaler you can get a unified experience across all your devices whether you are using an ipad and android tablet , a smart phone or citrix receiver installed on your PC or mac.
A single Netscaler policy and profile can service the Citrix Receiver across all devices (Mobile, PC & Mac) and I’m about to show you how. I’m presuming that you are fairly familiar with the AGEE and the basics of how it works so I’m just going show the profile and policy creation.

To begin with expand the AGEE node within the Netscaler and then the policies node. Right click on the session policy node and click ADD.

ageesession

 

Within the expression builder click the Add button and configure an expression to REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver as below then click OK.

 

receiverHeader

 

Click the Add button again and this time configure another expression to REQ.HTTP.HEADER X-Citrix-Gateway EXISTS as below then click OK.

xcitrixgatewayJPG

 

Before continuing now click on the Match Any Expressions button and select Match ALL expressions instead.

ageeMAE

 

Now its time to create the profile so click NEW on the Request Profile menu item.

AGEENEW

 

Leave the network configuration tab blank but in the Client Experience change the Clientless Access to Off, the plugin type to Java and also ensure that the single sign-on to web applications is enabled.

Clientexperience

 

In the security tab set the Default Authorisation to Allow and enable Secure Browse.

security

 

Finally within the Published Applications tab Set ICA Proxy to ON, Enter the Web address of your storefront server and also configure your single sign-on domain.

PublishedAppsAGEE

 

Then all you need to do is click OK to create the profile and then Create to write the policy. Move the policy if you have more than one against a AGEE Vserver so that it has the highest priority and is read first when a device hits the Vserver.

With this configuration you should be able to take any new installation of citrix receiver on a mobile device for instance and point the account creation wizard at the URL of the Vserver, it will then prompt for your username/password and domain and then automatically add the account to the device with any pre-subscribed apps to the the Receiver window.

Magic init!

 

Author: Dale Scriven

Tagged with:
 

8 Responses to Citrix Native Receiver policy for Netscaler Access Gateway Enterprise Edition

  1. dan jackson says:

    Nice, can you confirm what licenses the connections need with this config though as I’m thinking each needs a universal license?

  2. bart says:

    i tried that and am getting error.
    If i put back the policy for webclient all works.
    only receiver fails?

    mac:
    There is an internal server error. For more information, contact your help desk or system administrator
    Unable to communicate with Authentication Manager service

    on windows:
    Your apps are not available at this time
    Cannot contact XenApp

  3. Steve C says:

    I get the same issue as bart, using Netscaler 10.1 with SF 2.0

  4. Steve C says:

    Netscaler bridges a DMZ external NIC facing the clients, internal NIC facing the Citrix environment. Receiver works internally when connecting directly to SF, connections work fine externally through the web client but Receiver doesn’t work. That said, in order to get apps to work externally through the web client I have to point Netscaler at SF with no encryption i.e. http://sfFQDN/Citrix/sfweb if I use SSL https://sfFQDN/Citrix/Web it doesn’t work. The issue definitely lies in encrypted communication between the Netscaler and the SF box though all certs are good, and there do not appear to be any SSL issues when testing.

    • itgurun says:

      Hi, I´ve just found your post about the encryption when connecting externally. We have exactly the same problem with a new setup of Netscalers (10.5) and Storefront 2.6. I have searched everywhere for this but this could be the solution for us. Thanks for sharing!

  5. […] your NetScaler (if you have one) for native receiver access (if you have not done so already see HERE for hints on the configuration). Then all you need to do is add one SRV record into your DNS […]

Leave a Reply

Set your Twitter account name in your settings to use the TwitterBar Section.
%d bloggers like this: