Getting Started with Access Gateway VPX

Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included with the installation media. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
2009

Citrix Systems, Inc. All rights reserved.

Citrix and ICA (Independent Computing Architecture) are registered trademarks and Citrix Access Gateway is a trademark of Citrix Systems, Inc. in the United States and other countries. Document code: January 5 2010 16:08:45

Contents

How to Use This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Documentation Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Getting Support and Training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Subscription Advantage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Knowledge Center Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Education and Training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Access Gateway VPX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Citrix Access Gateway VPX Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Citrix XenCenter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Example of an Access Gateway VPX Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Prerequisites for Installing Access Gateway VPX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 XenServer Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 XenCenter System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Access Gateway VPX Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Downloading and Installing the Virtual Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Downloading the Virtual Image for Access Gateway Standard Edition. . . . . . . . . . . . . . . . . . . . .18 Importing Access Gateway VPX to Citrix XenServer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Installing Access Gateway VPX using Citrix XenCenter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Deleting the Access Gateway Virtual Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Configuring Access Gateway Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Configuring Basic Settings using the XenCenter Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 To configure basic settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Access Gateway Administration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Configuring Settings Using the Administration Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Downloading and Installing the Administration Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 To open the Administration Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 To download the Administration Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 To start the Administration Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 iii

Contents

iv

Chapter 1

How to Use This Guide

Topics:
Documentation Conventions Getting Support and Training Subscription Advantage Knowledge Center Alerts Education and Training This guide is intended for system administrators responsible for installing and configuring the Access Gateway VPX. This document assumes that administrators are familiar with Access Gateway configuration. This document also assumes that administrators are familiar with configuring Citrix XenServer and using Citrix XenCenter.

Chapter 1

How to Use This Guide

Documentation Conventions
Citrix product documentation uses the following typographic conventions. Presentation or Convention User interface controls Command names Variable names Description Names of buttons, boxes, options, or other controls in the user interface. Names of commands, such as ipconfig. Variable placeholders for information you provide. For example, filename means you type the actual name of a file. Terms newly introduced or otherwise emphasized. Text displayed in code or a text file. In a command, a series of items, one of which is required. For example, {yes | no } means you must type yes or no. Do not type the braces themselves. In a command, optional items. For example, [/ping] means you can type /ping with the command. Do not type the brackets themselves. In a command, a separator between items in braces or brackets. For example, { /hold | /release | /delete } means you must type /hold or / release or /delete. The previous item(s) in the command can be repeated. For example, /route:devicename[,] means you can type additional devicenames separated by commas.

Terms Code examples {braces}

[brackets]

| (vertical bar)

... (ellipsis)

Getting Support and Training

Citrix provides technical support primarily through the Citrix Solutions Network (CSN). Our CSN partners are trained and authorized to provide a high level of support to our customers. Contact your supplier for first-line support or check for your nearest CSN partner at http://support.citrix.com/. In addition to the CSN channel program, Citrix offers a variety of self-service, Webbased technical support tools from its Knowledge Center at http://support.citrix.com/. Knowledge Center features include: 6

Getting Started w A knowledge base containing thousands of technical solutions to support your Citrix environment w An online product documentation library w Interactive support forums for every Citrix product w Access to the latest hotfixes and service packs w Security bulletins w Online problem reporting and tracking (for organizations with valid support contracts) Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organizations Citrix products.

Subscription Advantage
Your product includes a one-year membership in the Subscription Advantage program. The Citrix Subscription Advantage program gives you an easy way to stay current with the latest software version and information for your Citrix products. Not only do you get automatic access to download the latest feature releases, software upgrades, and enhancements that become available during the term of your membership, you also get priority access to important Citrix technology information. You can find more information on the Citrix Web site at http://www.citrix.com. On the home page, click Support>Subscription Advantage. You can also contact your sales representative, Citrix Customer Care, or a member of the Citrix Solutions Advisors program for more information.

Knowledge Center Alerts

The Citrix Knowledge Center allows you to configure alerts, which notify you when the topic you are interested in is updated. You can set an alert on product categories. When there are updates to the product, you are notified of the update. To set up an alert, log on to the Citrix Support Web site at http://support.citrix.com/. After you are logged on, under Products, select a product. Under Alerts, click Add to your Alerts. To remove an alert, go to the Knowledge Center product and click Remove from your Alerts.

Education and Training

Citrix offers a variety of instructor-led training and Web-based training solutions. Instructor-led courses are offered through Citrix Authorized Learning Centers (CALCs). CALCs provide high-quality classroom learning using professional courseware developed by Citrix. Many of these courses lead to certification. 7

Chapter 1

How to Use This Guide Web-based training courses are available through CALCs, resellers, and from the Citrix Web site. Information about programs and courseware for Citrix training and certification is available from http://www.citrixtraining.com/.

Chapter 2

Access Gateway VPX

Topics:
Citrix Access Gateway VPX Overview Prerequisites for Installing Access Gateway VPX Access Gateway VPX Licensing Access Gateway VPX is a virtual appliance that delivers the same features and functionality as the Model 2010 physical appliance. You can deploy Access Gateway VPX as a virtual workload on your own hardware, in addition to or as an alternative to using a physical appliance. Access Gateway VPX includes the new Access Gateway Platform License, plus one year of Subscription Advantage. The initial release of Access Gateway VPX is based on Access Gateway 4.6.2, Standard Edition and is compatible with Citrix XenServer version 5.5. Product documentation is available for the following releases on Citrix eDocs: w Access Gateway 4.6, Standard Edition w Access Gateway 4.6.1, Standard Edition w Hotfix AGSE_v4.6.2 - Access Gateway Standard Edition 4.6.2 Readme To obtain XenServer and XenCenter and learn more about hardware compatibility, visit http://www.citrix.com/ xenserver.

Chapter 2

Access Gateway VPX

Citrix Access Gateway VPX Overview

Access Gateway VPX is a virtual Access Gateway appliance that is hosted on a Citrix XenServer system and managed by Citrix XenCenter. It supports all the features of a physical Access Gateway. Access Gateway VPX is a secure application access solution that provides administrators granular application-level control while empowering users with access from anywhere. It gives IT administrators a single point of control to manage access and actions based on both the user and the endpoint device, providing better risk, security and compliance management. Access Gateway VPX installs into your network and functions just as if you installed the physical appliance. The Access Gateway VPX is a virtual machine image that can be installed and run on any hardware device that supports Citrix XenServer 5.5 or later. This allows you to install Access Gateway Standard Edition software on standard x86 hardware. The Access Gateway runs on a server virtualization platform that offers the same functionality as the physical appliance. The following diagram depicts the architecture of Access Gateway VPX on a hypervisor:

The solution architecture has the following components: Hardware or physical layer: Physical hardware components including memory, CPU, network cards, and disk drives. Hypervisor: Thin layer of software that runs on top of the hardware. The Xen hypervisor gives each virtual machine a dedicated view of the hardware. Virtual machine: Operating system hosted on the hypervisor and appearing to the user as a separate physical computer. However, the machine shares physical resources with other virtual

10

Getting Started machines, and it is portable because the virtual machine is abstracted from the physical hardware. For example, an Access Gateway VPX virtual appliance is installed on the hypervisor and uses drivers to access storage and network resources. It appears to the users as an independent Access Gateway appliance with its own network identity, user authorization and authentication capabilities, configuration, and data. The paravirtualization technique enables the virtual machines and the hypervisor to work together to achieve high performance for I/O and for CPU and memory virtualization. After you install the Access Gateway virtualized image, you can open the Administration Portal and download the Administration Tool. For more information about XenServer, see the XenServer documentation on the Citrix Support Web site.

Citrix XenCenter
XenCenter is a graphical virtualization-management interface for Citrix XenServer, that enables you to manage servers, resource pools, and shared storage, and to deploy, manage, and monitor virtual machines from your Windows desktop machine. Use XenCenter to install Access Gateway VPX on XenServer. For more information about XenCenter, see the XenServer documentation at Citrix Support Web site.

Example of an Access Gateway VPX Setup

An Access Gateway VPX setup provides secure remote access to applications and data. The following diagram shows how Access Gateway VPX can be used to deliver secure application access.

11

Chapter 2

Access Gateway VPX As shown in the figure, Access Gateway VPX, when deployed in front of application servers, acts as a secure entry point in the internal network for authenticated users.

Prerequisites for Installing Access Gateway VPX

Before you begin installing Access Gateway VPX, do the following: w Obtain the Access Gateway VPX license files from your supplier or check for your nearest CSN partner at http://support.citrix.com/. You can also get support from Citrix Customer Service at http://www.citrix.com/. On the Support menu, click Customer Service. w Install XenServer version 5.5 or above on hardware that meets the minimum requirements. w Install XenCenter on a management workstation that meets the minimum system requirements.

XenServer Hardware Requirements

The following table describes the minimum specifications for the hardware on which XenServer runs Access Gateway VPX. Table 2-1. Minimum Hardware Requirements for XenServer Running Access Gateway VPX CPU RAM Disk space One or more 64-bit x86 CPUs At least 2 GB Locally attached storage (PATA, SATA, SCSI) with minimum 40 GB of disk space. General disk space requirements for Access Gateway VPX: XenServer installation creates a 4 GB partition for the XenServer host control domain; remaining space is available for Access Gateway VPX and other VMs. Network One 1 Gbps network adapter required; Recommended: Two network adapters of 1 Gbps each

To install XenServer, see the XenServer Installation Guide at http://support.citrix.com/ article/CTX121751. The XenServer must provide adequate virtual computing resources to the Access Gateway VPX as listed in the following table.

12

Getting Started Table 2-2. Virtual Computing Resources of Access Gateway VPX Memory Virtual CPU (VCPU) Virtual Network Interfaces Minimum Storage Requirement 1 GB memory One VCPU minimum, two VCPUs recommended for better performance One or two 12 GB

XenCenter System Requirements

XenCenter is a Windows application. It cannot run on the same computer as the XenServer host. The following table describes the system requirements for XenCenter: Table 2-3. System Requirements for XenCenter Installation Operating system .NET framework CPU RAM Network Windows XP, Windows Server 2003, Windows Vista or Windows 7. Version 2.0 or above. 750 MHz minimum, 1 GHz or faster recommended. 1 GB Minimum, 2 GB recommended. 100 Mbps or faster network adapter.

Access Gateway VPX Licensing

The Access Gateway VPX comes with the Access Gateway Platform License. The platform license provides access to Citrix XenApp and XenDesktop resources only and provides support for Citrix Receiver and Dazzle. The platform license allows users to log on using Citrix online plug-ins and connect to a XenApp server to retrieve their list of applications or a XenDesktop server to get to their published desktops. When the Access Gateway Platform license is installed, it supports Citrix Receiver. If users connect with Citrix Receiver through the Access Gateway, the Access Gateway Plugin must be installed. w A user license is required in addition to a platform license if users log on using the Access Gateway Plug-in. When just the platform license is installed, a VPN tunnel that allows users to access only the Citrix Receiver Merchandising Server and the Web Interface is enabled. Other resources are not available to users unless an Access Gateway Standard license or Access Gateway Universal user license is installed. w When neither an Access Gateway Standard Edition license or an Access Gateway Universal license is available, users will only have access to published applications. 13

Chapter 2

Access Gateway VPX Downloading and running streamed applications requires a full, unconstrained VPN tunnel through which users can access file shares or other network resources. When only the Access Gateway Platform license is installed, Access Gateway VPX allows the following types of connections: w ICA+SSL connections to XenApp initiated by the Citrix online plug-ins w ICA+SSL connections to XenDesktop initiated by the Citrix Desktop Receiver w Connections from Citrix Receiver to the Citrix Merchandising Server w Connections from Citrix Dazzle w Connection from the user's Web browser to a Citrix Web Interface site Support for user connections through Access Gateway to XenApp published applications or XenDesktop published desktops is now provided without requiring an Access Gateway user license for each connection. The platform license enables users to make basic connections to published applications or desktops. The Access Gateway platform license supports the following connection features: w Strong authentication w Integration with Citrix Web Interface to broker connections to XenApp or XenDesktop w Secure SSL relay of ICA session traffic w Compatibility with Citrix Receiver (published applications only) The Access Gateway platform license does not support the following connection features, which require an Access Gateway concurrent user license: w Full network-layer VPN tunneling w Endpoint Analysis w SmartAccess w Clientless access to email, Web sites, and file shares Access Gateway user licenses are used only for sessions in which users connect to resources other than XenApp or XenDesktop, or where endpoint analysis is used to determine the appropriate level of access for that session. The Access Gateway platform license allows Basic connections up to the maximum capacity of the appliance. Along with the platform license, the Access Gateway VPX supports the Access Gateway Universal license. When Access Gateway Universal Licenses are installed, users log on using the Access Gateway Plug-in. All features of the Access Gateway, including networklayer VPN access, are enabled. Because the platform license does not include support for the delivery of XenApp streamed application packages or any network-layer connections required by streamed applications running on the user device, you need an Access Gateway Standard or Universal license. Note: If Access Gateway Standard or Universal licenses are available, a license is consumed for each session regardless of that session's connection features.

14

Getting Started For more information about the licenses that can be installed on Access Gateway Standard Edition appliances, see Access Gateway License Types in Citrix eDocs. After you install the license, continue configuring the virtual appliance just you would the physical appliance. For more information about installing certificates and configuring settings, see: w Creating and Installing Certificates w Configuration and Management of the Access Gateway

15

Chapter 2

Access Gateway VPX

16

Chapter 3

Downloading and Installing the Virtual Image

Topics:
Downloading the Virtual Image for Access Gateway Standard Edition Importing Access Gateway VPX to Citrix XenServer Installing Access Gateway VPX using Citrix XenCenter Deleting the Access Gateway Virtual Image You can download the Access Gateway virtual image, called CAG.xva, from My Citrix. After you download the image, install it on XenServer using the XenCenter Console. You can add multiple instances of the virtual image to XenServer and configure each of them with unique IP addresses. This is the same as installing multiple Access Gateway appliances in a rack in the DMZ in your network.

17

Chapter 3

Downloading and Installing the Virtual Image

Downloading the Virtual Image for Access Gateway Standard Edition

The virtual image is a file with the name CAG.xva. The virtual image contains the package you need to install using XenCenter. You can get the virtual image from My Citrix after you have purchased Access Gateway VPX. 1. Log on to My Citrix and click Downloads. 2. Under Support, click Downloads. 3. Under Search Downloads by Product, select Citrix Access Gateway. 4. Under Product Software>Standard Edition, click Access Gateway VPX and save it to your computer.

Importing Access Gateway VPX to Citrix XenServer

To install Access Gateway VPX on XenServer, you must first install XenServer on a computer with adequate hardware resources. To perform the Access Gateway VPX installation, you use XenCenter, which must be installed on a remote computer that can connect to the XenServer host through the network. After you install Access Gateway VPX, you can create virtual hardware components on XenServer and allocate them to Access Gateway VPX using XenCenter. To use the virtualized image of the Access Gateway software, you need to obtain the exported virtual image file (.xva) and import it to Citrix XenServer using the XenCenter management console. For more information, see: w Prerequisites for Installing Access Gateway VPX on page 12 w Downloading the Virtual Image for Access Gateway Standard Edition on page 18

Installing Access Gateway VPX using Citrix XenCenter

After you have installed and configured XenServer and XenCenter, you can use XenCenter to install Access Gateway VPX on XenServer. Each instance of Access Gateway VPX is a virtual Access Gateway appliance running the same firmware as a physical appliance (the minimum is Version 4.6.2). 1. Start XenCenter on your computer. 2. On the Server menu, click Add.

18

Getting Started 3. In the Add New Server dialog box, in Hostname, type the IP address or DNS name of the XenServer to which you want to connect. 4. In User Name and Password, type the administrator credentials, and then click Connect. The XenServer name appears in the navigation pane with a green circle, which indicates that the XenServer is connected. 5. In the navigation pane, click the name of the XenServer on which you want to install Access Gateway VPX. 6. On the VM menu, click Import. 7. In the Import dialog box, in Import file name, browse to the location to which you saved the Access Gateway VPX .xva image file and click Open. 8. Under Import type, click Exported VM, and then click Next 9. Select the XenServer on which you want to install Access Gateway VPX, and then click Next. 10. Select the local storage repository in which to place the Access Gateway VPX, and then click Import to begin the import process. 11. You can add, modify, or delete virtual network interfaces. When finished, click Next. Note: The Access Gateway requires two network interfaces, one for the public (Internet) network and the second for the internal network. You cannot configure more than two network interfaces for Access Gateway VPX. 12. Click Finish to complete the import process. Note: You can click the Log tab to view the status of the import process. 13. If you want to install another Access Gateway VPX image file, repeat Steps 5 through 11. When importing the Access Gateway virtual image is complete, you can then configure the basic settings for the appliance. See Configuring Basic Settings using the XenCenter Console on page 22 for information.

Deleting the Access Gateway Virtual Image

If a virtual image is no longer required, you can use XenCenter to delete the virtual image. Deleting a virtual image from XenServer is the same as disconnecting the physical appliance from your network and removing it from the rack. 1. Start XenCenter on your computer. 2. In the navigation pane, right-click an Access Gateway virtual image and click Shut Down.

19

Chapter 3

Downloading and Installing the Virtual Image 3. When the Access Gateway is shut down, right-click the virtual image and click Delete. 4. Click Delete attached virtual disks and click OK. Note: If you do not delete the attached virtual disks, it consumes disk space in the XenServer resource pool.

20

Chapter 4

Configuring Access Gateway Settings

Topics:
Configuring Basic Settings using the XenCenter Console Access Gateway Administration Tools Configuring Settings Using the Administration Portal Downloading and Installing the Administration Tool After you download and install the Access Gateway virtual image on XenServer, you then need to configure settings for network access. First, you configure the Access Gateway IP address, fully qualified domain name (FQDN), and default gateway using the console. After configuring the basic settings, you can then open the Administration Portal and download the Administration Tool. After the Administration Tool is is installed, you can then configure the rest of your network settings. You can find instructions to configure additional settings for the Access Gateway on the Citrix eDocs Web site.

21

Chapter 4

Configuring Access Gateway Settings

Configuring Basic Settings using the XenCenter Console

After installing an instance of the Access Gateway VPX, you need to access it to configure the basic settings. When the installation is complete, configure settings on the Console tab in the XenCenter Console. You configure the basic settings of the Access Gateway VPX just as you would for a physical appliance connected using a serial cable and the serial console. The XenCenter console has the same options as those in the serial console for the physical appliance. You can use the XenCenter serial console to set the IP address and subnet of the network adapter that is called Interface 0, as well as the IP address of the default gateway device. All other settings must be configured using the Administration Tool. You can also use the XenCenter serial console to test a connection with the ping command. Citrix recommends using both network adapters on the appliance to optimize inbound and outbound network traffic. Access Gateway VPX supports both one-arm and two-arm modes. w One-arm mode uses one XenServer virtual network interface for inbound and outbound connections. In one-arm mode, a single IP address is assigned to Access Gateway. The default configuration of Access Gateway is one-arm mode. w Two-arm mode uses two XenServer virtual network interfaces, one for external and one for internal connections. In two-arm mode, two IP address are assigned to Access Gateway, one for the external interface and one for the internal interface. After configuring the TCP/IP settings for Interface 0, use the Administration Tool to configure TCP/IP settings for Interface 1. The serial console provides the following options for configuring the Access Gateway: w [0] Express Setup configures the TCP/IP settings for Interface 0 on the Access Gateway Cluster>General Networking tab w [1] Ping is used to ping other network devices to check for connectivity w [2] Link Modes is used to set the duplex mode and speed mode for Interface 0 on the Access Gateway Cluster>General Networking tab w [3] External Administration Port enables or disables connections to the Administration Tool from a remote computer w [4] Display Log displays the Access Gateway log w [5] Reset Certificate resets the certificate to the default certificate that comes with the Access Gateway w [6] Change Administrative Password allows you to change the default administrator password of rootadmin

22

Getting Started

Important: Citrix recommends changing the administrator password before connecting the Access Gateway to your network. The new password can be six to 127 characters long and cannot begin or end with a space. w [7] Help displays help information w [8] Log Out logs off of the Access Gateway

To configure basic settings

1. In the XenCenter Console, in the Resource pane, select Citrix Access Gateway. 2. In the right pane, click the Console tab. 3. Press Enter and log on using the default user name and password, root and rootadmin. 4. To set the IP address and subnet mask and the default gateway device for Interface 0, type 0 and press Enter to choose Express Setup. After you respond to the prompts, the information you entered appears. To commit your changes, type y. 5. To verify that the Access Gateway can ping a connected network device, type 1 and enter the IP address of the device. After you configure the basic settings for the appliance, you can then connect to the Administration Portal and download the Administration Tool. When the Administration Tool is installed on your computer, you can then configure additional settings. For more information, see the Access Gateway 4.6, Standard Edition documentation in the Citrix eDocs library. For more information about the Administration Portal and Administration Tool, see the following topics: w Access Gateway Administration Tools on page 23 w Configuring Settings Using the Administration Portal on page 24 w Downloading and Installing the Administration Tool on page 24

Access Gateway Administration Tools

Access Gateway administration uses a combination of the Administration Portal and the Administration Tool to administer the appliance and monitor network connections. The Administration Tool contains all Access Gateway configuration controls, except for administrative user account management, which is available only from the Administration Portal and the serial console. The Administration Portal provides downloads and administration of some Access Gateway settings.

23

Chapter 4

Configuring Access Gateway Settings

Configuring Settings Using the Administration Portal

The Administration Portal allows you to make basic configuration changes. On the Administration Portal, you can: w Change the administrator password w View Access Gateway logs w Upload certificates w Upload a saved configuration or a software upgrade w Save the Access Gateway configuration w Restart and shut down the Access Gateway On the Downloads page, you can do the following: w Download the Administration Tool w Download the Access Gateway documentation w Download a portal page template w Download a sample email for users w Download Access Gateway-specific SNMP data

Downloading and Installing the Administration Tool

After you configure the basic settings of Access Gateway VPX, you can open the Administration Portal and download the Administration Tool just as you would for a physical appliance. The Administration Portal provides a Web-based interface for administrators. There are several tabs in the Administration Portal that provide a convenient place to perform some administrative tasks on the Access Gateway.

To open the Administration Portal

1. In a Web browser, type https://AccessGatewayFQDN:9001/ where AccessGatewayFQDN is the host name of the appliance and 9001 is the administration port. You can also use the IP address of the appliance to open the Administration Portal. 2. If a digital certificate signed by a Certificate Authority is not installed on the Access Gateway, a security alert dialog box appears. Click Yes. 24

Getting Started 3. Type the administrator user name and password. The default values are root and rootadmin. The Administration Portal opens.

To download the Administration Tool

The Administration Tool allows you to configure global settings once and then publish them to multiple Access Gateway appliances on your network. You can also view appliance statistics and monitor network usage from the Administration Tool. The Administration Tool is downloaded from the Administration Portal and installed on a Windows computer in the secure network and makes it easy for you to configure network settings, authentication, users, and group policies. The left pane of the Administration Tool window displays Help information for the current tab. The online Help corresponds to the task you are completing. There is also an Alerts box located above the online help. Alerts inform you when there is a problem with the Access Gateway, such as a missing license or certificate. Important: If you upgrade from a previous version of the Access Gateway, you must uninstall the Administration Tool using Add or Remove Programs in Control Panel and then install the latest version from the Administration Portal. 1. In a Web browser, type the IP address and port number of the Access Gateway, such as https://ipAddress:9001 and log on using administrator credentials. The Administration Portal communicates on port 9001. 2. In the Administration Portal, click Downloads. 3. Under Access Gateway Administration Tool, click Install the Access Gateway Administration Tool and click Run. 4. To install the Administration Tool, follow the instructions in the wizard.

To start the Administration Tool

1. Click Start>All Programs> Citrix>Access Gateway Administration Tool 4.6.2 >Access Gateway Administration Tool 4.6.2 or click the icon on your desktop. 2. In the Administrator Login dialog box, in Host (IP or FQDN), type the IP address of the Access Gateway. 3. In Administrator Username, type root. 4. In Administrator Password, type the default password rootadmin or the new password if it was changed using the serial console or Administration Portal and click Connect. When the Administration Tool is installed on your computer, you can then configure the rest of the settings for Access Gateway VPX. This includes installing licenses, 25

Chapter 4

Configuring Access Gateway Settings configuring additional network settings and authentication and authorization. For more information, see the following topics in the Citrix eDocs library: w Installing Licenses on Access Gateway Standard Edition w Installing and Managing Certificates w Configuration and Management of the Access Gateway

26