Beruflich Dokumente
Kultur Dokumente
Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included with the installation media. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
2009
Citrix and ICA (Independent Computing Architecture) are registered trademarks and Citrix Access Gateway is a trademark of Citrix Systems, Inc. in the United States and other countries. Document code: January 5 2010 16:08:45
Contents
Contents
iv
Chapter 1
Chapter 1
Documentation Conventions
Citrix product documentation uses the following typographic conventions. Presentation or Convention User interface controls Command names Variable names Description Names of buttons, boxes, options, or other controls in the user interface. Names of commands, such as ipconfig. Variable placeholders for information you provide. For example, filename means you type the actual name of a file. Terms newly introduced or otherwise emphasized. Text displayed in code or a text file. In a command, a series of items, one of which is required. For example, {yes | no } means you must type yes or no. Do not type the braces themselves. In a command, optional items. For example, [/ping] means you can type /ping with the command. Do not type the brackets themselves. In a command, a separator between items in braces or brackets. For example, { /hold | /release | /delete } means you must type /hold or / release or /delete. The previous item(s) in the command can be repeated. For example, /route:devicename[,] means you can type additional devicenames separated by commas.
[brackets]
| (vertical bar)
... (ellipsis)
Getting Started w A knowledge base containing thousands of technical solutions to support your Citrix environment w An online product documentation library w Interactive support forums for every Citrix product w Access to the latest hotfixes and service packs w Security bulletins w Online problem reporting and tracking (for organizations with valid support contracts) Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organizations Citrix products.
Subscription Advantage
Your product includes a one-year membership in the Subscription Advantage program. The Citrix Subscription Advantage program gives you an easy way to stay current with the latest software version and information for your Citrix products. Not only do you get automatic access to download the latest feature releases, software upgrades, and enhancements that become available during the term of your membership, you also get priority access to important Citrix technology information. You can find more information on the Citrix Web site at http://www.citrix.com. On the home page, click Support>Subscription Advantage. You can also contact your sales representative, Citrix Customer Care, or a member of the Citrix Solutions Advisors program for more information.
Chapter 1
How to Use This Guide Web-based training courses are available through CALCs, resellers, and from the Citrix Web site. Information about programs and courseware for Citrix training and certification is available from http://www.citrixtraining.com/.
Chapter 2
Chapter 2
The solution architecture has the following components: Hardware or physical layer: Physical hardware components including memory, CPU, network cards, and disk drives. Hypervisor: Thin layer of software that runs on top of the hardware. The Xen hypervisor gives each virtual machine a dedicated view of the hardware. Virtual machine: Operating system hosted on the hypervisor and appearing to the user as a separate physical computer. However, the machine shares physical resources with other virtual
10
Getting Started machines, and it is portable because the virtual machine is abstracted from the physical hardware. For example, an Access Gateway VPX virtual appliance is installed on the hypervisor and uses drivers to access storage and network resources. It appears to the users as an independent Access Gateway appliance with its own network identity, user authorization and authentication capabilities, configuration, and data. The paravirtualization technique enables the virtual machines and the hypervisor to work together to achieve high performance for I/O and for CPU and memory virtualization. After you install the Access Gateway virtualized image, you can open the Administration Portal and download the Administration Tool. For more information about XenServer, see the XenServer documentation on the Citrix Support Web site.
Citrix XenCenter
XenCenter is a graphical virtualization-management interface for Citrix XenServer, that enables you to manage servers, resource pools, and shared storage, and to deploy, manage, and monitor virtual machines from your Windows desktop machine. Use XenCenter to install Access Gateway VPX on XenServer. For more information about XenCenter, see the XenServer documentation at Citrix Support Web site.
11
Chapter 2
Access Gateway VPX As shown in the figure, Access Gateway VPX, when deployed in front of application servers, acts as a secure entry point in the internal network for authenticated users.
To install XenServer, see the XenServer Installation Guide at http://support.citrix.com/ article/CTX121751. The XenServer must provide adequate virtual computing resources to the Access Gateway VPX as listed in the following table.
12
Getting Started Table 2-2. Virtual Computing Resources of Access Gateway VPX Memory Virtual CPU (VCPU) Virtual Network Interfaces Minimum Storage Requirement 1 GB memory One VCPU minimum, two VCPUs recommended for better performance One or two 12 GB
Chapter 2
Access Gateway VPX Downloading and running streamed applications requires a full, unconstrained VPN tunnel through which users can access file shares or other network resources. When only the Access Gateway Platform license is installed, Access Gateway VPX allows the following types of connections: w ICA+SSL connections to XenApp initiated by the Citrix online plug-ins w ICA+SSL connections to XenDesktop initiated by the Citrix Desktop Receiver w Connections from Citrix Receiver to the Citrix Merchandising Server w Connections from Citrix Dazzle w Connection from the user's Web browser to a Citrix Web Interface site Support for user connections through Access Gateway to XenApp published applications or XenDesktop published desktops is now provided without requiring an Access Gateway user license for each connection. The platform license enables users to make basic connections to published applications or desktops. The Access Gateway platform license supports the following connection features: w Strong authentication w Integration with Citrix Web Interface to broker connections to XenApp or XenDesktop w Secure SSL relay of ICA session traffic w Compatibility with Citrix Receiver (published applications only) The Access Gateway platform license does not support the following connection features, which require an Access Gateway concurrent user license: w Full network-layer VPN tunneling w Endpoint Analysis w SmartAccess w Clientless access to email, Web sites, and file shares Access Gateway user licenses are used only for sessions in which users connect to resources other than XenApp or XenDesktop, or where endpoint analysis is used to determine the appropriate level of access for that session. The Access Gateway platform license allows Basic connections up to the maximum capacity of the appliance. Along with the platform license, the Access Gateway VPX supports the Access Gateway Universal license. When Access Gateway Universal Licenses are installed, users log on using the Access Gateway Plug-in. All features of the Access Gateway, including networklayer VPN access, are enabled. Because the platform license does not include support for the delivery of XenApp streamed application packages or any network-layer connections required by streamed applications running on the user device, you need an Access Gateway Standard or Universal license. Note: If Access Gateway Standard or Universal licenses are available, a license is consumed for each session regardless of that session's connection features.
14
Getting Started For more information about the licenses that can be installed on Access Gateway Standard Edition appliances, see Access Gateway License Types in Citrix eDocs. After you install the license, continue configuring the virtual appliance just you would the physical appliance. For more information about installing certificates and configuring settings, see: w Creating and Installing Certificates w Configuration and Management of the Access Gateway
15
Chapter 2
16
Chapter 3
17
Chapter 3
18
Getting Started 3. In the Add New Server dialog box, in Hostname, type the IP address or DNS name of the XenServer to which you want to connect. 4. In User Name and Password, type the administrator credentials, and then click Connect. The XenServer name appears in the navigation pane with a green circle, which indicates that the XenServer is connected. 5. In the navigation pane, click the name of the XenServer on which you want to install Access Gateway VPX. 6. On the VM menu, click Import. 7. In the Import dialog box, in Import file name, browse to the location to which you saved the Access Gateway VPX .xva image file and click Open. 8. Under Import type, click Exported VM, and then click Next 9. Select the XenServer on which you want to install Access Gateway VPX, and then click Next. 10. Select the local storage repository in which to place the Access Gateway VPX, and then click Import to begin the import process. 11. You can add, modify, or delete virtual network interfaces. When finished, click Next. Note: The Access Gateway requires two network interfaces, one for the public (Internet) network and the second for the internal network. You cannot configure more than two network interfaces for Access Gateway VPX. 12. Click Finish to complete the import process. Note: You can click the Log tab to view the status of the import process. 13. If you want to install another Access Gateway VPX image file, repeat Steps 5 through 11. When importing the Access Gateway virtual image is complete, you can then configure the basic settings for the appliance. See Configuring Basic Settings using the XenCenter Console on page 22 for information.
19
Chapter 3
Downloading and Installing the Virtual Image 3. When the Access Gateway is shut down, right-click the virtual image and click Delete. 4. Click Delete attached virtual disks and click OK. Note: If you do not delete the attached virtual disks, it consumes disk space in the XenServer resource pool.
20
Chapter 4
21
Chapter 4
22
Getting Started
Important: Citrix recommends changing the administrator password before connecting the Access Gateway to your network. The new password can be six to 127 characters long and cannot begin or end with a space. w [7] Help displays help information w [8] Log Out logs off of the Access Gateway
23
Chapter 4
Getting Started 3. Type the administrator user name and password. The default values are root and rootadmin. The Administration Portal opens.
Chapter 4
Configuring Access Gateway Settings configuring additional network settings and authentication and authorization. For more information, see the following topics in the Citrix eDocs library: w Installing Licenses on Access Gateway Standard Edition w Installing and Managing Certificates w Configuration and Management of the Access Gateway
26