Transition to hybrid cloud and SaaS with Citrix Gateway

Download as PDF

Implementing a traditional SSL VPN solution or an IDaaS (IDaaS) solution will not provide single sign-on (SSO) to all applications and data. While an SSL VPN will provide network access and SSO to applications in a datacenter, an IDaaS solution will just provide SSO to applications in the cloud or delivered as SaaS.

Due to lack in functionality of SSL VPN solutions to provide SSO, traffic monitoring, and access security to SaaS applications, customers deployed IDaaS as a separate solution from an existing SSL VPN–based solution.

In addition to SaaS applications, many enterprise customers have deployed an MDM solution, and a VDI solution from one or multiple vendors. These solutions each require an additional gateway since most vendors do not provide a single access point supporting both VDI and MDM solutions.

As a result, many enterprise customers have up to 5 gateways deployed in their datacenter—all from different vendors. This redundancy, over the years, has caused datacenters to be complex and has inhibited customers from moving to cloud or highly-agile datacenter networks.

Citrix Gateway provides users with one access point and SSO to business applications and data deployed in a datacenter, the cloud, or delivered as SaaS across a range of devices—laptops, desktops, thin clients, tablets, and smart phones. It provides consolidation; helps reduce the footprint of remote access infrastructure; reduces cost; and provides ease of management and a better end-user experience. Citrix Gateway helps transition IT to hybrid cloud and SaaS environments.

Citrix Gateway has 3 primary use cases

Federation and single sign-on

Citrix Gateway provides federated identity and supports SAML 2.0, OAuth, and OpenID to achieve single sign-on across all applications whether they are web, VDI, enterprise, or SaaS applications.

User directory on-premises

Citrix Gateway provides SSO to SaaS applications such as Office 365 and Salesforce, and keeps the user directory on-premises. It can be implemented as an IdP or proxy for ADFS and provides SSO to SaaS
applications.

Multi-factor (nFactor) authentication

Citrix Gateway provides nFactor authentication mechanisms and allows granular control over who is accessing the network; what is being accessed; and how and when it is accessed. It supports all the authentication mechanisms such as RADIUS, TACACS, NTLM, Diameter, SAML 2.0, OAuth 2.0, and OpenID 2.0.

Contextual access control policies

Citrix Gateway allows granular access control to business applications based on the state of the end-user device, user, user location, and other data. An IT administrator can create, manage, and enforce these policies to access data securely in an application environment. These policies can be implemented for VDI, web, mobile, enterprise, and SaaS applications.

Visibility and Monitoring

Citrix Application Delivery Management includes Gateway Insight, which provides visibility of the end-to-end user experience for all applications accessed through Citrix Gateway. It provides information for application support teams to troubleshoot issues regarding authentication failures, including EPA check failures and single sign-on failures.  

Gateway Insight

One URL helps consolidate remote access infrastructure

Citrix Gateway provides one URL and consolidates remote access infrastructure. It provides remote access from any device to any application. For IT, this helps improve efficiency and reduce cost of ownership. For end users, it provides one URL for accessing any application from any location and improves the user experience. Users can now access any application, using any device type, from any location.

Content Switching

Given the spread of enterprise datacenters or customers across multiple geographies, you may want to present different content to different users. For example, you may want to allow users from an IP range of a customer or partner to have access to a special web portal or to content relevant to users from a specific geographical area and in a specific language. You may also want to present content tailored to specific devices, such as smartphones. Content switching enables the Citrix ADC appliance to distribute client requests across multiple servers based on specific content that you wish to present to users.

This also allows users to experience clientless access to certain applications such as Microsoft Sharepoint, Microsoft OWA, and Microsoft Lync.

Contextual Access Control

Citrix Gateway allows IT administrators to define and enforce access control policies based on certain parameters like state of the end-user device, location of the user, and applications being accessed. IT administrators can prioritize policies to be enforced if a user is part of multiple groups and sub-domains.

Custom Portal

Citrix Gateway provides a highly customizable portal that allows customers to brand it with their organization's look and feel. Customers can select logos, background colors, and EULA agreements as part of this customization.

Always-On

Citrix Gateway allows auto-reconnect of a session if a user is moving between networks. This mostly happens if a user goes from a home network to work or vice versa. Citrix Gateway provides an “always connected” experience for end users.

Platforms supported for Citrix Gateway plugin

Citrix Gateway provides an SSL VPN client for Windows, Mac, Linux, Android, and iOS platforms. It also provides access to applications without installing a client on an end-user device (such as clientless mode through a browser).

Support for MDM/MAM solutions

Citrix Gateway supports Citrix Endpoint Management and provides a full device level VPN and a per app VPN (MicroVPN) for MDM/MAM deployments.

Citrix Gateway also supports Microsoft Intune and provides conditional access, nFactor Authentication, and full device-level VPN for accessing on-premises applications. For more information, please read our solution brief.

IPv6 support

Citrix Gateway offers IPv6 support for common industry platforms.  

HDX proxy to Citrix Virtual Apps and Citrix Virtual Apps and Desktops

Citrix Gateway provides HDX proxy to Citrix Virtual Apps and Desktops applications. It provides proxy in two modes: Basic and Advanced.

Basic HDX proxy: Basic HDX proxy includes passing the HDX protocol through the gateway appliance. It also provides basic load balancing and two-factor authentication for end users.

Advanced HDX proxy: Advanced HDX proxy includes contextual access control with SmartAccess and SmartControl policies; GSLB across any datacenter and the cloud; multi-factor authentication; and high availability for Citrix Virtual Apps and Citrix Virtual Apps and Desktops workloads.

Visibility and Monitoring

Citrix Application Delivery Management provides HDX Insight, that allows IT organizations to achieve end to end visibility of Citrix Virtual Apps and Citrix Virtual Apps and Desktops applications. No other vendor, apart from Citrix, provides this visibility and therefore it is a valuable tool for IT administrators and support teams to proactively resolve issues and have better support SLAs.

HDX Insight

The striped HDX Insight feature allows administrators to configure and deploy HDX Insight in a cluster environment and view aggregated reports in the Citrix Application Delivery Management across the cluster. 

Clustering

Clustering allows administrators to deploy Citrix Gateway in a cluster where all nodes in the cluster are serving traffic. Administrators can use an existing Gateway™ configuration and scale seamlessly in a cluster deployment without having to restrict the VPN configuration to a single node.

Support for Multi-VDI environment

Stateless Microsoft RDP Proxy
IT administrators can use Citrix Gateway to provide single sign-on and secure access to Microsoft RDP/RDS. An IT administrator can provide access to Microsoft RDP in either a clientless or a full tunnel SSL VPN mode, and without the need for any custom clients.

Support for VMware Horizon or View (PCoIP)
Citrix Gateway provides support to proxy and single sign-on to VMware Horizon applications using PCoIP protocol. It provides load balancing, high availability (HA), and a secure way to deliver VMware Horizon applications.

Platforms supported for Citrix Gateway plugin

Citrix Gateway provides an SSL VPN client for Windows, Mac, Linux, Android, and iOS platforms. It also provides access to applications without installing a client on end-user devices (such as in a clientless mode through a browser).

For more information

Learn more about Citrix Gateway at citrix.com/gateway.

For information on Citrix ADC hardware appliances, please refer to our hardware appliance datasheet.

For information about Citrix ADC virtual appliances, please refer to our Citrix Networking VPX datasheet.