Prerequisities:
CAG with basic configuration – that is:
- IP Addressing for web, internal, and management interfaces (this could be the same interface)
- host name matching external web address and SSL certificate
- license (express edition or better)
SSL Certificate Installed on CAG
{If required} SSL Certificate Imported into CDDC
Connection to working Citrix Desktop Delivery Controller
Connection to working Windows Active Directory
Walkthrough:
Part 1: Configuration on the CAG
Log in to the CAG Web UI at
From 'Management' configure:
System Administration
1) Name Service Providers:
Enter the internal DNS server(s) IP Address
Enter a DNS suffix
Can manually add any internal controller(s) into the 'HOSTS File' to be sure of name resolution
2) Date and Time
Either set manually or point to an NTP server
Access Control
3) Logon Points
Create a new logon point
Fields to be completed:
Under 'General Properties'
Name: << choose a name for the Logon Point >>
Type: Basic
Tick 'Authenticate with Web Interface'
Web Interface: << http://CDDC.ADOMAIN.priv/Citrix/DesktopWeb >>
And set the logon point as default (so https://cag.adomain.com interfaces with the XenDesktop installation)
Applications and Desktops
4) XenApp or XenDesktop
Create a new ICA Access Control List for ICA protocol and
Create a new ICA Access Control List for Session reliability protocol
with beginning and ending IP address for range used by IP Addresses
Part 2: Configuration on the Citrix Desktop Delivery Controller
Open 'Citrix Desktop Studio' Management Console
Expand Access -> Citrix Web Interface -> XenApp Web Sites
Select the Internal Site ( http://CDDC.ADOMAIN.priv/Citrix/DesktopWeb )
Select the 'Secure Access' tab
Click 'Edit secure access settings'
Click 'Add' to Specify a new Access Method
Enter IP address and subnet mask of the CAGs internal interface
Select 'Gateway alternate' for an internal CAG behind a NAT firewall
Click OK
Click Next
Specify the Address (FQDN) of the Access Gateway
Port: 443
Enable session reliability (default)
Click Next
Add the Secure Ticket Authority URLs: << https://CDDC.ADOMAIN.priv/scripts/ctxsta.dll >>
Click Finish
All done and ready to test XenDesktop 5 via the external CAG interface!
Postscript:
1) LDAP authentication profile and working Secure Ticket Authority (STA) setup are not required on the CAG here since the CAG redirects straight through to the XenDesktop internal login page
2) Following through these four articles posted this month -
- will result in a fully working web accessible XenDesktop proof of concept (or Small Business setup) with £0 Citrix Licensing costs – thank you Citrix for making this possible (request to Citrix – this might be asking a little too much but please can the 12 month CAG VPX express up to 5 concurrent connections license be turned into perpetual? Cheers!)
CORRECTION: The CAG VPX express license does not work with the XenDesktop Express past a short grace period. In order to use CAG VPX with XenDesktop, at a minimum will need the XenDesktop VDI license.
CORRECTION: The CAG VPX express license does not work with the XenDesktop Express past a short grace period. In order to use CAG VPX with XenDesktop, at a minimum will need the XenDesktop VDI license.
Excellent!
ReplyDeleteThank you for your help with these posts!
And Thank to Citrix!
Excellent...thanks for this website.
ReplyDeleteHi,
ReplyDeleteI get message when using CAG ok internal
An error occurred while making the requested connection. this is at the point of connecting to desktop
Thanks very much for these posts - I was going nuts trying to configure the device as the documentation is very very poor indeed. This (and your other articles) have helped a lot.
ReplyDeleteHi Andrew, thank you for the comment. Cheers!
ReplyDeleteHi is it possible to use a public IP address instead of a FQDN under the gateway setting configuration?
ReplyDeleteHello Anonymous, I am pretty certain you need to use a FQDN for the gateway setting configuration. Please let me know if you manage to get it working with a public IP address. Cheers!
Delete