Search

Using WI 4.2 With Access Gateway Adv.Edition 4.2

Thursday, 18 May 2006 by Michel Roth

In an Access Gateway deployment that includes the Advanced Access Control option, Web Interface is used to display Presentation Server application icons and foster ICA connections to the appropriate Presentation Server. However, users do not access the Web Interface server directly; they log on to Access Gateway and the Advanced Access Control server connects to Web Interface on their behalf. When Advanced Access Control and Web Interface are integrated, Web Interface defers authentication to Advanced Access Control and enables policy-based access control and action rights control for Citrix Presentation Server applications. Citrix calls this feature SmartAccess. Challenges Using Web Interface with Advanced Access Control presents the following challenges when a load-balanced, fully redundant solution is required:

� When configuring Advanced Access Control to include a Web Interface site as a Web resource, only one Web Interface site URL may be published for a user.
� When configuring a Web Interface site to use Advanced Access Control for authentication, only one Authentication Service URL may be listed.
� The default load balancing method used between the Access Gateway appliance and multiple Advanced Access Control servers is stateless round robin, but Web Interface requires stateful load balancing.

This paper outlines two possible solutions to the challenges outlined above:
1. Use Microsoft Network Load Balancing to create a fault-tolerant deployment of Web Interface with Advanced Access Control.
2. Use a hardware load-balancing device such as Citrix NetScaler to create a load-balanced and fault-tolerant deployment of Web Interface with Advanced Access Control.

Read the paper here. (pdf) Thanks to Alexander Ervik Johnsen for the pointer.