Before I go on, I want to be clear that these blogs are not intended to be the answer to your questions; they have been created to provide some context and guidance to help you make some informed decisions.
Ultimately, what is important is how we work with you on defining and developing the services you create so that we can advise you on optimal features and licensing.
Where to start?
NetScaler can be used for remote access, to consolidate back-end servers, replace ADFS Proxy or Microsoft TMG, to manage global traffic, as an Authoritative DNS (ADNS) server...the list is very long, and much longer than this one!
To give you some insight in to the NetScaler platform versatility, here is a great set of deployment guides – this is only the common deployments, the capability of NetScaler goes far beyond these deployments.
So which NetScaler features would a typical Citrix CSP use?
This is a good question but not an easy question to answer because some partners may require all of the features. However, I'm going to highlight some of the more common features I see being used by partners and in the deployments that I have designed - these are covered in the next few blogs.
ICA Proxy, as I’ve mentioned in this series already, facilities remote access to Citrix XenApp and XenDesktop applications and desktops.
The Citrix Receiver is the front-end client for XenApp and XenDesktop, as demonstrated in this image, and if you want to provide secure remote access to applications and/or desktops to devices like tablets, smart-phones or home workers, ICA Proxy is the feature you need.
A quick reminder – ICA Proxy is feature of Access Gateway, which in turn, is the core feature set of NetScaler Gateway Enterprise VPX, and is also found in all NetScaler VPX models. There is not much more to ICA Proxy, it’s basic in isolation and is required for connections from the internet or if accessing Citrix in a NAT’d network topology.
I touched on SmartAccess in an earlier blog and although it is a very powerful feature, it doesn’t need to be exhaustively articulated. Quite simply, without SmartAccess you can only restrict access to internal resources using Active Directory group membership.
In some instances, this will suffice, but being able to offer your customers the ability to restrict access to content based on the type of device someone’s using or where they’re located is extremely compelling.
For example, preventing a user from accessing business data on a public computer in a café is a great sign of a security conscious partner and a powerful message to include in your go-to-market strategy. In this example, a user on a trusted domain joined device may be granted full access to all resources while connected to an office network, however when working from home or working from a mobile device, access can be restricted to prevent access to sensitive business information.
SmartAccess endpoint analysis scans can even check for AV signatures, registry keys or values, hot-fixes or running Windows services. It is an extremely powerful tool and one that I would strongly recommend researching further. Reminder: SmartAccess is a Premium feature and in order to consume it the customer would need to meet one of the following;
- Use NetScaler VPX Platinum Edition
- To be consuming XenApp or XenDesktop Premium licenses
- Purchase Universal Gateway licenses for NetScaler
A detailed account of NetScaler Licensing will feature later in this series.
Citrix NetScaler Blog Series:
- Part 1 : Introduction
- Part 2 : NetScaler Editions
- Part 3 : NetScaler Features
- Part 4 : NetScaler Editions & Features
- Part 5 : ICA Proxy & SmartAccess
- Part 6 : ShareFile & XenMobile Connectors
- Part 7 : Layer 4-7 Load Balancing
- Part 8 : Global Server Load Balancing (GSLB)
- Part 9 : Single Sign-On
- Part 10 : Content Switching
- Part 11 : NetScaler Insight (User Experience Monitoring)
By Darren Bennett, Partner Enablement Specialist (Citrix), rhipe