• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
Citrix Developer Network

Accessing Corporate Data from the Cloud

Added by Adam Marano, last edited by Craig Ellrod on Oct 08, 2009  (view change)

Data on Premise - Delivery from the Cloud

This blueprint documents deploying Citrix C3 in a public cloud environment to deliver Windows applications from the cloud with secure, high performance access to corporate data residing behind the corporate firewall. Citrix XenApp, the Citrix Access Gateway client and the Citrix Repeater client are provided in a single Amazon Machine Image (AMI) running in Amazon EC2. Customers and prospects will benefit from the ability to configure and test applications in a cloud environment without having to migrate or replicate their sensitive corporate files in the cloud. Instead, the application accesses the corporate data on-demand via the Citrix Repeater and secured via Citrix Access Gateway. The WAN acceleration benefit of the Citrix Repeater can also be easily demonstrated with this configuration

Technical Overview

In this scenario, there are 2 key problems to solve.

  • Provide the applications hosted in the cloud with secured access to data that is hosted in the datacenter.
  • Ensure that the users of the applications accessing the data get optimized access to the data.

Citrix Access Gateway is used to provide secure access between the applications in the cloud and the data stored in the datacenter. The CAG appliance is installed at the Data Center and the CAG client is used to establish the secure connection from the cloud.

Citrix Branch Repeater is used to accelerate the data between the datacenter and the cloud. A physical Brach Repeater appliance is installed at the datacenter and the software client version of the Citrix Branch Repeater is used in the cloud.

Locating and Starting Citrix AMI's:

The Citrix AMI's can be located in Elasticfox, by navigating to "Images." Enter "Citrix" in the images field. The Citrix C3 images will be listed. You can launch any of them by performing a right-click and selecting "Launch Instance of this AMI."

Domain Authentication:

This AMI is not a domain controller. You should be able to authenticate to a domain controller in the cloud, or at the datacenter over a VPN.

Computer Name:

The computer name or hostname of this machine is tied to the Citrix XenApp License file, and you should not change the name. You can change the name if you obtain your own license file.

AMI Specifications.

AMI ID:

ami-e0eb0889

Bucket:

citrix-c3-lab

AMI Filename:

XenApp5.0_AGSEClient9.0.68_BRClient4.5.2_32bit_v1.3

Platform:

Windows Server 2003 Service Pak 2, 32 bit. This AMI is based on or built on the Amazon base AMI ami-db4daab2, a windows authenticated platform that allows you to use authentication port numbers with the image.

Credentials:

Username: Administrator
Password: Citrix123
Domain: CTXSlic1

Citrix Components:

  • XenApp 5.0 for Windows Server 2003
  • Hotfix Rollup 4
  • Web Interface 5.1.1
  • Citrix License Server 11.6.1
  • Citrix Branch Repeater Client 4.5.2
  • Citrix Access Gateway Client 9.0.68

Citrix Configurations

Because Amazon EC2 uses NAT, in order to get the XenApp server to work with clients outside of EC2, the following will need to be performed.

Launch the Citrix Access Management Console in the XenApp server. In the Citrix Access Management Console, navigate to Citrix Resources -> Web Interface -> http://<public-server-address>/Citrix/XenApp.

For external client access:
Select Manage secure client access -> Edit secure client access settings.
Set the Default access method to "Alternate".

Run "Altaddr" from a command prompt.
Open a command prompt on the Windows Server.
Type if "Altaddr /SET x.x.x.x" <return>, where x.x.x.x is the External IP Address of the XenApp server.

For internal client access:
Select Manage secure client access -> Edit secure client access settings.
Set "Add". Type in the Client IP Address, and Mask.
Note: An entry will need to be made for this XenApp server, and all other machines on the cloud internal network, if they want to access this XenApp server through the Web Interface.

Port Numbers:
Make sure the Amazon Security Group, in addition to your firewall and Router allows the following ports to pass through:
Tcp port 1494 citrix ica
Tcp port 2598 citrix session reliability
Tcp port 80 http
Tcp port 443 https
Tcp port 3389 rdp

Configuration Tips & Tricks

The below sections provide Tips and Tricks on the configuration and setup of the Citrix C3 Cloud components used in this solution.

Its fast - with Citrix Branch Repeater/Accelerator

A Citrix Branch Repeater/WanScaler appliance in located at Citrixlabs. The XenApp server in the cloud is running the Citrix Accelerator client. The client connects back to the BR/WS appliance to make data delivery blazing fast.

Its secure - with Citrix Access Gateway

This section provides a guide to setting up a multi-user tunnel from XenApp running in the cloud to Citrix Access Gateway in the datacenter. The solution requires an additional executable and configuration file which are provided in the attached zip.
Downloads: Multi-user AG tunnel for XenApp.docx and C3 Lab AG Extras.zip
Please note that this solution is provide "as is" to aid you in building lab configurations. At the time of writing use of the Citrix Access Gateway plug-in to provide a multi-user tunnel is not formally supported. However, in C3 labs we have tested it and it works, so we have made it available for you to experiment with.


Enter tags to add to this page:
Please wait 
Looking for a tag? Just start typing.
Related Links
Citrix Developer Network
Citrix Ready Products
Community Verified
Citrix Blogs
Geek Speak
Citrix CTP
Citrix Support