• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
Citrix Developer Network

Secure Hosted Windows Apps as a Service

Added by Adam Marano, last edited by Craig Ellrod on Oct 08, 2009  (view change)

This blueprint documents deploying Citrix XenApp with Citrix Secure Gateway in a public cloud environment to deliver Windows applications as a service securely via an application specific Virtual Private Network (VPN). Citrix XenApp is preconfigured for application hosting and secure delivery via Citrix Secure Gateway in a single Amazon EC2 AMI. Customers and prospects will benefit from using this blueprint to gain experience with the performance characteristics and user experience of providing secure remote access to Windows applications via Citrix XenApp hosted application virtualization

Technical Overview

In this scenario, a single XenApp image has been configured to allow hosted application capabilities. For extra security Citrix Secure Gateway has been installed on the same XenApp server providing secure application delivery.

You can use this demo server to test published applications with the added security of Citrix Access Gateway. To do this, point your browser to the public IP of your instance. Log in with the local administrator username and password.

Prerequisites:

See "Getting Started in AWS".

You must have a certificate authority issue a certificate specific to your test machine.
On the Amazon EC2 Instance, begin the request for a certificate in the IIS configuration utility and "create a request to send later" manner.

The request will make a file that can be saved locally. Open the file in Notepad and copy the hash data to paste into your certificate authority request area.

Once the certificate is generated by the certificate authority, copy the certificate to the Amazon EC2 instance and import into IIS via the IIS configuration utility.

Locating and Starting Citrix AMI's:

The Citrix AMI's can be located in Elasticfox, by navigating to "Images." Enter "Citrix" in the images field. The Citrix C3 images will be listed. You can launch any of them by performing a right-click and selecting "Launch Instance of this AMI."

Domain Authentication:

This AMI is not a domain controller. You should be able to authenticate to a domain controller in the cloud, or at the datacenter over a VPN.

Computer Name:

The computer name or hostname of this machine is tied to the Citrix XenApp License file, and you should not change the name. You can change the name if you obtain your own license file.

AMI Specifications:

AMI ID:

ami-0ee40767

Bucket:

citrix-c3-lab

AMI Filename:

XenApp5.0_SecureGateway3.0_32bit_v1.3

Platform:

Windows Server 2003 Service Pak 2, 32 bit. This AMI is based on or built on the Amazon base AMI ami-db4daab2, a windows authenticated platform that allows you to use authentication port numbers with the image. This machine is not part of a domain, and uses a local hostname.

Username:  Administrator
Password:  Citrix123
Domain:    CTXSlic1

Citrix Components

The following Citrix components are installed on this Server:

XenApp 5.0 for Windows Server 2003
Hotfix Roll Up 4
Web Interface 5.1.1
Citrix license Server 11.6.1
Citrix Secure Gateway 3.0

Citrix Configurations

Because Amazon EC2 uses NAT, in order to get the XenApp server to work with clients outside of EC2, the following will need to be performed.

Launch the Citrix Access Management Console in the XenApp server. In the Citrix Access Management Console, navigate to Citrix Resources -> Web Interface -> http://<public-server-address>/Citrix/XenApp.

For external client access:
Select Manage secure client access -> Edit secure client access settings.
Set the Default access method to "Alternate".

Run "Altaddr" from a command prompt.
Open a command prompt on the Windows Server.
Type if "Altaddr /SET x.x.x.x" <return>, where x.x.x.x is the External IP Address of the XenApp server.

For internal client access:
Select Manage secure client access -> Edit secure client access settings.
Set "Add". Type in the Client IP Address, and Mask.
Note: An entry will need to be made for this XenApp server, and all other machines on the cloud internal network, if they want to access this XenApp server through the Web Interface.

Port Numbers:
Make sure the Amazon Security Group, in addition to your firewall and Router allows the following ports to pass through:
Tcp port 1494 citrix ica
Tcp port 2598 citrix session reliability
Tcp port 80 http
Tcp port 443 https
Tcp port 3389 rdp

Citrix Applications

There are two Web Interface sites created on this server. One Access Platform site and one XenApp Services site.
The following applications are published on the XenApp server:
Installed Applications: Wordpad, Internet Explorer, Desktop

Enter tags to add to this page:
Please wait 
Looking for a tag? Just start typing.
Related Links
Citrix Developer Network
Citrix Ready Products
Community Verified
Citrix Blogs
Geek Speak
Citrix CTP
Citrix Support