Jump to content
Welcome to our new Citrix community!
  • Deploying Citrix Gateway using Citrix ADM and Stylebooks

    Steven Wright
    • Validation Status: Work In Progress
      Summary: Deploying Citrix Gateway using Citrix ADM and Stylebooks
      Has Video?: No

    Deploying Citrix Gateway using Citrix ADM and Stylebooks

    Citrix ADM does not currently have a Stylebook for Gateway. However, that may soon change, as I have written one and it is on track to be included in the defaults.


    This article describes how to use the Gateway Stylebook in its current form to deploy a complete Citrix Unified Gateway implementation that includes LDAP authentication and Citrix Cloud integration. In the future, I hope to offer RADIUS MFA and SAML as options.


    Citrix ADM, for those who have not used it before, is Citrix's Application Delivery Management platform. ADM allows you to monitor, report on, and configure all of your NetScaler (regardless of form factor) and their services from a central location.


    Stylebooks are YAML configuration files defining declaratively the various objects necessary to implement a particular configuration, in this case the implementation of a Unified Gateway.


    In this article we will assume that you already have a Citrix ADM deployment, if you do not, I recommend that you sign up for a Citrix ADM Service Express license here.



    Download and import the Gateway Stylebook

    The first step is to download the Gateway Stylebook from my GitHub repository by clicking here.


    Once you have downloaded the "Gateway LDAP Only" Stylebook, you should import it into ADM by selecting "Applications > Configuration > StyleBooks", and then by clicking "Import New StyleBook".


    Select the Stylebook file and click "Create" on the "Import Stylebook" screen.




    The Stylebook will be displayed under "Custom Stylebooks" after it has been imported.



    Run the Gateway Stylebook

    Click the "Create Configuration" button located on the lower left-hand side of the imported "Gateway" Stylebook.





    The Stylebook will now prompt you to enter the following values:

    1. A friendly name for the Gateway

    The name can be anything and is only used as the basis for the names of objects within the NetScaler.

    1. The Fully Qualified Domain Name for your Gateway.

    2. Three new IP addresses.

    These IP addresses will be used to create the Gateway and the LDAP and StoreFront load balancers that the Gateway will rely on.





    Next, select "Authentication Settings" and replace the default values with details of the service account, a filter for limiting LDAP searches, and a list of Active Directory servers to be used by the Gateway.



    Select "Gateway vServer configuration" and replace the defaults with the details of your STA and StoreFront servers.

    Optionally, if you would like to use this on-premises Gateway as an identity provider for Citrix Cloud, include the details provided by Citrix Cloud.



    Enter the name of an existing SSL certificate or choose to import a new certificate and key file. Next, select your NetScaler and click "Create".




    You will now be presented with progress of each step. After the operation is complete, click "Close".





    Should you wish to alter any of the settings that you have entered, you can select the configuration pack created by the Stylebook and click "Edit".




    The Resultant Gateway configuration

    The Gateway Stylebook will deploy a Unified Gateway Content Switch (CS) listening for HTTPS requests on the specified IP address, as well as a HTTP CS that redirects users who mistakenly attempt unencrypted access.




    The Stylebook will also deploy a Gateway vServer that processes requests received by the CS vServer.



    The Gateway vServer is configured with standard ICA Proxy session policies for both Citrix Workspace and web browser access.

    Additionally, the Stylebook has deployed a load-balancer vServer with monitoring to ensure that requests are redundantly distributed between StoreFront servers.



    The Gateway vServer is configured to perform authentication using a new AAA vServer.



    The AAA vServer, which also has been deployed by Stylebook, has been automatically configured to perform LDAP authentication against the servers that you provided.

    The Stylebook has also deployed a load-balancer vServer equipped with monitoring to ensure that requests are distributed redundantly.



    Next steps

    We have seen how to download the Gateway Stylebook, upload it into ADM, and deploy a new Unified Gateway configuration in around ten minutes. I hope that this Stylebook will significantly reduce the time needed to deploy new NetScaler.

    If you are pursuing a DevOps approach, your team might be interested in my recent blog article  on how to automate Stylebooks and apply configuration across a global estate.


    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...