Citrix Netscaler 1 Homepage for different Citrix Virtual Apps sites

[Björn Schläfli]

Hi all,

 

I'm using a Citrix Gateway with a drop-down on the login page (created by rewrite policy), where users can choose which environment / Citrix site they need. This selection is captued in a cookie and the user is redirected to the appropriate Citrix site by session policy / profile based on the decision made. This two sites reside in different domains.

 

My goal for the future would be:

- 1 single external url as we current use

- users log in and get a homepage presented with all applications and desktops which they are permitted for. If a user exists in both domains he gets all the apps from both sites.

- on this homepage they should also see rdp links if they are permitted for.

 

I've thought about unified gateway to get there where I want. I've created one in my test environment but I'm unaware how i can get a homepage as I'd like to have.

 

Is it possible to create something I'm looking for?

[Rhonda Rowland1709152125]

Gateway1 points to SToreFront1 and the storefront queries CVADSiteA AND CVADSiteB and does the aggregation for you.

Users who get CVADSiteA only resources, will have nothing retrieved from SiteB and vice versa.

Users who get both will see the ocmplete list.

 

This is easy if your Gateway/StoreFront and both CVAD sites are in one domain.

 

If in separate domains, your gateway would need to accept either domain login and the storefront would need to belong to a domain and have trusts with the other domain to be able to authentication DomainA users to either DomainA or DomainB CVAD Sites....

 

You can still keep the domain drop down on the gateway for login purposes, but use it via nfactor authentication. Based on domain, all users get to the same storefront (easy way), but the correct sson domain is provided to the storefront based on the domain they logged on with. But if the storefront can use either domain and talk to either site, this would solve the single access point problem.

 

If you can't cross multiple domains easily, then this will get a bit more complicated to implement as it would potentially be one gateway but different policiees to different more complex storefronts to meet all requirements.

 

 

 

[Björn Schläfli]

Hi Rhonda,

thank you for the detailled answer.

 

I've managed to create a solution for the requirements. I've configured AAA Groups and Session profiles / policys and bound them to the groups. Some groups geht direct access to Receiver for Web with ica only on, others will geht the clientless access home page with bookmarks for all the sites they need to open.

 

Thank you once again.