Aventail Corporation Technical Integration Guide

Introduction:This document describes how to configure Aventail appliance to integrate Citrix Presentation Servers. It also describes how to use Aventail’s Unified policy model to provide remote users secured access to their respective applications running on Citrix Presentation Servers.

Audience:

Administrator:The administrator is assumed to be aware of Citrix Presentation Server installation.

For information on installation and configuration of Citrix Presentation Server, refer to the installation guide of Citrix Presentation Server.

An administrator can use this document to:a) Configure AMC to provide access Citrix Presentation Serverb) Troubleshoot and resolve end-user-related access problems

Help Desk Technician:Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems.

End User:An end user can use this document to learn how to get access to Citrix farm to access their applications

Compatibility and System RequirementsAventail integrates with Citrix Presentation Server versions 1.0 through 4.0.

Client system requirements are tabulated below:

Operating system Web browser

Windows XP Professional with Service Microsoft Internet Explorer v6.0 with Service Pack 1,

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

Citrix Farm Support – Integration guide

Version 1.0 July, 2006

Pack 2, Windows XP Home Edition with Service Pack 2, or Windows 2000 with Service Pack 4

or Mozilla Firefox 1.5

Linux (SUSE, Fedora2, Fedora4) Mozilla Firefox 1.5 with Java enabled

Macintosh OS X Macintosh Safari 1.2

Aventail Management Console Configuration:Prerequisites:

a) Confirm the Hostname or IP address of your Citrix Presentation Serverb) Configure network and SSL settings, and import license file in AMC c) Ensure that you can resolve and ping your Citrix Presentation Server from the applianced) Ensure that your Citrix Presentation Servers are running XML service

For more information on network settings, refer to chapter 4 of the Aventail EX-2500 Installation and Administration Guide for details on configuring network details.

The following sections describe the configuration steps.

Step 1) Configure a Citrix Farm resource

a) Click on Resources under the Security Administration section on left-hand side of AMC

b) Click on Newc) Choose Citrix Server Farm in the drop-down menud) Type in Name and Description of the resource e) Check the Workplace Shortcut optionf) Click on New to list Hostname or IP address of your Citrix presentation serverg) Repeat step (e) for all Citrix presentation serversh) If your Citrix servers are not listening on port 80, then also configure port details.

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

i) Click on Save to save resource configuration

Step 2) Configure IP Range resource for Citrix Farm server.

a) Click on Resources under the Security Administration section on left-hand side of AMC

b) Click on Newc) Choose IP range in the drop-down menud) Type in Name and Description of the resource e) Type in IP Range (the starting IP address and ending IP address of the Citrix

Presentation Servers.

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

Step 3) Advance configuration of Citrix Farm resource

a) Click on Aventail WorkPlace under the User Access section on left-hand side of AMC b) Click on Citrix Farm resource that was created earlierc) Click on the Advanced sectiond) Type in the port number on which Citrix presentation server is running (default port is

1494)e) Single Sign-On:

a. If you choose to have user enter his authentication details then check None (prompt user)

b. If you choose to forward the user credentials, then check Forward User's Session Credentials (you can type in domain name that will be forwarded while authentication)

c. If you choose to have static credentials to all the users, then check Forward Static Credentials and enter username, password, and domain details.

d. Check Enable SSO to Citrix Applications to pass the user credentials to the published applications

f) For display properties, choose Use MetaFrame Server Value for both screen resolution and color depth

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

Step 4) Agent Configuration – Graphical terminal agents

a) Click on Agent Configuration under the User Access section on left-hand side of AMC b) Click on Configure under the Other Agents section - Graphical Terminal Agentsc) Under the Citrix Agents section:

a. Type in URL to download Windows (ActiveX Control) agent file (http://download2.citrix.com/FILES/en/products/client/ica/client9.2/wficat.cab)

b. Click Upload (URL should be reachable from the appliance)c. Type in URL to download Java agent file

(http://download2.citrix.com/FILES/Java_v90/JICAComponents.tar.gz)d. Click Upload (URL should be reachable from the appliance)

Step 5) Creating Realms and Provisioning access agents

a) Click the Realms tab on the left-hand side of your AMC screenb) Create a new realm

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

c) Enter the Name and Description of the realmd) Choose an authentication server on which citrix users will be authenticated

(in the example above, Local authentication is used) e) Click Nextf) Click Create New to create a community of users

g) Click Edit to choose a member group and this group of users will belong to this community (default is set to Any)

h) Click Next to choose agents that will be provisioned on logging in to Aventail WorkPlace portal

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

Refer to chapter 10 (User Access Components and Services) of the Aventail Installation and Administration Guide to understand different access methods

i) Choose any of the agents [Citrix integration will not work with Provision client from Aventail WorkPlace (Connect Tunnel) and Translated Web access]

j) Click Finish

Step6) Defining Access Control rules (ACL rules)

Access to a particular resource is given through the Access Control List (ACL), a list of rules.

a) Click the Access Control tab under the Security Administration section on the left-hand side of your AMC screen

b) Click New to create a new access control rule

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

c) Click Edit to select users and the resources (in the above example, Citrix users using OD tunnel are given access to Citrix Farm and Citrix Servers)

d) Click Finish

Client End Access:Users who wish to access applications on Citrix Farm server need to:

a) Log in to WorkPlace portal of your company using a realm on which access control rule is configured (for this example, we gave access to Citrix realm using OD tunnel)

b) Click the Citrix Farm resource link seen on your WorkPlace portalc) Click on Citrix Farmd) Type in credentials if prompted for username and password

On authentication, users will be directed to the Citrix farm page, shown below:

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

e) Click any application to access

Troubleshooting: a) Check Access Control Rules to be sure you have access permissions to required users

The AMC logging facility can help you deduce problems (example below).

Use “IP or server name” or URL as search strings to view required logs. Resource definition (URL) could be wrong, as shown above.

b) Check whether all the Citrix presentation Servers are routable from appliance c) Check whether traffic is reaching the appliance; verify whether Firewall is blocking it d) Check logs on Citrix presentation server

/var/log/aventail/workplace.log can be verified to check any errors.

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

For more information on trouble shooting, refer “Appendix A” of the Aventail Installation and Administration Guide.

Internationalization Support: Aventail supports internationalization (i18n) versions 8.5.2 and 8.6.1. Support is tested in both Japanese and South Korean languages.

Internationalized versions of Citrix presentation servers are supported.

Upgrades:a) Citrix Farm supported is initiated only in 8.7.0. So rollback of appliance image to

earlier versions will not work.

b) Upgrading Citrix Presentation Server is completely transparent to Aventail appliances and requires no changes in AMC (All four versions (1.0, 2.0, 3.0, and 4.0) are supported).

Non-Supported Features:Citrix presentation server integration is not supported with Translated Web access and Connect Tunnel.

©2006 Aventail Corporation. All rights reserved. Aventail, Aventail ASAP, Aventail Connect, Aventail EX-750, Aventail EX-1500, Aventail EX-1600, Aventail EX-2500 and Aventail OnDemand, and their respective logos are trademarks, registered trademarks, or service marks of Aventail Corporation. Other product and company names mentioned are the trademarks of their respective owners.

Citrix Farm Support - Integration GuideVersion 1.0 – July, 2006

Aventail Europe LtdTel +44 (0) 870.240.4499emea@aventail.com

Aventail Asia-PacificTel +65 6832.5947asiapac@aventail.com

CorporateHeadquarters808 Howell StreetSeattle, WA 98101Tel 206.215.1111Fax 206.215.1120americas@aventail.com