Goodbye Secure Gateway, Hello Access Gateway VPX
When Citrix started selling the Access Gateway product line, Secure Gateway became an endangered species. The only question was how would you take a free product like Secure Gateway and transition customers to a paid product like the Access Gateway product line? Well Citrix has done it by releasing the Access Gateway VPX that includes an Access Gateway Platform License that provides Secure Gateway functionality without requiring Access Gateway Universal licenses. In this blog post I am going to go over the Access Gateway Platform License and Access Gateway VPX.
What is the Access Gateway Platform License?
The Access Gateway platform license allows users to connect to XenApp and XenDesktop published resources just like they do through Secure Gateway on the Access Gateway platform without Access Gateway Standard Edition or Access Gateway Universal Licenses installed. The Access Gateway platform license adds support for the Receiver (published applications only) and Dazzle along with strong authentication and secure SSL relay of ICA session traffic. The Access Gateway platform license allows basic connections to your Citrix published resources. The only limitation on total connections is the appliance/underlying hypervisor resources. The Access Gateway platform license will be included with all Access Gateway appliances (physical or virtual) and include a year of Subscription Advantage.
The Access Gateway appliance (physical or virtual) with an Access Gateway Platform license installed allows the following connections:
- ICA over SSL connections to XenApp published resources using the Citrix online plug-ins
- ICA over SSL connections to XenDesktop published resources using the Citrix online plug-ins
- Citrix Receiver connections to the Citrix Merchandising Server
- Connections from Citrix Dazzle
- Connections to Web Interface
Access Gateway Universal licenses are needed for the following connections:
- SSL VPN
- Endpoint Analysis Scanning
- Smart Access (Advanced or Enterprise Editions)
- Clientless Access ( Email, Web Sites, and File Shares in Advanced or Enterprise Editions)
- Streamed Applications using the Citrix offline plug-in
Note: If the Access Gateway appliance has licenses available (Standard or Universal), those licenses will be used for sessions even if they are sessions that are included with the Access Gateway platform license.
Initial support for the Access Gateway platform license will be on the Standard Edition Access Gateway VPX and 2010 appliances. Support for Advanced and Enterprise editions will be coming later. You can get evaluation licenses from your Citrix partner or Citrix for Advanced and Enterprise Editions in the meantime.
If you currently have an Access Gateway appliance that is still under maintenance, you can obtain the Access Gateway platform license in Product Upgrades/Fulfillment in MyCitrix (Logon Required).
For more information and a complete overview of the Access Gateway Platform License see the Citrix Documentation Library – Access Gateway VPX Licensing.
What is the Access Gateway VPX?
The Access Gateway VPX is an Access Gateway virtual appliance that runs on XenServer. Access Gateway VPX should available for ESX and Hyper-V in future releases. The Access Gateway VPX has the same features and functionality as an Access Gateway Standard Edition appliance. You can deploy the Access Gateway VPX with your existing Access Gateway 2010 appliance. Access Gateway VPX can take advantage of all the features of XenServer like XenMotion and high availability. The Access Gateway VPX includes the Access Gateway platform license. Access Gateway VPX is priced at $995 per virtual appliance (Same cost or cheaper than a physical server for Secure Gateway and cheaper than an Access Gateway 2010 appliance) that gives you unlimited Secure Gateway like access to your XenApp and XenDesktop published resources.
What are the requirements to run Access Gateway VPX on XenServer?
The Access Gateway VPX needs the following resources to run on a XenServer host:
- 1 vCPU (2 vCPUs recommended)
- 1GB RAM
- 12GB Virtual Disk (10GB and 2GB Virtual Disks)
- 1 or 2 Virtual Network Interfaces
Access Gateway VPX Installation Procedure:
1. Download the Access Gateway VPX from MyCitrix (Login Required)
2. In XenCenter, select VM and then Import from the menu bar
3. On the Import Source screen, browse to the Access Gateway VPX XVA file you downloaded from MyCitrix. Select Exported VM and click Next.
4. On the Home Server screen, select the XenServer you want to install the Access Gateway VPX on and click Next.
5. On the Configure storage for the new VM screen, select the storage repository and click Import.
6. On the Configure virtual network interfaces screen, select the network for the interface or networks for multiple interfaces and click Next.
7. On the Complete the import screen, leave Start VM after import checked or uncheck it, and click Finish.
8. You should now have a Citrix Access Gateway VM on your XenServer host ready to login and configure.
9. Login with the username root and default password of rootadmin and configure the Access Gateway’s IP address by going to the menu option for express setup.
10. You should be now able to access the Access Gateway’s web admin page by going to https://ipaddress:9001, login with the username root and default password rootadmin, download and install the Access Gateway Administration Tool, and configure your Access Gateway VPX.
You can now also export your SSL certificate in PFX format with the private key from your Secure Gateway server, convert it PEM format, and uploaded to your Access Gateway VPX. The steps are outlined in Citrix Knowledgeable Article CTX106028 – How to Convert PFX Certificate to PEM format for use with Access Gateway.
Citrix Merchandising Server and Receiver integration with the Access Gateway VPX
The Access Gateway VPX also has Merchandising Server and Receiver Integration where you can upload the Citrix Receiver and Access Gateway plug-in for deployment from the Access Gateway VPX.
You can also configure settings for the Merchandising Server and Dazzle for users to receive updates to their Citrix Receiver using the Access Gateway Platform license rather than having to use Access Gateway Standard or Universal license.
The Access Gateway VPX is good upgrade/replacement for Secure Gateway. I would recommend going to a pair of NetScaler Standard appliances (hardware appliances or the VPX appliances with the proper bandwidth license) because of the built-in high availability, load balancing with monitors for your Citrix infrastructure, and in place upgrade/expandability to NetScaler Enterprise or Platinum editions later down the road.
For more information on the Access Gateway VPX, see Citrix Knowledgeable articles CTX124000 – Citrix Access Gateway VPX Reference Architecture, CTX124138 – Citrix Access Gateway VPX and 2010 Licensing Changes FAQ, and Getting Started with Access Gateway VPX. You can also see Citrix TV for more information – Citrix Access Gateway VPX Overview Demo.
I think the Access Gateway platform license and Access Gateway VPX are a great move by Citrix to transition customers using Secure Gateway to the Access Gateway product line. The only question now is if or when are we going to see the last release of Secure Gateway?
If you have found this article interesting or if you have any other insights, please feel free to leave comments on this article.
I have a few questions between the Platform and Universal licensing. If I were to go with the Platform license, I would not be able to allow end-users to connect remotely by using the full install Citrix Receiver product? End-users would have to simply use the online plug-in? How about through an Apple iPad with the Citrix Receiver app, would that work for connectivity through the Platform licensing? End-users will be connecting to published XenDesktop virtual desktops. Thanks!
Dear Jarian,
In step number 10, you said after logging into the access gateway console, we can export the SSL certificate and private key. But when i log into the console i don’t see any option to export the certificate. Can you elaborate on how you managed to do that? Thanks.
I came, I read this article, I cnquoreed.
You can also now add free EPA scans through http://citrix.opswat.com.
Correction! The default credentials for the AG VPX 5.0 is:
UN – admin
PW – admin
That is true for the Access Gateway 5.0 but this article was based on the when the Access Gateway first went VPX with 4.6. So AG 5.0 is admin/admin but 4.6 is root/rootadmin.