Goodbye Secure Gateway, Hello Access Gateway VPX

Share Button

When Citrix started selling the Access Gateway product line, Secure Gateway became an endangered species.  The only question was how would you take a free product like Secure Gateway and transition customers to a paid product like the Access Gateway product line?  Well Citrix has done it by releasing the Access Gateway VPX that includes an Access Gateway Platform License that provides Secure Gateway functionality without requiring Access Gateway Universal licenses.  In this blog post I am going to go over the Access Gateway Platform License and Access Gateway VPX.

What is the Access Gateway Platform License?

The Access Gateway platform license allows users to connect to XenApp and XenDesktop published resources just like they do through Secure Gateway on the Access Gateway platform without Access Gateway Standard Edition or Access Gateway Universal Licenses installed.  The Access Gateway platform license adds support for the Receiver (published applications only) and Dazzle along with strong authentication and secure SSL relay of ICA session traffic.  The Access Gateway platform license allows basic connections to your Citrix published resources.  The only limitation on total connections is the appliance/underlying hypervisor resources.  The Access Gateway platform license will be included with all Access Gateway appliances (physical or virtual) and include a year of Subscription Advantage.

The Access Gateway appliance (physical or virtual) with an Access Gateway Platform license installed allows the following connections:

  • ICA over SSL connections to XenApp published resources using the Citrix online plug-ins
  • ICA over SSL connections to XenDesktop published resources using the Citrix online plug-ins
  • Citrix Receiver connections to the Citrix Merchandising Server
  • Connections from Citrix Dazzle
  • Connections to Web Interface

Access Gateway Universal licenses are needed for the following connections:

  • SSL VPN
  • Endpoint Analysis Scanning
  • Smart Access (Advanced or Enterprise Editions)
  • Clientless Access ( Email, Web Sites, and File Shares in Advanced or Enterprise Editions)
  • Streamed Applications using the Citrix offline plug-in

Note: If the Access Gateway appliance has licenses available (Standard or Universal), those licenses will be used for sessions even if they are sessions that are included with the Access Gateway platform license.

Initial support for the Access Gateway platform license will be on the Standard Edition Access Gateway VPX and 2010 appliances.  Support for Advanced and Enterprise editions will be coming later.  You can get evaluation licenses from your Citrix partner or Citrix for Advanced and Enterprise Editions in the meantime.

If you currently have an Access Gateway appliance that is still under maintenance, you can obtain the Access Gateway platform license in Product Upgrades/Fulfillment in MyCitrix (Logon Required).

For more information and a complete overview of the Access Gateway Platform License see the Citrix Documentation Library – Access Gateway VPX Licensing.

What is the Access Gateway VPX?

The Access Gateway VPX is an Access Gateway virtual appliance that runs on XenServer.  Access Gateway VPX should available for ESX and Hyper-V in future releases.  The Access Gateway VPX has the same features and functionality as an Access Gateway Standard Edition appliance.  You can deploy the Access Gateway VPX with your existing Access Gateway 2010 appliance.  Access Gateway VPX can take advantage of all the features of XenServer like XenMotion and high availability.   The Access Gateway VPX includes the Access Gateway platform license.  Access Gateway VPX is priced at $995 per virtual appliance (Same cost or cheaper than a physical server for Secure Gateway and cheaper than an Access Gateway 2010 appliance) that gives you unlimited Secure Gateway like access to your XenApp and XenDesktop published resources.

What are the requirements to run Access Gateway VPX on XenServer?

The Access Gateway VPX needs the following resources to run on a XenServer host:

  • 1 vCPU (2 vCPUs recommended)
  • 1GB RAM
  • 12GB Virtual Disk (10GB and 2GB Virtual Disks)
  • 1 or 2 Virtual Network Interfaces

Access Gateway VPX Installation Procedure:

1. Download the Access Gateway VPX from MyCitrix (Login Required)

2. In XenCenter, select VM and then Import from the menu bar

3. On the Import Source screen, browse to the Access Gateway VPX XVA file you downloaded from MyCitrix.  Select Exported VM and click Next.

4. On the Home Server screen, select the XenServer you want to install the Access Gateway VPX on and click Next.

5. On the Configure storage for the new VM screen, select the storage repository and click Import.

6. On the Configure virtual network interfaces screen, select the network for the interface or networks for multiple interfaces and click Next.

7. On the Complete the import screen, leave Start VM after import checked or uncheck it, and click Finish.

8. You should now have a Citrix Access Gateway VM on your XenServer host ready to login and configure.

9. Login with the username root and default password of rootadmin and configure the Access Gateway’s IP address by going to the menu option for express setup.

10. You should be now able to access the Access Gateway’s web admin page by going to https://ipaddress:9001, login with the username root and default password rootadmin, download and install the Access Gateway Administration Tool, and configure your Access Gateway VPX.

You can now also export your SSL certificate in PFX format with the private key from your Secure Gateway server, convert it PEM format, and uploaded to your Access Gateway VPX.  The steps are outlined in Citrix Knowledgeable Article CTX106028 – How to Convert PFX Certificate to PEM format for use with Access Gateway.

Citrix Merchandising Server and Receiver integration with the Access Gateway VPX

The Access Gateway VPX also has Merchandising Server and Receiver Integration where you can upload the Citrix Receiver and Access Gateway plug-in for deployment from the Access Gateway VPX.

You can also configure settings for the Merchandising Server and Dazzle for users to receive updates to their Citrix Receiver using the Access Gateway Platform license rather than having to use Access Gateway Standard or Universal license.

The Access Gateway VPX is good upgrade/replacement for Secure Gateway.  I would recommend going to a pair of NetScaler Standard appliances (hardware appliances or the VPX appliances with the proper bandwidth license) because of the built-in high availability, load balancing with monitors for your Citrix infrastructure, and in place upgrade/expandability to NetScaler Enterprise or Platinum editions later down the road.

For more information on the Access Gateway VPX, see Citrix Knowledgeable articles CTX124000 – Citrix Access Gateway VPX Reference Architecture, CTX124138 – Citrix Access Gateway VPX and 2010 Licensing Changes FAQ, and Getting Started with Access Gateway VPX.  You can also see Citrix TV for more information – Citrix Access Gateway VPX Overview Demo.

I think the Access Gateway platform license and Access Gateway VPX are a great move by Citrix to transition customers using Secure Gateway to the Access Gateway product line.  The only question now is if or when are we going to see the last release of Secure Gateway?

If you have found this article interesting or if you have any other insights, please feel free to leave comments on this article.

Share Button
  1. spencerspencer05-19-2010

    Nice guide Jarian.

    Just a small recommendation, in step 9 maybe you could put the default password as “rootadmin” instead of “root admin.”

    spencer

    • Jarian GibsonJarian Gibson05-19-2010

      Thanks for pointing that out. Article has been updated. Thanks Spencer!

  2. From Citrix today, hope the same applies to VPX :

    Hi folks,

    A merchandising server that can be imported into an ESX environment is on its way soon! We will get it out as soon as possible, please stay tuned to stay up-to-date. Our plan is to officially release an ESX server on March 31st, but will do everything we can do try to beat that.

    Aaron Videtto
    Product Manager
    Citrix Systems, Inc.

  3. Nico van MeursNico van Meurs02-23-2010

    Nice article Jarian!

    I think the wide adoption of the virtual appliances will start when the devices become available for VMWare ESX. As that’s still by far the most used hypervisor platform for XenApp that I come across with. I don’t see a lot of companies build a XenServer environment specifically for the NetScaler or Access Gateway VPX’s. And maintaining this next to the existing ESX environment.

    Becides that I really like this move of replacing the CSG by a virtual appliance. This strongly reduces the management on this boxes.

    Any info on the release dates for the ESX and Hyper-V appliances?

    • Jarian GibsonJarian Gibson02-23-2010

      I don’t have any info on release dates for ESX or Hyper-V appliances. I hope sooner than later though. Thanks Nico!

  4. Jarian GibsonJarian Gibson02-20-2010

    I think Citrix will continue to sell the physical appliances. Give the customer the option to buy physical or virtual depending on their needs. There will continue to be cases where customers will need physical over virtual appliances or a mix of them in their environment. I like the idea of inlcuding a VPX in with XenApp or XenDesktop, but I think they will still just include the licenses in Platinum and give the customer the option to choose what appliance model and version they need for their environment whether it is AG VPX, NS VPX, AG Standard, AG Advanced, or AG Enterprise Edition. AG Enterprise will still be both virtual and physical – it’s part of the NS VPX. I do hope Secure Gateway goes away one day. I hope the Access Gateway VPX and the Access Gateway Platform license are a sign that Secure Gateway is on it’s way out.

  5. fdwlfdwl02-19-2010

    Jarian, thanks for great article!
    Jan 28 i posted in my blog my own predictions, here is google translated version: http://bit.ly/dCCYyT
    so, what i think about AG VPX and XenApp “parra”:

    1. Access Gateway Standard will be Access Gateway VPX
    2. AG VPX will be part of XenApp Advanced, XenApp Enterprise and XenDesktop Enterprise at no cost.
    3. Access Gateway Advanced will be part of XenApp and XenDesktop Platinum, maybe with some “HDX-FlexCast-XenGateway”-like name and free
    4. Access Gateway Enterprise will be only in hardware (to support thousands of users).
    5. Secure Gateway will die

    Maybe it will happen at “parra” release, maybe with parra FP2, but I hope that it will be so

Leave a Reply