Home > Access Gateway, Virtualization, Web Interface, XenApp, XenDesktop, XenServer > Access Gateway 5.0 – a deeper look – Part 1

Access Gateway 5.0 – a deeper look – Part 1

October 25, 2010 Leave a comment Go to comments

In my post Access Gateway 5.0 on the way I gave you a quick overview of the new CAG 5.0. This new release will be available soon at the end of October.

So now is the time to look more closely… First here are the new features of Access Gateway 5.0:

  • Access Gateway Management Console: The Management Console replaces the Administration Tool and Administration Portal in earlier versions of the appliance. The Management Console, a Web-based application, makes it easy to install certificates, configure access control, and monitor activity from any Flash-enabled Web browser.
  • Authentication profiles: Authentication profiles replace authentication realms. You can configure LDAP, RADIUS, and RSA profiles on the appliance. You can configure double source authentication using logon points. You can also use Active Directory authentication on Access Controller.
  • Network resources: A network resources identifies those areas in the secure network that users are allowed to access. You can allow or deny access to a network resource in SmartGroups.
  • Logon points: Each Access Gateway appliance can host multiple logon points to support different features or different user communities. You can configure Basic and SmartAccess logon points. Basic logon points allow users to connect with Citrix online plug-ins or Desktop Receiver only, providing access to published applications or desktops. Users do not need a Universal license to log on using a basic logon point. SmartAccess logon points allow users to connect with the Access Gateway Plug-in and have greater access to network resources.
  • SmartGroups: SmartGroups in Access Gateway contain a collection of settings that group users according to their identity, location, authentication and authorization type, and the results of endpoint analysis (as defined in device profiles). First, you define the criteria users must match to become a member of a SmartGroup, and then you define the network resources, actions, and other settings for the SmartGroup.
  • Device profiles: You can configure endpoint analysis scans using device profiles. If you enable a device profile within a logon point, the endpoint analysis scan determines if users receive the logon page and subsequently log on. If you enable a device profile in a SmartGroup, the device profile you select determines the user access permissions for that SmartGroup.
  • Snapshots: You can take a snapshot of the appliance configuration at a given point of time. You can export snapshots to your computer and you can revert to an earlier snapshot. Using the Snapshots tab in the Management Console, you can upgrade to new Access Gateway software versions.
  • Appliance failover: You can configure two Access Gateway appliances for appliance failover. The appliances operate in active/passive mode, in which the primary appliance services all user connections, and the secondary appliance monitors the primary appliance and synchronizes session information. If the primary appliance fails, the secondary appliance takes over.

Source: Citrix eDocs


Installation and configuration

First import the CAG VPX on your hypervisor, in this case I use XenServer 5.6

After importing the CAG VPX on a Citrix XenServer login with
Username: admin
Password: admin


Here you see some new configuration settings, like NTP Servers or AD Deployment Mode.

Configure the VPX with the [0] Express Setup


You can also see that there are many new items under [1] System and [2] Troubleshooting, you can now restart and shutdown the appliance or restore and import a configuration. It’s also possible to configure SSH access. In the Troubleshooting [2] menu you can have access to network utilities and logs

Let’s go on with the configuration:

Choose an [0] Internal Management Interface and configure the Interface IP, [1] Netmask , [2] Default Gateway and [3] DNS Servers , after that [6] Commit Changes

Now you can connect to the CAG with you preferred browser, but remember you need Flash (I think 10.1), so no chance for the Apple iPad 😦

The URL you have to enter is (of course with your IP)

This is the Logon site for the admin


Again, logon with admin, admin

The first site gives you a nice overview, it’s a monitor site, that informs you about active sessions, system configurations and warnings


Let’s move on to the Management site, here you do all the configuration stuff, like networking, licensing and logging


The CAG now supports a Citrix License Server without the need of the AAC server, you can use the Windows version or the Virtual Appliance from Citrix.

That’s it for now, stay tuned for Part 2 of Access Gateway 5.0 – a deeper look

  1. January 12, 2011 at 18:56

    You may also want to check out the free EPA scans now available through http://citrix.opswat.com.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: