Unified Gateway is a new feature that was introduced in software version 11. It is a unified portal that allows access to all our users' applications in the same interface using the same URL. This might be XenApp/XenDesktop applications, or it might be SaaS, on-premises web-applications or other services that are load balanced using NetScaler. This means that we can set up multiple services for a customer using the same URL. This feature is built-up of other features in NetScaler, which has been around for many years, but Citrix did a bit of a polishing job of the Clientless Access portal.

In order to set up a Unified Gateway, we have to run the wizard available in the management portal. The wizard is configured to allow deployment of traditional NetScaler Gateway as well. Click on the Unified Gateway feature and choose Get Started. From there choose Single Public Access Point. Now, there are five feature that we need to configure in this deployment to get it up and running:

It is important to remember here that the virtual server is going to be represented as a content switching virtual server and not a NetScaler Gateway vServer. The reason for this is that a content switching server has the ability to redirect to backend resources based upon URL or hostnames, for instance. The wizard will also deploy a NetScaler Gateway vServer, but the IP address is set to 0.0.0.0 and will be referenced from the content switching vServer for Citrix sessions.

So, let's start by entering a name and an IP-address for the Unified Gateway. Next, add a server certificate to the Gateway, similar to what you did earlier when setting up ICA Proxy. Note, however, that the certificate step here will validate the certificate chain, so if it is missing RootCA or intermediate CA, you will get an error message like this, and you will need to upload the missing CA certificate as well.

Next, add an authentication policy. This policy will apply to all users who try to access the gateway.

Now you need to define a portal theme. This defines how the GUI of the portal should look. By default, there are two different themes you can choose from, Default and GreenBubble. The last one is the one used on StoreFront as well, but you can create a custom one if you want to, using the web management, which is covered later in this chapter.

Finally, define different applications that are going to be accessible from within the portal.

We have five different application profiles that we can bind to a unified gateway. First, it is split into two different categories: either it's a Citrix XenApp/XenDesktop environment or it's a web-based application. Within the second category, we have four different types of applications that can be added:

Intranet applications are web-based applications that need to be available for VPN users. When adding an intranet application, NetScaler automatically creates content switching rules based upon the URL to redirect VPN users to the correct vServer. Intranet applications can either be accessed using Clientless Access or with a full VPN client. When adding an application, we have the option to Make this application accessible through the unified gateway URL as shown in the screenshot. If this is turned off, users will require full VPN access, and we can have security policies such as preauthentication scans before the client is allowed access.

Clientless Access applications are typically applications such as Exchange and SharePoint and allow for SSO and integrated access from within the Unified Gateway portal.

SaaS applications are public applications hosted in most cases in a public cloud provider; this can be services such as Sharefile, Office365, Dropbox, and so on. We can also allow NetScaler to act as an SAML SP and to authenticate on behalf of the users. This of course requires federated setup like with Active Directory Federation Services.

Preconfigured applications are applications that are pre-hosted by NetScaler and are running and are accessible using a vServer. So we have to point the application to an existing vServer and enter an absolute URL.

Now all these different resources are then added as a bookmark, which can be displayed under NetScaler Gateway | Resources | Bookmarks:

As we can see in the preceding screenshot, NetScaler is used as a reverse proxy for some applications, and some require full VPN access to be able to work. Now, running the Unified Gateway wizard will actually publish all applications to all users. In order to publish applications to specific users or groups, we need to use the NetScaler Gateway Policy Manager. Choose either user or groups and then add bookmarks to those objects.

As mentioned, we can also add a XenApp/XenDesktop environment to the unified gateway. In that case, we need to add the StoreFront Server FQDN, Site Path for web receiver, Single-sign on domain, Store name, STA servers, IP address of the storefront server, and protocol and port number. After that is done, the Unified Gateway will enumerate all applications that a particular user has access to when logging in.

Now using all these different options, we have a gateway that allows users to access all their different applications. These could be SaaS, on-premise, or Windows-based applications.