Gateway

How users connect to applications, desktops, and ShareFile

If you have Citrix Endpoint Management in your deployment, users can connect in the following ways:

  • Citrix Gateway plug-in that establishes a full VPN tunnel to resources in the internal network. You create a session profile to select the Citrix Gateway plug-in for Windows or the Citrix Gateway plug-in for Mac. When users log on by using the plug-in, endpoint analysis scans can run on the user device.

Note: To allow endpoint analysis scans to run on Mac computers, you must install Citrix Gateway 10.1, Build 120.1316.e or newer.

  • Citrix Workspace app to connect to web, SaaS, and Enterprise applications, web links, and documents from ShareFile through Endpoint Management. When users log on with Citrix Workspace app, Citrix Gateway routes the connection to Endpoint Management. When Citrix Workspace app establishes the connection, users’ applications and documents appear in Citrix Workspace app. If users log on with Citrix Workspace app and connect to Endpoint Management directly, you must enable clientless access in Citrix Gateway. This deployment does not require StoreFront.
  • Citrix Workspace app to connect to published applications and virtual desktops through StoreFront or the Web Interface. When users log on with Citrix Workspace app, Citrix Gateway routes the connection to StoreFront or the Web Interface. When Citrix Workspace app establishes the connection, user applications and desktops appear in Citrix Workspace app.
  • Secure Hub to connect to iOS and Android apps, including WorxMail and WorxWeb, from mobile devices through Endpoint Management. When users log on to Secure Hub, they have access to the mobile apps that you configure in Endpoint Management, When Citrix Gateway establishes the Micro VPN connection, users mobile apps appear in the Secure Hub window. Users can start the apps from Secure Hub. Some apps require users to download and install the app on the mobile device.

In any of the preceding scenarios, if users want to connect through Citrix Gateway, they do the following:

  • Users log on by using the Citrix Gateway plug-in or Citrix Workspace app. To log on for the first time, users open a web browser and type the fully qualified domain name (FQDN) of Citrix Gateway or Citrix Workspace app. Users with mobile devices log on with Secure Hub.
  • On the logon page, users enter their credentials and are authenticated.
  • After authentication, the user session redirects to StoreFront or Endpoint Management depending on your deployment.
  • If you deploy both StoreFront and Endpoint Management, Citrix Gateway contacts the first server in the deployment. For example, if you configure MDX mobile apps in Endpoint Management, you deploy StoreFront behind Endpoint Management. If you are not providing access to MDX mobile apps, you deploy Endpoint Management behind StoreFront.
  • All of the users’ desktops, documents, and web, SaaS, and Windows-based applications appear in Citrix Workspace app or Secure Hub.

If users need to access other resources in the internal network, such as Exchange, file shares, or internal websites, they can also log on with the Citrix Gateway plug-in. For example, if users want to connect to a Microsoft Exchange server in the network, they start Microsoft Outlook on their computer. The secure connection is made with the Citrix Gateway plug-in which connects to Citrix Gateway. The SSL VPN tunnel is created to the Exchange Server and users can access their email.

Important: Citrix recommends configuring authentication on the Citrix Gateway virtual server. When you disable authentication in Citrix Gateway, unauthenticated HTTP requests are sent directly to the servers running the Web Interface, StoreFront, or Endpoint Management in the internal network.

How users connect to applications, desktops, and ShareFile