RDP proxy functions was first published in NetScaler 10.5.e release and GA was taken with the 11.0 release. There were a lot of questions on this subject, when it was released for the first time, and also some misunderstandings. Read on to get an understanding of what RDP proxy @ NSGW do for you
From a high level perspective RDP proxy gives the following functionalities :.
- The ability of a user to authenticate with multiple factors before they grant you access to an RDC to a back-end host
- reverse proxy connection to your RDS host
- be no need for a full VPN connection
- control, the RDP functionality is available to the client
- encrypt your RDS traffic
- change Port RDS traffic from 3389 to its election (so you can sneak around the FW, AEOS)
application:
remote access to jumping host: If you have a Citrix XD installation for all don, Äôt, this is an inexpensive way to access a back-end host to get from where you can access other resources all from the same portal as They are used to.
configuration
The configuration of 3 consists elements
RDP server profile ;. that's where you hear for incoming connections on the NetScaler, should define what IP and port. The RDP server profile is vServer
RDP client profile tied with a NSGW; this is where you did what RDP capabilities, AEOS to define to the client (print mapping, drive sharing). The RDP client profile is a meeting profile bound
RDP bookmarks ;. Here you can define the back-end server / host, AEOS IP address. The RDP bookmarks are tied to a user or group
What happens .:
client connects to NS Gateway and is prompted for credentials
list of remote desktop resources that can be accessed via the portal provided by the user.
clicksOnce the user clicks on a link, the request is authorized and NS generates the RDP file.
NS accepts the connection from the RDP client and does SSO to the appropriate back-end server and proxy the connection between the client and the server
Example Configuration . :
enable ns feature ssl SSLVPN rdpproxy
mode usnip allow
Add aaa user testrdpuser -password testRDPuser123
vpn url rdp RdpLink "rdp: //
Add authentication local policy localpol ns_true
Add rdp server profile rdp_server_p1 -rdpIP
Add vpn vserver mygateway SSL
bind vpn vserver mygateway -policy localpol -priority 100
Add rdp client profile rdp_client_p1 -rdpFileName testrdpfile.rdp -rdpHost
set vpn session action SETVPNPARAMS_ACT -clientSecurityLog ON LEAVE -defaultAuthorizationAction -clientlessVpnMode ON -rdpClientProfileName rdp_client_p1
set vpn parameters -defaultAuthorizationAction LEAVE -clientlessVpnMode ON -rdpClientProfileName rdp_client_p1
bind aaa user testrdpuser -urlName rdp
license
RDP proxy is part of the Unified Gateway contained in NetScaler Enterprise Edition, and requires CCU, AEOS
more here Unified Gateway Read https://www.citrix.com/blogs/ 2015/05/12 / one-url-consolidates remote--Access infrastructure
0 Komentar