The Citrix Master Class dived deeper into the Citrix Secure Private Access and Autoscale on-premises topics covered previously in the What’s New and Next with Citrix webinar.
For those of you who were able to join us live, thank you for your time and attention. We received many good questions during our live Q&A session, but time constraints allowed us to answer only a few of them.
You can find all the answers to the questions we answered live in this blog and answers to the questions we didn’t have time to respond to. We’ve split the questions into two sections in line with our webinar topics to help you find any answers you may be looking for:
Secure Private Access for on premises
Does Secure Private Access on-premises architecture need any connection with the Citrix Cloud?
No, Secure Private Access on premises needs no connection to the Citrix Cloud. It’s entirely on premises and leverages all your existing on-premises infrastructure.
Is the Enterprise Browser part of the DaaS bundles?
Citrix Enterprise Browser is available as part of the Citrix Workspace app. Still, it requires the administrator to publish at least one web or SaaS application via Citrix Secure Private Access for it to be unlocked.
How can I try Secure Private Access on premises?
You can start testing whenever you like by simply downloading the Secure Private Access installer from Citrix Early Access Release downloads and following our Secure Private Access documentation for installation instructions.
Note: During the creation of this blog post, Secure Private Access on premises was in Public Tech Preview.
Does Secure Private Access on premises provide full Zero Trust Network Access (ZTNA) support based on least privilege access and adaptive security?
Yes. Secure Private Access on prem provides full ZTNA support for web/SaaS-based apps.
TCP/UDP-based app support is part of the roadmap.
Is Adaptive Authentication and Device posture also available on-premises?
Yes. Using NetScaler Gateway functionality, Device posture (Endpoint Analysis) scans and Adaptive Authentication can be configured.
Where does the Secure Private App plugin get hosted when deployed on premises?
The Secure Private App plugin can be installed on the StoreFront server or a dedicated server; however, the server must be domain-joined. Installing the Secure Private App plugin on the StoreFront server is our recommendation to minimize necessary firewall rules.
Can we use Citrix DaaS with StoreFront and Citrix Secure Private Access on premises?
This scenario is supported when Citrix DaaS is used as the control plane.
Are App Protection licenses besides Citrix Virtual Apps Desktops and NetScaler required to enable security policies for Citrix Secure Private Access on premises?
App protection and enhanced security controls for web and SaaS apps (Secure Private Access resources) are included in Citrix Secure Private Access on premises.
What are all things included in the device posture check?
NetScaler Gateway utilizes Advanced Endpoint Analysis (EPA) to scan user devices for the configured endpoint security requirements. NetScaler built-in scans are listed in Advanced Endpoint Analysis policy expression reference and support applications by OPSWAT and can be used to define an EPA scan. Download the latest EPA libraries. Refer to Advanced Endpoint Analysis scans for more information on configuring the advanced EPA scan using the GUI or the CLI.
What if I wanted to download data from a web browser? Where will it download?
Citrix Enterprise Browser is installed locally on the user’s device. When a user downloads a file, it gets stored on their device. Up/Downloads can be blocked by using security control.
Is a Citrix Virtual Apps and Desktops Delivery Controller required for Web apps?
For web and SaaS applications, Citrix Secure Private Access on premises requires Citrix StoreFront. A Citrix StoreFront store requires a Citrix Virtual Apps and Desktops Delivery Controller.
What is the traffic path for an internal web application?
The traffic path after launching the application via the Citrix Workspace app or Citrix Enterprise Browser is:
- Citrix Enterprise Browser connects to NetScaler Gateway.
- NetScaler Gateway verifies the application authorization for this user via the Citrix Secure Private Access plugin.
- NetScaler Gateway will connect to the backend server/service if the user is allowed.
What are the recommended StoreFront and NetScaler versions to support Citrix Secure Private Access on premises?
The system requirements for StoreFront and NetScaler Gateway to support Citrix Secure Private Access on premises are:
- StoreFront – LTSR 2203 or CR 2212, and later
- NetScaler Gateway – 13.0, 13.1, 14.1, and later
For more information on the system requirements for Citrix Secure Private Access on premises, check the product documentation here.
Citrix Autoscale on premises
Is Autoscale available in Citrix Virtual Apps and Desktops Long Term Service Release (LTSR)?
No. Starting with Citrix Virtual Apps and Desktops 7 2305, you can use Autoscale to power-manage machines in your Citrix Virtual Apps and Desktop deployment. It provides a consistent, high-performance power management solution, letting you balance costs and user experience. For more information, see Autoscale.
What Citrix Virtual Apps and Desktops version can I leverage Vertical Load Balancing?
Citrix Virtual Apps and Desktops 7 2308 introduces Vertical Load Balancing (VLB) at the site level for on-premises deployments to save costs by packing as many sessions in one machine as possible before moving to the next machine and powering it on.
Is Dynamic Session Timeout supported for 2203 LTSR VDAs?
No. Requires Citrix Virtual Apps and Desktops 7 2305 and later.
What edition of Citrix Virtual Apps and Desktops is Autoscale included?
Autoscale is included in all Citrix Virtual Apps and Desktops 7 2305 editions and later.
If you missed the Citrix Master Class webinar, don’t worry. You can watch the on-demand recording to explore what you can do with Citrix solutions to make your environment more secure and cost-effective. Also, be on the lookout for our quarterly “What’s New” blog posts (check out our latest, What’s New with Citrix — CVAD 2308 and Cloud updates, here) for all things new with Citrix.
Disclaimer: This publication may include references to the planned testing, release and/or availability of Cloud Software Group, Inc. products and services. The information provided in this publication is for informational purposes only, its contents are subject to change without notice, and it should not be relied on in making a purchasing decision. The information is not a commitment, promise or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for products remains at the sole discretion of Cloud Software Group, Inc.
from Citrix Blogs https://bit.ly/47gM6ju