Over the past few months, I have worked in several multi-domain customer environments. As you can imagine, there are many considerations when designing the access layer in a multi-domain environment and different design options based on the requirements. Therefore, I want to share some multi-domain design options and considerations regarding NetScaler Gateway and StoreFront in a XenApp and XenDesktop environment.
Since there is a lot to cover, the design considerations will be split into a three-part blog series, which will focus on NetScaler and StoreFront configurations in multi-domain environments in which there are two-way trusts already established and domain credentials are used for authentication. The following topics will not be covered:
In this article, we will focus on NetScaler Gateway multi-domain authentication options. Parts 2 and 3 will cover session policy configurations and internal StoreFront authentication. Let’s get to it.
NetScaler Gateway Authentication
The first consideration with NetScaler Gateway (NSG) for multi-domain environments is how we configure authentication. The end goal is to configure a single NSG vServer for all domains to minimize the number of URLs that have to be communicated to users. With this in mind, we need to have our NSG vServer be aware of all domains (i.e. have authentication policies from all domains bound to it). This can be performed in the following ways:
Below are some key takeaways from the different authentication options discussed.
Please access full details here: Citrix Blog (by Jose Caceres)