Citrix is a company that has made its name in virtual desktop and virtual applications including the famous Citrix XenApp and XenDesktop products. Other products like NetScaler now called Citrix Gateway provide secure access to the Citrix products providing virtual applications and desktops.
So, is Citrix a VPN? Citrix offers a product called Citrix Gateway (formerly NetScaler Gateway), which does include VPN functionality. It provides secure remote access to Citrix desktops and applications, but it also offers traditional SSL VPN connectivity. Citrix is a company that specializes in virtualization and networking products.
Citrix provides a VPN product called Citrix Gateway that has a full SSL VPN, that is used by employees, contractors and third parties to connect securely to a corporate’s resources like virtual applications and desktops, provided through other Citrix products.
Citrix Gateway is predominantly used by corporations to ensure remote access is carried out securely to their corporate systems. The Citrix Gateway VPN functionality isn’t available in the same way as mainstream personal VPN providers like NordVPN and ExpressVPN.
In that, the Citrix Gateway VPN functionality is designed for corporations for remote access to their internal applications and virtual desktops and not to access to the wider internet, which the mainstream personal VPNs provide. Citrix Gateway licensing also makes this product prohibitively expensive for personal use, as not only is the cost of the licenses but a minimal number of licenses are required.
There is also the cost of hosting Citrix Gateway, as it comes in physical versions using dedicated hardware, that need to be installed inside corporate data centers, along with virtual versions requiring powerful hypervisors like Xen Server, Hyper-V or VMWare’s virtualization products. The virtualization products are expensive and will also mainly be installed within corporate data centers.
The Citrix Gateway works by providing a secure connection between the people accessing a corporate’s internal systems. When these users connect to their corporate network, their connection is routed to the Citrix Gateway from their device, using an encrypted tunnel (SSL/TLS). This ensures all information passing through the encrypted tunnel cannot be spied upon by unauthorized entities, as in a Man in the Middle (MitM) attack.
The user’s device, be it their computer, laptop to mobile phone will either have software installed that is used as part of the connection. So, the Citrix Gateway plug-in is one such piece of software that provides the VPN client functionality to connect to the Citrix Gateway.
Once the connection has been established, the user will be prompted with a screen from the Citrix Gateway on their device, where they will need to authenticate using a username and password, along with 2 factor authentication codes. These second factor authentication codes are generated either using a special physical device or using a virtual application on the user’s smartphone.
Both of these options rely on the fact they must have been previously synchronized with the user’s corporate account. This will allow these devices to provide a unique number of several digits, typically six, every 30 seconds or so.
So, even if the user’s name and password are known, login won’t complete until the second factor authentication code is entered, and this can only be entered by the person having either physical token device or the virtual equivalent on their smartphone.
Once the user has successfully authenticated, they will be presented with a list of virtual desktops and/or virtual applications they have been authorized to use.
The Citrix Gateway device doesn’t just provide VPN access, but can also act as an ICA Proxy, where access to the Citrix Virtual Apps and the Citrix Virtual Desktops is done using the Citrix receiver client software that’s part of the Citrix Workspace application installed on the user’s device.
Even if the user’s device doesn’t have any software installed capable to interfacing with the Citrix Gateway device, there is a clientless option. Where the user can initiate a connection from their web browser like Microsoft Edge, Google Chrome or even Mozilla Firefox.
This allows a secure connection from the web browser to the Citrix Gateway to be initiated and the user can access their corporate applications from within their browser, like Outlook Web Access.
Other connection options include the RDP and PCoIP proxy connections, where for RDP, the Remote Desktop Protocol provided by Windows, can be used to connect systems that have the Remote Desktop running. Likewise, with the PCoIP proxy connections, connections can be made from the user’s device to systems hosted on VMware Horizon.
Both the RDP and PCoIP connections require the respective client software installed on the user’s device, the RDP client if it’s an RDP connection to Remote Desktops on Windows and the VMWare Horizon Client if it’s connections to VMware Horizon hosts.
Mobile phones like those running Android and Apple’s IOS can also connect to corporate applications and desktops through the Citrix Gateway using a special secure browse connection using the Citrix SSO client, a next-generation client for VPN connections.
Citrix Gateway has evolved from the NetScaler product that provided the same levels of functionality. NetScaler was brought by Citrix in 2005, having been originally developed in 1997. NetScaler underwent a number of name changes before becoming Citrix Gateway, including NetScaler Unified Gateway along with being called plain NetScaler Gateway to NetScaler VPN.
Citrix Virtual Apps and Desktops
Citrix is famous for it’s Virtual Desktops and Virtual Apps products, previously incarnated as Citrix XenDesktop and Citrix XenApp respectively. With older versions of Citrix XenApp going back to the late nineties as Citrix MetaFrame and the first incarnation Citrix WinFrame.
Accessing the desktops and applications provided by Citrix Virtual Desktops and Virtual Apps from within a corporates network doesn’t require the additional security measures that are required when accessing these corporate resources remotely.
Working from home for example, is one use case where additional security measures are required to protect the corporate systems being connected to and the information passing between the corporate systems and employees accessing those systems.
This is where Citrix Gateway comes into play, as it provides a secure gateway between the remote users and the corporate systems. Protecting the information that passes between and also taking care of making sure the user’s connecting remotely are who they say they are by integrating into authentication systems like Microsoft’s Active Directory and second factor authentication providers like RSA.
Citrix Gateway VPN competitors
VPN competitors to Citrix Gateway come from Cisco with it’s AnyConnect product, Palo Alto’s Global Connect to F5’s Big-IP products. There are a whole host of other VPN providers to corporate clients, with the ones mentioned leading the field.
The Cisco AnyConnect product offers the same VPN type features the Citrix Gateway does, including the clientless SSL VPN. However, these Citrix Gateway alternatives may not work exactly in the way the Citrix Gateway works, in that these alternatives may only be able to connect to the Citrix servers hosting the virtual apps and desktops directly.
Whilst the Citrix Gateway will also be able to talk to the different components like Citrix StoreFront, Delivery Controllers and other Citrix components. Providing a better experience at delivering virtual apps and desktops compared to its competitors.
Conclusion
Citrix is a company that provides many products in the virtual apps and desktops along with a VPN solution called Citrix Gateway, that allows remote users, like employees working from home, third parties and others to connect securely to these virtual apps and desktops.
Citrix Gateway provides VPN services using either a plug-in or can be invoked directly from within a web browser, thereby no client software is required to use the VPN provided by the Citrix Gateway.
