Getting Started with Citrix ADC
Deploy a Citrix ADC VPX instance
Optimize Citrix ADC VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
Apply Citrix ADC VPX configurations at the first boot of the Citrix ADC appliance in cloud
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
Install a Citrix ADC VPX instance on Linux-KVM platform
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
Deploy a Citrix ADC VPX instance on Microsoft Azure
Network architecture for Citrix ADC VPX instances on Microsoft Azure
配置multiple IP addresses for a Citrix ADC VPX standalone instance
配置a high-availability setup with multiple IP addresses and NICs
配置a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
配置a Citrix ADC VPX instance to use Azure accelerated networking
配置HA-INC nodes by using the Citrix high availability template with Azure ILB
配置HA-INC nodes by using the Citrix high availability template for internet-facing applications
配置a high-availability setup with Azure external and internal load balancers simultaneously
Upgrade and downgrade a Citrix ADC appliance
Authentication, authorization, and auditing application traffic
Basic components of authentication, authorization, and auditing configuration
On-premises Citrix Gateway as an identity provider to Citrix Cloud
Authentication, authorization, and auditing configuration for commonly used protocols
Troubleshoot authentication and authorization related issues
-
AppExpert Applications and Templates
-
-
-
-
-
-
-
Persistence and persistent connections
Advanced load balancing settings
Gradually stepping up the load on a new service with virtual server–level slow start
Protect applications on protected servers against traffic surges
Retrieve location details from user IP address using geolocation database
Use source IP address of the client when connecting to the server
Use client source IP address for backend communication in a v4-v6 load balancing configuration
Set a limit on number of requests per connection to the server
配置automatic state transition based on percentage health of bound services
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
Use case 3: Configure load balancing in direct server return mode
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
Use case 7: Configure load balancing in DSR mode by using IP Over IP
Use case 10: Load balancing of intrusion detection system servers
Use case 11: Isolating network traffic using listen policies
Use case 12: Configure Citrix Virtual Desktops for load balancing
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
Use case 15: Configure layer 4 load balancing on the Citrix ADC appliance
-
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
Configuring CloudBridge Connector between Datacenter and AWS Cloud
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde.(Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique.(Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica.(Aviso legal)
此内容已经过机器动态翻译。放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다.책임 부인
Este texto foi traduzido automaticamente.(Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt.(Haftungsausschluss)
Ce article a été traduit automatiquement.(Clause de non responsabilité)
Este artículo ha sido traducido automáticamente.(Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
User identity management
An increasing number of security breaches and the growing popularity of mobile devices has emphasized the need to ensure that use of the external internet is compliant with the corporate policies. Only authorized users must be allowed access to external resources provisioned by the corporate personnel. Identity Management makes it possible by verifying the identity of a person or a device. It does not determine what tasks the individual can take or what files the individual can see.
An SSL forward proxy deployment identifies the user before allowing access to the internet. All requests and responses from the user are inspected. User activity is logged, and records are exported to the Citrix Application Delivery Management (ADM) for reporting. In Citrix ADM, you can view the statistics about the user activities, transactions, and bandwidth consumption.
By default, only the user’s IP address is saved, but you can configure the feature to record more details about the user. You can use this identity information to create richer internet usage policies for specific users.
The Citrix ADC appliance supports the following authentication modes for an explicit-proxy configuration.
- Lightweight Directory Access Protocol (LDAP)。Authenticates the user through an external LDAP authentication server. For more information, seeLDAP Authentication Policies。
- RADIUS。Authenticates the user through an external RADIUS server. For more information, seeRADIUS Authentication Policies。
- TACACS+。Authenticates the user through an external Terminal Access Controller Access-Control System (TACACS) authentication server. For more information, seeAuthentication Policies。
- Negotiate。通过一个Kerberos authen对用户进行身份验证tication server. If there is an error in Kerberos authentication, the appliance uses NTLM authentication. For more information, seeNegotiate Authentication Policies。
For transparent proxy, only IP-based LDAP authentication is supported. When a client request is received, the proxy authenticates the user by checking an entry for the client IP address in the active directory. It then creates a session based on the user IP address. However, if you configure the ssoNameAttribute in an LDAP action, a session is created by using the user name instead of the IP address. Classic policies are not supported for authentication in a transparent proxy setup.
Note
For explicit proxy, you must set the LDAP login name tosAMAccountName。For transparent proxy, you must set the LDAP login name tonetworkAddressand attribute1 tosAMAccountName。
Example for explicit proxy:
add authentication ldapAction swg-auth-action-explicit -serverIP 10.105.157.116 -ldapBase "CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDn "CN=Administrator,CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDnPassword freebsd123$ -ldapLoginName sAMAccountName Example for transparent proxy:
add authentication ldapAction swg-auth-action-explicit -serverIP 10.105.157.116 -ldapBase "CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDn "CN=Administrator,CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDnPassword freebsd123$ -ldapLoginName networkAddress -authentication disable -Attribute1 sAMAccountName Set up user authentication by using the CLI
At the command prompt type:
add authentication vserver SSL bind ssl vserver -certkeyName add authentication ldapAction -serverIP -ldapBase -ldapBindDn -ldapBindDnPassword -ldapLoginName add authentication Policy -rule -action bind authentication vserver -policy -priority set cs vserver -authn401 ON -authnVsName Arguments:
Vserver name:
Name of the authentication virtual server to which to bind the policy.
Maximum Length: 127
serviceType:
Protocol type of the authentication virtual server. Always SSL.
Possible values: SSL
Default value: SSL
Action name:
Name for the new LDAP action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the LDAP action is added. The following requirement applies only to the CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’).
Maximum Length: 127
serverIP:
IP address assigned to the LDAP server.
ldapBase:
Base (node) from which to start LDAP searches. If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com. Maximum Length: 127
ldapBindDn:
Full distinguished name (DN) that is used to bind to the LDAP server.
Default: cn=Manager,dc=netscaler,dc=com
Maximum Length: 127
ldapBindDnPassword:
Password used to bind to the LDAP server.
Maximum Length: 127
ldapLoginName:
LDAP login name attribute. The Citrix ADC appliance uses the LDAP login name to query external LDAP servers or Active Directories. Maximum Length: 127
Policy name:
Name for the advance AUTHENTICATION policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after an AUTHENTICATION policy is created. The following requirement applies only to the CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy” or ‘my authentication policy’).
Maximum Length: 127
rule:
Name of the rule, or a default syntax expression, that the policy uses to determine whether to attempt to authenticate the user with the AUTHENTICATION server.
Maximum Length: 1499
action:
Name of the authentication action to be performed if the policy matches.
Maximum Length: 127
priority:
Positive integer specifying the priority of the policy. A lower number specifies a higher priority. Policies are evaluated in the order of their priorities, and the first policy that matches the request is applied. Must be unique within the list of policies bound to the authentication virtual server.
Minimum value: 0
Maximum Value: 4294967295
Example:
add authentication vserver swg-auth-vs SSL Done bind ssl vserver explicit-auth-vs -certkeyName ns-swg-ca-certkey Done add authentication ldapAction swg-auth-action-explicit -serverIP 192.0.2.116 -ldapBase "CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDn "CN=Administrator,CN=Users,DC=CTXNSSFB,DC=COM" -ldapBindDnPassword zzzzz -ldapLoginName sAMAccountName Done add authenticationpolicy swg-auth-policy -rule true -action swg-auth-action-explicit Done bind authentication vserver swg-auth-vs -policy swg-auth-policy -priority 1 Done set cs vserver testswg -authn401 ON -authnVsName swg-auth-vs Done Enable user name logging by using the CLI
At the command prompt, type:
set appflow param -AAAUserName ENABLED Arguments:
AAAUserName
Enable AppFlow authentication, authorization, and auditing user name logging.
Possible values: ENABLED, DISABLED
Default value: DISABLED
Example:
set appflow param -AAAUserName ENABLED Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.