Mobile Device Access, Citrix NetScaler VPX 9.3 and XenApp 6.5

I am often asked how to enable mobile device access through an existing Citrix Access Gateway Enterprise Edition appliance.  There are a number of useful guides, this is how I configure an environment.

Configure XenApp Services Site

First step is to create a new XenApp Services Site.

Highlight XenApp Services Site and select Actions > Create Site.

Citrix Web Interface create site

On the Specify IIS Location page change the Name to MobileAccess and click Next and Next.

Configure the site now and click Next.

Enter the Farm Name, Add the XenApp Server(s), enter the XML Service port and click Next.

In the Citrix Web Interface Management console high light the new MobileAccess site and from the Actions pane select Secure Access.

Highlight the Default and select Edit.  Change the Access method to Gateway direct, click OK and Next.

Enter the Access (FQDN) of the virtual server and click Next.

Click Add, enter the address of the STA, click OK and Finish.

Configure NetScaler Policy

Return to the NetScaler VPX configuration utility click Access Gateway > Policy Manager > Change group settings and user permissions.

Select Session Policies and Create new session policy.

The Create Access Gateway Session Policy window appears. Enter MobileAccess for the policy name and click New.

Name the Session Profile MobileDevices, on the Published Applications tab Override Global for ICA Proxy, Web Interface Address, Web Interface Portal Mode and Single Sign-On Domain.

Enter the following:

ICA Proxy: ON

Web Interface Address: http://XA65.ctxdemo.local/Citrix/MobileAccess/config.xml

Web Interface Portal Mode: NORMAL

Single Sign-on Domain: ctxdemo

In the Configure Access Gateway Session Policy window, next to Match Any Expression, click Add…

Expression  Type: General

Flow Type: REQ

Protocol: HTTP

Qualifier: HEADER

Operator: CONTAINS

Value: CitrixReceiver

Header Name: User-Agent

Select OK, Create and Close. The Access Gateway Session policy appears as an icon in the Access Gateway Policy Manager.

Under Configured Policies / Resources, expand the Virtual Servers > SmartAccess node and then drag the MobileAccess icon onto the SmartAccess > Session Policies icon.

Modify the priority of the policy so the MobileAccess policy has a high priority than the Remote Access policy.  This is done by assigning a lower policy number.

Close the Access Gateway Policy Manger and Save the configuration.

Test Application Enumeration and Launch

Install the root certificate on the client machine you are going to test from and make sure it is possible to resolve the FQDN of the NetScaler VPX virtual server.

On the mobile device install the Citrix Receiver and configure a profile that points to the FQDN of the gateway.