Secure Private Access for on-premises - Preview

As Citrix customers, you can now access Web and SaaS apps seamlessly along with Citrix Virtual Apps and Desktops using the Citrix Secure Private Access solution for on-premises deployments. The solution enables you to adopt a Zero Trust Network Access (ZTNA) solution in a phased manner. You can route and control data traffic through your own WAN or private links or both, and also retain all components that are deployed on-premises.

In addition, the Secure Private Access solution for on-premises provides the following benefits:

  • No changes required to the existing architecture or deployments to use this solution.
  • Enables single sign-on to the apps and reduces the dependency on the traditional VPNs.
  • Enables use of Citrix Enterprise Browser that provides enhanced security controls for applications.
  • Enables contextual security controls based on the context (user group, device, network location).

System requirements

Ensure that your product meets the minimal version requirements.

  • Citrix Workspace app
    • Windows – 2309 and later
    • macOS – 2309 and later
  • Operating system for Secure Private Access plug-in server - Windows Server 2019 and later
  • StoreFront – LTSR 2203 or CR 2212 and later
  • NetScaler – 13.0, 13.1, 14.1, and later. It is recommended to use the latest builds of the NetScaler Gateway version 13.1 or 14.1 for optimized performance.
  • Communication ports: Ensure that you have opened the required ports for the Secure Private Access plug-in. For details, see Secure Private Access for on-premises (Secure Private Access plug-in).

Note:

The Secure Private Access for on-premises is not supported on Citrix Workspace app for iOS and Android.

Prerequisites

For creating or updating an existing NetScaler Gateway, ensure that you have the following details:

  • A Windows server machine with IIS running, configured with a SSL/TLS certificate, on which the Secure Private Access plug-in will be installed.
  • StoreFront store URLs to enter during the setup.
  • Store on StoreFront must have been configured and the Store service URL must be available. The format of the Store service URL is https://store.domain.com/Citrix/StoreSecureAccess.
  • NetScaler Gateway IP address, FQDN, and NetScaler Gateway Callback URL.
  • IP address and FQDN of the Secure Private Access plug-in host machine (or a load balancer if the Secure Private Access plug-in is deployed as a cluster).
  • Authentication profile name configured on NetScaler.
  • SSL server certificate configured on NetScaler.
  • Domain name
  • Certificate configurations are complete. Admins must ensure that the certificate configurations are complete. The Secure Private Access installer configures a self-signed certificate if no certificate is found in the machine. However, this might not always work.

References

Secure Private Access for on-premises - Preview