Secure Private Access for on-premises - Preview
As Citrix customers, you can now access Web and SaaS apps seamlessly along with Citrix Virtual Apps and Desktops using the Citrix Secure Private Access solution for on-premises deployments. The solution enables you to adopt a Zero Trust Network Access (ZTNA) solution in a phased manner. You can route and control data traffic through your own WAN or private links or both, and also retain all components that are deployed on-premises.
In addition, the Secure Private Access solution for on-premises provides the following benefits:
- No changes required to the existing architecture or deployments to use this solution.
- Enables single sign-on to the apps and reduces the dependency on the traditional VPNs.
- Enables use of Citrix Enterprise Browser that provides enhanced security controls for applications.
- Enables contextual security controls based on the context (user group, device, network location).
System requirements
Ensure that your product meets the minimal version requirements.
- Citrix Workspace app
- Windows – 2309 and later
- macOS – 2309 and later
- Operating system for Secure Private Access plug-in server - Windows Server 2019 and later
- StoreFront – LTSR 2203 or CR 2212 and later
- NetScaler – 13.0, 13.1, 14.1, and later. It is recommended to use the latest builds of the NetScaler Gateway version 13.1 or 14.1 for optimized performance.
- Communication ports: Ensure that you have opened the required ports for the Secure Private Access plug-in. For details, see Secure Private Access for on-premises (Secure Private Access plug-in).
Note:
The Secure Private Access for on-premises is not supported on Citrix Workspace app for iOS and Android.
Prerequisites
For creating or updating an existing NetScaler Gateway, ensure that you have the following details:
- A Windows server machine with IIS running, configured with a SSL/TLS certificate, on which the Secure Private Access plug-in will be installed.
- StoreFront store URLs to enter during the setup.
- Store on StoreFront must have been configured and the Store service URL must be available. The format of the Store service URL is
https://store.domain.com/Citrix/StoreSecureAccess
. - NetScaler Gateway IP address, FQDN, and NetScaler Gateway Callback URL.
- IP address and FQDN of the Secure Private Access plug-in host machine (or a load balancer if the Secure Private Access plug-in is deployed as a cluster).
- Authentication profile name configured on NetScaler.
- SSL server certificate configured on NetScaler.
- Domain name
- Certificate configurations are complete. Admins must ensure that the certificate configurations are complete. The Secure Private Access installer configures a self-signed certificate if no certificate is found in the machine. However, this might not always work.