
When the Citrix Access Gateway 4.6 (CAG) VPX Virtual Appliance was announced in Febrary 2010 the Citrix Community became very excited. The day when I finally got my hands on the product I got disappointed when I discovered that it only supported Citrix XenServer. Most of our customers have VMware in their DMZ and nobody was interested in replacing their working Citrix Secure Gateway before there where Citrix Access Gateway VPX support for VMware.
At this time it wasn’t a big issue, because the iPad hadn’t been released for sales in Norway so the pressure wasn’t too heavy on the IT apartments. The workaround was to create a XenApp Service site without any kind of 3 party authentication to begin testing the iPad in some environments.
At Citrix Synergy 2010 in Berlin there where some buzz about Citrix Access Gateway VPX 5.0 being released in the end of October 2010 with support for VMware ESX. Once again very excited, but turned down once more by the fact that it required an update of the Citrix Receiver to version 4.2.1. The Citrix Access Gateway VPX 5.0 was released 28th of October and we waited almost 1.5 month for the Receiver that was released 17th of December. I know this is not only Citrix’s fault since they were waiting for the App to get approved by Apple after the release of IOS 4.2.1.
The cool thing about the new Citrix Receiver for iPad is that it makes it possible to launch ICA files from Safari which means all Citrix Secure Gateway (CSG) solution with Citrix Web Interface 4.6 (WI) or higher will work even with 3 party authentication. So why should we upgrade to Citrix Access Gateway VPX 5.0?
Well the sales pitch is to use your internal Web Interface and remove the old WI from the DMZ. Another point is the security aspect because you no longer need to run Windows Updates and apply security patches to you Citrix Secure Gateway. This is great, because I have seen many solutions that have been forgotten and not been updated in ages. CSG will also in the feature bee discontinued and no longer supported.
So we should upgrade to Citrix Access Gateway straight away right?
Well hold your horses. Right know there are too many issues with iPad not working with Citrix Access Gateway VPX 5.0. I have talked to many consultants and they have given up and just sticked to Citrix Access Gateway 4.6 which works with the XenApp Service. We are also still waiting for the Citrix Receiver for iPhone 4.2.2. If you are planning on using it with your Android devices you’ll need to upgrade to the brand new Citrix Web Interface 5.4 which could be a problem if you plan to use your internal WI like Citrix wants you to do.

If you plan to try it out be aware that there currently are a lot of threads in the support forum regarding iPad and also some issues with older Citrix Presentation Server 4.5.
I have blogged about this before; Should Citrix pay more attention to Citrix Forums? when they launch a new product. There are some videos available on Citrix TV, but they don’t cover everything from A to Z so it’s easy to get lost in the configuration. And the new eDoc documentation doesn’t help anymore, Citrix please give us the PDF documentation back at least for brand new products.
Everything is easy when you know how to do it, I remember back in the CSG times I used at least 20 hours on the first installation, but then quickly got it down to 3-4 hours when I had done it a couple of times and had made myself a step by step installation guide.
So are you using Citrix Access Gateway VPX 5.x in your organization or are you sticking to Citrix Secure Gateway? Please leave a comment below.
Resource :
Hey Trond – Nice write up — I think recently Citrix support has been looking more to the forums although the QA team isn’t doing so. One of the other key issues I see with VPX 5 is this new “FEATURE” Login points! Cool concept, but no one thought about what the end user impact would be here… So you have a default login point, Ok that’s Xenapp, but what about SSLVPN?
We’ll those users using the previous version of VPX would just go to the FQDN and based on there LDAP group would be redirected to there correct desired location, All in the background without impact to the user. With VPX 5 you now have to tell all of your end users to go to fqdn.com/lp/VPN or what ever your login point name is! I actually had a customer refuse to use VPX 5 due to that exact reason. New features are great, but we need to look at least minimal impact to the end users experience. Oh, and client choices… what happend to that feature?
I’m a strong believer in community driven anything… (especially support Citrix IRC http://join.citrixirc.com shameless plug hehe) A team of QA engineer’s can’t know about all of the issues out there in the wild but all of us engineer’s out in the grind and kicking the tires all the time sure see a lot of them. I think on the Support side Citrix is doing a great job integrating into social media just wish QA side would do the same! 🙂
Nice job on the Training site — I’ll sign up for the beta.
Shane
Thanks Shane for your long comment and your commitment to the Citrix IRC. What I forgot to mention in the post is that I’ve no previous experience with Citrix Access Gateway (one of the few products). The reason for this is that most of my customers run CSG and while I was away cruising the Caribbean for 2 years other consultants where doing the CAG implementation.
I wasn’t aware of the VPN issues. I hope Jay Tomlin (CAG Product Manager) will post some comments about these issues we are experiencing.
Would be nice if you or Jarian did a guest post here about the Citrix IRC 🙂
Fixed this issue today together with Citrix Support.
Port 1494 to the XenApp or XenDesktop – the Receiver for iPad does not support Session Reliability at this time)
CAG VPX is a pain in the back.There are hardly any how-to’s or proper setup documentation out there. Especially setting up different logon points for different websites and webservices. Lot of time waste and confusing. I made it working , so that I can access xendesktops from browser, but now I can’t get it working with Citrix online pug-in and access gateway plugin. Can someone help me here pls………………
Hi Reddy,
You’re correct, it’s difficult, that’s why we created the Members Area. As long as you got your CAG working with XenDesktop it’s just a matter of setting up a new logon point for the different websites and services. Are you trying to use one CAG VPX for many clients with different farms/domains? Please provide some more information on your problems.