Secure Remote Access Options: How do NetScaler Gateway and Parallels RAS Secure Gateway compare?

The role of the gateway in simplifying secure remote access for virtual apps and desktops

Gateways act as a front-end to virtual apps and desktop resources within the enterprise.  The secure remote access functionality of a gateway, e.g., the secure gateway provided via Parallels RAS, provides authentication and encryption to ensure that user session data traversing the network is secure.

Of course, certificates are applied to enable SSL/TLS security to ensure that clear text doesn’t traverse the network, but secure remote access encompasses more than that.

For those that are considering how to move forward with evaluating a new virtual apps and desktops solution, the gateway aspects should be reviewed because it is a critical aspect for success.

NetScaler Gateway

Within a Citrix Virtual Apps and Desktops environment, NetScaler Gateway is the Citrix-recommended mechanism for providing secure remote access.  While third-party solutions such as ZScaler and F5 can be used to provide gateway services, most Citrix customers opt for NetScaler Gateway.

NetScaler is a complex networking appliance.  In addition to gateway functionality, NetScaler can address firewalls, load balancing, SSL offload, and other services.  With so many capabilities, new administrators are often overwhelmed with the myriad of options available when only gateway functionality is required.  Although basic Gateway configuration is a four-step wizard, those steps are rarely sufficient to enable full functionality, as evidenced by a five-day training course.

NetScaler Gateway requires licensing based on the appliance type and edition.  In addition, user licensing needs to be purchased.  Options include purchasing user license packs or the most expensive Platform license, which provides unlimited user licenses.  As a result, the business aspect of determining which NetScaler-related licenses are needed requires careful analysis of the options.

Once the NetScaler Gateway needs are determined, if and how to integrate Citrix Application Delivery Management (ADM) should be considered.  The most pressing reason for deploying ADM with NetScaler Gateway is access to HDX Insight data, i.e., network-related data related to user sessions and environment resources.  While ADM is also useful for fast upgrades and SSL certification expiration warnings, it’s another component to deploy, maintain, and license.

Parallels RAS Secure Gateway

When Parallels RAS is deployed to provide virtual apps and desktops, only the included Secure Gateway component must be deployed.  There are no additional for-purchase components or licensing, plus a simple-to-use admin screen is used for configuration.

Basic configuration steps include designating IP address(es), mode, and firewall rules.  In addition, Secure Gateway supports SAML SSO authentication and
multi-factor authentication

Optionally, High Availability Load Balancing (HALB) may be deployed to load balance Parallels RAS Secure Gateways.  This component is likewise included at no additional cost, and configuration is straightforward.

Another optional and included component is Reporting.  This embedded functionality enables administrators and help desk associates to access reports and monitoring data.  For example, when researching a user issue, it’s easy to see which applications the user is accessing and the status of the network.
Reporting is easy to configure as well.

Comparing NetScaler Gateway to Parallels Secure Gateway

To summarize, NetScaler Gateway is a subset of full NetScaler functionality and configuration is complex.  For full user session reporting, ADM integration is also necessary, further complicating the setup and maintenance.  Because these components are not inherently included, additional licensing is required.

On the other hand, Parallels RAS includes a purpose-built Secure Gateway that is easy to deploy and configure.  It doesn’t include extraneous options for web servers and other functionality that the administrator will find confusing when only gateway is needed, nor are there any additional licensing requirements.  Where the High Availability Load Balancer and Reporting components are needed, these are likewise included at no additional cost.

Ready to learn more about and try Parallels RAS’s gateway (and more) for yourself? Try it now.