Learning the Basics of Citrix XenApp 5 Feature Pack 3 for Windows Server 2003 and XenServer 5.6 Part 9 of 12

Using Altaddr

In Part 8, you:

  1. Created a test user account,
  2. Learned to publish applications,
  3. Tested access to the published applications from the Web Interface site, and
  4. Learned to perform basic XenApp farm administrative tasks.

In this Part you will learn to allow external access to the published applications using the AltAddr method.

There are several methods available to you to allow users to have external access to the published applications:

  1. Using AltAddr
  2. Citrix Secure Gateway
  3. Citrix Access Gateway
  4. Branch Repeater
  5. NetScaler

Those are listed in order of security, ease of setup and cost.

Using AltAddr is the least desirable method to provide external access to applications.  There are several reasons why:

  • Not safe
  • Not secure
  • Traffic is not encrypted
  • Does not scale as each XenApp server will need its own Public IP Address

The ONLY reason I am writing about this method is it is probably the #1 most Frequently Asked Question on various support forums.  If cost is a concern, then the FREE Citrix Secure Gateway should be considered.  The only cost involved is for an SSL certificate and that can be obtained for a very low cost from a supplier like GoDaddy.com, among others.

When you completed Part 8 you were at the server’s desktop.

 

Configure Internal Static IP Address

The first thing you need to know to setup AltAddr is the private, or internal, IP address of your server.  For this book, we have been using a DHCP address for our server.  The server must be switched to a static IP address to allow for reliable external access.  Click Start -> Control Panel -> Network Connections (Figure 9-1).

Figure 9‑1

Right-click Local Area Connection n (where n is the number assigned to the network connection) and click Properties (Figure 9-2).

Figure 9‑2

Click on Internet Protocol (TCP/IP) and click on Properties (Figure 9-3).

Figure 9‑3

Click on Use the following IP address and Use the following DNS server addresses (Figure 9-4).  Enter an appropriate IP address, Subnet mask, Default gateway, at least the Preferred DNS server information and click OK twice.

Figure 9‑4

Find Public IP Address

The second thing you need to know is the public, or external, IP address of your server.  Start Internet Explorer and go to http://www.WhatIsMyIP.com. This site will show you the external IP address your server uses (Figure 9-5).

Figure 9‑5

Write down the IP Address and exit Internet Explorer.

Open a command prompt window. Type in altaddr /server:citrixone /set InternalIPAddress ExternalIPAddress and press Enter.  Substituting your real Internal and External IP Addresses.  Type in altaddr and press Enter.  Your results should be similar to Figure 9-6.

Figure 9‑6

Type exit and press Enter to close the command prompt window.

 

Configure Web Interface Site For AltAddr

Now the XenApp site created in Part 8 needs to be configured for using the AltAddr access method.  Start the Citrix Web Interface Management console.  Click XenApp Web Sites in the left column, your XenApp site in the middle column and Secure Access in the right column (Figure 9-7).

Figure 9‑7

Click the Default/Direct line and click Edit… (Figure 9-8).

Figure 9‑8

Click the dropdown box, select Alternate and click OK (Figure 9-9).

Figure 9‑9

Click Add… (Figure 9-10).

Figure 9‑10

To also allow users on your internal network to still access the Web Interface XenApp site, a Direct option needs to be added.  Click the dropdown box, select Direct and enter an IP address (which is really the Subnet ID) and subnet mask that will allow the users on your local network to access the XenApp site and click OK (Figure 9-11).

Figure 9‑11

Click Finish (Figure 9-12).

Figure 9‑12

Your router and or firewall need to be configured to allow the necessary TCP ports through.

Table 1 Altaddr TCP Ports

Port Protocol
80 HTTP
443 HTTPS (SSL)
1494 ICA
2598 Session Reliability
3389 Remote Desktop (optional)

Here is my router configuration (Figure 9-13).

Figure 9‑13

All the necessary steps have been taken to allow external access to the published applications:

  1. Static IP assigned to the server
  2. Public IP Address assigned
  3. AltAddr configured
  4. Router and or firewall configured to allow the necessary ports through

There is one additional step that needs to be taken for a production environment.  Assign a domain name to make it easier for users to remember.  I use citrix.websterslab.com.

Test Application Access

For our first test, we need to make sure internal access to the applications still works.  Open Internet Explorer and go to http://citrixone.  Logon to the site and verify the applications still run (Figure 9-14).

Figure 9‑14

Exit the applications, log off the site and close Internet Explorer.

For the second test, you need to be at a computer outside your network.  If you setup a domain name for the site go to http://domainname.  If you are just using the Public IP Address, go to http://ip.add.re.ss.  I am going to http://citrix.websterslab.com (Figure 9-15).

Figure 9‑15

Logon to the site and you may be prompted to install the Citrix online client software (Figure 9-16).

Figure 9‑16

Click the checkbox and the Download button (Figure 9-17).

Figure 9‑17

Click Run (Figure 9-18).

Figure 9‑18

Click Run (Figure 9-19).

Figure 9‑19

Click the yellow bar at the top of the browser windows and select Run Add-on (Figure 9-20).

Figure 9‑20

Click Run (Figure 9-21).

Figure 9‑21

You can now run the applications (Figure 9-22).

Figure 9‑22

Exit both applications, log off the XenApp site and close Internet Explorer.

 

Create Part 9 Snapshot

To create the Snapshot for this Part, right-click the VM and select Take Snapshot… (Figure 9-23).

Figure 9‑23

  1. Enter a Name,
  2. Optionally enter a Description,
  3. Select Quiesce the VM before taking the snapshot, and then
  4. Click Take Snapshot (Figure 9-24).

Figure 9‑24

Click on the Snapshots tab to see the Snapshot (Figure 9-25).

Figure 9‑25

Click the Console tab to return to the Windows desktop.

Note: On my computer, there are video anomalies when switching from the Snapshot tab to the Console tab.  The only way to resolve this issue is to reinstall XenTools after every snapshot is complete.

In this Part, you setup the AltAddr access method and successfully tested running the applications from outside your network.

Warning About Using AltAddr

IMPORTANT

Let me repeat:  Using AltAddr is the least desirable method to provide external access to applications.

  • It is NOT safe
  • It is NOT secure
  • Traffic is not encrypted which means logon credentials and data are sent in plain text
  • Does not scale as each XenApp server will need its own Public IP Address

If cost is a concern, then the FREE Citrix Secure Gateway should be considered.  In Part 10, you will learn to install the FREE Citrix Secure Gateway and test running applications from outside your network securely.

, , ,

About Carl Webster

Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

View all posts by Carl Webster

2 Responses to “Learning the Basics of Citrix XenApp 5 Feature Pack 3 for Windows Server 2003 and XenServer 5.6 Part 9 of 12”

  1. kianpour Says:

    It appears that all NAT connection options such as altaddr.exe and the web interface / translated address have been removed from XenDesktop 7.6 / StoreFront. The documentation simply says we should now use NetScaler.

    I’m trying to setup a small test lab, and even the NetScaler Gateway virtual appliance is more than I want to deal with. Is the ANY way to configure quick and dirty remote access over NAT on XenDesktop 7.6 / StoreFront, running on Windows Server 2012?

    Reply

Leave a Reply