Secure access for Citrix DaaS use cases

Citrix DaaS (desktop as a service) is a fully managed cloud-based desktop virtualization solution. NetScaler provides secure access for Citrix DaaS, allowing your users to securely access their virtual desktops and applications from anywhere, on any device, and across any network. Common use cases for using NetScaler to provide secure access to Citrix DaaS include:

Secure hybrid cloud application delivery

NetScaler works the same across on-premises and public cloud environments, so you can configure your Citrix DaaS deployment to securely deliver applications from your data center as well as from the cloud in accordance with your business needs and compliance requirements. NetScaler is ideal for securing access in air-gapped environments.

Secure access to applications from any device, across any network

NetScaler prevents access to unauthorized applications and resources by validating the user’s identity and environment and dynamically assessing the client’s security posture.

Policy-based contextual access

With policy-based contextual access, you control which applications users can access and which actions they can take, including printing and copying to a clipboard.

Secure access for on-premises StoreFront

For on-premises deployments of Citrix DaaS, NetScaler provides secure remote access to Citrix StoreFront and allows you to customize your domain names and URLs.

Secure access for self-hosted enterprise applications

NetScaler provides secure access to enterprise applications hosted on-premises, like Microsoft Exchange and SharePoint, SAP, Oracle, WordPress, and Drupal.

Secure access for BYOD

NetScaler acts as a gateway to provide a single, externally available log-in portal and access controls for users who are using their own devices (BYOD).

Did you know?

NetScaler is the only ADC that is fully interoperable with Citrix DaaS, providing seamless secure remote access to virtual applications and desktops.

Secure access for Citrix DaaS with NetScaler

NetScaler functions as a gateway to provide a single, externally available log-in portal to allow different levels of user access. You can use the same log-in portal to identify and provide network-level access to corporate devices using device certificates. And you can allow third-parties external to your organization to access sanctioned applications.

NetScaler works natively with the proprietary Citrix protocol called Independent Computing Architecture, or ICA. NetScaler authenticates the user and load balances and proxies the user’s HTTPS/SSL traffic to Citrix StoreFront, which returns the ICA launch information back to the user through NetScaler. When NetScaler receives the encrypted ICA launch request from the user, it decrypts and silently validates the user again and then proxies ICA traffic to the Citrix virtual delivery agent (VDA). 

ICA also supports enlightened data transport (EDT). ICA runs on TCP but can dynamically switch to UDP as needed to support EDT. Unlike simplistic VPN solutions that open port 1494 on TCP where EDT doesn’t work, NetScaler knows when the protocol change occurs and does not require further authentication.

NetScaler’s proprietary authentication framework, called nFactor, allows you to easily configure otherwise complex authentication scenarios. It supports many multi-factor authentication (MFA) methods, including LDAP, RADIUS, SAML, OpenID Connect, nFactor, Client Certificates (Smart Cards), and more. As a key component of the authentication, authorization, and auditing (AAA) capabilities built into NetScaler, nFactor enables SSO, providing an extra layer of security without affecting application performance.

NetScaler provides security controls for session activity that can immediately block unsanctioned data transfer — like copying and printing — without stopping the session. 

Because NetScaler sees all data passing between servers and clients, it can map client drives to prevent sensitive data leakage and stop malware, NetScaler provides granular reporting on activities that your users are engaging in, such as watching a large amount of video content or downloading a large amount of content. You can also prevent users from copying to the clipboard and sharing drives.

NetScaler proactively prevents access to Citrix DaaS environments based on user location. Geofencing allows you to use location-based policies to prevent login pages from being accessed by all users attempting to connect from unauthorized locations.

NetScaler provides a web application firewall (WAF) and bot management to protect both your login portal pages and your applications. You can use such features as rate limiting and IP reputation management to prevent password spraying attacks and brute-force login attempts.

Because NetScaler collates telemetry from every user session, you can quickly detect whether an issue originates with the client, the network, or the data center. Only NetScaler can parse high-definition experience (HDX) traffic and provide reporting details on individual streams within each session. NetScaler also provides instant visibility into authentication failures.


Reference designs for NetScaler gateway on-premises
Multi-factor authentication with NetScaler nFactor
NetScaler gateway and Azure multi-factor authentication

Get started with NetScaler 

Request a demo or talk to sales