Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Java User Guide. Citrix Access Gateway 8.1, Enterprise Edition

Citrix Access Gateway™ 8.1, Enterprise Edition

Citrix Access Gateway Enterprise Edition

Citrix Access Gateway Plugin for Java User Guide

the End User License Agreement is included with the installation media.

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.

© 2003-2008 Citrix Systems, Inc. All rights reserved.

v-GO code © 1998-2003 Passlogix, Inc. All rights reserved.

Citrix and ICA (Independent Computing Architecture) are registered trademarks, and Citrix Presentation Server, Citrix XenApp, and Access Gateway are trademarks of Citrix Systems, Inc. in the United States and other countries.

Citrix Access Gateway, Citrix Delivery Center, and Citrix XenDesktop are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries.

RSA Encryption © 1996-1997 RSA Security Inc., All Rights Reserved.

This product includes software developed by The Apache Software Foundation (http://www.apache.org/)

This product includes software developed by Salamander Software Ltd. © 2002 Salamander Software Ltd. Parts © 2003 Citrix Systems, Inc. All rights reserved.

Licensing: Portions of this documentation that relate to Globetrotter, Macrovision, and FLEXlm are copyright © 2003-2006 Macrovision Corporation and/or Macrovision Europe Ltd. All rights reserved.

Trademark Acknowledgements

Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.

Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product.

Portions of this software are based in part on the work of the Independent JPEG Group.

Portions of this software contain imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL. All rights reserved.

Macromedia and Flash are trademarks or registered trademarks of Macromedia, Inc. in the United States and/or other countries.

Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory, and DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corp. in the U.S. and other countries.

Novell Directory Services, NDS, and NetWare are registered trademarks of Novell, Inc. in the United States and other countries. Novell Client is a trademark of Novell, Inc.

RealOne is a trademark of RealNetworks, Inc.

Licensing: Globetrotter, Macrovision, and FLEXlm are trademarks and/or registered trademarks of Macrovision Corporation.

All other trademarks and registered trademarks are the property of their respective owners.

Document Code: July 23, 2008 (KKW)

Contents

Chapter 1 Welcome

How to Use this Guide . . . .5

Document Conventions . . . .5

Chapter 2 Getting Started with the Access Gateway Plugin for Java

System Requirements . . . .7

Creating Connections . . . .8

Connecting Using a Web Address . . . .8

Chapter 3 Working with the Access Gateway Plugin for Java

Configuring Proxy Servers . . . .12

Connecting to File Shares in the Secure Network . . . .12

Configuring Settings in the Top Panel . . . .12

Viewing Folders and Files in the Left Panel. . . .13

Connecting to Network Resources in the Right Panel . . . .13

Accessing Web Sites. . . .14

Getting Help in the Access Interface . . . .15

Ending Your Session . . . .15

Appendix A Troubleshooting the Access Gateway Plugin for Java

Access Gateway Error Messages . . . .17

C

1

Welcome

This chapter describes who should read the Access Gateway Plugin for Java User Guide.

Before logging on using Access Gateway Plugin for Java, review this

documentation to learn how your connections work and how to access network resources in the secure network.

How to Use this Guide

This guide is intended for users who log on to an internal network through an Access Gateway appliance. This document assumes that the Access Gateway is connected to an existing network and that your system administrator configured the appliance for user connections.

Document Conventions

Access Gateway documentation uses the following typographic conventions for menus, commands, keyboard keys, and items in the user interface:

Convention Meaning

Bold Commands, names of interface items such as text boxes, option buttons, and user input.

Italics Placeholders for information or parameters that you provide. For example, filename in a procedure means you type the actual name of a file. Italics also are used for new terms and the titles of books.

%SystemRoot% The Windows system directory, which can be WTSRV, WINNT, WINDOWS, or other name you specify when you install Windows.

Monospace Text displayed in a text file.

{ braces } A series of items, one of which is required in command statements.

For example, { yes | no } means you must type yes or no. Do not type the braces themselves.

[ brackets ] Optional items in command statements. For example, [/ping] means that you can type /ping with the command. Do not type the brackets themselves.

| (vertical bar) A separator between items in braces or brackets in command statements. For example, { /hold | /release | /delete } means you type /hold or

/release or /delete.

… (ellipsis) You can repeat the previous item or items in command statements.

For example, /route:devicename[,…] means you can type additional devicenames separated by commas.

Convention Meaning

C

2

Getting Started with the Access

Gateway Plugin for Java

Access Gateway is a secure remote access solution that provides point-to-point communication between your device and an enterprise network. It does so by creating a secure tunnel between your device and the Access Gateway. This allows you to gain access to critical business resources such as enterprise networks, shared file systems, and applications.

How Access Gateway Works

To log on to a remote network, you need to log on to the Access Gateway. To do this, you can use the Access Gateway Plugin for Java. To log on, open your Web browser using the Access Gateway Web address and log on. When you log on, the Access Gateway Plugin for Java opens as a popup on your screen.

The Access Gateway Plugin for Java runs as a Java applet in your Web browser.

When you log on to Access Gateway, the Access Gateway Plugin for Java dialog box appears on the lower right of your screen.

When the Access Gateway Plugin for Java is running and a connection is made, it creates a secure channel of communication between your computer and the Access Gateway. You are then able to access resources in the internal network that you are authorized to use. When an application, such as Microsoft Outlook, tries to connect to a server in the internal network, the Access Gateway Plugin for Java directs the request to your email server in the secure network. This process extends to many types of applications, such as Web browsers, and email applications.

Your system administrator can also configure the Access Gateway Plugin for Java to ensure that certain personal firewalls and antivirus applications are running on your computer.

System Requirements

The Access Gateway Plugin for Java runs on the following operating systems:

• Windows Vista

• Windows XP

• Mac OS X

• Linux

The following Web browsers are supported:

• Internet Explorer

• Firefox

• Safari

If you are running the Access Gateway Plugin for Java on a Windows-based device or Macintosh, install Java Runtime Environment (JRE) 1.4.2 or higher. If you are running the plugin on a Linux computer, install JRE 1.3.1 or higher.

Creating Connections

To connect with and use the Access Gateway Plugin for Java, your system administrator needs to provide you with the following information:

• Access Gateway Web address, such as https://AccessGatewayFQDN/.

• Any system requirements for running the Access Gateway Plugin for Java if your system administrator configured endpoint policies. System

requirements can include antivirus software or a personal firewall installed on your computer.

If you are using a personal firewall on your computer, when you first connect with the Access Gateway Plugin for Java, the firewall might prompt you for permission to allow the connection. If you receive this prompt, always allow the connection. For details for allowing connections, see the manufacturer’s

documentation.

Connecting Using a Web Address

If you are connecting using a Web browser, you are either prompted to log on or are taken directly to a portal page where you can connect using Access Gateway Plugin for Java.

If the Access Gateway is configured to have you log on before making a

connection with the plugin, type your user name and password and then log on. A portal page appears that allows you to log on using the Access Gateway Plugin for Java. The connection provides full access to the network resources that you have permission to access.

Chapter 2 Getting Started with the Access Gateway Plugin for Java 9

The access granted by the security policies allows you to work with the enterprise network as if you are logged on locally. For example, you might be granted permission to Web and client-server applications. You can also map network drives to access allowed network resources, including shared folders and printers.

To establish a secure connection for the first time, log on to the Access Gateway using the Web logon page. Contact your administrator for the Web address and logon credentials. The typical format of a Web address is

https://companyname.com.

To run the Access Gateway Plugin for Java

1. In a Web browser, type the Web address of Access Gateway.

2. Type your user name and password and click Logon.

If the Java applet does not start automatically, you might need to click a link to start the applet.

When the plugin establishes the connection, the Secure Remote Access Session dialog box appears in the lower right corner of the screen. To maintain your connection, leave the Secure Remote Access Session dialog box open. When this dialog box is closed, your session with the Access Gateway is disconnected.

You can now access resources in the enterprise network. For example, if you logged on to your office network, you can start your email client and access your messages.

Note: If you receive a proxy configuration alert, update the proxy settings of your Web browser to the values displayed in the proxy configuration alert or to those on the Access Gateway portal page. This allows you to access Web-based applications.

C

3

Working with the Access Gateway

Plugin for Java

When you start the Access Gateway Plugin for Java, a dialog box appears with the options available for configuring your session. When you close the dialog box, your session ends.

The Access Gateway has a home page, called the Access Interface, which allows you to securely access internal Web sites, applications, file shares, or email in the secure network. When you close the Access Interface, your session ends.

Using the Secure Access Remote Session Dialog Box

When you log on using the Access Gateway Plugin for Java, the following dialog box appears on your screen. To maintain your session, this dialog box must remain open. To end your session, click Logout.

The Secure Access Remote Session dialog box

The components of the Secure Access Remote Session dialog box include:

• Proxy. The IP address and port number of the Web browser’s proxy that enables Web access.

• Bytes sent. The quantity of data sent through the Access Gateway Plugin for Java from the client device to the Access Gateway.

• Bytes received. The quantity of data received from the Access Gateway Plugin for Java from the Access Gateway to the client device.

• Home. Displays the Access Interface or the home page designated by your system administrator.

• Applications. Displays a list of applications configured on the Access Gateway.

• Compression Stats. Displays the compression statistics.

• File Transfer. Downloads or uploads files from the secure network using the Access Interface.

• Logoff. Logs off from the Access Gateway session.

Configuring Proxy Servers

A proxy server is a computer that sits between your client device and servers in the internal network. Proxy servers intercept requests from your Web browser to the server in the internal network to see if it can fulfill the requested Web page. If the proxy server cannot fulfill the request, it sends the request to the server in the secure network.

If you are using Internet Explorer or the Mac OS X Safari Web browser to connect to the Access Gateway logon page, the Access Gateway Plugin for Java changes the proxy settings to reflect the proxy server that is configured in the Secure Remote Access Session dialog box. When you log off from Access Gateway, the proxy settings are removed from Internet Explorer and Safari.

If you are using Firefox to log on to Access Gateway, the proxy server settings need to be configured manually. For more information for configuring proxy settings, contact your system administrator.

Connecting to File Shares in the Secure Network

To access file shares in the secure network, in the Secure Remote Access Session dialog box, click File Transfer. Log on to the file server to access your file shares.

Configuring Settings in the Top Panel

There are several buttons on the top panel of the browser window that allow you to perform various tasks for storing and transferring files.

• Log On. Click this button to log on to the internal network or a specific computer on the network.

Chapter 3 Working with the Access Gateway Plugin for Java 13

• Up. Click this button to navigate to the previous folder.

• Refresh. Click this button to refresh the contents of the active folder.

• Mkdir. Click this button to create a new folder.

• Download. Click this button to download the selected file from the remote server.

• Upload. Click this button to upload the selected file from the client device to a folder on the remote server.

• Delete. Click this button to delete the selected file from the remote computer.

• Rename. Click this button to change the name of a file or folder.

• Log Off. Click this button to disconnect from the remote server.

Viewing Folders and Files in the Left Panel

The servers, their directories, and the directory structure appears in a tree format in the left panel. Click the plus sign (+) to view folders.

Connecting to Network Resources in the Right

Panel

The right panel displays the Logon Server window. Use this window to log on to a file server in the internal network. To access the file server, leave the Logon Server field blank or click Network Neighborhood in the left panel.

To log on to a file server

1. In the Secure Access Remote Session dialog box, click File Transfer.

2. In Address, type the name of the file share, such as \\fileserver\sharename.

3. In Login, type your user name.

4. In Password, type your password.

5. In Domain, type a valid domain name.

If the remote server has not been assigned a specific domain, leave the field blank. Contact your system administrator for more information.

The right panel now displays the subfolders and files. The location of the active folder appears in the Address field.

To download a file from a remote server 1. Select the file.

2. Click Download. The File Download window appears.

3. Click Save. The Save As dialog box appears.

4. Navigate to the appropriate folder and click Save.

To upload a file to the remote server 1. Select the file on the client device.

2. Click Upload.

To remove a folder, subfolder, or file 1. Select the file, folder, or subfolder.

2. Click Delete.

Note: A top-level folder that contains subfolders cannot be removed. To delete a top-level folder with subfolders, delete the subfolders first and then delete the top-level folder.

Accessing Web Sites

The Access Interface is created based on the data that is configured by your system administrator. The page can list company intranet Web sites, external Web sites, and file shares. Links that your administrator configures are listed under Enterprise Networks. You can also add your own links to Web sites, such as a department SharePoint site or a reference page on the Internet. Links that you configure are listed under the Personal Web Sites heading in the Access Interface.

To add a Web site link in the Access Interface

1. In the right pane, under Personal Web Sites, click Add.

2. In the Add a Bookmark dialog box, in Name, type a name for the link.

3. In Address, type the Web address for the link, such as http://www.mycompany.com.

4. In Description, type a description of the link and click Add.

You can also remove Web sites that you configured from the Access Interface.

Chapter 3 Working with the Access Gateway Plugin for Java 15

To remove a Web site link from the Access Interface

1. In the right pane, under Personal Web Sites, click Remove.

2. Under Remove Bookmarks, select the sites to remove and click Remove.

Note: You can remove bookmarks that are listed under Personal Web Sites but not those under Web Sites.

Getting Help in the Access Interface

The Access Interface has several built-in tools to assist you in using the Access Gateway. The tools include a ping interface for checking the accessibility of other computers on the network, tips for using the Access Gateway, online Help, and the file transfer utility.

The tools on the Home tab of the Access Interface help you navigate your way through Access Gateway. The tools on this pane are:

• Ping. This allows you to check the accessibility of other computers in the secure network and on the Internet. The ping feature can help you

troubleshoot connection problems with your Access Gateway session. You can also check the status of a network resource on the network. To use ping, in Server, type the IP address, Web address, or domain name of the computer you want to ping and then click Ping.

• Tip. This offers helpful hints for using Access Gateway features.

• Help. This provides access to this online Help.

Ending Your Session

You can log off from the Access Gateway Plugin for Java using the Secure Access Remote Session dialog box. When you log off, the session ends and the Secure Access icon remains in the notification area.

To logoff from the Access Gateway Plugin for Java

1. In the Secure Access Remote Session dialog box, click Logoff.

2. Click Yes to end the session.

A

A

Troubleshooting the Access Gateway Plugin for

Java

The Access Gateway Plugin for Java provides tools to help you troubleshoot your connections and sessions. You can use a variety of statistics and logs to report problems to your help desk or system administrator.

In This Chapter

• Opening Log Files

• Access Gateway Error Messages

Opening Log Files

The Access Gateway Plugin for Java maintains a log of all activities in a file. You can use the log file to diagnose problems with the Access Gateway Plugin for Java. The name of the log file is mpSSLVpn.txt in the %tmp% folder on a Windows computer.

On a Macintosh or Linux computer, the log file is stored in the /tmp directory.

Access Gateway Error Messages

The following table lists error messages that can appear during your session.

Message Explanation Action

HOSTS file update

failed. The Access Gateway Plugin for Java cannot update the HOSTS file on the client device.

Log on to the device as an administrator or with administrative privileges. If you cannot log on as an administrator, you can edit the HOSTS file. For more

information, contact your help desk system administrator.