In one of my recent projects, I had to build several Citrix ADCs in a new data center. After consultation with the customer, the same services and functions should be configured as in the old data center. The only difference was that the new data center should use different IP ranges and therefore all network settings of the Citrix ADCs and the connected services had to be adapted.
Continue reading “Copy a Citrix ADC configuration to a new machine”
- Same version and build on all Citrix ADC
- Same Citrix ADC license version on all Citrix ADC
- IP addresses of the new Citrix ADC should be defined and free (NSIP, SNIP & VIP).
- IP addresses of the connected machines should be known (server or server groups)
- Basic configuration of the new Citrix ADC should be done (NSIP, SNIP, DNS, Timezone & License)
This article is about creating an AD FS Proxy from Citrix ADC (version 12). The AD FS Proxy is used to authenticate e.g. external SaaS applications or websites via AD FS. The following should be achieved by the AD FS Proxy:
- URL / DoS Protection
- Suitable external authentication (MFA, Forms instead of Kerberos)
- Account Lockout Protection
- Availability (Load Balancing)
What is AD FS ?
Active Directory Federation Services (AD FS) is a feature in the Windows Server operating system that allows identity information to be shared outside of the corporate network. Users can access applications (e.g. Office365, Salesforce.com, etc.) without being prompted to provide credentials again. These applications can be hosted locally, in the cloud, or even by other companies. The user accounts can be managed by the administrator in a single location, the Active Directory.
A normal deployment of AD FS for external clients consists of AD FS Proxy and AD FS Server. The AD FS Server is a member of the domain and perform the authentication. The AD FS Proxy is usually located in a separate network zone (DMZ) so that it can be reached externally and forward the requests inwards.
Continue reading “Citrix ADC as AD FS Proxy”