Citrix Gateway: What is It and Why Use It? | Parallels
Gateway Definition
A gateway is a network node that connects different networks with different transmission protocols. In other words, a gateway is an entry and exit point for a network as all data passes through it before being routed. The only data that does not pass through a gateway is the data that flows inside a local area network (LAN).
Networks typically have a boundary that prevents direct communication to other devices, nodes, or networks connected to them. If networks require communication with other nodes, devices, or networks outside the boundary, then networks require the gateway to do so. A gateway is thus a combination of a modem or a router.
What is Citrix Gateway?
Citrix Gateway is a solution requiring unique hardware and a software license. It can be deployed on-premises or on any hybrid or public clouds, such as Microsoft Azure, Amazon Web Services (AWS), Google Cloud, or Citrix Cloud Platform. It offers users server load balancing, single sign-on, and secure access to all the virtual, Software as a Service (SaaS), and web applications assigned to them from their organizations/services.
Since it includes the word “gateway,” you would expect all the features of a gateway, such as server load balancing, enhanced security policies, web–filtering policies for Internet users, user behavior analytics, and more to be encompassed. However, this isn’t the case as you also need to implement add-ons such as Citrix Secure Private Access.
Security Issues on Citrix Gateway
In December 2019, Citrix announced a critical vulnerability in its Citrix Gateway, Citrix Application Delivery (formerly called NetScaler ADC), and SD-WAN WANOP code-named CVE-2019-19781. If exploited, CVE-2019-19781 could effectively allow any hacker to gain direct access to the organization’s local network from a remote location and execute arbitrary code execution.
At the time, it was reported that CVE-2019-19781 jeopardized over 80,000 companies’ networks in 158 countries that were using Citrix Gateway, Citrix ADC, and SD-WAN WANOP. It took nearly a month for Citrix to finally release a permanent fix for the CVE-2019-19781 security flaw.
As of this writing, Citrix claims that it has released permanent fixes for all the supported versions of Citrix Gateway, Citrix ADC, and SD-WAN WANOP. While CVE-2019-19781 could appear as an isolated incident, it raises serious security issues about Citrix Gateway, considering how widespread the application is in the business community.
For many organizations, VDI has created an entirely new complex IT infrastructure that has to be licensed, administered, and maintained. This complexity in VDI infrastructures has the potential to not become expensive in the long run, but also lead to security issues. For example, in the case of Citrix Gateway, companies can easily connect workstations and sensitive business applications, including ERPs.
However, in all the connections, Citrix apps are accessed on the organization’s network perimeter, exposing them to attacks from malicious users. And if a vulnerability is exploited, hackers have access to not only the published apps but any other resource that resides on the company’s server.
Parallels RAS: Another Alternative
If you’re looking into Citrix Gateway, you are probably considering Citrix Virtual Apps and Desktops to deliver applications and desktops. In that case, you might be interested in reading more about Parallels® Remote Application Server (RAS), an ideal alternative to provide a high-performance user experience (UX) at a lower cost compared to Citrix.
With Parallels RAS you can either integrate your existing gateways or install and configure your Parallels RAS Gateway on a physical or virtual machine—without purchasing additional add-ons. Parallels RAS offers every feature out of the box, from remote applications up to virtual desktop infrastructure (VDI) or remote PC. It includes built-in High Availability Load Balancing (HALB) and enhanced security capabilities such as multifactor authentication, advanced granular filtering, and client policies.