Over the last several weeks I have explained the difference between the Citrix Access Gateway (or CAG) Platform License and the Universal License.
Based on those conversations, I thought it might be helpful to create a short post to define the differences at a high level.
If you are not completely familiar with what the Citrix Access Gateway actually does in a Citrix environment, here is a quick definition.
For end users: Access Gateway provides a single, seamless point of secure remote access and single sign-on capabilities to all of their apps and data. Additionally, users can easily roam across devices and networks without losing their current session.
For administrators: Access Gateway delivers a single point of control, and tools to help ensure compliance with regulations and the highest levels of information security across and outside the enterprise.
How the Citrix Access Gateway is licensed...
The Access Gateway comes with two license models.
1. Platform license (which it comes with when you purchase Access Gateway.)
The platform license allows user connections to XenApp hosted applications or XenDesktop hosted desktops. If you only want users to connect with online plug-ins or Desktop Receiver to XenApp or XenDesktop, the platform license is all that is required.
2. Universal License which would be purchased separately, or is included with XenDesktop Platinum.
You ONLY need to purchase the Universal License if you want or need to do any of the following through the Access Gateway:
- Full VPN tunnel
- Endpoint analysis - Scanning endpoints to make sure that they meet corporate standards to connect to the network. These scans include looking for file and registry settings, operating system versions and patch level, anti-virus is running and up to date, and that no unauthorized, illegal, or unlicensed executable code (including spy-ware, mal-ware, and trojans) is introduced. Prior to user authentication, Citrix endpoint security solutions interrogate endpoint devices to determine the level of access a user can obtain based on the information found during that interrogation.
- Policy-based SmartAccess - SmartAccess technology allows administrators to control both access and actions based on both the user and the endpoint device. For example, a user may have full access (read, save locally, print, etc.) to a set of files when utilizing their office PC ‑ but may be restricted to "read-only" access when connecting through an unrecognized "kiosk" device. Similarly, if an employee tries to log into the corporate network via a home PC that does not have an active anti‑virus update service that employee may not be able to access certain mission‑critical systems.
- Clientless access to Web sites and file shares - Clientless access allows users the access webmail, websites, and fileshares without any Citrix client.