Applies To:

Show Versions Show Versions

Manual Chapter: Configuring App Tunnel Access
Manual Chapter
Table of Contents   |   Next Chapter >>

What are app tunnels?

An app tunnel (application tunnel) provides secure, application-level TCP/IP connections from the client to the network.

Additionally, optimization is available for app tunnels. With compression settings for app tunnels, you can specify the available compression codecs for client-to-server connections. The server compares the available compression types configured with the available compression types on the server, and chooses the most effective mutual compression setting. You configure compression for the server in the connectivity profile.

Task summary for app tunnels

To set up this configuration, perform the procedures in the task list.

Task List

Configuring an app tunnel object

When you create an app tunnel object, that object becomes a simple container that holds app tunnel resources. Once you specify those resources from within the app tunnel resource, you can then assign the resource to an access policy.
  1. On the Main tab, click Access Policy > Application Access > App Tunnels. The App Tunnels screen opens.
  2. Click Create. The New App Tunnel Resource screen opens.
  3. Type a name and description for your app tunnel.
  4. Although an ACL is automatically created for your application object, you can choose to determine the order of your ACL as it appears in the ACL list. Use the ACL Order list to select the placement you want.
  5. Under Default Customization Settings, type a Caption for the app tunnel. This caption identifies the app tunnel and enables it to appear on a full webtop.
  6. Click Create.
You have just created an app tunnel object.

Configuring an application resource item for an app tunnel

The application resource item specifies how to create a particular tunnel. The application field serves as a hint to Access Policy Manager in order to help with special handling of specific protocols. Compression settings specify which compression codecs the tunnels can use, while the Launch Application field allows you to define an application that will run once you establish the resource tunnel.
  1. On the Main tab, click Access Policy, Application Access, and select App Tunnels. The list of app tunnels opens.
  2. Click the name of the app tunnel you created. The Properties screen opens.
  3. Under Resource Items, click Add. The New Resource Item screen opens.
  4. For Destination type, specify whether the application destination is a host or an IP address. You cannot use the fully qualified domain name to connect to an application resource that is configured with an IP address destination type.
  5. Specify your port or port range for the application.
  6. From the Application Protocol list, select the application protocol.
    Option Description
    None Specifies that the app tunnel resource uses neither RPC or FTP protocols.
    Microsoft RPC Specifies that the resource uses the Microsoft RPC protocol.
    Microsoft Exchange RPC Server Specifies that the resource uses the Microsoft Exchange RPC Server protocol.
    FTP Specifies that the resource uses FTP protocol.
  7. For the Application Path setting, optionally specify a path for an application to start once the application access tunnel is established.
  8. For the Parameters setting, specify any parameters associated with the application that starts with the Application Path. The parameters you can add are:
    • %host% - This is substituted with the loopback host address, for example http://%host%/application/
    • %port% - The loopback port. Use this if the original local port has changed due to conflicts with other software.
  9. Click Finished. The resource appears in the app tunnel object.

Configuring an access policy to include an app tunnel and webtop

  1. On the Main tab, click Access Policy > Access Profiles . The Access Profiles List screen opens.
  2. On the Access Profiles List screen, click the name of the access profile for which you want to edit the access policy. The Access Profile properties screen opens for the profile you want to edit.
  3. On the menu bar, click Access Policy. The Access Policy screen opens.
  4. Click Edit Access Policy for Profile profile_name. The visual policy editor opens the access policy in a separate window or tab.
  5. Click the [+] sign anywhere in your access profile to add your new policy action item. An Add Item window opens.
  6. Select Resource Assign agent, and click Add Item. The Properties screen opens.
  7. Under Resource Assignment, next to App Tunnel Resources, click Add/Delete.
  8. Select your app tunnel resource from the available choices.
  9. Under Webtop, click Add/Delete Resources.
  10. Select a full webtop from the available choices, and click Save.
Your app tunnel and remote desktop are now both assigned to the session.
You must associate the access policy and connectivity profile with your virtual server.

Attaching an access policy to the virtual server for app tunnels

When creating a virtual server for an access policy, specify that the virtual server is a host virtual server, and not a network virtual server.
  1. On the Main tab, click Local Traffic > Virtual Servers. The Virtual Server List screen displays a list of existing virtual servers.
  2. Click the name of the virtual server you want to modify.
  3. In the Destination setting, in the Address field, type the IP address you want to use for the virtual server.
  4. From the HTTP Profile list, select http.
  5. In the Access Policy area, from the Access Profile list, select the access profile.
  6. If you are using a connectivity profile, from the Connectivity Profile list, select the connectivity profile.
  7. If you are creating a virtual server to use with portal access resources in addition to app tunnels, from the Rewrite Profile list, select the default rewrite profile, or another rewrite profile you created.
  8. Select the Citrix Support check box if you want to provide connections to Citrix desktop resources.
  9. Select the OAM Support check box if you want to provide native integration with an OAM server for authentication and authorization. You must have an OAM server configured in order to enable OAM support.
  10. Click Update.
Your access policy is now associated with the virtual server.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)