Citrix Access Gateway: Standard vs Enterprise

During the last month I have several “chances” to explain people that Citrix Access Gateway Standard and Citrix Access Gateway Enterprise are absolutely different products, and the same is true about their virtual editions (aka VPX). I feel  that it is the time to write it down once and share the link from now on…

There are two Citrix products named Access Gateway – Citrix Access Gateway Standard/Advanced Edition (aka CAG) and Access Gateway Enterprise Edition (aka AGEE). Both share similar feature set, hence the common name, but those are different products. CAG is original Citrix product, with latest versions 4.6 and 5.0 (at the moment of writing). After Citrix acquired NetScaler in 2005, they implemented CAG functionality on the NetScaler appliance and named it “Enterprise Edition”. That’s why AGEE versions go after NetScaler version numbers – it is the same appliance, with latest version 9.3 (again, at the moment of writing).

And what is VPX? Access Gateway VPX is a virtual edition of CAG. NetScaler VPX is a virtual edition of NetScaler (that is – AGEE).

UPD (Sep 1): You can read more about the history of this separation here.

Troubleshooting NetScaler/AGEE Authentication

Surprisingly, the best tool for troubleshooting NetScaler authentication process in not a log file, located somewhere in the depths of log directory. Instead, they have a named pipe “aaad.debug” in the /tmp directory. This is not a regular file, so you cannot download it or open in the editor. The correct way to work with named pipe will be to cat its “content” – either directly to the console or to some file.

root@...# cd /tmp
root@...# cat aaad.debug

The following great (and simple!) article in the Citrix KB explains it in-depth: “How to Troubleshoot Authentication with Aaad.debug”.