.

Getting Started with Citrix Access Gateway

Citrix Access Gateway 4.2

325-1622

Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included on your product CD-ROM. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc. 2005 Citrix Systems, Inc. All rights reserved. Citrix, ICA (Independent Computing Architecture), MetaFrame, MetaFrame XP, and Program Neighborhood are registered trademarks, and SpeedScreen and Access Gateway are trademarks of Citrix Systems, Inc. in the United States and other countries. RSA Encryption 1996-1997 RSA Security Inc., All Rights Reserved. This product includes software developed by The Apache Software Foundation (http://www.apache.org/) Win32 Client: Portions of this software are based on code owned and copyrighted by O'Reilly Media, Inc. 1998. (CJKV Information Processing, by Ken Lunde. ISBN: 1565922247.) All rights reserved. Licensing: Portions of this documentation that relate to Globetrotter, Macrovision, and FLEXlm are copyright 2005 Macrovision Corporation. All rights reserved. Trademark Acknowledgements Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Apple, LaserWriter, Mac, Macintosh, Mac OS, and Power Mac are registered trademarks or trademarks of Apple Computer Inc. Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product. Portions of this software are based in part on the work of the Independent JPEG Group. Portions of this software contain imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL. All rights reserved. Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory, and DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. UNIX is a registered trademark of The Open Group. Licensing: Globetrotter, Macrovision, and FLEXlm are trademarks and/or registered trademarks of Macrovision Corporation. All other trademarks and registered trademarks are the property of their respective owners. Document Code: September 8, 2005 (KW)

C ONTENTS

Contents

Chapter 1

Introduction
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 New Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Integration with Advanced Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Double Source Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Getting Service and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Subscription Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Knowledge Center Watches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Education and Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Related Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Chapter 2

Installing the Access Gateway

Preparing for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Materials and Information Needed for Installation. . . . . . . . . . . . . . . . . . . . . . .10 Setting Up the Access Gateway Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Using the Access Gateway Administration Portal . . . . . . . . . . . . . . . . . . . . . . .13 ActiveX Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Using the Access Gateway Administration Tool . . . . . . . . . . . . . . . . . . . . . . . .14 Configuring the Access Gateway for Your Network . . . . . . . . . . . . . . . . . . . . .15 Installing Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Testing Your Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Access Gateway Configuration Using Advanced Access Control . . . . . . . . . . . . .20 Third-Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Chapter 3

Access Gateway Rack Mounting Kit

Separating the Rail Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Connecting the Chassis Rails to the Access Gateway . . . . . . . . . . . . . . . . . . . . . . .24 Connecting the Rack Rails to the Rack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Getting Started with Citrix Access Gateway

Installing the Access Gateway in a Four-Post Rack . . . . . . . . . . . . . . . . . . . . . . . .25 Installing the Access Gateway in a Two-Post Rack. . . . . . . . . . . . . . . . . . . . . . . . .26

Chapter 4

Specifications and BIOS Self-Test Messages

Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 BIOS Self-Test Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

C HAPTER 1

Introduction

This chapter describes who should read Getting Started with Access Gateway, new features, and related documentation. Before installing the Access Gateway, review the Access Gateway PreInstallation Checklist. The checklist provides a single place to record the necessary information for successfully setting up the Access Gateway.

Audience
This guide is intended for service technicians who install the Access Gateway and for administrators who need to troubleshoot the Access Gateway hardware.

New Features
The following is a brief description of the new features in Access Gateway 4.2. For details about configuring these options, see the Access Gateway Administrators Guide.

Integration with Advanced Access Control

Advanced Access Control provides secure, single-point access to any enterprise resource, including email, applications, network file services, Internet and intranet sites, and documents. Protect your corporate resources while providing secure access, consistent presentation, and easy navigation for mobile users who may be connecting from anywhere. You can create and integrate policies to tailor access to different scenarios, such as providing differentiated levels of trust or permissions based on the identification of a corporate device or a security scan of the client device.

Getting Started with Citrix Access Gateway

Advanced Access Control: Ensures that connections to your network and resources are safe, trusted, and secure Add granularity to policy-based access control Allows you to set differing levels of access permission based on evidence you gather about the connecting client device Allows users to connect to Advanced Access Control using the Secure Access Client Allows fallback to secure clientless access if the client device fails logon requirements

When Advanced Access Control is added to your network, you can configure the Access Gateway using the Access Suite Console. For more information, see Access Gateway Configuration Using Advanced Access Control on page 20 or the Access Gateway with Advanced Access Control Administrators Guide.

Double Source Authentication

The Access Gateway now supports double source authentication. You can use any combination of authentication, such as LDAP and RADIUS or RSA SecurID and LDAP. Double-source authentication provides greater security for your network. When users connect to the Access Gateway using either a Web browser or Secure Access Client, users type their user name and the passwords for each authentication type.

Getting Service and Support

Citrix provides technical support primarily through the Citrix Solutions Network (CSN). Our CSN partners are trained and authorized to provide a high level of support to our customers. Contact your supplier for first-line support or check for your nearest CSN partner at http://www.citrix.com/support/. In addition to the CSN channel program, Citrix offers a variety of self-service, Web-based technical support tools from its Knowledge Center at http://support.citrix.com/. Knowledge Center features include: A knowledge base containing thousands of technical solutions to support your Citrix environment An online product documentation library Interactive support forums for every Citrix product Access to the latest hotfixes and service packs

Chapter 1 Introduction

Security bulletins Online problem reporting and tracking (for users with valid support contracts)

Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organizations Citrix products.

Subscription Advantage
Subscription Advantage gives you an easy way to stay current with the latest server-based software functionality and information. Not only do you get automatic delivery of feature releases, software upgrades, enhancements, and maintenance releases that become available during the term of your subscription, you also get priority access to important Citrix technology information. You can find more information on the Citrix Web site at http://www.citrix.com/services/ (select Subscription Advantage). You can also contact your Citrix sales representative or a member of the Citrix Solutions Network for more information.

Knowledge Center Watches

The Citrix Knowledge Center allows you to configure watches. A watch notifies you if the topic you are interested in was updated. Watches allow you to stay notified of updates to Knowledge Base or Forum content. You can set watches on product categories, document types, individual documents, and on Forum product categories and individual topics. To set up a watch, log on to the Citrix Support Web site at http://support.citrix.com. After you are logged on, in the upper right corner, click My Watches and follow the instructions.

Education and Training

Citrix offers a variety of instructor-led training and Web-based training solutions. Instructor-led courses are offered through Citrix Authorized Learning Centers (CALCs). CALCs provide high-quality classroom learning using professional courseware developed by Citrix. Many of these courses lead to certification. Web-based training courses are available through CALCs, resellers, and from the Citrix Web site. Information about programs and courseware for Citrix training and certification is available from http://www.citrix.com/edu/.

Getting Started with Citrix Access Gateway

Related Documentation
For additional information about the Access Gateway, refer to these documents: Access Gateway Administrators Guide Access Gateway Pre-Installation Checklist Access Gateway Readme

For additional information about Advanced Access Control, refer to these documents: Advanced Access Control Administrators Guide Upgrade Guide for Advanced Access Control Advanced Access Control Readme

C HAPTER 2

Installing the Access Gateway

Citrix Access Gateway is a universal SSL virtual private network (VPN) that provides secure, always on, single-point-of-access to any information resource. It combines the best features of IP Security (IPSec) and typical SSL VPNs without the costly and cumbersome implementation and management to make access easy for users, secure for the company, and low cost for IT administrators. Key features include: Hardened appliance that supports up to 2000 concurrent users at 300 megabits per second (Mbps) Supports all applications and protocols, including Voice over IP Industry standard encryption that secures and protects information with SSL/TLS encryption Desk-like access provides users with the same network and application access as if they are physically connected to the network Integrated endpoint security provides a combination of logon time and continuous real-time monitoring to ensure that the device is safe to remain connected to the network Integration with Citrix Presentation Server providing integrated secure gateway functionality and support for Presentation Server-hosted applications Integration with Advanced Access Control providing secure, single-point access to any enterprise resource, including email, applications, network file services, Internet and intranet sites, and documents

The Access Gateway installs in any network infrastructure without requiring changes to the existing hardware or back-end software. It works with other networking products such as server load balancers, cache engines, firewalls, routers, and IEEE 802.11 wireless devices. Installed in the corporate demilitarized zone (DMZ), the Access Gateway participates on two networks: a private network and a public network with a publicly routable IP address. The Access Gateway can also partition local area

10

Getting Started with Citrix Access Gateway

networks internally in the organization for access control and security between wired or wireless and data and voice networks.

Note For detailed information about Access Gateway configuration and security considerations, see the Access Gateway Administrators Guide. If you are using Advanced Access Control, see the Advanced Access Control Administrators Guide.
The following topics describe how to prepare for and perform the installation of the Access Gateway: Preparing for Installation Setting Up the Access Gateway Hardware

Preparing for Installation

To install the Access Gateway, verify that the contents of the box match the packing list. If an item on the packing list is missing from the box, contact Citrix Customer Care.

Materials and Information Needed for Installation

Before installing the Access Gateway, collect materials for the initial configuration and for the connection to your network. For initial configuration, use one of the following setups: A cross-over cable and Windows computer Two network cables, a switch, and a Windows computer A serial cable and a computer with terminal emulation software

For a connection to a local area network, use the following items: One network cable to connect the Access Gateway inside of a firewall or to a server load balancer Two network cables to connect the Access Gateway located in the demilitarized zone (DMZ) to the public and private networks

Collect the following network information: If locating the Access Gateway inside the firewall, identify the Access Gateway internal and external IP addresses and subnet masks

Chapter 2 Installing the Access Gateway

11

The IP address of your firewall (the default gateway device) The port to be used for connections

If the Access Gateway is in the DMZ: The Access Gateway internal IP address and subnet mask The Access Gateway external IP address and subnet mask The Access Gateway external IP address or host name for network address translation (NAT) The IP address of your firewall (the default gateway device) The port to be used for connections If the Access Gateway is in front of a router and you want to create static routes rather than having the Access Gateway listen for dynamic routes

If connecting the Access Gateway to a server load balancer: The Access Gateway IP address and subnet mask The IP address of the server load balancer (the default gateway device) The fully qualified domain name (FQDN) of the server load balancer to be used as the External Public Address of the Access Gateway The port to be used for connections

Note The Access Gateway does not work with Dynamic Host Configuration Protocol (DHCP). The Access Gateway requires the use of static IP addresses.

Setting Up the Access Gateway Hardware

This section provides procedures for setting up the Access Gateway for the first time. For more information about the materials and equipment needed to set up the Access Gateway, see Materials and Information Needed for Installation on page 10.

12

Getting Started with Citrix Access Gateway To physically connect the Access Gateway

1.

Install the Access Gateway in a rack if it is rack-mounted. For more information, see Access Gateway Rack Mounting Kit on page 23.

2. 3.

Connect the power cord to the AC power receptacle. Choose one of the following ways to perform the initial configuration of the Access Gateway. The preconfigured IP address of the Access Gateway is 10.20.30.40.

Access Gateway connection options using a cross-over cable, a network switch, or terminal emulation
To connect the Access Gateway using network cables

If you use a cross-over cable or two network cables and a switch, power on the Access Gateway. After about three minutes, the Access Gateway is ready for its initial configuration with your network. Continue with Using the Access Gateway Administration Tool on page 14.
To connect the Access Gateway using a serial cable

1.

Connect the null-modem cable to the 9-pin serial port on the Access Gateway and connect the cable to a computer that is capable of running terminal emulation software. On the computer, start a terminal emulation application such as HyperTerminal. Set the serial connection to 9600 bits per second, 8 data bits, no parity, 1 stop bit. Hardware flow control is optional. Turn on the Access Gateway. The serial console appears on the computer terminal after about three minutes.

2. 3. 4.

Chapter 2 Installing the Access Gateway

13

5. 6.

On the serial console, enter the default administrator credentials. The user name is root and the default password is rootadmin. To set the IP address and subnet mask and the default gateway device for Interface 0, type 0 and press Enter to choose Express Setup. After you respond to the prompts, the information you entered appears. To commit your changes, type y; the Access Gateway restarts. To verify that the Access Gateway can ping a connected network device, type 1 and enter the IP address of the device. Remove the serial cable and connect the Access Gateway to a Windows computer using either a cross-over cable or network cable and then turn on the Access Gateway. Configure the Access Gateway using the Administration Tool.

7. 8.

9.

Using the Access Gateway Administration Portal

The Administration Portal allows you to make basic configuration changes. On the Administration Portal, you can: Change the administrator password Upload licenses Download documentation Modify portal page templates Modify a sample email for end users View Access Gateway logs Upload certificates Upload a saved configuration or a software upgrade Save the Access Gateway configuration Restart and shut down the Access Gateway

To access the Administration Portal

1.

From a Web browser on the computer connected to the Access Gateway, enter the default Web address of https://10.20.30.40:9001. The administration port is 9001. If a certificate is not installed on the Access Gateway, a security alert dialog box appears. Click Yes. The Access Gateway Administration Portal appears.

2.

14

Getting Started with Citrix Access Gateway

If you see a Security Warning dialog box, click Yes to download the required ActiveX Helper client. 3. When prompted, enter root for user name and rootadmin for password.

ActiveX Helper
When the user connects to the Web Interface portion of the Access Gateway and logs on, net6helper.cab, an ActiveX control is installed. This file provides three main functions: It launches the client from the Web page instead of having to manually download the executable and then launching the Secure Access Client. It performs pre-authentication checks for the Web page. It provides single sign-on for the full client. When the Secure Access Client is started from the Web page, the Secure Access Client does not prompt the user to log on again.

Using the Access Gateway Administration Tool

Citrix Access Gateway is configured using the Access Gateway Administration Tool. The Administration Tool is installed on a Windows computer in the secure network and configures the Access Gateway settings, such as network configuration and user groups. When complete, settings can be published to all installed Access Gateway appliances. In addition, the Administration Tool makes it easy for you to configure network settings, authentication, users, and group policies. The Administration Tool is installed from the Access Gateway Administration Portal.
To install the Administration Tool

1. 2. 3.

In the Access Gateway Administration Portal, click Downloads. Under Administration, click Download Administration Tool Installer. The Administration Tool is installed on your computer. To open the Administration Tool, on the desktop, double-click the icon.

Note If you are upgrading to Version 4.2 from previous versions, uninstall the Administration Tool before installing the new version. To uninstall the Administration Tool, use Add/Remove Programs in Control Panel.

Chapter 2 Installing the Access Gateway

15

Configuring the Access Gateway for Your Network

Follow one of the procedures below to configure the network settings. The following three graphics show the most common configurations:

Access Gateway located inside the firewall

Access Gateway located in the DMZ

16

Getting Started with Citrix Access Gateway

Access Gateways deployed behind a server load balancer

Note You do not need to restart the Access Gateway until you complete all configuration steps.
To configure network settings inside the firewall or behind a server load balancer

1. 2. 3. 4.

In the Access Gateway Administration Tool, click the Access Gateway Cluster tab and then click the Networking tab. Select Use only interface 0 and in IP Address, type the Access Gateway internal IP address for Interface 0. In Subnet mask, type the value. Click Submit.

Chapter 2 Installing the Access Gateway To configure network settings if the Access Gateway is in the DMZ

17

1. 2.

In the Access Gateway Administration Tool, click the Access Gateway Cluster tab and then click the Networking tab. Select Use both interfaces and in IP Address, type the IP address for Interface 0, the external connection, and for Interface 1, the internal connection. In Subnet Mask, type the value for both interfaces. Click Submit.

3. 4.

For any of those configurations, you can also enter the following information: In External Public IP or FQDN, type the Access Gateway external IP address or host name. In VPN Port, the default port is 443. Under Default Gateway, in IP Address, type the IP address of the default gateway device, such as the main router, firewall, or server load balancer. This is the same as the Default Gateway setting on computers on the same subnet. On the Name Service Providers tab, enter your DNS and WINS servers and then click Submit. If the Access Gateway is in the DMZ and is in front of a router, click the Routes tab. If your site uses Routing Information Protocol (RIP), select Dynamic Routing so that the Access Gateway can use your routing tables. Otherwise, configure a static route so the Access Gateway can reach subnets that are not automatically available through your Default Gateway. Click Submit.

After configuring the Access Gateway settings, restart the appliance.

To restart the Access Gateway

1. 2. 3.

In the Administration Tool, click the Access Gateway Cluster tab. On the Administration tab, next to Restart the server, click Restart. -orIn the Administration Portal, click Maintenance. Next to Restart the Server, click Restart.

The computer will lose the connection to the Access Gateway. Connect the 10/100 RJ45 NIC connector(s) located on the Access Gateway back panel to your network, according to the configuration you decided to use in Step 1.

18

Getting Started with Citrix Access Gateway

Installing Licenses
When you purchase the Access Gateway, license codes are delivered to you by email or appear on the license card in the Connection License Pack. These licenses are also available from the MyCitrix Web site at http://www.mycitrix.com.
To download licenses from the Citrix Web site

Click Licensing > Citrix Activation System > View Purchased Licenses. If you are a Subscription Advantage customer, use the Licensing > Fulfillment menu on the MyCitrix Web site to obtain the licenses and download the latest product image. If you received an email, follow the instructions contained in the email to download your license file(s). For deployments of Access Gateway that include Advanced Access Control, copy the license file to your license server using the License Management Console. If using the Access Gateway without Advanced Access Control, upload the license file directly to the appliance.

Important Citrix recommends that you retain a local copy of all license files that you receive. When you save a backup copy of the configuration file, all uploaded license files are included in the backup. If you need to reinstall the Access Gateway server software and do not have a backup of the configuration, you will need the original license files.
To install a license file on the Access Gateway

1. 2. 3.

In the Administration Tool, click the Access Gateway Cluster tab and then click the Licensing tab. Click Browse and locate the .lic file that you want to upload. Click Open to upload the license file.

Note You can also install the license file using the Administration Portal.

Chapter 2 Installing the Access Gateway

19

Testing Your Configuration

To test your configuration, create a test user and then log on using the credentials that you set up for the user.
To test your configuration

1. 2. 3. 4. 5.

Open the Administration Tool. Click the Access Policy Manager tab. Right-click the Local Users folder in the left pane and click New User. In the Username dialog box, type a user name, the password twice, and click OK. In a Web browser, type the address of the Access Gateway using either the IP address or fully qualified domain name (FQDN) to connect to either the internal or external interface. The format should be either https://ipaddress or https://FQDN. Type the logon credentials. The Access Gateway Secure Access page appears. Click My own computer and then click Connect. The Secure Access Client connection icon appears in the notification tray, indicating a successful connection.

6. 7.

The initial configuration is complete. You can connect to all of your network resources, such as email, Web servers, and file shares as if you are in the office. To test the connection, try connecting to the applications and resources that are available from the corporate network. Refer to the online Help and the Access Gateway Administrators Guide for detailed information about the many configuration and customizing options for the Access Gateway.

Firewall Configuration
Configure your firewall so that the port is open for the external IP address of the Access Gateway. The default port is 443. Map the external IP address of the Access Gateway to its internal IP address. For specific information about configuring your firewall, see the manufacturers documentation.

20

Getting Started with Citrix Access Gateway

Access Gateway Configuration Using Advanced Access Control

If you purchased the Access Gateway with Advanced Access Control, you must enable the Access Gateway to communicate with the Advanced Access Control and turn on its granular access control features. To do this, in the Access Gateway Administration Tool, select Advanced Access Control to manage settings for the gateway cluster(s) in your access server farm. Afterward, you can use the Administration Tool to manage appliance-specific settings only.

Caution When you select the Advanced Access Control for managing the Access Gateway global settings, the corresponding settings in the Administration Tool are deactivated and any existing configuration values are removed. If you configured these settings with the Administration Tool before selecting the Advanced Access Control, you must configure these settings again using the Access Suite Console. For more information about configuring these settings in the console, see the Advanced Access Control Administrators Guide.
If you disable administration with the Advanced Access Control, settings in the Access Suite Console are deactivated and existing configuration values are removed.
To enable Advanced Access Control

1. 2.

On the Access Gateway Cluster tab, select an Access Gateway, and click the Advanced Options tab. Do one of the following: If the Access Gateway is going to be configured using the Administration Tool, select The Administration Tool - configures appliances only and then click Submit. If the Access Gateway is going to be configured using the Access Suite Console, select Advanced Access Control - includes an access server farm. Continue with Steps 4 through 8.

3. 4. 5.

Select Get Appliance Configuration from Advanced Access Server. In Server running Advanced Access Control, type the IP address or FQDN of the server that is running the Access Suite Console. In Advanced Access Control Logon Agent Root, type the path to the logon point virtual directory. The default is /CitrixLogonPoint.

Chapter 2 Installing the Access Gateway

21

For more information about the Logon Point, see the Advanced Access Control Administrators Guide. 6. 7. To encrypt communication between the Access Gateway and the server running Advanced Access Control, select Secure server communication. Click Submit.

The server or servers that are configured to connect to the Access Gateway are listed in Advanced Access Control Servers. To remove a server from the list, select the server and then click Remove.

Third-Party Software
Citrix recommends that you do not install any third-party software on the Access Gateway. The installation of third-party software is not supported.

22

Getting Started with Citrix Access Gateway

C HAPTER 3

Access Gateway Rack Mounting Kit

The Access Gateway Rack Mounting Kit is used to install the Access Gateway in a four-post or two-post rack. This chapter describes installing the Access Gateway in a rack. The rack-mounting kit includes two sets of rail assemblies, two rail mounting brackets, and the mounting screws that you need to install the system into the rack. Follow the steps in the order given to complete the installation process in a minimum amount of time. Read this chapter in its entirety before you begin the installation.

Separating the Rail Sections

Each of the rail assemblies consist of two sections: an inner fixed chassis rail that secures to the Access Gateway (A) and an outer fixed rack rail that secures directly to the rack itself (B), as illustrated below. A sliding rail guide sandwiched between the two should remain attached to the fixed rack rail. The rails must be separated to begin the installation.

Separating the rails and the mounting holes in the Access Gateway

24

Getting Started with Citrix Access Gateway To separate rails A and B

1.

Pull the fixed chassis rail (A) out as far as possible you will hear a click as a locking tab emerges from inside the rail assembly and locks the inner rail. Depress the locking tab to pull the inner rail completely out. Do this for both the left and right side rack rail assemblies.

2.

Connecting the Chassis Rails to the Access Gateway

Both chassis rails have a locking tab that serve two functions. The first function is to lock the Access Gateway into place when installed and pushed fully into the rack, which is its normal position. The second function is to lock the server in place when the rail is fully extended from the rack. This prevents the server from coming out of the rack when you pull it out for servicing.
To connect the chassis rails to the Access Gateway

1.

Position the fixed chassis rail sections (A) that you just removed along the side of the server, making sure the five screw holes align. Note that the right and left rails are specific. Screw the rail securely to the side of the chassis, as illustrated below. Repeat this procedure for the other rail on the other side of the chassis. If you are installing the server in a two-post rack, also attach the rail brackets.

2. 3. 4.

Chapter 3 Access Gateway Rack Mounting Kit

25

Connecting the rails to the Access Gateway

Connecting the Rack Rails to the Rack

Determine where you want to place the Access Gateway in the rack. Position the fixed rack rail/sliding rail guide assemblies (B) at the desired location in the rack Screw the assembly securely to the rack using the brackets provided. Attach the other assembly to the other side of the rack, making sure that both are at the same height and the rail guides are facing inward.

Installing the Access Gateway in a Four-Post Rack

You now have the rails attached to both the Access Gateway and the rack unit. The next step is to install the Access Gateway in the rack.
To install the Access Gateway in a four-post rack

1. 2.

Line up the rear of the chassis rails with the front of the rack rails. Slide the chassis rails into the rack rails, keeping pressure even on both sides. You may have to depress the locking tabs while inserting the Access Gateway. Refer to the illustration below. When the Access Gateway is pushed completely into the rack, you will hear the locking tabs click.

26

Getting Started with Citrix Access Gateway

3.

Finish by inserting and tightening the thumbscrews that hold the front of the Access Gateway to the rack.

Inserting the Access Gateway in a four-post rack

Installing the Access Gateway in a Two-Post Rack

If you are installing the server in a two-post (Telco) rack, follow the directions given on the previous pages for rack installation. The only difference in the installation procedure is the positioning of the rack brackets to the rack. Space them apart just enough to accommodate the width of the Telco rack, as illustrated below.

Chapter 3 Access Gateway Rack Mounting Kit

27

Installing the Access Gateway in a two-post (Telco) rack

28

Getting Started with Citrix Access Gateway

C HAPTER 4

Specifications and BIOS Self-Test Messages

This chapter reviews the hardware specifications of the Access Gateway and the BIOS self-test messages.

30

Getting Started with Citrix Access Gateway

Specifications
Processor Memory Power supply Maximum BTU/hr System cooling fan Drive bay Drives Network adapters System monitoring Chassis size Accessories Pentium 4 2.8Ghz HyperThreading 800MHz front side bus 1 gigabyte (GB) PC3200 (400MHz) 260W, 12V+ 887.15 1 x 10cm blower fan 1 x 3.5 inch internal drive bay; 40 GB 1 x Slim 32x CD-ROM drive 1 x 3.5 inch 1.44MB floppy drive Dual Intel gigabit network adapters LED indicators for power on, network activity, IDE HDD activity, overheat warning, and drive failure 16.7 inches x 1.7 inches x 14 inches (1RU) Rack-mounting kit

BIOS Self-Test Messages

During the Power-On Self-Test (POST), the BIOS checks for errors. If the BIOS detects an error that requires correction, the BIOS activates an alarm or displays a message, as follows: POST beep codes A single long beep followed by two short beeps indicates that a video error occurred and that the BIOS cannot initialize the video screen to display any additional information A single long beep that sounds repeatedly indicates that a Rambus error occurred

Error messages If a message is displayed, it will be accompanied by the following: PRESS F1 TO CONTINUE, CTRL-ALT-ESC OR DEL TO ENTER SETUP. One or more of the following messages may appear if the BIOS detects an error during the POST. This list includes messages for both the ISA and the EISA BIOS.

APPENDIX A

Chapter 4 Specifications and BIOS Self-Test Messages

31

CMOS BATTERY HAS FAILED. The CMOS battery is no longer functional. Replace the battery. CMOS CHECKSUM ERROR. The CMOS checksum is incorrect. This can indicate that CMOS is corrupted. This error might be the result of a weak battery. Check the battery and replace if necessary. DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER. No boot device was found. This could mean that either a boot drive was not detected or the drive does not contain the proper system boot files. Insert a system disk into drive A and press Enter. If you expected the system to restart from the hard drive, make sure the controller is inserted correctly and all cables are properly attached. Also make sure the disk is formatted as a boot device. Then restart the system. DISKETTE DRIVES OR TYPES MISMATCH ERROR - RUN SETUP. The type of diskette drive installed in the system is different from the CMOS definition. Run Setup to reconfigure the drive type correctly. DISPLAY SWITCH IS SET INCORRECTLY. The display switch on the motherboard can be set to either monochrome or color. This indicates that the switch is set to a different setting than indicated in Setup. Determine which setting is correct, and then either turn off the system and change the jumper or enter Setup and change the VIDEO selection. DISPLAY TYPE HAS CHANGED SINCE LAST BOOT. Since last turning off the system, the display adapter was changed. You must configure the system for the new display type. ERROR ENCOUNTERED INITIALIZING HARD DRIVE. The hard drive cannot be initialized. Be sure the adapter is installed correctly and all cables are correctly and firmly attached. Also be sure the correct hard drive type is selected in Setup. ERROR INITIALIZING HARD DISK CONTROLLER. Cannot initialize the controller. Make sure the cord is correctly and firmly installed in the bus. Be sure the correct hard drive type is selected in Setup. Also check to see if any jumper needs to be set correctly on the hard drive. KEYBOARD ERROR OR NO KEYBOARD PRESENT. Cannot initialize the keyboard. Make sure the keyboard is attached correctly and no keys are being pressed during start up. If you are intentionally configuring the system without a keyboard, set the error halt condition in Setup to HALT ON ALL, BUT KEYBOARD. This causes the BIOS to ignore the missing keyboard and continue to start.

32

Getting Started with Citrix Access Gateway

Memory Address Error at ... Indicates a memory address error at a specific location. You can use this location along with the memory map for your system to find and replace the faulty memory chips. Memory parity Error at ... Indicates a memory parity error at a specific location. You can use this location along with the memory map for your system to find and replace the faulty memory chips. Memory Verify Error at ... Indicates an error verifying a value already written to memory. Use the location along with your systems memory map to locate the faulty chip. OFFENDING ADDRESS NOT FOUND. This message is used in conjunction with the I/O CHANNEL CHECK and RAM PARITY ERROR messages when the segment that caused the problem cannot be isolated. OFFENDINGSEGMENT. This message is used in conjunction with the I/O CHANNEL CHECK and RAM PARITY ERROR messages when the segment that caused the problem is isolated. PRESS A KEY TO REBOOT. This is displayed at the bottom of the screen when an error occurs that requires you to restart. Press any key and the system will restart. PRESS F1 TO DISABLE NMI, F2 TO REBOOT. When BIOS detects a Nonmaskable Interrupt condition during start, this allows you to disable the interrupt condition and continue to start, or you can restart the system with the interrupt condition enabled. RAM PARITY ERROR - CHECKING FOR SEGMENT ... Indicates a parity error in random access memory (RAM). SYSTEM HALTED, (CTRL-ALT-DEL) TO REBOOT ... Indicates the present start attempt is aborted and the system must be restarted. Press and hold down the CTRL+ALT+DEL keys.
Hard Disk(s) fail (80) HDD reset failed. Hard Disk(s) fail (40) HDD controller diagnostics failed. Hard Disk(s) fail (20) HDD initialization error. Hard Disk(s) fail (10) Unable to recalibrate fixed disk. Hard Disk(s) fail (08) Sector Verify failed.

Keyboard is locked out - Unlock the key. BIOS detected that the keyboard is locked. P17 of the keyboard controller is pulled low.

Chapter 4 Specifications and BIOS Self-Test Messages

33

Keyboard error or no keyboard present. Cannot initialize the keyboard. Make sure that the keyboard is attached correctly and no keys are being pressed during start up. Manufacturing POST loop. The system repeats the POST procedure infinitely while P15 of the keyboard controller is pulled low. This is also used for M/B burn in testing. BIOS ROM checksum error - System halted. The checksum of ROM address F0000H-FFFFFH is faulty. Memory test fail. BIOS reports a memory test failure if the onboard memory has an error.

34

Getting Started with Citrix Access Gateway