Subtitles of the Movie

This is Citrix Access Gateway Advanced Edition 4.5 and in this video we're going to discuss Logon Point Administration. So we've gone through all of the trouble of setting up our Logon Points, and we've shown you how to deploy the Logon Points, and now we're going to show you some of the basic Administrative tasks that you can do with your Logon Points. Now if you'll remember that Logon Points are really administered through two different pieces of software; you have the Access Management Console that you used to actually set up the Logon Points, set the Policies and the Filters for the Logon Points, and then you also have the Access Gateway Server Administration Tool, which you use to deploy the Logon Points and remove Logon Points, et cetera So, you'll notice we have, under our Logon Points node here on the left, we have two Logon Points. We have our Engineering and we have our SampleLogonPoint, which is the Default Logon Point. Now what is the Default Logon Point? The Default Logon Point is used when you use your Advanced Access Control Server, which is what this Access Gateway Server is, with an Access Gateway appliance, which is the VPN appliance that is required for full VPN connections to the network. The Logon Point that is set as the Default Logon Point is the Logon Point that comes up if you just type HTTPS and the appliance name. For example, if we had an Access Gateway appliance named Appliance A, if we were to open up a Web Browser and go to https:/ /appliancea.vtctraining.com, we would get the SampleLogonPoint the way it's currently configured. If we were to set the Engineering Logon Point as the Default Logon Point we would get the Engineering Logon Point. Remember this is only used with the Access Gateway appliance. This does not apply to the Access Control Server, or the Web Server that we're running our software on, simply because you always have to specify the full paths to the Logon Point when you're accessing it through the IIS server. To change the Default Logon Point, it's very straightforward. You right-click the Logon Point and you'll tell it: Set as Default. And this is a confirmation box that says: This is not externally visible. If you make it Default the properties will change to allow it to be visible externally. Are you sure you want to make it the Default? If we click Yes we'll notice that it changes and the property that it talks about changing, if we right-click and we choose to Edit the Logon Point, is this visibility option here. If you'll remember this from where we set up the Logon Point. If that is not checked by default when you make it the Default Logon Point then that Logon Point is set to be visible externally. So not that we have our Engineering Logon Point, let's say we wanted to delete the SampleLogonPoint. A lot of administrators would simply say: Well, I don't need this Logon Point anymore. I'll just right-click and choose to Delete the Logon Point. Are you sure? Yeah. I'm sure, and you get the message that the Logon Point cannot be deleted as it is being referenced. The Access Management Console doesn't clean up after itself very well in my opinion. Normally if you deleted this Logon Point then it should, logically, go back to all of the policies and all the filters that reference this Logon Point and just remove it from those filters. Unfortunately this version of the software and the latest version, which has just been released shortly before this video went to recording, does not do that for you. You have to do this manually, which can be kind of a pain if you have several resources set up. Obviously if you click this Details, it'll tell you which filters it's being referenced in, so at least you don't have to go looking for this Logon Point in every single filter. It is nice enough to tell you which filters you have to go modify, but you still have to go modify each of these filters separately. Now, let's go and modify, for example, the Machine Domain Validation Filter, and remove the Default Logon Point. We go under Filters, we right-click the filter in question, and we choose to Edit Filter. If you go to the Logon Points tab, here's the selected Logon Points, and here's all the available Logon Points, we simply remove the Sample and we add the Engineering, and now that Machine Domain Validation filter does not run against the SampleLogonPoint anymore, it runs against the Engineering Logon Point. Now I've gone through the Access Management Console and removed the SampleLogonPoint from all of this referenced resources and Endpoint Analysis et cetera So, now I'm actually going to be able to delete this from the Citrix Access Management Console. Right-click, choose to Delete the Logon Point. Are you sure you wish to delete it? And like magic it disappears. However, if we go and look at the Directory on the Access Control Server we'll see that the SampleLogonPoint is still there, and in fact our Engineering Logon Point is not deployed. So, let's go into the Server Configuration and if we go to the Configured Logon Points you'll see that the Server Configuration sees the SampleLogonPoint but it tells us that that Logon Point has been deleted and so you cant use that particular folder. In that case you'll click this and you'll click Remove. That removes the Logon Point from this server and we'll go ahead and Deploy the Engineering Logon Point and if we look in this Directory we'll see that removing the SampleLogonPoint using the Server Configuration Tool actually removes the directory for us, and deploying the Engineering Logon Point, obviously puts the Engineering Folder on their forest. And this concludes our discussion of Logon Point Administration.