In this page you may configure which port to use for 2X Client Gateway service while you may also enable or disable RDP and Citrix services.

The 2X Client Gateway Port (default TCP 80) is used to tunnel all 2X traffic over this port. The traffic that can be tunneled through this port include the 2X Publishing Agent traffic (load balanced application and desktop publishing), HTTP Server and RDP traffic. 2X Client Gateway Port is also used to tunnel secure connections (SSL) over the same port.

The RDP Port (default TCP 3389) is used for clients who require basic load balanced desktop sessions. Connections on this port do not support published items.

The Citrix Port (default TCP 1494) is used for the incoming Citrix connections which will be forwarded to the configured Citrix servers according to the load balancing configuration. To disable this service, you may uncheck the check box in front of ‘Citrix Port’.

Enable ‘Broadcast 2X Client Gateway Address’ checkbox to broadcast of the 2X Client Gateway address., and 2X Clients will be able to auto find their primary server (2X Client Gateway address).

NOTE: RDP Port cannot be used if the machine on which the 2X Client Gateway is installed has terminal services enabled.

NOTE: You can change the port to any number you may want, as long as it does NOT conflict with any other application using the same port you choose.

Advanced Client Gateway Settings

2X Client Gateway tunnels all 2X traffic needed by 2X applications on a single port. This gateway service gives the ability to the System Administrator to tunnel the Terminal Servers (RDP), HTTP Server (81) and 2X Publishing (20002) over one port which by default is configured to port 80.

To configure the Advanced Client Gateway Setting, you’ll need to assign a port number in the ‘Client Gateway port’ which by default is configured to port 80 (make sure that this port is not being used by another service) and then click the ‘Advanced’ button to configure the HTTP Server, and 2X Publishing Agent.

This Advanced dialog allows you configure where is the HTTP server and the 2X Publishing Agent.

These services may be running on other Servers, and in this case you’ll have to configure each setting with the correspondent IP address or computer name.

E.g. HTTP Server: webserver.internal.mycomapny:81

Advanced Client Gateway (Multiple 2X Client Gateways)

2X offers the solution to install multiple 2X Client Gateways. These solutions offer a lot of flexibility to the Administrators in such situations as displayed in the above diagram.

As displayed in the diagram below, both 2X Client Gateways are configured to forward requests to the same 2X Publishing Agent.

On each 2X Client Gateway, one should configure the Advanced Client Gateway settings and configure the 2X Publishing Agent.

One may also add additional 2X Publishing Agents by separating them with a semi colon or click on the drop down arrow ‘

’ which will open up a new window to allow you to enter more 2X Publishing Agents as displayed in the figure below.

The first publishing agent in the Servers list will be used by default. In the event that the first 2X Publishing Agent fails to respond, the next 2X Publishing Agent will be used.

NOTE: 2X Terminal Server Agents cannot be assigned to multiple 2X Publishing Agents. Therefore each 2X Publishing Agent should have each unique group of Terminal Servers. For more advanced and alternative scenarios and solutions please read 2X Server Based Computing Guide.

In order to install 2X Client Gateway, select ‘Multiple Terminal Server’ in the Installation Type and check ‘2X Client Gateway’ option.

Please refer to the chapter entitled “Installing 2X ApplicationServer & LoadBalancer console” for more information about how to install the 2X Client Gateway.

Advanced Client Gateway (Forwarding Mode)

2X Client Gateway can forward requests to next Client Gateway in chain (Cascaded Firewall). With this option enabled the 2X Client Gateway installed on this machine [GATEWAY 1] (default running on port 80) will forward the requests to the next Client Gateway [GATEWAY 2] configured in the 'Forwarding Client Gateway(s) list.

NOTE: All ports must be the same on each 2X Client Gateway. Therefore if 2X Client Gateway on server A is listening on port 80 and is configured to forward the requests to 2X Client Gateway on server B, server B should be configured to listen on port 80. This also applies for the Citrix port (default 1494) and SSL (default 443).

NOTE: In order to install 2X Client Gateway, select ‘Multiple Terminal Server’ in the Installation Type and check ‘2X Client Gateway’ option.

Please refer to the chapter entitled “Installing 2X VirtualDesktopServer” for more information about how to install the 2X Client Gateway.

NOTE: If you have problems to start the service, check the Log File and Event Viewer for more information. Please note that if the configured 2X Client Gateway port is assigned with another service, the 2X Client Gateway Service will not be able to start the service. In this case you must either configure the default port (80) to another port or configure the other service to use another port.

Users will not be able to connect through the gateway if this service is stopped. Note that all connections running through 2X Client Gateway Service will be dropped if the service is stopped or restarted.

Bind Gateway to an IP Address

In the Advanced Client Gateway Settings it is also possible to bind the Gateway with certain IP. This feature gives the ability to the Administrator to open 2X Client Gateway port (default port 80) on certain IP instead of opening 2X Client Gateway port on all available addresses.

Security

In this Client Gateway page you can enable Secure sockets Layer (SSL). In SSL mode, the 2X Client Gateway provides end-to-end SSL encryption to your terminal servers.

If you want your clients to connect to the 2X Client Gateway using SSL, make sure you click on ‘Use SSL’. In this case a certificate and private key must be provided. You can use your own or simply click on ‘Create a new certificate...’ to create them. Enter all your information and the FQDN of your 2X ApplicationServer & LoadBalancer (Common name) and click ‘Generate new certificate...’.

NOTE: If clients are not able to connect with port 443 because of firewalls or other policies, they could also use the 2X Client Gateway port (default 80) to connect using SSL. 2X Client Gateway offers the facility to tunnel SSL traffic over port 80.

Publishing Agent

In this page you may configure which port to use for the publishing agent service. You may also configure the authentication options.

The 2X Publishing Agent Port (default TCP 20002) uses a specific port to pass information about the published applications available to its clients. The default port is TCP 20002. Make sure the 2X Client Gateway has access to this port otherwise it will not be able to retrieve the published applications list and load balance the application requests.

The 2X Terminal Server Agent Port (default TCP 20003) is used to communicate with the 2X Terminal Server Agents which should be installed on the Terminal Servers or Citrix MetaFrame Servers. The 2X Terminal Server Agent provides information to the 2X LoadBalancer and 2XApplicationServer over this port.

Authentication

To make sure that every single client authenticates against the 2X ApplicationServer & LoadBalancer to retrieve the list of published applications enable ‘Always require user credentials for application list’ checkbox.

To authenticate against a specific domain/workgroup you have to select the ‘domain’ radio button and enter the domain/workgroup required.

In case you want to select a new domain for authentication, simply click on ‘...’ button and select the new domain to be used. You can also use the ‘Default’ button to choose the default domain/workgroup used for authentication.

Select ‘All Trusted Domains’ if you want to authenticate with any trusted domain/workgroup.

By default ‘use client domain if specified’ is checked and this option will allow the user to specify the domain to authenticate in their client (2X ApplicationServer Client – General options - Domain). If the client does not specify any domain, and this option is enabled, the authentication is done with the domain specified in the Authentication panel as displayed in the above figure.

When this option is disabled, the clients will only authenticate with the domain specified in the domain field of the authentication panel on the server side.

We recommend you selecting ‘Always require User Credentials for application list’ so that all users must authenticate before acquiring the application list.

Make sure to click ‘Apply’ to activate the above settings.

NOTE: In case that you want to make authentication with a workstation which is not joined with a domain you can also authenticate with the local users of the workstation. In order to specify authentication with such a workstation you must enter [workgroup_name] / [machine_name]. Therefore if you would like to authenticate against a machine named ‘SERVER1’ and member of workgroup named ‘WORKGROUP’ you would have to enter: WORKGROUP/SERVER1 in the domain field.

NOTE: In order to avoid user filtering problems, it is suggested to use the NetBIOS name instead the FQDN in the domain field.

Deepnet Unified Authentication Platform

To add two-factor authentication to your 2X VirtualDesktopServer you can use Deepnet. Click on ‘Configure’ were a new window will open for you to input your Deepnet server settings.

First check the ‘Enable Deepnet Unified Authentication Platform’ if you want to use Deepnet.

Server Settings

Start by entering the ‘Server Settings’ which include the ‘Server’ hostname or IP and the Deepnet port which it is using. Click on ‘Check Connection’ for the application to see if the server is reachable. You can further secure the connection by enabling Secure Sockets Layer (SSL).

Your Deepnet server will probably contain different profiles for applications using Deepnet. Make sure that you select the ‘2X Application’ profile from the ‘Application’ selection in the configuration window.

Token

Users can use tokens to log in. To do this check ‘Create token for Domain Authenticated Users’ and then select what type of token you would like the users to use.

Backup Servers

In this page one can add Backup Servers so that if the Master server fails, the next server in the list takes over.

The backup servers can also be used as additional Client Gateways to distribute the load on the gateways.

Adding 2X Backup Servers

When 2X Publishing Agent is already in use one can ‘Take Over’ the server and use it as a backup server.

NOTE: If a 2X Publishing Agent is already in use it means that the particular server is already configured as a master server in another farm. Taking over this server would override any settings currently configured on the particular machine.

One can also use the ‘Add...’ button to manually add 2X Backup Server as shown in the figure below. After you’ve entered the name or the IP of the server to be used as a backup server click ‘Next’.

A status information message will give you guide what to do next. Usually you’ll have to install the 2X Backup Server by clicking the ‘Install...’ button. Then proceed with steps 3 – 5 done in the previous section. If an old version of 2X backup server is already installed one would have to update the server by clicking the ‘Update’ button.

NOTE: The ‘Install...’ button change according to the status of the selected server. In fact it will change to ‘Update...’ if an old version of the 2X Backup Server is found, while it will change to ‘Take Over’ if the selected server is already configured with a 2x Publishing Agent configured as a master server.

Modifying 2X Backup Servers

To change the properties of each backup server, select the particular server and click ‘Properties’. One can enable or disable the selected backup server while one can also install, update or uninstall the backup server from the properties dialog.

To delete a particular backup server, select the required server from the Backup Servers list and click ‘Delete’.

Each backup server in the list is given a priority. By default the local 2X Publishing Agent is given the Master priority and this cannot be changed. One can change the priority of the backup server.

To assign a higher priority in the backup list select the required backup server from the list and click ‘Move up’.

To assign a lower priority in the backup list select the required backup server from the list and click ‘Move Down’.

The Backup Server with priority configured as ‘Backup Server 1’ will be the first backup server to take over in case the Master Server is not available. Additional backup servers will take over in case ‘Backup Server 1’ is also not available according to their priority.

Promoting a Backup server to a Master Server

When the primary server cannot be recovered due to various reasons such as hardware failure or OS startup failure one can easily promote a 2X Backup Server to a Master server.

First launch the 2X Application Server & LoadBalancer console located in the backup server.

NOTE: When you add and install 2X Backup Servers, all the required files are automatically installed remotely on each backup server. Therefore to launch the 2X Console of a backup server, one can easily launch 2X Console located at “C:\Program Files\2X\ApplicationServer\2XConsole.exe”.

Secondly click ‘Promote to Master’ button to promote the current backup server as a Master Server. Promotion to a Master server needs reactivation of the products but this is done automatically and it requires an Internet connection.

Finally the 2X Terminal Server Agents will use this server (previously used as a 2X Backup server) as their Master server.

Connection Settings

Client Gateway