Using a new feature of NetScaler 11.1, you can now accomplish just that. This new feature is called AlwaysOn. Essentially, AlwaysOn is a VPN connection feature that automatically can sense when a user device is on or off the corporate network, and when necessary, builds or tears down a VPN tunnel as required.
A few key things to remember about AlwaysOn:
- AlwaysOn is a location based VPN. The NetScaler uses DNS resolution of “corporate” DNS suffixes. If they resolve to private IP addresses, the device assumes it is connected to the corporate LAN. If they resolve to public IP addresses, the device assumes it is outside the corporate firewall and a VPN tunnel is required.
- For businesses that are now requiring a VPN connection even while attached to the corporate network, AlwaysOn can be configured to always utilize a VPN tunnel for user connectivity inside and outside the firewall.
- The VPN client starts at device boot, but a VPN connection is not established until after local user logon – making this different than Microsoft DirectAccess.
- The AlwaysOn VPN configuration can be configured on a granular basis to allow users the ability to disconnect the VPN connection, or force them to stay connected.
- Citrix Endpoint Analysis (EPA) scans can be combined with AlwaysOn, providing even further granular control of what devices can connect through the VPN.