Citrix

Product Documentation



Download full document

Secure Browser Service

Jan. 31, 2017

Citrix Secure Browser Service is a service, delivered within Citrix Cloud, that provides simple and secure remote access to web applications. Administrators can now provide web applications in a specific browser version to users. For example, you can provide a web application in Internet Explorer to a Mac user. The same browsing experience occurs from any device users select.

If users access a web app by using Secure Browser, the app appears in the pre-determined browser within a Citrix Receiver for HTML5 session.

Users cannot enter a different URL within the session. The website does not directly transfer any data to or from the endpoint device, so the experience is secure.

Getting Started with Secure Browser Service

There are three options for publishing applications by using Secure Browser Service:

  • Unauthenticated external web apps
  • Authenticated external web apps
  • Internal web apps
Publishing authenticated external web apps and internal web apps require a resource location and a Citrix Cloud Connector. Also, for internal web apps, a NetScaler Gateway address is needed before creating the Secure Browser Service apps.

Security features include watermarking and URL whitelisting. Usage monitoring has also been enabled.

Using Secure Browser Service

For external unauthenticated web applications:

  1. From the Citrix Cloud home page, under Services, click Manage for Secure Browser Service. You are taken to the Secure Browser Overview page or the Manage page.
  2. To publish a web app from the Overview page, select Let's Get Started. To publish a web app from the Manage page, click Publish a Web App.
  3. Select the External Unauthenticated option.
  4. Give the web app a name.
  5. Specify the URL for the application you want to share.
  6. Choose the browser and version that provides the best experience from the drop-down.
  7. Choose the region of the VDA workload that hosts the browser.
  8. Click Publish.
  9. From the Manage tab, you can start the web app to test by clicking ...Action Menu and selecting Launch Web App.
  10. After you test the app, copy the URL in the browser to share with your users.

For external authenticated web applications:

  1. Ensure you set up a resource location and a Citrix Cloud Connector.
  2. On the Citrix Cloud home page, under Services, click Manage for Secure Browser Service. The Secure Browser Overview page or the Manage page appears.
  3. To publish a web app from the Overview page, select, Let's Get Started. To publish a web app from the Manage page, click Publish a Web App.
  4. Select the External Authenticated option.
  5. Give the web app a name.
  6. Specify the URL for the application you want to share.
  7. Select the browser and version that provides the best experience from the drop-down list.
  8. Select the region of the VDA workload that hosts the browser.
  9. Click Publish.
  10. On the Manage tab, a list of published apps appears and a prompt appears to add the web app to a Library to complete publishing. For more information about creating a Library, see "Assigning users and groups to service offerings using Library in Citrix Cloud."
  11. From the Manage tab, you can start the web app to test by clicking ...Action Menu and selecting Launch Web App.
  12. After you test the app, copy the URL in the browser to share with your users.

For internal web applications:

For more information about how to configure NetScaler Gateway, see "Configure NetScaler Gateway for Secure Browser Service."

  1. Ensure you set up a resource location and a Citrix Cloud Connector, along with configuring the NetScaler Gateway address.
  2. On the Secure Browser Service Manage page, select Settings.
  3. Provide the NetScaler Gateway address and then click Save Changes.
  4. To publish a web app from the Manage page, click Publish a Web App.
  5. Select the Internal option.
  6. Give the web app a name.
  7. Specify the URL for the application you want to share.
    Note: Internal web apps are supported on the Google Chrome browser only.
  8. Select the region of the VDA workload that hosts the browser.
  9. Click Publish.
  10. On the Manage tab, the published app appears and you receive a prompt to add the web app to a Library to complete publishing. For more information about creating a library, see "Assigning users and groups to service offering using Library in Citrix Cloud."
  11. On the Manage tab, you can start the web app to test by clicking the ...Action Menu and selecting Launch Web App.
  12. After you test the app, copy the URL in the browser to share with your users.

For more information about managing Libraries, see "Assigning users and groups to service offerings using Library in Citrix Cloud."

For more information about managing subscribers, see "What is Identity and Access Management?"

Enabling and Disabling Clipboard Functionality

The Clipboard security setting allows enabling or disabling Clipboard functionality within the published web application session. Clipboard functionality is enabled by default for all published web applications. To disable (or re-enable) this feature on a published web app, follow these steps.

  1. From the Secure Browser Service Manage page, select the ... Action Menu for the published internal or external authenticated web app you want to disable or enable the Clipboard functionality.
  2. Select Security Settings.
  3. Disable (or Enable) the Clipboard setting and click OK.

Disabling the clipboard functionality ensures that users cannot copy content in or out of the published web application session from or to the local endpoint machine. The Disable setting removes the Open Clipboard button from the Receiver for HTML5 toolbar.

Printing for Secure Browser Apps

You can enable printing for each published app. In a printing-enabled Secure Browser session, users can print web app content to their local printer by using the Citrix Receiver for HTML5 PDF printing feature. Users can start the print job by pressing CTRL+P and then selecting the Citrix PDF printer in the Print dialog box. The print job converts to a PDF file and opens on the user device. Users can then send the document to their local printer.

Note

If you enable the watermark feature for a published web app, then the printing feature is disabled.

To enable or disable printing

  1. On the Secure Browser Service Manage page, on the Manage tab, click the ellipsis (…) icon next to the published app and then select Security Settings.
  2. Enable or disable the Printing setting and then click OK.

Watermarking Published Web App Sessions

Watermarking published web applications is an advanced security feature available for external authenticated applications and internal applications. To enable this feature on a published web app, follow these steps.

  1. From the Secure Browser Service Manage page, select the ... Action Menu for the published internal or external authenticated web app you want to enable the watermark feature.
  2. Select Security Settings.
  3. Enable the Watermark setting and click OK.

URL Whitelisting

The URL whitelisting feature is available for internal and external authenticated web apps. This feature restricts users to visiting only whitelisted URLs within their published web app session.

  1. From the Secure Browser Service Manage page, select the web app ... Action Menu and Security Settings option.
  2. Enter the Whitelist entries following a <domain name>:<port number> format.

  3. For example, to set http://example.com as a whitelisted URL:

    example.com:* - This format allows connection to this URL from any port.
    example:80 - This format allows connection to this URL only from port 80.
    *:* - This format allows example.com to be accessed on any port and any links to the other URLs and ports on example.com

    Note: The *.* entry allows access to all external web apps from the published app. This format is the default setting for the external web apps URL whitelist field.

  4. You can specify multiple entries by entering each entry on a new line.

Usage Monitoring

To monitor the usage of the web apps, go to the Usage tab from the Secure Browser Service page. The Summary shows you:

  • Number of initiated sessions
  • Number of hours used
Clicking Export to CSV and selecting a timeframe provides a spreadsheet with usage details.

Secure Browser Navigation

When in a web app, users can navigate back or forward by using the local browser navigation controls. During a session, if users click either the back or forward buttons, the HDX protocol transmits the request to the remote browser session

Note

If users start a session on an iOS device in a Chrome browser, browser navigation does not work. Navigation does work in either the Safari or Firefox web browser.

Back to Top