Rendezvous V2
When using the Citrix Gateway service, the Rendezvous protocol allows traffic to bypass the Citrix Cloud Connectors and connect directly and securely with the Citrix Cloud control plane.
There are two types of traffic to consider:
- Control traffic for VDA registration and session brokering.
- HDX session traffic.
Rendezvous V1 allows for HDX session traffic to bypass Cloud Connectors, but it still requires Cloud Connectors to proxy all control traffic for VDA registration and session brokering.
Standard AD domain joined machines and non-domain joined machines are supported for using Rendezvous V2 with single-session and multi-session macOS VDAs.
With non-domain joined machines, Rendezvous V2 allows both HDX traffic and control traffic to bypass the Cloud Connectors.
Requirements
The requirements for using Rendezvous V2 are:
- Access to the environment using Citrix Workspace and Citrix Gateway service.
- Control Plane: Citrix DaaS (formerly Citrix Virtual Apps and Desktops service).
- Enable the Rendezvous protocol in the Citrix policy. For more information, see Rendezvous protocol policy setting.
- The VDAs must have access to
https://*.nssvc.net, including all subdomains. If you cannot allow list all the subdomains in that manner, usehttps://*.c.nssvc.netandhttps://*.g.nssvc.netinstead. For more information, see the Internet Connectivity Requirements section of the Citrix Cloud documentation (under Virtual Apps and Desktop service) and the Knowledge Center article CTX270584. - The VDAs must be able to connect to the addresses mentioned previously:
- On TCP 443, for TCP Rendezvous.
- On UDP 443, for EDT Rendezvous.
How to configure Rendezvous V2
Following are the steps for configuring Rendezvous in your environment:
- Make sure that all requirements are met.
- Create a Citrix policy, or edit an existing one:
- Set the Rendezvous Protocol setting to Allowed.
- Set the Citrix policy filters properly. The policy applies to the machines that need Rendezvous to be enabled.
- Set the Citrix policy to have the correct priority so that it does not overwrite another one.
- Restart the VDA machine. The policy may take a few minutes to take effect.
Note:
To disable Rendevous V2, run the following command in the VDA machine:
sudo /opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Citrix\VirtualDesktopAgent" -t "REG_DWORD" -v "GctRegistration" -d "0x00000000" --force
sudo launchctl kickstart -kp system/com.citrix.ctxvda
Rendezvous validation
To check whether a session is using the Rendezvous protocol, run the /opt/Citrix/VDA/bin/ctxsession -v command in the terminal.
The transport protocols displayed indicate the type of connection:
- TCP Rendezvous: TCP - TLS - CGP - ICA
- EDT Rendezvous: UDP - DTLS - CGP - ICA
If Rendezvous V2 is in use, the protocol version shows 2.0.
Tip:
If the VDA can’t reach the Citrix Gateway service directly with Rendezvous enabled, the VDA falls back to proxy the HDX session through the Cloud Connector.