Citrix DaaS

WebSocket communication between VDA and Delivery Controller

This article describes how to set up a WebSocket connection for communication between VDAs and Delivery controllers as an alternative to using WCF communication. It provides the benefit that only the TLS port 443 for communication from the VDA to the Delivery Controller.

Currently this is only available for MCS provisioned machines.

How it works

The following section describes the workflow for the WebSocket connection between a Delivery Controller and a VDA:

  1. The admins initiate the process by provisioning VDAs using the Machine Creation Service (MCS).
  2. During the MCS provisioning process, MCS generates public-private key pairs for each VDA and registers the public keys with the FMA trust service on the Delivery Controller. MCS saves the public-private key pair as a file under the identity disk on the VDAs.
  3. When the VDA machine boots up, the MCS agent installed on the VDA machine reads the key pair from the identity disk and writes this information to the VDA registry location.
  4. The broker agent installed on the VDA reads the key pairs from the registry and generates an SSL-enabled WebSocket request to the Delivery Controller with a service key authentication header signed by the private key.
  5. The delivery controller verifies the signed service key authentication header with the public key from the FMA trust service.
  6. Once the verification is complete, the system establishes the WebSocket connection between the VDA and the Delivery Controller.

WebSocket support

Procedure

Follow the instructions to set up a WebSocket connection:

  1. Create a machine catalog for AD-joined VDAs with MCS provisioning. For more information, see Create machine catalog.
  2. Create a delivery group and add your VDA to it. For more information, see Create delivery groups.
  3. Enable a WebSocket connection on the VDA. Run the following PowerShell command on the VDA:

    New-ItemProperty "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CitrixBrokerAgent\WebSocket" -Name "Enabled" -PropertyType "DWord" -Value 1 -Force
    <!--NeedCopy-->
    
    • To check if WebSocket is enabled, check the following registry key value. The value of Enabled must be 1.

      Key:

       HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CitrixBrokerAgent\WebSocket
       <!--NeedCopy-->
      

      Name: Enabled

      Type: REG_DWORD

      Value: 1

WebSocket communication between VDA and Delivery Controller