-
-
WebSocket communication between VDA and Delivery Controller™
-
-
Migrate workloads between resource locations using Image Portability Service
-
-
Manage advanced policy scenarios
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Manage advanced policy scenarios
You can use policies to customize your environment to meet the needs of users based on criteria such as:
- Job functions
- Geographic locations
- Connection types
For example, to improve security, you can restrict access for users who regularly handle sensitive data. You can also create a policy that prevents users from saving files to local client drives, and create another policy to allow local drive access for a specific user group. By assigning and prioritizing these policies, you control which one takes effect.
When working with multiple policies, consider the following:
- How to prioritize the policies
- How to create exceptions
- How to view the effective policy when policies conflicts occur
- How to troubleshoot policies
Prioritize policies
Prioritizing policies allows you to define the precedence of policies when they contain conflicting settings. The identification of all policies that match the assignments for the connection happens when a user signs on to the system. The identified policies and their associated settings are sorted into priority order. Each setting is applied according to the priority ranking of the policy.
You can prioritize policies by giving them different priority numbers in Studio. By default, a new policy gets the lowest priority. If there are conflicts among settings of policies, a policy with a higher priority overrides a policy with a lower priority. A policy with the priority number of 1 is the highest priority policy. Policy settings are merged according to the following:
- Priorities of the policies
- Conditions specified in the filters of the policies
Prioritizing policies helps control which settings take precedence when multiple policies apply. When a user signs in, Citrix® identifies all applicable policies and sorts them by priority.
You can assign priorities to policies by number. A lower number means a higher priority (1 is the highest). If settings conflict, the setting from the higher priority policy applies. By default, a new policy gets the lowest priority. Policy settings are merged according to the following:
- Priorities of the policies
- Conditions specified in the filters of the policies
To change policy priorities, follow these steps:
- In Studio, select Policies in the left pane.
- On the Policies tab, select Change Policy Priorities from the action bar.
-
On The Change Policy Priorities page that appears, use the following methods:
- Drag the policy to a desired position.
- To move it up or down by one position, click the Up or Down arrow icon respectively.
- To move it to the top or bottom of the list, click the Top or Bottom arrow icon respectively.
- To change the priority number, click the Edit icon, enter a number as needed, and then click Save.
- Click Save to apply changes.
Manage policy assignment exceptions
When you create policies and use filters to assign them to groups of users, user devices, or machines, you might find that some members of the group need exceptions to some policy settings.
You can make exceptions for certain users or machines within a group by:
- Creating a separate policy only for those group members and giving it higher priority
- Using the Deny mode for an assignment added to the policy
An assignment with the mode set to Deny means that the policy applies to connections that don’t match the assignment criteria. For example, a policy includes the following assignments:
-
Assignment A: Client IP address assignment range
208.77.88.*, mode = Allow. - Assignment B: Specific user account, mode = Deny.
This policy applies to users connecting from the specified IP range, except the user defined in Assignment B.
Note:
In the Assign Policy step, if you clear the Enable checkbox, the assignment is disabled. If a policy has no enabled assignments, it applies to all objects in the site.
Evaluate which policies apply to a connection
If a connection doesn’t behave as expected, it might be due to conflicting policies. Higher-priority policies can override others.
Use one of the following Resultant Set of Policy methods to evaluate which settings apply to a given connection:
-
Citrix Group Policy Modeling Wizard
Simulate a connection scenario by specifying users and assignment conditions.
-
Group Policy Results
Generate a report of Citrix policies applied to a user and Virtual Delivery Agent (VDA).
Site policy settings created using Studio aren’t included in the Resultant Set of Policy when you run the Citrix Group Policy Modeling wizard from the Group Policy Management Console (GPMC).
To verify that you obtain the most comprehensive Resultant Set of Policy, We recommend starting the Policy Modeling wizard from the Studio, unless you create policies using only the GPMC. For more information, see Simulate policies using the Policy Modeling wizard.
Troubleshoot policies
Users, IP addresses, and other assigned objects can have multiple policies that apply simultaneously. This scenario can result in conflicts where a policy might not behave as expected.
When you run the Policy Modeling wizard, you might discover that no policies apply to user connections. In such scenarios, policy settings don’t apply to the users who connect to their applications and desktops under conditions that match the evaluation criteria of the policy. This situation happens when:
- No policies have assignments that match the evaluation criteria of the policy.
- Policies that match the assignment don’t have any settings configured.
- Policies that match the assignment are disabled.
To ensure correct application:
- Enable the policies
- Configure at least one setting for each policy
Note:
In double-hop scenarios (for example, a single-session OS VDA connecting to a multi-session OS VDA), Citrix policies treats the single-session OS VDA as the user device. Consider policies are set to cache images on the user device. In this example, the images cached for the second hop apply to the first-hop machine.
Use Director to view applied policies
Non-administrators can use Director to view policies that applies to a user session.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.