Citrix DaaS

Policy sets (Preview)

Policy sets are objects in Citrix DaaS which aggregates policies to allow for simplified, role-based access, and easy management. You can create policy sets to mirror logical divisions in your administrator team and company. For example, you can create a policy set for each geographic region, business-unit, or for specific use case. Once created, scopes and delivery groups are assigned to policy sets so that only authorized administrators can manage the policies that apply to their relevant users and machines.

Benefits

  • Role-based access control for distributed administrator teams
  • Simplified mergers, acquisitions, and consolidations
  • Limited fault domain
  • Multitenant support for policies

Enable policy sets

From the Manage tab of Citrix DaaS, navigate to Settings and turn on the Policy sets setting.

Enable policy sets

Note:

You must enable policy sets before creating a policy set.

Feature comparison

Before applying policy sets After applying policy sets
Policies, settings, filters, and policy priorities for the entire site are configured in one place within Citrix Studio. Policies, settings, filters, and policy priorities are configured separately for each policy set.
If you manage one policy, you must manage every policy. Full administrators can delegate to lower-level admins the ability to manage a particular policy set on an individual basis.
Policies in large and distributed environments become complex and difficult to manage. Policies in large and distributed environments can be divided and managed easily.

How does policy sets work?

General overview

  • Policy sets are assigned to delivery groups
  • Policy sets have one or multiple scopes
  • Delivery groups with no policy set assigned receive the default policy set
  • A delivery group can have only one policy set assigned to it
  • Multiple delivery groups can use the same policy set
  • Even though policy sets are assigned to delivery groups, the policies maintain their filters

Default policy set

  • When the policy set setting is turned on, all existing policies are grouped within the default policy set
  • Every delivery group receives the default policy set unless the administrator team creates a policy set and assigns that to a delivery group.
  • Once a delivery group has a different policy set assigned to it, it will no longer get policies from the default policy set

Policy set creation

Policy sets can be created in the following two ways:

  • Create policy set - this action creates an empty policy set
  • Clone policy set - this action creates a policy set based on an existing policy set

Create policy sets

  1. On the Citrix DaaS configuration page, click the Manage tab.
  2. Click the Policies tab. Create policy sets
  3. Select Create Policy Set. The Introduction tab appears.
  4. Click Next or click Name and Description tab.
  5. Enter the name and description of the policy set.
  6. Click Next or click the Assignments tab.
  7. Select one or more delivery groups to which you want to assign the policy set.
  8. Click Next or click Scopes tab.
  9. Select the scopes of the policy set.
  10. Click Create. The policy set is created with the defined assignment and scope.

Clone policy sets

  1. On the Citrix DaaS configuration page, click the Manage tab.
  2. Click the Policies tab.
  3. Select Clone Policy Set.
  4. Modify the name of the policy set.
  5. Modify or create assignments for the policy set and click Next.
  6. Select or deselect policies to include in the cloned policy set.
  7. Modify the scope of the policy.
  8. Click Create. The policy set is created.

Edit policy sets

  1. On the Citrix DaaS configuration page, click the Manage tab.
  2. Click the Policies tab.
  3. Select Edit Policy Set.
  4. Modify the name of the policy set and click Next.
  5. Modify or create assignments for the policy set and click Next.
  6. Modify the scope of the policy.
  7. Click Create.

Policy set assignment

Policy sets are assigned to delivery groups. You can configure assignments when the policy set is created or edited. You can also configure assignments when delivery groups are created or edited.

Policy set scopes

Administrators can define the scope of the policy set so that only authorized administrators can view or edit it. You can configure scopes when the policy set is created or edited.

Policy sets (Preview)