Support for on-premises Citrix Virtual Apps and Desktops - Preview

The Citrix Gateway service for StoreFront supports on-premises Citrix Virtual Apps and Desktops. The Citrix Gateway service is integrated with the on-premises Delivery Controller, which makes hybrid access easier for Citrix Virtual Apps and Desktops customers. Hybrid access lets you use your on-premises NetScaler Gateway and StoreFront for authentication, authorization, and enumeration. Citrix Gateway service is used to launch virtual apps and desktops. This approach maximizes the value of existing remote access infrastructure and minimizes administrative effort.

Key benefits

The integration of Citrix Gateway service with on-premises Delivery Controller offers the following benefits:

• Customization retention: NetScaler Gateway and StoreFront customizations can be retained, ensuring a consistent user experience.

• Minimized maintenance: HDX proxy performance and scale requirements are now managed by Citrix Gateway service, eliminating the need for customer management.

• Existing URL: DaaS customers can continue using their familiar on-premises NetScaler Gateway URL.

• Leveraging LHC for enhanced resiliency: Local Host Cache (LHC) supports resiliency needs by allowing the connector to function as a local Secure Ticket Authority (STA) during outages.

• Better user experience: Ability to use geographically closer PoPs reduces latency and improves performance.

• High resiliency: Ensures high resiliency because of the multi-cloud and multi-geo architecture of Citrix Gateway service.

Prerequisites

1. You must have a functional on-premises working environment where NetScaler Gateway is used for authentication and authorization and StoreFront is used for enumeration.

2. Upgrade StoreFront to version 2503 or higher. For more information, see Upgrade StoreFront.

Create a resource location on Citrix Cloud

1. Onboard to Citrix Cloud. For more information, see Create a Citrix Cloud account and Connect to Citrix Cloud.

2. On Citrix Cloud, install Cloud Connectors and associate them with the resource location. For more information, see Cloud Connector Installation.

   Note:

   To make your existing apps and desktops available to subscribers, add your site (Citrix Virtual Apps and Desktops deployment) to Citrix Workspace. For more information, see Aggregate Virtual Apps and Desktops in workspaces.

Configure the resource location and policies on the on-premises Delivery Controller

1. Run the following command on the Windows Active Directory (AD) or Domain Controller (DC) server, to retrieve the Security Identifiers (SIDs) of connector machines in a Windows AD or DC environment. Note the SIDs of the connector machines.

   Get-ADComputer -Filter * | Select-Object Name, SID 
   <!--NeedCopy-->
   

2. In the on-premises Delivery Controller, create a zone and map it to the resource location created in Citrix Cloud.

   1. In on-premises Delivery Controller, run the following command in the PowerShell and note the Uid generated for the required resource location:

      Get-ConfigZone
      <!--NeedCopy-->
      

   2. Run the following commands for all the Citrix Cloud Connectors:

      Set-ConfigZone -Uid <Uid from above command output> -ExternalUid <RL ID noted at step 1>
      
      new-configedgeserver  <User friendly name> -MachineAddress "<Connector FQDN"> -Sid <Connector respective SID from step 2> -uuid <Respective Edge server UUID from step 1> -ZoneUid <Uid from Get-ConfigZone output>
      <!--NeedCopy-->
      

3. To use Rendezvous v1, enable Rendezvous within the Delivery Controller policies and ensure that the on-premises Delivery Controller is configured with the connector details to accept Rendezvous requests. For more information, see Rendezvous v1.

4. To use HDX adaptive transport with EDT, enable adaptive transport protocol within the Delivery Controller policies on your on-premises Delivery Controller. For more information, see HDX Adaptive transport with EDT support for Citrix Gateway service.

Configure Citrix Gateway service for StoreFront to integrate with on-premises Delivery Controller

Perform the following steps to integrate the Citrix Gateway service for StoreFront with the on-premises Delivery Controller:

1. Configure an authentication gateway

2. Configure a routing gateway

3. Configure remote access setting for Delivery Controller

4. Map the Delivery Controller and routing gateway

5. Configure the optimal HDX gateway routing

Step 1: Configure an authentication gateway

1. Open the StoreFront management console.

2. Navigate to Stores > Manage Citrix Gateways and click Add.

3. In Display name, enter a name for the authentication gateway.

4. In Gateway type, select Citrix Gateway Appliance and in Usage or role, select Authentication only.

5. In Citrix Gateway URL, enter an authentication URL.

6. Click Next and then Finish.

Step 2: Configure a routing gateway

1. Navigate to Stores > Manage Citrix Gateways in the StoreFront management console and click Add.

2. In Display name, enter a name for the routing gateway.

3. In Gateway type, select Citrix Gateway service.

4. If geo-location routing is required, fill the following parameters:

   • Citrix Gateway service URL: Enter the FQDN ending with rgn.g.nssvc.net, which serves as the general FQDN for geo-location routing.

   • Citrix Gateway service URL (STA Connector Mode): Enter the FQDN ending with rgn-s.g.nssvc.net, which supports the service continuity feature.

   For more information, see Regional FQDNs for geo-location routing.

   

5. Navigate to the Cloud Connectors tab and click Add to add the cloud connector URLs.

6. Enable Load balance multiple servers and Enable session reliability.

7. Click OK.

   

   Note:

   • HDX session launch fails if the Enable session reliability option is disabled on on-premises StoreFront.

   • Citrix Gateway service for StoreFront does not support dual STA. Hence, the Request two tickets from cloud connectors, where available option must not be selected.

Step 3: Configure remote access setting for Delivery Controller

1. In the StoreFront management console, navigate to Configure remote access settings in your site.

   Note:

   The images in this section and the following sections use “onpddc” as the sample site.

2. Select Enable remote access.

3. In Citrix Gateway, select the previously configured authentication gateway.

4. Click OK.

Step 4: Map Delivery Controller and routing gateway

1. In the StoreFront management console, navigate to Configure store settings > Optimal HDX routing in your site.

2. Select the routing gateway, click Manage sites, and select the configured site.

3. Click OK.

Step 5: Configure optimal HDX gateway routing

Note:

If you have multiple zones, create routing gateways for each zone as given in Step 2: Configure a routing gateway.

Map each zone to its distinct routing gateway as given in the following steps:

1. In the StoreFront management console, navigate to Configure store settings > Optimal HDX routing in your site.

2. Select the routing gateway and click Manage zones.

3. Click Add under Manage zones and create a zone with the same zone name created at the on-premises Delivery Controller.