HDX enlightened data transport support

Enlightened Data Transport (EDT) support for Citrix Gateway ensures a high definition in-session user experience of virtual desktops for users running the Citrix Workspace app.

Also, end-to end encryption with the DTLS 1.0 for EDT termination between Citrix Workspace app and VDA is facilitated. For more information on the DTLS configuration, click Support for DTLSv1.0 protocol.

EDT enabled Citrix Gateway delivers a good user experience on both LAN and WAN conditions. With EDT, you do not need any administrative or user configuration when roaming from one to the other. The benefit is most visible in high-latency networks with moderate packet loss, where user experience would generally lag with alternatives.

Support for the DTLS 1.2 protocol

From release 13.0 build 47.x, the DTLS 1.2 protocol is supported on the Citrix ADC VPX appliance. You can enable or disable DTLS 1.2 using the enable_dtls12_vpn_vserver nsapimgr knob on the VPN virtual server VPX appliance.

By default, DTLS 1.2 is disabled and the enable_dtls12_vpn_vserver knob is set to 0.

To enable DTLS 1.2, set the enable_dtls12_vpn_vserver knob to 1. After you change the knob value, switch off DTLS and switch it on again using the set vpn vserver <vservername> dtls <ON/OFF> command for the knob to take effect.


  • When you upgrade the Citrix Gateway appliance to 13.0 build 47.x or later, it is recommended to enable DTLS 1.2 using the nsapimgr command. Enable DTLS 1.2 if you have enabled DTLS and used only TLSv1.2 ciphers in earlier release builds.
  • DTLS 1.2 protocol is supported on the front-end of Citrix ADC appliances containing Intel Coleto SSL chips (from release 13.0 build 52.x). For more information about the platforms containing Intel Coleto SSL chips, see Support for Intel Coleto SSL chip based platforms.
  • Instances running on SDX with Cavium can also support DTLS 1.2 if you allocate an instance with no SSL crypto units.

HDX enlightened data transport support