Gateway

Configure NetScaler Gateway enabled PCoIP proxy for VMware Horizon View

Prerequisites

Version - NetScaler 12.0 or above

Universal License - PCoIP Proxy uses the Clientless Access feature of NetScaler Gateway, which means every NetScaler Gateway connection must be licensed for NetScaler Gateway Universal. On the NetScaler Gateway virtual server, ensure ICA Only is cleared.

Horizon View infrastructure - A functional internal Horizon View infrastructure. Ensure you are able to connect to Horizon View Agents internally without NetScaler Gateway. Ensure that the Horizon View HTTP(S) Secure Tunnel and PCoIP Secure Gateway are not enabled on the View Connection Servers that NetScaler will proxy connections to. Following versions of VMware Horizon view are supported.

  • Connection Server: 7.0.1 and above
  • Horizon Client: 4.2.0 and above (Windows and Mac)

Firewall Ports:

Ensure the following:

  • UDP 4172 and TCP 443 must be open from Horizon View Clients to the NetScaler Gateway VIP.
  • UDP 4172 must be open from the NetScaler SNIP to all internal Horizon View Agents.
  • PCoIP Proxy is supported on NetScaler deployed behind NAT. Following are the important points to consider:
    • Support is based on VPN virtual server FQDN parameter setting
    • Supports only publicly accessible FQDN and not IP
    • Supports only 443 and 4172 ports
    • Must be a static NAT

Certificate – A valid certificate for the NetScaler Gateway virtual server.

Authentication – An LDAP authentication policy/server using advanced syntax.

Unified Gateway (optional) – If Unified Gateway, create the Unified Gateway before adding PCoIP functionality.

RfWebUI Portal Theme – For web browser access to Horizon View, the NetScaler Gateway virtual server must be configured with the RfWebUI theme.

Horizon View Client – The Horizon View Client must be installed on the client device, even if accessing Horizon published icons using the NetScaler RfWebUI portal.

To configure NetScaler Gateway to support PCoIP proxy for VMWare Horizon View:

  1. Navigate to Configuration > NetScaler Gateway Policies > PCoIP.

  2. Create a virtual server profile and a PCoIP profile on the PCoIP Profiles and Connections page.

    1. To create a virtual server profile, on the VServer Profiles tab, click Add.

    2. Enter a name for the virtual server profile.

    3. Enter an Active Directory Domain Name that is used for single sign-on to View Connection Server, and then click Create. Note:  Only a single Active Directory domain is supported per NetScaler Gateway virtual server. Also, the domain name specified here is displayed in the Horizon View Client.

    4. Click Login.

    5. To create a PCoIP profile, on the Profiles tab, click Add.

      1. Enter a name for the PCoIP profile.

      2. Enter the connection URL for the internal VMware Horizon View Connection Server, and then click Create.

    6. Navigate to Configuration > NetScaler Gateway > Policies > Session.

    7. On the right, select the Session Profiles tab.

    8. On the NetScaler Gateway Session Policies and Profiles page, create or edit a NetScaler Gateway session profile.

      1. To create a NetScaler Gateway session profile, click Add, and provide a name.

      2. To edit a NetScaler Gateway session profile, select the profile, and click Edit.

    9. On the Client Experience tab, ensure that the Clientless Access value is set to On.

    10. On the Security tab, ensure that the Default Authorization Action value is set to ALLOW.

    11. On the PCoIP tab, select the required PCoIP profile, and then click Create. You can also create or edit PCoIP Profiles from this tab.

    12. Click Create or OK to finish creating or editing the Session Profile.

    13. If you have created a session profile, then you must also create a corresponding session policy.

      1. Navigate to Configuration > NetScaler Gateway > Policies > Session.

      2. select the Session Policies tab and then click Add.

      3. In the Create NetScaler Gateway Session Policy page, enter a name for the policy.

      4. In Profile, select an existing profile or click Add and create a profile.

      5. Add an expression.
        1. Click Advanced Policy and then click Expression Editor.
        2. In Expression, select the expression as per your requirement.
      6. Click OK.
    14. Bind the created PCoIP virtual server profile and session policy to a NetScaler Gateway virtual server.

      1. Go to NetScaler Gateway > Virtual Servers.

      2. On the right, either Add a new NetScaler Gateway virtual server, or Edit an existing NetScaler Gateway virtual server.

      3. If you are editing an existing NetScaler Gateway virtual server, in the Basic Settings section, click the pencil icon.

      4. For both adding and editing, in the Basic Settings section, click More.

      5. Use the PCoIP VServer Profile menu to select the required PCoIP virtual server Profile.

      6. Scroll down and ensure that ICA Only is cleared. Then click OK to close the Basic Settings section.

      7. If you are creating a NetScaler Gateway virtual server, bind a certificate, and bind an LDAP authentication policy.

      8. Scroll down to the Policies section and click the plus icon.

      9. The Choose Type page defaults to Session and Request. Click Continue.

      10. In the Policy Binding section, click Click to select.

      11. Select the required Session Policy that has the PCoIP Profile configured, and click Select.

      12. In the Policy Binding page, click Bind.

      13. If you want to use a web browser to connect to VMware Horizon View, under Advanced Settings, add the Portal Themes section. If you are only using the Horizon View Client to connect to NetScaler Gateway, then you don’t must perform this step.

      14. Use the Portal Theme menu to select RfWebUI and click OK.

      15. Horizon View published icons are added to the RfWebUI portal.

      Note: VMware uses two or more protocols when using any protocol other than RDP. This can cause the requests to be load balanced across two different back-end servers. You can resolve this issue by setting up a single persistency group across all protocols ensuring all connections remain on the same Citrix virtual server.

Steps to enable USB redirection

USB devices connected to the client machine can be accessed from the virtual desktops and apps. Following are the steps to enable USB redirection:

  1. Log in to VMware Horizon Administrator Console.
  2. Navigate to Inventory > View Configuration Servers.
  3. Select the Connection Servers tab.
  4. Select a listed Connection Server and Click Edit.
  5. Under the General tab, select Use Secure Tunnel connection to machine option under HTTP(S) Secure Tunnel. Provide NetScaler Gateway external URL in the External URL field.

Update content switching expression for Unified Gateway

If your NetScaler Gateway virtual server is behind a Unified Gateway (Content Switching Virtual Server), then you must update the Content Switching Expression to include the PCoIP URL paths.

  1. In the NetScaler GUI, navigate to Configuration > Traffic Management > Content Switching > Policies.

  2. Append the following expression under the Expression area, and then click OK.

http.req.url.path.eq(“/broker/xml”) http.req.url.path.contains(“/broker/resources”) http.req.url.path.eq(“/pcoip-client”)

Use PCoIP gateway

  1. To connect, you must have the Horizon View Client installed on the client device. Once installed, you can either use the Horizon View Client’s User Interface to connect to NetScaler Gateway, or you can use the NetScaler Gateway RfWebUI portal page to view the icons published from Horizon.

  2. To view the active PCoIP connections, go to NetScaler Gateway > PCoIP.

  3. On the right, switch to the Connections tab. The active sessions are displayed with the following data: user name, Horizon View Client IP, and Horizon View Agent Destination IP.

  4. To terminate a connection, right-click the Connection tab, and click Kill Connection. Or click Kill All Connections to terminate all PCoIP connections.

Configure NetScaler Gateway enabled PCoIP proxy for VMware Horizon View