Citrix Virtual Apps and Desktops

Security groups

Security group is a group of security rules to filter network traffic between resources in a virtual network. The security rules allow or deny inbound network traffic to, or outbound network traffic from, several types of resources. Each rule specifies the following properties:

  • Name: A unique name within the network security group
  • Priority: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority
  • Source or Destination: Any, or an individual IP address, classless inter-domain routing (CIDR) block (, for example), service tag, or application security group
  • Protocol: The protocols based on which you add rules for each security group
  • Direction: Whether the rule applies to inbound, or outbound traffic
  • Port range: You can specify an individual or range of ports
  • Action: Allow or deny

See the following for more information on supported hypervisors:

Security groups in AWS

Security groups act as virtual firewalls that control traffic for the instances in your VPC. You add rules to your security groups that allow instances in your public subnet to communicate with instances in your private subnet. You can also associate these security groups with each instance in your VPC. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance.

For more information on the network setting during image preparation, see Network setting during image preparation.

When you launch an instance, you can specify one or more security groups. To configure security groups, see Configure security groups.

Security groups in Microsoft Azure

Citrix Virtual Apps and Desktops supports network security groups in Azure. Network security groups are expected to associate with subnets. For more information, see Network security groups.

For more information on network security group created during image preparation, see Create a machine catalog using an Azure Resource Manager image.

Security groups in Google Cloud Platform

During the preparation of a machine catalog, a machine image is prepared to serve as the master image system disk for the catalog. When this process occurs, the disk is temporarily attached to a virtual machine. This VM must run in an isolated environment that prevents all inbound and outbound network traffic. This is accomplished through a pair of deny-all firewall rules. For more information, see Firewall Rules.

Security groups