Secure communications

To secure the communication between Citrix Virtual Apps and Desktops server and Citrix Workspace app, you can integrate your Citrix Workspace app connections using security technologies such as the following:

  • Citrix Citrix Gateway. For information, see the topics in this section as well as the Citrix Gateway, and StoreFront documentation.


    Citrix recommends using Citrix Gateway to secure communications between StoreFront servers and user devices.

  • A firewall. Network firewalls can allow or block packets based on the destination address and port. If you are using Citrix Workspace app through a network firewall that maps the server’s internal network IP address to an external Internet address (that is, network address translation, or NAT), configure the external address.
  • Trusted server configuration.
  • For Citrix Virtual Apps or Web Interface deployments only; not applicable to XenDesktop 7: A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy server). You can use proxy servers to limit access to and from your network and to handle connections between Citrix Workspace app and server. Citrix Workspace app supports SOCKS and secure proxy protocols.
  • For Citrix Virtual Apps or Web Interface deployments only; not applicable to XenDesktop 7, XenDesktop 7.1, XenDesktop 7.5, or XenApp 7.5: SSL Relay solutions with Transport Layer Security (TLS) protocols.
  • For XenApp 7.6 and XenDesktop 7.6, you can enable an SSL connection directly between users and VDAs.

Citrix Workspace app is compatible with and functions in environments where the Microsoft Specialized Security - Limited Functionality (SSLF) desktop security templates are used. These templates are supported on various Windows platforms.

Secure communications

In this article