App Protection support for hybrid launch through StoreFront

Hybrid launch of Citrix Virtual Apps and Desktops is when you sign in to StoreFront for Web by typing the store URL in the native browser and launch the virtual apps and desktops through the native Citrix Workspace app and its HDX engine. The term hybrid is the result of using the combination of StoreFront for Web and the native Citrix Workspace app to connect and use the resources.

Note:

When no native Citrix Workspace app components are installed on the endpoint, it’s a zero-install configuration where both the Citrix Workspace store and the HDX engine are within the browser. This scenario is known as Citrix Workspace app for HTML5, which is hosted either on Citrix Workspace or Citrix StoreFront. This document does not address that scenario.

App Protection support for hybrid launch through StoreFront provides the ability for App Protection enabled resources to be displayed and launched from browsers.

Note:

If you select the options Use light version (which uses the HTML5 client) or Already installed, then the App Protection enabled sessions are blocked as Citrix Workspace app isn’t detected successfully in the browser.

If you’re using StoreFront 2308 or later, then you can access the apps and desktops that are enabled with App Protection policies using a web browser if StoreFront is configured appropriately and the browser successfully detects the native Citrix Workspace app. If you’re using versions between StoreFront 1912 and 2203, then you must apply the customization as described in the How to deploy section.

Limitation:

StoreFront determines the Citrix Workspace app version when you sign in to the website for the first time. If you later install a different version of Citrix Workspace app, then StoreFront isn’t aware of the change. So, it might incorrectly allow or disallow the launching of virtual apps and desktops enabled with App Protection policies. Citrix recommends configuring App Protection Posture Check which blocks launching virtual apps and desktops from previous versions of Citrix Workspace app that do not support App Protection. For more information about Posture Check, see App Protection Posture Check.

Hybrid launch through StoreFront version 2308 or later

StoreFront versions 2308 and later automatically supports hybrid launch of virtual apps and desktops enabled with App Protection policies. For more information about enabling App Protection for hybrid launch on StoreFront 2308 or later, see App Protection for hybrid launch via StoreFront.

Hybrid launch through StoreFront versions between 1912 and 2203

StoreFront versions between 1912 and 2203 supports the enabling of hybrid launch of virtual apps and desktops that are enabled with App Protection policies using a customization as follows:

Citrix recommends removing this customization when upgrading to StoreFront 2308 or later.

Prerequisites

For information about the required versions of Citrix components for App Protection, see System requirements.

How to deploy

1. Download the Zip file named stf-customization-AppP.zip, which has all the required files that you must deploy to the StoreFront server machine. Download the file from Citrix Downloads. The file includes the following:

   • DLLs that you must copy to the store’s bin folder
   • JavaScript files and other files required for the solution to work
   • deploy-solution.ps1 PowerShell script, which the StoreFront admin uses to deploy the solution

2. Unzip the stf-customization-AppP.zip file and open a new administrator PowerShell where the files are extracted. Run the deploy-solution.ps1 command, which takes the following arguments:

   • -Action: The action that the script takes. The allowed values are as follows:

     • The Deploy action deploys the solution in a seamless manner. It creates a backup of files that this solution changes, copies the solution files, and restarts the services. The following screenshot describes the command to deploy the solution on the StoreFront server:

       

     • The ApplyUICustomization action applies a customization on the store UI so that you don’t see the Already installed and Use light version options. This action enforces detection of the native Citrix Workspace app in the browser and makes sure that you bypass the blocked or unsupported scenarios.

       

     • The RemoveUICustomization action undoes the action of ApplyUICustomization and the Already Installed and Use light version options appear again.

   • -StoreName: The name of the store for which the action must be taken. This parameter is mandatory and it must be passed along with the Deploy action.
   • -BackupDir: Parameter that can be passed with the Deploy action to create a backup at the required directory. If not passed, the backup is created on the desktop. This parameter is an optional parameter.

Note:

If there are any existing customizations in StoreCustomization_Input.dll or StoreCustomization_Launch.dll, deploying this solution overrides them.

The App Protection enabled apps and desktops will only display after deploying the customizations. Without the deployment, the apps and desktops don’t display.

How to revert StoreFront customization

Do the following steps to revert the preceding StoreFront customization:

1. Go to \Desktop\StoreBackup<store name> directory and copy the following files to the respective directories:

   • StoreCustomization_Input.dll and StoreCustomization_Launch.dll files to the IISINETPub\Citrix<store name>\bin directory
   • web.config file to the IISINETPub\Citrix\StoreWeb directory

   • *.js and style.css files to the IISINETPub\Citrix\StoreWeb\Custom directory

     Note:

     If there are customization files other than the preceding files in the \Desktop\StoreBackup<store name> directory, copy those files and directories to the relevant directories as needed.

2. Open PowerShell.

3. Stop the IISADMIN and CitrixSubscriptionsStore services by running the following commands:

   sc stop IISADMIN
   sc stop CitrixSubscriptionsStore
   <!--NeedCopy-->
   

4. Start the IISADMIN and CitrixSubscriptionsStore services again by running the following commands:

   sc start IISADMIN
   sc start CitrixSubscriptionsStore
   <!--NeedCopy-->
   

End user experience of hybrid launch for protected resources

1. After the deployment of the solution by the admin on the StoreFront server, sign in to your store on the client side and then access StoreFront using the URL in a web browser.

2. To see if Citrix Workspace app is successfully detected in the browser, check the Current status in your Account Settings.

   

   After Citrix Workspace app is detected, you can see and launch all the virtual apps and desktops that are enabled with App Protection.

Enable tracing on StoreFront

To enable tracing in StoreFront, see the StoreFront documentation. This trace can be used to verify whether the configured NetScaler Gateway session policy labels are passed down to the store properly.

Troubleshooting

When you launch the App Protection enabled sessions, you might sometimes face the following error:

The possible reasons for this error are as follows:

• The apps and desktops are configured to open in a browser.

  

  You face this scenario if you clicked Use light version during Citrix Workspace app detection as shown in the following screen:

  

• The browser doesn’t detect Citrix Workspace app.

  

  You face this scenario if you clicked Already installed during Citrix Workspace app detection as shown in the following screen:

  

Solution: To correct the preceding scenarios and launch the App Protection enabled sessions, click Change Citrix Workspace app in Account Settings and wait for Citrix Workspace app to be detected.

Optimization

Citrix Workspace app detection is mandatory to launch the App Protection enabled sessions. To avoid failures during hybrid launches for protected sessions, the StoreFront admins can use the ApplyUICustomization action of the deploy-solution.ps1 command and hide the Use light version and Already installed options.