Rendezvous protocol
In environments that use the Citrix Gateway service, the Rendezvous protocol allows HDX sessions to bypass the Citrix Cloud Connector™ and connect directly and securely to the Citrix Gateway service.
Requirements:
- Access to environment using Citrix Workspace™ and Citrix Gateway service.
- Control Plane: Citrix Virtual Apps and Desktops™ Service (Citrix Cloud).
- Linux VDA Version 2012 or later.
- Enable the Rendezvous protocol in the Citrix policy. For more information, see Rendezvous protocol policy setting.
- The VDAs must have access to
https://*.nssvc.net, including all subdomains. If you cannot whitelist all subdomains in that manner, usehttps://*.c.nssvc.netandhttps://*.g.nssvc.netinstead. For more information, see the Internet Connectivity Requirements section of the Citrix Cloud documentation (under Virtual Apps and Desktop service) and the Knowledge Center article CTX270584. - Cloud Connectors must obtain the VDAs’ FQDNs when brokering a session. To achieve this goal, enable DNS resolution for the site: Using the Citrix Virtual Apps and Desktops Remote PowerShell SDK, run the command
Set-BrokerSite -DnsResolutionEnabled $true. For more information about the Citrix Virtual Apps and Desktops Remote PowerShell SDK, see SDKs and APIs.
Important:
The Rendezvous protocol doesn’t support transparent or explicit proxies. To use proxies, continue to use the Cloud Connector for ICA® traffic.
If you enable Rendezvous and the VDA cannot reach the Citrix Gateway service directly, the VDA falls back to proxy the HDX™ session through the Cloud Connector.
If you meet all requirements, follow these steps to validate if Rendezvous is in use:
- Launch a terminal on the VDA.
- Run
su root -c "/opt/Citrix/VDA/bin/ctxquery -f iuStdP". - The TRANSPORT PROTOCOLS indicates the type of connection:
- TCP Rendezvous: TCP - SSL - CGP - ICA
- EDT Rendezvous: UDP - DTLS - CGP - ICA
- Proxy through Cloud Connector: TCP - CGP - ICA
This diagram is an overview of the Rendezvous connection flow. Follow the steps to understand the flow.
- Navigate to Citrix Workspace.
- Enter credentials in Citrix Workspace.
- If using on-premises Active Directory, the Citrix Virtual Apps™ and Desktops service authenticates credentials with Active Directory using the Cloud Connector channel.
- Citrix Workspace displays enumerated resources from the Citrix Virtual Apps and Desktops service.
- Select resources from Citrix Workspace. The Citrix Virtual Apps and Desktops service sends a message to the VDA to prepare for an incoming session.
- Citrix Workspace sends an ICA file to the endpoint that contains an STA ticket generated by Citrix Cloud.
- The endpoint connects to the Citrix Gateway service, provides the ticket to connect to the VDA, and Citrix Cloud validates the ticket.
- The Citrix Gateway service sends connection information to the Cloud Connector. The Cloud Connector determines if the connection is supposed to be a Rendezvous connection and sends the information to the VDA.
- The VDA establishes a direct connection to the Citrix Gateway service.
- If a direct connection between the VDA and the Citrix Gateway service isn’t possible, the VDA proxies its connection over the Cloud Connector.
- The Citrix Gateway service establishes a connection between the endpoint device and the VDA.
- The VDA verifies its license with the Citrix Virtual Apps and Desktops service through the Cloud Connector.
- The Citrix Virtual Apps and Desktops service sends session policies to the VDA through the Cloud Connector. Those policies are applied.
Rendezvous protocol
In this article
Copied!
Failed!