Citrix

Product Documentation



Download full document

How SmartAccess Works for XenApp and XenDesktop

Feb. 17, 2014

To configure SmartAccess, you need to configure NetScaler Gateway settings on the Web Interface and configure session policies on NetScaler Gateway. When you run the Published Applications Wizard, you can select the session policies you created for SmartAccess.

After you configure SmartAccess, the feature works as follows:

  1. When a user types the web address of a virtual server in a web browser, any preauthentication policies that you configured are downloaded to the user device.
  2. NetScaler Gateway sends the preauthentication and session policy names to the Web Interface as filters. If the policy condition is set to true, the policy is always sent as a filter name. If the policy condition is not met, the filter name is not sent. This allows you to differentiate the list of published applications and desktops and the effective policies on a computer running XenApp or XenDesktop, based on the results of the endpoint analysis.
  3. The Web Interface contacts the XenApp or XenDesktop server and returns the published resource list to the user. Any resources that have filters applied do not appear in the user’s list unless the condition of the filter is met.

You can configure SmartAccess endpoint analysis on NetScaler Gateway. To configure endpoint analysis, create a session policy that enables the ICA proxy setting and then configure a client security string.

When the user logs on, the endpoint analysis policy runs a security check of the user device with the client security strings that you configured on NetScaler Gateway.

For example, you want to check for a specific version of Sophos Antivirus. In the expression editor, the client security strings appears as:

client.application.av(sophos).version == 10.0.2

After you configure the session policy, bind it to a user, group, or virtual server. When users log on, the SmartAccess policy check starts and verifies whether or not the user device has Version 10.0.2 or later of Sophos Antivirus installed.

When the SmartAccess endpoint analysis check is successful, the Web Interface portal appears in case of a clientless session; otherwise, the Access Interface appears.

When you create a session policy for SmartAccess, the session profile does not have any settings configured, which creates a null profile. In this case, NetScaler Gateway uses the Web Interface URL configured globally for SmartAccess.

Back to Top