Product Documentation

Configuring NetScaler Gateway to support EDT

May 31, 2017

Adaptive transport for XenApp and XenDesktop 7.13 or later optimizes data transport by applying a new Citrix protocol called Enlightened Data Transport (EDT) in preference to TCP whenever possible. Compared to TCP and UDP, EDT delivers a superior user experience on long-haul WAN and internet connections. EDT dynamically responds to changing network conditions while maintaining high server scalability and efficient use of network capacity. EDT is built on UDP and improves data throughput for all ICA virtual channels. If UDP is not available, adaptive transport automatically reverts to TCP.

If you use EDT, Datagram Transport Layer Security (DTLS) must be enabled to encrypt the UDP connection used by EDT. The DTLS parameter must be enabled at the Gateway VPN virtual-server level, and XenApp and XenDesktop components must be correctly upgraded and configured to achieve encrypted traffic between the Gateway VPN virtual server and the user device. 

The following scenarios are supported:

Scenario

EDT support

NetScaler Gateway

Yes

NetScaler Gateway with High Availability (HA)

Yes

NetScaler Gateway with High Availability (HA) optimization

Yes

NetScaler with Unified Gateway

Yes

NetScaler Gateway with GSLB

Yes

NetScaler Gateway with Cluster

Yes

Citrix Receiver to NetScaler Gateway DTLS encryption

Yes

Dual Secure Ticket Authority (STA) on NetScaler Gateway

Yes

NetScaler Gateway ICA session timeout

Yes

NetScaler Gateway  session reliability (Port 2598)

Yes

NetScaler Gateway Multi-Stream ICA 

No

NetScaler Gateway  SOCKS (Port 1494)

No

NetScaler to VDA DTLS encryption

No

HDX Insight

No

NetScaler Gateway in IPv6 mode

No

NetScaler Gateway Double-Hop

No

NetScaler pure LAN proxy

No

NetScaler GWaaS (Gateway as a Service)

No

 

To configure NetScaler Gateway to support EDT:

     1. Deploy and configure NetScaler Gateway to communicate with StoreFront and authenticate users for XenApp and XenDesktop.

     2. On the Configuration tab in the NetScaler GUI, expand NetScaler Gateway and select Virtual Servers.

localized image

     3. Click Edit to display Basic Settings for the VPN Virtual Server, and then verify the state of the DTLS setting.

localized image

     4. Click More to display additional configuration option.

localized image

     5. Select DTLS to provide communications security for datagram protocols. Click OK. The Basic Settings area for the VPN Virtual Server shows that the DTLS flag is set to True. 

localized image

     6. In the Certificates section of the VPN Server screen, select the server certificate and re-bind the certificate for the DTLS handshake.

localized image

     7. Reopen the Server Certificate Binding screen and click the plus icon (+) to bind the certificate-key pair.

localized image

     8. Next to the certificate-key pair that you just bound, click Select.

localized image

     9. Save the changes to the server-certificate binding.

     10. When the certificate key pair appears, click Bind.