In NetScaler Gateway 11.1
In Citrix Gateway
In All products
Product Documentation
In NetScaler Gateway 11.1
In Citrix Gateway
In All products
NetScaler Gateway Service NetScaler Gateway 12.0 NetScaler Gateway 11.1 NetScaler Gateway 10.5
View PDF

Configuring NetScaler Gateway Enabled PCoIP proxy for VMWare Horizon View

January 29, 2019
Contributed by:  C

Prerequisites

Version - NetScaler 12.0 or above

Universal License - PCoIP Proxy uses the Clientless Access feature of NetScaler Gateway, which means every NetScaler Gateway connection must be licensed for NetScaler Gateway Universal. On the NetScaler Gateway Virtual Server, ensure ICA Only is unchecked.

Horizon View infrastructure - A functional internal Horizon View infrastructure. Ensure you are able to connect to Horizon View Agents internally without NetScaler Gateway. Ensure that the Horizon View HTTP(S) Secure Tunnel and PCoIP Secure Gateway are not enabled on the View Connection Servers that NetScaler will proxy connections to. Following versions of VMware Horizon view are supported.

  • Connection Server: 7.0.1 and above
  • Horizon Client: 4.2.0 and above (Windows and Mac)

Firewall Ports:

Ensure the following:

  • UDP 4172 and TCP 443 must be open from Horizon View Clients to the NetScaler Gateway VIP.
  • UDP 4172 must be open from the NetScaler SNIP to all internal Horizon View Agents.
  • PCoIP Proxy is supported on NetScaler deployed behind NAT. Following are the important points to consider:
    • Support is based on VPN vServer FQDN parameter setting
    • Supports only publicly accessible FQDN and not IP
    • Supports only 443 and 4172 ports
    • Must be a static NAT

Certificate – A valid certificate for the NetScaler Gateway Virtual Server.

Authentication – An LDAP authentication policy/server using Classic Syntax.

Unified Gateway (optional) – If Unified Gateway, create the Unified Gateway before adding PCoIP functionality.

RfWebUI Portal Theme – For web browser access to Horizon View, the NetScaler Gateway Virtual Server must be configured with RfWebUI theme.

Horizon View Client – The Horizon View Client must be installed on the client device, even if accessing Horizon published icons using the NetScaler RfWebUI portal.

To configure NetScaler Gateway to support PCoIP proxy for VMWare Horizon View:

     1.  In the NetScaler management GUI, navigate to Configuration> NetScaler Gateway> Policies> PCoIP.

     2.  Create a VServer profile and a PCoIP profile on the PCoIP Profiles and Connections page.

    3.  To create a VServer profile, on the VServer Profiles tab, click Add.

        a.  Enter a name for the VServer profile.

        b.  Enter an Active Directory Domain Name that will be used for Single Sign-on to View Connection Server, and then click Create.

        Note:  Only a single Active Directory domain is supported per NetScaler Gateway Virtual Server. Also, the domain name specified here is displayed in the Horizon View Client.

        c.  Click Login.

    4.  To create a PCoIP profile, on the Profiles tab, click Add.

        a.  Enter a name for the PCoIP profile.

        b.  Enter the connection URL for the internal VMware Horizon View Connection Server, and then click on Create.

    5.  Navigate to Configuration> NetScaler Gateway> Policies> Session.

    6.  On the right, select the Session Profiles tab.

    7.  On the NetScaler Gateway Session Policies and Profiles page, create or edit a NetScaler Gateway Session Profile.

        a.  To create a NetScaler Gateway session profile, click Add, and provide a name.

        b.  To edit a NetScaler Gateway session profile, select the profile, and click Edit.

    8.  On the Client Experience tab, ensure that the Clientless Access value is set to On.

    9.  On the Security tab, ensure that the Default Authorization Action value is set to ALLOW.

    10.  On the PCoIP tab, select the required PCoIP profile, and then click Create. You can also create or edit PCoIP Profiles from this tab.

    11.  Click Create or OK to finish creating or editing the Session Profile.

    12.  If you created a new Session Profile, then you must also create a corresponding Session Policy.

        a.  Navigate to Configuration> NetScaler Gateway> Policies> Session.

        b.  On the right, select the Session Policies tab.

        c.  Click Add, provide a name for the Session Policy, and select the required session profile name from the Profile drop-down.

        d.   If you wish to create the Session Policy using Default Syntax, in the Expression area, type “true” (without the quotes), and then click on Create. Note: Unified Gateway defaults to Classic Syntax.

        e.  If you wish to create the Session Policy using Classic Syntax, first click on Switch to Classic Syntax. Then in the Expression area, type “ns_true” (without the quotes), and then click on Create.

    13.  Bind the created PCoIP VServer profile and session policy to a NetScaler Gateway Virtual Server.

        a.  Go to NetScaler Gateway > Virtual Servers.

        b.  On the right, either Add a new NetScaler Gateway Virtual Server, or Edit an existing NetScaler Gateway Virtual Server.

        c.  If you are editing an existing NetScaler Gateway Virtual Server, in the Basic Settings section, click the pencil icon.

        d.  For both adding and editing, in the Basic Settings section, click More.

        e.  Use the PCoIP VServer Profile drop-down to select the required PCoIP VServer Profile.

        f.  Scroll down and ensure that ICA Only is unchecked. Then click OK to close the Basic Settings section.

        g.  If you are creating a new NetScaler Gateway Virtual Server, bind a certificate, and bind an LDAP authentication policy.

        h.  Scroll down to the Policies section and click on the plus icon.

        i.  The Choose Type page defaults to Session and Request. Click Continue.

        j.  In the Policy Binding section, click on Click to select.

       k.  Select the required Session Policy that has the PCoIP Profile configured, and click on Select.

        l.  In the Policy Binding page, click Bind.

        m.  If you want to use a web browser to connect to VMware Horizon View, then on the right, under Advanced Settings, add the Portal Themes section. If you are only using Horizon View Client to connect to NetScaler Gateway, then you don’t need to perform this step.

        n.  Use the Portal Theme drop-down to select RfWebUI and click OK.

        o.  Horizon View published icons are added to the RfWebUI portal.

Update Content Switching Expression for Unified Gateway

If your NetScaler Gateway Virtual Server is behind a Unified Gateway (Content Switching Virtual Server), then you must update the Content Switching Expression to include the PCoIP URL paths.

    1.  In the NetScaler GUI, navigate to Configuration> Traffic Management > Content Switching > Policies.

    2.  Append the following expression under the Expression area, and then click OK.

  http.req.url.path.eq(“/broker/xml”)   http.req.url.path.contains(“/broker/resources”)   http.req.url.path.eq(“/pcoip-client”)

Use PCoIP Gateway

    1.  To connect, you must have Horizon View Client installed on the client device. Once installed, you can either use the Horizon View Client’s User Interface to connect to NetScaler Gateway, or you can use the NetScaler Gateway RfWebUI portal page to view the icons published from Horizon.

    2.  To view the active PCoIP connections, go to NetScaler Gateway > PCoIP.

    3.  On the right, switch to the Connections tab. The active sessions are displayed with the folllowing data: user name, Horizon View Client IP, and Horizon View Agent Destination IP.

    4.  To terminate a connection, right-click on connection tab and click Kill Connection. Or click Kill All Connnections to terminate all PCoIP connections.

Configuring NetScaler Gateway Enabled PCoIP proxy for VMWare Horizon View

January 29, 2019
Contributed by:  C

In this article

Edit this article