Citrix Analytics for Security

Citrix Virtual Apps and Desktops data source

The Virtual Apps and Desktops data source represents the Citrix Virtual Apps and Desktops deployments in your organization.

Citrix Virtual Apps and Desktops is available in two offerings: service and on-premises. Citrix Analytics supports both offerings and receives user events from the data source. This article walks you through the prerequisites and the procedures to enable Analytics on both the offerings- service and on-premises.

Citrix Analytics for Security receives user events from the following components of Virtual Apps and Desktops:

  • Citrix Workspace app installed on the user devices

  • Citrix Director for on-premises deployment

Supported client versions

Citrix Analytics receives user events when a supported client version is used on the user endpoints. If users are using any unsupported client versions, they must upgrade their clients to one of the following versions:

  • Citrix Workspace app for Windows 1907 or later

  • Citrix Workspace app for Mac 1910.2 or later

  • Citrix Workspace app for HTML5 2007 or later

  • Citrix Workspace app for Chrome-Latest version available in Chrome Web Store

  • Citrix Workspace app for Android-Latest version available in Google Play

  • Citrix Workspace app for iOS-Latest version available in Apple App Store

  • Citrix Workspace app for Linux 2006 or later

Enable Analytics on Virtual Apps and Desktops service

Prerequisites

  • Subscribe to the Citrix Virtual Apps and Desktops service offered on Citrix Cloud. Citrix Virtual Apps and Desktops Essentials is not supported on Citrix Analytics. To learn how to get started with the Citrix Virtual Apps and Desktops service, see Install and configure.

  • Review the System Requirements section and ensure that you met the requirements.

View the data source and turn on data processing

Citrix Analytics automatically discovers the Virtual Apps and Desktops service (data source) associated with your Citrix Cloud account.

To view the data source:

From the top bar, click Settings > Data Sources > Security.

The Virtual Apps and Desktops- Workspace app site card appears on the Data Sources page. Click Turn On Data Processing to allow Citrix Analytics to begin processing data for this data source.

Linked data source

View cloud site, users, and received events

The site card displays the number of Virtual Apps and Desktops users, the discovered cloud site, and the received events for the last one hour, which is the default time selection. You can also select 1 week (1 W) and view the data.

Click the number of received events to view the events on the self-service search page.

Linked data source

After you have enabled data processing, the site card might display the No data received status. This status appears for two reasons:

  1. If you have turned on data processing for the first time, the events take some time to reach the event hub in Citrix Analytics. When Citrix Analytics receives the events, the status changes to Data processing on. If the status does not change after some time, refresh the Data Sources page.

  2. Analytics has not received any events from the data source in the last one hour.

    No data virtual apps

Enable Analytics on Virtual Apps and Desktops on-premises

Citrix Analytics receives user events from on-premises Sites added to Workspace and Sites accessed through StoreFront deployments.

If your organization is using on-premises Sites, you must use one of the following methods to onboard your Sites so that Analytics discovers the Sites:

Prerequisites

  • You must have a license to use the Citrix Virtual Apps and Desktops on-premises solution. To learn how to get started with Virtual Apps and Desktops on-premises, see Install and configure.

  • Review the System Requirements section and ensure that you met the requirements.

  • Your Delivery Controller version must be 7.16 or later

  • Your Director version must be 7.16 or later

  • Subscription to Citrix Workspace. If you want to add your Sites to Citrix Workspace, you must require a Workspace subscription. Citrix Workspace is included with new subscriptions of Virtual Apps and Desktops after December 2017, as either a trial or as a purchased service.

    Citrix Virtual Apps and Desktops Essentials is not supported on Citrix Analytics.

    To purchase a Citrix Workspace subscription, visit https://www.citrix.com/products/citrix-workspace/get-started.html and contact a Citrix Workspace expert who can help you.

  • Sites added to Workspace. Citrix Analytics automatically discovers the Sites added to Citrix Workspace. Add your Sites to Citrix Workspace before proceeding with onboarding on Citrix Analytics. This process is known as Site aggregation.

    Site aggregation requires you to install Cloud Connector, configure NetScaler Gateway STA servers for internal and external connectivity to Workspace resources, and then add the Sites to Workspace. For detailed instructions on Site aggregation, see Aggregate on-premises virtual apps and desktops in workspaces.

  • StoreFront version. If you are using a StoreFront deployment for your Sites, ensure that the StoreFront version is 1906 or later.

  • Site credentials for Citrix Analytics. While configuring your Site for the Actions feature of Citrix Analytics, you have to provide the Citrix administrator credentials for your on-premises Site. These credentials must have the following permissions:

    1. Citrix administrator role: Full Administrator

    2. Active Directory: Domain Users

  • Server URL for Citrix Director. Using this information, Citrix Analytics accesses the real-time data available to provide in-depth analysis of user behavior in your Site.

  • Delivery Controller. During the process of configuring your Site for advanced Citrix Analytics features such as policies and actions, you have to install a policy agent on a Delivery Controller in your on-premises Site. This agent enables your Site to communicate with Citrix Analytics on port 443 (HTTPS).

    Ensure that the Delivery Controller hosting the agent meets the following requirements:

    • Supports PowerShell 3.0 or later.

    • Outbound connections on TCP port 443 (HTTPS) are allowed.

Onboard Virtual Apps and Desktops Sites using Workspace

Sites already added to Citrix Workspace

Citrix Analytics automatically discovers the Sites that are already added to Citrix Workspace and displays them on the data source site card.

To view the data source:

From the top bar, click Settings > Data Sources > Security.

The Virtual Apps and Desktops site card displays the number of Sites added to Workspace and the users connected to these Sites. Click the site count to view the discovered Sites. Click the user count to view the discovered users on the Users page.

Linked data source

Sites not added to Citrix Workspace

If you have not already added your on-premises Sites to Workspace, Analytics cannot discover your Sites. The site card displays 0 discovered sites.

To add a Site to Workspace:

  1. Click + on the site card.

    Data Source

  2. On the Workspace Configuration page, click +Add Site.

    Workspace

  3. Follow the on-screen instructions to add a Site. For more information, see Aggregate on-premises virtual apps and desktops in workspaces.

  4. After adding the Site, log back to Citrix Analytics and refresh the Data Sources page to view the recently added Site on the site card.

Turn on data processing and view received events

To allow Analytics to begin processing data for the discovered sites, click Turn On Data Processing on the Site card and follow the prompts on the screen.

If you have multiple Sites added to the same Workspace, Analytics processes and stores data for all the Sites in the Workspace. You get a success message when Analytics is successfully enabled on all your sites.

Enable Analytics Success

The site card displays the received events for the last one hour, which is the default time selection. You can also select 1 week (1 W) and view the data. Click the number of received events to view the events on the corresponding self-service search page.

After you have enabled data processing, the site card might display the No data received status. This status appears for two reasons:

  1. If you have turned on data processing for the first time, the events take some time to reach the event hub in Citrix Analytics. When Citrix Analytics receives the events, the status changes to Data processing on. If the status does not change after some time, refresh the Data Sources page.

  2. Analytics has not received any events from the data source in the last one hour.

    No data virtual apps

Configure a policy agent on your Site

The Site card displays the Policy configuration incomplete message when a policy agent is not installed on your discovered Site. The policy agent enables you to apply the policies and actions on the user events received from your Site.

Note

The policy agent is required only for configuring policies and has no role in data transmission from your Site. After the Site is onboarded, Citrix Analytics receives data regardless of whether the policy agent is installed or not.

Connectivity requirements:

  • If you are using a proxy server in your Citrix environment, ensure that the following connectivity requirements are met:

    • The proxy server must use the basic authentication method.

    • The proxy server must forward the HTTPS or HTTP request from the policy agent without any change.

    • The https://manage-disc.citrix.com address must be accessible. You should not get any proxy error while accessing the address.

      Note

      However you might get the page not secure or the connection not private warning message while accessing the address through a web browser. You can proceed with the warning to view the page. The page does not contain any information to display. The policy agent uses this address to connect to the application server on the Citrix environment.

    • The policy agent uses the proxy configuration details defined for the machine on which the policy agent is installed. Ensure that the proxy configuration details are the same for the web browser and the machine.

  • If the machine on which you are installing a policy agent is behind a firewall, add the following addresses in your firewall exception list. These addresses are required to establish a connection between the policy agent on your machine and the application server on the Citrix environment.

    • https://smart.cloud.com

    • https://rttf.citrix.com

    • https://citrixworkspacesapi.net

    • https://ctxsym.citrix.com

    • https://manage-disc.citrix.com

    • 13.82.89.73

    • 40.87.65.119

    • 52.168.86.226

    • 13.92.86.28

To install and configure a policy agent:

  1. Click either Sites or Policy configuration incomplete on the site card to view to the Discovered Sites page to install the policy agent.

    Continue setup

  2. Click the Site that displays the Policy configuration incomplete message.

    Discovered agent

  3. Click Continue. The Install and Configure Analytics Policy Agent wizard appears.

    Install Agent

  4. Click Download Agent and save the policy agent package. Install the policy agent on one of the Delivery Controllers in your Site. For high availability and reliability, Citrix recommends that you install multiple policy agents on each Site.

    Note

    Ensure that your browser settings are configured to not block pop-up windows, else the policy agent might not download to your system.

    Download Agent

  5. After the installation finishes, click Connect to Installed Agent. The agent registers your Site with Citrix Analytics. This process might take a few minutes.

  6. Enter the user name and password for your Site administrator account and then click Next. Citrix Analytics verifies your entries.

    Controller Credential

  7. Enter your Site’s Director URL and click Next.

    Provide Director URL

  8. Review the configuration summary, verify that your Site is available for Citrix Analytics, and the policy agent is online. Click Done to close the wizard.

    Review Summary

The Citrix Virtual Apps and Desktops Site setup is completed successfully.

Add a Site

If you want to add another on-premises Site to Workspace, you can add it from Analytics:

  1. On the Site card, click the number of Sites to view the Discovered Sites page.

    Site selection

  2. On the Discovered Sites page, click + Add more Virtual Apps and Desktops Sites to Workspace.

    Multiple sites

  3. On the Workspace Configuration page, click +Add Site.

    Workspace

  4. Follow the on-screen instructions to add a Site. For more information, see Aggregate on-premises virtual apps and desktops in workspaces.

  5. After adding the Site, go to Citrix Analytics and refresh the Data Sources page to view the recently added Site on the site card.

Onboard Virtual Apps and Desktops Sites using StoreFront

If your organization uses an on-premises StoreFront deployment, you must configure your StoreFront servers to enable Citrix Workspace app to send user events to Analytics. The user events are processed by Analytics to provide actionable insights into user behaviors. For more information on how to configure a StoreFront deployment, see the Citrix Analytics service article in the StoreFront documentation.

If you do not configure your StoreFront server, Analytics does not receive any user events. As a result, you cannot turn on data processing. You see the following message when StoreFront is not configured. For details about how to configure the StoreFront server, see the Connect to a StoreFront deployment section.

StoreFront warning

Prerequisites

Before you begin, ensure the following:

  • Your StoreFront version must be 1906 or later.

  • The StoreFront deployment must be able to connect to the following address:

  • The StoreFront deployment must have port 443 open for outbound internet connections. Any proxy servers on the network must allow this communication with Citrix Analytics.

  • If the StoreFront deployment is hosted on a webserver that uses a web proxy to connect to the internet, the proxy for each store must be manually configured to allow outbound traffic. StoreFront does not automatically use the proxy setting of the host webserver. For more information, see Configure a StoreFront deployment hosted on a webserver that uses HTTP proxy.

  • The StoreFront deployment must be accessed using one of the following clients:

    • Citrix Receiver for Web sites in HTML5-compatible browsers.

      Note

      If you are an HTML5 user, Virtual Apps and Desktops can launch events when certain configurations are enabled on StoreFront. For information about the configuration steps, see the Install article in the Citrix Workspace app for HTML5 documentation. For print-related events, extra policies must be configured on StoreFront. For more information, see the PDF Printing article in the Citrix Workspace app for HTML5 documentation.

    • Citrix Workspace app 1907 for Windows or later.

    • Citrix Workspace app 2006 for Linux or later.

    • Citrix Workspace app 2006 for Mac or later

  • If you are using Citrix Virtual Apps and Desktops 7 1912 LTSR, the supported StoreFront version is 1912.

Connect to a StoreFront deployment

  1. On the Virtual Apps and Desktops- Workspace app site card, click the vertical ellipsis (⋮) and then select Connect StoreFront deployment.

    Connect stores

    Note

    The Connect StoreFront deployment option is disabled if you do not have a Site already discovered by Analytics. Add your on-premises Sites to Workspace to enable this option.

  2. On the Connect StoreFront Deployment page, review the checklist and select all the mandatory requirements. If you do not select a mandatory requirement, the Download File option is disabled.

    StoreFront-checklist

  3. Click Download File to download the StoreFrontConfigurationFile.json file.

    Note

    The file contains sensitive information. Keep the file in a safe and secure location.

    Download config file

  4. Copy the file to your StoreFront deployment. If you are using multi server deployment, copy the file to a server in the StoreFront server group.

  5. On the StoreFront server, open the PowerShell ISE and run the following command to import the configuration settings.

    Import-STFCasConfiguration -Path "configuration file path"
    

    For example, if the StoreFrontConfigurationFile.json file is on the desktop, specify the command as follows:

    Import-STFCasConfiguration –Path "$Env:UserProfile\Desktop\ StoreFrontConfigurationFile.json"
    
  6. Run the following command to verify the imported configuration settings.

    Get-STFCasConfiguration
    
  7. If you are using multi server deployment, you must propagate the configuration settings to all the servers in the server group. Use either the StoreFront management console or run the following command to propagate the settings.

    Publish-STFServerGroupConfiguration
    
  8. After configuration is successful, go to Citrix Analytics to view the connected StoreFront deployment. Click Turn On Data Processing to allow Citrix Analytics to process the data.

View received events

The site card displays the number of connected StoreFront deployments and the events received from these deployments for the last one hour, which is the default time selection. You can also select 1 week (1 W) and view the data. Click the number of received events to view the events on the self-service search page.

StoreFront received events

After you have enabled data processing, the site card might display the No data received status. This status appears for two reasons:

  1. If you have turned on data processing for the first time, the events take some time to reach the event hub in Citrix Analytics. When Citrix Analytics receives the events, the status changes to Data processing on. If the status does not change after some time, refresh the Data Sources page.

  2. Analytics has not received any events from the data source in the last one hour.

    No data virtual apps

View connected StoreFront deployments

The StoreFront deployments appear on Virtual Apps and Desktops- Workspace app site card only if the configuration is successful. The site card shows how many StoreFront deployments have established connections with Citrix Analytics.

View stores

Click the number of StoreFront deployments on the site card to view the server groups. For example, click 2 StoreFront deployments to view the connected server or server groups. Each StoreFront deployment is represented by a base URL and a ServerGroupID.

StoreFront group

Add or remove StoreFront deployments

To add a StoreFront deployment, click Connect to StoreFront Deployments on the Discovered Sites for Workspace app page. Download the configuration file and follow the steps to configure a StoreFront deployment.

Add stores

To stop the event transmission from a configured StoreFront deployment and remove it from Citrix Analytics:

  1. Go to the StoreFront deployment that you want to remove from Citrix Analytics. Run the following command to remove the configuration settings from your StoreFront server.

    Remove-STFCasConfiguration
    
  2. If you are using multi server deployment, run the following command to propagate the changes and remove the configuration settings from all the servers in the StoreFront server group.

    Publish-STFServerGroupConfiguration
    
  3. Run the following command to verify that the configuration settings have been successfully removed. The command returns nothing if the settings have been successfully removed.

    Get-STFCasConfiguration
    
  4. Log back to Citrix Analytics and choose the StoreFront deployment on the Discovered Sites for Workspace app page. Click the vertical ellipsis (⋮) and select Remove StoreFront deployments from Analytics.

    Remove store

    Note

    Run the specified commands on the StoreFront deployment before removing it from Citrix Analytics. If you fail to run the commands, Citrix Analytics continues to receive the events and the StoreFront deployment is added again at the next event pooling cycle.

Configure a StoreFront deployment hosted on a webserver that uses HTTP proxy

If a StoreFront is hosted on a webserver that uses a web proxy to connect to the internet, the store must be manually configured to register with Citrix Analytics. This configuration requires you to add a <system.net> section to the store web.config file. You must configure every store on the StoreFront deployment that sends events to Citrix Analytics.

There are two methods by which you can add the <system.net> section to the store web.config file:

  • Set the store proxy configuration via PowerShell for one or more stores (recommended method).

  • Manually add a <system.net> section to the store web.config file.

For more information on these methods, see the Configure StoreFront to use a web proxy to contact Citrix Cloud and register with Citrix Analytics article in the StoreFront documentation.

Connect to Citrix Director for on-premises sites

Citrix Director is a monitoring and troubleshooting console for Citrix Virtual Apps and Desktops. You can use Director to configure your on-premises sites for Citrix Analytics for Security (Security Analytics). After the sites are configured, Director sends monitoring events to Security Analytics. These events are used to discover the users connected to Security Analytics and determine the Workspace app versions installed on the users’ devices. For more information on Citrix Workspace app status, see Users dashboard.

Prerequisite and configuration steps

Notes

  • Currently, the Director user interface displays the configuration steps related to Citrix Analytics for Performance (Performance Analytics). These configuration steps are also applicable for Citrix Analytics for Security (Security Analytics). If you have an active Citrix Cloud entitlement for Security Analytics, you can connect to Citrix Director by following those steps.

  • If your Citrix Analytics account has active entitlements for both Security Analytics and Performance Analytics and you have already configured your site for Performance Analytics, you do not need to configure Director again for Security Analytics.

For information on the prerequisites and configuration steps, see Citrix Analytics for Performance documentation.

View your connected sites

After configuring your on-premises sites on Director, do the following:

  1. In Citrix Analytics, go to the Data Sources page.

  2. Click the Security tab.

  3. On the Virtual Apps and Desktops- Monitoring site card, the sites configured on your Citrix Director get displayed after some time.

    Connected monitoring sites

    Notes

    • The first time you configure a site, events from the site might take some time (approximately an hour) to get processed; causing a delay in the display of the connected site on the Virtual Apps and Desktops- Monitoring site card.

    • The data processing for the Director data source is enabled by default.

    • Unlike other data source site cards, you do not see any received events on the Virtual Apps and Desktops- Monitoring site card. It always shows zero received events. The reason is, currently Security Analytics does not provide insights into the user events received from the Director data source. This data source is used only for discovering the connected users and determining the Workspace app versions on the users’ devices.

  4. Click the sites to view the details.

    Monitoring site details

Turn on or off data processing on the data source

You can stop the data processing at any time for a particular data source- Director and Workspace app. On the data source site card, click the vertical ellipsis (⋮) > Turn off data processing. Citrix Analytics stops processing data for that data source. You can also stop the data processing from the Virtual Apps and Desktops site card. This option applies to both data sources- Director and Workspace app.

To enable data processing again, click Turn On Data Processing.

Citrix Virtual Apps and Desktops data source