To install and configure StoreFront, complete the following steps in order.
If you plan to use StoreFront to deliver XenDesktop, XenApp, or VDI-in-a-Box resources to users, ensure that the StoreFront server is joined to either the Microsoft Active Directory domain containing your users' accounts or a domain that has a trust relationship with the user accounts domain.
Optionally, if you plan to configure a multiple server StoreFront deployment, set up a load balancing environment for your StoreFront servers.
To use NetScaler for load balancing, you define a virtual server to proxy your StoreFront servers. For more information on configuring NetScaler for load balancing, see Load Balancing Traffic on a NetScaler.
For each StoreFront server, create individual HTTP or SSL load balancing services, as appropriate, using the StoreFront monitor type.
For more information, see Monitoring Citrix StoreFront Stores.
Configure the services to insert the client IP address into the X-Forwarded-For HTTP header of requests forwarded to StoreFront, overriding any global policies.
StoreFront requires users' IP addresses to establish connections to their resources. For more information, see Inserting the IP Address of the Client in the Request Header.
On the virtual server, configure persistence on the basis of source IP address.
Persistence ensures that only the initial user connection is load balanced, after which subsequent requests from that user are directed to the same StoreFront server. For more information, see Persistence Based on Source IP Address.
Optionally, enable the following features.
Optionally, enable the following roles and their dependencies on the StoreFront server.
On Windows Server 2012 servers:
Web Server (IIS) > Web Server > Application Development > .NET Extensibility 4.5, Application Initialization, ASP.NET 4.5, ISAPI Extensions, ISAPI Filters
On Windows Server 2008 R2 servers:
Web Server (IIS) > Web Server > Application Development > .NET Extensibility, Application Initialization, ASP.NET, ISAPI Extensions, ISAPI Filters
The StoreFront installer checks that all the features and server roles above are enabled.
Optionally, configure Microsoft Internet Information Services (IIS) for HTTPS if you plan to use HTTPS to secure communications between StoreFront and users' devices.
HTTPS is required for smart card authentication. By default, Citrix Receiver requires HTTPS connections to stores. You can change from HTTP to HTTPS at any time after installing StoreFront, provided the appropriate IIS configuration is in place.
To configure IIS for HTTPS, use the Internet Information Services (IIS) Manager console on the StoreFront server to create a server certificate signed by your domain certification authority. Then, add HTTPS binding to the default website. For more information about creating a server certificate in IIS, see http://technet.microsoft.com/en-us/library/hh831637.aspx#CreateCertificate. For more information about adding HTTPS binding to an IIS site, see http://technet.microsoft.com/en-us/library/hh831632.aspx#SSLBinding.
Ensure your firewalls and other network devices permit access to TCP port 80 or 443, as appropriate, from both inside and outside the corporate network. In addition, ensure that any firewalls or other devices on your internal network do not block traffic to any of the unassigned TCP ports.
When you install StoreFront, a Windows Firewall rule is configured enabling access to the StoreFront executable through a TCP port randomly selected from all unreserved ports. This port is used for communications between the StoreFront servers in a server group.