Force connections through Citrix Gateway using Optimal Gateway feature of StoreFront

The Optimal Gateway setting is available in StoreFront to force applications to launch through Citrix Gateway. It applies when accessing StoreFront through Citrix Receiver to connect to Citrix Gateway virtual server and launching resources from Citrix Virtual Apps and Desktops using a single sign-on.

System requirements:

  • 2 Citrix Gateway VPXs
  • 2 XenDesktop 7.1 DDCs
  • 2 separate StoreFront servers

From a domain joined device on the LAN/MPLS network, the users log on only once with the domain credentials at the windows logon prompt. The users must launch their Citrix apps using native receiver, through a Citrix ADC protected SSL connection. Before attempting to get this functionality to work, verify that the users can launch sessions directly with StoreFront and with Citrix ADC in ICA Proxy mode. Also, ensure that you have already configured NetScaler and StoreFront using CTX139963 and Citrix Receiver with pass-through authentication using CTX133855.

Configure the Optimal Citrix Gateway routing

The Optimal Gateway architecture allows you to route the user authentication to the StoreFront server. It launches the ICA session through the Citrix ADC to guarantee a secure connection. The credential handling is secure between the Windows machine and the StoreFront servers. With the customization done to StoreFront, the ICA Ticket routes the user connection through Citrix ADC.

To configure the Optimal Citrix Gateway routing for a store, modify the web.config file located at C:\inetpub\wwwroot\Citrix\Store\web.config to direct StoreFront to route user connections through Citrix Gateway.

Modify enabledOnDirectAccess="true" in the optimalGatewayForFarmsCollection key.

<optimalGatewayForFarmsCollection>
  <optimalGatewayForFarms enabledOnDirectAccess="true">
    <farms>
      <farm name="farmname" />
    </farms>
    <optimalGateway key="_" name="deploymentname" stasUseLoadBalancing="{true | false}"
     stasBypassDuration="hh:mm:ss" enableSessionReliability="{true | false}"
     useTwoTickets="{true | false}">
      <hostnames>
        <add hostname="appliancefqdn:port" />
      </hostnames>
      <staUrls>
        <add staUrl="https://stapath/scripts/ctxsta.dll" />
      </staUrls>
    </optimalGateway>
  </optimalGatewayForFarms>
  <optimalGatewayForFarms>
    ...
  </optimalGatewayForFarms>
</optimalGatewayForFarmsCollection>

Force connections through Citrix Gateway using Optimal Gateway feature of StoreFront