Product Documentation

Secure Director deployment

Oct 26, 2016

This article highlights areas that may have an impact on system security when deploying and configuring Director.

Configure Microsoft Internet Information Services (IIS)

You can configure Director with a restricted IIS configuration. Note that this is not the default IIS configuration.

Filename extensions

You can disallow unlisted file name extensions.

Director requires these file name extensions in Request Filtering:

  • .aspx
  • .css
  • .html
  • .js
  • .png
  • .svc

Director requires the following HTTP verbs in Request Filtering. You can disallow unlisted verbs.

  • GET
  • POST
  • HEAD

Director does not require:

  • ISAPI filters
  • ISAPI extensions
  • CGI programs
  • FastCGI programs


  • Director requires Full Trust. Do not set the global .NET trust level to High or lower.
  • Director maintains a separate application pool.To modify the Director settings, select the Director Site and modify.

Configure user rights

When Director is installed, its application pools are granted the logon right Log on as a service and the privileges Adjust memory quotas for a process, Generate security audits, and Replace a process level token. This is normal installation behavior when application pools are created.

You do not need to change these user rights. These privileges are not used by Director and are automatically disabled.

Certificates in Director:

  • For using HTTPS, trusted certificates can be configured and used.

Director communications

In a production environment, Citrix recommends using the Internet Protocol security (IPsec) or HTTPS protocols to secure data passing between Director and your servers. IPsec is a set of standard extensions to the Internet Protocol that provides authenticated and encrypted communications with data integrity and replay protection. Because IPsec is a network-layer protocol set, higher level protocols can use it without modification. HTTPS uses the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to provide strong data encryption.

The TLS Relay can be used to secure data traffic between Director and XenApp/XenDesktop servers. For more information, see the blog article Securing Citrix Director: OData Interface through TLS.

Citrix recommends securing communications between Director and users' devices using NetScaler Gateway and HTTPS. To use HTTPS, Director requires that the Microsoft Internet Information Services (IIS) instance hosting the authentication service is configured for HTTPS. In the absence of the appropriate IIS configuration, Director uses HTTP for communications. Citrix strongly recommends that you do not enable unsecured user connections to Director in a production environment.

Director security separation

If you deploy any web applications in the same web domain (domain name and port) as Director, then any security risks in those web applications could potentially reduce the security of your Director deployment. Where a greater degree of security separation is required, Citrix recommends that you deploy Director in a separate web domain.