involves domain-joined user devices that run the Desktop Viewer and connect to
StoreFront through NetScaler Gateway/Access Gateway.
A user logs on to a
device using a smart card and PIN, and then logs on again to NetScaler
Gateway/Access Gateway. This second logon can be with either the smart card and
PIN or a user name and password because Receiver allows bimodal authentication
in this deployment.
The user is
automatically logged on to StoreFront, which passes the user security
identifiers (SIDs) to Citrix XenDesktop. When the user starts a virtual desktop
or application, the user is not prompted again for a PIN because the single
sign-on feature is configured on Receiver.
This deployment can
be extended to a double-hop with the addition of a second StoreFront server and
a server hosting applications. A Receiver from the virtual desktop
authenticates to the second StoreFront server. Any authentication method can be
used for this second connection. The configuration shown for the first hop can be reused in the second hop or used in the second hop only.