involves non-domain-joined user devices that run the Desktop Viewer and connect
directly to StoreFront.
A user logs on to a
device. Typically, the user enters a user name and password but, since the
device is not joined to a domain, credentials for this logon are optional.
Because bimodal authentication is possible in this deployment, Receiver prompts
the user either for a smart card and PIN or a user name and password. Receiver
then authenticates to Storefront.
the user security identifiers (SIDs) to Citrix XenDesktop. When the user starts
a virtual desktop or application, the user is prompted for a PIN again because
the single sign-on feature is not available in this deployment.
This deployment can
be extended to a double-hop with the addition of a second StoreFront server and
a server hosting applications. A Receiver from the virtual desktop
authenticates to the second StoreFront server. Any authentication method can be
used for this second connection.
The configuration shown for the first hop can be reused in the second hop or used in the second hop only.