involves non-domain-joined user devices that may run the Desktop Lock and
connect to StoreFront through Desktop Appliance sites.
The Desktop Lock is
a separate component that is released with Citrix XenDesktop and Citrix
VDI-in-a-Box. It is an alternative to the Desktop Viewer and is designed mainly
for repurposed Windows computers and Windows thin clients. The Desktop Lock
replaces the Windows shell and Task Manager in these user devices, preventing
users from accessing the underlying devices. With the Desktop Lock, users can
access Windows Server Machine desktops and Windows Desktop Machine desktops.
Note: Installation of
Desktop Lock is optional.
A user logs on to a
device with a smart card. If Desktop Lock is running on the device, the device
is configured to launch a Desktop Appliance site through Internet Explorer
running in Kiosk Mode. An ActiveX control on the site prompts the user for a
PIN, and sends it to StoreFront. StoreFront passes the user security
identifiers (SIDs) to Citrix XenDesktop. The first available desktop in the
alphabetical list in an assigned Desktop Group starts.
This deployment can
be extended to a double-hop with the addition of a second StoreFront server and
a server hosting applications. A Receiver from the virtual desktop
authenticates to the second StoreFront server. Any authentication method can be
used for this second connection.
The configuration shown for the first hop can be reused in the second hop or used in the second hop only.