Product Documentation

Smart card system requirements

Mar 23, 2015

Card readers

ZKA (Zentraler Kredit Ausschuss or Central Credit Committee) Class 1 contact card readers that comply with the USB Chip/Smart Card Interface Devices (CCID) specification are supported. These contain a slot or swipe into which the user inserts the smart card. Other classes, including Class 2 (readers with keypads for entering PINs), contactless readers, and virtual smart cards based on the Trusted Platform Module (TPM) chip, are not supported.

You must obtain a device driver for the smart card reader and install it on the user device. Many smart card readers can use the CCID device driver supplied by Microsoft.

You must obtain a device driver and cryptographic service provider (CSP) software from your smart card vendor, and install them on both user devices and virtual desktops. The driver and CSP software must be compatible with Citrix XenDesktop. Check your vendor's documentation for compatibility. Citrix recommends that you:

  • Install the drivers and CSP software before installing any Citrix software on it.
  • Install and test the drivers on a physical computer before installing Citrix software.
Note: For virtual desktops running Windows 7 using smart cards that support and use the mini driver model, smart card mini drivers should download automatically, but you can obtain them from http://catalog.update.microsoft.com or from your vendor. Additionally, if PKCS#11 middleware is required, obtain it from the card vendor.

Smart card support also involves components available from Citrix partners. These are updated independently by the partners, and are not described here. For more information, refer to the Citrix Ready program at http://www.citrix.com/ready/ .

Remote access with smart cards

  • Smart cards are supported only for remote access to physical office PCs running Windows 7 or Windows 8; smart cards are not supported for office PCs running Windows XP.
  • The following smart cards were tested with remote PC access:
    • Gemalto .Net 2.0 with the Gemalto .Net mini driver
    • Gemalto IDPrime .NET 510 with Gemalto .Net mini driver
    • Gemalto PIV cards with ActivIdentity ActivClient 6.2

User devices

User devices must run Citrix Receiver. appropriate middleware, and one of the following operating systems:

  • Windows 8 (including Embedded Edition), 32-bit and 64-bit editions
  • Windows 7 (including Embedded Edition), 32-bit and 64-bit editions
  • Windows XP Professional, Service Pack 3 (32-bit edition)

Middleware

Receiver smart card support is based on Microsoft Personal Computer/Smart Card (PC/SC) standard specifications. A minimum requirement is that smart cards and smart card devices must be supported by the underlying Windows operating system and must be approved by the Microsoft Windows Hardware Quality Labs (WHQL) be used on computers running qualifying Windows operating systems. See http://www.microsoft.com for additional information about hardware PC/SC compliance.

The following smart card and middleware combinations have been tested by Citrix as representative examples of their type. However, other smart cards and middleware can also be used. For more information about Citrix-compatible smart cards and middleware, see http://www.citrix.com/ready.

Windows
Middleware Matching cards Notes

ActivClient 6.2 (DoD CAC edition) in GSC-IS mode

DoD CAC card

ActivClient 7.0 in GSC-IS mode

DoD CAC card

ActivClient 7.0 in PIV mode

DoD CAC card, NIST PIV card

GemAlto Mini Driver for .NET card

GemAlto IDPrime .NET 510

SafeNet Authentication Client 8.x for Windows

USB eToken 5100

Other requirements

Carry out these additional tasks prior to your smart card deployment:

  • Ensure that your public key infrastructure (PKI) is configured appropriately. This includes ensuring that certificate-to-account mapping is correctly configured for Active Directory environment and that user certificate validation can be performed successfully.
  • Configure components to use TLS 1.0 for smart card logon.
  • Ensure your deployment meets the system requirements of the other Citrix components used with smart cards, including Receiver and StoreFront.