Thursday, February 18, 2016

Citrix Web Interface User Roaming And Citrix StoreFront Multi-Site

Web Interface (version 5.2+) has a handy feature which limits enumeration of farms depending on group membership. In Web Interface this feature is called "User Roaming" - note this is NOT "Session Roaming".
Lets say your WI is configured to enumerate resources from 2 XA farms. One farm is in the UK, the other is in the US. For the UK WI, you want the UK users to logon to resources in the UK XA farm and US users to logon to resources in the US XA farm.
To do this you would modify the webinterface.conf file.
If the farms are defined as:
Farm1=UKXA1.domain.com,Name=UkFarm,...
Farm2=USXA1.domain.com,Name=UsFarm,...
Then, the AD groups you allow to enumerate that farm are defined as:
Farm1Groups=domain\UKUsers
Farm2Groups=domain\USUsers

How is this configured in StoreFront?
The equivalent feature in StoreFront is called 'User Farm Mapping' which is part of the StoreFront 'Multi-Site' functionality. In StoreFront, the web.config file of the site needs to be modified.
The web.config file can be found in C:\inetpub\wwwroot\Citrix\store_name
Note that store_name is the name of the Store, not the name of the 'Receiver for Web' site.



Within the web.config file, find the XML element 'resourcesWingConfigurations'.
By default it should look like:

Within the "resourcesWingConfigurationselement, create a new "resourcesWingConfiguration" element (the child element is not a plural)..



The new "resourcesWingConfiguration" above allows only members of the 'domain\UKUsers' AD group to be enumerated resources from the 'Controller' site.

Note:
  • The farm name here is "Controller". This is the default farm name which the StoreFront Administration Console assigns to the first Site you configure.
  • You must also specify the SID of the Active Directory group. This can be easily found using a utility such as PsGetSid from SysInternals.
  • Optionally you can specify a Backup farm in case the StoreFront server is unable to contact the primary farm Controller(s).


How to check the name of the farm
Two methods:
1) Open the Citrix StoreFront console, select the store and click 'Manage Delivery Controllers'


2) Check in the web.config file for the store. The farm name will be inside the element.


Citrix StoreFront 3.0.1.57 was used to validate this procedure.

Posted by at No comments:

Wednesday, February 17, 2016

Smart Access in Citrix XenApp/XenDeskop 7

Smart Access is a useful Citrix feature which allows you to set specific Citrix policies depending on where the user is accessing from. For example a common use of Smart Access is to disable drive mapping for users connecting from the Internet (via a NetScaler gateway).

Two important things to note:
1) The XML broker which the StoreFront server is using must be set to trust XML requests.
2) In the policy filter, the "NetScaler Gateway farm name" = the name of the NetScaler Gateway vServer which is configured in the NetScaler Configuration manager.

In the screenshot above, the NetScaler Gateway farm name is "XD2". This is the name of the NetScaler Gateway vServer as can be seen below:


To Trust XML Requests on the Controller:
Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true


With these configured the Smart Access policies should apply successfully.

Posted by at No comments:
Subscribe to: Posts (Atom)