EDT Security using DTLS
 
As from XenApp and XenDesktop 7.16 VDAs, DTLS is supported (refer to the Windows OS VDA 7.16 Schannel library support for DTLS article).

This means that backend connection between NetScaler and the VDA could optionally use DTLS.
In addition, Receiver could optionally use DTLS in direct connection to the VDA. The required configurations for the back-end are the same as the existing TLS security policies in StoreFront and VDA (refer to the SSL configuration on VDA Citrix Support Knowledge Center article).
 
The benefit is that end-to-end DTLS security is now supported: Receiver => NetScaler Gateway => VDA or Receiver => VDA direct.
 
EDT with DTLS has been supported with NetScaler on the front-end (Receiver to NetScaler) since 11.1.51.21 and 12.0.35.6. DTLS and CGP continue to be a requirement for the front-end EDT connection to NetScaler.

Important: Citrix strongly recommends to use 11.1.55.10 or 12.0.53.6 (or higher) as those builds contain some important DTLS fixes. You need to manually enable DTLS on the NSG front-end VPN vServer.
Newer NetScaler 12.0.56.20 or higher builds will have DTLS = On by default for the front-end.
NetScaler 12.0.56.20 is the first version that supports DTLS on the backend vServer.

Receivers for Windows (4.7 or higher), MAC (12.5 or higher), iOS (7.2 or higher), Android (3.13 or higher) and Linux (13.7 or higher) all support DTLS 1.0.

• CTX220730 - How to Confirm HDX Enlightened Data Transport Protocol is Active
• CTX230014 - How to Troubleshoot EDT Connections
• CTX230011 - EDT Session Connection/Reconnection Attempts using UDP and TCP in Parallel
• CTX226014 - Application Launch Fails with "Unknown client error 1110" When Using EDT/DTLS on NetScaler Gateway
• CTX224373 - XenDesktop 7.x Unable to launch published desktop with Adaptive transport policy enabled