This article introduces the Session Shadowing feature in Linux VDA.
 

Instructions

1. Leverage X11VNC in Linux VDA as a VNC server, it attaches to an existing Xorg session and presents the graphics to a VNC client. For more information about X11VNC, refer to x11vnc: a VNC server for real X displays.
2. Integrate Citrix Director with noVNC as in-browser VNC client, which uses HTML5 and can support encryption (wss://). For more information about noVNC, refer to noVNC.
3. Use Websockify as a websocket proxy between X11VNC server and noVNC client. By involving Websockify, the VNC connection between Linux VDA and Citrix Director can be SSL encrypted. For more information about Websockify, refer to Websockify.

1. Citrix administrator can logon to Director, locate the user session he/she wants to shadow, and  click Shadow in the Session Details:

2. The user on ICA session will get a shadow request window:

• The session user can deny the shadow request by clicking “No”
• By default, the confirmation request times out after 20s.

In either of above situation, the shadow request fails and the Citrix administrator will get an error prompt at Director:

3. If the session user clicks “Yes”, a new window will appear on Citrix Director Client side, indicating that the ICA session being shadowed. If the administrator wants to end session shadowing, just close the shadow window.

1. Session Shadowing feature requires Linux VDA 7.16 and Citrix Director 7.16 or above.
2. As described above, two new dependencies – python-websockify and x11vnc are introduced into Linux VDA to support Session Shadowing. Please refer to How to configure Session Shadowing for Linux VDA sessions for configuration details.
3. noVNC requires a browser with HTML5 support, this means it works on major modern browsers but not on some old versions of browsers, for example, IE 10. See Browser support for more details.
4. Session Shadowing is designed for use in an Intranet only. It does not work for external networks even connecting through NetScaler. Citrix disclaims any responsibility for Linux VDA Session Shadowing in an external network.
5. With Session Shadowing enabled, a Citrix administrator can only view the ICA sessions, but has no permission to write or control it.
6. One ICA session can be shadowed by only one administrator in one Citrix Director window. If an ICA session has been shadowed by administrator A and meanwhile, administrator B sends a shadowing request, the confirmation prompt for getting the user permission reappears on the user device. If the user agrees, the shadowing connection for administrator A discontinues and a new shadowing connection is built for administrator B.  It is the same if another shadowing request for the same ICA session is sent by the same administrator.
7. Linux VDA will launch one VNC server (X11VNC) for each shadowing session, and automatically selects ports from within 6001-6099 to build up connections from the Linux VDA to Citrix Director. Therefore, the number of ICA sessions that you can shadow concurrently to on Linux VDA server is limited to 99. Make sure that enough ports are available to meet your requirements, especially for multi-session shadowing.
8. Session Shadowing is enabled by default without SSL encryption. We provide an option to support SSL encryption for VNC connections and recommend you to enable SSL encryption for security consideration. Please refer to How to configure Session Shadowing for Linux VDA sessions for configuration details.
9. A Citrix Director client uses a FQDN rather than an IP address to connect to the target Linux VDA server. Therefore, the Citrix Director client must be able to resolve the FQDN of the Linux VDA server.