This Article provide a configuration sample in NetScaler to fulfill "Client IP Address--User Name--VDA server" one-to-one association via NetScaler Gateway

---

Instructions

Brief Introduciton:
This configuration integrated NetScaler String Map feature, Smart Access mode and DDC Machine Catalogs with Static Desktop Experience setup.

1.NetScaler String Map contains "Client IP Address--User Name" mapping matrix, which will be referred by Session policy expression to check current session's mapping is correct. Otherwise, session policy will not be hit.
2.Storefront callback NetScaler Gateway via Smart Access mode to extract the effective session policy name, which will be used as a filter to enumerate resource list.
3.DDC create Machine Catalogs with Static Desktop Experience.
 

• Configuration Steps In NetScaler: 

1.Create a string map named 'User_IP_MAP' with  Username as Key, IP corresponding to the user as Value.
>add policy stringmap USER_IP_MAP
>bind policy stringmap USER_IP_MAP user1 192.168.1.1
>bind policy stringmap USER_IP_MAP user2 192.168.1.2
 
2.Invoke String Map in the SmartAccess mode session policy expression to evaluate whether the source IP of the user client is the same as the IP bound to the user in the String Map. 

 Bind the session policy in the highest priority, if true, hit this Session Policy. Otherwise, continue to check the next policy and hit other Session Policies.
>add vpn sessionPolicy USER_IP_MAP "AAA.USER.NAME.MAP_STRING(\"USER_IP_MAP\").EQ(CLIENT.IP.SRC.TYPECAST_TEXT_T)&&HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" AC_WB_x.x.x.x
>bind vpn vserver _XD_x.x.x.x_443 -policy USER_IP_MAP -priority 10 -gotoPriorityExpression NEXT -type REQUEST

3.Enable NetScaler Gateway Smart Access mode, Please uncheck ICA only option on the Gateway vServer.(Go Basic Settings>>More>>Uncheck ICA Only )

Note: smart access mode in NetScaler consuming the gateway universal license. Click here for more info.

• Configuration Steps in DDC

1. Machine Catalogs with Static Desktop Experience, click here for more info.
2. Complete the Smart Access configuration in Storefront and DDC, click here for more info.

 

This software application is provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that: (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the software application be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the software application.

This Article provide a configuration sample in NetScaler to fulfill "Client IP Address--User Name--VDA server" one-to-one association.