How to Setup to Connection Internally to VDAs from Specific Delivery Groups Bypassing Netscaler

How to Setup to Connection Internally to VDAs from Specific Delivery Groups Bypassing Netscaler

book

Article ID: CTX568595

calendar_today

Updated On:

Description

User Requirements:
1. All users log in from an identical Gateway URL via web browsers, like Chrome and Edge.
2. For VDAs in one specific Delivery Group, users require an Intranet ICA connection directly to these VDAs bypassing the Netscaler.
3. There is only one single store and one single CVAD site.

Instructions

In StoreFront versions released before 3.5, you could map an Optimal Gateway only to a farm or farms. 
Now in StoreFront 3.6 or newer versions, Optimal Gateway can be additionally configured at a zone level besides farm/site level.

With the support of zone when defining optimal gateway mappings, we can set up a direct ICA connection to VDAs for specific Delivery Groups bypassing the Netscaler.

Disclaimer: information displayed in screenshots are from lab servers

1. Create a new Satellite Zone.
    Then, add the Machine Catalogs with target VDAs requiring direct ICA connection bypassing Netscaler to this zone. 
    Note: Delivery Groups can't be added to a Zone by design.

    In this example, the Satellite Zone is named "Internal", and Machine Catalog "Server2016" is moved to this zone.
image.png

2. ​​Set up two vServers on Netscaler, one is for authentication and another is for ICA proxy.
    Here we name the vServer for authentication "AuthOnly", and the vServer for ICA proxy "ICAOnly".
 
  3. Add the two vServers to StoreFront.
      Click Manage Citrix Gateway:
    - Add gateway "AuthOnly", in Usage or role, select  "Authentication only".
    - Add gateway "ICAOnly", in Usage or role, select  "HDX Routing only".
image.pngimage.png
    image.png
 
4. Select “Configure Remote Access Settings” for the store.
      In Citrix Gateway appliances select AuthOnly.
image.png
 
5. Select "Configure Store Settings" -> "Optimal HDX Routing".
    - Edit "Direct HDX connection", add Internal Zone to the Zone section.
    - Edit "ICAOnly", add Primary Zone to the Zones section, and select External only.

image.png


6. By completing the preceeding steps, we shall see the workflow and outcome below:
  - All users login via the identical Gateway URL https://auth.***.com.
  - When users are launching desktop/apps published catalog Server2016 in the Satellite Zone, the ICA connections are established between client machines and VDAs directly in Intranet bypassing the Netscaler.
  - While users are launching desktop/apps from other catalogs(Primary Zone), the connections are proxied through the Netscaler via vServer "ICAOnly".

Powered by Wolken Software