Web Authentication Action in NetScaler

On one of my recent deployments, I needed to set up external access using NetScaler to an internally hosted web application (Grafana).

Grafana is a cross-platform open source application for graphical representation of data from various data sources such as InfluxDB, MySQL, PostgreeSQL, Prometheus and Graphite.

The challenge here was that the customer wanted to pre-install authentication on the NetScaler, but the users were only known to the web application itself.

The question that therefore came to me was:
How can I check the user of the web application if only the web application itself has access to the user data?

I had only used standards like LDAP, RADIUS, CERT, SAML etc. for user authentication on NetScaler, but these were not useful here because the target system should not be changed.

Continue reading “Web Authentication Action in NetScaler”

WEM Administration Console – Part 2 (System Optimization, Policies & Profiles and Security)

Current version is Workspace Environment Management 2206.

Workspace Environment Management 2206

In the following I will give an insight into the menu items System Optimization, Policies & Profiles and Security.

System Optimization, Policies & Profiles and Security

System Optimization

These settings are used to reduce resource usage on the host. They are used to free up resources and make them available for other applications, thereby increasing the user density per host.

While the System Optimization settings are machine-based and apply to all user sessions of a machine, the Process Optimization under CPU Management is user-based.

That is, when a process triggers CPU Spike Protection in user A’s session, the event is recorded and limited for user A only. When user B starts the same process, the behavior of process optimization is determined only by process triggers in user B’s session.

System Optimization CPU Management Memory Management I/O Management Fast Logoff Citrix Optimizer Multi-session Optimization
Continue reading “WEM Administration Console – Part 2 (System Optimization, Policies & Profiles and Security)”

SAML Authentication between Citrix & Microsoft with Azure MFA

Extension of the existing article with further troubleshooting cases.

As a result of increasing projects, here is a little how-to with the summary of my previous articles. The main points are:

  • Azure AD Seamless Single Sign-On (PTA / PHS)
  • SAML Authentication (Azure AD as IdP & Citrix Gateway as SP)
  • Citrix Federated Authentication Service (FAS)
  • Microsoft Azure Multi-Factor-Authentication with Conditional Access

Requirements

  • Fully working Citrix Virtual Apps and Desktop Environment (StoreFront & DDC Minimum Version 7.9)
  • Citrix ADC with successful base configuration & activated Enterprise or Platinum license (Minimum Version 12.1 Build 50+ for native workspace app, for browser Minimum Version 11.1)
  • Configured Unified Gateway vServer
  • Internal and external DNS entries for Unified Gateway vServer (e.g. citrix.deyda.net)
  • Certificates for DNS entries (wildcard certificates are the easiest)
  • Existing Azure Tenant with Azure-AD base configuration (Domain, AAD Sync) & activated Azure AD Premium license
  • AD Connect version installed and configured (Minimum Version 1.1.644.0)
  • Firewall release for *.msappproxy.net on port 443
  • Domain administrator credentials for the domains that connected to Azure AD via AD Connect
  • Installed Authenticator App on Test User Mobile Phone
Continue reading “SAML Authentication between Citrix & Microsoft with Azure MFA”

WEM Administration Console – Part 1 (Actions, Filters & Assignments)

Current version is Workspace Environment Management 2206.

Workspace Environment Management 2206

Known problems

  • When VUEMRSAV.exe is used to display results on actions applied through an action group for the current user, the Applied Actions tab may display the wrong source of actions. [WEM – 20002]
Continue reading “WEM Administration Console – Part 1 (Actions, Filters & Assignments)”

Installing Workspace Environment Management

Workspace Environment Management optimizes Citrix workers for the best possible performance (user density, logon time and application response time).

WEM is subject to the Current Release Lifecycle (Additional Component) and therefore there is no LTSR version of WEM available.

To use WEM, you must have an active Customer Success Services (CSS) for one of the following licenses:

  • Citrix Virtual Apps Advanced
  • Citrix Virtual Apps Premium
  • Citrix Virtual Apps and Desktops Advanced
  • Citrix Virtual Apps and Desktops Premium
  • Citrix Workspace Premium
  • Citrix Workspace Premium Plus

Technical Overview

Workspace Environment Management (WEM) is based on the following architecture:

WEM architecture
Continue reading “Installing Workspace Environment Management”