Recently, I have been involved more and more in projects where Office365 is to be fully implemented in Citrix environments. This means that the customer not only needs the standard Office applications Outlook, Excel and Word, but also wants to use teams and OneDrive.
But this is exactly where we, without additional software, have big problems in non-persistent desktop environments. For example with our profiles (Team Installer stores its data in the profile) or so that the data is downloaded from the Internet every time (excluding OneDrive Sync data in the profile).
However, we have recently been in the fortunate position of being able to use FSLogix “free of charge” for this purpose, if we meet the following requirements:
Continue reading “FSLogix Container (Office/Profile) in Citrix Environments”
- Microsoft 365 E3/E5
- Microsoft 365 A3/A5/ Student Use Benefits
- Microsoft 365 F1
- Microsoft 365 Business
- Windows 10 Enterprise E3/E5
- Windows 10 Education A3/A5
- Windows 10 VDA per user
- Remote Desktop Services (RDS) Client Access License (CAL)
- Remote Desktop Services (RDS) Subscriber Access License (SAL)
On September 19, Citrix Virtual Apps and Desktops (CVAD) version 1909 was released. Following a little guide to the update to the latest version.
Link to Citrix Virtual Apps and Desktops Documentation
Continue reading “Update to Virtual Apps and Desktops Version 1909”
For quite some time (Beginning of 2017) it is now possible to solve SSO scenarios with Azure even without ADFS infrastructure. However, it is only recently that companies has started to not insist on ADFS. Now one may finally also point out the alternative solutions of Microsoft.
The possible scenarios for Seamless SSO are:
- Pass-through authentication (PTA)
- Password Hash Sync (PHS)
Pass-through authentication (PTA)
- No automatic detection of leaked login data
- Azure AD DS requires enabled Password Hash Synchronization feature in tenant to work
- Is not part of Azure AD Connect Health
Password Hash Sync (PHS)
Continue reading “Activation of Azure AD Seamless Single Sign-On”
- Password is synchronized to the cloud (as hash value)
Since Citrix XenApp / XenDesktop 7.9 the Federated Authentication Service (FAS) is available. Via Citrix FAS it is possible to authenticate a user via SAML and thus connect Citrix as a service provider to existing identity providers, such as Azure-AD.
Sequence of SAML authentication
Continue reading “SAML Authentication with Azure AD as IdP and Citrix as SP”
- The user browse the FQDN (e.g. citrix.deyda.net) of the Citrix Gateway vServer (Service Provider) to start his VA / VD resources
- The Citrix Gateway vServer directs the unauthenticated user directly to the Identity Provider (Azure-AD) to authenticate itself (saml: authnRequest)
- The Identity Provider points to its SingleSignOnService URL (e.g. login.microsoftonline.com) and the user must authenticate
- The user enters his AD credentials and these are checked by the Identity Provider against the user database
- Upon successful verification in the user database, the IdP is informed
- The IdP issues a token (SAML assertion) and sends it to the Citrix Gateway (saml: response)
- Citrix Gateway checks the token (assertion signature) and extracts the UPN from the assertion token. This allows access via SSO to the VA / VD farm via FAS (The SP does not have access to the user’s credentials)
In one of my recent projects, I had to build several Citrix ADCs in a new data center. After consultation with the customer, the same services and functions should be configured as in the old data center. The only difference was that the new data center should use different IP ranges and therefore all network settings of the Citrix ADCs and the connected services had to be adapted.
Continue reading “Copy a Citrix ADC configuration to a new machine”
- Same version and build on all Citrix ADC
- Same Citrix ADC license version on all Citrix ADC
- IP addresses of the new Citrix ADC should be defined and free (NSIP, SNIP & VIP).
- IP addresses of the connected machines should be known (server or server groups)
- Basic configuration of the new Citrix ADC should be done (NSIP, SNIP, DNS, Timezone & License)