For quite some time (Beginning of 2017) it is now possible to solve SSO scenarios with Azure even without ADFS infrastructure. However, it is only recently that companies has started to not insist on ADFS. Now one may finally also point out the alternative solutions of Microsoft.
The possible scenarios for Seamless SSO are:
- Pass-through authentication (PTA)
- Password Hash Sync (PHS)
Pass-through authentication (PTA)
- No automatic detection of leaked login data
- Azure AD DS requires enabled Password Hash Synchronization feature in tenant to work
- Is not part of Azure AD Connect Health
Password Hash Sync (PHS)
Continue reading “Activation of Azure AD Seamless Single Sign-On”
- Password is synchronized to the cloud (as hash value)
Since Citrix XenApp / XenDesktop 7.9 the Federated Authentication Service (FAS) is available. Via Citrix FAS it is possible to authenticate a user via SAML and thus connect Citrix as a service provider to existing identity providers, such as Azure-AD.
Sequence of SAML authentication
Continue reading “SAML Authentication with Azure AD as IdP and Citrix as SP”
- The user browse the FQDN (e.g. citrix.deyda.net) of the Citrix Gateway vServer (Service Provider) to start his VA / VD resources
- The Citrix Gateway vServer directs the unauthenticated user directly to the Identity Provider (Azure-AD) to authenticate itself (saml: authnRequest)
- The Identity Provider points to its SingleSignOnService URL (e.g. login.microsoftonline.com) and the user must authenticate
- The user enters his AD credentials and these are checked by the Identity Provider against the user database
- Upon successful verification in the user database, the IdP is informed
- The IdP issues a token (SAML assertion) and sends it to the Citrix Gateway (saml: response)
- Citrix Gateway checks the token (assertion signature) and extracts the UPN from the assertion token. This allows access via SSO to the VA / VD farm via FAS (The SP does not have access to the user’s credentials)
Through various recent projects, I had to work through the clutter of information regarding NVIDIA vGPU licensing.
Here is a small summary of this information.
NVIDIA vGPU Architecture
Under the control of the NVIDIA GPU Virtual Manager, running in the hypervisor, the NVIDIA Physical GPU can operate multiple virtual GPU devices (vGPUs), that can be assigned directly to the Guest VM.
The Guest VMs use the NVIDIA virtual vGPUs in the same way as a physical GPU would come from the hypervisor by direct passed through. The NVIDIA Driver loaded into the guest VM provides Direct GPU Access for high-performance operations. The NVIDIA Virtual GPU Manager paravirtualized interface performs the non-performance management operations for the NVIDIA Driver.
Continue reading “NVIDIA vGPU Licensing”
Delivery Groups: New Studio interface for creating machine restart schedules
In earlier releases, you used Studio to create a restart schedule for machines in a Delivery Group. To create multiple schedules, you used PowerShell cmdlets. Now, the updated Studio interface enables you to create and manage one or more restart schedules.
A schedule can affect either:
Continue reading “What’s new in Citrix Virtual Apps and Desktops 7 1811”
- All of the machines in the group.
- One or more (but not all) machines in the group. The machines are identified by a tag that you apply to the machine. This is called a tag restriction, because the tag restricts an action to only items (in this case, machines) that have the tag.
SQL Maintenance Plan
The Maintenance Plan Wizard creates jobs for the Microsoft SQL Server Agent. This allows you to perform various database management tasks at specific intervals, e.g. Backups, database health checks or database statistic updates. This should be configured for all SQL databases, as this will prevent the transaction logs from becoming excessively large. Excessively large transaction logs can make the server inefficient and unstable.
Continue reading “Create a SQL Maintenance Plan for Citrix DB”