Citrix Gateway

How SmartAccess Works for Citrix Virtual Apps and Desktops

To configure SmartAccess, you need to configure Citrix Gateway settings on the Web Interface/StoreFront and configure session policies on Citrix Gateway. When you run the Published Applications Wizard, you can select the session policies you created for SmartAccess.

After you configure SmartAccess, the feature works as follows:

  1. When a user types the web address of a virtual server in a web browser, any preauthentication policies that you configured are downloaded to the user device.
  2. Citrix Gateway sends the preauthentication and session policy names to the Web Interface/StoreFront as filters. If the policy condition is set to true, the policy is always sent as a filter name. If the policy condition is not met, the filter name is not sent. This allows you to differentiate the list of published applications and desktops and the effective policies on a computer running Citrix Virtual Apps and Desktops, based on the results of the endpoint analysis.
  3. The Web Interface/StoreFront contacts the Citrix Virtual Apps and Desktops server and returns the published resource list to the user. Any resources that have filters applied do not appear in the user’s list unless the condition of the filter is met.

You can configure SmartAccess endpoint analysis on Citrix Gateway. To configure endpoint analysis, create a session policy that enables the ICA proxy setting and then configure a client security string.

When the user logs on, the endpoint analysis policy runs a security check of the user device with the client security strings that you configured on Citrix Gateway.

For example, you want to check for a specific version of Sophos Antivirus. In the expression editor, the client security strings appear as:

client.application.av(sophos).version == 10.0.2
<!--NeedCopy-->

After you configure the session policy, bind it to a user, group, or virtual server. When users log on, the SmartAccess policy check starts and verifies whether the user device has Version 10.0.2 or later of Sophos Antivirus installed.

When the SmartAccess endpoint analysis check is successful, the Web Interface/StoreFront portal appears in a clientless session. Otherwise, the Access Interface appears.

When you create a session policy for SmartAccess, the session profile does not have any settings configured, which creates a null profile. In this case, Citrix Gateway uses the Web Interface/StoreFront URL configured globally for SmartAccess.

How SmartAccess Works for Citrix Virtual Apps and Desktops