Citrix Gateway

Configure Citrix Gateway enabled PCoIP proxy for VMware Horizon View

Prerequisites

Version - Citrix ADC 12.0 or above

Universal License - PCoIP Proxy uses the Clientless Access feature of Citrix Gateway, which means every Citrix Gateway connection must be licensed for Citrix Gateway Universal. On the Citrix Gateway virtual server, ensure ICA Only is cleared.

Horizon View infrastructure - A functional internal Horizon View infrastructure. Ensure you are able to connect to Horizon View Agents internally without Citrix Gateway. Ensure that the Horizon View HTTP(S) Secure Tunnel and PCoIP Secure Gateway are not enabled on the View Connection Servers that Citrix ADC will proxy connections to. Following versions of VMware Horizon view are supported.

  • Connection Server: 7.0.1 and above
  • Horizon Client: 4.2.0 and above (Windows and Mac)

Firewall Ports:

Ensure the following:

  • UDP 4172 and TCP 443 must be open from Horizon View Clients to the Citrix Gateway VIP.
  • UDP 4172 must be open from the Citrix ADC SNIP to all internal Horizon View Agents.
  • PCoIP Proxy is supported on Citrix ADC deployed behind NAT. Following are the important points to consider:
    • Support is based on VPN virtual server FQDN parameter setting
    • Supports only publicly accessible FQDN and not IP
    • Supports only 443 and 4172 ports
    • Must be a static NAT

Certificate – A valid certificate for the Citrix Gateway virtual server.

Authentication – An LDAP authentication policy/server using advanced syntax.

Unified Gateway (optional) – If Unified Gateway, create the Unified Gateway before adding PCoIP functionality.

RfWebUI Portal Theme – For web browser access to Horizon View, the Citrix Gateway virtual server must be configured with the RfWebUI theme.

Horizon View Client – The Horizon View Client must be installed on the client device, even if accessing Horizon published icons using the Citrix ADC RfWebUI portal.

To configure Citrix Gateway to support PCoIP proxy for VMWare Horizon View:

  1. Navigate to Configuration > Citrix Gateway Policies > PCoIP.

  2. Create a virtual server profile and a PCoIP profile on the PCoIP Profiles and Connections page.

    1. To create a virtual server profile, on the VServer Profiles tab, click Add.

    2. Enter a name for the virtual server profile.

    3. Enter an Active Directory Domain Name that is used for single sign-on to View Connection Server, and then click Create. Note:  Only a single Active Directory domain is supported per Citrix Gateway virtual server. Also, the domain name specified here is displayed in the Horizon View Client.

    4. Click Login.

    5. To create a PCoIP profile, on the Profiles tab, click Add.

      1. Enter a name for the PCoIP profile.

      2. Enter the connection URL for the internal VMware Horizon View Connection Server, and then click Create.

    6. Navigate to Configuration > Citrix Gateway > Policies > Session.

    7. On the right, select the Session Profiles tab.

    8. On the Citrix Gateway Session Policies and Profiles page, create or edit a Citrix Gateway session profile.

      1. To create a Citrix Gateway session profile, click Add, and provide a name.

      2. To edit a Citrix Gateway session profile, select the profile, and click Edit.

    9. On the Client Experience tab, ensure that the Clientless Access value is set to On.

    10. On the Security tab, ensure that the Default Authorization Action value is set to ALLOW.

    11. On the PCoIP tab, select the required PCoIP profile, and then click Create. You can also create or edit PCoIP Profiles from this tab.

    12. Click Create or OK to finish creating or editing the Session Profile.

    13. If you have created a session profile, then you must also create a corresponding session policy.

      1. Navigate to Configuration > Citrix Gateway > Policies > Session.

      2. select the Session Policies tab and then click Add.

      3. In the Create Citrix Gateway Session Policy page, enter a name for the policy.

      4. In Profile, select an existing profile or click Add and create a profile.

      5. Add an expression.
        1. Click Advanced Policy and then click Expression Editor.
        2. In Expression, select the expression as per your requirement.
      6. Click OK.
    14. Bind the created PCoIP virtual server profile and session policy to a Citrix Gateway virtual server.

      1. Go to Citrix Gateway > Virtual Servers.

      2. On the right, either Add a new Citrix Gateway virtual server, or Edit an existing Citrix Gateway virtual server.

      3. If you are editing an existing Citrix Gateway virtual server, in the Basic Settings section, click the pencil icon.

      4. For both adding and editing, in the Basic Settings section, click More.

      5. Use the PCoIP VServer Profile menu to select the required PCoIP virtual server Profile.

      6. Scroll down and ensure that ICA Only is cleared. Then click OK to close the Basic Settings section.

      7. If you are creating a Citrix Gateway virtual server, bind a certificate, and bind an LDAP authentication policy.

      8. Scroll down to the Policies section and click the plus icon.

      9. The Choose Type page defaults to Session and Request. Click Continue.

      10. In the Policy Binding section, click Click to select.

      11. Select the required Session Policy that has the PCoIP Profile configured, and click Select.

      12. In the Policy Binding page, click Bind.

      13. If you want to use a web browser to connect to VMware Horizon View, under Advanced Settings, add the Portal Themes section. If you are only using the Horizon View Client to connect to Citrix Gateway, then you don’t must perform this step.

      14. Use the Portal Theme menu to select RfWebUI and click OK.

      15. Horizon View published icons are added to the RfWebUI portal.

      Note: VMware uses two or more protocols when using any protocol other than RDP. This can cause the requests to be load balanced across two different back-end servers. You can resolve this issue by setting up a single persistency group across all protocols ensuring all connections remain on the same Citrix virtual server.

Steps to enable USB redirection

USB devices connected to the client machine can be accessed from the virtual desktops and apps. Following are the steps to enable USB redirection:

  1. Log in to VMware Horizon Administrator Console.
  2. Navigate to Inventory > View Configuration Servers.
  3. Select the Connection Servers tab.
  4. Select a listed Connection Server and Click Edit.
  5. Under the General tab, select Use Secure Tunnel connection to machine option under HTTP(S) Secure Tunnel. Provide Citrix Gateway external URL in the External URL field.

Update content switching expression for Unified Gateway

If your Citrix Gateway virtual server is behind a Unified Gateway (Content Switching Virtual Server), then you must update the Content Switching Expression to include the PCoIP URL paths.

  1. In the Citrix ADC GUI, navigate to Configuration > Traffic Management > Content Switching > Policies.

  2. Append the following expression under the Expression area, and then click OK.

  http.req.url.path.eq(“/broker/xml”)   http.req.url.path.contains(“/broker/resources”)   http.req.url.path.eq(“/pcoip-client”)   http.req.url.path.contains(“/ice-tunnel”)

Use PCoIP gateway

  1. To connect, you must have the Horizon View Client installed on the client device. Once installed, you can either use the Horizon View Client’s User Interface to connect to Citrix Gateway, or you can use the Citrix Gateway RfWebUI portal page to view the icons published from Horizon.

  2. To view the active PCoIP connections, go to Citrix Gateway > PCoIP.

  3. On the right, switch to the Connections tab. The active sessions are displayed with the following data: user name, Horizon View Client IP, and Horizon View Agent Destination IP.

  4. To terminate a connection, right-click the Connection tab, and click Kill Connection. Or click Kill All Connections to terminate all PCoIP connections.

Configure Citrix Gateway enabled PCoIP proxy for VMware Horizon View