XenDesktop 7.X App/VDA logon process
Website Visitors:
Contents
- User opens Netscaler page and enters their credentials over 443.
- User’s credentials are sent from the netscaler gateway to active directory domain controllers over:
- LDAP or secure LDAP using TCP ports 389 or 636
- Global catalog request / TCP 3268 and 3269 (if necessary)
- TCP or UDP ports 1645, 1812 and 1813 (if using RADIUS)
- Once authenticated, user’s request is forwarded to StoreFront over 443 by Netscaler.
- Once validated, the Netscaler gateway interacts with StoreFront to continue the authentication process. StoreFront sends a 401 response, prompting the gateway to authenticate. The user credentials are sent to the StoreFront, which verifies and responds with 200 OK, completing the authentication phase. This dual authentication process occurring both on the NetScaler Gateway and StoreFront while requesting the credentials to be entered only once is known as single signon.
- SF verifies the user’s username and password by contacting AD server with protocol Kerberos.
- After verified, storefront then checks with Delivery Controller for apps/desktops.
- Delivery controller checks with SQL database (1433) for which apps/desktops user has access to.
- Delivery controller passes this information to Storefront, and Storefront(443/80) sends it to user via Netscaler, NS back to user’s device.
- When user clicks on an app/desktop, connection goes through Netscaler to Storefront.
- Storefront checks with Delivery Controller and controller queries SQL database with the least loaded server available to host the app.
- Delivery controller passes this information back to Storefront.
- If user is on LAN, and no Netscaler is used, Storefront creates connection file (ica file) and sent to user’s machine and launches it in user’s machine.
- If Netscaler is used, SF need to create a file and it need to send it to user over internet. Storefront server contacts delivery controller again and gets a ticket (Secure Ticket Authority, STA) for this session (life time of 100 seconds by default).
- STA tickets are requested by netscaler to a delivery controller. Delivery controllers generate secure tickets in exchange for session information and these tickets are used to avoid transporting user-specific data over unsecured networks.
- When user launches the app, Netscaler checks with Delivery Controller with the ticket and launches the app.
- Netscaler connects to the end resource (user’s app server or VDI) via 1494/2598 (if session reliability is used).
- If using VDA, registration between VDA and delivery controller happens over port 80.
It also checks with Citrix license server for a license before launching the app.
Full Logon process and app launch process
Checkout this pdf for the same: Communication Workflow
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.