Optimal HDX Routing (Defines if ICA traffic should be routed to Netscaler Gateway even if users are going directly to the StoreFront) We can define a Gateway and attach it to a Farm/Controller, so if we have multiple controllers on different geographic regions we can specify multiple gateways and attach it to the correct delivery controller. Kerberos Delegation (Allows ut to use Kerberos Constrained Delegation from StoreFront to Controllers) User Subscription (This defines if users are allowed to Subscribe to applications or if applications are being mandatory)įor instance Self-service store (GUI Changes to this) Now I was a bit dazzled with the numerous options that are available, so what do they all mean? Hence this post which is used to explain what the different options do, and even what error messages that bit appear because of them.įirst of let’s explore the store options in Storefront. With the release of Storefront 3.1, Citrix made alot of options which were earlier only available in PowerShell or a configfile available in the GUI, which makes alot more sense since WebInterface has always had alot of options available in the GUI. This will disable external access to the delivery group for alle members of Domain Admins, even if they are allowed access by another group membership. Set-BrokerAccessPolicyRule -Name OS_AG-ExcludedUserFilterEnabled $True -ExcludedUsers «TEST\Domain Admins» Or what if we want to exclude it for certain Active Directory User Group? For instance if there are some that are members of many active directory groups but are not allowed access to external sessions. Set-BrokerAccessPolicyRule -name OS_AG -Enabled $false So how do we hide the delivery group for external users? The simples way is to set the accesspolicy true for AG connections to disable. We can see from the other policy, OS_Direct that it is set to enabled and that it is for connections notviaAG. The AG one is used for access via Netscaler Gateway, the other for direct to Storefront.įrom this OS_AG Policy we can see that it is enabled, and allowedconnections are configured to be via Netscaler Gateway. one called NAME_AG and one called NAME_Direct.
Then we use the command Get-BrokerAccessPolicyRule (by default there are two rules for each delivery group. So what if we need more customization options ? Enter PowerShell for Citrix…įirst before doing anything we need to import the Citrix module in Powershell, One rule that allows access using Access Gateway and one for direct connections using Storefront. We have for instance filtering on usersĪnd after we have created the delivery group we also have the option to define access rules, and as by default there are two rules that are created pr delivery group. NOTE This is not using Smart Access on the Netscaler, this is purely a Citrix Studio feature
So when creating a delivery group in Studio you have limited capabilities into how we can control who gets access to a certain delivery group or application.
0 kommentar(er)
