F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP APM
  4. BIG-IP Access Policy Manager: Application Access Guide
  5. Configuring Remote Desktop Access
Manual Chapter : Configuring Remote Desktop Access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

What are remote desktops?

Remote desktops in Access Policy Manager® allow users to access the following types of internal servers in virtual desktop sessions:

  • Microsoft® Remote Desktop servers
  • Citrix® servers
  • VMware View Connection servers

You can configure remote desktops by name or by their internal IP addresses, and grant or deny users the ability to set up their own favorites.

What is Microsoft remote desktop?

With Access Policy Manager®, you can configure clients to access a server running Microsoft® Remote Desktop Services. Microsoft Remote Desktop servers run the Microsoft Remote Desktop Protocol (RDP) server. RDP is a protocol that provides a graphical interface to another computer on a network.

To provide Microsoft RDP connections to Windows®, Mac®, and Linux clients natively, you can select the Java Client option. This provides a simple Java Client interface to the Microsoft RDP server, with reduced visual display features, on any compatible platform. See the online help for feature differences between the Java client and the Windows client.

What is Citrix remote desktop?

Citrix® remote desktops are supported by Citrix XenApp™ and ICA clients. With Access Policy Manager® you can configure clients to access servers using Citrix terminal services. You provide a location from which a client can download and install a Citrix client for a Citrix ICA connection.

Task summary for remote desktops

To set up remote desktops, perform the procedures in the task list.

Task list

Configuring a resource for Citrix or Microsoft remote desktops

Depending on whether you choose to configure a Microsoft or Citrix remote desktop, some options may not be available. Refer to the online help for more information about the parameters you can configure for remote desktops.
  1. On the Main tab, navigate to Access Policy > Application Access > Remote Desktops. The Remote Desktops list opens.
  2. Click Create. The General Properties screen opens.
  3. Configure the following settings:
    Option Description
    For Citrix Specify an IP address as your Destination, accept or change the Port, and select the ACL Order.
    For RDP Specify your Destination and Port. All other settings are optional. To provide a cross-platform Java client for this RDP tunnel, select the Java Client check box.
    Note: If you specify a hostname for your destination, make sure that it is DNS-resolvable. After the remote desktop is assigned to a full webtop in an access policy, the remote desktop does not appear on the full webtop if the hostname is not DNS-resolvable.
  4. Under the Default Customization Settings section, type a Caption. The caption identifies the remote desktop and enables it to appear on a full webtop.

Configuring an access policy to include a remote desktop

This procedure is applicable if you want to configure Access Policy Manager® for Citrix or Microsoft RDP terminal services.
  1. On the Main tab, click Access Policy > Access Profiles. The Access Profiles List screen opens.
  2. Click the name of the access profile for which you want to edit the access policy. The properties screen opens for the profile you want to edit.
  3. On the menu bar, click Access Policy. The Access Policy screen opens.
  4. Click Edit Access Policy for Profile profile_name. The visual policy editor opens the access policy in a separate screen.
  5. Click the (+) sign anywhere in the access policy to add a new action item. An Add Item screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
  6. On the Assignment tab, select the Resource Assign agent, and click Add Item. The Resource Assignment screen opens.
  7. Next to each type of resource that you want assign (Network Access, Portal Access, App Tunnel, Remote Desktop, or SAML), click the Add/Delete link, and select from available resources.
  8. Click Update.
  9. Click Save.
Your remote desktop is assigned to the session.
To complete the process, you must assign a webtop, apply the access policy, and associate the access policy and connectivity profile with a virtual server so users can launch the remote desktop session.

Attaching an access policy to a virtual server for remote desktops

When creating a virtual server for an access policy, specify that the virtual server is a host virtual server, and not a network virtual server.
  1. On the Main tab, click Local Traffic > Virtual Servers. The Virtual Server List screen opens.
  2. Click the name of the virtual server you want to modify.
  3. For the Destination setting, select Host and in the Address field, type the IP address for the virtual server.
  4. For the HTTP Profile setting, verify that the default HTTP profile, http, is selected.
  5. In the Access Policy area, from the Access Profile list, select the access profile.
  6. If you are using a connectivity profile, from the Connectivity Profile list, select the connectivity profile.
  7. If you are creating a virtual server to use with portal access resources in addition to remote desktops, from the Rewrite Profile list, select the default rewrite profile, or another rewrite profile you created.
  8. If you want to provide connections to VDI desktop resources or Java RDP clients for Application Access, or allow Java rewriting for Portal Access, select the VDI & Java Support check box. You must enable this setting to make socket connections from a patched Java applet. If your applet doesn't require socket connections, or only uses HTTP to request resources, this setting is not required.
  9. If you want to provide native integration with an OAM server for authentication and authorization, select the OAM Support check box. You must have an OAM server configured in order to enable OAM support.
  10. Click Update.
The access policy is now associated with the virtual server.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information