Applies To:

Show Versions Show Versions

Manual Chapter: Citrix Requirements for Integration with APM
Manual Chapter
Table of Contents   |   Next Chapter >>

About Access Policy Manager and Citrix integration types

When integrated with Citrix, Access Policy Manager® (APM™) performs authentication (and, optionally uses SmartAccess filters) to control access to Citrix published applications. APM supports these types of integration with Citrix:

Integration with Web Interface sites
In this deployment, APM load-balances and authenticates access to Web Interface sites, providing SmartAccess conditions based on endpoint inspection of clients. Web Interface sites communicate with XML Brokers, render the user interface, and display the applications to the client.
Integration with XML Brokers
In this deployment, APM does not need a Web Interface site. APM load-balances and authenticates access to XML Brokers, providing SmartAccess conditions based on endpoint inspection of clients. APM communicates with XML Brokers, renders the user interface, and displays the applications to the client.

About Citrix required settings

To integrate Access Policy Manager® with Citrix, you must meet specific configuration requirements for Citrix as described here.

Trust XML Requests
To support communication with APM™, make sure that the Trust XML requests option is enabled in the XenApp AppCenter management console.
Web Interface site authentication settings
If you want to integrate APM with a Citrix Web Interface site, make sure that the Web Interface site is configured with these settings:
  • Authentication point set to At Access Gateway.
  • Authentication method set to Explicit.
  • Authentication service URL points to a virtual server on the BIG-IP® system; the URL must be one of these:
    • http://address of the virtual server/CitrixAuth
    • https://address of the virtual server/CitrixAuth (if traffic is encrypted between the Access Gateway and the Citrix Web Interface site).

      The address can be the IP address or the FQDN. If you use HTTPS, make sure to use the FQDN that you use in the SSL certificate on the BIG-IP system.

Application access control (SmartAccess)
If you want to control application access with SmartAccess filters through Access Policy Manager, make sure that the settings in the XenApp AppCenter management console for each of the applications you want to control, match these:
Citrix setting Value
Allow connections made through Access Gateway enabled
Access Gateway Farm APM
Access Gateway Filter The value must match the literal string that Access Policy Manager sets during access policy operation (through the Citrix SmartAccess action item)
Note: The navigation path for application access control is AppCenter > Citrix Resources > XenApp > farm_name > Applications > application_name > Application Properties > Advanced Access Control.
User access policies (SmartAccess)
You can control access to certain features, such as Client Drive or Printer Mapping, so that they are permitted only when a certain SmartAccess string is sent to XenApp server. If you want to control access to such features with SmartAccess filters through Access Policy Manager, you need to create a Citrix User Policy with Access Control Filter in the XenApp AppCenter management console for each feature that you want to control. Make sure that the Access Control Filter settings of the Citrix User Policy match these:
Citrix setting Value
Connection Type With Access Gateway
Access Gateway Farm APM
Access Gateway Filter The value must match the literal string that Access Policy Manager sets during access policy execution (through the Citrix SmartAccess action item)
Note: The navigation path for user access policies is AppCenter > Citrix Resources > XenApp > farm_name > Policies > Users > Citrix User Policies > new_policy_name. Choose the feature from Categories and, if creating a new filter, select New Filter Element from Access Control.

About Citrix Receiver requirements for Mac, iOS, and Android clients

To support Citrix Receivers for Mac, iOS, and Android, you must meet specific configuration requirements for the Citrix Receiver client.

Address field for standard Citrix service site (/Citrix/PNAgent/)
https://<APM-external-virtual-server-FQDN>
Address field for custom Citrix service site
https://<APM-external-virtual-server-FQDN/custom_site/config.xml, where custom_site is the name of the custom service site
Access Gateway
Select the Access Gateway check box and select Enterprise Edition.
Authentication
Choose either: Domain-only or RSA+Domain authentication

About Citrix Receiver requirements for Windows and Linux clients

To support Citrix Receiver for Windows and Linux clients, you must meet specific configuration requirements for the Citrix Receiver client.

For the address field for the standard Citrix service site, /Citrix/PNAgent/, use the format https://<APM-external-virtual-server-FQDN>.

For the address field for a custom Citrix service site, use the format https://<APM-external-virtual-server-FQDN/custom_site/config.xml, where custom_site is the name of the custom service site.

About Citrix product terminology

XenApp server
Refers to the XML Broker in the farm where Citrix SmartAccess filters are configured and from which applications and features are delivered.
XenApp AppCenter
Refers to the management console for a XenApp farm.
Note: The names of the Citrix products and components that provide similar services might be different in your configuration. Refer to AskF5™ (support.f5.com) to identify the supported version of Citrix in the compatibility matrix for the Access Policy Manager® version that you have. Then refer to version-specific Citrix product documentation for Citrix product names and features.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)