In this implementation, you integrate Access Policy Manager® with Citrix XML Brokers and present Citrix published applications on an APM™ dynamic webtop.
For Citrix Receiver Windows and Linux clients: only Active Directory authentication is supported.
For Citrix Receiver clients for iOS, Android, and Mac: Active Directory, or both RSA and Active Directory authentication is supported.
For web clients, you are not restricted in the type of authentication you use.
A dynamic webtop enables Access Policy Manager® to act as a presentation layer for Citrix published resources. APM™ communicates directly with Citrix XML Brokers, retrieves a list of published resources, and displays them to the user on a dynamic webtop.
The address of an XML Broker is configured on APM through a Citrix remote desktop resource. Each of these resources logically represents a Citrix farm. You can assign multiple resources to a user, enabling the user to access Citrix applications from multiple Citrix farms.
APM supports multiple Citrix remote desktop resources for web clients. However, support for Citrix Receiver (iOS, Android, Mac, Windows, and Linux) clients is limited to one Citrix remote desktop resource.
Ensure that you configure the Citrix components in the Citrix environment, in addition to configuring the BIG-IP® system to integrate with Citrix XML Brokers.
Perform these tasks on the BIG-IP system so that Access Policy Manager® can present Citrix published resources on a dynamic webtop.
You should have an access policy that resembles either of these examples:
Here is a typical example access policy that uses Citrix SmartAccess filters to restrict access to published applications based on the result of client inspection. Client inspection can be as simple as IP Geolocation Match or Antivirus. The figure shows an access policy being configured with a Citrix Smart Access action to set a filter to antivirus after an antivirus check is successful.