用户访问ss
There are two primary components that provide access to applications and desktops in Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) deployment:
Citrix Workspace platform: Citrix Workspace platform is a complete digital solution that allows you to deliver secure access to the information, apps, and other content that are relevant to a person’s role in your organization. Users subscribe to the services you make available and can access them from anywhere, on any device. Citrix Workspace platform helps you organize and automate the most important details your users need to collaborate, make better decisions, and focus fully on their work.
There is zero effort to deploy Citrix Workspace, and it is kept evergreen by Citrix. Citrix Workspace platform is recommended for new and existing customers, previews, and proofs-of-concept.
An on-premises StoreFront: Customers can also use an existing StoreFront to aggregate applications and desktops in Citrix Cloud. This use case offers greater security, including support for two-factor authentication, and prevents users from entering their password into the cloud service. It also allows customers to customize their domain names and URLs. This deployment type is recommended for any Citrix Virtual Apps and Desktops customers who already have StoreFront deployed.
See alsoLocal Host Cache and StoreFront.
When users connect from outside the corporate firewall, Citrix Cloud can use Citrix Gateway (formerly NetScaler Gateway) technology to secure these connections with SSL. Citrix Gateway or the Citrix VPX virtual appliance is an SSL VPN appliance that is deployed in the demilitarized zone (DMZ). It provides a single secure point of access through the corporate firewall.
Using Citrix Workspace
Access to workspaces occurs throughhttps://. If needed, you can customize the
For more information about using Citrix Workspace, see:
- Configure workspaces: For configuring access and customizations.
- Secure workspaces: For configuring authentication.
- Manage your workspace experience: For understanding how end-users access their workspace and how it appears.
To provide remote access for end-users through Citrix Workspace, you can use either Citrix Gateway service or your own Citrix Gateway.
To use the Citrix Gateway service:
- InCitrix Cloud > Resource Locations, selectGatewayfor the resource location you want to use.
- SelectGateway Serviceand then clickSave.
- InCitrix Cloud > Workspace Configuration > Service Integrations, locate the Gateway service and selectEnablefrom the ellipsis menu.
To use your own Citrix Gateway:
- Set up Citrix Gateway as an ICA Proxy (No authentication or session policies are needed).
- Configure a resource location to use Citrix Gateway:
- InCitrix Cloud > Resource Locations, selectGatewayfor the resource location you want to use.
- SelectTraditional Gatewayand enter the external FQDN. Do not add a protocol. Ports are optional. Combination remote and internal access is not supported in Citrix Workspace.
Bind Citrix Cloud Connectors as Secure Ticket Authority (STA) servers to Citrix Gateway. For details, seeCTX232640.
Note:
Only Citrix Cloud Connector machines are supported for use as STA servers with Citrix Gateway. Using other connectors as STA servers, such as Connector Appliance, isn’t supported.
For more information about the Citrix Gateway service and Citrix Gateway, seeCitrix Gateway.
Using an on-premises StoreFront
For information about configuring an on-premises StoreFront, see theStoreFront documentation.
One benefit of using an existing StoreFront is that the Citrix Cloud Connector provides encryption of user passwords. The Cloud Connector encrypts credentials using AES-256, using a random-generated one-time key. This key is returned directly to Citrix Workspace app and never sent to the cloud. Citrix Workspace app then supplies it to the VDA during session launch to decrypt the credentials and provide a single sign-on experience into Windows.
- For transport, select HTTP and port 80. The StoreFront machine must be able to directly access the Cloud Connector through the FQDN (fully qualified domain name) provided. The Cloud Connector must be able to reach the Cloud NFuse/STA URL at (
https://andctxsta.dll). - Add Cloud Connectors as Delivery Controllers for high availability.
Use the most recent version of StoreFront.
External access
To provide external access through Citrix Gateway and on-premises StoreFront:
- Set up Citrix Gateway as usual, with authentication and session policies. See theCitrix Gateway documentationfor details.
- Point your on-premises StoreFront store’s Delivery Controllers to the Citrix Cloud Connectors. Bind Cloud Connectors as STA servers to Citrix Gateway.
- The Citrix Gateway must use the same STA URLs as StoreFront. If the gateway is not already configured to use the STA of an existing Citrix Virtual Apps and Desktops environment, Cloud Connectors can be used as a STA.
Internal access
To provide internal access through an on-premises StoreFront, point the on-premises StoreFront store’s Delivery Controllers to the Citrix Cloud Connectors.
External and internal access
To provide external and internal access through Citrix Gateway and on-premises StoreFront:
- Set up Citrix Gateway as usual, with authentication and session policies. See theCitrix Gateway documentationfor details.
- Bind Cloud Connectors as STA servers to Citrix Gateway.
- Point your on-premises StoreFront store’s Delivery Controllers to the Cloud Connectors.
Local Host Cache and StoreFront
Local Host Cache enables connection brokering operations in Citrix DaaS deployment to continue when Cloud Connectors cannot communicate with Citrix Cloud.
The Local Host Cache feature works only in resource locations containing a customer-deployed on-premises StoreFront. Local Host Cache is not supported for use with Citrix Workspace.
Each resource location must have a customer-deployed on-premises StoreFront. Verify that the resource location contains a local StoreFront that points to all the Cloud Connectors in that resource location.
For more information, seeLocal Host Cache.