SlideShare a Scribd company logo

Citrix Cloud - Architecture Diagrams.pptx

Download as PPTX, PDF
ARUNACHALAM S
ARUNACHALAM S

CITRIX CLOUD ARCHITECTURE

Technology
1 of 11
Citrix Cloud Technical Diagrams VERSION 1.0.1 - LAST UPDATED: MAY 4TH, 2017
© 2017 Citrix The release of new features for the Citrix Cloud Platform and Services can impact the described technical architecture and changes to the architecture remains at our sole discretion and subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract. We highly recommend that you consult your Citrix point-of-contact to ensure that you have the latest version of this document. This document was last updated on May 4th, 2017. Disclaimer
© 2017 Citrix 0 Customer Resource Location Customer Resources Citrix Cloud Platform1 XenApp/XenDesktop Service1 Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Identity & Access Management Logging & Health Services Licensing Customer Feedback Support Ticketing Other (e.g. What’s New, Trial Requests) Cloud StoreFront Various Citrix Internal Systems (e.g. Support, Customer Feedback, Trial Requests etc) Port 443 Firewall Firewall DMZ NetScaler Gateway* Gateway Service2 Azure Active Directory Port 443 StoreFront* Azure Service Bus Server VDAs Desktop VDAs Hypervisor or IaaS Citrix Cloud Connectors Active Directory Port 443 Port 443 *Customer managed StoreFront and NetScaler Gateway are optional depending on deployment Citrix Cloud Management UI (Library, Connectors, Resource Locations) Last updated May 4th, 2017. All content is subject to change without notice
© 2017 Citrix Citrix Cloud Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Establishes WebSocket Connection for certain Citrix Cloud Services *.servicebus.windows.net Azure Service Bus Citrix Cloud Core Services citrix.cloud.com *.citrixworkspaceapi.net Citrix Cloud Platform Cloud Services for managing Apps & Desktops *.apps.cloud.com *.xendesktop.net *.nssvc.net XA/XD Service Cloud Service for Mobile Device and Application Management <customer>.cloud.com or <customer>.xm.citrix.com XenMobile Service Cloud Agent System Service with no external communication Session Manager Service *.sessionmanager.cloud.com Labs Services Cloud Connector Outbound Communication (all HTTPS) Last updated May 4th, 2017. All content is subject to change without notice
© 2017 Citrix Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Cloud Agent System Cloud Connector Inbound Communication AD Hypervisor/ Cloud IaaS StoreFront VDAs PKI NSGW On-prem DDC 1 2 3 6 1 The AD Provider serves multiple Citrix Cloud services and communicates with AD Domain Controllers over various ports. 2 3 The WebRelay Provider is being used by XenMobile to communicate with the PKI server(s) and talks to the PNAgent site hosted on StoreFront to allow users to add XA/XD through Secure Hub. Local DB 5 7 The Config Synchronizer, High Availability and the Remote Broker Services, work together to provide the Local Host Cache feature in a Citrix Cloud environment. The Config Synchronizer Service sends its data obtained from the XA/XD Service in the Cloud to the High Availability Service The High Availability Service writes the received data into the Local Database If Citrix Cloud is unavailable, the Remote Broker Provider will transfer brokering responsibilities to the High Availability Service. 4 5 6 9 The Remote Broker Provider is the Citrix Cloud version of the Broker Service running on the DDC in a traditional deployment. It operates in the same way when interacting with on-prem StoreFront, NSGW and VDAs, except that setting up XML traffic to utilize port 443 instead of 80 requires additional configuration – Note: dotted connections when Citrix Cloud is unavailable. 8 7 9 11 11 The Remote HCL Server is used by the XA/XD Service to provision VMs on-demand utilizing Citrix Machine Creation Services (MCS). 7 8 9 8 12 10 The Session Manager Proxy is being used only when using the Session Manager experimental service in Citrix Cloud with a traditional XA/XD deployment. Otherwise it remains dormant. 12 10 HDX Traffic will run through the Connector's NetScaler Cloud Gateway service when NetScaler Gateway as a Service is being used in Citrix Cloud. 4 Service with no internal communication Last updated May 4th, 2017. All content is subject to change without notice
© 2017 Citrix Citrix Cloud Connector Service Descriptions Last updated May 4th, 2017. All content is subject to change without notice • Citrix Cloud AD Provider - The Citrix Cloud AD Provider enables the Citrix Cloud to facilitate management of resources associated with the Active Directory domain accounts it is installed into. • Citrix Cloud Agent Logger - The Citrix Cloud Agent Logger provides a support logging framework for the Citrix Cloud providers enabling diagnosis support for the resource location both locally and within the Citrix Cloud. • Citrix Cloud Agent System - Handles the System Calls necessary for the on-premises agents. • Citrix Cloud Agent Watchdog - Monitors and upgrades the on-premises agents. • Citrix Cloud Credential Provider - The Citrix Cloud Credential Provider • Citrix Cloud WebRelay Provider - The Citrix Cloud WebRelay Provider enables HTTP Requests received from WebRelay Cloud service to be forwarded to On-Premises Web Servers.
© 2017 Citrix Citrix Cloud Connector Service Descriptions contd. Last updated May 4th, 2017. All content is subject to change without notice • Citrix Config Synchronizer Service - Copies brokering configuration locally for high availability mode • Citrix High Availability Service - The Citrix High Availability service provides continuity of service during outage of central site. • Citrix NetScaler Cloud Gateway - Citrix NetScaler Cloud Gateway provides Internet connectivity to on-premises desktops and applications without the need to open in-bound firewall rules or deploying components in the DMZ. • Citrix Remote Broker Provider - Enables communication to a remote Broker service from local VDAs and StoreFront servers. • Citrix Remote HCL Service - The Remote HCL Server proxies communications between the Delivery Controller and the Hypervisor(s). • Citrix Session Manager Proxy - Manages anonymous prelaunched sessions, and uploads session count information to the cloud based Session Manager service.
© 2017 Citrix XenApp/XenDesktop Service* SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Gateway Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 8 9 8 3 4 6 1 5 7 11 2 4 6 9 XA/XD Service with cloud-hosted StoreFront and Gateway Service User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway Service address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The Gateway Service validates the STA ticket with the XA/XD cloud service The gateway connects Receiver to the specific VDA allocated for this session, relaying all traffic through the connector. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 10 10 11 VDAs Last updated May 4th, 2017. All content is subject to change without notice 7 Delivery Controllers
© 2017 Citrix XenApp/XenDesktop Service* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 9 3 4 6 1 5 7 2 4 6 XA/XD Service with cloud-hosted StoreFront and customer NS Gateway User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 10 11 8 8 10 11 12 12 NetScaler Gateway VDAs Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
© 2017 Citrix XenApp/XenDesktop Service* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Customer Resource Location Customer Resources Firewall DMZ VDAs Citrix Cloud Connectors Active Directory Firewall 2 6 4 1 5 7 XA/XD Service with customer StoreFront and NS Gateway User enters and Receiver submits credentials to NetScaler Gateway. NetScaler authenticates credentials against Active Directory and allows access to StoreFront. Receiver enumerates resources from StoreFront. StoreFront gets the list of resources assigned to the user from the cloud service via the connector and returns them to Receiver. User clicks on a resource in Receiver. Receiver requests a launch from StoreFront. StoreFront sends the request to the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service identifies to StoreFront the VDA it assigned for this particular session. StoreFront requests a STA ticket from the cloud service via the connector. StoreFront creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 13 11 8 13 14 12 15 StoreFront StoreFront Service 4 5 5 6 4 10 11 14 NetScaler Gateway 3 5 9 4 3 9 12 8 7 13 14 15 Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
© 2017 Citrix Citrix Cloud XenApp and XenDesktop Service Connector StoreFront NetScaler Gateway VDAs VDAs VDAs Connector Password Encryption with NetScaler Authentication XenApp and XenDesktop Service Password Encryption Key / ICA Ticket AES Encrypted Password Password Single Sign-On for Windows Logon NetScaler Gateway Last updated May 4th, 2017. All content is subject to change without notice

Recommended

Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017Lee Bushen
 
Citrix solutions - How on earth, as in heaven
Citrix solutions - How on earth, as in heavenCitrix solutions - How on earth, as in heaven
Citrix solutions - How on earth, as in heavenMarketingArrowECS_CZ
 
Csp hosted-desktop-on-windows-azure-design-guide
Csp hosted-desktop-on-windows-azure-design-guideCsp hosted-desktop-on-windows-azure-design-guide
Csp hosted-desktop-on-windows-azure-design-guideNuno Alves
 
Citrix Day 2015 Cloud Bridge 7.3 and WSA v10
Citrix Day 2015 Cloud Bridge 7.3 and WSA v10Citrix Day 2015 Cloud Bridge 7.3 and WSA v10
Citrix Day 2015 Cloud Bridge 7.3 and WSA v10Digicomp Academy Suisse Romande SA
 
WVD Partner Event 17 feb 2020 - Citrix Slides
WVD Partner Event 17 feb 2020 - Citrix SlidesWVD Partner Event 17 feb 2020 - Citrix Slides
WVD Partner Event 17 feb 2020 - Citrix Slideskiefter
 
Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMSMarius Sandbu
 
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatformCitrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatformCitrix
 
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix
 

Recommended

Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017Lee Bushen
 
Citrix solutions - How on earth, as in heaven
Citrix solutions - How on earth, as in heavenCitrix solutions - How on earth, as in heaven
Citrix solutions - How on earth, as in heavenMarketingArrowECS_CZ
 
Csp hosted-desktop-on-windows-azure-design-guide
Csp hosted-desktop-on-windows-azure-design-guideCsp hosted-desktop-on-windows-azure-design-guide
Csp hosted-desktop-on-windows-azure-design-guideNuno Alves
 
Citrix Day 2015 Cloud Bridge 7.3 and WSA v10
Citrix Day 2015 Cloud Bridge 7.3 and WSA v10Citrix Day 2015 Cloud Bridge 7.3 and WSA v10
Citrix Day 2015 Cloud Bridge 7.3 and WSA v10Digicomp Academy Suisse Romande SA
 
WVD Partner Event 17 feb 2020 - Citrix Slides
WVD Partner Event 17 feb 2020 - Citrix SlidesWVD Partner Event 17 feb 2020 - Citrix Slides
WVD Partner Event 17 feb 2020 - Citrix Slideskiefter
 
Citrix with Microsoft EMS
Citrix with Microsoft EMSCitrix with Microsoft EMS
Citrix with Microsoft EMSMarius Sandbu
 
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatformCitrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatformCitrix
 
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...Citrix
 
Citrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud PlattformCitrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud PlattformDigicomp Academy AG
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overviewRoshan Dias
 
Citrix cloud platform - Journey to IT-as-a-Service
Citrix cloud platform - Journey to IT-as-a-ServiceCitrix cloud platform - Journey to IT-as-a-Service
Citrix cloud platform - Journey to IT-as-a-ServiceShapeBlue
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
eG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix WorkspaceseG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix WorkspaceseG Innovations
 
2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...Citrix
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix
 
Citrix Day 2014: Cloud Bridge
Citrix Day 2014: Cloud BridgeCitrix Day 2014: Cloud Bridge
Citrix Day 2014: Cloud BridgeDigicomp Academy AG
 
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business ManagerCitrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business ManagerDigicomp Academy AG
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
 
Citrix on Azure
Citrix on AzureCitrix on Azure
Citrix on AzureMustafa
 
SYN002: General Session
SYN002: General SessionSYN002: General Session
SYN002: General SessionCitrix
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaBipeen Sinha
 
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business ManagerCitrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business ManagerCitrix
 
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix CloudCitrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix CloudLee Bushen
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
Citrix vs. ransomware
Citrix vs. ransomwareCitrix vs. ransomware
Citrix vs. ransomwareMarketingArrowECS_CZ
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
 
Citrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix
 
Xendesktop 7-on-windows-azure-design-guide
Xendesktop 7-on-windows-azure-design-guideXendesktop 7-on-windows-azure-design-guide
Xendesktop 7-on-windows-azure-design-guideNuno Alves
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

More Related Content

Similar to Citrix Cloud - Architecture Diagrams.pptx

Citrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud PlattformCitrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud PlattformDigicomp Academy AG
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overviewRoshan Dias
 
Citrix cloud platform - Journey to IT-as-a-Service
Citrix cloud platform - Journey to IT-as-a-ServiceCitrix cloud platform - Journey to IT-as-a-Service
Citrix cloud platform - Journey to IT-as-a-ServiceShapeBlue
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
eG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix WorkspaceseG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix WorkspaceseG Innovations
 
2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...Citrix
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix
 
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business ManagerCitrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business ManagerDigicomp Academy AG
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
 
Citrix on Azure
Citrix on AzureCitrix on Azure
Citrix on AzureMustafa
 
SYN002: General Session
SYN002: General SessionSYN002: General Session
SYN002: General SessionCitrix
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaBipeen Sinha
 
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business ManagerCitrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business ManagerCitrix
 
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix CloudCitrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix CloudLee Bushen
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
 
Citrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix
 
Xendesktop 7-on-windows-azure-design-guide
Xendesktop 7-on-windows-azure-design-guideXendesktop 7-on-windows-azure-design-guide
Xendesktop 7-on-windows-azure-design-guideNuno Alves
 

Similar to Citrix Cloud - Architecture Diagrams.pptx (20)

Citrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud PlattformCitrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud Plattform
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overview
 
Citrix cloud platform - Journey to IT-as-a-Service
Citrix cloud platform - Journey to IT-as-a-ServiceCitrix cloud platform - Journey to IT-as-a-Service
Citrix cloud platform - Journey to IT-as-a-Service
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
eG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix WorkspaceseG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix Workspaces
 
2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
 
Citrix Day 2014: Cloud Bridge
Citrix Day 2014: Cloud BridgeCitrix Day 2014: Cloud Bridge
Citrix Day 2014: Cloud Bridge
 
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business ManagerCitrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on
 
Citrix on Azure
Citrix on AzureCitrix on Azure
Citrix on Azure
 
SYN002: General Session
SYN002: General SessionSYN002: General Session
SYN002: General Session
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinha
 
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business ManagerCitrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
Citrix Synergy 2014 - Syn229 What's new in Citrix Cloud Portal Business Manager
 
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix CloudCitrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
 
Citrix vs. ransomware
Citrix vs. ransomwareCitrix vs. ransomware
Citrix vs. ransomware
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
 
Citrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinarCitrix xa xd cloud provisioning webinar
Citrix xa xd cloud provisioning webinar
 
Xendesktop 7-on-windows-azure-design-guide
Xendesktop 7-on-windows-azure-design-guideXendesktop 7-on-windows-azure-design-guide
Xendesktop 7-on-windows-azure-design-guide
 

Recently uploaded

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Citrix Cloud - Architecture Diagrams.pptx

  • 1. Citrix Cloud Technical Diagrams VERSION 1.0.1 - LAST UPDATED: MAY 4TH, 2017
  • 2. © 2017 Citrix The release of new features for the Citrix Cloud Platform and Services can impact the described technical architecture and changes to the architecture remains at our sole discretion and subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract. We highly recommend that you consult your Citrix point-of-contact to ensure that you have the latest version of this document. This document was last updated on May 4th, 2017. Disclaimer
  • 3. © 2017 Citrix 0 Customer Resource Location Customer Resources Citrix Cloud Platform1 XenApp/XenDesktop Service1 Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Identity & Access Management Logging & Health Services Licensing Customer Feedback Support Ticketing Other (e.g. What’s New, Trial Requests) Cloud StoreFront Various Citrix Internal Systems (e.g. Support, Customer Feedback, Trial Requests etc) Port 443 Firewall Firewall DMZ NetScaler Gateway* Gateway Service2 Azure Active Directory Port 443 StoreFront* Azure Service Bus Server VDAs Desktop VDAs Hypervisor or IaaS Citrix Cloud Connectors Active Directory Port 443 Port 443 *Customer managed StoreFront and NetScaler Gateway are optional depending on deployment Citrix Cloud Management UI (Library, Connectors, Resource Locations) Last updated May 4th, 2017. All content is subject to change without notice
  • 4. © 2017 Citrix Citrix Cloud Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Establishes WebSocket Connection for certain Citrix Cloud Services *.servicebus.windows.net Azure Service Bus Citrix Cloud Core Services citrix.cloud.com *.citrixworkspaceapi.net Citrix Cloud Platform Cloud Services for managing Apps & Desktops *.apps.cloud.com *.xendesktop.net *.nssvc.net XA/XD Service Cloud Service for Mobile Device and Application Management <customer>.cloud.com or <customer>.xm.citrix.com XenMobile Service Cloud Agent System Service with no external communication Session Manager Service *.sessionmanager.cloud.com Labs Services Cloud Connector Outbound Communication (all HTTPS) Last updated May 4th, 2017. All content is subject to change without notice
  • 5. © 2017 Citrix Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Cloud Agent System Cloud Connector Inbound Communication AD Hypervisor/ Cloud IaaS StoreFront VDAs PKI NSGW On-prem DDC 1 2 3 6 1 The AD Provider serves multiple Citrix Cloud services and communicates with AD Domain Controllers over various ports. 2 3 The WebRelay Provider is being used by XenMobile to communicate with the PKI server(s) and talks to the PNAgent site hosted on StoreFront to allow users to add XA/XD through Secure Hub. Local DB 5 7 The Config Synchronizer, High Availability and the Remote Broker Services, work together to provide the Local Host Cache feature in a Citrix Cloud environment. The Config Synchronizer Service sends its data obtained from the XA/XD Service in the Cloud to the High Availability Service The High Availability Service writes the received data into the Local Database If Citrix Cloud is unavailable, the Remote Broker Provider will transfer brokering responsibilities to the High Availability Service. 4 5 6 9 The Remote Broker Provider is the Citrix Cloud version of the Broker Service running on the DDC in a traditional deployment. It operates in the same way when interacting with on-prem StoreFront, NSGW and VDAs, except that setting up XML traffic to utilize port 443 instead of 80 requires additional configuration – Note: dotted connections when Citrix Cloud is unavailable. 8 7 9 11 11 The Remote HCL Server is used by the XA/XD Service to provision VMs on-demand utilizing Citrix Machine Creation Services (MCS). 7 8 9 8 12 10 The Session Manager Proxy is being used only when using the Session Manager experimental service in Citrix Cloud with a traditional XA/XD deployment. Otherwise it remains dormant. 12 10 HDX Traffic will run through the Connector's NetScaler Cloud Gateway service when NetScaler Gateway as a Service is being used in Citrix Cloud. 4 Service with no internal communication Last updated May 4th, 2017. All content is subject to change without notice
  • 6. © 2017 Citrix Citrix Cloud Connector Service Descriptions Last updated May 4th, 2017. All content is subject to change without notice • Citrix Cloud AD Provider - The Citrix Cloud AD Provider enables the Citrix Cloud to facilitate management of resources associated with the Active Directory domain accounts it is installed into. • Citrix Cloud Agent Logger - The Citrix Cloud Agent Logger provides a support logging framework for the Citrix Cloud providers enabling diagnosis support for the resource location both locally and within the Citrix Cloud. • Citrix Cloud Agent System - Handles the System Calls necessary for the on-premises agents. • Citrix Cloud Agent Watchdog - Monitors and upgrades the on-premises agents. • Citrix Cloud Credential Provider - The Citrix Cloud Credential Provider • Citrix Cloud WebRelay Provider - The Citrix Cloud WebRelay Provider enables HTTP Requests received from WebRelay Cloud service to be forwarded to On-Premises Web Servers.
  • 7. © 2017 Citrix Citrix Cloud Connector Service Descriptions contd. Last updated May 4th, 2017. All content is subject to change without notice • Citrix Config Synchronizer Service - Copies brokering configuration locally for high availability mode • Citrix High Availability Service - The Citrix High Availability service provides continuity of service during outage of central site. • Citrix NetScaler Cloud Gateway - Citrix NetScaler Cloud Gateway provides Internet connectivity to on-premises desktops and applications without the need to open in-bound firewall rules or deploying components in the DMZ. • Citrix Remote Broker Provider - Enables communication to a remote Broker service from local VDAs and StoreFront servers. • Citrix Remote HCL Service - The Remote HCL Server proxies communications between the Delivery Controller and the Hypervisor(s). • Citrix Session Manager Proxy - Manages anonymous prelaunched sessions, and uploads session count information to the cloud based Session Manager service.
  • 8. © 2017 Citrix XenApp/XenDesktop Service* SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Gateway Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 8 9 8 3 4 6 1 5 7 11 2 4 6 9 XA/XD Service with cloud-hosted StoreFront and Gateway Service User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway Service address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The Gateway Service validates the STA ticket with the XA/XD cloud service The gateway connects Receiver to the specific VDA allocated for this session, relaying all traffic through the connector. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 10 10 11 VDAs Last updated May 4th, 2017. All content is subject to change without notice 7 Delivery Controllers
  • 9. © 2017 Citrix XenApp/XenDesktop Service* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 9 3 4 6 1 5 7 2 4 6 XA/XD Service with cloud-hosted StoreFront and customer NS Gateway User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 10 11 8 8 10 11 12 12 NetScaler Gateway VDAs Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
  • 10. © 2017 Citrix XenApp/XenDesktop Service* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Customer Resource Location Customer Resources Firewall DMZ VDAs Citrix Cloud Connectors Active Directory Firewall 2 6 4 1 5 7 XA/XD Service with customer StoreFront and NS Gateway User enters and Receiver submits credentials to NetScaler Gateway. NetScaler authenticates credentials against Active Directory and allows access to StoreFront. Receiver enumerates resources from StoreFront. StoreFront gets the list of resources assigned to the user from the cloud service via the connector and returns them to Receiver. User clicks on a resource in Receiver. Receiver requests a launch from StoreFront. StoreFront sends the request to the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service identifies to StoreFront the VDA it assigned for this particular session. StoreFront requests a STA ticket from the cloud service via the connector. StoreFront creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 13 11 8 13 14 12 15 StoreFront StoreFront Service 4 5 5 6 4 10 11 14 NetScaler Gateway 3 5 9 4 3 9 12 8 7 13 14 15 Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
  • 11. © 2017 Citrix Citrix Cloud XenApp and XenDesktop Service Connector StoreFront NetScaler Gateway VDAs VDAs VDAs Connector Password Encryption with NetScaler Authentication XenApp and XenDesktop Service Password Encryption Key / ICA Ticket AES Encrypted Password Password Single Sign-On for Windows Logon NetScaler Gateway Last updated May 4th, 2017. All content is subject to change without notice

Editor's Notes

  1. 1: The diagrams depicted in this slide are a logical representation to illustrate the traffic flows between customer managed components and the various Citrix Cloud services. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. 2: Additional detail on the Gateway Service as part of Citrix Cloud: In this diagram the Gateway Service is depicted as a component of the XenApp/XenDesktop service. The reason for this is because the Gateway Service currently only provides ICA Proxy functionality. However, end-user connectivity through the Gateway Service is run from separate PoPs (Point of Presence) across the globe to provide the best performance and user experience. https://www.citrix.com/content/dam/citrix/en_us/documents/product-overview/netscaler-gateway-service-product-overview.pdf
  2. Details on WebSocket protocol: https://en.wikipedia.org/wiki/WebSocket Full Connectivity Requirements: https://docs.citrix.com/en-us/citrix-cloud/overview/requirements/internet-connectivity-requirements.html
  3. 1: https://docs.citrix.com/en-us/citrix-cloud/overview/get-started/secure-deployment-guide-for-the-citrix-cloud-platform.html 2/3: https://docs.citrix.com/en-us/xenmobile/xenmobile-service/prerequisites-administration.html 4/5/6: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/manage-deployment/local-host-cache.html 7/8/9: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html & http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html Additional Config for XML Traffic to utilize port 443: please contact Citrix Support for instructions. Customizing the VDA Registration port is currently not supported in a Citrix Cloud environment 10: https://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html 11: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/install-configure/machine-catalogs-create.html Additional detail on supported Hypervisors and IaaS platforms: https://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/configure-provisioning.html 12: http://docs.citrix.com/en-us/citrix-cloud/about-citrix-cloud-labs/session-manager.html
  4. *The diagram depicted for the XenApp/XenDesktop Service is a logical representation of the service to illustrate the traffic flows between customer managed components such as Citrix Receiver, Cloud Connector, StoreFront, NetScaler Gateway and VDAs and the Citrix XenApp/XenDesktop Service. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. See also for more details: http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html (Cloud Service Specific) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html (XenApp/XenDesktop generic documentation)
  5. *The diagram depicted for the XenApp/XenDesktop Service is a logical representation of the service to illustrate the traffic flows between customer managed components such as Citrix Receiver, Cloud Connector, StoreFront, NetScaler Gateway and VDAs and the Citrix XenApp/XenDesktop Service. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. See also for more details: http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html (Cloud Service Specific) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html (XenApp/XenDesktop generic documentation)
  6. *The diagram depicted for the XenApp/XenDesktop Service is a logical representation of the service to illustrate the traffic flows between customer managed components such as Citrix Receiver, Cloud Connector, StoreFront, NetScaler Gateway and VDAs and the Citrix XenApp/XenDesktop Service. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. See also for more details: http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html (Cloud Service Specific) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html (XenApp/XenDesktop generic documentation)
  7. Handling of user passwords is a key concern for many customers. Unfortunately, with app and desktop virtualization, it’s something that has to be done in order to provide end users with a single sign-on experience to Windows, without prompting them for their password multiple times. The Apps and Desktops Service handles this by encrypting passwords on-premises, ensuring that components in the cloud cannot decrypt them. Let’s look at the flow for a typical Workspace Cloud deployment with StoreFront hosted on premises behind the NetScaler Gateway. The user’s password is entered into Receiver, and flows through the NetScaler, to the StoreFront, and then to the Connector. The Connector encrypts all plaintext passwords with AES encryption before forwarding them to the cloud. As we saw earlier in the multi-geo demo, the VDA may not be in the same location as the StoreFront, so the cloud routes the password to the proper connectors. Connectors only communicate with the cloud, and not with each other. The encryption key itself is the ICA logon ticket. This is sent back to Receiver, and never seen by the cloud service. Thus, even though the cloud relays the encrypted password, it has no means of decrypting it. When Receiver connects to the VDA, it sends the logon ticket. This provides the VDA with the key it needs to decrypt the user’s password, enabling them to log on to Windows without re-entering their password.