ARUNACHALAM S, profile picture
Uploaded byARUNACHALAM S
PPTX, PDF982 views

Citrix Cloud - Architecture Diagrams.pptx

The document describes Citrix Cloud technical diagrams and the Citrix Cloud Connector services. It provides an overview of how the Citrix Cloud platform and services work with on-premises components through the Cloud Connector. Key services of the Cloud Connector include the AD Provider, WebRelay Provider, Config Synchronizer and Remote Broker Provider which allow communication and synchronization between the Citrix Cloud and on-premises Active Directory, StoreFront, and virtual desktop agents. The document outlines user flows for delivering applications and desktops from the Citrix Cloud with cloud-hosted or customer-managed NetScaler Gateway and StoreFront.

Embed presentation

Downloaded 22 times
Citrix Cloud Technical Diagrams VERSION 1.0.1 - LAST UPDATED: MAY 4TH, 2017
© 2017 Citrix The release of new features for the Citrix Cloud Platform and Services can impact the described technical architecture and changes to the architecture remains at our sole discretion and subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract. We highly recommend that you consult your Citrix point-of-contact to ensure that you have the latest version of this document. This document was last updated on May 4th, 2017. Disclaimer
© 2017 Citrix 0 Customer Resource Location Customer Resources Citrix Cloud Platform1 XenApp/XenDesktop Service1 Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Identity & Access Management Logging & Health Services Licensing Customer Feedback Support Ticketing Other (e.g. What’s New, Trial Requests) Cloud StoreFront Various Citrix Internal Systems (e.g. Support, Customer Feedback, Trial Requests etc) Port 443 Firewall Firewall DMZ NetScaler Gateway* Gateway Service2 Azure Active Directory Port 443 StoreFront* Azure Service Bus Server VDAs Desktop VDAs Hypervisor or IaaS Citrix Cloud Connectors Active Directory Port 443 Port 443 *Customer managed StoreFront and NetScaler Gateway are optional depending on deployment Citrix Cloud Management UI (Library, Connectors, Resource Locations) Last updated May 4th, 2017. All content is subject to change without notice
© 2017 Citrix Citrix Cloud Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Establishes WebSocket Connection for certain Citrix Cloud Services *.servicebus.windows.net Azure Service Bus Citrix Cloud Core Services citrix.cloud.com *.citrixworkspaceapi.net Citrix Cloud Platform Cloud Services for managing Apps & Desktops *.apps.cloud.com *.xendesktop.net *.nssvc.net XA/XD Service Cloud Service for Mobile Device and Application Management <customer>.cloud.com or <customer>.xm.citrix.com XenMobile Service Cloud Agent System Service with no external communication Session Manager Service *.sessionmanager.cloud.com Labs Services Cloud Connector Outbound Communication (all HTTPS) Last updated May 4th, 2017. All content is subject to change without notice
© 2017 Citrix Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Cloud Agent System Cloud Connector Inbound Communication AD Hypervisor/ Cloud IaaS StoreFront VDAs PKI NSGW On-prem DDC 1 2 3 6 1 The AD Provider serves multiple Citrix Cloud services and communicates with AD Domain Controllers over various ports. 2 3 The WebRelay Provider is being used by XenMobile to communicate with the PKI server(s) and talks to the PNAgent site hosted on StoreFront to allow users to add XA/XD through Secure Hub. Local DB 5 7 The Config Synchronizer, High Availability and the Remote Broker Services, work together to provide the Local Host Cache feature in a Citrix Cloud environment. The Config Synchronizer Service sends its data obtained from the XA/XD Service in the Cloud to the High Availability Service The High Availability Service writes the received data into the Local Database If Citrix Cloud is unavailable, the Remote Broker Provider will transfer brokering responsibilities to the High Availability Service. 4 5 6 9 The Remote Broker Provider is the Citrix Cloud version of the Broker Service running on the DDC in a traditional deployment. It operates in the same way when interacting with on-prem StoreFront, NSGW and VDAs, except that setting up XML traffic to utilize port 443 instead of 80 requires additional configuration – Note: dotted connections when Citrix Cloud is unavailable. 8 7 9 11 11 The Remote HCL Server is used by the XA/XD Service to provision VMs on-demand utilizing Citrix Machine Creation Services (MCS). 7 8 9 8 12 10 The Session Manager Proxy is being used only when using the Session Manager experimental service in Citrix Cloud with a traditional XA/XD deployment. Otherwise it remains dormant. 12 10 HDX Traffic will run through the Connector's NetScaler Cloud Gateway service when NetScaler Gateway as a Service is being used in Citrix Cloud. 4 Service with no internal communication Last updated May 4th, 2017. All content is subject to change without notice
© 2017 Citrix Citrix Cloud Connector Service Descriptions Last updated May 4th, 2017. All content is subject to change without notice • Citrix Cloud AD Provider - The Citrix Cloud AD Provider enables the Citrix Cloud to facilitate management of resources associated with the Active Directory domain accounts it is installed into. • Citrix Cloud Agent Logger - The Citrix Cloud Agent Logger provides a support logging framework for the Citrix Cloud providers enabling diagnosis support for the resource location both locally and within the Citrix Cloud. • Citrix Cloud Agent System - Handles the System Calls necessary for the on-premises agents. • Citrix Cloud Agent Watchdog - Monitors and upgrades the on-premises agents. • Citrix Cloud Credential Provider - The Citrix Cloud Credential Provider • Citrix Cloud WebRelay Provider - The Citrix Cloud WebRelay Provider enables HTTP Requests received from WebRelay Cloud service to be forwarded to On-Premises Web Servers.
© 2017 Citrix Citrix Cloud Connector Service Descriptions contd. Last updated May 4th, 2017. All content is subject to change without notice • Citrix Config Synchronizer Service - Copies brokering configuration locally for high availability mode • Citrix High Availability Service - The Citrix High Availability service provides continuity of service during outage of central site. • Citrix NetScaler Cloud Gateway - Citrix NetScaler Cloud Gateway provides Internet connectivity to on-premises desktops and applications without the need to open in-bound firewall rules or deploying components in the DMZ. • Citrix Remote Broker Provider - Enables communication to a remote Broker service from local VDAs and StoreFront servers. • Citrix Remote HCL Service - The Remote HCL Server proxies communications between the Delivery Controller and the Hypervisor(s). • Citrix Session Manager Proxy - Manages anonymous prelaunched sessions, and uploads session count information to the cloud based Session Manager service.
© 2017 Citrix XenApp/XenDesktop Service* SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Gateway Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 8 9 8 3 4 6 1 5 7 11 2 4 6 9 XA/XD Service with cloud-hosted StoreFront and Gateway Service User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway Service address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The Gateway Service validates the STA ticket with the XA/XD cloud service The gateway connects Receiver to the specific VDA allocated for this session, relaying all traffic through the connector. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 10 10 11 VDAs Last updated May 4th, 2017. All content is subject to change without notice 7 Delivery Controllers
© 2017 Citrix XenApp/XenDesktop Service* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 9 3 4 6 1 5 7 2 4 6 XA/XD Service with cloud-hosted StoreFront and customer NS Gateway User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 10 11 8 8 10 11 12 12 NetScaler Gateway VDAs Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
© 2017 Citrix XenApp/XenDesktop Service* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Customer Resource Location Customer Resources Firewall DMZ VDAs Citrix Cloud Connectors Active Directory Firewall 2 6 4 1 5 7 XA/XD Service with customer StoreFront and NS Gateway User enters and Receiver submits credentials to NetScaler Gateway. NetScaler authenticates credentials against Active Directory and allows access to StoreFront. Receiver enumerates resources from StoreFront. StoreFront gets the list of resources assigned to the user from the cloud service via the connector and returns them to Receiver. User clicks on a resource in Receiver. Receiver requests a launch from StoreFront. StoreFront sends the request to the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service identifies to StoreFront the VDA it assigned for this particular session. StoreFront requests a STA ticket from the cloud service via the connector. StoreFront creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 13 11 8 13 14 12 15 StoreFront StoreFront Service 4 5 5 6 4 10 11 14 NetScaler Gateway 3 5 9 4 3 9 12 8 7 13 14 15 Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
© 2017 Citrix Citrix Cloud XenApp and XenDesktop Service Connector StoreFront NetScaler Gateway VDAs VDAs VDAs Connector Password Encryption with NetScaler Authentication XenApp and XenDesktop Service Password Encryption Key / ICA Ticket AES Encrypted Password Password Single Sign-On for Windows Logon NetScaler Gateway Last updated May 4th, 2017. All content is subject to change without notice

More Related Content

PDF
RSA SecurID Access
byMarketingArrowECS_CZ
 
PDF
Understanding Azure Networking Services
byInCycleSoftware
 
PPTX
AWS Network Topology/Architecture
bywlscaudill
 
PPTX
Mobile App Testing
byGeekit |Software Testing Services and Consultancy
 
PDF
ISE-802.1X-MAB
byEmerson Barros Rivas
 
PDF
Mobile Application Security Testing
bySpv Reddy
 
DOC
Khaleel Devops Resume (2)
bykhaleel a
 
PDF
Software Testing Tools | Edureka
byEdureka!
 
RSA SecurID Access
byMarketingArrowECS_CZ
 
Understanding Azure Networking Services
byInCycleSoftware
 
AWS Network Topology/Architecture
bywlscaudill
 
Mobile App Testing
byGeekit |Software Testing Services and Consultancy
 
ISE-802.1X-MAB
byEmerson Barros Rivas
 
Mobile Application Security Testing
bySpv Reddy
 
Khaleel Devops Resume (2)
bykhaleel a
 
Software Testing Tools | Edureka
byEdureka!
 

What's hot

PDF
VMware Workspace One
byJürgen Ambrosi
 
PPTX
cisco collaboration
bymoldovaictsummit2016
 
PPTX
VMware Vsphere Graduation Project Presentation
byRabbah Adel Ammar
 
PDF
Microsoft Intune - Global Azure Bootcamp 2018
byJoTechies
 
PPT
Fortinet FortiOS 5 Presentation
byNCS Computech Ltd.
 
PPTX
Jenkins presentation
byValentin Buryakov
 
PDF
How to Get Your Organizations To Start Using Microsoft Teams
byDux Raymond Sy
 
PPTX
Mobile Automation with Appium
byManoj Kumar Kumar
 
PPT
Implementing 802.1x Authentication
bydkaya
 
PPT
Appium
byKeshav Kashyap
 
PPT
Performance Engineering Basics
byImpetus Technologies
 
DOCX
Desktop support resume rishil
byRishil M
 
PPTX
Microsoft System Center Configuration Manager for Education
byHerman Arnedo
 
PPTX
Azure active directory
byRaju Kumar
 
PDF
Mobile Application Penetration Testing
byBGA Cyber Security
 
PPTX
Mobile Application Testing
bySWAAM Tech
 
PDF
Cross browser testing using BrowserStack
byRapidValue
 
PPTX
Azure vnet
byzekeLabs Technologies
 
PDF
Appium: Automation for Mobile Apps
bySauce Labs
 
PPTX
A History of Linux
byDamian T. Gordon
 
VMware Workspace One
byJürgen Ambrosi
 
cisco collaboration
bymoldovaictsummit2016
 
VMware Vsphere Graduation Project Presentation
byRabbah Adel Ammar
 
Microsoft Intune - Global Azure Bootcamp 2018
byJoTechies
 
Fortinet FortiOS 5 Presentation
byNCS Computech Ltd.
 
Jenkins presentation
byValentin Buryakov
 
How to Get Your Organizations To Start Using Microsoft Teams
byDux Raymond Sy
 
Mobile Automation with Appium
byManoj Kumar Kumar
 
Implementing 802.1x Authentication
bydkaya
 
Appium
byKeshav Kashyap
 
Performance Engineering Basics
byImpetus Technologies
 
Desktop support resume rishil
byRishil M
 
Microsoft System Center Configuration Manager for Education
byHerman Arnedo
 
Azure active directory
byRaju Kumar
 
Mobile Application Penetration Testing
byBGA Cyber Security
 
Mobile Application Testing
bySWAAM Tech
 
Cross browser testing using BrowserStack
byRapidValue
 
Azure vnet
byzekeLabs Technologies
 
Appium: Automation for Mobile Apps
bySauce Labs
 
A History of Linux
byDamian T. Gordon
 

Similar to Citrix Cloud - Architecture Diagrams.pptx

PDF
Citrix solutions - How on earth, as in heaven
byMarketingArrowECS_CZ
 
PDF
Citrix Day 2014: Cloud Plattform
byDigicomp Academy AG
 
PPTX
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
byCitrix
 
PPTX
2014 08-21 Citrix cloud works with a single management platform technical web...
byCitrix
 
PDF
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
byDigicomp Academy AG
 
PPTX
NetScaler ADC - Customer Overview
byMichelle Guerrero Montalvo
 
PDF
Citrix netscaler-and-citrix-xendesktop-7-deployment-guide
byKunKun Ng
 
PDF
NetScaler Deployment Guide for XenDesktop7
byNuno Alves
 
PPTX
Is Citrix Cloud Enterprise Ready? Best Practices to Get the Most Out of Citri...
byeG Innovations
 
PDF
Citrix Day 2013: Self-Service Desktops NetScaler Integration
byDigicomp Academy AG
 
PPTX
Citrix Synergy 2014 - Syn110 Transform IT with Cloud
byCitrix
 
PPTX
Citrix cloud platform - Journey to IT-as-a-Service
byShapeBlue
 
PPTX
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
byCitrix
 
PPTX
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
byLee Bushen
 
PPTX
Citrix+NetScaler-Visio-Icons-v2-2024.pptx
bycbehrent
 
PPTX
Citrix Cloud Master Class June 2014
byCitrix
 
PPTX
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
byLee Bushen
 
PDF
WVD Partner Event 17 feb 2020 - Citrix Slides
bykiefter
 
PPTX
eG Express Cloud for Citrix Workspaces
byeG Innovations
 
PDF
Support Software Defined Networking with Dynamic Network Architecture
byZivaro Inc
 
Citrix solutions - How on earth, as in heaven
byMarketingArrowECS_CZ
 
Citrix Day 2014: Cloud Plattform
byDigicomp Academy AG
 
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
byCitrix
 
2014 08-21 Citrix cloud works with a single management platform technical web...
byCitrix
 
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
byDigicomp Academy AG
 
NetScaler ADC - Customer Overview
byMichelle Guerrero Montalvo
 
Citrix netscaler-and-citrix-xendesktop-7-deployment-guide
byKunKun Ng
 
NetScaler Deployment Guide for XenDesktop7
byNuno Alves
 
Is Citrix Cloud Enterprise Ready? Best Practices to Get the Most Out of Citri...
byeG Innovations
 
Citrix Day 2013: Self-Service Desktops NetScaler Integration
byDigicomp Academy AG
 
Citrix Synergy 2014 - Syn110 Transform IT with Cloud
byCitrix
 
Citrix cloud platform - Journey to IT-as-a-Service
byShapeBlue
 
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
byCitrix
 
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
byLee Bushen
 
Citrix+NetScaler-Visio-Icons-v2-2024.pptx
bycbehrent
 
Citrix Cloud Master Class June 2014
byCitrix
 
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
byLee Bushen
 
WVD Partner Event 17 feb 2020 - Citrix Slides
bykiefter
 
eG Express Cloud for Citrix Workspaces
byeG Innovations
 
Support Software Defined Networking with Dynamic Network Architecture
byZivaro Inc
 

Recently uploaded

PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PPTX
Information about Trusted Platform Module(TPM)
bynewtoknowtechs
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PDF
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
Information about Trusted Platform Module(TPM)
bynewtoknowtechs
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 

Citrix Cloud - Architecture Diagrams.pptx

  • 1.
    Citrix Cloud Technical Diagrams VERSION1.0.1 - LAST UPDATED: MAY 4TH, 2017
  • 2.
    © 2017 Citrix Therelease of new features for the Citrix Cloud Platform and Services can impact the described technical architecture and changes to the architecture remains at our sole discretion and subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract. We highly recommend that you consult your Citrix point-of-contact to ensure that you have the latest version of this document. This document was last updated on May 4th, 2017. Disclaimer
  • 3.
    © 2017 Citrix 0 CustomerResource Location Customer Resources Citrix Cloud Platform1 XenApp/XenDesktop Service1 Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Identity & Access Management Logging & Health Services Licensing Customer Feedback Support Ticketing Other (e.g. What’s New, Trial Requests) Cloud StoreFront Various Citrix Internal Systems (e.g. Support, Customer Feedback, Trial Requests etc) Port 443 Firewall Firewall DMZ NetScaler Gateway* Gateway Service2 Azure Active Directory Port 443 StoreFront* Azure Service Bus Server VDAs Desktop VDAs Hypervisor or IaaS Citrix Cloud Connectors Active Directory Port 443 Port 443 *Customer managed StoreFront and NetScaler Gateway are optional depending on deployment Citrix Cloud Management UI (Library, Connectors, Resource Locations) Last updated May 4th, 2017. All content is subject to change without notice
  • 4.
    © 2017 Citrix CitrixCloud Cloud Connector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Establishes WebSocket Connection for certain Citrix Cloud Services *.servicebus.windows.net Azure Service Bus Citrix Cloud Core Services citrix.cloud.com *.citrixworkspaceapi.net Citrix Cloud Platform Cloud Services for managing Apps & Desktops *.apps.cloud.com *.xendesktop.net *.nssvc.net XA/XD Service Cloud Service for Mobile Device and Application Management <customer>.cloud.com or <customer>.xm.citrix.com XenMobile Service Cloud Agent System Service with no external communication Session Manager Service *.sessionmanager.cloud.com Labs Services Cloud Connector Outbound Communication (all HTTPS) Last updated May 4th, 2017. All content is subject to change without notice
  • 5.
    © 2017 Citrix CloudConnector AD Provider Cloud Agent Logger Cloud Agent Watchdog Cloud Credential Provider Config Synchronizer Service High Availability Service WebRelay Provider NetScaler Cloud Gateway Remote Broker Provider Remote HCL Server Session Manager Proxy Cloud Agent System Cloud Connector Inbound Communication AD Hypervisor/ Cloud IaaS StoreFront VDAs PKI NSGW On-prem DDC 1 2 3 6 1 The AD Provider serves multiple Citrix Cloud services and communicates with AD Domain Controllers over various ports. 2 3 The WebRelay Provider is being used by XenMobile to communicate with the PKI server(s) and talks to the PNAgent site hosted on StoreFront to allow users to add XA/XD through Secure Hub. Local DB 5 7 The Config Synchronizer, High Availability and the Remote Broker Services, work together to provide the Local Host Cache feature in a Citrix Cloud environment. The Config Synchronizer Service sends its data obtained from the XA/XD Service in the Cloud to the High Availability Service The High Availability Service writes the received data into the Local Database If Citrix Cloud is unavailable, the Remote Broker Provider will transfer brokering responsibilities to the High Availability Service. 4 5 6 9 The Remote Broker Provider is the Citrix Cloud version of the Broker Service running on the DDC in a traditional deployment. It operates in the same way when interacting with on-prem StoreFront, NSGW and VDAs, except that setting up XML traffic to utilize port 443 instead of 80 requires additional configuration – Note: dotted connections when Citrix Cloud is unavailable. 8 7 9 11 11 The Remote HCL Server is used by the XA/XD Service to provision VMs on-demand utilizing Citrix Machine Creation Services (MCS). 7 8 9 8 12 10 The Session Manager Proxy is being used only when using the Session Manager experimental service in Citrix Cloud with a traditional XA/XD deployment. Otherwise it remains dormant. 12 10 HDX Traffic will run through the Connector's NetScaler Cloud Gateway service when NetScaler Gateway as a Service is being used in Citrix Cloud. 4 Service with no internal communication Last updated May 4th, 2017. All content is subject to change without notice
  • 6.
    © 2017 Citrix CitrixCloud Connector Service Descriptions Last updated May 4th, 2017. All content is subject to change without notice • Citrix Cloud AD Provider - The Citrix Cloud AD Provider enables the Citrix Cloud to facilitate management of resources associated with the Active Directory domain accounts it is installed into. • Citrix Cloud Agent Logger - The Citrix Cloud Agent Logger provides a support logging framework for the Citrix Cloud providers enabling diagnosis support for the resource location both locally and within the Citrix Cloud. • Citrix Cloud Agent System - Handles the System Calls necessary for the on-premises agents. • Citrix Cloud Agent Watchdog - Monitors and upgrades the on-premises agents. • Citrix Cloud Credential Provider - The Citrix Cloud Credential Provider • Citrix Cloud WebRelay Provider - The Citrix Cloud WebRelay Provider enables HTTP Requests received from WebRelay Cloud service to be forwarded to On-Premises Web Servers.
  • 7.
    © 2017 Citrix CitrixCloud Connector Service Descriptions contd. Last updated May 4th, 2017. All content is subject to change without notice • Citrix Config Synchronizer Service - Copies brokering configuration locally for high availability mode • Citrix High Availability Service - The Citrix High Availability service provides continuity of service during outage of central site. • Citrix NetScaler Cloud Gateway - Citrix NetScaler Cloud Gateway provides Internet connectivity to on-premises desktops and applications without the need to open in-bound firewall rules or deploying components in the DMZ. • Citrix Remote Broker Provider - Enables communication to a remote Broker service from local VDAs and StoreFront servers. • Citrix Remote HCL Service - The Remote HCL Server proxies communications between the Delivery Controller and the Hypervisor(s). • Citrix Session Manager Proxy - Manages anonymous prelaunched sessions, and uploads session count information to the cloud based Session Manager service.
  • 8.
    © 2017 Citrix XenApp/XenDesktopService* SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Gateway Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 8 9 8 3 4 6 1 5 7 11 2 4 6 9 XA/XD Service with cloud-hosted StoreFront and Gateway Service User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway Service address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The Gateway Service validates the STA ticket with the XA/XD cloud service The gateway connects Receiver to the specific VDA allocated for this session, relaying all traffic through the connector. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 10 10 11 VDAs Last updated May 4th, 2017. All content is subject to change without notice 7 Delivery Controllers
  • 9.
    © 2017 Citrix XenApp/XenDesktopService* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider StoreFront Service Customer Resource Location Customer Resources Firewall DMZ Citrix Cloud Connectors Active Directory Firewall 1 2 5 9 3 4 6 1 5 7 2 4 6 XA/XD Service with cloud-hosted StoreFront and customer NS Gateway User enters and Receiver submits credentials to the cloud service The cloud service authenticates credentials against Active Directory via the connector Receiver enumerates resources from the cloud service. User clicks on a resource in Receiver. Receiver requests a launch from the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the NetScaler Gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 10 11 8 8 10 11 12 12 NetScaler Gateway VDAs Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
  • 10.
    © 2017 Citrix XenApp/XenDesktopService* Delivery Controllers SQL Database (PaaS) Director Studio Citrix Cloud Resource Provider Customer Resource Location Customer Resources Firewall DMZ VDAs Citrix Cloud Connectors Active Directory Firewall 2 6 4 1 5 7 XA/XD Service with customer StoreFront and NS Gateway User enters and Receiver submits credentials to NetScaler Gateway. NetScaler authenticates credentials against Active Directory and allows access to StoreFront. Receiver enumerates resources from StoreFront. StoreFront gets the list of resources assigned to the user from the cloud service via the connector and returns them to Receiver. User clicks on a resource in Receiver. Receiver requests a launch from StoreFront. StoreFront sends the request to the cloud service. The cloud service selects a VDA and sends it a message to prepare for a connection. The message is sent via the connector. The cloud service identifies to StoreFront the VDA it assigned for this particular session. StoreFront requests a STA ticket from the cloud service via the connector. StoreFront creates and returns an ICA file to the Citrix Receiver pointing to the VDA, including the gateway address and STA ticket. Citrix Receiver connects to the gateway, providing the STA ticket for authorization. The gateway validates the STA ticket with the cloud service, via the connector. The gateway connects Receiver to the specific VDA allocated for this session. Virtual Delivery Agent (VDA) contacts the cloud service to verify its license via the connector. The cloud service returns session policies to the VDA, which then applies session policies to the virtual machine. Citrix Receiver displays the selected resource to the end user. 1 2 3 4 5 6 7 8 9 10 11 13 11 8 13 14 12 15 StoreFront StoreFront Service 4 5 5 6 4 10 11 14 NetScaler Gateway 3 5 9 4 3 9 12 8 7 13 14 15 Last updated May 4th, 2017. All content is subject to change without notice Gateway Service
  • 11.
    © 2017 Citrix CitrixCloud XenApp and XenDesktop Service Connector StoreFront NetScaler Gateway VDAs VDAs VDAs Connector Password Encryption with NetScaler Authentication XenApp and XenDesktop Service Password Encryption Key / ICA Ticket AES Encrypted Password Password Single Sign-On for Windows Logon NetScaler Gateway Last updated May 4th, 2017. All content is subject to change without notice

Editor's Notes

  • #5 1: The diagrams depicted in this slide are a logical representation to illustrate the traffic flows between customer managed components and the various Citrix Cloud services. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. 2: Additional detail on the Gateway Service as part of Citrix Cloud: In this diagram the Gateway Service is depicted as a component of the XenApp/XenDesktop service. The reason for this is because the Gateway Service currently only provides ICA Proxy functionality. However, end-user connectivity through the Gateway Service is run from separate PoPs (Point of Presence) across the globe to provide the best performance and user experience. https://www.citrix.com/content/dam/citrix/en_us/documents/product-overview/netscaler-gateway-service-product-overview.pdf
  • #6 Details on WebSocket protocol: https://en.wikipedia.org/wiki/WebSocket Full Connectivity Requirements: https://docs.citrix.com/en-us/citrix-cloud/overview/requirements/internet-connectivity-requirements.html
  • #7 1: https://docs.citrix.com/en-us/citrix-cloud/overview/get-started/secure-deployment-guide-for-the-citrix-cloud-platform.html 2/3: https://docs.citrix.com/en-us/xenmobile/xenmobile-service/prerequisites-administration.html 4/5/6: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/manage-deployment/local-host-cache.html 7/8/9: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html & http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html Additional Config for XML Traffic to utilize port 443: please contact Citrix Support for instructions. Customizing the VDA Registration port is currently not supported in a Citrix Cloud environment 10: https://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html 11: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/install-configure/machine-catalogs-create.html Additional detail on supported Hypervisors and IaaS platforms: https://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/configure-provisioning.html 12: http://docs.citrix.com/en-us/citrix-cloud/about-citrix-cloud-labs/session-manager.html
  • #10 *The diagram depicted for the XenApp/XenDesktop Service is a logical representation of the service to illustrate the traffic flows between customer managed components such as Citrix Receiver, Cloud Connector, StoreFront, NetScaler Gateway and VDAs and the Citrix XenApp/XenDesktop Service. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. See also for more details: http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html (Cloud Service Specific) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html (XenApp/XenDesktop generic documentation)
  • #11 *The diagram depicted for the XenApp/XenDesktop Service is a logical representation of the service to illustrate the traffic flows between customer managed components such as Citrix Receiver, Cloud Connector, StoreFront, NetScaler Gateway and VDAs and the Citrix XenApp/XenDesktop Service. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. See also for more details: http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html (Cloud Service Specific) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html (XenApp/XenDesktop generic documentation)
  • #12 *The diagram depicted for the XenApp/XenDesktop Service is a logical representation of the service to illustrate the traffic flows between customer managed components such as Citrix Receiver, Cloud Connector, StoreFront, NetScaler Gateway and VDAs and the Citrix XenApp/XenDesktop Service. It does not represent the actual physical implementation of the components used in the Citrix managed and operated Cloud service. See also for more details: http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html (Cloud Service Specific) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/technical-overview.html (XenApp/XenDesktop generic documentation)
  • #13 Handling of user passwords is a key concern for many customers. Unfortunately, with app and desktop virtualization, it’s something that has to be done in order to provide end users with a single sign-on experience to Windows, without prompting them for their password multiple times. The Apps and Desktops Service handles this by encrypting passwords on-premises, ensuring that components in the cloud cannot decrypt them. Let’s look at the flow for a typical Workspace Cloud deployment with StoreFront hosted on premises behind the NetScaler Gateway. The user’s password is entered into Receiver, and flows through the NetScaler, to the StoreFront, and then to the Connector. The Connector encrypts all plaintext passwords with AES encryption before forwarding them to the cloud. As we saw earlier in the multi-geo demo, the VDA may not be in the same location as the StoreFront, so the cloud routes the password to the proper connectors. Connectors only communicate with the cloud, and not with each other. The encryption key itself is the ICA logon ticket. This is sent back to Receiver, and never seen by the cloud service. Thus, even though the cloud relays the encrypted password, it has no means of decrypting it. When Receiver connects to the VDA, it sends the logon ticket. This provides the VDA with the key it needs to decrypt the user’s password, enabling them to log on to Windows without re-entering their password.