Deployment Architecture

• XenMobile Cloud hosts the App Controller, Device Manager and a NetScaler Gateway. The NetScaler Gateway hosted in XenMobile Cloud is referred to as “XMCloudNSG” in this article.
• The customer datacenter hosts typical enterprise IT infrastructure (Active Directory, Exchange and web application servers). It also hosts a XenApp/XenDesktop environment with StoreFront and NetScaler Gateway. The StoreFront server has an existing store (referred to as “Store1”) which is used to deliver Windows applications to desktops/laptops using Receiver. The NetScaler Gateway in this environment is referred to as “HDX_NSG” in this article as it is used primarily to proxy HDX traffic.
• To provide a unified store on a mobile device, the following steps need to be performed by the customer to integrate a XenApp/XenDesktop environment with XenMobile Cloud:
  • Create a new store (referred to as “Store2”) on the StoreFront server with advanced policies configured.
  • Configure App Controller in XenMobile Cloud to point to “Store2” on the StoreFront server.

• In such an integrated environment, the traffic flows are as follows:
  • Accessing Windows apps from laptops/desktop: No change from before. The existing environment is used as-is from Receiver on laptops/desktops.
  • Accessing Mobile and SaaS apps from a mobile device: Secure Hub accesses App Controller via the NetScaler Gateway in cloud to enumerate and launch mobile apps. Mobile apps can access on premise application servers (For example, Secure Mail/Secure Web accessing internal email/web servers) by creating an application-level VPN connection using the NetScaler Gateway in XenMobile Cloud.
  • Accessing Windows apps from a mobile device:
    • App enumeration/launch requests: Secure Hub accesses App Controller via the NetScaler Gateway in XenMobile Cloud. App Controller communicates with StoreFront to perform the enumeration/launch requests (while performing SSO).
    • HDX app connection: Once the launch request is processed, Receiver on the mobile device directly establishes a connection to the XenDesktop VDA or XenApp server via the NetScaler Gateway in the customer’s datacenter.

Instructions

1. In order to integrate your existing XenApp/XenDesktop environment with XenMobile Cloud, you start by creating a new Store (say “Store2”) on your existing StoreFront server. The configuration of your existing Store (say “Store1”) is not modified.
   To do this, on your Storefront Server, Open the Citrix StoreFront console from the Start menu > All Programs > Citrix.
2. Once the console is open, Click Stores. Click Create Store from the Actions menu on the right-hand side.
3. In the Create Store dialog, Add a Store Name and click Next.
4. Configure the Delivery Controllers for Store2, using the configuration you have for your existing store.
   To do this, on the Delivery Controllers page, Click Add and fill all the details for the delivery controller.
   1. Display name = add a controller name
   2. Type = select XenApp or XenDesktop for this store depending on the type of deployment you have.
   3. Servers = Add all the delivery controller servers using FQDN you would like to use for this store.
   4. Transport Type = select this based on the XenApp/XenDesktop settings for enumerating applications
   5. Port = this is automatically filled in based on transport type. You can fill in the port if a custom port is being used.
   6. Click OK and Next.
5. In Remote Access page, select None and click Create. We will enable remote access later.
6. Wait for the store creation to finish successfully and click Finish.
7. We need to enable remote access for the store (Store2) we just created.
   Under Stores, Select the store (Store2) and click Enable Remote Access under the Actions menu (Right-Hand Side).

8. We need to define the Remote Access method. There are three choices available.
   Select No VPN Tunnel or Full VPN Tunnel based on your configuration. We recommend that this setting be the same as that of your existing store.

9. Next, we need to create a NetScaler Gateway Appliance entry to represent the NetScaler Gateway hosted in XenMobile Cloud.
   To do this, on the screen shown in the previous step, in the NetScaler Gateway appliances section, click Add. In the Add NetScaler Gateway appliance wizard, Fill in the values:
   1. Display name = Specify a name e.g. “XMCloudNSG”
   2. NetScaler Gateway URL = the URL of the NetScaler gateway in XenMobile Cloud. Please ask your SE to provide you this URL.
   3. Version = select 10.0 or later
   4. Subnet IP Address = leave blank
   5. Logon Type = select Domain (this setting is not used in this setup)
   6. Callback URL = the URL of the NetScaler Gateway in XenMobile3 Cloud
   7. Click Next.
10. Leave the defaults and click Create.
    Note: The configuration on this screen is not used in this setup.
11. Select the checkbox next to the newly created NetScaler Gateway appliance and click OK.

12. The last configuration needed on the StoreFront server is to set an advanced policy to route all HDX traffic through the NetScaler Gateway on-premise. To do this, your StoreFront server, open PowerShell with administrative privileges and run the following commands.

    • Set-ExecutionPolicy Unrestricted( Type yes when prompted)
    • cd 'C:Program FilesCitrixReceiver StorefrontScripts'
    • ImportModules.ps1
    • Set-DSOptimalGatewayForFarms -SiteId 1 -ResourcesVirtualPath <ResourcesPath> -GatewayName <GatewayName> -Hostnames @('<GatewayFQDNs>') -StaUrls @('StaUrls') -Farms @('ControllerNames') -EnableSessionReliability $true -EnabledOnDirectAccess $true
      Here’s an explanation for the parameters in the command above:
      • Resource Path = /Citrix/<Name of the newly created Store e.g. Store2>
      • GatewayName = Specify gateway name. It can be any value e.g.,. “OptimalNSG”
      • Gateway FQDNs= FQDN of the existing NetScaler Gateway virtual server in your datacenter that is being used for accessing XenApp/XenDesktop.
      • STAURL= Comma delimited list of URLs of the existing STA used with XenApp/XenDesktop (typically the XenDesktop Delivery Controller or the XenApp server) “https://StaFQDN/scripts/ctxsta.dll”
      • ControllerNames=Comma delimited list of the display names of the delivery controllers used with this store. See screenshot.
        • To get the list of controller names, open the Citrix StoreFront admin console.
        • Click Stores, select the store (i.e. Store2) and click Manage Delivery Controllers from the Actions menu in the RHS.
        • Get the name of the delivery controllers from the Name column.

13. Next, AppController needs to be configured to be integrated with the new store (Store2). Open a browser (IE, Firefox or Chrome) and type https://AppControllerUrl:4443 to log on to the Configuration console.
    App Controller credentials
    Username: administrator
    Password: <Your password>

14. Once you are logged in, browse to Apps and Docs > Windows Applications. Under Windows Apps Configuration, click Edit. Fill in the values:
    • Host = IP Address or FQDN of Storefront server; if storefront server is accessed over https, use FQDN. If the customer is using an SSL certificate on storefront that is not publicly signed (in-house certificate), then the in-house root certificate needs to be installed on AppController.
    • Port = 80 if using http to access Storefront; 443 if using https
    • Relative Path = Path to the config.xml for the store i.e. /Citrix/<StoreName>/PNAgent/config.xml
    • Check Allow Secure Access if you are using https.
    • Once filled in, click Save.

Storefront Citrix Receiver

We are done with the configuration. To test a successful configuration, login to Secure Hub from a mobile device and launch the store and you should see your published applications and you be able to launch them from the mobile device.