NetScaler SmartControl and SmartAccess
SmartControl allows administrators to define granular policies to configure and enforce user environment attributes for Citrix Virtual Apps and Desktops on Citrix Gateway. SmartControl allows administrators to manage these policies from a single location, rather than at each instance of these server types.
SmartControl is implemented through ICA policies on Citrix Gateway. Each ICA policy is an expression and access profile combination that can be applied to users, groups, virtual servers, and globally. ICA policies are evaluated after the user authenticates at session establishment.
The following table lists the user environment attributes that SmartControl can enforce:
|ConnectClientDrives||Specifies the default connection to the client drives when the user logs on.|
|ConnectClientLPTPorts||Specifies the automatic connection of LPT ports from the client when the user logs on. LPT ports are the Local Printer Ports.|
|ClientAudioRedirection||Specifies the applications hosted on the server to transmit audio through a sound device installed on the client computer.|
|ClientClipboardRedirection||Specifies and configures clipboard access on the client device and maps the clipboard on the server.|
|ClientCOMPortRedirection||Specifies the COM port redirection to and from the client. COM ports are the COMmunication ports. COM ports are serial ports.|
|ClientDriveRedirection||Specifies the drive redirection to and from the client.|
|Multistream||Specifies the multistream feature for specified users.|
|ClientUSBDeviceRedirection||Specifies the redirection of USB devices to and from the client (workstation hosts only).|
|Localremotedata||Specifies the HTML5 file upload download capability for the Citrix Workspace app.|
|ClientPrinterRedirection||Specifies the client printers to be mapped to a server when a user logs on to a session.|
|Show Bindings||Policy Manager||Action|
Using smartaccess you can enable/disable drives/clipboard etc for users who are in the part of a specific AD group. Even though an application/VDI is published for all users in your domain, we can still disable drives/clipboard etc for some users only. We have to create a new AD group, and add the users for whom you want to disable the drivers/clipboard/printer etc..
- Create session policy in Netscaler. Create AAA group with an AD group name and add that session policy to this AAA group.
- Make sure you have your callback url setup in storefront.
- You have to create a citrix policy on allowing or preventing client drives or printing or com port redirection or clipboard etc.. and assign that policy to access gateway in citrix studio and also enter the session policy name that you created in step1.
When a user who is part of the AD group name logs into the App/VDI, from netscaler AAA group, that session policy is mapped to studio, and whatever settings you configure in the studio policy will be applied to that user.
If user is not part of that AD group, then these policies will not be applied.
Checkout more information HERE
SmartAccess vs SmartControl:
SmartAccess and SmartControl let you change ICA connection behavior (e.g. disable client device mappings, hide icons) based on how users connect to Citrix Gateway. Decisions are based on Citrix Gateway Virtual Server name, Session Policy name, and Endpoint Analysis scan success or failure.
- SmartAccess lets you control visibility of published icons, while SmartControl does not.
- SmartControl is configured exclusively on Citrix Gateway, while SmartAccess requires configuration on both Citrix Gateway, and inside Citrix Studio.
- SmartControl requires Citrix ADC Premium Edition licensing, while SmartAccess is available in all Citrix ADC Editions.
- Both features require Citrix Gateway Universal licenses for every concurrent connection.
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.