XenDesktop 7.X App/VDA logon process
Website Visitors:
Contents
- User opens Netscaler page and enters their credentials over 443.
- User’s credentials are sent from the netscaler gateway to active directory domain controllers over:
- LDAP or secure LDAP using TCP ports 389 or 636
- Global catalog request / TCP 3268 and 3269 (if necessary)
- TCP or UDP ports 1645, 1812 and 1813 (if using RADIUS)
- Once authenticated, user’s request is forwarded to StoreFront over 443 by Netscaler.
- SF verifies the user’s username and password by contacting AD server with protocol Kerberos.
- After verified, storefront then checks with Delivery Controller for apps/desktops.
- Delivery controller checks with SQL database (1433) for which apps/desktops user has access to.
- Delivery controller passes this information to Storefront, and Storefront(443/80) sends it to user via Netscaler, NS back to user’s device.
- When user clicks on an app/desktop, connection goes through Netscaler to Storefront.
- Storefront checks with Delivery Controller and controller queries SQL database with the least loaded server available to host the app.
- Delivery controller passes this information back to Storefront.
- If user is on LAN, and no Netscaler is used, Storefront creates connection file (ica file) and sent to user’s machine and launches it in user’s machine.
- If Netscaler is used, SF need to create a file and it need to send it to user over internet. Storefront server contacts delivery controller again and gets a ticket (Secure Ticket Authority, STA) for this session (life time of 100 seconds by default).
- STA tickets are requested by netscaler to a delivery controller. Delivery controllers generate secure tickets in exchange for session information and these tickets are used to avoid transporting user-specific data over unsecured networks.
- When user launches the app, Netscaler checks with Delivery Controller with the ticket and launches the app.
- Netscaler connects to the end resource (user’s app server or VDI) via 1494/2598 (if session reliability is used).
- If using VDA, registration between VDA and delivery controller happens over port 80.
It also checks with Citrix license server for a license before launching the app.
Full Logon process and app launch process
Checkout this pdf for the same: Communication Workflow
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.