How Citrix XenApp Works
- User requests an application via below mentioned client access modes
- Citrix Client (Receiver) (over http on port 80 –or- https on port 443) (for SMB uses port 445)
- Online Plug-in
- Offline Plug-in (Streaming Client)
- Citrix Web Interface (Browser)
- Citrix Client (Receiver) (over http on port 80 –or- https on port 443) (for SMB uses port 445)
- Citrix Web Interface server passes the user request to Zone Data Collector server, with below details
- Authentication (user access token)
- User Information (user name, password and domain)
- The Zone Data Collector server returns the best application server available to Web Interface server, after performing below checks
- Available Servers
- Server Load
- Zone Preferences/Policies
- User Access Rights
- Web Interface server generates the ICA file (Independent Computing Architecture) and passes to the client, which is a small file used for session initiation, based on the DC response and below details
- Application Server to be used as returned by the DC
- User Rights
- Local Web Configuration details
- By launching ICA file user connects to the XenApp server. Below actions take place during connection establishment
- Client and Server determine the encryption levels and other capabilities
- XenApp server validates that RDS (Remote Desktop Services)/ TS (Terminal Services) Licenses are available
- If Licenses are available then further connection process proceeds
- XenApp server passes user credentials to AD and confirms the authentication
- Verifies if user has access to the Server and Application
- XenApp server Logons the User, Finds the User profile and Loads it. As part of this XenApp server does below actions
- downloads the user roaming profile from the profile/remote server to the XenApp server, if
- a copy of the roaming profile doesn’t already exist locally
- the roaming profile on the profile store is newer than the locally existing copy of the user profile
- downloads the user roaming profile from the profile/remote server to the XenApp server, if
- XenApp server checks out a user license from Citrix License Server (over port 27000)
- Verifies the availability of Citrix XenApp ConCurrent User License to allow the Citrix session creation
- An Error message is displayed if licenses are not available.
- XenApp server queries AD for user GPOs (including logon scripts) and applies them in the user session
- Also, applies additional GPO extensions like
- Folder Redirection
- Security Policies
- GPO software/application deployment for user specified
- Entries found in Run keys
- User Logon Scripts
- Also, applies additional GPO extensions like
- XenApp server then applies the configured Citrix Policies and Settings, which include
- Drive Mapping
- Session Printers and their Auto-Creation
- other Citrix User Policies
- XenApp servers runs the Startup Menu Applications for the user session
- Any applications or scripts in the users “Startup” folder are executed.
- Then User gets the final and fully loaded session on their client device via client software over ICA protocol
Pictorial Representation of the above steps: (follow the numbering for the flow directions)
0 thoughts on “How Citrix XenApp Works”
Hi,
I have a small query. If the user is being authenticated in the seventh step, how will the first six steps recognize the users identity and process the initial 6 steps?
Koushik,
Steps (1-6) involves checks only within Citrix and at step#7 user is authenticated by AD. The underlying windows servers will serve sessions for Citrix only if the user is validated by AD as well.
The user firstly log on the web interface, and there is a first AD authentication here.
And then the credentials are sent to the Xenapp server to open the ICA session.
Thank You very much! Very usefull!
Happy to hear that and you are welcome.