Configure Support for Citrix XenApp Resources

Configure Support for Citrix XenApp Resources
capam32
You can configure
Privileged Access Manager
to support the following specific resource types in a Citrix XenApp environment:
  • Citrix StoreFront
    : Access, transparent (automatic) login, and session recording.
  • Citrix XenDesktop
    : Direct access, transparent (automatic) login, and session recording.
Published XenApp applications
: Direct access and session recording.
Transparent login is not currently supported for published Citrix XenApp applications.
This topic has the following contents:
Requirements
Verify that the following requirements are configured in your Citrix XenApp environment:
  • HTML5 client is enabled on the Citrix StoreFront store.
  • WebSocket connections are enabled on Citrix XenApp and Citrix XenDesktop.
  • If
    Privileged Access Manager
    and Citrix XenApp are in different subnets, configure Citrix StoreFront to allow remote users to access stores through NetScaler Gateway using the Enable Remote Connections task. For more information, see the XenApp documentation for your version of StoreFront.
  • By default, concurrent connections by the same user from different IP addresses are not allowed. Because there are use cases where this concurrence might be necessary, there is an option to allow it. For example, your Citrix XenApp environment might have several jump boxes and a load balancer. An end user might run several sessions simultaneously, and the user sessions originate at different jump boxes. If this concurrence is necessary, you can allow concurrent connections. Select
    Enabled
    for
    Concurrent Remote Connections Allowed
    on the
    Configuration
    ,
    Security
    ,
    Access
    Page. By default, this setting is set to
    Disabled
Configure a Service for Citrix Storefront
Use this procedure to configure a service for Citrix Storefront.
Follow these steps:
  1. From the Menu bar, select
    Services
    ,
    Manage TCP/UDP Services
    .
  2. Select
    Add
    .
  3. Complete the following fields:
    • Service Name
      : A unique name, for example, "XenApp_All".
    • Ports
      :
      StoreFront_Ports
      Where
      StoreFront_Ports
      are the port numbers for StoreFront, separated by a colon. For example, "80:6513".
    • Application Protocol
      : Web Portal
    • Launch URL
      : https://<Local IP>:<First Port>/
      Path_to_StoreFront
       
      Where
      Path_to_StoreFront
      is the browser path to StoreFront. For example, "Citrix/Store1Web"
    • Browser Type
      : CA PAM Browser
    • Auto-Login Method
      :
      PAM
      HTML Web SSO
    (Accept the default values for other fields.)
  4. Select
    Save
    .
Configure a Service for XenDesktop
Use this procedure to configure a service for Citrix XenDesktop.
Follow these steps:
  1. From the Menu bar, select
    Services
    ,
    Manage
     
    TCP/UDP Services
    .
  2. Select
    Add
    .
  3. Complete the following fields:
    • Service Name
      : A unique name, for example, "XenApp_Desktop."
    • Ports
      :
      XenDesktop_Ports
      Where
      XenDesktop_Ports
      are the port numbers for XenDesktop, separated by a colon. For example, "80:6611"
    • Application Protocol
      : Web Portal
    • Launch URL
      : https://<Local IP>:<First Port>/
      Path_to_XenDesktop
      Where
      Path_to_XenDesktop
      is the browser path to XenDesktop. For example, "Citrix/Store2Web"
    • Browser Type
      : CA PAM Browser
    • Auto-Login Method
      :
      PAM
      HTML Web SSO
    (Accept the default values for other fields.)
  4. Select
    Save
    .
  5. In the StoreFront console, navigate to
    Stores
    ,
    XenDesktop_Store
    ,
    Manage Receiver for Web Sites
    ,
    Configure, Client Interface Settings.
    Verify that the
    Auto launch desktop
    option is set.
Configure a Service for XenApp Applications
Use this procedure to configure a service for your Citrix XenApp applications.
Follow these steps:
  1. From the Menu bar, select
    Services
    ,
    Manage
     
    TCP/UDP Services
    .
  2. Select
    ADD
    .
  3. Complete the following fields:
    • Service Name
      : A unique name, for example, "XenApp_Apps."
    • Ports
      :
      XenApp_App_Ports
      Where
      XenApp_App_Ports
      are the port numbers for your XenApp applications, which are separated by a colon. For example, "80:6813"
    • Application Protocol
      : Web Portal
    • Launch URL
      : https://<Local IP>:<First Port>/
      Path_to_XenApp_Apps
      Where
      Path_to_XenApp_Apps
      is the browser path to your XenApp applications. For example, "Citrix/Store3Web"
    • Browser Type
      : CA PAM Browser
    • Auto-Login Method
      :
      PAM
      HTML Web SSO
    (Accept the default values for other fields.)
  4. Select
    Save
    .
  5. In the StoreFront console, navigate to
    Stores
    ,
    XenApp_App_Store,
    Manage Receiver for Web Sites
    ,
    Configure, Client Interface Settings
    and set the
    Auto launch desktop
    setting.
Configure a Device for XenApp
Use this procedure to configure a device for XenApp.
Follow these steps:
  1. From the Menu bar, select
    Devices
    ,
    Manage Devices
    .
  2. Select
    ADD
    .
  3. Complete the following fields:
    • Name
      : A unique name, for example, "XenApp"
    • Address
      : The IP address of the XenApp server.
    • Device Type
      : Select the following option:
      Access
      . Optionally, select
      Password Management
      .
    • Services
      : Select
      Add
      and select the services that you configured for XenApp resources. In this example,
      XenApp_All
      ,
      XenApp_Desktop
      , and
      XenApp_Apps
      .
      (Accept the default values for other fields.)
  4. Select
    Save.
Configure a Policy for Your XenApp Resources.
Configure a policy to associate your XenApp device and its services with users who require access. If session recording is required, select
Web Portal
from the
Recording
options.
Multiple users can launch CA PAM Client instances from different XenApp sessions.