Tag Archives: Citrix

Apple FaceID Authentication for Citrix Workspace app on iOS Devices

I recently moved from iPhone 5S (Ja Ja or Yes Yes) to iPhone XR and thought I’d enable Apple FaceID as my primary authentication method for my corporate owned device vs. PIN/Passcode and … to unlock my device + Citrix Workspace.

I have to say I’m impressed thus far it’s a really super authentication method and defiantly not a gimmick! Example I setup notifications for Citrix Secure Mail with the Show Previews set to “When Unlocked (Default)” this means that when an unknown vs. family individual picks up my iPhone they’ll see a Secure Mail badge with just “Notification” as the message see below.

However when I pick up the iPhone I see something quiet different, as you’ll notice below. I now very quickly get the right vs. relevant context surrounding the email(s) content sent, therefore I am better informed to decide when to respond e.g right now, in a few minutes or later dependant upon the activity/task that I am busy with, within my current Citrix Workplace setting e.g Citrix Paddington office, London tube vs. bus, Train up north to Manchester e.t.c as at Citrix it’s recognised that work is not a place anymore.

Workplace setting? What’s that? 

Think about yourself, you’re probably consuming  1-2 LOB apps at least 2-3 times before arriving in your first workplace setting for the day for a meeting or attending an event? Take note you’ve already signed into WORK at what 06:00-30 if you have children or perhaps later. Did this behaviour exist 5 years ago for you?

Ok back to Apples FaceID.

I wanted to truly test, push the limits and capabilities of Apple FaceID as a primary authentication method for my Citrix Workspace + Workplaces going beyond what we all test it seems e.g different coloured lighting, in the dark, twilight, dusk, low vs. bright light and the list goes on and it all worked perfectly so great job Apple so far!

I wanted more, I wanted a sudden change in my face to truly push FaceID to its limits so as many men do in November I to pulled a Movember – https://uk.movember.com (perfectly timed) so I had a thickish but full beard + moustache which was timely for me testing its limits so I registered my face with both (yes it was passing the scratchy stage) so I then decided to leave it post Movember for 3 days to see if it was learning more about my face to better recognise me and then implement the dramatic change by shaving it all off clean and what do you think happened? Did Apple FaceID recognise me? Yes it did first time, great job again Apple!

So can you be confident in consuming FaceID for Citrix Workspace app or even for unlocking your iOS devices? Yes, if it’s a supported feature on your iOS device and obviously if your corporate IT policy allows for it by not blocking it through policy controls.

How-to Enable FaceID for Citrix Workspace app on iOS
Authenticate yourself within Citrix Workspace app for iOS e.g – https://itunes.apple.com/gb/app/citrix-workspace/id363501921?mt=8 using your current method e.g TouchID and or user/passwd/token e.t.c and then to enable it Apple FaceID navigate to the settings “Menu” tap your desired configured account or the default which is “Store”, next tap “Edit Account” and finally toggle the “FaceID” option to the ON or ENABLED position/state and then you are ready to begin consuming Apple FaceID as your primary authentication method to Citrix Workspace app on iOS.

Final Thoughts
I was not a fan of Apple FaceID initially when it launched as I wanted to do some homework + research it a bit more and see and hear what other peoples experiences where, but most of all wait for the technology to mature a little.

One thing I do keeping thinking about is that Apple FaceID lets you add up to 2x faces only on the iPhone XR*. I wonder if it needs to support up to 4x for family vs. 1x for business scenarios controlled by MDM/UEM polices?

I will continue my testing over time and circle back in a few months with a new blog post of simply update this and do more background research on Apple FaceID* but until then enjoy it, its worth enabling!

The views expressed here are my own and do not necessarily reflect the views of Citrix or Apple.

Citrix Workspace app is released Hello World

The views expressed here are my own and do not necessarily reflect the views of Citrix.

What is Citrix Workspace app? It brings together all your LOB tools which in todays modern world consists of (virtual/micro/installed/mobile) apps, SaaS, desktops & content. I’ve embedded a sample of what this actually looks like below.

The new Citrix Workspace app way more than purely an upgrade of Citrix Receiver e.g grey to blue icon and a skin change, this NEW Citrix client app release is simply extraordinary, working for Citrix I can be considered bias however once you actually begin to consume the Citrix Workspace app you’ll understand exactly what I mean. Citrix Workspace app is for me all about an experience, and that experience is extraordinarily AWESOME! As I begin consuming my LOB (Line of Business) tools wherever I am + want and in a setting/context that suites me (home, Paddington vs. partner offices, trains, taxi e.t.c) the chosen LOB tool delivered context can change dependant upon criteria (I won’t be covering this today) or how IT (say YES!) has chosen to deliver the LOB tool through Citrix Access Control Service – https://docs.citrix.com/en-us/citrix-cloud/access-control/get-started.html.

I now have all my content available all in the same AWESOME app thank you Citrix Content & Collaboration aka ShareFile. I can upload, download and even favourite particular content e.g “L-J’s H1/2 Citrix Partner Tech Super Deck” which is then available directly from the home view/tab. In the below example I am uploading the LeasePlan Citrix SD-WAN case study – https://www.citrix.co.uk/customers/leaseplan-en.html and the actual video is available at – https://www.youtube.com/watch?v=4Hq-yryxfS0 take a look and remember to listen to the outcomes Citrix SD-WAN provides LeasePlan.

How do I get started today?
Firstly I will do a more detail blog post on getting it all up and running with use cases time dependant of course.

1.Start by navigating to https://docs.citrix.com/en-us/citrix-workspace-app.html and then goto Citrix.com and login with your access details, next navigate to https://www.citrix.com/downloads/workspace-app/ and download Citrix Workspace app for your chosen end-point. If you are running a TP of Citrix Workspace app code base please UNINSTALL it prior to installing the GA production code base as a few community individuals I know had issues upgrading from TP code base. I would like to state for the record I upgraded from PRODUCTION Citrix Receiver to the Citrix Workspace app for Mac 1808 on my Mac without ANY issues see below tweet.

2. Please carefully read the System Requirements for your chosen platform here is the link for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/system-requirements.html and Windows https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/system-requirements.html.

3. Review the installation guidance for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/install-configure.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html.

4. Please carefully read the configuration of Workspace app for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/configure.html
and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html e.t.c. for other platform and if you are looking for multi-monitor support or Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/improve-user-experience.html#using-multiple-monitors for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/improve.html#multi-monitor-support, and securing communications between Workspace app and your StoreFront for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/secure-communications.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication.html (Pay attention to deprecated cipher suites node) and finally if your are you a Smart Card user pay attention to the recitations at the bottom of both docs for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/requirements-for-smartcard-authentication.html and for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/authentication/config-smart-card.html and for WIF 5.4 (yes I know really however some of you still may need it while your upgrading to XAD 7.x platform) https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication/config-smart-card–for-web-interface.html.

5. Sign-up vs. Login to Citrix Cloud today and trial vs. acquire a Citrix Cloud service e.g ShareFile Service or the XAD Service and if you want to aggregate on-premises LOB apps into the new Citrix Workspace experience then setup “Site Aggregation” today. To learn how please read this CTXS blog post and watch the embedded YouTUBE video which provides a how-to overview at – https://www.citrix.com/blogs/2018/08/03/site-aggregation-for-citrix-workspace-is-now-ga/.

Thats all folks for now on the technical overview its brief I know so I will follow-up in future with more detailed overview + how-to e.t.c either here or on the https://www.mycugc.org website in the experts area.

Upgrading to Citrix Workspace from Citrix Receiver for smart devices

In Closing
I work for Citrix, I have been a Citrix + IaaS advocate for well over a decade (now SD-WAN swell) so I am mostly likely bias you’ll think however Citrix Workspace app is truly AWESOME and way more than what you see at a glance, I encourage you all to begin consuming it today to see for yourself just what I am talking about and why I personally say its “AWESOME“.

Citrix Innovation Award Finalists for #CitrixSynergy 2018

Its that time of the year where you Citrix customers, partners can vote for your favourite Citrix Innovation Award Finalist.

This year see’s a great mixture of customers in different markets all leveraging Citrix technologies as the enabler for transformation within there organisations to embrace a new way of working or #ThisIsHowTheFutureWorks powered by Citrix Networking, Workspace and Security & Platform Analytics from https://www.cloud.com/.

I would encourage you to watch all three videos describing there journey before casting your vote as there is some really great innovation happening within these Citrix customers and if you want to get started visit https://www.citrix.com or https://www.cloud.com/ today.

Beazley from the UK – Insurance

Quote “A new mindset to work wherever I am, because I have the tools that Citrix provides and Beazley…” – @dalesteggles

Health Choice Network, US – Healthcare

WAGO, Germany – Engineering

All the very best to this years Finalists.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

What’s New with HDX (3D Pro) Technologies in XenApp & XenDesktop 7.16

The following content is a brief and unofficial prerequisites guide to setup, configure and test accessing secure by design virtual apps and desktops powered by XenApp & XenDesktop 7.15 prior to deploying a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names

Introduction what is HDX?
High Definition eXperience (HDX) is a set of technologies that provides a near to HD local like experience of a remoted virtual app, desktop or both to users anywhere in the world on any device even without installing anything on that device all you need is a modern widely used (supported) HTML5 compliant internet browser e.g Chrome, Safari (try it on your iOS devices :-)), Firefox, Internet Explorer you get the picture.

HDX is simple yet so powerful and has three founding principles which are intelligent redirection, adaptive compression, and data de-duplication like wise it has three principles it performs when you connect to there virtual resources which is Inspect the VM (Server vs. Desktop) what does it have e.g vGPU, Inspect the network what its like and can I use UDP for adaptive transport or should I fallback to TCP to remote the display + multimedia and finally it inspects the end-point what is there and can I use it? An example is the HDX Optimisation Pack available to offload audio/video for my Skype for Business sessions or shall I utilise generic HDX fallbacks?

I’m not going in great detail in this introduction so if your new to HDX or even an HDX Xen Master I’d still encourage you read the white paper published by Citrix on HDX Technologies at –
https://www.citrix.com/content/dam/citrix/en_us/documents/white-paper/citrix-hdx-technologies.pdf. Also be sure to check out the HDX resources page on Citrix.com at – https://www.citrix.co.uk/products/xenapp-xendesktop/hdx-technologies.html.

Finally you can find all the latest about XAD 7.16 and not just whats new with HDX in this release at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/whats-new.html and you’ll notice that it’s not a 7.16 URL but refers to current release or CR.

HDX RealTime
Skype for Business to Teams “We are committed…” read all about it in Dereks blog post on Citrix.com – https://www.citrix.com/blogs/2017/11/08/the-big-news-about-microsoft-teams. The big announcement is that HDX RealTime Optimisation Pack now has an LTSR release version 2.4 which is available and you can learn more product lifecycle information at – https://docs.citrix.com/en-us/hdx-optimization/2-4-ltsr.html. Its also worth noting that this LTSR does NOT support any version of Microsofts Teams only Skype for Business 2015, 2016 you can learn more by reviewing the System Requirements for the client vs. server side at – https://docs.citrix.com/en-us/hdx-optimization/2-4-ltsr/system-requirements.html.

– HDX RealTime Media Engine for the Citrix Ready workspace hub (formerly known as HDX Ready Pi) is only supported for ViewSonic – https://citrixready.citrix.com/viewsonic/viewsonic-sc-t25.html or NComputing – https://citrixready.citrix.com/ncomputing/ncomputing-rx-hdx-thin-client.html Pi’s only. You can also get management of these devices from Stratodesk check out – https://www.stratodesk.com/products/raspberry-pi-thin-client.
– Behavioural changes in the way audio is handled in fallback mode when CPU is busy is to disable Echo Cancellation via the RTME as the generic HDX RealTime will handle this capability until returning to expected behaviour and lower CPU load.
– Enhancements to the microphone to provide better insights into whom is speaking.

The full list of what’s new in this LTSR is available at – https://docs.citrix.com/en-us/hdx-optimization/2-4-ltsr/whats-new.html.

HDX Broadcast
– The release of XAD 7.16 introduces a great new VDA installation behaviour change 🙂 whereby it will automatic set the HDX mode to be standard (Server OS) vs. HDX 3DPro mode (Desktop OS if it meets the requirements for HDX 3DPro e.g the Desktop OS includes a vGPU or GPU) which I believe is setup in the right direction and simplifying overall CTX Admin overhead e.g another syntax option to remember vs. I forget to configure the correct parameter.
– Now by default the new HDX Graphics mode is enabled is adaptive transport or EDT and is set to Preferred. Don’t worry if your a Citrix Admin as you’ve maybe already realised I didn’t enable UDP for this to work! Remember is an adaptive remote display protocol so it will fallback to TCP by default using the default Citrix HDX ports. Its also worth mentioning that when (Preferred) is set then SR is enabled for both UDP vs. TCP connections and client connections (Receiver check supported versions e.g Win min 4.10; Mac 12.8) are attempted in parallel during the initial connection, for SR reconnections and finally auto client reconnects aswell.
– Browser Content Redirection – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/multimedia/browser-content-redirection.html redirects the contents to the local device running an embedded browser within the HDX session which allows for offloading of content, network traffic, graphics from the VDA running in the resource location to the users end-point enhancing the UX significantly.
– Not strictly something new but HTML5 Redirection – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/policies/reference/ica-policy-settings/multimedia-policy-settings.html which is still currently only available for internal usage as you’ll read from the eDocs article but this is 100% something an Citrix Admin & Architects should begin testing today as HTML5 begins in my personal view to supersede Flash based websites as we move forward towards 2020.
– Auto DI Scaling for Multi-Monitor
– H.265 encoding support running on the latest end-points which supported a GPU that supports H.265 decoding and if its not available it will by default fall-back to H.264 decoding. The net result of moving to H.265 from H.264 which is a Platinum only feature results in significant bandwidth savings and much better UX. I have seen the net results with a few of our engineering customers that develop vehicles with teams spread out across the world and the results as awesome!
– Strictly speaking this is not agnostic or exclusive to the HDX technology stack but the Windows Continuum is quiet important for a great user experience and its powered by primarily at a the hypervisor level and its currently only supported on Citrix XenServer. Visit – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/technical-overview/hdx.html for how-to configure it today if your running XenServer.

– High definition webcam streaming for Windows Server with resolutions up to 1920×1080 – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/technical-overview/hdx.html#hd-webcam
– “Session Watermark” with custom text which you learn to setup and configure using the following CTX article – https://support.citrix.com/article/CTX230054 and was originally part of the XenApp Secure Browser and its deployment guide is available at – https://docs.citrix.com/content/dam/docs/en-us/workspace-cloud/downloads/Secure%20Browser%20-%20Deployment%20Guide.pdf.

In Closing
I be covering off some HDX topics in more detail in up and coming blog posts either here or in “Expert Insights” at myCUGC website at – https://www.mycugc.org/. Finally if you want to take part in my challenge for 2018 you can learn more about it at – https://www.mycugc.org/blog/a-2018-challenge-for-the-mycugc-community.

myCUGC announces Citrix Technology Advocates (CTA) class of 2017

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Today Citrix community leader Stephanie Roper – https://twitter.com/Roperjs announced the class of “Community Champions: Citrix Technology Advocates (CTA) for 2017” at – https://www.mycugc.org/blog/community-champions-cta which I have been honoured and humbled to become part of with a few other fellow Citrites whom consistently like our fellow CTA’s and CTP’s for that matter advocate and more often than not eat, sleep and breathe Citrix technologies daily. Finally thank you to, Stephanie Roper for leading the CTA programme, the #myCUGC team https://www.mycugc.org/ and of course the great company that I work for which is of course https://www.citrix.com.

2017 UKI #CitrixPartnerLove Challenge #7 Stop the Difference

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://t.co/nqooPlWElw to print.

SAML Sign-in to Virtual Smartcard for Virtual Apps & Desktops

The following content is a brief and unofficial prerequisites guide to setup, configure and test accessing virtual apps and desktops authenticated via SAML IdP (Google OAuth) powered by XenApp & XenDesktop 7.14.1+ and NetScaler Unified Gateway 11.1 prior to deploying a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
NETSCALER UNIFIED GATEWAY – nug or netscaler ug

What is OAuth?
Wikipedia definition – https://en.wikipedia.org/wiki/OAuth and Google’s definiton – https://developers.google.com/identity/protocols/OAuth2.

What is SAML?
Wikipedia definition – https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language.

Why this blog article?
For me as organisations begin shifting to a Cloud native or Cloud First (i prefer hybrid cloud) stratergy they begin too embrace PaaS e.g Citrix Cloud, Office 365 BUT a common major problem is where does the users identity live and do I need replicate it (read-only, passwd hashes e.t.c) and secondly mobilising of data repositories is another major requirement vs. problem. ShareFile can help in solving your data mobilisation problems which I will follow up in a separate blog article in the future to expand upon this, but for now back to SAML and Identity.

Utilising the Federation Authentication Service or FAS for short which is part of XenApp and XenDesktop (see feature matrix – https://www.citrix.co.uk/products/xenapp-xendesktop/feature-matrix.html) in-line with NetScaler UG enables organisations to solve numerous problems about identity (where is lives vs. its synced to data centres A through C e.t.c) enabling access to any type of app fronted by NetScaler Unified Gateway working inline with FAS.

NetScaler for me is your organisations front door (knock knock) e.g https://go.axendec.com or if you know me #10 Downing Street from on any device and it controls how the users authenticates requirements e.g AD, AAD, SAML vs. OAuth 2.0, Biometrics (e.g VeridiumID watch – https://www.veridiumid.com/video-citrix-ready-partnerspeak-veridium/ which is Citrix Ready and be sure to check out https://www.veridiumid.com/biometric-authentication-technology/biometric-connectors/), however in this scenario i’ll focus on access from devices that support a modern web browser (HTML5) to keep it simple. The below table depicts a user that has successfully loaded onto NUG with SMAL vs. OAuth 2.0 credentials and they can go left towards SaaS web apps or right towards virtual apps & desktops where FAS + StoreFront + Int Windows CA will generate a virtual smart card from the SAML token passed from NetScaler to SSO onto the required resource e.g Windows Server 2016 virtual desktop.

SaaS NetScaler Unified Gateway Virtual Apps & Desktops
User logins with SAML credentials e.g AAD, Google OAuth 2.0
← SAML or OAuth 2.0 Token →
Office365 XenApp & XenDesktop,
StoreFront, FAS & Internal Windows CA

PoC SuGgEsTeD Architecture Diagram – BASIC
I have gone for a very simple diagram approach here to help those will little to no knowledge on SAML, OAuth 2.0, AD Shadow accts, virtual smart cards get up to speed.

User Login Flow (Not Step by Step its High Level)
1. The user navigates to the SAML IdP logon webpage setup, configured and hosted by NetScaler UG.
2. The user is automatically redirect to the Google auth login web page to authenticate.
3. Once the user is successfully authenticated at Google they are re-directed back to the NetScaler UG and auto signed in and auto redirected (Responder Policy) to the configured Unified Gateway (my use case here) or ICA Proxy vServer.
4. The user can then select from a choice of Full vs. Clientless VPN or Virtual Apps & Desktops (Selected). Note that in the username will be user@domain while still on the NetScaler UG.
5. The user is SSO onto ReceiverforWeb hosted + powered by StoreFront and the user selects to launch an there choosen HDX virtual app and or desktop(s), you’ll now notice that the username is now first, last name.
6. StoreFront initiates and generates a ICA/HDX file for the user while communicating with FAS + internal Windows CA to generate a virtual smart card for the user that will be used to SSO the user onto there requested resource(s) e.g a Virtual Desktop.
7. The user receives the ICA/HDX file and Receiver automatically launches his/her virtual app and or desktop.

Demonstration WhoamI?

PoC SuGgEsTeD Architecture Diagram – ADVANCED

The Actual Login Flow

Pre-requistes & System Requirements – Google OAuth 2.0
1. Navigate to https://console.developers.google.com/projectselector/apis/credentials and sign-in with your Google credentials.
2. Select “Credentials” under API Manager then select to “Create” a Project
3. Enter in a new “Project Name” and read and review Googles EULA and notification service about updates etc.
4. Google will create your Project
5. Select “Create credentials” and from the drop down select “OAuth client ID”
6. Configure “OAuth consent screen” the bare minimum is to select “Product name shown to users” e.g MYProJectName and then select “Save” you can return later and complete …
7. Now you need to create a client ID select the application type to be “Web Application”
Enter in a friendly name:
– For “Authorized JavaScript origins” enter in “:4443”
– https://YOUR-FQDN:4443
– For “Authorized redirect URIs” enter in “:4443”
– https://YOUR-FQDN:4443/oauth/login
– Select “Create” twice
Google will now create your OAuth credentials and a popup screen will appear with your “Client ID” e.g xnxnxnxnxnxnxnxnxnxnx.apps.googleusercontent.com and “Client Secret” e.g 123456789xnxnxn
8. Now store of copy of these for later in a safe please as you’ll need it for the NetScaler configuration later.

Pre-requistes & System Requirements – Citrix
1. Review the deploying NetScaler guide for your chosen resource location at – http://docs.citrix.com/en-us/netscaler/12/deploying-vpx.html. If your wondering what a Resource Location click this link – http://docs.citrix.com/en-us/citrix-cloud/overview/about/what-are-resource-locations.html.
2. Download vs. deploy your NetScaler virtual appliance on your own terms e.g upload and boot on a hypervisor vs. deployed via a IaaS market place.

– Traditional hypervisors configurations for PoC vs. Home purposes only 2vCPU 2-4GB of RAM
– Cloud hypervisors e.g Azure, AWS for PoC vs. Home purposes only 2vCPU 3.5GB or RAM

3. Licensing Your NetScaler
3.1 You’ll need to license the appliance so obtain trial of e.g VPX 1000 and or 3000 from http://store.citrix.com/store/citrix/en_US/pd/productID.278306700/ThemeID.33753000 or search for Citrix Eval Store at Google.com.
3.2 The above link should redirect your to the NetScaler ADC part of the Eval Store
3.4 Select model type of “VPX” then select variation e.g “1000 vs. 3000 Platinum” and for duration select “30, 60 or 90 Days“.
3.5 Complete the onscreen steps and please note that you will require a valid Citrix.com account or you need to create an account in order to complete the trial request to obtain the eval license.
3.6 Once you’ve received your eval license via email navigate to at https://www.citrix.com/account/toolbox/manage-licenses/allocate.html and select find and allocate your licenses or look for the licensing button (link) and select it.
3.7 If your eval license it not visible e.g created by a Citrix rep or one of our partners –https://www.citrix.com/buy/partnerlocator/ select “Don’t see your product?” top right-hand side (small text!). A pop-up appears now enter in the eval lic provided in the format of “NNNN-XXXXX-XXXXX-XXXXX-XXXXX” and select to continue.
3.8 You will need to enter in the Host Id of your NetScaler it can be found once logged in using the NS Admin Web UI “NetScaler -> System -> System Information” then look under the heading “Hardware Information” and you find “Host Id” copy and paste it into the required field and then download the license file.
3.9 In the NS Admin Web UI click the cog icon top right then select licensing and upload the license and select to reboot the NS to apply the license.
3.10 Your NetScaler is now licensed now simple enable the required features that you need vs. require by right clicking a feature e.g NetScaler Gateway select “enable” e.t.c

4. If your in a Public Cloud setup your (Network) Security Groups to allow you external traffic to your NetScaler and i’d suggest that your disable SSH on port 22 from the world and only enable https 443 and use a Windows server + PuTTY within your Azure RG vs. EC2 VPC to interact with your NetScaler. Note: I am keeping it simple here re DMZ/Edge vs. TRU vs. Mgmt networks. Traditional rules apply for Private Cloud setups or WWW vs. DMZ vs. TRU vs. Mgmt networks.

Federated Authentication Service (FAS)
1. Download FAS Software is part of the XAD 7.9+ ISO – https://www.citrix.co.uk/downloads/xenapp-and-xendesktop/ and select 7.15 LTSR
System Requirements – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html
3. Deploy GPO Policies – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_6ba9/
– List + Enable XAD Broker/Controller
– Enable in-session certificate support
4. Certificate Authority – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_27dd. You may require or choose an Internal Microsoft Windows CA 2012 R2 or 2016 (Test with in this PoC)
Active Directory Certificate Services – https://technet.microsoft.com/en-us/library/hh831740.aspx
– Configuring Windows for Certificate Logon – http://support.citrix.com/article/CTX206156
– Setup Certificate Authority – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_8dfa
5. VERY IMPORTSANT When Configuring User Rules for FAS list all the required StoreFront Servers, VDA’s and User(s) either by individual object or group e.g. AD Security group PoC SAML Users – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_6ba3
6. Enable FAS for the default or custom Store on StoreFront – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_32e2
7. A full AD Admin account for all components will help and save time during the PoC

Deploying @gmail login to NetScaler using OAuth 2.0 / SAML

Recommended Reading
– Credit to Citrix *CTP Dave Brett – http://bretty.me.uk/citrix-xendesktop-7-9-google-accounts-and-fas-for-xendesktop/ and I’d strongly recommend your read his blog post! His approach vs. requirements differs slightly from that of my own requirements. He saved me a lot of time and in testing + reading through eDocs so @dbretty thank you!
– Configure StoreFront with OKTA (CTX232042) – https://support.citrix.com/article/CTX232042
Integrating NetScaler with Microsoft Azure Active Directory
– Credit to Citrix CTP Aaron Parker – Integrating Citrix NetScaler with Azure AD and Conditional Access

However in the *interim if your a Citrix Partner and you want to learn more and how to deploy this today! You can access the following on-demand entitled “SAML to Virtual Smartcard Sign-in for Virtual Apps & Desktops” at – http://enablement.citrix.com/library/items/1261 BUT you will require a valid Citrix partner login.

Top 10 Suggested Unified Experience Tips for Citrix Users 2016

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
THINWIRE COMPATIBLE MODE – tcm also known as ecm or thinwire+

Suggested Top 10 for 2016
This is numbered 1 through 10 but in reality is in no particular order!

1. E-mail discovery for Citrix Receiver using DNS SRV records – http://docs.citrix.com/en-us/receiver/windows/4-3/receiver-windows-install-wrapper/receiver-windows-cfg-command-line-42.html internally and externally on the Gateway – http://docs.citrix.com/en-us/netscaler-gateway/10-1/ng-xa-xd-integration-edocs-landing/ng-clg-integration-wrapper-con/ng-clg-session-policies-overview-con/ng-clg-storefront-policies-con/ng-clg-storefront-email-discovery-tsk.html.
2. Implement SplitDNS or more technically correct “split-horizon DNS” – https://en.m.wikipedia.org/wiki/Split-horizon_DNS my favourite personally over email based discovery :-)!
3. Brand your NetScalers (Unified) Gateway – http://docs.citrix.com/en-us/netscaler-gateway/11-1/vpn-user-config/custom-portal.html and App Store (StoreFront) – http://docs.citrix.com/en-us/storefront/3-7/manage-citrix-receiver-for-web-site/unified-receiver-experience.html to match and keep it clear, clean and simple!

4. Implement HDX Adaptive Display v2 available in 7.11+ – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/policies/reference/ica-policy-settings/graphics-policy-settings.html as your default Graphics Mode and if you can’t then Thinwire Compatible Mode – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/hdx/thinwire.html.

5. If using Skype for Business 2015 or 2016 implement the HDX RealTime Optimisation Pack 2.x.n http://docs.citrix.com/en-us/hdx-optimization/2-1/hdx-realtime-optimization-pack-overview.html to offload the video/audio to the local end-points (Windows, Mac and Linux) saving on backend compute and density loss for XenApp.*

6. Implement domain pass-through for internal users – http://docs.citrix.com/en-us/storefront/3-7/plan/user-authentication.html.
7. Deploy the (latest) HTML5 Receiver for remote access – http://docs.citrix.com/en-us/receiver/html5/2-2/user-experience.html.

8. When using Citrix Receiver for Windows (with HDX engine 14.4), the GPU can be used for H.264 decoding wherever it is available at the client – http://docs.citrix.com/en-us/receiver/windows/4-5/improve.html.
9. Deploy Self-Service Password Reset (SSPR) – http://docs.citrix.com/en-us/self-service-password-reset/1-0.html.

10. The most difficult to justify probably re the cost(s) but assigning a low end vGPU GRID profile or utilising the Intel Iris Pro Graphics with XenServer 7 to provide enough/suitable GPU capacity to all virtual apps & desktops (oldISH and modern) provides a much better experience so setup a PoC to see and try if for yourself and finally NVidia now supports H.264 offloading onto there GRID Cards in 7.11 🙂 – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/whats-new.html#par_anchortitle_59c9.