Imagine having a single login point for all your Citrix needs. Citrix StoreFront makes this possible for XenDesktop, XenApp, CloudGateway Enterprise, and now VDI-in-a-Box 5.2! Gone are the days when a separate website was needed for your different Citrix solutions. This awesome technology has been designed to make it even easier for your users to access all their virtual desktops and applications.
I am very excited to talk about this integration because the user experience is greatly enhanced. Being able to have a single point for users to login and access their resources saves a lot of time, headache, and helpdesk calls. One thing to keep in mind is that many SMB customers who are only deploying VDI-in-a-Box will most likely not need to use StoreFront. I want to make it clear that VDI-in-a-Box does not require StoreFront as all VDI-in-a-Box appliances (vdiManagers) have their own web interface. This hasn’t changed but administrators now have the option of allowing StoreFront to communicate with VDI-in-a-Box grids. I’m going to discuss the following scenarios in which StoreFront is either recommended or needed with VDI-in-a-Box:
- Existing XenDesktop, XenApp, or CloudGateway Enterprise deployments.
- Single Sign-on and/or 2-Factor Authentication is required on the Access Gateway.
Customers with existing Citrix Infrastructure:
Whether you have an Citrix infrastructure or are looking to deploy a new one, migrating to Citrix StoreFront from Citrix Web Interface is the first step to a unified access point for your users. There are several ways to deploy StoreFront but it is possible to create a single StoreFront website that contains several Delivery Controllers. It’s as simple as adding the addresses of all your Citrix servers that you want to make available in StoreFront. You can now add your VIAB 5.2 servers as Deliver Controllers within the Store.
Here are some examples of different ways to deploy StoreFront for use with multiple Citrix products:
- VDI-in-a-Box and XenApp, Side-by-Side: One thing many folks aren’t aware of is the ability to access Citrix XenApp applications through VDI-in-a-Box desktops. The Citrix Receiver simply needs to be installed on the VIAB golden images. This can work well for some customers, but in some cases users may need to separately access applications without going into their virtual desktop. Having XenApp and VIAB servers in the same Store removes the need for users to remember and connect to different websites or accounts.
- VDI-in-a-Box and CloudGateway Enterprise: The CloudGatweay Enterprise appController is a mobility management solution that allows you to publish and control a variety of SaaS, mobile apps, and ShareFile data. Sometimes users need or want to work within a virtual desktop and rightfully so. However, when on the move or on a mobile device it can sometimes be more efficient to access a certain site or app without having to log into the virtual desktop. That’s where the CG appController comes into play– a Sales Rep on the road can easily access the various CRM tools and apps to look up a customer account.
- VDI-in-a-Box and XenDesktop in one location: Yes I said it. This might not be a majority of customers, but there are deployments that have both XenDesktop and VDI-in-a-Box (as well as XenApp). XenDesktop with the FlexCast offerings could be the primary solution for the corporate HQ, while VDI-in-a-Box is deployed for one of the branch offices a few hundred miles away. In most cases a single user will not have a VIAB desktop and a XD desktop, so why would you want StoreFront? There are a few reasons such as providing that single access point to all users, and future-proofing the deployment with ability to add XA/CG to the mix for both the VIAB and XD users with just a few keystrokes and mouse clicks.
VDI-in-a-Box with Access Gateway
The ability to access VDI-in-a-Box virtual desktops outside the corporate office is a requirement for many customers. The way to accomplish this is by using the Access Gateway. There are many names for this solution, some of which include NetScaler, Access Gateway, CAG, AGEE, and a few more. No matter what you want to call it or which version you are using, the Access Gateway portion of these products are used to create a secure ICA proxy that allows VDI-in-a-Box desktops on a secure network to be accessed from anywhere in the world. The ICA communication on the WAN-side of the gateway is encrypted using SSL/TLS.
Even though VDI-in-a-Box does not require StoreFront in order to use the Access Gateway for remote access, there are several reasons when it will be needed. If any of the following items are required for your VDI-in-a-Box deployment for remote access then you will need StoreFront:
- Single Sign-On: Authentication at the Access Gateway is the most secure and recommended method for accessing VDI-in-a-Box desktops over WAN connections. With StoreFront you can now provide a seamless user experience with VDI-in-a-Box and Access Gateway– users no longer need to authenticate on the gateway and again at the VDI-in-a-Box web interface.
- Two-factor authentication: VDI-in-a-Box customers can now make use of any authentication means supported by Access Gateway and StoreFront! This includes various RADIUS-based authentication solutions from Symantec, RSA, and SMS Passcode. StroreFront also provides seamless Single Sign-On for 2-factor authentication to your VDI-in-a-Box desktops.
- CGP over remote connections: Citrix Gateway Protocol, or Session Reliability, keeps user sessions on the screen and active in the event of network disruptions. VDI-in-a-Box already supports this technology for LAN connections, but this functionality is extended to remote users via the Access Gateway when StoreFront is used. This feature comes in very handy for those on connections that drop frequently or even for mere convenience for times that you might close your laptop lid for a few moments when you walk from your office to a conference room.
- Add accounts with latest Citrix Receivers: Although this applies to both local connections and not just remote, StoreFront adds the ability for users to connect to their StoreFront servers via email addresses. You may have noticed the window appear after installing the latest Citrix Receivers, prompting for an email or server address. This is pretty cool and convenient as users won’t need to remember a server address to connect to their published resources. In addition to this convenience, the latest Citrix Receivers are designed for best integration with StoreFront, so you will always have the latest and greatest.
I hope the information provided in this blog gives some insight as to when Citrix StoreFront should be used with VDI-in-a-Box. This blog is primarily an overview of what you can do with StoreFront, so please visit the technical resources below for more information on how to configure all the components. Also, don’t forget to check out the other blogs related to VDI-in-a-Box 5.2 (found below)!
Technical docs and resources to help deploy StoreFront + Access Gateway with VDI-in-a-Box 5.2:
- Use StoreFront with VDI-in-a-Box 5.2 eDoc
- How to Configure StoreFront with VDI-in-a-Box CTX article
- Configure Access Gateway with Remote Access Wizard eDoc
Bogs related to VDI-in-a-Box 5.2 release:
- Kumar’s blog on 5.2 features: http://blogs.citrix.com/2013/01/22/citrix-vdi-in-a-box-v5-2-runs-with-hyper-v-12-and-citrix-cloud-gateway
- Malathi’s blog on 5.2 features: http://blogs.citrix.com/2013/01/22/no-virtual-desktop-left-behind-with-vdi-in-a-box-5-2
- Richard’s blog on leveraging multiple datastores: http://blogs.citrix.com/2013/01/23/viab-datastores
- David’s blog on improved automatic agent updates: http://blogs.citrix.com/2013/01/22/viab-5-2-makes-updating-desktop-agents-easier