Anonymous (unauthenticated) user session support

A new feature of XenDesktop 7.6.

Instead of requiring users to log into Citrix Receiver with Active Directory user credentials, a combination of network security and authentication within the application itself is relied upon.

Anonymous Session Support –refers to running sessions as a set of pooled, local user accounts.

1.  This feature is popular in XenApp in the healthcare industry, since their applications typically have server back-ends with their own logons, separate from users’ AD accounts. Thus, the Windows account running the client application is irrelevant.

2,  Anonymous Session support consists of a pool of local user accounts that are managed by XenDesktop and typically named AnonXYZ, where XYZ is a unique 3-digit value.

More information on Anonymous Session Support feature is available here.

With anonymous sessions, the end user will not know the actual username.}

Each anonymous session is assigned a random name such as ANON001, ANON002, etc.,
1,  Citrix Director helps administrators to view details of each session of XenApp via User Search.  But here is the catch, how to view details of anonymous user session as they do not use Active Directory credentials for the session and the end user has no way to know what the username is?

2,  The Helpdesk Admin needs a way to be able to search for the user’s specific anonymous session, return the Help Desk view and User Details views in order to follow their standard troubleshooting processes.

EndPoint Search

The new functionality introduced for Citrix Director 7.6

It can be leveraged to view details of anonymous user sessions. Typically, the end user will know the name of their endpoint as many times there is a sticker attached to the screen or device with the device (endpoint) name.  When the end user calls into the help desk, they can now tell the Help Desk admin the endpoint name so the Help Desk administrator can start the troubleshooting process using Director.

1,  Sessions running on a particular endpoint device can be viewed through Endpoint Search functionality.

2,  Administrators can search for the client device and a list of all the sessions launched by that particular client are provided (as shown in the below screenshot), from which the administrator can choose the required session to view details of that session.

3,  Searching for an endpoint can be expensive across a large number of sites.

In order to improve performance, we have provided the ability to “group” endpoints. This is accomplished via the Director Config Tool, which restricts the search within a defined group. How do you group endpoints? All you have to do is run the Director Config Tool, select /createsitegroups, provide the IP and a name and your done!  Once the configuration is complete, the “Select a group” option will be available as part of the search view.

Note: Endpoint Search results include all clients from which a session is launched irrespective of whether the session is an anonymous user session or not.

If Director is monitoring multiple sites, the landing page after login will have search option for endpoint.

 

Within another view of Director, administrators can search for endpoint sessions using the new Search button on the ribbon bar of Director:

Below is the Screenshot of List of sessions running on a particular client machine:

Note: The endpoint names must be unique in order for Director to be able to search and return the appropriate session.

Details of Anonymous User Session in Client Details view:

  • Session Details: Anonymous field in Session Details Panel is used to indicate whether the session is Anonymous Or Not (As mentioned in the note above, Endpoint Search is not limited to Anonymous User Sessions).

Activity Manager and Machine Details Panel are similar to the User Details Page.

Note:  Shadow is disabled for Anonymous Sessions, as Anonymous user accounts are guest accounts that do not have permissions for Shadowing.

 

  • LogonDuration:  Logon Duration in Client Details Page is only for the current session and 7 day averages of logons from the client device, unlike when viewing a specific user, and the 7 day average is the average from that Delivery Group.Duration for each Logon Steps like Brokering etc. provided are same as in User Details Page.More on Logon Duration can be found here.
  •  Personalization: Reset Profile and PvD Reset Buttons will be disabled and Panel displays  “not available” as Anonymous User Accounts do not use Citrix Personalization Components.
  • HDX Insight : Network Data from HDX Insight will not be available for Anonymous Users.

Anonymous User Sessions In Filters View:

Director also facilitates the ability to filter out all Anonymous User Sessions through Sessions in Filters Page.

This provides the ability to quickly perform global actions on anonymous sessions (i.e. logoff) as needed.

Navigate to Filters->Sessions Page and use filters to select “Anonymous is Yes”  

  

 

Note: In the screenshot above, observe that Endpoint Name column is clickable. Clicking on Endpoint Name leads to the same behavior as Endpoint Search.

Summary

Adding to Director’s Help Desk functionality to include the ability to search and troubleshoot endpoints and machines allows the Help Desk to expand their troubleshooting use cases and enables one tool and one process for first call resolution.