CTA2020 mycugc

Citrix ADC as RDS Gateway with RDS Broker

You want to use Citrix ADC as RDS Gateway with an RDS Broker for your RDS Farm? In this article I will show you how to configure this. As a basis for this article you should read the following article if possible:

In this article, you will learn how to set up the Citrix ADC for use as a proxy for Remote Desktop Services. This configuration is also a prerequisite for connecting to the Remote Desktop Services Farm. The article already explains how you as a user can connect RDP to any desktop via the Citrix ADC.

But here I would like to explain how you can provide desktops and apps to users from a Remote Desktop Services Farm. We want to use groups to control the assignment of desktops and apps. As a prerequisite for the entire configuration, the farm should already be set up for Remote Desktop Services. This includes the Remote Desktop Connection Brokers And also the session hosts. Internal connections should all work. If you need more information about this, you can read the individual instructions here:

https://docs.microsoft.comwindows-server/remote/remote-desktop-services/welcome-to-rds

Configuration on RDS Session Hosts

Before we can start with the configuration of the Citrix ADC, we must make a little bit of configuration on the Session Hosts. Yes, the Session Hosts, not the Broker or somewhere else. I know what I am talking about ūüėČ

The following setting is best set via GPO on the RDS session hosts. The setting must be made, otherwise the connection via the RDS Connection Broker will not work later when the user comes via the Citrix ADC Gateway. The same setting also causes Connection Broker Load balancing via Citrix ADC to reconnect the correct session even if a disconnect has occurred.

You can find the Setting under:

Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker

Then let’s go to the Citrix ADC and continue configuring there.

Citrix ADC as RDS Gateway Configuration

Create a RDP Server Profile on the Citrix ADC

To make our connections available from the Internet via port 3389 in the future, we first have to create a server profile. Here we connect to the Citrix ADC and navigate to the following sub-item of the configuration:

Configuration / Citrix Gateway / Policies / RDP Profiles and Connections / Server Profiles

Here we create a new server profile

Citrix ADC as RDS Gateway - RDS Profile

Within the Server Profile we type in Pre Shared Key and we activate the RDP redirection.

Citrix ADC as RDS Gateway - Create Server Profile

Enable the RDP Server Profile on the Citrix vServer

The just created RDP server profile is now bound to our Citrix Unified Gateway vServer. This activates listening on port 3389 on the VIP of the Gateway vServer. Of course, the NAT on the firewall should be adjusted accordingly and the connection should be allowed from outside.

The RDP server profile is entered directly on the server. You can do this in the advanced basic settings of the vServer.

Citrix ADC as RDS Gateway - Open Port 3389

Important: “ICA only” must also be deactivated for the configuration.

Create a RDP Client Profile that fits to the Server Profile

Now we create an RDP client profile that matches the corresponding RDP server profile. It is important that I enter the Pre Shared Key I used above. The profile will be created under the following menu item in the configuration:

Configuration / Citrix Gateway / Policies / RDP Profiles and Connections / Client Profiles

Here we now create the Client Profile. In the Client Profile we can define settings, which should be used for the later session. For example, Clipboard, Devices or Printer settings. These Policy settings are mandatory for all sessions, which are created over the Citrix ADC as RDS Gateway and the RDS Broker.

My Clientprofile is looking like that. Please make sure that you enter the settings according to your requirements. As RDP Host you should type in your external FQDN, on which your Port 3389 (Citrix ADC VIP + vServer) is running.

Create a Client Profile
Create a Client Profile

Bind your RDP Client Profile to the Session Policy

The next task I have to do is to bind the RDP Client Profile to the Session Policy of the Citrix Unified Gateway vServer. To do this I edit the vserver.

Edit Session Policy

There I select the session policy and edit the corresponding profile.

Edit Session Policy
Edit Session Policy

In the tab Remote Desktop I enter the created RDP client profile.

Bind RDS Client Profile

When we have done that, we can now start creating the bookmarks. In the case of bookmarks, these are the applications and website shortcuts that users will later see via the portal of the unified gateway.

Create the Deskop Bookmark and assign it to a Group of Users

I do not want every user to see the desktop of the RDS farm. Therefore, I first create the bookmark and way to assign it to a user group afterwards.

The Bookmarks can be created under the following configuration menu item:

Configuration / Citrix Gateway / Ressources / Bookmarks

It is important that the point “Use Citrix Gateway as a Reverse Proxy” is activated. for a Desktop you have only to enter the following Bookmark URL. The hostname you have to enter is any RDS Session host. If it receives the session request, it will redirect it to the RDS Connection Broker and the session is assigned to the Session Host with the least load.

Create a bookmark - Citrix ADC as RDS Gateway

If you want, you can also use a custom icon for your Desktop or Application.

Create a Bookmark to publish an application on the Portal

If you want to publish an application which is presented over the RDS Farm, you must use a more complex bookmark URL. But do not worry, it’s easy to find out. The easiest way is to open the application over the internal RDWeb and open your connection file in an editor. Then all you must do is put the following information together in order, chained with an “&” in between. Look on this example. In this example I have entered the finished bookmark URL below. We then enter this URL into our Citrix ADC bookmark.

Citrix ADC as RDS Gateway - Generate URL fpr your Published App

The finished URL for a Seamless Application therefore looks as follows (all should in one line):

rdp://fqdn.lab.local?alternate shell:s:||APPNAME&remoteapplicationprogram:s:||APPNAME&remoteapplicationname:s:APPNAME&remoteapplicationcmdline:s:&remoteapplicationmode:i:1

Now we have created the desired bookmarks. Here you can create as many as you like. Now we want to assign them to the corresponding users.

Assign the bookmark to a user group

Since our users are already eagerly waiting for the app or the desktop, we now assign them. To do that, go to the following menu item:

Configuration / Citrix Gateway / User Administration / AAA Groups

Here I create a new AAA Group.

Citrix ADC as RDS Gateway - Create AAA Group

To assign a Bookmark (in our case the App or Desktop) you have to edit the AAA Group and bind a Bookmark to it.

Citrix ADC as RDS Gateway - Assign Bookmark to users

That was ist.

Test your Citrix ADC RDS Gateway configuration

Now that we have configured everything, we can now test the assigned applications. For this I log on to the Citrix Unified Gateway and if everything works correctly, I get my applications displayed.

Citrix ADC as RDS Gateway testing

I hope the article has brought you further to configure Citrix ADC as RDS Gateway and hope it can help some in the community. If you have any questions, feel free to contact me. Check also my other Posts about Citrix ADC

Leave a Comment

Your email address will not be published. Required fields are marked *