Jump to content
Welcome to our new Citrix community!
  • 0

Internal Access using workspace


Richard Johnson1709157377

Question

Hi,

 

We're looking at implementing a full Citrix workspace suite solution whereby our users connect to Workspace to get a single pane of glass for accessing SaaS apps, Apps and Desktops, Sharefile etc. The idea being that the look and feel of the solution be identical whether you are an internal or external user. As I understand it, in order to achieve this we'll need to point our workspace app's running on machines on the internal network at the cloud workspace URL the same way that we do external machines, which is fine. However, if a user on an internal machine launches a published app using workspace I believe that ICA connection will be proxied via the cloud connector rather than making a direct connection to the VDA as would be the case if we used Storefront internally. This bring issues such as increased latency for the session, connection issues if we lose the public internet connection etc. We can obviously get around this by using Storefront internally, but then we lose the easy access to SaaS apps, sharefile etc via workspace. In addition users will need to know to connect to a different URL when they are external to take advantage of the workspace features. Having a different look and feel for internal users and external users takes away a great deal of the appeal. Just wondered whether there is an easy way around this, or if I'm misunderstanding how this all hangs together?

 

Thanks

Link to comment

6 answers to this question

Recommended Posts

  • 2

There are multiple aspects of the connection that use the connector for brokering. We need to break this out to buckets for Remote connectivity and brokering. You can configure CLoud in a way where you can create resource locations for internal connectivty or remote connectivity through the Netscaler Gateway Cloud Service. In scenarios where you configure Internal access (No Netscaler), it will still use the connector to broker the connection to the user as the connector needs to proxy calls to our cloud service to complete the brokering process. I recommend you review the architecture poster located at https://virtualfeller.com/2018/01/09/xenapp-and-xendesktop-service-architecture-poster/ 

  • Like 2
Link to comment
  • 0

My main issue is that to utilize the benefits of workspace (single pane of glass for saas, sharefile etc.) you introduce potentially significant session latency for internal users by proxying the traffic via the cloud connector over the internet, whereas historically internal connections have been able to take advantage of direct connections between client and VDA. I've looked at the architecture poster, but nothing there shows a potential fix for this other than not using workspace internally and going back to using internal storefront.

Link to comment
  • 0

 

On 15/10/2018 at 10:43 PM, Richard Johnson1709157869 said:

My main issue is that to utilize the benefits of workspace (single pane of glass for saas, sharefile etc.) you introduce potentially significant session latency for internal users by proxying the traffic via the cloud connector over the internet, whereas historically internal connections have been able to take advantage of direct connections between client and VDA. I've looked at the architecture poster, but nothing there shows a potential fix for this other than not using workspace internally and going back to using internal storefront.

 

I am just trialling Citrix Cloud in conjunction with Virtual Apps.

 

When talking about separating internal and external traffic, I too was told to run an internal Storefront server which sort of defeats the object of moving the control plan into the cloud.

 

Have you gone into production with your environment and if so, have you come across any pitfalls you may like to share?

Link to comment
  • 0

I am attempting deployment of Citrix Cloud and have found that several details of the implementation were not disclosed during the sales process.  We are most interested in our ability to leverage off of our two datacenters creating a high availability deployment.  We did not budget or factor in the need for internal resources in addition to the Cloud Connectors.  In fact we were not made aware of the best practice  (requirement) for two connectors in each datacenter.  

If our internal endpoints (thin clients) are pointed at the cloud gateway traffic is tunneled in an inefficient way from the remote office, through our datacenters, out to the cloud, then back through this path.  We currently don't have direct Internet access from our remote offices.   Hopefully Citrix is  working on adding the StoreFront functionality (and whatever gateway service is needed) to the cloud connector. 

 

Link to comment
  • 0
14 hours ago, Dave Thomson1709157460 said:

I am attempting deployment of Citrix Cloud and have found that several details of the implementation were not disclosed during the sales process.  We are most interested in our ability to leverage off of our two datacenters creating a high availability deployment.  We did not budget or factor in the need for internal resources in addition to the Cloud Connectors.  In fact we were not made aware of the best practice  (requirement) for two connectors in each datacenter.  

If our internal endpoints (thin clients) are pointed at the cloud gateway traffic is tunneled in an inefficient way from the remote office, through our datacenters, out to the cloud, then back through this path.  We currently don't have direct Internet access from our remote offices.   Hopefully Citrix is  working on adding the StoreFront functionality (and whatever gateway service is needed) to the cloud connector. 

 

 

How I understand this is that every endpoint connection (including LAN ones) have to go through the Gateway service.

 

In our scenario, where we have 3 physical sites connected by IPSec VPNs, the actual ICA traffic will have to travel via each office's local internet breakout. And not down the VPN as is with an on premise setup.

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...