Jump to content
Welcome to our new Citrix community!
  • 0

Assigning VIrtual IP to a Published Server 2019 Desktop - Any disadvantages?


Christopher Yue

Question

Environment

CVA 1909

Publishing Server 2019 Desktops

 

Issue

I am looking a a software solution (CISCO Umbrella) that requires the end user session to have a virtual IP address.

 

Looks like this is possible as per following articles:-

Citrix article

Non Citrix article

 

For those have have configured their environment using Virtual IPs can they advise if there are any issues I need to be aware of?

 

Thanks.

 

 

 

 

 

 

 

 

 

 

Link to comment

3 answers to this question

Recommended Posts

  • 0

Hi,

 

Using a similar setup for CheckPoint IA in combination with RDS virtual IP on a large environment, no virtual IP specific issues, the feature itself is very robust. I wouldn't recommend using it without DHCP though. Just keep in mind that the virtual IP isn't assigned directly at winlogon, but at first launch of a virtual IP allowed application. Hence (mostly agentless) solutions which query for ex. the DC security log to determine the IP assigned to a user will always only see the machines IP (for ex. Cisco WSA without User agent), we worked around this on a different environment by running a hidden SSO call to a website in the logonscript which will trigger a new logon event on the DC security log using the virtual IP.

 

Regards

 

 

Link to comment
  • 0
20 minutes ago, Christoph Sinabell said:

Hi,

 

Using a similar setup for CheckPoint IA in combination with RDS virtual IP on a large environment, no virtual IP specific issues, the feature itself is very robust. I wouldn't recommend using it without DHCP though. Just keep in mind that the virtual IP isn't assigned directly at winlogon, but at first launch of a virtual IP allowed application. Hence (mostly agentless) solutions which query for ex. the DC security log to determine the IP assigned to a user will always only see the machines IP (for ex. Cisco WSA without User agent), we worked around this on a different environment by running a hidden SSO call to a website in the logonscript which will trigger a new logon event on the DC security log using the virtual IP.

 

Regards

 

 

 

Hi Christoph,

 

Thanks for the response.

 

For the DHCP piece, does the scope have to match the one assigned in Group Policy under Select the network adaptor to be used for Remote Desktop IP Virtualization?

 

From  what you mentioned, I might need to run an extra piece of script to update the IP address in the DC security log. I will query Cisco on this

 

 

Link to comment
  • 0

"For the DHCP piece, does the scope have to match the one assigned in Group Policy under Select the network adaptor to be used for Remote Desktop IP Virtualization?"

 

-> Yes and it has to match the network in suffix notation in which the NIC (to be used for virtual IP feature) is in. Simply said you cannot use a virtual IP without a NIC in the same network, even if you configured a DHCP relay as the virtual IPs won't have their own routing information and are tied to the selected NIC.

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...