Jump to content
Welcome to our new Citrix community!
  • 0

Non-Domain joined VDA/VDI using MCS/PvS


We have had a request from the business to host an application in China. This needs to be hosted in an isolated environment as the software contains malware, but it is a mandatory software.


Currently, they are using USB's to transfer data back and forth from an isolated non-SOE, non-network joined laptop. Hence they are looking for a Citrix solution to mitigate this issue and be a platform for any other third-party application, that may have similar complications.


I have proposed three Citrix solutions.Please go through and share your thoughts.


Option 1 –MCS Environment in Azure China using the existing Citrix infrastructure (we have a Xenapp environment running in China Azure). I can build a MCS golden Image on a segregated network with NSG to secure traffic. We can secure this environment but is it possible to have non-Domain joined VDA’s in this scenario?

Option 2 – PvS based environment in our on-prem Data Centre China. We can secure the environment further as we will have to build the whole infra for Citrix ground up. Again, is it possible to have non-Domain joined VDI’s?

Option 3 – I read that it’s possible to have non-Domain joined VDA’s by using Citrix Managed Desktops. Does that mean, we can also use local Windows Virtual Desktops with VDA’s that are non-Domain joined or it has to be a Citrix DaaS offering? 

Link to comment

1 answer to this question

Recommended Posts

  • 0



I think your solutions are not supported...I'm really sure that the only option is to join the machines into an Active Directory domain. You can eventually use a dedicated domain and segregate this environment from the production domain, but in this case you have need to:

1. realize a trust from the production domain and new domain (for permit the VDA registration to DDCs);


2. realize a dedicated Citrix farm into the new domain.


In your case, with the presence of malware, I think the second solution can will the best solution for isolate the production from this "time bomb" :)



Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...