Jump to content
Welcome to our new Citrix community!
  • 0

Make apps internal only and NOT visible in mycorp.cloud.com


Dawid Bbn

Question

Hi all,

We are using CVAD Service in Citrix Cloud both internally (using on-prem Storefront servers) and via Citrix Workspace (i.e. mycorp.cloud.com). 

 

I want SOME applications hosted in CVAD Service (installed on on-prem VDAa) to be ONLY available and VISIBLE internally, i.e. for users connecting via on-prem Storefront servers. I DON’T want these apps to be available to users when they log in externally to mycorp.cloud.com.

So far, the only way I found of achieving the above was to assign these “internal” apps to a Resource Location (Zone) with “Internal Only (No external connectivity is set up”) connectivity in Workspace Configuration -> Access -> External Connectivity. Is there any other (per app or per Delivery Group) way of achieving this, as the above method is not flexible and requires two sets of Cloud Connectors (i.e. one pair for internal and one pair for external apps)?

Another issue I found is that even if an app is assigned to a pair of Cloud Connectors (i.e. Zone) with internal connectivity only, it is STILL visible in Citrix Workspace (i.e. mycorp.cloud.com) - it just cannot be started when clicked on it. This is a bad design in my opinion and also a security risk. Is there any way of hiding apps in mycorp.cloud.com?

I am not using Netscaler.

image.thumb.png.d4d1b216fd3000e3fde650fdd5841779.png
 

Link to comment

3 answers to this question

Recommended Posts

  • 0
On 2/11/2021 at 12:34 PM, Dawid Beben said:

Hi all,

We are using CVAD Service in Citrix Cloud both internally (using on-prem Storefront servers) and via Citrix Workspace (i.e. mycorp.cloud.com). 

 

I want SOME applications hosted in CVAD Service (installed on on-prem VDAa) to be ONLY available and VISIBLE internally, i.e. for users connecting via on-prem Storefront servers. I DON’T want these apps to be available to users when they log in externally to mycorp.cloud.com.

So far, the only way I found of achieving the above was to assign these “internal” apps to a Resource Location (Zone) with “Internal Only (No external connectivity is set up”) connectivity in Workspace Configuration -> Access -> External Connectivity. Is there any other (per app or per Delivery Group) way of achieving this, as the above method is not flexible and requires two sets of Cloud Connectors (i.e. one pair for internal and one pair for external apps)?

Another issue I found is that even if an app is assigned to a pair of Cloud Connectors (i.e. Zone) with internal connectivity only, it is STILL visible in Citrix Workspace (i.e. mycorp.cloud.com) - it just cannot be started when clicked on it. This is a bad design in my opinion and also a security risk. Is there any way of hiding apps in mycorp.cloud.com?

I am not using Netscaler.

image.thumb.png.d4d1b216fd3000e3fde650fdd5841779.png
 

Hi!

 

Put the applications that needs special rights in a separated delivery group, and start using access policys (preferences on the delivery group)  on that delivery group to fit your needs. 

Link to comment
  • 0
1 hour ago, Dawid Beben said:

Thanks Markus for the input.

I did not mentioned that we don't use Netscaler, so I suppose we cannot Access Policies in Citrix Web Studio - is that correct?

hmm, there are still options to use even if you don´t have a NetScaler, i assume you cannot use filters.  If you are accessing by *.cloud.com you are using a NetScaler, but the cloud service one :) 

Haven´t tried it myself but the options are as the attached image give it a try with a test-deliverygroup? 

 

 

nsgw.JPG

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...