VMware Identity Manager uses the Integration Broker component and the Citrix Web Interface SDK or Citrix StoreFront REST API to launch Citrix-published applications from the Workspace ONE portal or app. You can configure internal and external access to the Citrix-published resources. End users must install Citrix Receiver on their systems or devices to launch the applications and desktops.

Launch Architecture Diagram (Internal Access)



Launch Diagram


  1. A user launches a Citrix-published application or desktop from the Workspace ONE portal or app.

  2. The request goes to the VMware Identity Manager service, connector, and Integration Broker.

  3. The Integration Broker communicates with the Citrix server farm through the Web Interface SDK or StoreFront REST API to authenticate and request the ICA file.

  4. The ICA file is retrieved and passed to the Workspace ONE portal or app.

  5. The ICA file is passed to the Citrix Receiver.

  6. The Citrix Receiver launches the application or desktop.

Launch Architecture Diagram (External Access)



External Launch Diagram


  1. A user launches a Citrix-published application or desktop from the Workspace ONE portal or app.

  2. The request goes to the VMware Identity Manager service, connector, and Integration Broker.

  3. The Integration Broker communicates with the Citrix server farm through the Web Interface SDK or StoreFront REST API to authenticate and request the ICA file.

  4. The ICA file is retrieved and passed to the Workspace ONE portal or app.

  5. The ICA file is passed to the Citrix Receiver.

  6. Citrix Receiver communicates with Netscaler.

  7. NetScaler communicates with the Citrix STA server with the STA ticket and gets the Citrix session server information.

  8. NetScaler communicates with the Citrix Session Host server and creates a session for application launch.

    Note:

    In version 7.x, the Citrix Session Host server is the Citrix VDA server. In version 6.5, it is the Citrix Worker server.

Using StoreFront REST API or Web Interface SDK for Launch

The Integration Broker can use the Citrix Web Interface SDK and the Citrix StoreFront REST API to communicate with the Citrix deployment to launch applications or desktops. When the StoreFront REST API is used, the Integration Broker acts like a REST client. The Web Interface SDK and the StoreFront REST API are used to authenticate with and generate the ICA file from the Citrix deployment.

You can specify which option to use by selecting or deselecting the Use StoreFront check box in the Citrix configuration page in the VMware Identity Manager administration console.

An Integration Broker instance can use both the Web Interface SDK and the StoreFront REST API. If you want to communicate with one Citrix farm using the Web Interface SDK and another Citrix farm using the StoreFront REST API, select or deselect the Use StoreFront check box as required.

To use the StoreFront REST API option, which is available in VMware Identity Manager 2.9.1 and later, ensure the following requirements are met.

  • Install Integration Broker 2.9.1 or later.

  • Ensure that StoreFront is supported by the XenApp or XenDesktop version you are using.

  • Ensure that the Integration Broker can communicate with the StoreFront server.

    When you enable the StoreFront REST API, the Integration Broker communicates with the StoreFront server to generate the ICA file.

  • Enable HTTP Basic Authentication as an authentication method in the Citrix StoreFront store. This is required for internal access only.

    Caution:

    If you do not enable HTTP Basic Authentication, authentication will fail.



    HTTP Basic setting in StoreFront


Note:

To use the StoreFront REST API, you do not need to download or copy any additional files to your installation.