You can integrate VMware Identity Manager with your Citrix deployment to provide Citrix-published resources to your end users.

Requirements

To integrate a Citrix deployment with the VMware Identity Manager service, you need the following components.

  • A VMware Identity Manager instance installed on premises.

    Note:

    If you have additional connectors installed, note that VMware Identity Manager 2.7 requires connector version 2.7 to launch Citrix-published resources.

  • An Integration Broker instance installed on premises. The Integration Broker, a component of VMware Identity Manager, is the component that communicates with Citrix server farms.

    You can download the Integration Broker from https://my.vmware.com.

    To integrate with XenApp or XenDesktop 7.x, you must install Integration Broker 2.6 or later. To use the Netscaler feature, you must install Integration Broker 2.4 or later.

  • A Citrix deployment on premises.

You can see more details about VMware Identity Manager and Citrix farm synchronization in the following diagram. VMware Identity Manager does not overwrite the settings in Citrix-published resources. Instead, it copies the information from the Citrix farm and reuses it in VMware Identity Manager.

Figure 1. VMware Identity Manager and Citrix Farm Synchronization


Shows how synchronization occurs between Horizon Workspace and Citrix Farm


Important:

The VMware Identity Manager service must be able to communicate with the Integration Broker. If you deploy multiple instances of the service appliance, ensure they can all communicate with the Integration Broker.

Supported Features

VMware Identity Manager provides support for the following functions:

  • Synchronize Citrix-published applications, Citrix-published desktops, or both from a Citrix farm to VMware Identity Manager.

  • Synchronize entitlements from a Citrix farm to VMware Identity Manager entitlement store.

  • Launch Citrix-published resources using SSO.

  • Route application launch traffic through a Netscaler appliance or through a direct connection.

VMware Identity Manager uses the Integration Broker, a component of VMware Identity Manager, to deliver Citrix-published resources to the end user.

  • VMware Identity Manager pushes Citrix farm information and publishes resource information from the Citrix farm to the catalog based on configured synchronization.

  • A VMware Identity Manager administrator can set the generic user settings template and the ICA launch template for all the resources in an organization. This template is saved as an organization artifact in the VMware Identity Manager data store.

  • A VMware Identity Manager administrator can set the ICA launch template by resource in the VMware Identity Manager catalog. This template is saved as part of the resource definition in the VMware Identity Manager catalog.

VMware Identity Manager synchronizes the Citrix-published resources and entitlements from the Citrix farm to the VMware Identity Manager entitlement store. Synchronization occurs based on the frequency set in the schedule. The Citrix farm is the single source of truth for all supported operations in VMware Identity Manager.

VMware Identity Manager uses the Citrix Receiver to launch Citrix-published resources. The end user must install the Citrix Receiver on their device. The Citrix Receiver delivers the Citrix-published resources to the end user.

VMware Identity Manager also provides multi-device support. End users can launch a Citrix-published resource, such as the Textpad application, from VMware Identity Manager on any device, such as a laptop, domain-joined desktop, or non-domain-joined desktop.

The following table describes the administrator's task on the Citrix farm and the corresponding operation that results after a synchronization with VMware Identity Manager.

Table 1. VMware Identity Manager and Citrix Farm Synchronization

Action in the Citrix farm

Result after sync with VMware Identity Manager

Publish a new resource, application or desktop, to the Citrix farm.

VMware Identity Manager creates the Citrix-published resource in the VMware Identity Manager catalog.

Edit a resource in the Citrix farm.

VMware Identity Manager updates the Citrix-published resource in the VMware Identity Manager catalog.

Delete a resource in the Citrix farm.

VMware Identity Manager deletes the entitlements associated with the Citrix-published resource and then deletes the Citrix-published resource from the catalog.

Add an end user entitlement for a resource in the Citrix farm.

VMware Identity Manager creates an entitlement in the VMware Identity Manager entitlement store to associate with the Citrix-published resource and domain identities.

Remove an end user entitlement for a resource in the Citrix farm.

VMware Identity Manager deletes the entitlement from the VMware Identity Manager entitlement store.

VMware Identity Manager uses the Integration Broker component and a Citrix SDK to handle SSO from VMware Identity Manager to Citrix-published resources.

Figure 2. SSO between VMware Identity Manager and Citrix Farm
Show the integration between Horizon Workspace and Citrix policies for SSO.

Syncing Delivery Groups

A delivery group's Delivery Type setting in Citrix determines how VMware Identity Manager syncs the delivery group.

VMware Identity Manager syncs a delivery group only if its Delivery Type is set to DesktopsAndApps or DesktopsOnly. If the delivery group's Delivery Type is set to AppsOnly, its applications are synced but the delivery group itself is not synced and does not appear in the VMware Identity Manager catalog.

Configure your delivery groups accordingly.

Upgrade

VMware Identity Manager does not require additional setup after a VMware Identity Manager upgrade or a Citrix product upgrade to maintain the integration between VMware Identity Manager and Citrix-published resources. To upgrade Integration Broker, you must uninstall the older version and then install the new version. To reinstall Citrix Receiver, see the Citrix documentation.

Note:

To use the Netscaler feature, you must install Integration Broker 2.4 or later. If you are using XenApp or XenDesktop 7.x, you must install Integration Broker 2.6 or later.