You can create policies that determine whether users' application or desktop launch traffic (ICA traffic) is routed through Netscaler or through a direct connection to the XenApp server. This enables you to serve the needs of users for both external and internal access to the Citrix resources in your deployment.
Before you begin
You have configured VMware Identity Manager for Netscaler in the tab.
About this task
You set policies for specific network IP ranges. For example, you can configure an IP range for Netscaler and another IP range for a direct connection. When a user launches an application or desktop from the VMware Identity Manager portal, if the user's IP address falls in the range configured for Netscaler, the ICA traffic is routed through Netscaler to the XenApp server. If the IP address falls in the direct connection range, the ICA traffic is routed directly to the XenApp server.
If there is a conflict between policies, the latest policy is used.
- Log in to the VMware Identity Manager administration console.
- Click the Identity & Access Management tab.
- Click Setup and select the Network Ranges tab.
- Select an existing network range or click Add Network Range to create a new one.
- If you are creating a new network range, provide a name and description for the network range.
- In the XenApp section of the page, enter the following information.
To route ICA traffic from the specified IP range to Netscaler, do the following:
Enter the Netscaler host name in the Client Access URL Host field. For example: netscalerhost.example.com
Enter the port for the Netscaler host in the URL Port field. For example: 443
Select the Netscaler checkbox.
This option is typically used to configure external access.
To route ICA traffic from the specified IP range directly to the XenApp server, do the following:
Enter the XenApp server host name in the Client Access URL Host field. For example: xenapphost.example.com
Enter the port for the XenApp server host in the URL Port field. For example: 443
Deselect the Netscaler checkbox.
This option is typically used to configure internal access.
- In the IP Ranges field, specify the IP range to which your selections apply.
- Click Save.