When you enable Citrix-published resource support, you establish communication and schedule the synchronization frequency between VMware Identity Manager and the Citrix server farm.

Prerequisites

  • Configure VMware Identity Manager. See VMware Identity Manager Installation and Configuration for information.

  • Review Citrix documentation for your version of Citrix XenApp or XenDesktop at the Citrix Web site.

  • Syncing Delivery Groups

    A delivery group's Delivery Type setting in Citrix determines how VMware Identity Manager syncs the delivery group.

    VMware Identity Manager syncs a delivery group only if its Delivery Type is set to DesktopsAndApps or DesktopsOnly. If the delivery group's Delivery Type is set to AppsOnly, its applications are synced but the delivery group itself is not synced and does not appear in the VMware Identity Manager catalog.

    Configure your delivery groups accordingly.

  • To distribute the load in a large-scale enterprise deployment, dedicate one or more Integration Broker instances for sync purposes and one or more Integration Broker instances for SSO purposes.

    If you use multiple Integration Broker instances for sync purposes or for SSO purposes, put a load balancer in front of the Integration Broker instances. For example, if you use multiple Integration Broker instances for sync purposes, put a load balancer in front of those Integration Broker instances and note the host name or IP address of the load balancer for use during this task.

  • Verify that distinguishedName is marked as a required attribute in the VMware Identity Manager directory. XenApp resources cannot be synced without this. Required attributes must be set before a directory is created. If you have already created a directory and distinguishedName is not a required attribute, delete the directory, make distinguishedName a required attribute in the Identity & Access Management > Setup > User Attributes page and then create a new directory.

Procedure

  1. Log in to the VMware Identity Manager administration console.
  2. Select the Catalog tab.
  3. Click Manage Desktop Applications and select Citrix Published Application from the drop-down menu.
  4. In the Published Apps - Citrix page, select the Enable Citrix-based Applications check box.
  5. Enter the Sync Integration Broker or load balancer host name and port number.

    If you configured a load balancer in front of multiple Integration Broker instances used for sync purposes, enter the host name or IP address and port name of the load balancer.

    Select Use SSL if you are connecting to the Integration Broker over SSL.

  6. Enter the SSO Integration Broker information.
    • If you are using the same Integration Broker instance for both sync and single sign-on, click the Use same as Sync Integration Broker button.

    • If you configured dedicated sync and SSO Integration Broker instances, enter the following information.

      1. Type the SSO Integration Broker or load balancer host name and port number.

        If you configured a load balancer in front of multiple Integration Broker instances dedicated to providing SSO, enter the host name or IP address and port number of the load balancer.

      2. Select Use SSL if you are connecting to the Integration Broker over SSL.

  7. Enter the Citrix server farm details.

    To add multiple farms, click +Add Server Farm.

    Option

    Description

    Version

    Select the Citrix server farm version: 5.0, 6.0, 6.5, or 7.x.

    Server name

    Server name assigned in your environment.

    Servers (failover order)

    Organize the Citrix XML brokers (servers) in failover order. VMware Identity Manager respects this order during SSO and under failover conditions.

    Note:

    The XML brokers must have PowerShell Remoting enabled.

    Transport type

    Transport type used in your Citrix server configuration: HTTP, HTTPS, or SSL RELAY.

    Note:

    The transport type and port must match your Citrix server configuration.

    Port numbers

    Port setting used in your Citrix server configuration

    Note:

    The transport type and port must match your Citrix server configuration.

  8. From the Deployment Type drop-down list, select how Citrix-published resources are made available to users in the user portal.
    • User-Activated - VMware Identity Manager adds Citrix resources to the Catalog page in the user portal. To use a resource, users must move the resource from the Catalog page to the Launcher page.

    • Automatic - VMware Identity Manager adds the resource directly to the Launcher page in the user portal for users' immediate use.

    The deployment type that you select here is a global setting that applies to all user entitlements for all the resources in your Citrix integration. You can modify the deployment type for individual users or groups per resource, from the application or desktop's Entitlements page.

    Setting the global deployment type to User-Activated is recommended. You can then modify the setting for specific users or groups per resource.

    For more information about setting the deployment type, see Setting the Deployment Type for Citrix Entitlements.

  9. Select Sync categories from server farms if you want to sync categories from Citrix farms to VMware Identity Manager.
  10. Select Do not sync duplicate applications to prevent duplicate applications from being synced from multiple servers. When VMware Identity Manager is deployed in multiple data centers, the same resources are set up in the multiple data centers. Checking this option prevents duplication of the desktops or applications in your VMware Identity Manager catalog.
  11. In the Choose frequency field, select how frequently you want to sync resources and entitlements automatically from the Citrix farms. If you do not want to set up an automatic sync schedule, select Manually.
  12. Click Sync Now to synchronize Citrix-published resources to VMware Identity Manager.

    At times, when you synchronize Integration Broker with SSL, the synchronization can be slow depending on factors in your environment, such as network speed and traffic. Synchronization can also be slow if your Citrix deployment is very large, for example, over 300 applications.

    Note:

    The anonymous user group feature in the Citrix product is not supported with VMware Identity Manager.

  13. Click Save.

    A dialog box appears that lists the number of applications, delivery groups (desktops), and entitlements that will be synced. You can click on the links to view details. Click Save and continue in the dialog box.

Results

Citrix-published resources and corresponding entitlements are synchronized with VMware Identity Manager. End users can now add Citrix-published resources to their Workspace ONE portal and launch them.