Workspace ONE Access supports the Citrix multi-site aggregation and keyword filtering features that help administrators manage virtual apps and desktops. To configure these features in Workspace ONE Access, you must complete additional prerequisites before you set up the Citrix virtual apps collection in the Workspace ONE Access console.
The Citrix multi-site aggregation feature aggregates and de-duplicates application and desktop resources from multiple sites so that end users do not see duplicate applications and desktops. If multi-site aggregation is configured in StoreFront, you can select the corresponding setting, Enable multi-site aggregation, for the virtual apps collection in Workspace ONE Access after completing the required prerequisite tasks.
The Citrix keyword filtering feature lets administrators control resource display and launch by using keywords. If keyword filtering is configured in StoreFront, you can select the corresponding setting, Enable Citrix keyword filtering, in the Workspace ONE Access connector installer after completing the required prerequisite tasks.
Prerequisites for Multi-site Aggregation and Keyword Filtering
For both multi-site aggregation and keyword filtering, the Workspace ONE Access connector server, which has the Virtual App service running, must establish a remote PowerShell connection with the StoreFront server. Some Citrix environments restrict the PowerShell commands that can be executed on the StoreFront server remotely. For these environments, you can create a PowerShell session configuration file that allows only the user running the Virtual App service to create a remote session and allows only the StoreFront commands related to multi-site aggregation and keyword filtering to be run.
Complete the prerequisites that apply to your scenario. You must complete the prerequisites before creating the virtual apps collection.
If your Citrix environment does not have any restrictions on PowerShell commands that can be executed on StoreFront remotely, complete these prerequisites:
- Install Workspace ONE Access connector 22.09 or later.
- Deselect the Enable Citrix StoreFront restricted PowerShell session option on the Citrix Configuration page of the Workspace ONE Access connector installer.
If your Citrix environment has restrictions on PowerShell commands that can be executed on StoreFront remotely, complete these prerequisites:
- Install Workspace ONE Access connector 22.09 or later.
- In the StoreFront server, create a session configuration file for a restricted PowerShell session. See Set up Session Configuration File for Restricted Remote PowerShell Session.
- Edit the file and add commands that are required for multi-site aggregation and keyword filtering. See Add Commands to Session Configuration File.
- In the Workspace ONE Access connector installer, select the Enable Citrix StoreFront restricted PowerShell session option on the Citrix Configuration page, and enter the name of the session configuration file that you created. See Select Restricted PowerShell Session Option in Workspace ONE Access Connector Installer.
- (Optional) If you do not want the Virtual App service to load the StoreFront modules required for keyword filtering, select the Disable Citrix auto-loading of StoreFront modules option on the Citrix Configuration page of the Workspace ONE Access connector installer. When this option is selected, the Virtual App service does not load the modules, and the required commands are executed through the restricted PowerShell session configuration setup.
Set up Session Configuration File for Restricted Remote PowerShell Session
If your Citrix environment has restrictions on the PowerShell commands that can be executed on StoreFront remotely, create a session configuration file to set up restricted PowerShell sessions for the Virtual App service. This configuration allows only the user running the Virtual App service to create a remote session and allows only the StoreFront commands related to multi-site aggregation and keyword filtering to be run.
- Log in to the StoreFront server.
- Open a PowerShell window as the domain user that runs the Virtual App service.
Important: Make sure that you use the same domain user account that you use to run the Virtual App service. The domain user must also be a Citrix server Read Only administrator who is able to load the Citrix PSSnapin.
- Run the following commands:
New-PSSessionConfigurationFile -VisibleCmdlets Get-STFStoreService,Get-STFStoreFarm,Get-STFUserFarmMapping,Get-STFEquivalentFarmset,'Write-Host' -LanguageMode RestrictedLanguage -SessionType RestrictedRemoteServer -Path .\filename.psscReplace filename with a name for the configuration file, such as WorkspaceONE. Use only alpha-numeric characters for the name.
Register-PSSessionConfiguration -Path filename.pssc -Name configurationNameReplace configurationName with a name for the configuration, such as WorkspaceONE. Use the same name that you specified for filename, without an extension. Use only alpha-numeric characters for the name.
Set-PSSessionConfiguration -Name configurationName -ShowSecurityDescriptorUI- In the Permissions dialog box that appears, select the domain user that will be allowed to create the PowerShell session, and select the Execute(Invoke) checkbox in the Allow column to give the user execute permissions.
Important: Make sure that you select the same domain user account that you use to run the Virtual App service. The domain user must also be a Citrix server Read Only administrator who is able to load the Citrix PSSnapin.
For example:
A session configuration file is created in the C:\Windows\System32\WindowsPowerShell\v1.0\SessionConfig directory.
Add Commands to Session Configuration File
Edit the session configuration file that you created to add commands that are required for multi-site aggregation and keyword filtering.
- In the StoreFront server, go to the following directory:
C:\Windows\System32\WindowsPowerShell\v1.0\SessionConfig
- Open the filename.pssc file for editing.
- Append the following commands to the
VisibleCmdletslist:'Get-ItemProperty', 'Select-Object', 'Format-List' - Append the following commands at the end of the file:
AliasDefinitions = @{ Name = 'Select' ; Value = 'Microsoft.PowerShell.Utility\Select-Object'} FunctionDefinitions =@{ 'Name' = 'Get-DSResourceFilterKeyword' 'Options' = 'ReadOnly' 'ScriptBlock' = { param( [Parameter(Mandatory=$true)] [long]$SiteId, [Parameter(Mandatory=$true)] [string]$VirtualPath ) $path = "C:\inetpub\wwwroot\$VirtualPath\web.config" $xpath = "/configuration/citrix.deliveryservices/wing/resources/settingsGroup/enumeration/filterByKeywords" $xml = Select-Xml -path $path -xpath $xpath $includeKeywords = $null if ( $xml.Node.include ) { GetKeywords -KeywordsString $xml.Node.include } $excludeKeywords = $null if ( $xml.Node.exclude ) { $excludeKeywords = GetKeywords -KeywordsString $xml.Node.exclude } $returnObject = new-object PSObject $returnObject | Add-Member -MemberType NoteProperty -Name "Include" -Value $includeKeywords -PassThru ` | Add-Member -MemberType NoteProperty -Name "Exclude" -Value $excludeKeywords return $returnObject }; },@{ 'Name' = 'GetKeywords' 'Options' = 'ReadOnly' 'ScriptBlock' = { param( [Parameter(Mandatory=$true)] [string]$KeywordsString ) $set = @() $res = $KeywordsString -split ";" foreach ($kw in $res) { $kw = if ($kw) {$kw.trim()} else {$null} if ($kw) { $set += $kw } } return $set } },@{ 'Name' = 'Get-STFStoreFarm' 'Options' = 'ReadOnly' 'ScriptBlock' = { $Global:FormatEnumerationLimit = -1 Citrix.StoreFront.Stores\Get-STFStoreFarm @Args } },@{ 'Name' = 'Get-STFEquivalentFarmset' 'Options' = 'ReadOnly' 'ScriptBlock' = { $Global:FormatEnumerationLimit = -1 Citrix.StoreFront.Stores.MultiSite\Get-STFEquivalentFarmset @Args } } } - Run the following command to restart the Windows service:
Get-Service -Name WinRM | Restart-Service
Select Restricted PowerShell Session Option in Workspace ONE Access Connector Installer
After setting up the session configuration file, select the restricted PowerShell session option in the Workspace ONE Access connector installer and specify the session configuration file name.
- Run the Workspace ONE Access connector installer.
- On the Citrix Configuration page, select the Enable Citrix StoreFront restricted PowerShell session option.
- Enter the name of the session configuration file that you created.
Enter the file name without the extension and without the extra characters that are part of the name. For example, if the name in the file system is WorkspaceONEsjk1p2.pssc, enter WorkspaceONE.
Enable Multi-site Aggregation and Keyword Filtering
After completing the prerequisites, you can create a virtual apps collection for your Citrix integration and enable the multi-site aggregation and keyword filtering features.
- To enable multi-site aggregation, select the Enable Multi-site aggregation option in the Citrix virtual apps collection.
See Configuring Citrix Server Farms in Workspace ONE Access.
- To enable keyword filtering:
- Run the Workspace ONE Access connector installer.
- Select Custom on the Select Default or Custom Installation page.
- Select the Enable Citrix keyword filtering option on the Citrix Configuration page.
