Authenticator on a Citrix VDI Session

In addition to its deployment in Windows and Macintosh environments, the Authenticator can also be deployed in a Citrix Virtual Desktop Infrastructure (VDI) environment. In any of these environments, the end user is transparently authenticated via an executable file that launches during the login process.

NOTE: Please refer to the Authentication User Guide for more information about authentication.

Minimum Requirements

Deployment of the Authenticator in a Citrix VDI environment requires the following minimum resources:
• Citrix VDI with Presentation Server 4.0 Virtual IP or higher
• Read access to a network share
• RAM: 3MB times the number of users

Top

Presentation Server Virtual IP

Virtual IP enables a unique IP address from a designated range to be assigned to each Independent Computing Architecture (ICA) connection. By enabling this feature, additional dedicated applications such as Internet Explorer or Firefox browsers can use a unique IP address that is assigned to each ICA connection instead of using Citrix Server’s IP address.

Top

Workflow

1. The administrator configures virtual IP feature by navigating to Citrix Farm Properties > Virtual IP Address Configuration and adding a range of IP addresses to be used. For example: 192.168.1.0/255.255.255.0

NOTE: The IP address can be as large as required by the environment size.

2. The administrator adds Virtual IP Processes that will be using the unique IP address under Citrix Farm Properties > Virtual IP Processes. At minimum, the following should be added:

  • iexplorer.exe (Internet Explorer)
  • authenticat.exe (Authenticator client) - This file should be stored in a network-shared location that a login script can access.

3. A logon script is configured to run on every user session that logs into the Citrix VDI. This logon script runs a batch file, and at minimum should contain the following contents:

start \\UNC_Path_to _Authenticator_Client\Authenticat.exe RA[virtual_IP]NP[1]

NOTE: Virtual_IP is the IP address configured in the Web Filter under System > Authentication > Authentication Settings, and NP[1] is the parameter that identifies the VDI to the Authenticator client.

4. The end user’s logon script evokes authenticat.exe which transparently retrieves the username and domain name and sends the information to the Web Filter along with the virtual IP address assigned to the user session.

Related Topics:

Back | Top



© Trustwave. All rights reserved.