Limit users to XD/XA resources in Web Interface 5.4

Let’s take a look at how we can limit access to multiple Farms via Citrix Web Interface 5.4

In the example below… I will be configuring a Web Interface Services Site (PNAgent) in preparation to allow mobile users access to XenApp/XenDesktop via mobile devices such as the iPad, iPhone and Android (yuck). For details on how to configure a Service Site go to the following link.

As you probably know, there are several ways of limiting access via the NetScaler AGEE, however the new CAG Standard edition (5.0.x) has a limitation when utilizing basic logon points.

Solution:

• Create your AD groups such as CitrixXenAppUsers and CitrixXenDeskUsers
• Create a new Web Interface Service Site (PNAgent) such as PrivateCloudPNA
• Configure your new site with access to your Farms, in this case XenApp6.5 and a XenDesktop 5.6
• Configure your site to utilize your CAG, with Gateway access
• Configure your Access Gateway basic logon point to forward to your new site “PrivateCloudPNA“
• Ensure you can launch published Apps and Desktops
• Edit your WI site by opening the WebInterface.conf file located under C:\inetpub\wwwroot\Citrix\NameOfYourSite\conf\
• Search for Farm1Groups and remove the “#”
• Set Farm1Groups=nameofyourdomain\CitrixXenAppUsers
• Since we have a XenDesktop farm in this example, we also need to set access to it by entering Farm2Groups=nameofyourdomain\CitrixXenDeskUsers