-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
1/52
@fdwl #BriForum @entisys
Citrix Internals: ICA
ConnectivityDenis Gundarev, Senior Consultant, Entisys Solutions
May 21, 2014
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
2/52
@fdwl #BriForum @entisys
Name: ENTISYS\DenisGroups:
Group1: Bay Area Citrix User GroupGroup2: Citrix Technology Professional
Email: [email protected]: @fdwl[Length: 112]
About me
0000 30 45 4E 54 49 53 59 53 5C 44 65 6E 69 73 0D 0A 0ENTISYS\Denis..0010 31 0D 0A 32 0D 0A 42 61 79 20 41 72 65 61 20 43 1..2..Bay Area C0020 69 74 72 69 78 20 55 73 65 72 20 47 72 6F 75 70 itrix User Group0030 0D 0A 32 43 69 74 72 69 78 20 54 65 63 68 6E 6F ..2Citrix Techno0040 6C 6F 67 79 20 50 72 6F 66 65 73 73 69 6F 6E 61 logy Professional
0050 6C 0D 0A 33 44 65 6E 69 73 47 40 65 6E 74 69 73 l..3DenisG@entis0060 79 73 2E 63 6F 6D 0D 0A 34 40 66 64 77 6C 0D 0A ys.com..4@fdwl..
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
3/52
@fdwl #BriForum @entisys
Agenda
Everything that you need to know about ICA protocol
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
4/52
@fdwl #BriForum @entisys
What does ICA stand for?
Independent Computing Architecture?
ICA = Intelligent ConsoleArchitecture!
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
5/52@fdwl #BriForum @entisys
ICA 1.0 - 1992
Originally for Serial connections
IPX and NetBIOS was added later
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
6/52
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
7/52@fdwl #BriForum @entisys
ICA 3.0 - 1995
Introduced in WinFrame For Networks
Thinwire 1, Printing, Client drive mapping,audio, Clipboard
TCP/IP, IPX, SPX, NetBEUI, Serial, Modems $5,995 for 15 concurrent users
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
8/52@fdwl #BriForum @entisys
PRD Product Renaming Disorder
Before After
Core Virtual channels HDX Broadcast
Thinwire HDX SmartRendering
Virtual Channel fallback HDX Adaptive Orchestration
Flash and Windows media redirection HDX MediaStream
Server-side flash rendering HDX MediaStream Network Con3D Pro and RemoteFX HDX RichGraphics
Bidirectional audio and UDP Audio HDX RealTime
Device mapping HDX Plug-n-Play
Built-In compression and Branch Repeater HDX WAN Optimization
NetScaler session policies HDX SmartAccess
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
9/52
@fdwl #BriForum @entisys
ICA Overview
The ICA protocol is a protocol optimized for WideArea Networks or WANs with high latency links. It alsosupports Quality-Of-Service (QoS) and otherbandwidth optimization features.
Since this is OSI-Layer 6, what does ICA do foroptimization. The ICA packet contains the followingheaders: Frame Head, Reliable, Encryption,Compression, Command, Command Data, FrameTrail. The command is the only required information.
Within ICA are virtual channels for KVM, printing,audio, Drive Mapping, Clipboard, Seamless windows,etc. that can be encapsulated. You can have a maxof 32 virtual channels. RDP channels are different.Each channel has a counter-point on the server.These channels sit on top of the ICA Winstation Driver,on top of Protocol driver, on Transport Driver.
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
10/52
@fdwl #BriForum @entisys
ICA In Real Life
TC
P
SSL
CGP/W
inSocks
ICA
Protocoldriver
Fram
edriver
Enc
ryption
Win
Station
Com
pression
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
11/52
@fdwl #BriForum @entisys
Virtual Channels
TC
P
SSL
CGP/W
inSocks
ICA
Protocoldriver
Fram
edriver
Enc
ryption
Win
Station
Com
pression
Channel Name Priority Description
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
12/52
@fdwl #BriForum @entisys
Virtual
Channels
C a e a e o y esc p o
CTXCAM 0 Client Audio Mapping
CTXCCM 3 Client COM Port Mapping
CTXCDM 2 Client Drive Mapping
CTXCLIP 2 Client Clipboard Mapping
CTXCM 3 Client Management (Auto-Update)
CTXCOM1 3 Legacy COM1 Port Mapping
CTXCOM2 3 Legacy COM2 Port Mapping
CTXCPM 3 Printer Mapping for Spooling Clients
CTXCTL 1 ICA Session Control
CTXD3D 1 Direct3D Virtual Channel Adapter
CTXEUEM 1 End User Experience Monitoring
CTXFLSH 2 Multimedia - Flash
CTXGUSB 2 USB Redirection
CTXLIC 1 License Management
CTXLPT1 3 Legacy LP1 Port Mapping
CTXLPT2 3 Legacy LPT2 Port Mapping
CTXMM 2 Multimedia - Streaming
CTXPASS 2 Transparent Key Pass-Through
CTXPN 1 Process Notification
CTXSBR 1 Citrix Browser Acceleration
CTXSCRD 1 Smartcard
CTXTW 1 Remote Session Screen Update (THINWIRE)
CTXTWI 1 Seamless Windows Screen Update (THINWIRE)
CTXTWN 2 Twain Redirection
CTXZLC 0 Speed Screen Latency Reduction - Screen
CTXZLFK 0 Speed Screen Latency Reduction - Fonts
OEMOEM 3OEMOEM2 3CTXVFM 1
CTXVFM?
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
13/52
@fdwl #BriForum @entisys
Virtual Channels
At client load time, list of channel drivers populated from the registry/.ini file
During the connection client passes information about the virtual channels it suppXenApp server.
XenApp Server opens virtual channel.
Data sent using the following two methods:
Polling mode
Immediate mode
VC Server can be on the Client
You can remove unneeded channels(http://www.dell.com/downloads/global/solutions/customization_of_the_citrix_icapdf)
http://www.dell.com/downloads/global/solutions/customization_of_the_citrix_ica_web_client.pdfhttp://www.dell.com/downloads/global/solutions/customization_of_the_citrix_ica_web_client.pdfhttp://www.dell.com/downloads/global/solutions/customization_of_the_citrix_ica_web_client.pdfhttp://www.dell.com/downloads/global/solutions/customization_of_the_citrix_ica_web_client.pdfhttp://www.dell.com/downloads/global/solutions/customization_of_the_citrix_ica_web_client.pdfhttp://www.dell.com/downloads/global/solutions/customization_of_the_citrix_ica_web_client.pdf -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
14/52
@fdwl #BriForum @entisys
Virtual Channels
You can create your own Virtual Channels
https://www.citrix.com/downloads/citrix-receiver/sdks/virtual-channel-sdk.html
http://www.citrix.com/community/receiver-ica-sdks.html
3 examples included in SDK
RDP2TCPnice example
http://rdp2tcp.sourceforge.net/
Citrix ICA Virtual Channels Backgrounder
http://support.citrix.com/article/CTX116890
https://www.citrix.com/downloads/citrix-receiver/sdks/virtual-channel-sdk.htmlhttps://www.citrix.com/downloads/citrix-receiver/sdks/virtual-channel-sdk.htmlhttp://www.citrix.com/community/receiver-ica-sdks.htmlhttp://www.citrix.com/community/receiver-ica-sdks.htmlhttp://www.citrix.com/community/receiver-ica-sdks.htmlhttp://rdp2tcp.sourceforge.net/http://rdp2tcp.sourceforge.net/http://rdp2tcp.sourceforge.net/http://support.citrix.com/article/CTX116890http://support.citrix.com/article/CTX116890http://support.citrix.com/article/CTX116890http://support.citrix.com/article/CTX116890http://rdp2tcp.sourceforge.net/http://www.citrix.com/community/receiver-ica-sdks.htmlhttps://www.citrix.com/downloads/citrix-receiver/sdks/virtual-channel-sdk.html -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
15/52
@fdwl #BriForum @entisys
Dynamic Virtual Channel
Up to 64 Static Virtual Channels (SVCs) for Win32
29 SVCs reserved by Citrix
Android client supports up to 32 SVCs
Dynamic Virtual Channels (or DVCs) are multiplexed over traditional SVCs
To write the DVC component over ICA, Microsofts DVC API can be used.
http://msdn.microsoft.com/en-us/library/bb540860(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/bb540860(v=vs.85).aspxhttp://msdn.microsoft.com/en-us/library/bb540860(v=vs.85).aspxhttp://msdn.microsoft.com/en-us/library/bb540860(v=vs.85).aspx -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
16/52
@fdwl #BriForum @entisys
Virtual Channel Priority
XenApp 6.5 - Implementing ICA Multi-Stream or Multi-Port - Virtual Channel GPriorities
http://support.citrix.com/article/CTX131001
How to Change Virtual Channel Priority in XenDesktop 5
http://support.citrix.com/article/CTX128190
Multi-Stream ICA and Cisco QOS
http://www.citrixirc.com/?p=182
Check the VC utilization using Perfmon
http://support.citrix.com/proddocs/topic/xenapp65-admin/ps-ref-counters-ica-ses
http://support.citrix.com/article/CTX131001http://support.citrix.com/article/CTX131001http://support.citrix.com/article/CTX131001http://support.citrix.com/article/CTX128190http://support.citrix.com/article/CTX128190http://support.citrix.com/article/CTX128190http://www.citrixirc.com/?p=182http://www.citrixirc.com/?p=182http://www.citrixirc.com/?p=182http://support.citrix.com/proddocs/topic/xenapp65-admin/ps-ref-counters-ica-sess-count-v2.htmlhttp://support.citrix.com/proddocs/topic/xenapp65-admin/ps-ref-counters-ica-sess-count-v2.htmlhttp://support.citrix.com/proddocs/topic/xenapp65-admin/ps-ref-counters-ica-sess-count-v2.htmlhttp://support.citrix.com/proddocs/topic/xenapp65-admin/ps-ref-counters-ica-sess-count-v2.htmlhttp://www.citrixirc.com/?p=182http://support.citrix.com/article/CTX128190http://support.citrix.com/article/CTX131001 -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
17/52
@fdwl #BriForum @entisys
ICA Drivers
TCP
S
SL
CGP/W
insocks
ICA
Protocoldriver
Fram
edriver
Enc
ryption
Win
Station
Com
pression
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
18/52
@fdwl #BriForum @entisys
WinStation Driver
Establishes the ICA session
Encodes ICA command information intoICA Packet
ICA packet = Command + CommandData < 2048 bytes
Compresses the ICA packet
Combines or separates compressed ICApackets to 1460 bytes buffers
Determines the priority of each outputbuffer
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
19/52
@fdwl #BriForum @entisys
Compression Driver
Enabled by default
VC-specific compression methods
Be careful with WAN optimization recommendations
Disabled compression + Bandwidth limit = Fail
http://support.citrix.com/article/CTX121353
http://support.citrix.com/article/CTX121353http://support.citrix.com/article/CTX121353http://support.citrix.com/article/CTX121353http://support.citrix.com/article/CTX121353 -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
20/52
@fdwl #BriForum @entisys
Encryption Driver
Basic. Encrypts the client connection usinga non-RC5 algorithm.
http://www.monkey.org/~dugsong/icadecrypt.c.txt
RC5 AKA SecureICA
RC5 (128 bit) logon only. Encrypts the logondata with RC5 128-bit encryption and theclient connection using Basic encryption.
RC5 (40 bit). Encrypts the client connectionwith RC5 40-bit encryption.
RC5 (56 bit). Encrypts the client connectionwith RC5 56-bit encryption.
RC5 (128 bit). Encrypts the client connectionwith RC5 128-bit encryption.
http://www.monkey.org/~dugsong/icadecrypt.c.txthttp://www.monkey.org/~dugsong/icadecrypt.c.txthttp://www.monkey.org/~dugsong/icadecrypt.c.txthttp://www.monkey.org/~dugsong/icadecrypt.c.txthttp://www.monkey.org/~dugsong/icadecrypt.c.txt -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
21/52
@fdwl #BriForum @entisys
Framing Driver
Rearranges ICA packets according to priority
Citrix ICA Priority Packet Tagging
http://theether.net/download/Citrix/ICA_Priority_Packet_Tagging.pdf
Fit ICA packets into the frame
Send frames to protocol driver
http://theether.net/download/Citrix/ICA_Priority_Packet_Tagging.pdfhttp://theether.net/download/Citrix/ICA_Priority_Packet_Tagging.pdfhttp://theether.net/download/Citrix/ICA_Priority_Packet_Tagging.pdfhttp://theether.net/download/Citrix/ICA_Priority_Packet_Tagging.pdf -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
22/52
@fdwl #BriForum @entisys
Protocol Driver
Transfers frame to underlying protocolwithout modification
Result is ICA stream, ready for transmission
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
23/52
@fdwl #BriForum @entisys
More Info About ICA
Citrix ICA Virtual Channels Backgrounder
http://support.citrix.com/article/CTX116890
Virtual channel names must not be more than seven characters in length
Configuring Citrix MetaFrame XP for Windows by Syngress et al.
http://amzn.com/1931836531
Citrix ICA Technology Brief http://web.archive.org/web/20000408170851/http://www.bocaresearch.com/tec
ch.html
http://support.citrix.com/article/CTX116890http://support.citrix.com/article/CTX116890http://support.citrix.com/article/CTX116890http://amzn.com/1931836531http://amzn.com/1931836531http://web.archive.org/web/20000408170851/http:/www.bocaresearch.com/technologies/icatech.htmlhttp://web.archive.org/web/20000408170851/http:/www.bocaresearch.com/technologies/icatech.htmlhttp://web.archive.org/web/20000408170851/http:/www.bocaresearch.com/technologies/icatech.htmlhttp://web.archive.org/web/20000408170851/http:/www.bocaresearch.com/technologies/icatech.htmlhttp://amzn.com/1931836531http://support.citrix.com/article/CTX116890 -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
24/52
@fdwl #BriForum @entisys
CGP
TCP
S
SL
CGP/W
inSocks
ICA
Proto
coldriver
Fram
edriver
Enc
ryption
Win
Station
Com
pression
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
25/52
@fdwl #BriForum @entisys
What does CGP stand for?
Certified Guitar Player
Common Gateway Protocol
Formerly known as Citrix GatewayProtocol
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
26/52
@fdwl #BriForum @entisys
Common Gateway Protocol
CGP = binary protocol designed forefficient tunneling of one or more TCPstreams
Used by Session Reliability
Based on SOCKS proxy protocol
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
27/52
@fdwl #BriForum @entisys
What is SOCKS
SOCKS is a generic, proxy protocol for TCP/IP based networking application.
SOCKS consists of two parts: SOCKS server and SOCKS client.
SOCKS server can communicate directly with both the Internet and the internal co
SOCKS client contacts the SOCKS server instead of sending requests directly to the
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
28/52
@fdwl #BriForum @entisys
SOCKS Connection
User SOCKS Proxy
SOCKS Request TCP Connect SYN
TCP Connect ACKSOCKS Reply
DATA DATA
DATADATA
Secure Gateway Proxy/NetScaler
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
29/52
@fdwl #BriForum @entisys
Secure Gateway Proxy/NetScaler
Gateway Next Hop
Unauthenticated SOCKS, tunnels any TCPtraffic
When configured with a certificate, theSecure Gateway Proxy/NetScaler
Gateway Next Hop expects traffic to beSOCKS+SSL on port 443
What is the difference between CGP
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
30/52
@fdwl #BriForum @entisys
What is the difference between CGP
SOCKS?
CGP is completely different protocol, but share the same idea
CGP support ticket-based authentication and addressing
CGP server sends keep-alive messages (60 sec by default)
CGP drop TCP connection without response if ticket is invalid
CGP support TCP Multiplexing, but its not really used
SOCKS is still in Citrix Products
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
31/52
@fdwl #BriForum @entisys
Ticket Types
Name Issued by PurposeLogon Ticket XenApp Data Collector/ XenDesktop
Controller
Authenticate user to ICA session; ticket r
credentials
LogonTicket=34B79930FBFC20BEF54D597
LogonTicketType=CTXS1
ACR Ticket XenApp Server/ XenDesktop VDA Allow reconnection via Auto Client Reco
requiring user to enter credentials, stored
client
Gateway TraversalTicket (v1) AppController Allow ICA connection through SOCKS; tidestination server address
Common Gateway
Protocol Token
Citrix XTE Service/ICA-CGP Listener Allow reconnection via Auto Client Reco
requiring user to enter credentials, stored
client
Gateway Traversal
Ticket (v4)
XenApp ctxsta.dll or XenDesktop Broker
Service
Allow ICA connection through Gateway
ticket replaces server address
Address=;40;STA403126471;54D2368FFFD
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
32/52
@fdwl #BriForum @entisys
Session Reliability
Explaining ICA Session ReliabCommon Gateway Protoco2598
http://support.citrix.com/ar
Session Reliability, Frozen Scr
Hourglass of Death By Nick R http://blogs.citrix.com/2013
reliability/
http://support.citrix.com/article/CTX104147http://support.citrix.com/article/CTX104147http://support.citrix.com/article/CTX104147http://blogs.citrix.com/2013/01/23/session-reliability/http://blogs.citrix.com/2013/01/23/session-reliability/http://blogs.citrix.com/2013/01/23/session-reliability/http://blogs.citrix.com/2013/01/23/session-reliability/http://support.citrix.com/article/CTX104147 -
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
33/52
@fdwl #BriForum @entisys
CGP Implementations: XTE Service
Extensible Transformation Engine (XTE) is an Apache-based proxy server that s
CGP
SOCKS
HTTP
All of the above over SSL
Can be seen on XenApp
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
34/52
@fdwl #BriForum @entisys
CGP Implementations: RDS Listeners
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
35/52
@fdwl #BriForum @entisys
CGP Implementations: CSG
Gateway between an SSL enabled ICA client and XenApp Servers
Tunnels ICA/CGP traffic inside SSL
Citrix Secure Gateway is a deprecated component that is still supported for X
Similar to XTE Service, based on Apache
Basically XTE + 3 additional Apache modules + GUI
Supports STA Ticketing Authentication
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
36/52
@fdwl #BriForum @entisys
STA Ticket Request
The following data are included as part ofthe ticket request sent by the Web server:
User name and domain name
Published application name
Least-busy Presentation Server address
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
37/52
@fdwl #BriForum @entisys
STA Ticket Response
The encoding format is a string of the form:
;STA_VERSION;STA_ID;TICKET
STA_VERSION. 40 for XenApp and XenDesktop. 10 forAppController.
STA_ID is a sequence of 016 characters usuallygenerated from the MAC address. Each STA ID must beunique. This allows the gateway to locate the STA thatcreated the ticket and return to that STA for ticket
validation. TICKET is a randomly-generated sequence of 32
uppercase alphabetic or numeric characters.
Example:
;40; STA403126471;FE0A7B2CE2E77DDC17C7FD3EE7959E79
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
38/52
@fdwl #BriForum @entisys
CGP Implementations: NetScaler
Gateway/Access Gateway
ICA Proxy Mode
The Only supported gateway forXenDesktop 7.x
ICA Proxy Session Migration in 10.1
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
39/52
@fdwl #BriForum @entisys
WebSockets
SOCKS over HTTP
HTTP Upgrade
TCP 8008 by default, but can bechanged
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
40/52
@fdwl #BriForum @entisys
Direct connection
Component Connecting to SessionReliability
Protocol
ICA Client version8.0 or later
XenAppServer/XenDesktop VDA
Enabled ICA in CommonGateway Protocol
ICA Client version8.0 or later
XenAppServer/XenDesktop VDA
Disabled ICA
HTML5 Receiver XenAppServer/XenDesktop VDA
N/A ICA in WebSockets
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
41/52
@fdwl #BriForum @entisys
One hop DMZ
Component Connecting to Session
Reliability
Protocol
ICA Client version9.0 or later
Secure Gateway/AccessGateway/NetScaler
Enabled ICA in CommonGateway Protocolin SSL
ICA Client version9.0 or later
Secure Gateway/AccessGateway/NetScaler
Disabled ICA in SSL
HTML5 Receiver Secure Gateway/AccessGateway/NetScaler
N/A ICA in WebSocketsSSL
SecureGateway/AccessGateway/NetScaler
XenAppServer/XenDesktop VDA
Enabled ICA in CommonGateway Protocol
SecureGateway/AccessGateway/NetScaler
XenAppServer/XenDesktop VDA
Disabled ICA
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
42/52
@fdwl #BriForum @entisys
Dual hop DMZ
Component Connecting to Session
Reliability
Protocol
SecureGateway/AccessGateway/NetScalerin DMZ1
Secure Gateway/AccessGateway/NetScaler inDMZ2 with SSL
N/A SOCKS in SSL
SecureGateway/Access
Gateway/NetScalerin DMZ1
Secure Gateway/AccessGateway/NetScaler in
DMZ2 without SSL
N/A SOCKS
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
43/52
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
44/52
@fdwl #BriForum @entisys
Multi-Stream ICA
CitrixReceiver
forWindows
XenDeWindo
HTTServ
Router
ICA Real Time
HTTP HTTP
ICA Interactive
ICA Background
ICA Bulk
ICA Real Time
ICA Interactive
ICA Background
ICA Bulk
ICA UDP/RTP Audio * ICA UDP Audio *
* UDP/RTP Audio initially only in VDI FlexC
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
45/52
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
46/52
@fdwl #BriForum @entisys
Multi-Stream ICA
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
47/52
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
48/52
@fdwl #BriForum @entisys
UDP Audio
Speex codec
Real-time Transport Protocol (RTP)
Quality must be set to Medium
Not using ICA or CGP
Citrix Receiver creates a listener on aclient device during session initialization
Not supported with NetScaler
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
49/52
@fdwl #BriForum @entisys
SSL
TCP
SSL
CGP/WinSocks
ICA
Protocoldriver
Fra
medriver
En
cryption
WinStation
Compression
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
50/52
@fdwl #BriForum @entisys
SSL
Citrix uses custom SSLSDK library to wrap native OS SSL functions and form Se
Recommended for every connection
SSL Relay is no longer available in XenDesktop 7.x, Use IPSec to enforce encry
Wildcard and SAN certificates are supported
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
51/52
@fdwl #BriForum @entisys
SSL on NetScaler
SNI (Server Name Indication) is notsupported by Receiver yet.
NetScaler VPX does not support TLS 1.1and TLS 1.2
Always add CA certificates chain tovserver
-
8/11/2019 Citrixinternals Ica New 140521053339 Phpapp01
52/52
@fdwl #BriForum @entisys
Q&A