Citrix Gateway Service has proved to be very useful to customers looking for a cloud-based HDX proxy that provides secure remote access through a cloud-based gateway to front-end their Virtual Apps and Desktops environments. If you’re familiar with the solution, you may be aware that when using the Citrix Gateway Service, ICA sessions have to be proxied through the Cloud Connector to reach the Gateway and, subsequently, the user. These Cloud Connectors can support up to 1,000 concurrent sessions. That’s fine for small deployments, but once the user base grows from hundreds to thousands, the Cloud Connectors become a bottleneck. So, for a time, the only solution to solve this was just to add more Cloud Connectors.

However, depending on how many users we’re talking about, you can end up with a lot of Cloud Connectors, and we get it, it is definitely not ideal.

To get around this problem we decided to literally go around it.

That’s how the Rendezvous protocol came to be. This feature enables the ICA session to go directly from the VDA to the Gateway Service without going through the Cloud Connector first. It’s that simple. And in case you are wondering, we use TLS to secure ICA traffic in transit.

The implementation, on the other hand, wasn’t so simple. If you are getting a feeling of déjà vu, that is because Rendezvous was originally released a little while back. We pulled it back due to an issue that surfaced after the release, but we’ve addressed that, and Rendezvous is ready go.

Here’s what you need to know:

  • Are there specific requirements for using Rendezvous?
    Yes. You must have either Citrix Virtual Apps and Desktops Service (Citrix Cloud) or Citrix Virtual Apps and Desktops 7 1811+. The VDA version must be 1811+. The functional level of the Machine Catalog and Delivery Group must be set to “1811 (or newer)”
  • How do you enable or disable Rendezvous?
    It is enabled by default and it can be disabled via Citrix Policy. See the screenshot below.
  • What if I want or need to continue to proxy ICA sessions through a Cloud Connector? How do we get around the scalability issue?
    We are continuing to work on that and will keep you posted.
  • Are proxies supported with Rendezvous?
    Proxies are not supported at the moment. If you must use a proxy, you must continue to proxy ICA traffic through the Cloud Connector.
  • What happens if Rendezvous is enabled and the ICA traffic cannot reach the Gateway Service directly?
    It will fall back to proxying traffic through the Cloud Connector.
  • What are the internet connectivity requirements?
    The requirements and considerations for establishing connectivity between the customer’s resources and Citrix Cloud can be found in the documentation.
  • How do you set the functional level of the Machine Catalog and Delivery Group?
    It depends. If you’re creating a new Machine Catalog, it is set in the “Machines” page of the wizard, as shown below. The functional level of the Delivery Group will be set automatically based on the functional level of the Machine Catalog.

    If you already have a Machine Catalog and Delivery Group, right-click on the Machine Catalog and select “Upgrade Catalog,” as shown below.Then click on “Upgrade.”You’ll repeat the same steps on the Delivery Group.

In short, Cloud Connector scalability considerations — as it relates to Citrix Gateway Service — is a thing of the past. No more having to add additional Cloud Connector capacity for proxying ICA sessions as you add more users to your environment.

Until next time,

Product Manager – HDX

Citrix Tech Bytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.

Click here for more Tech Bytes and subscribe.

Want specific Tech Bytes? Let us know!