As you guys know I got a Windows Surface a couple months ago (at launch) and have been trying to use it as much as I can, integrating it to anything I may have up and running.
The first test I did was to get the Windows Server 2012 RemoteApp feed going with it. It does work and provides decent performance. Published apps in seamless windows, it is all there and works pretty much out of the box. How to get that working is the subject for another post and for the book I am finishing with Freek Berson (by the way, it is being officially sent to Apple March, 1st – what happens after, we will learn later).
As I do have a XenApp/XenDesktop environment I wanted to use the Surface as a client. That required me setting up StoreFront (and dealing with its SQL issues – addressed on this post) and the Access Gateway, running on a Netscaler VPX appliance.
So as of today this is what I have:
– Netscaler VPX NS10.0: Build 72.5.nc.
– StoreFront 1.2 running on Windows Server 2008 R2.
– Both running under VMware ESX 5.0. Yes, I did not update it.
The key thing with the Surface is to get the damn Access Gateway Session Policy/Profile done properly. The steps you need to follow are actually simple and you can potentially have all this configured in 5 minutes. I assume your Netscaler VPX with an Access Gateway virtual server is already up and running for this.
1. Under Access Gateway > Virtual Servers find your virtual server, right click it and select ‘Open’.
2. Click on the Policies tab and then Clientless. Then click ‘Insert Policy’ at the bottom.
3. Under ‘Profile’ simply select ‘ns_cvpn_default_profile’. It will have all the options pre-set for you.
4. For the expression what you need is this: HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WindowsRT”)
So this is what your clientless policy will look like.
Before you ask, yes it has to be WindowsRT and NOT WinRT. I know WinRT is what is used for Windows 8 but for RT for some reason is WindowsRT. I tried and tested with Jarian the WinRT and no go. Does not work with the Surface. Once we switched to WindowsRT, all good.
5. Now on the Policies tab, Session you will need a policy (and a profile for it) with the lowest number for the priority (so it is top priority) that will look like this (do not worry, let’s see how to create it step-by-step):
To create it, click on ‘Insert Policy’ at the bottom and once the screen shows up you will need to create a new profile first (click ‘New’ beside ‘Request Profile’. The first thing to be changed is on the Client Experience tab. You need to change:
– Home Page: set it to your StoreFront site. Mine for example is set to https://sf.iqbridge.ca/Citrix/IQBridgeWeb (checked).
– Clientless Access: ON (checked).
– Single Sign-on to Web Applications: checked.
– Credential Index: Primary (checked).
On the Security tab:
– Default Authorization Action: ALLOW (checked).
On the Published Applications tab:
– Make sure ICA Proxy is NOT checked (has to be showing as OFF).
– Web Interface Address: the EXACT same as you set as Home Page on the Client Experience tab. So in my case https://sf.iqbridge.ca/Citrix/IQBridgeWeb.
– Single Sign-on Domain: your AD Domain name.
Now all you need is to make sure the actual Session Policy looks like this (by adding the expression):
That is all regarding Session Policies/Profiles and Clientless policies/profiles for the Windows RT.
Once you launch the Citrix Receiver on the Surface simply enter the address for the Access Gateway like https://mycag.mydomain.com. It will ask you for credentials and once entered you should see your apps (assuming you already set apps) or it will allow you to pick the available apps.
I then tested this internally and externally (over an LTE Hotspot) and it worked flawlessly in both cases. It is worth mentioning that every time I would screw something app on the AG configuration (i.e. use WinRT instead of WindowsRT on the expressions) the Surface Receiver not only did not find the apps (would throw an error) but once the AG was configured properly it would still refuse to work requiring an uninstall and a reinstall of the Citrix Receiver on the Surface. Keep that in mind. The current version is still a little temperamental…
If you see anything wrong with this post or need more info just give me a shout.
31,851 total views, 5 views today