Configure Citrix Gateway to support Enlightened Data Transport and HDX Insight

EDT traffic through Gateway now has end-to-end visibility. Availability of both real-time and historical visibility data enables Citrix ADM to support a wide variety of use cases.

The following scenarios are supported:

Configure Citrix Gateway to support Enlightened Data Transport

If you use Enlightened Data Transport (EDT), Datagram Transport Layer Security (DTLS) must be enabled to encrypt the UDP connection used by EDT. The DTLS parameter must be enabled at the Gateway VPN virtual-server level. Also, the Citrix Virtual Apps and Desktops components must be correctly upgraded and configured to achieve encrypted traffic between the Gateway VPN virtual server and the user device.

Note: UDP port (for example port 443) configured for the Citrix Gateway front end virtual server must be opened in the DMZ for the virtual server to receive the DTLS connections. DTLS and CGP are prerequisites for EDT to be compatible with Citrix Gateway.

To configure Citrix Gateway to support EDT using GUI

1. Deploy and configure Citrix Gateway to communicate with StoreFront and authenticate users for Citrix Virtual Apps and Desktops.

2. On the Configuration tab in the Citrix ADC GUI, expand Citrix Gateway and select Virtual Servers.

   

3. Click Edit to display Basic Settings for the VPN Virtual Server, and then verify the state of the DTLS setting.

   

4. Click More to display other configuration options.

   

5. Select DTLS to provide communications security for datagram protocols. Click OK. The Basic Settings area for the VPN virtual server shows that the DTLS flag is set to True.

   

To configure Citrix Gateway for EDT support using CLI

set vpn vserver vs1 -DTLS ON