Rendezvous V2

When using the Citrix Gateway service, the Rendezvous protocol allows traffic to bypass the Citrix Cloud Connectors and connect directly and securely with the Citrix Cloud control plane.

There are two types of traffic to consider: 1) control traffic for VDA registration and session brokering; 2) HDX session traffic.

Rendezvous V1 allows for HDX session traffic to bypass Cloud Connectors, but it still requires Cloud Connectors to proxy all control traffic for VDA registration and session brokering.

Standard AD domain joined machines and non-domain joined machines are supported for using Rendezvous V2 with single-session and multi-session Linux VDAs. With non-domain joined machines, Rendezvous V2 allows for both HDX traffic and control traffic to bypass the Cloud Connectors.

Requirements

The requirements for using Rendezvous V2 are:

• Access to the environment using Citrix Workspace and Citrix Gateway service.
• Control Plane: Citrix DaaS (formerly Citrix Virtual Apps and Desktops service).
• VDA version 2201 or later.
  • Version 2204 is the minimum required for HTTP and SOCKS5 proxies.
• Enable the Rendezvous protocol in the Citrix policy. For more information, see Rendezvous protocol policy setting.
• The VDAs must have access to https://*.nssvc.net, including all subdomains. If you cannot whitelist all subdomains in that manner, use https://*.c.nssvc.net and https://*.g.nssvc.net instead. For more information, see the Internet Connectivity Requirements section of the Citrix Cloud documentation (under Virtual Apps and Desktop service) and the Knowledge Center article CTX270584.
• The VDAs must be able to connect to the addresses mentioned previously:
  • On TCP 443, for TCP Rendezvous.
  • On UDP 443, for EDT Rendezvous.

Proxy configuration

The VDA supports connecting through proxies for both control traffic and HDX session traffic when using Rendezvous. The requirements and considerations for both types of traffic are different, so review them carefully.

Control traffic proxy considerations

• Only HTTP proxies are supported.
• Packet decryption and inspection are not supported. Configure an exception so the control traffic between the VDA and the Citrix Cloud control plane is not intercepted, decrypted, or inspected. Otherwise, the connection fails.
• Proxy authentication is not supported.

• To configure a proxy for control traffic, edit the registry as follows:

   /opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Citrix\VirtualDesktopAgent" -t "REG_SZ" -v "ProxySettings" -d "http://<URL or IP>:<port>" --force
   <!--NeedCopy-->