User access options 编辑

Three different methods are available for users to access StoreFront stores.

• Citrix Receiver or Citrix Workspace app - Users with compatible versions of Citrix Receiver or Citrix Workspace app can access StoreFront stores within the Citrix Receiver or Citrix Workspace app user interface. This provides the best user experience and the greatest functionality.
• Citrix Receiver for Web sites - Users with compatible web browsers can access StoreFront stores by browsing to Citrix Receiver for Web sites. By default, users also require a compatible version of Citrix Receiver or Citrix Workspace app to access their desktops and applications. However, you can configure your Citrix Receiver for Web sites to enable users with HTML5-compatible browsers to access their resources without installing Citrix Receiver or Citrix Workspace app. When you create a new store, a Citrix Receiver for Web site is created for the store by default.
• XenApp Services URLs - Users of domain-joined desktop appliances and repurposed PCs running the Citrix Desktop Lock, along with users who have older Citrix clients that cannot be upgraded, can access stores using the XenApp Services URL for the store. When you create a new store, the XenApp Services URL is enabled by default.

The figure shows the options for users to access StoreFront stores:

Citrix Receiver or Citrix Workspace app

Accessing stores from within the Citrix Receiver or Citrix Workspace app user interface provides the best user experience and the greatest functionality. For the Citrix Receiver or Citrix Workspace app versions that can be used to access stores in this way, see System Requirements. References to “Citrix Workspace app” in this document also represent the supported versions of Citrix Receiver unless otherwise noted.

Citrix Workspace app uses internal and external URLs as beacon points. By attempting to contact these beacon points, Citrix Workspace app can determine whether users are connected to local or public networks. When a user accesses a desktop or application, the location information is passed to the server providing the resource so that appropriate connection details can be returned to Citrix Workspace app. This enables Citrix Workspace app to ensure that users are not prompted to log on again when they access a desktop or application. For more information, see Configure beacon points.

After installation, Citrix Workspace app must be configured with connection details for the stores providing users’ desktops and applications. You can make the configuration process easier for your users by providing them with the required information in one of the following ways.

Important:

By default, Citrix Workspace app requires HTTPS connections to stores. If StoreFront is not configured for HTTPS, users must carry out additional configuration steps to use HTTP connections. Citrix strongly recommends that you do not enable unsecured user connections to StoreFront in a production environment. For more information, see Configure and install using command-line parameters in the Citrix Receiver for Windows or Citrix Workspace app for Windows documentation.

Provisioning files

You can provide users with provisioning files containing connection details for their stores. After installing Citrix Workspace app, users open the .cr file to automatically configure accounts for the stores. By default, Citrix Receiver for Web sites offer users a provisioning file for the single store for which the site is configured. You could instruct your users to visit the Receiver for Web sites for the stores they want to access and download provisioning files from those sites. Alternatively, for a greater level of control, you can use the Citrix StoreFront management console to generate provisioning files containing connection details for one or more stores. You can then distribute these files to the appropriate users. For more information, see Export store provisioning files for users.

Auto-generated setup URLs

For users running Mac OS, you can use the Citrix Receiver for Mac or Citrix Workspace app for Mac Setup URL Generator to create a URL containing connection details for a store. After installing Citrix Workspace app, users click on the URL to configure an account for the store automatically. Enter details of your deployment into the tool and generate a URL that you can distribute to your users.

Manual configuration

More advanced users can create new accounts by entering store URLs into Citrix Workspace app. For more information, see the Citrix Workspace app documentation.

Email-based account discovery

Users who install Citrix Workspace app on a device for the first time can set up accounts by entering their email addresses, provided that they download Citrix Workspace app from the Citrix website or a Citrix Workspace app download page hosted within your internal network. You configure Service Location (SRV) locator resource records for Citrix Gateway or StoreFront on your Microsoft Active Directory Domain Name System (DNS) server. Users do not need to know the access details for their stores, instead they enter their email addresses during the Citrix Workspace app initial configuration process. Citrix Workspace app contacts the DNS server for the domain specified in the email address and obtains the details you added to the SRV resource record. Users are then presented with a list of stores that they can access through Citrix Workspace app.

Configure email-based account discovery

Configure email-based account discovery to enable users who install Citrix Workspace app on a device for the first time to set up their accounts by entering their email addresses. Provided that they download Citrix Workspace app from the Citrix website or a Citrix Workspace app download page hosted within your internal network, users do not need to know the access details for their stores when they install and configure Citrix Workspace app. Email-based account discovery is available if Citrix Workspace app is downloaded from any other location, such as a Receiver for Website. Note that ReceiverWeb.exe or ReceiverWeb.dmg downloaded from Citrix Receiver for Web does not prompt users to configure a store. Users can still use Add Account and enter their email address

During the initial configuration process, Citrix Workspace app prompts users to enter either an email address or a store URL. When a user enters an email address, Citrix Workspace app contacts the Microsoft Active Directory Domain Name System (DNS) server for the domain specified in the email address to obtain a list of available stores from which the user can select.

To enable Citrix Workspace app to locate available stores on the basis of users’ email addresses, you configure Service Location (SRV) locator resource records for Citrix Gateway or StoreFront on your DNS server. As a fallback, you can also deploy StoreFront on a server named “discoverReceiver.domain,” where domain is the domain containing your users’ email accounts. If no SRV record is found in the specified domain, Citrix Workspace app searches for a machine named “discoverReceiver” to identify a StoreFront server.

You must install a valid server certificate on the Citrix Gateway appliance or StoreFront server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain,where domain is the domain containing your users’ email accounts. Although you can use a wildcard certificate for the domain containing your users’ email accounts, you must first ensure that the deployment of such certificates is permitted by your corporate security policy. Other certificates for the domain containing your users’ email accounts can also be used, but users will see a certificate warning dialog box when Citrix Workspace app first connects to the StoreFront server. Email-based account discovery cannot be used with any other certificate identities.

To enable email-based account discovery for users connecting from outside the corporate network, you must also configure Citrix Gateway with the StoreFront connection details. For more information, see Connecting to StoreFront by Using Email-Based Discovery.

Add an SRV record to your DNS server

1. On the Windows Start screen, click Administrative Tools and, in the Administrative Tools folder, click DNS.

2. In the left pane of DNS Manager, select your domain in the forward or reverse lookup zones. Right-click the domain and select Other New Records.

3. In the Resource Record Type dialog box, select Service Location (SRV) and then click Create Record.

4. In the New Resource Record dialog box, enter in the Service box the host value _citrixreceiver.

5. Enter in the Protocol box the value _tcp.

6. In the Host offering this service box, specify the fully qualified domain name (FQDN) and port for your Citrix Gateway appliance (to support both local and remote users) or StoreFront server (to support local users only) in the form servername.domain:port.

   If your environment includes both internal and external DNS servers, you can add a SRV record specifying the StoreFront server FQDN on your internal DNS server and another record on your external server specifying the Citrix Gateway FQDN. With this configuration, local users are provided with the StoreFront details, while remote users receive Citrix Gateway connection information.

7. If you configured an SRV record for your Citrix Gateway appliance, add the StoreFront connection details to Citrix Gateway in a session profile or global setting.

Citrix Receiver for Web sites

Users with compatible web browsers can access StoreFront stores by browsing to Citrix Receiver for Web sites. When you create a new store, a Citrix Receiver for Web site is automatically created for the store. The default configuration for Citrix Receiver for Web sites requires that users install a compatible version of Citrix Workspace app to access their desktops and applications. For more information about the Citrix Workspace app and web browser combinations that can be used to access Citrix Receiver for Web sites, see User device requirements.

By default, when a user accesses a Citrix Receiver for Web site from a computer running Windows or Mac OS X, the site attempts to determine whether Citrix Workspace app is installed on the user’s device. If Citrix Workspace app cannot be detected, the user is prompted to download and install it for their platform. The default download location is the Citrix website, but you can also copy the installation files to the StoreFront server and provide users with these local files instead. Storing the Citrix Workspace app installation files locally enables you to configure the site to offer users with older clients the option to upgrade to the version on the server. For more information about configuring deployment of Citrix Receiver for Windows or Citrix Workspace app for Windows and Citrix Receiver for Mac or Citrix Workspace app for Mac, see Configure Citrix Receiver for Web sites.

Citrix Workspace app for HTML5

Citrix Workspace app for HTML5 is a component of StoreFront that is integrated by default with Citrix Receiver for Web sites. You can enable Citrix Workspace app for HTML5 on your Citrix Receiver for Web sites so that users who cannot install Citrix Workspace app can still access their resources. With Citrix Workspace app for HTML5, users can access desktops and applications directly within HTML5-compatible web browsers without needing to install Citrix Workspace app. When a site is created, Citrix Workspace app for HTML5 is disabled by default. For more information about enabling Citrix Workspace app for HTML5, see citrix-receiver-download-page-template.html.

To access their desktops and applications using Citrix Workspace app for HTML5, users must access the Citrix Receiver for Web site with an HTML5-compatible browser. For more information about the operating systems and web browsers that can be used with Citrix Workspace app for HTML5, see User device requirements.

Citrix Workspace app for HTML5 can be used by both users on the internal network and remote users connecting through Citrix Gateway. For connections from the internal network, Citrix Workspace app for HTML5 only supports access to desktops and applications provided by a subset of the products supported by Citrix Receiver for Web sites. Users connecting through Citrix Gateway can access resources provided by a wider range of products if you chose Citrix Workspace app for HTML5 as an option when configuring StoreFront. Specific versions of Citrix Gateway are required for use with Citrix Workspace app for HTML5. For more information, see Infrastructure requirements.

For local users on the internal network, access through Citrix Workspace app for HTML5 to resources provided by Citrix Virtual Apps and Desktops is disabled by default. To enable local access to desktops and applications using Citrix Workspace app for HTML5, you must enable the ICA WebSockets connections policy on your Citrix Virtual Apps and Desktops servers. Ensure your firewalls and other network devices permit access to the Citrix Workspace app for HTML5 port specified in the policy. For more information, see WebSockets policy settings.

By default, Citrix Workspace app for HTML5 starts desktops and applications in a new browser tab. However, when users start resources from shortcuts using Citrix Workspace app for HTML5, the desktop or application replaces the Citrix Receiver for Web site in the existing browser tab rather than appearing in a new tab. You can configure Citrix Workspace app for HTML5 so that resources are always started in the same tab as the Receiver for Web site. For more information, see Configure Citrix Workspace app for HTML5 use of browser tabs.

Resource shortcuts

You can generate URLs that provide access to desktops and applications available through Citrix Receiver for Web sites. Embed these links on websites hosted on the internal network to provide users with rapid access to resources. Users click on a link and are redirected to the Receiver for Web site, where they log on if they have not already done so. The Citrix Receiver for Web site automatically starts the resource. In the case of applications, users are also subscribed to the application if they have not subscribed previously. For more information about generating resource shortcuts, see Configure Citrix Receiver for Web sites.

As with all desktops and applications accessed from Citrix Receiver for Web sites, users must either have installed Citrix Workspace app, or be able to use Citrix Workspace app for HTML5 to access resources through shortcuts. The method used by a Citrix Receiver for Web site depends on the site configuration, on whether Citrix Workspace app can be detected on users’ devices, and on whether an HTML5-compatible browser is used. For security reasons, Internet Explorer users may be prompted to confirm that they want to start resources accessed through shortcuts. Instruct your users to add the Receiver for Web site to the Local intranet or Trusted sites zones in Internet Explorer to avoid this extra step. By default, both workspace control and automatic desktop starts are disabled when users access Citrix Receiver for Web sites through shortcuts.

When you create an application shortcut, ensure that no other applications available from the Citrix Receiver for Web site have the same name. Shortcuts cannot distinguish between multiple instances of an application with the same name. Similarly, if you make multiple instances of a desktop from a single desktop group available from the Citrix Receiver for Web site, you cannot create separate shortcuts for each instance. Shortcuts cannot pass command-line parameters to applications.

To create application shortcuts, you configure StoreFront with the URLs of the internal websites that will host the shortcuts. When a user clicks on an application shortcut on a website, StoreFront checks that website against the list of URLs you entered to ensure that the request originates from a trusted website. However, for users connecting through Citrix Gateway, websites hosting shortcuts are not validated because the URLs are not passed to StoreFront. To ensure that remote users can only access application shortcuts on trusted internal websites, configure Citrix Gateway to restrict user access to only those specific sites. For more information, see http://support.citrix.com/article/CTX123610.

Customize your sites

Citrix Receiver for Web sites provide a mechanism for customizing the user interface. You can customize strings, the cascading style sheet, and the JavaScript files. You can also add a custom pre-logon or post-logon screen, and add language packs.

Important considerations

Users accessing stores through a Citrix Receiver for Web site benefit from many of the features available with store access within Citrix Workspace app, such as application synchronization. When you decide whether to use Citrix Receiver for Web sites to provide users with to access your stores, consider the following restrictions.

• Only a single store can be accessed through each Citrix Receiver for Web site.
• Citrix Receiver for Web sites cannot initiate Secure Sockets Layer (SSL) virtual private network (VPN) connections. Users logging on through Citrix Gateway without a VPN connection cannot access web applications for which App Controller requires that such a connection is used.
• Subscribed applications are not available on the Windows Start screen when accessing a store through a Citrix Receiver for Web site.
• File type association between local documents and hosted applications accessed through Citrix Receiver for Web sites is not available.
• Offline applications cannot be accessed through Citrix Receiver for Web sites.
• Citrix Receiver for Web sites do not support Citrix Online products integrated into stores. Citrix Online products must be delivered with App Controller or made available as hosted applications to enable access through Citrix Receiver for Web sites.
• Citrix Workspace app for HTML5 can be used over HTTPS connections if the VDA is XenApp 7.6 or XenDesktop 7.6 and has SSL enabled or if the user is connecting using Citrix Gateway.
• To use Citrix Workspace app for HTML5 with Mozilla Firefox over HTTPS connections, users must type about:config in the Firefox address bar and set the network.websocket.allowInsecureFromHTTPS preference to true.

XenApp Services URLs

Users with older Citrix clients that cannot be upgraded can access stores by configuring their clients with the XenApp Services URL for a store. You can also enable access to your stores through XenApp Services URLs from domain-joined desktop appliances and repurposed PCs running the Citrix Desktop Lock. Domain-joined in this context means devices that are joined to a domain within the Microsoft Active Directory forest containing the StoreFront servers.

StoreFront supports pass-through authentication with proximity cards through Citrix Workspace app to XenApp Services URLs. Citrix Ready partner products use the Citrix Fast Connect API to streamline user logons through Citrix Receiver for Windows or Citrix Workspace app for Windows to connect to stores using the XenApp Services URL. Users authenticate to workstations using proximity cards and are rapidly connected to desktops and applications provided by Citrix Virtual Apps and Desktops. For more information, see the most recent Citrix Receiver for Windows documentation.

When you create a new store, the XenApp Services URL for the store is enabled by default. The XenApp Services URL for a store has the form http[s]://serveraddress/Citrix/storename/PNAgent/config.xml, where serveraddress is the fully qualified domain name of the server or load balancing environment for your StoreFront deployment and storename is the name specified for the store when it was created. This allows Citrix Workspace apps that can only use the PNAgent protocol to connect to Storefront. For the clients that can be used to access stores through XenApp Services URLs, see User device requirements.

Important considerations

XenApp Services URLs are intended to support users who cannot upgrade to Citrix Workspace app and for scenarios where alternative access methods are not available. When you decide whether to use XenApp Services URLs to provide users with access to your stores, consider the following restrictions.

• You cannot modify the XenApp Services URL for a store.
• You cannot modify XenApp Services URL settings by editing the configuration file, config.xml.
• XenApp Services URLs support explicit, domain pass-through, smart card authentication, and pass-through with smart card authentication. Explicit authentication is enabled by default. Only one authentication method can be configured for each XenApp Services URL and only one URL is available per store. If you need to enable multiple authentication methods, you must create separate stores, each with a XenApp Services URL, for each authentication method. Your users must then connect to the appropriate store for their method of authentication. For more information, see XML-based authentication.
• Workspace control is enabled by default for XenApp Services URLs and cannot be configured or disabled.
• User requests to change their passwords are routed to the domain controller directly through the Citrix Virtual Apps and Desktops servers providing desktops and applications for the store, bypassing the StoreFront authentication service.