Skip to main content

Citrix DaaS (Workspace Extension)

Overview

For Citrix delivered Desktops, the Workspace Extension allows Active Citrix sessions to be viewed and terminated from within Atria. This enables Service Provider helpdesk, Resellers and End-Customer administrators to support end-users without requiring administrative access to Citrix servers.

This works in conjunction with the Workspace Service. The Workspace service manages configuration of the User, and assignment to groups to control the Desktop Experience. The Citrix DaaS extension adds features specifically for Citrix.

This feature works with:

  • Citrix Cloud (multi-tenant or Private).
  • Citrix Virtual Apps and Desktops.
info

Citrix DaaS is implemented through the Atria Service - "Citrix DaaS" which must be installed and provisioned to the customer. Citrix DaaS is dependent on the Workspace service. This means Workspace must be enabled and provisioned to the customer prior to Citrix DaaS being enabled.

System Requirements

  • Citrix Daas (Citrix Cloud), multi-tenant or private cloud, or
  • Citrix Virtual Apps and Desktops (Min Version 7 2308)
  • Atria environment with Workspace Service deployed

Features by User Role

Service Provider/Reseller Admin

  • View active sessions for individual tenants, regardless of whether they are in Citrix Cloud Multi-tenant, private tenant, or on-premises.
  • Seek and force log-off end-users from sessions, without needing to find/login to any external system.
  • Audit trail of any forced log off events. Who logged the user off and when they did it.

End-Customer Administrator

  • View active sessions for all users within their customer.
  • Force logoff any users session
  • Audit trail of any forced log-off events

End-User

  • Users provisioned with WorkSpace can also Login, view their own sessions and force-logoff their own session.

Deployment

Atria uses the Citrix REST API to access session information, this is available both on Citrix Cloud and in recent releases of Citrix Virtual Apps and Desktops.

Firewall Configuration

Atria needs to be able to make outbound calls to the Rest API to retrieve session information.

  • Atria Provisioning Server to Citrix REST API (HTTPS Traffic)

Deployment Process

The user performing this task, must have Atria Service Provider Administrator permissions. Enabling this service carries low risk to existing operations. Follow the section below which describes your Citrix setup.

  1. Login to the Atria portal
  2. Ensure that the Atria Workspace service has already been deployed and enabled.
  3. Enable the Citrix DaaS Service
  • Navigate to Configuration > System Manager > Service Deployment and expand Citrix Daas. Deploy the Citrix DaaS service in the desired Atria Location
  1. Follow the deployment specific notes below:

  • Ensure the Atria Provisioning Server is able to reach the Citrix Cloud API with HTTPS traffic

  • Set up API access tokens : Follow the guide Get started with Citrix Cloud APIs | Citrix Cloud API overview to get your API access configured. Follow this guide, and take note of the ID, Secret and API URL.

  • Set the App-host to the API URL Citrix Cloud API URL - e.g. https://api-us.cloud.com

  • App-IDand secret set to the ID and Secret from your Citrix Cloud API Client.

  • Save the Service Configuration

  • Navigate to the Root Customer, In the Reseller Service, enable the Citrix DaaS service with default settings.

info

Properties marked as secret can not be viewed after they are set. This applies to the API secret and passwords.

  1. Click Save when finished.

  2. Locate the Citrix Cloud TenantID:

  • Each Tenant within Citrix Cloud has a TenantID – this is an alphanumeric string, an example is : s4x90ic0lutv
  • Atria needs the TenantID in order to accurately segregate session data.
  • To locate the TenantID, log into Citrix Cloud, Go to the Customer Dashboard, locate the customer, select the Elipsis and click on View Details:

Finding the tenantid from Citrix Cloud

  • The Customer Details page will be shown, the TenantID is embedded in to the URL:
https://us.cloud.com/customeraccount/{tenantID}/information
  • Locate the tenantID from the URL and Copy.
  1. Enable at Customer Level:

Locate the customer, expand the Citrix DaaS service, enter the TenantID for the customer, and provision. You should now be able to view sessions for the customer.

Private AD Atria Location

This applies when each customer has their own Active Directory and Citrix infrastructure.

In this scenario, all configuration (API URL, Username, Password) should be configured under the Citrix DaaS service at the Customer Level when assigning the customer the Citrix DaaS service.

Additional Notes

Dual configuration

Atria will collate and show sessions from both Citrix Cloud and Citrix CVAD.

If a customer has users split between Citrix Cloud and CVAD environments, the session viewer will consolidate data from both sources.

To configure, enter the details for both on-premises and Citrix Cloud.

warning

If you are NOT using Citrix Cloud, do not specify values in the Citrix Cloud area of the Service Settings. If values are specified, Atria will attempt to retrieve session data from Citrix Cloud which will result in errors or slow performance.

Differences between Citrix Cloud and On-Premises:

With Citrix Cloud, Atria will retrieve all users and segregate them based on the TenantID. All users with sessions will be displayed, regardless of whether they have been provisioned into Atria.

With CVAD, filtering is based on the user identity within Atria, if the user is not provisioned in Atria, you will not be able to view their sessions in the Session viewer.