• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1520
  • Last Modified:

Question on XML Broker and Web Interface


Our environment is PS 4.5 on Windows 2003. We have a Web Interface and several PS 4.5 servers.

From what I understand from reading Citrix.com, the process of someone connecting to the farm is:

1. Access Web Interface URL and authenticate
2. WI will contact the XML Broker service to determine which apps the user has permissions to see
3. The XML broker queries the Datastore for this information
4. When the user selects an app, an ICA file is sent to the user
5. Client downloads ICA file and creates an ICA connection

I had some questions on this process I was hoping someone could help me with:

a) When the WI contacts the XML Broker service, I understand that this service can run on any server in the farm, although it can be prioritised. Is this correct?

b) If the WI was held in a DMZ and the PS servers in a LAN, is there any way to restrict which servers the WI can query the XML Broker service on

c) When the ICA file is sent to the user once they decide on an application they want, which server is this ICA file actually sent from?
2 Solutions
A. Since Citrix 4.0, you can use any XenApp server as an XML broker as long as the WI can contact it.  I say "can contact it" because WI's can be in a DMZ and the XenApp servers can be on the intranet so you need ports open from WI to XMLs.  As for prioritized, I don't believe so from a WI.  It can be load balanced, so you specify 2+ XML brokers in the WI and it will load balance between them and if 1+ become available it won't try that XML server again for a specificied amount of time.
B.  Yes, in the WI you can specify which servers will act as XML brokers.
C. The ICA file (launch.ica) is sent from the WI they contacted.
So, (and you stated most of this):
1. User contacts WI (directly or hits load balancer) via port 80 or 443 (depending on what you have configured) and authenticates).
2. Credentials are sent from WI to XML broker (XML brokers you specified and are load balanced).
3. XML broker verifies cerdentials with Active Directory and on success queries the ZDC for the applications the user has access to.
4. The XML broker sends the available applications to the WI and the WI displays the applications to the user.
5. Once the user clicks on the application, the WI sends that request to the XML broker and the XML broker queries the ZDC to see what server they should be directed to.
6. Once it has that information, it sends the ICA file to the WI and the WI forwards that onto the user.
7. User receives the ICA file and the local client launches using the settings in the ICA file.
Let me know if you have questions...
Carl WebsterCommented:
How the Web Interface works with pictures:


a) Any XenApp server with the XenApp component installed can be used as the XML Broker.  Preferred is to use the server acting as your zone data collector.

i.e. A server with just Web Interface or just Citrix Secure gateway or just CSG/WI installed, cannot be an XML Broker.

b) Yes, the same as in "a".  Just enter the server or servers with XenApp installed that you want to use.

c) The ica file is delivered from the WI server the user connected to.

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now