lo_oscar
asked on
Silo Citrix user session
We have a need to silo XenApp5 Citrix users base on their job position, however we'd like to have all citrix users use the same publish desktop. Can we silo users base on their username or group membership for them to only go to designated servers in the publish desktop server pool? I know it's not common but can this be done?
ASKER
It has to be the same publish desktop (with the same name)... because we have a script to call for that publish desktop.
I would think you could do the same thing I suggested.
Create two Application folders: Special and Regular
Say you have 5 servers named Server1 thru Server5
You put the special group into a Security group called SpecialUsers.
You put every one else into another security group called RegularDesktopUsers.
Create a published desktop called DesktopA in the Regular application folder on all servers giving RegularDesktopUsers access to the desktop.
Create a published desktop called DesktopA in the Special application folder on the special servers giving SpecialUsers access to the desktop.
Application names have to be unique within a folder. After both published desktoops are created with the same Display Name, go here for an explanation of what happens.
http://www.dabcc.com/article.aspx?id=15053&page=2
You should be good to go now.
Say your published desktop is called DesktopA. DesktopA is published on servers Server1 thru Server5. You want the special group to use only Server2 and Server4. For the Users settings
Create two Application folders: Special and Regular
Say you have 5 servers named Server1 thru Server5
You put the special group into a Security group called SpecialUsers.
You put every one else into another security group called RegularDesktopUsers.
Create a published desktop called DesktopA in the Regular application folder on all servers giving RegularDesktopUsers access to the desktop.
Create a published desktop called DesktopA in the Special application folder on the special servers giving SpecialUsers access to the desktop.
Application names have to be unique within a folder. After both published desktoops are created with the same Display Name, go here for an explanation of what happens.
http://www.dabcc.com/article.aspx?id=15053&page=2
You should be good to go now.
Say your published desktop is called DesktopA. DesktopA is published on servers Server1 thru Server5. You want the special group to use only Server2 and Server4. For the Users settings
ASKER
Yes this will allow you to create 2 publish desktops with the same "display names", however when you call by the pnagent.exe /QLaunch swith it will look at the App name, which can't be the same within a farm. Is there a way to call a publish app by its display name?
Not that I am aware of.
ASKER
Any way that I can launch the "only" publish desktop assigned to the user? I know they have this feature for WI, not sure if it can be done by pnagent.
Couldn't you just put like 2 spaces or an extra space somewhere in the application name to make it look similar but unique?
ASKER
But then I'll have to modify my script to call to that unique application name, otherwise the other one will be launched. It does not resolve the problem.
Sorry, then I am all out of ideas for you. Hope someone else can chime in with an idea for you.
ASKER
Thanks for trying.
ASKER
Anyone know if this is supported by CAG? or Xenapp 6?
No to XenApp 6.
ASKER
It is possible to achieve this by configuring Zone preference policy for each user group? Any drawbacks?
Zones are in the same farm so the same limitation apply.
ASKER
I should be able to split the servers in the farm into different zones (i.e. server1-5 in Default Zone and server6&7 in "Accounting Dept Zone") while the publish desktop can be published to server 1 through 7. I'll then create a Zone Preference and Failover policy to set the Accounting Dept Zone as the prefered zone and apply the policy to a user AD group for my Accounting users. So when the Accounting users logon to PNAgent and launch the publish desktop, they should only go to server 6&7 unless both servers are down. If this concept is feasible, we will potentially scale this to 20+ zones in our farms if we are creating a zone for each department. Do you think this setup is feasible? what will be the down side of this setup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create a 2nd published desktop (which will be the same as the 1st) and assign just the users and or security group you wish to silo.