Citrix XenDesktop Handbook

Citrix XenDesktop handbook is it only specific to XD/VDI 7.x part only ?
Is see most of its content is generic project methodology ?
Could you guys can point me something similar specific XenApp 7.x .......?
xyz abcAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
Dirk KotteSECommented:
XenApp and xendesktop is very similar.
Most of configuration is the same

Check the citrix eDocs "XenApp 7.6 and XenDesktop 7.6":
http://support.citrix.com/proddocs/topic/xenapp-xendesktop/xad-xenapp-xendesktop-76-landing.html
xyz abcAuthor Commented:
Yes I agree with both your links pointed I have been design my implementation plan based on those.
But for project planning, I think XD handbook can also be used for XenApp 7.6.

Thanks Sekar & dkotte.

I have few more questions on this.

Say I plan of having.

1. No Netscalers ( Not a good idea specially considering LB part & VPN or ICA proxy ).

----> So in this case I can place my SF in DMZ and rest of all XA/XD 7.6 on internal range of subnet ?? Where basically internal users can locally connect within the LAN to local internal site which is completely on private LAN..

2. If client choose Netscaler

----> So in this case I need to have an internal and external Netscalers .... Internal Netscalers for load balancing my SF & Controllers and then the external Netscaler for ICA proxy/Full VPN/Client access ... Where my IP addressing would be for public facing will only be related to access to VPN or AGEE URL ?  and rest of the requirement for IP addressing scheme would remain the same as above except the NS/AGEE part.

3. Basically I am trying to figure out in both the scenario, how would I approach my network team for number of Public IP's, Private IP's I need and VLAN configurations .. SSL Certificates & FQDN's ?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Dirk KotteSECommented:
1. SF need full domain access. if placed within a DMZ you need a lot of rules.

2. it is possible with only one NetScaler at DMZ also.
and already i deploy a netscaler with private addressees only. NAT to/from internet to the VServer do the work and it works great.

3. there are many options ...
- you may use private addresses only and NAT one public IP to every vserver
- you may use only public ip`s
- you may mix private and public ip`s within one DMZ
-- NS need at least 3 IP`s (NS management, SubNetIP and one IP for every Virtualserver)
-- also one IP for every loadbalancing vserver ... ASO.
... or you use more than one interface and possible connect to multiple DMZ

you should use public certificates and FQDN for every vServer,
Certificates for DDC and StoreFront may come from private CA.
xyz abcAuthor Commented:
So rest everything remains within the LAN is private and internal VLAN IP structure. Right ?
basically all the Sites & Controllers, Host servers.?
Dirk KotteSECommented:
yes Sites & Controllers, Host servers reside within the internal infrastructure. but it is possible to separate the terminalserver or virtual desktops (like workstations) from the DDC (Controlservers) like the default separation of clients from backend servers.

Netscaler should be placed at the DMZ. but within these DMZ you can use your preferred IP variant (public, private or mixed)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xyz abcAuthor Commented:
ok perfect got it. I think Citrix just changed the terminology everything in terms of network is pretty simple.
I was curious as I am preparing a HLD or just simple projection.

One thing thing is pretty complex if SF is placed in DMZ or implemented with AGEE component then call back & such has to be tested very well with AGEE policies and such. Looks like they have changed the whole GUI of Access gateway AGEE/NS 10.5.
May be it will take time or get familiar during implementation and extensive testing. I hope they will not change GUI anytime soon, this is bit crazy.

Good thing is they have not changed anything in terms of flow or under lying protocol like FMA in XA/XD.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.