Note: This has not been rolled out yet.
Cloud connector traffic flows are changing for the XenApp and XenDesktop service.
First, there are multiple deployment scenarios when using the XenApp and XenDesktop service within Citrix cloud:
- Full: the Gateway Service and Workspace are hosted within Citrix Cloud
- Partial: Workspace is hosted within Citrix Cloud while Gateway is running on-premises.
- Minimal: Gateway and StoreFront are running on-premises
When you go with the full option, where Workspace and Gateway are running within Citrix Cloud, the VDA-to-Gateway traffic flow changed.
Previously, the VDA-Gateway traffic would all flow through the cloud connector, notice step 11
With the 7.18 VDA, the VDA-Gateway traffic would be direct, bypassing the cloud connector (step 9).
Why the change?
- Better Scalability: the connectors are more scalable as it no longer proxies the VDA-Gateway traffic
- Better Experience: the user experience no longer suffers if the connectors are overloaded
The updated cloud connector flow also automatically falls back to the previous approach if the VDA cannot make a direct connection to the Gateway service. This new approach uses the following Citrix policy within the Citrix cloud-hosted Studio (it is enabled by default).
The new traffic flow is now part of the XenApp/XenDesktop Cloud Service Poster.
Daniel (Follow on Twitter @djfeller)
Citrix Workspace Poster
XenApp/XenDesktop On-Prem Poster
XenApp/XenDesktop Cloud Service Poster
So, with rendezvous enabled the VDA opens a connection to the Gateway service, right? On which port? Is there any other communication going on afterwards. – RT
LikeLike
The VDA creates a connection to the Gateway service. The connection is encrypted with TLS. This traffic is the same as earlier when it went through the cloud connector. Now, the VDA can do it without the connector.
LikeLike
Is there any documentation about Cloud Connector sizing and scalability in the cloud with this new feature?
LikeLike
When enabling / using Cloud Gateway, traffic flow will always go through Cloud GW and Cloud Connector? Even when you are connected through internal LAN? It seems there is no optimal routing or beacon feature like in on prem StoreFront and Gateway?
LikeLike
At the moment, I am a little bit confused about this feature. In Citrix edoc, in the session about policy settings for Rendevouz protocol, I can find two phrases, saying something completly different:
1. phrase: “If the VDA requires a proxy server to access the internet, proper proxy configuration is required.”
2. phrase a few lines below: “The Rendezvous protocol doesn’t support proxies. To use proxies, continue to use the Cloud Connector for ICA traffic.”
For me, phrase one says, that it will work across proxies, when the proxy config is fine, the second phrase itolds me, that is doesn’t work across proxies.
And is there a way to check connectivity to gateway service?
LikeLike
Why has the rendevouz protocol been removed in VDA 1909?
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/document-history.html
LikeLike
Was pulled as the cloud-side of the equation wasn’t fully released due to issues. It will eventually come back.
LikeLike