This post is probably not necessary because the configuration is pretty simple and easy to get it working – all you need are a NetScaler running 12.0 code or later, and a view connection server v7.0.1 or later. Currently, it is limited to proxying PCoIP traffic only.
NetScaler Settings for PCoIP
There are two parts to the configuration on the NetScaler:
- PCoIP VServer Profiles – located in NetScaler Gateway > Policies > PCoIP ; this is where the logon domain name is defined; these are bound to the gateway vServer
- PCoIP Profiles – located in NetScaler Gateway > Policies > PCoIP ; this is where you define the Connection Server URL and session timeout; these are bound to the gateway session policy
If you have already created a gateway vServer, you can edit the Basic Settings using the edit pencil (top right) and select the new vServer profile:
Additionally, the Gateway vServer needs to use the RfWebUI theme.
The session policy needs to contain the following settings:
- Clientless Access: On
- Default Authorization: On
- PCoIP Profile: <profile_name>
If you are using Unified Gateway you will need to add a few expressions to the is_vpn_url pattern set – this is a default pattern set and cannot be modified, however, you can create a new one copying in the existing expressions by highlighting is_vpn_url and selecting Add. This is all done in AppExpert:
- Configuration > AppExpert > Expressions > Advanced Expressions
- Highlight the existing is_vpn_url and click ‘Add’
- Give the pattern set a name, “is_vpn_url_pcoip” in this example
- Add the following expressions (don’t copy\paste):
- HTTP.REQ.URL.PATH.EQ(“/broker/xml”) || HTTP.REQ.URL.PATH.EQ(“/broker/resources”) || HTTP.REQ.URL.PATH.EQ(“/pcoip-client”)
The above newly created pattern set must then replace the existing is_vpn_url in your content switching policy for Unified Gateway
View Connection Server Settings
On your View Connection Servers, you need to set the following:
- General > Use Secure Tunnel connection under HTTP(s) Secure Tunnel
That’s it!
Connection Options
Once configured will have 2 major options for connectivity – point the Horizon Client at the NetScaler Gateway URL, or use the Gateway portal itself. First, to use the Horizon Client, simply enter the URL of the NetScaler Gateway vServer and login:
Alternatively, you can use the NetScaler web portal and integrate with other apps to utilize the Unified Gateway experience:
Be aware that the Horizon Client will need to be installed to render the PCoIP connection:
Does it work through NAT?
Carl,
It is supported behind NAT, but few points:
Full details here: http://docs.citrix.com/en-us/netscaler-gateway/12/netscaler-gateway-enabled-pcoip-proxy-support-for-vmware-horizon-view/configuring-netscaler-gateway-enabled-pcoip-proxy-for-vmware-horizon-view.html
Where is the FQDN configured? When I trace the traffic, it’s returning the actual VIP, not the public FQDN or public IP.
I believe the FQDN comes from the connection server