Carl Stalhood

Wednesday, 3 August 2016

Enumeration & Application Launch Process In XenApp 6.0/6.5



This blog takes you deep down into the back-end process including all the steps, which makes things possible for a user to launch citrix application through web interface.
Application Enumeration Process
The application enumeration process is as follows:
  1. A user launches a Web browser then types the web URL.
  2. It connects to Web Interface & the Web Interface returns the logon page.
  3. The user types in credentials.
  4. The user’s credentials are then forwarded from Web Interface server to XML service of the XML Broker (if there is no XML Broker configured separately, then Data Collector acts as the XML Broker) in plain text form
  5. XML service then sends that information to the local IMA service in the form of HTTP/HTTPS.
  6. The IMA service then forwards them to the local server’s (XML Broker/Data Collector) Lsass.exe (Local Security Authority Subsystem Service), which resides in C:\Windows\System32 folder.
  7. The Lsass.exe encrypts the credentials and then passes them to the Domain Controller
  8. The domain controller returns the SIDs (user’s SID and the list of group SIDs) back to Lsass.exe of the XML Broker/Data Collector and then to the IMA service.
  9. IMA service uses the SIDs to search the Data Store for the list of applications and the Worker Group Preference Policy for the authenticated user.
  10. If Data Store is not available, then the communication fail over to Local Host Cache (LHC) in the XML Broker/Data Collector to get the details for the user.
  11. The list of the applications together, with the user’s worker group preference policy, is returned to the XML service and then on to the Web Interface.
  12. The Web Interface uses its Java objects to create the web page which contains the application set for the user and then user’s Worker Group Preference Policy get cached in the Web Interface server.
  13. Then web interface server returns that web page to the user’s web browser.  ======================================== 

  14. Application Launch Process  
    1. User selects the application by clicking the application icon (such as Microsoft Word).
    2. The selected application data (Microsoft Word) is passed back to Web Interface.
    3. Web Interface passes the application (Microsoft Word) information, together with the user’s Worker Group Preference policy, back to XML service on XML broker server/Data Collector.
    4. XML service then forwards the information to the IMA service.
    5. Then the information is forwarded to the IMA service of the Zone Data Collector (If the XML Broker & Data Collector is the same server, then this part will not exist)
    6. The Zone Data Collector tries to find out a least loaded server as per the Worker Group preference list.
    7. When it finds the least loaded server, it sends a query to the Citrix Service Manager of that server to verify whether the server has the required application installed, if the answer is no, then it searches next least loaded server as per the worker group.
    8. If the answer is yes, then IMA service provides the host ID details to the IMA service of the ZDC.
    9. ZDC then transfers this information to the XML broker through IMA service.
    10. The XML broker translates this host ID into its relevant IP address by searching in the Local Host Cache of itself.
    11. The IP address is then provided to Web Interface by the XML service of the XML Broker server.
    12.  Web Interface uses this IP address to create the Launch.ICA file. (Please note that if the user is coming from an external environment through internet, then the Launch.ICA file contains the Fully Qualified Domain Name (FQDN) or Domain Name Server (DNS) name of the server running the Secure Gateway or Citrix Access Gateway. IP Address of the XenApp server is never revealed to the Citrix client.)
    1. The ICA file is then returned to Web browser on the client machine.
    2. Citrix Web plug-in/Citrix Online Plug-In uses the ICA file to launch an ICA connection to the least loaded XenApp server.
    3. The XenApp server requests the License Server to provide a license.

    4. Once the license is allocated by the Citrix.exe (Vendor Daemon) after checking the availability, then the server launches the application and then sends it to the user’s screen to interact.  ===========================================================
    1.       The XML broker translates this host ID into it’s IP address by searching the Local Host Cache.
    2. The IP address is then provided to Web Interface (this completes the application resolution).
    3. Web Interface uses this IP address to create the ICA file.
    4. The ICA file is then returned to Web browser on the client machine.
    5. Citrix online Web plug-in uses the ICA file to launch an ICA connection to the least loaded XenApp server.
    6. The XenApp server launches the application for the user.
    ===========================================================================