Internal connections go directly to the storefront server and come from internal computers that are subject to policies where we have full control over these timers so they are out of scope for this case. In other words all external connections where the risk is largest and control least. By setting it there it will apply to all scenario's and sessions coming in through Netscaler gateway. This timer value is set and defined in the Netscaler Gateway " Global Settings" section under the " Client Experience" tab in the " Session Time-out" field. This is essentially the period of time during which clicking the icon of your published application/desktop will reconnect to an existing HDX session or start a new HDX session before the icon becomes considered 'expired' and immediately returns a re-authentication prompt instead. (essential) The Netscaler Gateway session (= the "validity lifetime" of your icons). Practically it means that regardless of which client device or way of connecting remotely or internally, any Citrix session where no input has been detected for X minutes will be disconnected (but remains available for instant reconnecting after for instance a lunch break)Ģ. ![]() For this I found the only true working -under all conditions- solution to be The Citrix policy " Server Idle Timer interval". (essential) The Actual Citrix HDX session (= the published desktop you are working in) needs to become automatically disconnected after x minutes of user inactivity. To summarize there are 3 levels that can be controlled of which 2 are essential and necessary as well as sufficient while the third one can be considered optional as well as incomplete:ġ. Update, solution and conclusion for future reference to all that it may concern or interest:Īfter more rigorous testing and searching I have found my remaining answers to enforce a strict security plan against Session hijacking after a computer theft for people connecting to your Citrix session from any possible external resources (Android, Ipad, Windows laptops and computers, Chromebooks. I need to ensure that re-authentication is enforced whenever people -past the timeout- manually click the icon in Workspace app for windows to start/reconnect Citrix apps and desktops ![]() Instead the workspace app for windows reconnects to the existing (previously disconnected) Citrix session immediately which is a potential security breach according to our company policy. ![]() When testing logging in from for instance a Chromebook from an external internet line through the Netscaler Gateway I validated succesfully that I get the " logoff successful" page after 1 minute inactivity but when testing the same from a Windows 1905 app for windows I cannot get authentication to pop-up.įor the record I'm aware that the windows app never gives a "log off" message and that your apps and desktops remain visible but -according to the documentation- I'm supposed to at least get the authentication pop-up to happen when clicking the app/desktop past the timeout. I then configured - for testing and validation purposes- in Storefront that logons to this website should timeout and logoff 1 minute after no activity as follows: I'm currently testing a new setup which uses storefront 1906 + Netscaler gateway (latest) + Workspace app for windows 1905 that I just finished setting up.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |