Task 1 – Build a VIP with an Access Policy allowing access to VMware and Citrix

  1. From “corporate-pc”

  2. Open F5 config GUI

  3. Disable Strict Updates for the lab2-proxy Application

    • Go to iApps -> Application Services
    • Click lab2-proxy
    • Click Properties tab
    • In Application Service pulldown, select Advanced
    • Uncheck Strict Updates checkbox
    • Click Update button
  4. To save lab time, we removed “Strict Updates” so we can copy lab2-proxy Access profile objects

    • Go to Access -> Profiles/Policies -> Access Profiles…
    • Click “Copy” hyperlink on the lab2-proxy line
    • In the “Copied Profile Name” field, type in lab5-webtop
    • Click “Copy” button
  5. View the characteristics of the lab5-webtop and lab3-lb-sf Access policies. To consolidate Citrix and VMware access, the subsequent steps will incorporate the components from Citrix policy into the copy of the VMware policy.

    • Go to Access -> Profiles/Policies -> Access Profiles…
    • On the lab2-proxy line, click Edit link. Review components and click Close
    • on the lab3-lb-sf line, click Edit link. Review components and click Close
  6. Open lab5-webtop VPE

    • Go to Access -> Profiles/Policies -> Access Profiles…
    • On the lab5-webtop line, click Edit link and review.
  7. Add Citrix to the Browser Resource Assign on the Full or Mobile Browser branch

    • Click Browser Resource Assign object on the right end or the branch
    • In the Browser Resource Assign pop-up, click Add/Delete
    • Click Remote Desktop… tab
    • Select /Common/lab3-lb-sf.app/lab3-lb-sf_remote_desktop_1 checkbox. (Both check boxes should be selected)
    • Click Update button
    • Click Save button
    ../_images/image41.png
  8. Add a branch for the Citrix Receiver to Client Type

    • Click Client Type object
    • Click Branch Rules tab
    • Click Add Branch Rule button
    • In Name field, replace Branch Rule 1 with Citrix Receiver
    • Under Citrix Receiver, click change link
    • Click Add Expression button
    • In Agent Sel pulldown, select UI Mode
    • In UI Mode is pulldown, select Citrix Reciever
    • Click Add Expression button
    • Click Finished button
    • Click Save button (this takes a while)
  9. Add a Logon Page object to the Citrix Receiver branch

    • On the Client Type, Citrix Receiver branch, click the “+”
    • In the Logon tab, select Logon Page
    • Click Add Item button
    • Review the default settings
    • Click Save button
  10. Add Domain Variable Assign object to the Citrix Receiver branch

    • On the Logon Page, fallback branch, click the “+”
    • Click Assignment tab
    • Select Variable Assign radio button
    • Click Add Item button
    • Click Add new entry button
    • Click change link
    • On the left panel, below Custom Variable – Unsecure, type in session.logon.last.domain
    • On the right panel, below Custom Expression, type in expr {"demoisfun"}
    • Click Finished button
    • Click Save button
    ../_images/image42.png
  11. Add an AD Auth object to the Citrix Receiver branch

    • On the Variable Assign, fallback branch, click “+”
    • Click Authentication tab
    • Select AD Auth radio button
    • Click Add Item button
    • In the Server pulldown, select /Common/AD1
    • Click the Save button
  12. Add an Advanced Resource Assign object to the Citrix Receiver branch

    • To the right of AD Auth, Successfull branch, click the “+”
    • Click Assignment tab
    • Select Advanced Resource Assign radio button
    • Click Add Item button
    • Click Add new entry button
    • Click Add/Delete link
    • Click Remote Desktop… tab
    • Select /Common/lab3-lb-sf.app/lab3-lb-sf_remote_desktop_1 check box
    • Click Webtop… tab
    • Select Common/lab3-lb-sf.app/lap3-lb-sf_webtop radio button
    • Click Update button
    • Click Save button
    • To the right of Advanced Resource Assign, fallback branch, click Deny
    • Select Allow radio button
    • Click Save button
    • On the upper right corner, click Close the VPE. Click YES on the IE pop-up
    ../_images/image43.png
  13. Apply the access policy

    • On the upper left corner of the main F5 GUI, click Apply Access Policy
    • Select all policies, click Apply
    • Verify that all Access policies status is Green (refresh browser if necessary)
    ../_images/image45.png
  14. Create a Virtual Server for PCOIP traffic

    • Go to Local Traffic -> Virtual Servers -> Virtual Server List
    • View the configuration of the lab2-proxy_pcoip_udp Virtual Server (VS). We will replicate this configuration using the IP of the new VIP we created for VDI access (Hint—Open an additional browser window connected to F5-bigip1a.demoisfun.net. This will allow you to display different VIPs in the same device)
    • Go to Local Traffic -> Virtual Servers -> Virtual Server List
    • Click Create button in the upper right section of the GUI
    • Configure the VIP with the variables below
    General Properties
    Name lab5-pcoip
    Destination Address/Mask 192.168.3.157
    Service Port 4172
    Configuration
    Protocol UDP
    Source Address Translation Auto Map
    Access Policy
    Application Tunnels (Jave & Per-App VPN) Enabled - Checked
    • Click Finished button
  15. Create a combined VS for Citrix and VMware connectivity

    • Go to Local Traffic -> Virtual Servers -> Virtual Server List
    • Click Create button in the upper right section of the GUI
    • Configure the VIP with the variables below
  16. VIP Config Parameters

    General Properties
    Name lab5-vdi
    Destination Address/Mask 192.168.3.157
    Service Port 443
    Configuration
    HTTP Profile http
    SSL Profile (Client) lab2-proxy_client_ssl
    SSL Profile (Server) serverssl
    Source Address Translatio Auto Map
    Access Policy
    Access Profile lab5-webtop_webtop
    Connectivity Profile lab2-proxy_connect
    VDI Profile vdi
  17. Click Finished button

Test Connectivity

  1. From “home-pc”

  2. Open IE and browse to https://vdi.demoisfun.net. Note this address has been configured in DNS to resolve to the VIP 192.168.3.157

  3. When prompted for credentials

    • Username: demo01
    • Password: password
  4. APM webtop is displayed with - Agility - Vmware View Desktop - Agility - Agility VDI Class (Citrix)

  5. Click Agility - Agility VDI Class to launch XenDesktop

  6. In Select client* pop-up, click Citrix Receiver button

  7. Verify that desktop is functional

  8. In Citrix Agility desktop, click Start -> Disconnect. This will return you to APM webtop

  9. Click Agility - Vmware View Desktop

  10. In Select client pop-up, click VMware Horizon button

  11. Verify that the VMware desktop functions

  12. Close View client

    ../_images/image44.png