Citrix XA/XD Resource Filtering and Presentation (DR - Active/Passive Sites)
There are a few different ways in which you can present only specific and needed Citrix environment resources (applications and virtual desktops) to your individual end-users. The two main approaches for accomplishing this goal are through resource entitlement (security accessibility and lock-down) and also resource filtering or hiding from even being presented to certain end-users. Through the filtering/hiding method, user's technical have access rights to the specific resource, but are not able to actually search for or view those resources for actual access and use.
Resource entitlements are the most common and secure method used. You have the ability to create AD security groups based on employee department, location, role/title, and so on. After adding the appropriate employees/users to that specific AD security group, you can then assign that security group to a specific Citrix resources (such as virtual desktops and applications). Additional related information and screenshots are shown later on under this article.
Resource filtering and display status configuration settings are a bit less secure (as this approach just hides certain resources from end-users instead of actually preventing access at all). Because of this, the use of the filtering configuration approach for controlling resource presentation shouldn't (in most cases) be used for security and access control, but instead getting a more granular level control on resource presentation down to the delivery group, desktop, and application level for user presentation primarily on a StoreFront Store by Store basis. (For Example: a specific user may have access to several different resources under your Citrix environment, but you may only want to present specific sub-sets of all available resources based on how that user is connecting into your environment).
Here is a listing of specific use case examples:
- Configuration of an Active/Passive DR cross site (Data center) access model
- (most common use case that is see implemented and used in the real-world)
- Ability to lock down and present only certain resources to your end-users based on where and what servers or appliances they are connecting through.
- Network location connecting from
- Citrix StoreFront Store connecting through
- When using anonymous access connectivity model. Ability to only present resources wanting users to have access to.
- In this case, the filtering (hiding/showing) resources is used more as the method of security access and entitlement.
- This approach typically requires many separate StoreFront environment Stores. Having to control user access and resource presentation (for the most part) based on which Store your end-users are presented access to and are configured for connectivity through.
Resource Filtering Based on Keyword Utilization (Overview):
Resource Filtering Based on Keyword Utilization (Hands-on):