Ferroque Systems News

Issue: AWS Instance Types Missing From Machine Creation Services

November 11th, 2019

When provisioning VDAs through MCS you may notice that many AWS instance types are missing from the machine specification list. Some of those instance types include C5 and M5. As per the following Citrix article: https://support.citrix.com/article/CTX139707 AWS instance types are pre-defined in the Delivery Controller software in a file called “InstanceTypes.XML” This means Citrix Virtual Apps and Desktops (CVAD) is unable to discover instance type … read more

Creating a Failure Page for Post-Auth EPA

November 6th, 2019

This post is a little bit niche as it may be relevant only for basic EPA expressions done on Citrix Gateway session policies whose use is slowly reducing, but figured it was worth covering off as there is still use cases for using EPA expressions in a session policy. What I cover in this article is a somewhat elaborate method of providing a user-friendly EPA … read more

Citrix ADC Security: Securing ns.conf with KEK Keys

August 22nd, 2019

This guide is intended to shed a little light on an interesting security mechanism in Citrix ADCs which seldom gets much attention. Mentioned in the Citrix Secure Deployment Guide for ADCs, is a line item about creating a system master key for “data protection”. In the context of ADCs this means passwords of local accounts, certificate key pair passphrases, LDAP passwords, RPC passwords, RADIUS secret … read more

Citrix Virtual Desktops: Launching Multiple Sessions From The Same User Account

July 30th, 2019

I’ve seen a lot of discussions online regarding the topic of launching two or more of the same Citrix resource (app, pooled VDI, HSD, etc.) on different machines using a single user account with no definitive answer. Today I was requested to implement this feature for a 1903 CR environment and it had taken a little bit of trial and error to get this to … read more

Integrating PingID with Citrix Gateway via RADIUS

July 29th, 2019

More adventures in RADIUS! PingID provides one of the most prevalent multi-factor authentication (MFA) solutions on the market today and as with many of them such as Azure MFA (which I touch on in a previous article), Okta, Duo, etc. can handle one-time passwords (OTP) via SMS, mobile app, or email, as well as “pushes” to a their mobile app (preferred method) which tends to … read more