AWS have updated AppStream 2.0 to introduce some fantastic new features in the May & June 2018 releases.
Google Drive support has been added (selectable at fleet creation). It only supports G-suite enterprise and must be enabled in G-Suite to function, but it also has support for multiple G-Suite domains.
This means clients can avoid the clumsy upload and download of files from the local device to the remote and simply log into Google Drive and have immediate access to their files within the AppStream session.
Here is a screenshot of the Windows Explorer integration and conveniently shows my free space as approx 8000 Petabytes! Good to know!
Support for Administrative controls have also been added (again selectable at fleet creation). Giving the administrator greater control and flexibility in the solution they deploy to the users for things like local device copy and paste, file upload or download (or upload only or download only or disabled) and local print options.
Recently a customer received the following message ‘this OS/platform is not authorized to access your Workspace’ when connecting to newly built AWS Workspace instance whilst attempting to connect via ‘Web Access’ https://clients.amazonworkspaces.com/
In more recent WorkSpace Updates (Jan 2019) if you dont explicitly have Web Access enabled you will receive a ERR_CM_REQUEST_FAILED message
This OS/platform is not authorized to access your Workspace
If the problem persists please contact your Workspaces Administrator.
Web Access needs to be explicitly enabled. As these were relatively new workspaces (May 2018) the workspaces also didn’t have to be rebuilt to allow web connectivity contrary to the AWS documentation.
Open the AWS Console
Select your Directory and click Actions then Update Details
Expand the 4th Section Access Control Options
Tick Web Access
Scroll to the bottom of the update details page and click Update and Exit
AWS AppStream 2.0 generates a SHA-256 hash of the users NameID for their Home Drive – when using SAML (aka Federated) authentication. This can potentially make it difficult to find the users home share if browsing from AWS S3 or for support teams when supporting users or uploading documents to the users ‘home drive’.
In this document is an example of a federated users home drive autocreated in S3 after the user has accessed AppStream 2.0 for the first time.
This script will simply create a function in Windows powershell and allow you to generate the SHA256 hash based on the NameID and so you can discover the users homepath.
When attempting to call AWS CLI commands we were receiving a CERTIFICATE_VERIFY_FAILED error message. We were using a proxy service. In this specific instance we were connecting to AWS IAM via zScaler Internet Access (ZIA)
we were running a simple
aws iam get-role --role-name vmimport
include–no-verify–ssl to by pass the ssl verification
aws iam get-role --role-name vmimport --no-verify-ssl
Drop or whitelist the iam.amazonaws.com from SSL inspection on the proxy server
In this guide we will connect the Citrix NetScaler to our Citrix XA/XD Environment for ICA proxy (Citrix Sessions without VPN).
Here you will see how quickly you can set up, secure and enable remote access to your Citrix environment via the NetScaler Gateway.
NOTE: you must have an active Citrix XenApp/XenDesktop server and a StoreFront server to proceed with the following steps.
DNS is configured on the NetScaler correctly to resolve inside DNS addresses
The internal or private IP Address of the VIP assigned to the NetScaler Gateway *
Know the details of your Citrix Server STA (our Citrix DDC(s))
Firewall ports are open between the NetScaler and the StoreFront server
XenAPp / XenDesktop and StoreFront already configured and setup (otherwise retrieve attributes won’t work)
A Certificate for your NetScaler Gateway FQDN is already installed on the NetScaler
Configure the NetScaler Gateway for XA/XD – Wizard
Log into NetScaler GUI
Under Integrate with Citrix Products – Click XenApp and XenDesktop
Click Get Started
Ensure StoreFront Is selected and Click Continue on the Prerequisites
NOTE: you must have an active Citrix XenApp/XenDesktop server and a StoreFront server to proceed with the following steps. If not – please just follow along this guide to understand the steps involved.
Provide the details that are relevant to your StoreFront and Citrix XenApp setup
Gateway FQDN: gateway.jsconsulting.services
Gateway IP Address: Inside private IP address for the Virtual Server. (aka VIP)
Port: 443 (SSL)
Redirect: Tick this option if you are also forwarding http traffic to this VIP so the NetScaler will redirect the users to https.
Then click Continue
Note: In this guide we are using the following specific details as working examples – you should use the appropriate settings for your environment
Because we enabled port 80 redirection the wizard will enable the LoadBalancing Feature on the NetScaler – Click Yes
Select the certificate you have previously installed on the NetScaler.
Note: you should have the complete certificate chain installed on the NetScaler – a later video will go through these steps to ensure the complete Certificate chain is installed.
Keep Authentication as Domain
Select Use Existing Server
Select the server that has the ‘NSUsers’ profile associated (will be listed in order of creation so usually the second server in the list if you have followed our other guides)
Enter the details of your StoreFront server
The retrieve stores button will not work if the StoreFront server is not configured. You will not be able to proceed with this wizard if you can’t ‘retrieve store’ as the wizard will not let you proceed manually
In this example our StoreFront and Citrix XenApp are installed on the same box so the URLs can point to the same server
On the summary pages, now all the basic settings have been entered you can click Done
If you want to learn more about Citrix NetScaler check out our online NetScaler course atwww.mastersof.cloud
Signup below to receive a free 200 page Citrix NetScaler Introduction guide!