Gateway

Configure NetScaler Gateway to support HDX Insight

HDX Insight provides end-to-end visibility for HDX traffic to virtual apps and desktops passing through NetScaler. It also enables administrators to view real-time client and network latency metrics, historical reports, end-to-end performance data, and troubleshoot performance issues.

To configure NetScaler Gateway to support HDX Insight using GUI

  1. On the Configuration tab navigate to System> AppFlow>Collectors, and click Add.

    Add collector

  2. On the Create AppFlow Collector page, populate the following fields, and click Create.

    • Name: Name for the collector

    • IP address: IPv4 address of the collector

    • Port: Port on which the collector listens

    • Net Profile: Net profile to associate with the collector. The IP address defined in the profile is used as the source IP address for AppFlow traffic for this collector. If you do not set this parameter, the NetScaler IP (NSIP) address is used as the source IP address.

    • Transport: Transport type of collector.

    AppFlow collector page

  3. Navigate to System > AppFlow > Actions, click Add.

    Add action

  4. On the Create AppFlow Action page, populate the following fields, and click Create.

    • AppFlow Action Name: Name for the action

    • Comment: Any comment about the action

    • Collector: Select the names of collectors to be associated with the AppFlow action.

    • Transaction Log: Transactions type to be logged.

    Create collector

  5. Navigate to System> AppFlow>Policies, click Add.

    Add policies

  6. On the Create AppFlow Policy page, populate the following fields, and click Create.

    • Name: Name for the policy.

    • Action: Name of the action to be associated with the policy.

    • UNDEF: Name of the AppFlow action to be associated with this policy when an undefined event occurs.

    • Expression: Expression or other value against which the traffic is evaluated. Must be a Boolean expression.

    • Comments: Any comments about this policy.

    Policies page

  7. Navigate to NetScaler Gateway>Virtual Servers, select the virtual server and click Edit.

    Virtual servers page

  8. Scroll down the VPN Virtual Server page and under the Policies section, click +.

    Add a policy

  9. On the Choose Type screen, in the Choose Policy drop-down menu, select AppFlow. In the Choose Type drop-down menu, choose Request or ICA Request and click Continue.

    Select the AppFlow policy page

  10. Click the highlighted arrow under Select Policy.

    Select AppFlow policy

  11. Select the AppFlow policy and click Select.

    Select AppFlow policy2

  12. Finally click Bind.

    Bind policy

To configure NetScaler Gateway to support HDX Insight using CLI

At the command prompt, type:

add appflow collector col3 -IPAddress<ip_mas>
add appflow action act1 <action_name>
add appflow policy <policy_name> true <action_name>
bind vpn Vserver <vserver_name>  -pol <policy_name> - priority101 END -type <ICA_Request>
<!--NeedCopy-->

Disable HDX Insight for non-NetScaler AppFlow (NSAP) HDX session

In a NetScaler appliance, you can now disable HDX Insight for the non-NSAP HDX sessions.

At the command prompt, type:

set ica parameter HDXInsightNonNSAP (YES | NO )
<!--NeedCopy-->

By default, HDX Insight for non-NSAP sessions is enabled.

HDX Insight support with Secure HDX

Secure HDX is an Application Level Encryption (ALE) solution that prevents any network elements in the traffic path from inspecting the HDX traffic. Starting from release 14.1 build 47.46, HDX Insight is available when Secure HDX is enabled. For more information on Secure HDX, see Secure HDX (Preview).

Administrators can monitor HDX Insight through Director, Monitor, and NetScaler Console service. For more information on performance metrics with Secure HDX enabled, see Diagnose Session Performance issues in Director and Diagnose Session Performance issues in Monitor. HDX Insight on the NetScaler Console service functions without any changes. For more information, see HDX Insight.

System requirements

HDX Insight with Secure HDX is currently supported only on the following platforms:

  • Citrix Workspace app for Windows - version 2503 and later.

  • VDA for Windows - version 2503 and later.

  • Director - version 2503 and later.

For more information on the system requirements to access HDX Insight when Secure HDX is enabled, see System requirements.

Benefit

  • Network latency for HDX Insight can be monitored in Director when Secure HDX is enabled.

Key enhancement

  • Data security: Secure connection between NetScaler Gateway and VDA over TLS when Secure HDX is enabled.

Limitations

HDX Insight with Secure HDX is not supported for the following scenarios:

  • EDT connections

  • HDX Multi-stream ICA (MSI) connections

  • IPv6 protocol

  • Transparent mode and LAN proxy mode topologies

  • SOCKS protocol

Configure NetScaler Gateway to support HDX Insight