Citrix SPA LAB Guide

CITRIX SECURITY
LAB MANUAL
Lab Guide | Citrix Systems, Inc | SPA
Table of Contents
Workshop Overview ......................................................................................................................................................................................................................... 3
Lab Manual Overview ....................................................................................................................................................................................................... 4
Module 1 - Citrix Cloud Onboarding .......................................................................................................................................................................................... 9

Exercise 1.1 - Accessing Citrix Cloud ........................................................................................................................................................................ 10
Exercise 1.2 - Connector Appliance Installation .................................................................................................................................................. 17
Log Off From Admin Desktop ......................................................................................................................................................................................27
Module 2 - SPA - Local Browser.............................................................................................................................................................................................. 28

Switch to Windows 10 Desktop.................................................................................................................................................................................. 29
Exercise 2.1 - Deliver Internal Web Application via Local Browser ............................................................................................................. 30
Module 3 - SPA - Secure Browser Service ......................................................................................................................................................................... 37

Exercise 3.1 - Deliver Internal Web Application via Secure Browser Service......................................................................................... 38
Module 4 - SPA - Enterprise Browser ................................................................................................................................................................................... 44

Exercise 4.1 - Deliver Internal Web Application via Enterprise Browser................................................................................................... 45
Module 5 - SPA - ZTNA ............................................................................................................................................................................................................... 48

Exercise 5.1 - RDP Access............................................................................................................................................................................................ 49
Exercise 5.2 - Intranet Access ................................................................................................................................................................................... 55
Exercise 5.3 - SSH Access ........................................................................................................................................................................................... 61
Workshop Overview
v0.8 - 082222JDW 3
Lab Manual Overview
Lab Exercise
The virtual machines in this lab are running on Windows Server 2016 and Windows 10 Desktop. At the completion of these
exercises, you will gain valuable hands-on experience in installing, configuring, administering, and supporting Citrix Secure
Private Access (SPA) on Citrix Cloud.
Lab Scenario
WW Labs is a technology company whose infrastructure topology is centrally located in New York City— referenced as NYC in
the company naming convention. The CTO has received a trial account for Citrix SPA on Citrix Cloud and has requested his
team to validate the solution. The Lead Citrix Architect has tasked the Citrix Administrator team to implement a Proof of
Concept (PoC) to simulate Citrix SPA on Citrix Cloud, utilizing the current implementation of Active Directory, web applications,
RDP, and SSH.
The Lead Citrix Architect has designated an isolated environment for the PoC, and various virtual machines have already been
provisioned to verify that the PoC can be easily implemented. The Lead Citrix Architect has instructed the Citrix Administrator
team to meet the following project goals with the Citrix SPA PoC:
• Verify Connector Appliance software and functionality.

• Publish a non secure website where no additional access controls are needed
• Publish a locked down web application via Citrix Secure Browser Service for HTML5 users
• Publish a locked down Web application using Citrix Enterprise Browser withinCitrix Workspace.
• Deploy an RDP Desktop using Citrix ZTNA
• Publish an Intranet site using ZTNA
• Publish SSH access to a NetScaler via ZTNA
Lab Environment Overview

The lab environment provided consists of a single self-contained on-premises environment with all supporting technologies.
• Windows Server Desktop

• Windows 10 Client machine in a separate L3 network
• Citrix XenServer and Xencenter to deploy SPA agent
Lab Access
 As Citrix Cloud is a SaaS offering, product updates and hot fixes are continuously implemented. As a result, you may
notice procedures are different from those described in the step-by-step instructions, and screenshots differ from
what you see on your screen
You should have received an e-mail from Citrix Demo Center; follow the steps in this lab guide to proceed.
1. Click the Demo Center hyperlink in the e-mail to open the lab landing page.
v0.8 - 082222JDW 4
2. The Demo Center page will launch that displays all of the connection information for your lab.
 Leave this page open for the duration of the workshop for reference.
3. Click the hyperlink for StoreFront
4. Log On with User name demoadmin and the unique password defined in the Demo Center page
5. Click the Log On button
v0.8 - 082222JDW 5
 If the Citrix Workspace client is installed on your machine you can safely bypass all prompts for installation.
6. Click the DESKTOPS header item
7. Click the Admin Desktop box
 If the downloaded *.ica file does not auto launch, open the file with Citrix Connection Manager when prompted.
 You will perform XenCenter lab exercises inside of the Admin Desktop and all further ADMINISTRATION and CLIENT
testing exercises on the Windows 10 desktop
Module 5 CLIENT testing can also be performed on your local workstation though the Windows 10 desktop is
configured to have all agents installed and is ready to go
8. You have successfully accessed your lab environment when you see the following Admin Desktop.
v0.8 - 082222JDW 6
Server List
Hostname IP Address Role
AD1 172.30.200.20 Active Directory
Admin 172.30.200.34 Admin Workstation
Windows10 172.30.200.38 Windows 10 Workstation
Connector1 172.30.200.30 Citrix Cloud Connector
Connector2 172.30.200.32 Citrix Cloud Connector
NS1 172.30.200.10 Citrix ADC
Router 172.30.200.254 Virtual Router
SQL1 172.30.200.60 SQL Database
XD1 172.30.200.70 Delivery Controller
Credential List
The credentials required to connect to the environment and complete the lab exercises are displayed in the initial Citrix Demo
Center launch page and are unique per student.
Username Password
demoadmin
nsroot
demoroot
root
User1 See Demo Center web page
User2
User3
User4
User5
v0.8 - 082222JDW 7
Credits
Title Name
Architect Jacob Wilson
Senior Sales Engineer Mac Thomas
Senior Marketing Manager Michele Bianco
Master Citrix Instructor Tony Zhang
Sales Engineering Director Don Willams
Citrix Solutions Marketing Matt Crawford
Strategic Alliances Director Kurt Moody
Directors of Sales Engineering Eric Bishop
Marketing Support Specialist Irene Kanashiro
v0.8 - 082222JDW 8
Module 1 - Citrix Cloud Onboarding
v0.8 - 082222JDW 9
Exercise 1.1 - Accessing Citrix Cloud

In this exercise we will walk you through the process of connecting to Citrix Cloud for the first time.
It is assumed that you have an active Citrix Cloud or MyCitrix account. If you do, complete First Time Login - Existing
Account, if you do not have either account type, complete First Time Login - New Account.
Please Note:
All work for this section should be completed on the Admin Desktop.
First Time Login - Existing Account
 Only complete this section if you have an existing Citrix Cloud or MyCitrix account. Otherwise skip to the next section.
1. Check the e-mail account used to register for this workshop

2. You should have an e-mail from Citrix Cloud that you have been added as an administrator to the DemoCenter tenant
3. Click the Sign in to Get Started button.
 If the above prompt does not appear, you may not have an account registered to the e-mail address used for this
workshop. Proceed to the next section and create a new account.
4. Click the Sign In button.
v0.8 - 082222JDW 10
5. Login with your existing account credentials and click the Sign In button.
6. Populate the token from your authenticator app.

7. Click the Verify button.
 This dialogue may not appear if you have logged in recently and already accepted.
8. Click the ToS acceptance box.

9. Click the Continue button.
v0.8 - 082222JDW 11
 Your initial tenant view may look different than above.
10. You should now be successfully logged in to your Citrix Cloud tenant for this workshop.
11. Note the tenant CCID value in the upper right hand corner.
 All lab exercises are performed inside this tenant. Ensure that you are always working in this tenant if you have
multiple tenants bound to your account.
12. Proceed to the Disable Token for Workspace section.
First Time Login - New Account
 Only complete this section if you do not have an existing Citrix Cloud or MyCitrix account. Otherwise continue to the
next section.
1. Check the e-mail account used to register for this workshop.

2. You should have an e-mail from Citrix Cloud that you have been added as an administrator to the DemoCenter tenant.
3. Click the Sign in to Get Started button.
4. Create your Citrix Cloud account by populating the Name and Password fields.
5. Check the box for ToS acceptance.
v0.8 - 082222JDW 12
8. Populate the Username field with the e-mail address used to register for Citrix Cloud.
9. Populate the Password field with the password defined in a previous step.
11. Click the Enroll Now button.
13. Check the e-mail account used to register for Citrix Cloud.
14. Find the e-mail with the Subject line Citrix Cloud: Complete Your Device Registration.
15. Copy the 6-digit verification code from this e-mail into the first field.
v0.8 - 082222JDW 13
16. Enter your account password in the second field.

17. Click the Verify button.
18. Open an authenticator app of your choice (Microsoft Authenticator, Twilio Authy, etc.).
19. Scan the QR code or enter the Key into your authenticator app.
20. Once the application has been added, type in the next 6-digit code that appears.
21. Click the Verify code button.
22. Add a recovery phone number.

23. Generate and download the account backup codes.
24. Click the Finish button.
v0.8 - 082222JDW 14
 This dialogue may not appear if you have logged in recently and already accepted.
25. Click the ToS acceptance box.

 Your initial tenant view may look different than above.
27. You should now be successfully logged in to your Citrix Cloud tenant.
Disable Token for Workspace

For a quicker user experience in the lab, you will disable the MFA Token requirement when logging into Workspace. Please
note that in a real external facing environment this should never be performed due to security concerns.
1. Click the hamburger menu in the upper left corner.

2. Click on Workspace Configuration.
v0.8 - 082222JDW 15
3. Click the Authentication header.

4. Click the Active Directory radio button.
5. Check the box to acknowledge the impact of the change.

6. Click the Confirm button.
 Note that this change is not instantaneous and takes roughly 1-2 minutes to be reflected on the Workspace login page
v0.8 - 082222JDW 16
Exercise 1.2 - Connector Appliance Installation

Connecting your resources to Citrix Cloud involves deploying connectors in your environment and creating resource locations.
Resource locations contain the resources required to deliver cloud services to your subscribers. You manage these resources
from the Citrix Cloud console. Resource locations contain different resources depending on which Citrix Cloud services you are
using and the services that you want to provide to your subscribers.
In this exercise we will walk you through the installation and configuration of the Connector Appliance software in your on
premises environment.
Import the Connector Appliance

You will be downloading the Connector Appliance binary to the Admin Desktop to import into the XenServer hypervisor.
1. Click the Edit or Add New button for Resource Location in your Citrix Cloud tenant.
2. Click the Add a Resource Location button.
3. Click the Connector Appliances box.
4. Make sure Citrix Hypervisor is selected and click the Download Image button
v0.8 - 082222JDW 17
5. In the Admin Desktop launch Citrix XenCenter from the Start Menu; it should automatically connect to your host
6. Click the File menu and select Import...
7. Click the Browse button for Import Source
v0.8 - 082222JDW 18
8. Navigate to the Downloads folder and select the connector-appliance binary

9. Click the Open button
10. Click the Next button
11. Select the only server listed

v0.8 - 082222JDW 19
13. Select Local Storage

14. Click the Import button
15. Select Internal from the Network drop down menu

17. Click the Finish button
v0.8 - 082222JDW 20
 You will only be installing one (1) Connector Appliance during this workshop for the sake of brevity. Please note that
in a real environment two (2) Connector Appliances would always be installed for fault tolerance.
During the remainder of this workshop you can safely ignore any messages about only one (1) Connector Appliance
being available.
Configure the Connector Appliance

1. In XenCenter select the Connector Appliance in the left hand pane
2. Click the Console tab
3. Note the IP Address for configuration
4. In Google Chrome on your Admin Desktop navigate to the IP Address listed in the previous step in a new tab
5. Set the initial password to Citrix123! and click the Set password button
v0.8 - 082222JDW 21
6. Sign in with password Citrix123!
7. Click the Register connector button under the Connector summary heading
8. Name the appliance connectorappliance1.citrix.lab

v0.8 - 082222JDW 22
10. Click the Copy button next to the code
11. Back in the Citrix Cloud tenant Paste the code

12. Click the Confirm Details button
13. Click the Register button
 Registration Code is Case Sensitive
Depending on your screen resolution you may have to scroll down to see the code input section
v0.8 - 082222JDW 23
14. On the Connector Appliance verify the successful registration

15. Click the Close button
16. Click the Add Active Directory domain link under the Active Directory domains heading
 It may take a few minutes for this step to work successfully if the Connector Appliance needs to pull an update from
Citrix Cloud and update itself. Please wait a few minutes and Sign in again if this occurs.
17. Define citrix.lab as the domain and click Add
v0.8 - 082222JDW 24
18. Login with the fully qualified demoadmin@citrix.lab account

19. Click the Continue button
 The password for the demoadmin account is in your DemoCenter landing page
 Do not modify the pre-populated Machine account
20. Back in Citrix Cloud verify that the Connector Appliance shows as available
 The Connector Appliances may automatically update themselves and reboot depending on how quickly the prior steps
are performed. The Connector Appliance will show in a down state temporarily in this event.
v0.8 - 082222JDW 25
v0.8 - 082222JDW 26
Log Off From Admin Desktop
At this point you will log off the Admin Desktop and perform further efforts on the
Windows 10 Desktop (This will be key for the RDP component in Section 5)
• Click the dropdown at the top of the desktop screen

• Click Ctrl-Alt_Del
• Click Sign Out
v0.8 - 082222JDW 27
Module 2 - SPA - Local Browser
v0.8 - 082222JDW 28
Switch to Windows 10 Desktop

From here on all work will be done inside the Windows 10 desktop. Refer back to Lab Manual Overview for steps to launch the
StoreFront site to access this desktop.
Once logged into the Windows 10 Desktop, use Chrome on the Desktop to reconnect to Citrix.cloud.com and sign back in to
configure SPA
v0.8 - 082222JDW 29
Exercise 2.1 - Deliver Internal Web Application via Local

Browser
This is an app published to be accessed with the local browser on the system
In this exercise we will walk you through the process of adding an app and security policy. Then you will log in as a user and
access the app through the portal.
This access method is best for internal applications that don't contain sensitive or private information.
Publish Web Application

1. Navigate to the Secure Private Access tile and click the Manage button
 If the First Time Use page appears for Secure Private Access, click the Continue button
2. Verify that the Identity & Authentication node is defined as Use Existing Workspace Authentication with Active Directory
4. Click the Add an app button
v0.8 - 082222JDW 30
5. Click the Skip button under the Choose a template section
6. Select the Inside my corporate network radio button

7. Select HTTP/HTTPS for App type
8. Define Doctor Portal as the App name
9. Define https://doctor.citrix.lab as the URL
10. Verify that *.doctor.citrix.lab auto-populates as the Related Domain
12. Select Don't use SSO as the type of single sign on
v0.8 - 082222JDW 31
14. Verify that the App Connectivity type is set to Internal

16. Select citrix.lab in the Choose a domain drop down menu

17. Search for and Add User1 as a subscriber
v0.8 - 082222JDW 32
21. Click the Create policy button
22. Select Doctor Portal for the application

23. Set to condition to Matches any of in citrix.lab for user1
24. Select Allow access for the action
25. Define Doctor Access as the Policy name
26. Select the slider button for Enabled
27. Click the Save button
v0.8 - 082222JDW 33
29. Click the Close button
Test Application
All testing in this workshop will be performed inside the Windows 10 desktop.
1. Go back to Chrome on the Windows 10 Desktop and then in Citrix Cloud click on the Hamburger Menu and select
Workspace Configuration
v0.8 - 082222JDW 34
2. Copy the Workspace URL and launch Workspace in a new tab in the Google Chrome browser inside of the Windows 10
desktop
3. Log in as citrix.lab\user1
5. Click Apps and then click All Apps

6. Click on the Doctor Portal tile
7. Verify that the internal application Doctor Portal launches successfully in the Google Chrome browser inside the Windows
10 desktop
 Note the URL displayed when accessing this application via SPA
v0.8 - 082222JDW 35
You've just completed adding and accessing a web application that required SPA to log in and see but had no added protection.
This experience should end up feeling just as if you went straight to the web page with Chrome. Though in this case the access
is proxied via the gateway service rather than needing to be done via a VPN or a published browser via CVAD.
v0.8 - 082222JDW 36
Module 3 - SPA - Secure Browser

Service
v0.8 - 082222JDW 37
Exercise 3.1 - Deliver Internal Web Application via Secure

Browser Service
The second browser option available is the Citrix Secure Browser Service. This browser will be used when using the HTML5
interface to access a heightened security site
In this exercise we will walk you through the process of adding a more secure application and defining a security policy with
restrictions.
This mode allows the user to access resources but the browser interacting with the site is hosted externally using the cloud.
This prevents any "nefarious" activity from impacting the user's machine or the local network. For truly untrusted or dangerous
sites this is the best access method
Publish Web Application

2. Click the Applications heading in the left hand pane

v0.8 - 082222JDW 38

6. Select HTTP/HTTPS for App type
7. Define Finance Portal as the App name
8. Define https://finance.citrix.lab as the URL
9. Define *.bold-themes.com as an additional Related Domains by clicking the + Add another related domain button
11. Select Don't use SSO as the type of single sign on

13. Verify that the App Connectivity types are set to Internal
v0.8 - 082222JDW 39

16. Search for and add User2 as a subscriber
Create Access Policy

1. Click on the Access Policies heading in the left hand pane
3. Select Finance Portal for the application

4. Set to condition to Matches any of in citrix.lab for user2
v0.8 - 082222JDW 40
5. Select Allow access with restrictions for the action

6. Select security restrictions: clipboard access, printing, downloads, and display watermark
7. Define Finance Access as the Policy name
Test Application - Secure Browser Service

All testing in this workshop will be performed inside the Windows 10 desktop. Refer back to Lab Manual Overview for steps to
launch the StoreFront site to access this desktop.
1. In Citrix Cloud click on the Hamburger Menu and select Workspace Configuration
v0.8 - 082222JDW 41
2. Copy the Workspace URL and launch Workspace in the Google Chrome browser inside of the Windows 10 desktop

6. Click on the Finance Portal tile
v0.8 - 082222JDW 42
7. Verify that the internal application Finance Portal launches successfully in the Secure Browser Service inside Google
Chrome on the Windows 10 desktop
8. Verify that security protections such as copy & paste are not functional inside of this session
9. Close the browser tab when complete
 If the Finance Portal does not launch, verify that the web browser is not blocking pop-ups and try again
 Notice the browser bar in this type of SPA application is the Citrix Enterprise Browser but is rendered inside of
Google Chrome using the Secure Browser Service.
This is a very effective way of providing a more absolute control over website access. The Secure Browser Service (SBS) being
used is hosted externally and has no life or memory beyond the time of the access. SBS is already popular amongst other Citrix
Security Offerings, this is just another way to put it into play for maximum effect
v0.8 - 082222JDW 43
Module 4 - SPA - Enterprise

Browser
v0.8 - 082222JDW 44
Exercise 4.1 - Deliver Internal Web Application via Enterprise

Browser
Citrix offers a third browser option built into the Workspace Client. In this exercise we will walk you through the process of
testing a prior published application using Citrix Enterprise Browser (EB). This browser operates in a sandbox on your desktop
and allows all of the advanced browsing controls without the need to use SBS. The EB is Chromium based, and as such will be
very familiar to most users and provide a fast, secure, "normal" browsing experience
Test Application - Enterprise Browser

2. Copy the Workspace URL to your clipboard as you will need it to set up the Citrix Workspace application
3. From your Windows 10 desktop launch the Citrix Workspace application from the system tray by double clicking on the
icon
4. Paste the Workspace URL from your clipboard when prompted for your Store URL
5. Click the Continue button
v0.8 - 082222JDW 45
7. Click the Sign In button
8. Click the Allow button

10. Click on the Finance Portal tile
v0.8 - 082222JDW 46
10. Verify that the internal application Finance Portal launches successfully and a watermark is displayed
11. Notice that the browser is the native Enterprise Browser from the Workspace client
12. Verify security restrictions such as copy and paste functionality
One of the best parts of the EB is that it's often a little faster than the SBS access. While not significant, letting users who have
workspace installed access sites with EB will provide a bit quicker browsing experience.
v0.8 - 082222JDW 47
Module 5 - SPA - ZTNA
v0.8 - 082222JDW 48
Exercise 5.1 - RDP Access

In this exercise we will walk you through the process of using ZTNA access to access RDP. This will allow a full connection
while also allowing to not be connected to a full VPN. As with all SPA components, connections are allowed and authenticated
individually without a "general" open VPN connection allowing for potentially bad traffic to cross the link.
 The Citrix Secure Access agent has been pre-installed on the Windows 10 desktop. You can also install the
components on your local workstation if you prefer. The experience will be the same regardless.
*Installation of the Citrix Secure Access agent on your local workstation requires administrative rights.
Add RDP Access


v0.8 - 082222JDW 49

6. Select TCP/UDP for App type
7. Define ZTNA - RDP - Admin Machine as the App name
8. Define Destination as admin.citrix.lab on Port 3389 over TCP
10. Verify that the Network type is set to Internal

v0.8 - 082222JDW 50
13. Search for DemoAdmin and add as a subscriber

Create RDP Access Policy

3. Select ZTNA-RDP-Admin Machine for the application

4. Set to condition to Matches any of in citrix.lab for DemoAdmin
6. Define RDP Access as the Policy name
v0.8 - 082222JDW 51
Test RDP Access

2. Copy this URL as you will need to launch it via the Citrix Secure Access agent
 If you are testing this module on your local machine, a ShareFile link will be provided with the proper installation
binaries for the Citrix Secure Access agent. After installation resume the exercise from this point.
v0.8 - 082222JDW 52
 If you did not log off from the Admin Desktop RDP will not connect due to how RDP and session "stealing" works.
Please be sure to log off the Admin Desktop.
3. Launch the Citrix Secure Access agent from the desktop of the Windows 10 desktop or your local workstation
4. Populate the server URL field with the Workspace URL
5. Click the Connect button
7. Login as citrix.lab\demoadmin
9. The following window will display when successfully connected
v0.8 - 082222JDW 53
10. From the Windows start menu run mstsc

11. Type in the computer name as admin.citrix.lab
12. Click the Connect button
13. Verify that a Remote Desktop connection is established
 If your Admin Desktop is opened via ICA at the same time as testing this functionality you will receive a message
stating that the target session is incompatible with the current session. This is expected behavior as you can't have both
sessions (ICA/RDP) running concurrently with the same account.
v0.8 - 082222JDW 54
Exercise 5.2 - Intranet Access

In this exercise we will walk you through the process of using ZTNA access to access an internally hosted Intranet site. The
difference in this and the methods above is that the URL is filtered and attached to rather than opening up direct. This allows a
company to add a list of sites into a single app/policy rather than creating an app and policy per web site.
 The Citrix Secure Access agent has been pre-installed on the Windows 10 desktop if using your local workstation is
not possible. As before, you can opt to install the Secure Access Client and perform these steps on your local
workstation
Add Intranet Access


v0.8 - 082222JDW 55

7. Define ZTNA - Intranet as the App name
8. Define Destination as intranet.citrix.lab on Port 80 over TCP

v0.8 - 082222JDW 56
13. Search for User1 and DemoAdmin and add as a subscriber

Create Intranet Access Policy

3. Select ZTNA-Intranet for the application

4. Set to condition to Matches any of in citrix.lab for User1 and DemoAdmin
6. Define Intranet Access as the Policy name
v0.8 - 082222JDW 57
Test Intranet Access
 The Citrix Secure Access agent should already be installed and/or configured from the previous exercise. Refer to
Exercise 3.1 if this has not been done.
1. If you are still connected from the previous exercise click the Logoff button
1. Click the Connection drop down menu and select the previously configured connection
v0.8 - 082222JDW 58
10. Launch your preferred web browser

11. Navigate to http://intranet.citrix.lab
12. Verify that the intranet site loads successfully
v0.8 - 082222JDW 59
You've now shown that by using web filtering, users can access specific internal resources without the need to distinctly
publish the specific page. This allows for adding multiple resources into a single app/policy while still maintaining security
controls. This won't be as secure as a directly published app with all the access policy options but can work for Intranet sites
not requiring enhanced security.
v0.8 - 082222JDW 60
Exercise 5.3 - SSH Access

In this exercise we will walk you through the process of using ZTNA access to access an internally hosted server over SSH.
This can be used to grant shell access to administrators allowing them to quickly access the resources. This has always been a
particularly difficult use case to handle without true dedicated VPNs in the past.
 The Citrix Secure Access agent has been pre-installed on the Windows 10 desktop if using your local workstation is
not possible. As mentioned before, the experience will be the same regardless of access method.
Add SSH Access


v0.8 - 082222JDW 61

7. Define ZTNA - SSH - ADC as the App name
8. Define Destination as 172.30.200.10 on Port 22 over TCP

v0.8 - 082222JDW 62
13. Search for DemoAdmin and add as a subscriber

Create SSH Access Policy

3. Select ZTNA-SSH-ADC for the application

4. Set to condition to Matches any of in citrix.lab for DemoAdmin
6. Define SSH Access as the Policy name
v0.8 - 082222JDW 63
Test SSH Access
 The Citrix Secure Access agent should already be installed and/or configured from the previous exercise. Refer to
Exercise 3.1 if this has not been done.
1. If you are still connected from the previous exercise click the Logoff button
1. Click the Connection drop down menu and select the previously configured connection
v0.8 - 082222JDW 64
10. Launch your preferred SSH client such as PuTTY (The download for Putty is provided for local machine or the client is
already installed on the Windows 10 Desktop)
11. Populate IP address field with 172.30.200.10
12. Click the Open button
v0.8 - 082222JDW 65
13. Click the Accept button
14. Login as nsroot with the password from the DemoCenter landing page
15. Verify that you are connected via SSH
Congratulations, you are done. With this last exercise you've seen several ways to allow access to company internal assets
while also minimizing that access in a very controlled way. This is obviously the tip of the iceberg and your sales and SE teams
would be more than happy to go into other scenarios far more specific to your company's use cases. There is a whole world
beyond what you've seen here that we just can't show all of in the time allotted. We really hope you've enjoyed your time here
and we hope to see you again as you follow your journey into next generation secure access.
v0.8 - 082222JDW 66

Citrix SPA LAB Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Citrix SPA LAB Guide

Uploaded by

Copyright:

Available Formats

CITRIX SECURITY

Module 1 - Citrix Cloud Onboarding .......................................................................................................................................................................................... 9

Module 2 - SPA - Local Browser.............................................................................................................................................................................................. 28

Module 3 - SPA - Secure Browser Service ......................................................................................................................................................................... 37

Module 4 - SPA - Enterprise Browser ................................................................................................................................................................................... 44

Module 5 - SPA - ZTNA ............................................................................................................................................................................................................... 48

Lab Manual Overview

• Verify Connector Appliance software and functionality.

Lab Environment Overview

• Windows Server Desktop

3. Click the hyperlink for StoreFront

6. Click the DESKTOPS header item

7. Click the Admin Desktop box

Hostname IP Address Role

AD1 172.30.200.20 Active Directory

Admin 172.30.200.34 Admin Workstation

Windows10 172.30.200.38 Windows 10 Workstation

Connector1 172.30.200.30 Citrix Cloud Connector

Connector2 172.30.200.32 Citrix Cloud Connector

NS1 172.30.200.10 Citrix ADC

Router 172.30.200.254 Virtual Router

SQL1 172.30.200.60 SQL Database

XD1 172.30.200.70 Delivery Controller

User1 See Demo Center web page

Architect Jacob Wilson

Senior Sales Engineer Mac Thomas

Senior Marketing Manager Michele Bianco

Master Citrix Instructor Tony Zhang

Sales Engineering Director Don Willams

Citrix Solutions Marketing Matt Crawford

Strategic Alliances Director Kurt Moody

Directors of Sales Engineering Eric Bishop

Marketing Support Specialist Irene Kanashiro

Module 1 - Citrix Cloud Onboarding

Exercise 1.1 - Accessing Citrix Cloud

First Time Login - Existing Account

1. Check the e-mail account used to register for this workshop

4. Click the Sign In button.

6. Populate the token from your authenticator app.

8. Click the ToS acceptance box.

 Your initial tenant view may look different than above.

12. Proceed to the Disable Token for Workspace section.

First Time Login - New Account

1. Check the e-mail account used to register for this workshop.

7. Click the Sign In button.

11. Click the Enroll Now button.

16. Enter your account password in the second field.

22. Add a recovery phone number.

25. Click the ToS acceptance box.

 Your initial tenant view may look different than above.

Disable Token for Workspace

1. Click the hamburger menu in the upper left corner.

3. Click the Authentication header.

5. Check the box to acknowledge the impact of the change.

Exercise 1.2 - Connector Appliance Installation

Import the Connector Appliance

2. Click the Add a Resource Location button.

3. Click the Connector Appliances box.

6. Click the File menu and select Import...

7. Click the Browse button for Import Source

8. Navigate to the Downloads folder and select the connector-appliance binary

10. Click the Next button

11. Select the only server listed