Applies To:Show Versions
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
What are remote desktops?
Remote desktops in Access Policy Manager allow users to access the following types of internal servers in virtual desktop sessions:
- Microsoft Remote Desktop servers
- Citrix servers
- VMware View Connection servers
You can configure remote desktops by name or by their internal IP addresses, and grant or deny users the ability to set up their own favorites.
What is Microsoft remote desktop?
Using an Access Policy Manager ( APM) RDP type remote desktop, clients can access a server that runs Microsoft Remote Desktop Services. Microsoft Remote Desktop servers run the Microsoft Remote Desktop Protocol (RDP) server. RDP is a protocol that provides a graphical interface to another computer on a network.
To provide Microsoft RDP connections natively, APM provides these alternatives.
- Java Client
- APM provides a Java Client option in the remote desktop configuration. The option supports native connections for Windows, Mac, and Linux clients. When this option is selected, a user on any compatible platform is presented with a simple Java Client interface to the Microsoft RDP server with reduced visual display features.
- APM as a gateway for RDP clients
- With proper BIG-IP system configuration, Microsoft RDP clients can use APM as a gateway. The configuration supports Microsoft RDP clients on Windows, Mac, iOS, and Android. When a user types the address or hostname of the gateway into an RDP client and specifies a particularly configured virtual server for it, APM authorizes the client. When the client requests connections to resources on backend servers, APM authorizes the access.
For support information, refer to BIG-IP APM Client Compatibility Matrix on AskF5 at http://support.f5.com/.
What is Citrix remote desktop?
Citrix remote desktops are supported by Citrix XenApp and ICA clients. With Access Policy Manager you can configure clients to access servers using Citrix terminal services. You provide a location from which a client can download and install a Citrix client for a Citrix ICA connection.
Task summary for remote desktops
To set up remote desktops, perform the procedures in the task list.
Configuring a resource for Citrix or Microsoft remote desktops
- On the Main tab, click The Remote Desktops list opens. .
- Click Create. The General Properties screen opens.
Configure the following settings:
Option Description For Citrix Specify an IP address as your Destination, accept or change the Port, and select the ACL Order. For RDP Specify your Destination and Port. All other settings are optional. To provide a cross-platform Java client for this RDP tunnel, select the Java Client check box.Note: If you specify a hostname for your destination, make sure that it is DNS-resolvable. After the remote desktop is assigned to a full webtop in an access policy, the remote desktop does not appear on the full webtop if the hostname is not DNS-resolvable.
- Under the Default Customization Settings section, type a Caption. The caption identifies the remote desktop and enables it to appear on a full webtop.
Configuring an access policy to include a remote desktop
- On the Main tab, click The Access Profiles List screen opens. .
- Click the name of the access profile for which you want to edit the access policy. The properties screen opens for the profile you want to edit.
- On the menu bar, click Access Policy. The Access Policy screen opens.
- Click Edit Access Policy for Profile profile_name. The visual policy editor opens the access policy in a separate screen.
Click the (+) icon anywhere in the access policy to add
a new action item.
Note: Only an applicable subset of access policy items is available for selection in the visual policy editor for any access profile type.A popup screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
- On the Assignment tab, select the Resource Assign agent, and click Add Item. The Resource Assignment screen opens.
- Next to each type of resource that you want assign (Network Access, Portal Access, App Tunnel, Remote Desktop, or SAML), click the Add/Delete link, and select from available resources.
- Click Update.
- Click Save.
Attaching an access policy to a virtual server for remote desktops
- On the Main tab, click The Virtual Server List screen opens. .
- Click the name of the virtual server you want to modify.
- In the Destination Address field, type the IP address for a host virtual server. This field accepts an address in CIDR format (IP address/prefix). However, when you type the complete IP address for a host, you do not need to type a prefix after the address.
- For the HTTP Profile setting, verify that the default HTTP profile, http, is selected.
- In the Access Policy area, from the Access Profile list, select the access profile that you configured earlier.
- If you are using a connectivity profile, from the Connectivity Profile list, select the connectivity profile.
- If you are creating a virtual server to use with portal access resources in addition to remote desktops, from the Rewrite Profile list, select the default rewrite profile, or another rewrite profile you created.
- If you want to provide connections to Java RDP clients for application access, allow Java rewriting for portal access, or support a per-app VPN connection that is configured on a mobile device, select the Application Tunnels (Java & Per-App VPN) check box. You must enable this setting to make socket connections from a patched Java applet. If your applet doesn't require socket connections, or only uses HTTP to request resources, this setting is not required.
- If you want to provide native integration with an OAM server for authentication and authorization, select the OAM Support check box. You must have an OAM server configured in order to enable OAM support.
- Click Update.