Proxy Citrix Storefront & ICA WebSockets Externally (Single VDA Server)


Configuration has yet to be fully verified, Kemp Support will gladly assist if your Citrix Storefront traffic is not flowing as expected.


NOTE: Currently only works with a single VDA Server. 


1   Introduction

Citrix Virtual Desktop Infrastructure is a virtualization server environment which allows remote access to users. With Citrix VDI, application traffic is delivered across a Wide Area Network (WAN).

Citrix VDI makes IT management much easier. Rather than maintaining PCs at local branch offices, Citrix VDI enables a corporation's IT department maintain virtual, location diverse PCs in a central location.


1.1  Document Purpose

This section details a configuration for a specific application that has been provided by a customer but has yet to be fully tested

This specific configuration will ensure that your Storefront servers are highly-available, scalable, and secure.

Configuration has yet to be fully verified, Kemp Support will gladly assist if your Storefront traffic is not flowing as expected.


 Citrix Storefront Configuration 

 In order to Load Balance Citrix Storefront on your Kemp Load Master you will be required to make specific configuration changes on your Storefront environment . 


Please note that Xen Desktop 7 is required. 

  1. Step1: Enable Receiver for HTML5 in Citrix. Not necessary if only using Citrix Receiver client. StoreFront 
  2. Step2: Add a Static Public IP or DNS name to your ICA File. This will only be used for External connections. 
  3. Step3: Secure ICA Connections to VDA using SSL 


Load Master Global Configuration

       No Changes Required


4  Virtual Service Configuration

 Two Virtual Services are required. 

1. TCP Port 443 Virtual Service for your Store Front Servers. If required a second Port 80 virtual Service will be used to redirect traffic to port 443. 

2. TCP Port 4443 Virtual Service for your ICA WebSockets trafic. 

The listening port configured for your ICA traffic can be any listening port. You will configure this port in section 2.0 using Step 3. Secure ICA Connections to VDA using SSL 


Port 80 Redirect Virtual Service

When 443 Virtual Service is created, navigate to Modify VS --> Advanced Properties --> Add a Port 80 Redirector VS




4.1 StoreFront  Virtual Service

 > New Virtual Service

 > Enter IP Address

 > Port = 443

 > Name = Storefront


4.2 Standard Options

     >  Persistence = Super HTTP (SSL Acceleration Required section 2.5)

     >  Timeout =  1 Hours

     > Scheduling Method = Least Connection


4.3  Enable SSL Acceleration  (Tick Reencrypt if Server expects 443 Encrypted Traffic)


4.4   Real Servers

      > Checker Parameter Type = HTTPS

      > Check Port = 443    

     >  URL = /Citrix/KempWeb   (Case sensitive and URL will vary)

      >  Add New


    > Enter Real Server IP Address

    > Port = 443  

    > Forwarding Method = NAT


5. ICA WebSockets Virtual Service

 > New Virtual Service

 > Enter IP Address

 > Port = 4443

 > Name = Citrix ICA WebSockets

5.1 Standard Options

    >  Persistence = Source IP

    >  Scheduling Method = Round Robin



5.2   Real Servers

      > Checker Parameter Type =TCP

      > Check Port = 4443    

      >  Add New


   > Enter Real Server IP Address

    > Port = 4443  

    > Forwarding Method = NAT


If you have successfully Load Balanced your Citrix environment by implementing this specific configuration, please give a thumbs up or please leave a comment on a possible alteration that was required to make it function. Thank you