There are some situations where you want to publish a VDI desktop to a certain machine instead of a user group. The way to accomplish that is documented in the following article CTX128232 – How to Configure XenDesktop for a Teaching Lab or Classroom Environment

According to this article you only need to fire up PowerShell, load the Citrix.Broker.Admin.* commandlets, get the DesktopGroupUid of your delivery group and set some BrokerAccessPolicyRules and BrokerAssignmentPolicyRules. In a last step you have to assign an IP address to a domain machine.

Add-PSSnapin Citrix.Broker.Admin.*

Get-BrokerDesktopGroup

Get-BrokerAccessPolicyRule -DesktopGroupUid <uid> | Set-BrokerAccessPolicyRule -AllowedUsers AnyAuthenticated

Get-BrokerAssignmentPolicyRule -DesktopGroupUid <uid> | Set-BrokerAssignmentPolicyRule -Enabled $false

Set-BrokerPrivateDesktop DOMAIN\MACHINE_A -AssignedIPAddress 10.1.1.100

A nice article but unfortunately it is incomplete 🙁

The following blog post helped me a little bit further: XenDesktop – Assigning Private Desktops by Client IP or Hostname. It showed me some more options for the published desktops like a custom name for every single published desktop and how to view the configured settings afterwards:

Set-BrokerPrivateDesktop DOMAIN\MACHINE_A -AssignedIPAddress 10.1.1.100 -PublishedName “Desktop_A”

Get-BrokerPrivateDesktop | ft MachineName,AssignedIPAddress,AssignedClientName,PublishedName

But still the published desktops where not visible to the configured machines. They connected fine to StoreFront but showed no desktop to launch 🙁

So I started scratching my head and tried to understand how this “magic” could ever work…

The main question was how the Delivery Controller gets to see the real IP address of the client because the client never ever talks directly to the Delivery Controller. All communication is between StoreFront and Client only. This is where it made “click”.

In almost every environment I know StoreFront is load balanced behind some NetScaler or similar device. Therefore the StoreFront server only sees the IP address of the load balancer and not the real client IP. In case of a NetScaler it is the SNIP StoreFront sees as client IP address.

So the solution was as simple as that: Configure NetScaler to pass the real client IP address as “X-Forwarded-For” header to StoreFront which can be done easily on the Service or Service Group used for StoreFront load balancing. StoreFront then extracts the real client IP address from the HTTP header and passes it automatically to the Delivery Controller which finally knows which desktop to deliver.

Immediately after that configuration has been done the desktops appeared with their individual name in StoreFront 🙂

Regards

Ecki