- 28 Mar 2023
- 10 Minutes to read
- Contributors
- DarkLight
- PDF
Roaming Sessions
- Updated on 28 Mar 2023
- 10 Minutes to read
- Contributors
- DarkLight
- PDF
Roaming Sessions
Session disconnection timings (i.e., "lock") and session active timings (i.e., "logoff") are controlled by Terminal Server or Citrix settings, which are set independent of an ExactAccess installation. Terminal Server/Citrix may be configured to automatically disconnect a session after a specified period of inactivity. This will leave the user's session available (though disconnected) to be reconnected to at a later time (i.e., to "roam a session"). Terminal Server/Citrix may also be configured to log a user's session off after a specified amount of inactivity, independent of the connection time.
Optionally, if it is preferable to use the ExactAccess timings to control disconnecting and logging off inactive sessions, you may do so by ensuring that autologoff.exe is in the Windows RUN key (for published Windows Desktops), and the registry setting AutoLogoffEnabled is set to 1 (see Access Scenarios below for more information on using autolgoff)
Configurable Workflow Scenarios
By default, users connecting to a Citrix server will see the desktop configured in this registry key:
HKLM\Software\HealthCast\ExactAccess\XAServerManager\Desktop
The following scenarios are also supported:
Published Windows desktop where explorer.exe is running. When a user logs in, the HCXACitrixDesktop will execute and display the user's application desktop.
Published XA desktop where explorer.exe is not running. When a user logs in, they will not receive a desktop. To configure this scenario, publish the application XAUCM.exe (i.e. "C:\Program Files\HealthCast\ExactAccess\XAUCM.exe"). This scenario is used in conjunction with full published Windows Desktops for remote users, and published applications for local users in the organization who utilize the same Citrix servers. Local users may already have an XA desktop for the workstation and do not want a second XA desktop appearing from the Citrix server. Remote users will have a full Windows desktop and therefore need access to the XA Desktop.
Published connectors where XAUCM.exe and explorer.exe are not running. When a user logs in, they will not receive a desktop.
Published XA Desktop where explorer.exe is not running. When a user logs in, they will receive the configured desktop. To configure this scenario, publish the application HCXACitrixDesktop.exe (i.e. "C:\Program Files\HealthCast\ExactAccess\HCXACitrixDesktop.exe"). This scenario is used when local workstations do not display an XA desktop, but connect to a Citrix server to display SSO-enabled applications. The user does not receive a full Windows desktop and all applications appear local (Citrix Seamless published applications).
Published Desktops and Application Access
There are several methods to provide access to SSO enabled applications in your environment. The following information may help to show how ExactAccess can be configured to accommodate these scenarios.
Access Scenarios
All users are accessing a published Windows Desktop.
All users are accessing a published XA Desktop.
All users are accessing published connectors.
Mixed environment where users outside the firewall are accessing published Windows Desktop or a published XA Desktop, users inside the firewall are accessing a published XA Desktop or published connectors.
Per-Session Inactivity timeouts
It is now possible for each user session to have a customized lock and logoff timeouts independent of other users timeouts by modifying the following keys in the users/session profile registry:
HKEY_CURRENT_USER\Software\HealthCast\ExactAccess
LockTimeLimit: reg_dword = 60
LogoffTimeLimit: reg_dword = 240
Mixed Published Environment
A mixed environment where remote users outside of the organizational firewall need access to a full Windows session including an XA desktop, but users inside the firewall will be accessing published XA desktops, or wrappers. This configuration allows the greatest flexibility on end user application display and executing both local (on the workstation, inside the firewall) and remote (on the Citrix server) applications.
Operation
- The remote application operates as an isolated Windows user session.
- Multiple applications may or may not share the same session.
- Session management is handled by terminal server or Citrix sessions.
- Session Lock and Logoff times are configured via terminal server or Citrix settings, however, they can also be controlled by ExactAccess settings.
- The end user receives a single XA desktop running on the Citrix Server.
- Graceful Logoff is handled by ExactAccess (WatchForLogoff.exe or AutoLogoff.exe)
- Full Windows desktop publishing is supported
Citrix Timeouts
In order for Citrix session timeouts to be handled properly for Graceful Logoff, it is necessary for WatchForLogoff.exe to be running in the remote session.
Create a batch file to launch the following items:
- c:\program files\HealthCast\ExactAccess\watchforlogoff.exe
- c:\program files\HealthCast\ExactAccess\XAUCM.exe
Publish this batch file as an application and configure the appropriate session timeouts using the Citrix or Terminal Server tools and settings.
This mode of operation publishes the XA desktop to display links to the SSO enabled applications on the server. It should not be used when desiring access to local (end-point) application access. Instead, use directly published Wrapper links.
ExactAccess Timeouts
In order for ExactAccess session timeouts to operate, it is necessary for autologoff.exe to be running in the remote session.
Create a batch file to launch the following items:
- c:\program files\HealthCast\ExactAccess\autologoff.exe
- c:\program files\HealthCast\ExactAccess\XAUCM.exe
Enable the following registry key:
HKEY_LOCAL_MACHINE\Software\HealthCast\ExactAccess
AutoLogoffEnabled: reg_dword = 1
- Configure the appropriate lock and logoff time settings by using the Client Configuration tool on the Citrix server.
- Publish this batch file as an application
Configure the appropriate lock and logoff time settings by using the Client Configuration tool on the Citrix server.
Publish this batch file as an application
Published Connectors
Publishing a connector directly from the server and NO XA Desktop is present on the server (it may be available on the client (end-point device)). The client is responsible for providing the SSO enabled links to the applications, and the server will not present an XA desktop. This scenario is similar to published XA desktop, however, since no XA desktop is presented from the Citrix server, it is not necessary to publish the batch file. Instead, the individual connector applications are published from the Citrix server, and are launched via links on the XA desktop running on the client (end-point) machine where the XA client is installed, or by another means such as Citrix Web Interface or Windows application links.
This scenario is intended for environments where both local applications and remote applications are desired, and the XA desktop will be launched from the client workstation with links to both. In addition, this mode of operation is supported on client workstations where XA is NOT installed, but links to NON-SSO enabled applications on the end-point device must be provided by other means.
Operation
- The remote application operates as an isolated Windows user session.
- Multiple applications/connectors may or may not share the same session.
- Session management is handled by terminal server or Citrix sessions.
- Session Lock and Logoff times are configured via terminal server or Citrix settings.
- The end user receives a single XA desktop running on the end-point device.
- Graceful logoff is handled by the individual connectors.
Published Desktop
A full published Windows Desktop is presented to the end user. All applications run on the Remote Citrix/Terminal Server. Explorer.exe runs to present the Windows Desktop. This is the standard configuration installed with RSM and is the expected mode of access to SSO enabled applications. No further configuration must be done to support this scenario. This scenario allows access from RDP and Terminal Services because it presents the full Windows Desktop. Additionally, this is supported from Citrix via ICA as well as RDP. The remote desktop session typically expands to full screen on the local workstation, and the end user operates exclusively with the remote Windows session.
Client workstations can access the full Windows published desktop in a variety of ways:
- Remotely through Terminal Services (RDP) or Citrix Web Interface (both inside and outside the firewall)
- By using eXpressACCESS inside the firewall on thin devices.
- By using Citrix receiver auto-launched from a workstation where XA client is installed, but configured to NOT display a local XA desktop.
Operation
- The remote application operates as an isolated Windows user session.
- Session management is handled by terminal server or Citrix sessions.
- Session Lock and Logoff times are configured via terminal server or Citrix settings, however, they can also be controlled by ExactAccess settings.
- If using ExactAccess settings, enable the following registry key:
HKEY_LOCAL_MACHINE\Software\HealthCast\ExactAccess
AutoLogoffEnabled: reg_dword = 1
- The end user receives a single XA desktop running on the Citrix Server.
- This mode of operation is nearly indistinguishable from a standard, local Windows workstation.
- Graceful logoff is handled by ExactAccess (watchforlogoff.exe)
- All applications share the same session.
Interactive Installation
- Run the MSI
- Adjust install directory if desired
- Click Install
- Confirm UAC if prompted
- Client Configuration Tool will start when the install is complete
- If Roaming Sessions Mode is not displayed, select Change Mode button and choose Standard Mode
- Select Operation Tab
- Choose Full SSO
Ensure that all appropriate server connectivity information is provided under each of the server tabs.
After UI configuration is complete, select Finish and reboot the workstation when prompted.
Installation command line parameters for Roaming Sessions configuration
From an administrative command prompt (or remote deployment package), execute the ExactAccess client install with the appropriate command line parameters.
- Set kiosk mode: XA_MODE=RSM
- Set the servers: XA_SRV=(name of server)
- Set to use auditSERVER: XA_AUDIT_SRV=(name of server)
- Set to use Deploy server: X_D_SRV=(name of server)
- Set workstation deployment group: X_D_GRPS=(groups to add workstation to in HCIDeploy)
- (optional) Enable Autologoff: XA_ALE=1
- (optional) Set autologoff time in seconds: X_KM_AL_TIME=600
- (optional) Set the lock (or disconnect) time in seconds: X_KM_LTL=300
- Disable running configuration tool after install/upgrade: X_RUN_CONFIG=0
EXAMPLE
msiexec /i "HealthCast ExactAccess Client x64.msi" XA_MODE=RSM XA_SRV=myServer XA_AUDIT_SRV=myServer X_D_SRV=myServer X_D_GRPS=Roaming X_ALE=1 X_KM_AL_TIME=240 X_KM_LTL=60 X_RUN_CONFIG=0 /qn
REGISTRY SETTINGS
Published XA Desktop
A published XA desktop where explorer.exe is not running, designed to reduce session resource requirements because the user does not need a full Windows environment. When a user logs in to the Citrix environment, they do not receive a desktop on the LOCAL machine, but they do receive a REMOTE XA desktop that appears to be running locally (as a standard Citrix published application in seamless mode). This mode of operation works well in mixed environments where the user will run applications on the local workstation as well as the remote server. The ExactAccess client may or may not be installed on the local workstation.
{height="" width=""}
Access to this environment requires the use of the Citrix client and is not supported on the Windows Terminal Server platform.
Windows 2008 Remote Desktop (Terminal Server) provides a similar feature via "Remote Apps" which allows applications to be "published" in a seamless window through the RDP client.
Note that links of this nature are not SSO enabled from the client workstation and are not supported by the XA client. It is recommended that this feature be used only on devices where XA client is NOT installed on the local (end-point) device.
Operation
- The remote application operates as an isolated Windows user session.
- Multiple applications may or may not share the same session.
- Session management is handled by terminal server or Citrix sessions.
- Session Lock and Logoff times are configured via terminal server or Citrix settings, however, they can also be controlled by ExactAccess settings.
- The end user receives a single XA desktop running on the Citrix Server.
- Graceful Logoff is handled by ExactAccess (WatchForLogoff.exe or AutoLogoff.exe)
- Wrappers (connectors) share the same session, as they are launched from the XA desktop.
#### Publishing the Desktop
There are two methods for publishing an XA desktop:
- Publish only the XA desktop, and let the server handle session timeouts.
- Publish the appropriate application link and let XA handle session timeouts.
Citrix Timeouts
In order for Citrix session timeouts to be handled properly for Graceful Logoff, it is necessary for WatchForLogoff.exe to be running in the remote session.
Create a batch file to launch the following items:
- c:\program files\HealthCast\ExactAccess\watchforlogoff.exe
- c:\program files\HealthCast\ExactAccess\XAUCM.exe
Publish this batch file as an application and configure the appropriate session timeouts using the Citrix or Terminal Server tools and settings.
ExactAccess Timeouts
In order for ExactAccess session timeouts to operate, it is necessary for autologoff.exe to be running in the remote session.
Create a batch file to launch the following items:
- c:\program files\HealthCast\ExactAccess\autologoff.exe
- c:\program files\HealthCast\ExactAccess\XAUCM.exe
Enable the following registry key:
HKEY_LOCAL_MACHINE\Software\HealthCast\ExactAccess
AutoLogoffEnabled: reg_dword = 1
Configure the appropriate lock and logoff time settings by using the Client Configuration tool on the Citrix server.
Publish this batch file as an application
If you are using a combination of Citrix/Terminal Server session timeouts and ExactAccess Timeouts, include watchforlogoff.exe in the batch file.
c:\program files\HealthCast\ExactAccess\autologoff.exe
c:\program files\HealthCast\ExactAccess\watchforlogoff.exe
c:\program files\HealthCast\ExactAccess\XAUCM.exe