Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1786
Views
0
Helpful
1
Replies

DUO MFA Client/Agent in the context of Citrix Provisioning Services (PVS) read-only image

StoleSursum
Level 1
Level 1

‎04-24-2020 10:54 AM

Just curious if anyone is familiar with this product but in the context of deployment to Citrix solution that leverages Citrix Provisioning Services advanced streaming technology.

The documentation from the vendor is written in the context of Terminal Services which has no relation to streaming 1000 read only images from a single virtual disk (vhdx).

Almost all of these types of agents whether anti-virus or whichever require a unique installation switch or a “seal script” modification to compensate for the base image having one unique name but then spinning up read-only instances in RAM where each instance has it’s own unique name, IP, MAC so on and so forth.

This might be a specific regkey or value wipe, INI file modification, so forth but it is almost never as simple as installing the agent to the base image and cross your fingers.

It is one thing to deploy the client to a single server OS but this is more like Z-Linux where you have one base image that has one name, one IP, MAC and all that I’ve stated and when these boot up they get a DHCP Address where MAC reservations are static and I’m using a boot drive partition as opposed to PXE/TFTP or ISO Boot.

The vendor documentation references Terminal Services which has zero relation to a Citrix VDA image with TS Enabled but spinning read-only instances of that one image to RAM and each having their own unique identifiers. I’m already seeing issues just having it installed in the base image so I can’t help but wonder what will happen when we start spinning up read only iterations of that base image?

I can’t seem to find anything relative on Google or this forum or Reddit related to DUO 2 factor MFA installed to the Citrix VDA in order to use this for MFA on other internal hosted applications such as SAP and SAS and JDA where the entire company must go through Citrix first to access any business application.

100% Citrix environment split between two data centers and active/active. NetScaler SDX (4 at each DC). I’m somewhat dependent on the consultants hired to assist with the implementation but they do not seem to have a clue relative to what Citrix PVS is and how it is exceptionally unique.

Thoughts?

Labels:
0 Helpful
1 Reply 1

tho.gab
Level 1
Level 1

‎10-12-2022 11:39 PM

Hello Together, we are ran in the same issue. We like to install the DUO Windows Logon in the Citrix VDA. We also using PVS.
Got you any update for your post?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents