Optimize connectivity to workspaces with the Network Location Service

This feature is currently in Technical Preview. This feature can optimize internal traffic to the apps and desktops you make available to subscribers workspaces to make HDX sessions faster. Ordinarily, users on both internal and external networks have to connect to VDAs through an external Gateway. While this is expected for external users, internal users experience slower connections to virtual resources. The Network Location Service allows internal users to bypass the gateway and connect to the VDAs directly, reducing latency for internal network traffic.

1External users have to go via the Gateway which connects them to their on-premises VDA’s
2Currently also users on the internal network have to go out via Gateway slowing them down
3With NLS, internal users will access their internal VDA directly, bypassing the gateway and saving time

So how do we configure this? 

There are some requirements to be met to get this working:

  • You must have a separate public address for your corporate network.
  • Users in the internal network must have a direct connection to the VDA’s. 

Step 1

We need to logon to the cloud portal/console. Select Identity and Access Management and Select API Access.

First copy the Customer ID, we need this later. Next, enter a name for the Client and select Create Client

Copy the  Client ID and Secret

For this Tech Preview there is a PowerShell module available. “NLS.psm1″

Before you set up your network locations, download the Citrix-provided Network Location Service PowerShell module (nls.psm1) from the Citrix Github repository. Using this module, you can set up as many network locations as needed for your VDAs.

  1. In a web browser, go to https://github.com/citrix/sample-scripts/blob/master/workspace/nls.psm1.

Step 2

Open PowerShell

Type:

Import-Module .\nls.psm1 -Force

If you get any errors, it could be that scripts are not allowed, using the following will help (Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass)

Type:

$clientId = “INSERT YOUR CLIENT ID

$customer = “INSERT YOUR CUSTOMER ID

$clientSecret = “INSERT YOUR CLIENT SECRET

Type:

Connect-NLS -clientId $clientId -clientSecret $clientSecret -customer $customer

Type:

New-NLSSite -name ”YOUR SITE NAME” -tags @(”YOUR TAGS”) -timezone “LOCATION TIMEZONE” -ipv4Ranges @(”EXTERNAL IP OF YOUR VDA’S”) -longitude 12.3456 -latitude 12.3456

You will receive something like the following:

Step 3

Verify that the location has been added correctly by typing:

Get-NLSSite

After this you are all set to go.

You can validate if it is working correctly with the following.

Before this configuration, looking up the session in Cloud Admin Console –> Monitor –> Session Details. Connections via Gateway will use TCP

After setting this configuration and provided you have EDT enabled, connections that go direct will use UDP protocol in the session details.

Or inspecting the ICA file

Or start tracing with Wireshark

To change settings like public IP adres use the following commands:

# Create and update a Network Location Service Site

$s = (Get-NLSSite)[0]

$s.ipv4Ranges = @(“1.2.3.4/32″,”4.3.2.1/32”)

$s | Set-NLSSite

To Remove completely use the following :

# Remove all Network Location Service Sites

Get-NLSSite | Remove-NLSSite

Leave a Reply