Optimize connectivity to workspaces with the Network Location Service
This feature is currently in Technical Preview. This feature can optimize internal traffic to the apps and desktops you make available to subscribers workspaces to make HDX sessions faster. Ordinarily, users on both internal and external networks have to connect to VDAs through an external Gateway. While this is expected for external users, internal users experience slower connections to virtual resources. The Network Location Service allows internal users to bypass the gateway and connect to the VDAs directly, reducing latency for internal network traffic.
|1||External users have to go via the Gateway which connects them to their on-premises VDA’s|
|2||Currently also users on the internal network have to go out via Gateway slowing them down|
|3||With NLS, internal users will access their internal VDA directly, bypassing the gateway and saving time|
So how do we configure this?
There are some requirements to be met to get this working:
- You must have a separate public address for your corporate network.
- Users in the internal network must have a direct connection to the VDA’s.
We need to logon to the cloud portal/console. Select Identity and Access Management and Select API Access.
First copy the Customer ID, we need this later. Next, enter a name for the Client and select Create Client
Copy the Client ID and Secret
For this Tech Preview there is a PowerShell module available. “NLS.psm1″
Before you set up your network locations, download the Citrix-provided Network Location Service PowerShell module (nls.psm1) from the Citrix Github repository. Using this module, you can set up as many network locations as needed for your VDAs.
- In a web browser, go to https://github.com/citrix/sample-scripts/blob/master/workspace/nls.psm1.
Import-Module .\nls.psm1 -Force
If you get any errors, it could be that scripts are not allowed, using the following will help (Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass)
$clientId = “INSERT YOUR CLIENT ID”
$customer = “INSERT YOUR CUSTOMER ID”
$clientSecret = “INSERT YOUR CLIENT SECRET”
Connect-NLS -clientId $clientId -clientSecret $clientSecret -customer $customer
New-NLSSite -name ”YOUR SITE NAME” -tags @(”YOUR TAGS”) -timezone “LOCATION TIMEZONE” -ipv4Ranges @(”EXTERNAL IP OF YOUR VDA’S”) -longitude 12.3456 -latitude 12.3456
You will receive something like the following:
Verify that the location has been added correctly by typing:
After this you are all set to go.
You can validate if it is working correctly with the following.
Before this configuration, looking up the session in Cloud Admin Console –> Monitor –> Session Details. Connections via Gateway will use TCP
After setting this configuration and provided you have EDT enabled, connections that go direct will use UDP protocol in the session details.
Or inspecting the ICA file
Or start tracing with Wireshark
To change settings like public IP adres use the following commands:
# Create and update a Network Location Service Site
$s = (Get-NLSSite)
$s.ipv4Ranges = @(“220.127.116.11/32″,”18.104.22.168/32”)
$s | Set-NLSSite
To Remove completely use the following :
# Remove all Network Location Service Sites
Get-NLSSite | Remove-NLSSite