The IIS on the StoreFront server authenticates the users.
Pass-through from NetScaler Gateway
NetScaler Gateway authenticates the users.
You can create as many stores as you need.
You can create a store for a particular group of users or to group together a specific set of resources. You can also create an unauthenticated store that allows for anonymous, or unauthenticated access.
- Create Store
Choose this option to create a new Store.
- Create Store for Unauthenticated Users
This creates a Store for anonymous access. Please be aware of the fact that in StoreFront configurations where the web.config file has been configured with the parameter LogoffAction=”terminate”, Receiver for Web sessions accessing this unauthenticated store will not terminate. To ensure these sessions terminate properly, the XenApp server being used by this store must have the Trust XML requests option enabled as shown in Configuring the Citrix XMS Service Port and Trust.
- Export Multi-Store Provisioning File
We can generate files containing connection details for stores, including any NetScaler Gateway deployments and beacons configured for the stores. Users can then configure their Receiver automatically with these files.
Options for “myStore”
- Manage Delivery Controllers
We can edit the list of DCs here.
- Enable Remote Access
Here we can enable Remote Access with the options mentioned above (None, No VPN tunnel, Full VPN tunnel).
- Disable User Subscriptions
We can enable or disable User Subscriptions. If we want users to subscript to applications before using them we should enable the setting. If we want all user to see all of the available applications we should disable it.
- Integrate with Citrix Online
We can choose to show or hide the GoTo Meeting products in the Store and what happens when users add one of the three Products. I would disable them, if they are not needed.
- Export Provisioning File
Here we can export an Provisioning file for the automated Citrix Receiver Setup. If we choose to export the file a ReceiverConfig.cr file is saved to a location you can choose.
- Configure Kerberos Delegation
Have a look at the edocs article that describes this feature in more detail: http://support.citrix.com/proddocs/topic/dws-storefront-26/dws-configure-kcd.html
- Configure XenApp Services Setup
This is the old “Configure Legacy Support” Feature that enables access through legacy clients. When you create a new store, the XenApp Services URL is enabled by default. The XenApp Services URL for a store has the form http[s]://serveraddress/Citrix/storename/PNAgent/config.xml
- last but not least…Remove Store
I think this one is self explaining 😉
Receiver for Web
Use this task to add Receiver for Web sites, which enable users to access stores through a webpage.
- Create Website
We can create a new Website at this point. We have to choose an available Store and assign a Website path.
- Choose Authentication Methods
Choose User name and password, Domain pass-through, Smart card or Pass-through from NetScaler Gateway.
- Add Shortcuts to Website
If we like we can add additional application shortcuts to the Receiver for Web site, e.g. corporate websites.
- Change Store
If there are multiple Stores available we can switch stores at this point.
- Set Session Timeout
We can set the HTTP session timeout for Receiver for Web.
- Deploy Citrix Receiver
In enterprise environments the Citrix Receiver should be deployed through standardized mechanism (e.g. SCCM). If however you want to deploy the Receiver you can choose between the following options:
- Install locally
- Use Receiver for HTML5 if local install fails
- Always use Receiver for HTML5
This option should also be self explaining. Be sure before hitting the buttons.
NetScaler Gateway is unconfigured until we enable Pass-through authentication in the authentication tab.
This is the section were we can configure Beacons. Before we create some, let´s explain what they are…
Beacons are URLs in the internal or external network. Citrix Receiver attempts to reach the Beacon Points in order to check if the user and his device are connected internally or from outside the company network. If internal URLs are not accessible the Receiver then tries to use the NetScaler Gateway to connect to resources.
By default, StoreFront uses the server URL or load-balanced URL of your deployment as the internal beacon point. The Citrix website and the virtual server URL of the first NetScaler Gateway deployment you add are used as external beacon points by default.
If you want to create some Beacons choose “Manage Beacons” on the right side.
Do not forget to assign the appropriate Certificates to the StoreFront servers and change the bindings in IIS in order for HTTPS to work.
In case of problems with the StoreFront deployment we can enable StoreFront verbose Logging
In my opinion things should be simple for users. Therefore I like the idea of using the same URL for internal and external users. The referenced link describes the configuration of NetScaler, DNS and StoreFront:
All information without warranty for any failures in your environment.