Citrix: XenDesktop 5 Logon Process and Communication Flow
Martijn Bosschaart just posted CTX128909 on twitter, this article contains the following information:
- The user device submits credentials to the Web Interface site.
- Web Interface passes the user credentials to the controller.
- Controller verifies user authorization by performing a Microsoft Active Directory query with the end user’s credentials.
- Controller queries the site database for the end user’s assigned desktop groups, named instance uses ports 1434 and 1433.
- Using the desktop group obtained from the database, controller queries the hypervisor about the status of desktops within that group.
- Controller identifies to Web Interface the desktop it assigned for this particular session.
- Web Interface sends an ICA file to the online plug-in, which points to the virtual desktop identified by the hypervisor.
- Online plug-in establishes an ICA connection to the specific virtual desktop that was allocated by the controller for this session.
- Virtual Desktop Agent verifies the license file with the controller.
- Controller queries Citrix license server to verify that the end user has a valid ticket.
- Controller passes session policies to the Virtual Desktop Agent (VDA), which then applies those policies to the virtual desktop.
- Online plug-in displays the virtual desktop to the end user.
- Administrator and helpdesk personnel use Desktop Director and Studio tools to manage the desktops from the management server.
Note: Source port will be random open port. This is for reference only and should not be used for security and/or architecture review.