There are often misconceptions among customers about what the data flow or process is when making a Citrix HDX connection. Basically, it is simple, but sometimes misconceptions persist. My experience shows me that pictures often explain more than language. This is the second part and explains the process from external via the Citrix Gateway. Not every tiny detail is explained now, but it should clarify the basic process better.
Only the main differences to internal are shown and not every detail.
Note: For better understanding, StoreFront and Delivery Controller are shown as two different systems, but could be the same system. Similarly, vServer Gateway and vServer Load Balancer are run on the same Netscaler.
STA ticket = temporary token with target server.
ICA file = parameter file for Workspace App
Target server = VDA with the current lowest load
hdx-mydomain.com is the internal as well as external URL for the users to launch their applications and/or desktops. It starts with the login to the gateway and the authentication via LDAP(s) and the Active Directory, points 1-8. Not shown, the return of the application set and start of the application, but directly the start after the login and with point 11, sending of the ICA file. This is then used again by the WorkspaceApp to establish the connection with the gateway. At the gateway, the SSL is broken and the contained STA ticket is checked points 16-18 and then the HDX connection to the target server is established.