EUCEUC: Advanced Integrations - 2019 Day 2 Citrix Integration with VMware Identity Manager

Citrix Integration with VMware Identity Manager

In this lab you will install and configure the Citrix Integration broker to communicate with the existing on premise Citrix Farm and the VMware Identity Manager SaaS instance


Section 1 - Integration broker installation

Part 1a - Preparing the integration broker virtual machine

Part 1a has been completed beforehand for your convenience, this material is here for future reference. Please move on to part 1b.


In this part you will install the roles and software requirements for the installation of the Citrix integration broker.

  1. Log on to your Controlcenter virtual machine.
  2. On your desktop, go to the Remote Desktop folder
  3. Open citrixbroker.rdp
  4. Log on with username: euc-livefire\administrator and password: VMware1!

5. In the Citrix broker machine go to Start > Server Manager

6. In Server Manager, select Manage > Add Roles and Features

7. Click Next until you get to the Server Roles screen

8. Select the following roles:

  • Application Server
  • File and Storage Services (leave as default if selected)
  • Web Server (IIS) (accept any aditional required roles)

 9. Click Next



10. In the Features window, select the following options:

  • .NET Framework 3.5 Features
    • .NET Framework 3.5 (includes .NET 2.0 and 3.0) 
    • HTTP Activation (accept any required features)
  • IIS Hostable Web Core 
  • Windows Process Activation Service (leave as default if already selected)
  • WinRM IIS Extension (accept any required features)

11. Click Next until you reach Application Services Role Services.


12. Select the following role services:

  • .NET Framework 4.5 (do not change if preselected)
  • Web Server (IIS) Support (accept the installation of any required roles)
  • Windows Process Activation Service Support
    • HTTP Activation (accept the installation of any required roles)

13. Click Next until you reach the Web Server Role (IIS) Role Services page.

14. Select the following services:

  • Web Server (Accept the default selections)
  • Management Tools
    • IIS Management Console
    • IIS 6 Management Compatibility

15. Click Next  then Install.

16. Click Close when the installation finishes.

Part 1b - Integration broker installation

Connect to your citrixbroker virtualmachine

  1. Log on to your Controlcenter virtual machine.
  2. On your desktop, go to the Remote Desktop folder
  3. Open citrixbroker.rdp
  4. Log on with username: euc-livefire\administrator and password: VMware1!

In this part you install the integration broker software

5. from the Citrixbroker virtual machine's desktop, go to the Software folder shortcut.

6. Navigate to \software\VIDM\IntegrationBroker-19.03.0-13221855

7. Run Setup.exe, in the security warning window click Run


8. Click Next on the Welcome screen

9. Agree to the End User License Agreement

10. Click Next

11. Leave the default settings and click Next.

12. Click Next on the Confirm installation windows.

13. Click on Close on the Installation Complete window.

Part 1c - IIS Configuration

  1. Click Start > Server Manager.
  2. In Server Manager, select Tools > Internet Information Services (IIS) Manager.

3. In the left pane, click Citrixbroker > Application Pools.

Click No in the Microsoft Web Platform pop up message if prompted


4. Select the DefaultAppPool

5. Click Advanced Settings in the right pane.


8. Set .NET CLR Version value to 2.0

9. Set value Enable 32-bit Applications to True

10. Set identity value to euc-livefire\administrator

11. Click OK

12. Leave IIS manager open for the next step

Part 1d - Self signed certificate creation

In this part you create a self signed certificate for the ssl communication with citrix storefront

Open the IIS manager if it is not open already

1. Go to Start > Server Manager

2. Go to Tools > Internet Information Services Manager


3. In your left pane click on the Citrixbroker object 

4. Navigate to Server Certificates in the center pane

5. On your right pane go to Actions > Open Feature

Under Actions select Create Self signed certificate

6. in the Create Self-Signed Certificate window, write IBcert as a name for the certificate

7. Click OK.

8. Leave the IIS Manager window open for the next steps

part 1e - Site binding configuration

Open the IIs Manager if not opened already

1. On the IIS Manager click on Sites

2. Click on the Default Web Site

3. In the right pane, under  Edit Site select Bindings


4. On the Site Bindings window click on Add

5. On Type select HTTPS

6. Make sure the Host Name field is empty

7. In the Ssl Certificate drop down menu choose the IBcert certificate you created on previous steps

8. Click OK on the add site binding window

9. Click Close on the site binding window

10. Open a powershell or command line window.

11. Run the iisreset command

12. In your Controlcenter VM open a chrome browser and type http://citrixbroker/IB/API/RestServiceImpl.svc/ibhealthcheck , you should see an "ALL OK" message.

13. Now type https://citrixbroker/IB/API/RestServiceImpl.svc/ibhealthcheck

14. Click on Advanced

15. Click on Proceed To Citrix Broker

16. You should get an "ALL OK" message


part 1f - citrix components installation

1. On your Citrixbroker machine, open the Software folder

2. Navigate to Software > Citrix

3. Right click and mount the citrix virtual apps and desktops ISO.

4. In the newly mounted drive navigate to autoselect

5. Click on Start next to virtual apps

6. Click on Citrix studio


7. Accept the software license agreement and click NEXT

8. Click Next on the core component window

9. Click install on the Summary window

10. if your vm restarts during the installation process, please follow steps 1-3 of part 1f before proceeding.

11. in the "locate Citrix Virtual Apps 7 Installatation Media" window, locate you mounted image and click on "Select Folder"

12. Uncheck "launch studio"

13. Click Finish. Allow the machine to restart if requested

14. On your Citrixbroker vm, on your task bar right click on the powershell icon

15. Click run as administrator

16. On your powershell windows type Add-PSSnapin Citrix*

17. Type Get-BrokerDesktopGroup -AdminAddress

you should get an output similar to this:

AppDisks                              : {}

AppDnaAnalysisState                   :

AppDnaCompatibility                   :

AutomaticPowerOnForAssigned           : True

AutomaticPowerOnForAssignedDuringPeak : False

ColorDepth                            : TwentyFourBit

ConfigurationSlotUids                 : {}

DeliveryType                          : DesktopsAndApps

Description                           :

DesktopKind                           : Shared

DesktopsAvailable                     : 1

DesktopsDisconnected                  : 0

DesktopsFaulted                       : 0

DesktopsInUse                         : 0

DesktopsNeverRegistered               : 0

DesktopsPreparing                     : 0

DesktopsUnregistered                  : 0

Enabled                               : True

IconUid                               : 1

InMaintenanceMode                     : False

IsRemotePC                            : False

LicenseModel                          :

MachineConfigurationNames             : {}

MachineConfigurationUids              : {}

MetadataMap                           : {}

MinimumFunctionalLevel                : L7_9

Name                                  : standard delivery group

OffPeakBufferSizePercent              : 10

OffPeakDisconnectAction               : Nothing

OffPeakDisconnectTimeout              : 0

OffPeakExtendedDisconnectAction       : Nothing

OffPeakExtendedDisconnectTimeout      : 0

OffPeakLogOffAction                   : Nothing

OffPeakLogOffTimeout                  : 0

PeakBufferSizePercent                 : 10

PeakDisconnectAction                  : Nothing

PeakDisconnectTimeout                 : 0

PeakExtendedDisconnectAction          : Nothing

PeakExtendedDisconnectTimeout         : 0

PeakLogOffAction                      : Nothing

PeakLogOffTimeout                     : 0

ProductCode                           :

ProtocolPriority                      : {}

PublishedName                         : standard delivery group

ReuseMachinesWithoutShutdownInOutage  : False

Scopes                                :

SecureIcaRequired                     : False

SessionSupport                        : MultiSession

Sessions                              : 0

SettlementPeriodBeforeAutoShutdown    : 00:00:00

SettlementPeriodBeforeUse             : 00:00:00

ShutdownDesktopsAfterUse              : False

Tags                                  : {}

TenantId                              :

TimeZone                              : Pacific Standard Time

TotalApplicationGroups                : 0

TotalApplications                     : 3

TotalDesktops                         : 1

TurnOnAddedMachine                    : True

UUID                                  : 9c5c2e43-85f4-4c20-8ed4-20f323c9544a

Uid                                   : 2

ZonePreferences                       : {ApplicationHome, UserHome, UserLocation}


18. Type Get-ConfigSite -AdminAddress , you should get an output similar to this:


ConfigurationLoggingServiceGroupUid    : 5d466dbe-9f03-49e6-a5d1-4fc4cb5a17bd

ConfigurationServiceGroupUid           : b2456fbb-c9cb-4445-b0ae-dadc70e7a1de

DelegatedAdministrationServiceGroupUid : 4e794a98-a86d-46d9-b0f3-34c20b28bc12

LicenseServerName                      :

LicenseServerPort                      : 27000

LicenseServerUri                       :

LicensingBurnIn                        : 2018.0815

LicensingBurnInDate                    : 8/14/2018 5:00:00 PM

LicensingModel                         : Concurrent

MetadataMap                            : {[CertificateHash, OU6gnsHLtsTWxKIbQdQ9a5PwnrXwtW6VhKyVbMWfgluHrPwPrJ7AOA5WoKd


                                         [Citrix_DesktopStudio_License_Is_XD_Apps_Edition, False],

                                         [Citrix_StoreFront_Cluster_Id, 195c6821-b6aa-4000-be22-f013375f4aec],

                                         [ConfiguredComponents, Admin Config Log Acct Hyp AppLib Prov Broker Lic

                                         Monitor Pvs Sf Trust EnvTest AppV Analytics Orch]...}

PrimaryZoneName                        : Primary

PrimaryZoneUid                         : 66798896-2967-4465-9067-8608775d7a9e

ProductCode                            : MPS

ProductEdition                         : ADV

ProductVersion                         : 7.19

SiteGuid                               : a5e6adb4-e71c-4397-a34e-a4404e556821

SiteName                               : London

19. from yourcontrolcenter vm, in your chrome browser go to https://citrixbroker/IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=citrix&xenappversion=Version7x

you should get an output similar to this:

"[{\"ConfigurationLoggingServiceGroupUid\":\"5d466dbe-9f03-49e6-a5d1-4fc4cb5a17bd\",\"ConfigurationServiceGroupUid\":\"b2456fbb-c9cb-4445-b0ae-dadc70e7a1de\",\"DelegatedAdministrationServiceGroupUid\":\"4e794a98-a86d-46d9-b0f3-34c20b28bc12\",\"LicenseServerName\":\"\",\"LicenseServerPort\":\"27000\",\"LicenseServerUri\":\"https:\/\/\/\",\"LicensingBurnIn\":\"2018.0815\",\"LicensingBurnInDate\":\"8\/14\/2018 5:00:00 PM\",\"LicensingModel\":\"Concurrent\",\"MetadataMap\":\"System.Collections.Generic.Dictionary`2[System.String,System.String]\",\"PrimaryZoneName\":\"Primary\",\"PrimaryZoneUid\":\"66798896-2967-4465-9067-8608775d7a9e\",\"ProductCode\":\"MPS\",\"ProductEdition\":\"ADV\",\"ProductVersion\":\"7.19\",\"SiteGuid\":\"a5e6adb4-e71c-4397-a34e-a4404e556821\",\"SiteName\":\"London\"}]"

if you get anything starting with "exception name" or. an http error please check your url.


20. On the ControlCenter server. Open the Remote Desktop folder open citrix.rdp and open citrix studio from the Start Menu

21. In the left pane navigate to Citrix Storefront > stores

22. In the main pane, right click on store service, and click manage authentication methods



23. Check HTTP basic

24. Click Ok

25. Close all windows

part 1g - certificate export

1. From your Controlcenter vm open the chrome browser and type https://citrixbroker on the address bar

2. Right click on "not secure"

3. Click on Certificate

4. On the certificate window, go to the details tab

5. Click copy to file

6. In the Certificate Export Wizard window, click Next

7. Click on Base-64 enconded x.509 (.CER)

8. Click Next

9. Click on Browse and point to your desktop, and save the certificate with the name ibcert.

10. Click Next

11. click Finish

Section 2 - VMware Identity Manager Configuration

Part 1 - Configuring virtual app collection

1. Go to your identity manager tenant url, and login with your administrator user.

2. in the administration console navigate to Catalog > Virtual Apps Collection

3. Select  GET STARTED if prompted

4. On the Select the Source Type page in the Citrix Box select the SELECT hyperlink

5. In the New Citrix Collection window, in Section 1 Connector and Broker


  1. Next to Name type Citrix
  2. Under Connector accept the default connector that being (LivefireSync)
  3. In the Sync Intergration Broker section, under Host type
  4. Under Port type 443
  5. Under Use SSL change the radio button from No to Yes
  6. Go back to your desktop and open the ibcert file saved in Part 1G with Notepad++ .  Copy the contents of the ibcert file.
    • Under SSL Certificate paste the contents into the box


6. In Section 1 Connector and Broker, under Launch integration broker

  1. Under Host type
  2. Under Port type 443
  3. Copy the contents of the ibcert file and Paste the ssl certificate field
  4. In the New Citrix Collection window select Next

7. In the New Citrix Collection window, in Section 2 Server Farm

  1. Under Add or modify Citrix server farms. At least one server farm is required. select the + ADD SERVER FARM
  2. On the Add Server Farm window select +ADD SERVER
  3. Under Server Name type
  4. Under the Launch Preference,
    • Verify STOREFRONT is selected
    • Under StoreFront Server URL type
  5. Select ADD
  6. In the New Citrix Collection window select NEXT

7. In the New Citrix Collection window

  1. in Section 3. Configuration Accept the the default values and select NEXT
  2. Section 4. Summary
  3. On the Network Ranges window select ALL RANGES
  4. Observe the defaults, in this lab there is no requirement to make changes, Select CANCEL.
  5. You will land back at the Virtual Apps Collection Page


  • In the Virtuals APPs Collections window
    1. Select the radio button next to Citrix, Select the SYNC button
    2. On the Calculating Sync Actions page select SAVE

Part 2 - Verification

1. From your  ControlCenter machine's chrome browser open your custom Vmware identity Manager SaaS tenant url

2. Log in with your user1 credential, in the authentication domain with the password VMware1!


  1. In the Web based Hub interface under Categories select Virtual
  2. Under the Virtual Category next Calculator select OPEN
  3. If you are in Mozilla Firefox you will be prompted with What Should Firefox do with this file? Accept the default and select OK
  4. You can now observe the integration of Citrix into VMware Identity Manager.


Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.