Scenario: A Citrix Engineer wants to secure the Virtual Delivery Agent (VDA) communication by enabling end-to end encryption within an existing XenApp and XenDesktop environment. The environment has already been configured to provide external access through a NetScaler Gateway, but all other configurations are set to default.
Which three actions will accomplish this? (Choose three.)
A. Enable TLS on the StoreFront servers.
B. Add a certificate to the Delivery Controllers
C. Enable TLS on the Delivery Controllers.
D. Add a certificate to the VDAs.
E. Add a certificate to the StoreFront servers.
F. Enable TLS on the VDAs.
it’s CDF for sure.
see this link for the answer:
https://www.jgspiers.com/secure-ica-connection-vda-ssl/
also other guides do not mention installing certificates on your controller..
CWS-315
Key Notes:
• To enable TLS encryption you need to add certs to the VDAs, and then configure the VDAs and Controllers to use
encryption. We’ll look at each of these steps in more detail because there are some important things to consider.
• In a typical scenario, external connections are secured to Citrix Gateway, but the “last mile” does not leverage TLS.
• You should encrypt HDX traffic to prevent an attacker from being able to watch everything that a user is doing. ICA ports
1494, 2598 and 8008 are unencrypted by default (though not plain text).
If i read the CWS-315 studentmanual it says it is CDF
i’ve configured this, its def BCF
It’s correct, BCF
https://support.citrix.com/article/CTX220062
The certificates mentioned on the VDAs are for specific services, not the web connection.
I’d say its CDF
i think, CDF
reference : https://www.jgspiers.com/secure-ica-connection-vda-ssl/