none
Publishing Citrix WISP RRS feed

  • Question

  • This is the Citrix Web Interface for Sharepoint.  Enables a company to integrate into sharepoint the citrix web interface functionality.  Removes the need for a separate web interface server, and allows a more integrated user experience.  With WISP, right within a sharepoint page, the user can see and launch their apps.

    Anyone had any luck publishing this?    I've easily done it by making a generic silent multi server app (for all metaframe servers on port 1494 and 2598) and then making this app a pre-req to sharepoint.  However, there must be a better way.  Using my simple methodology, it has two downsides:  1)  requires socket forwarder so only works on windows, 2) pre-launches tunnel when the user maybe had no intent of using citrix.   Looking for a solution to #1 so works for MacOS, and solving #2 would be a "nice to have".   I'm kind of guessing that creating the right app template with the right wfehandler may work.    Want to avoid re-inventing the wheel if someone already has done some work here?

    Note to Microsoft PM, that it greatly increases a companies reliance on Sharepoint and its use as the companies main intranet site if a major application like Citrix is seemlessly integrated with WISP.   UAG/IAG support of this makes it even more compelling to have Sharepoint and UAG/IAG if you are a citrix customer.  IMHO, this should defintely be on the near term roadmap for a UAG/IAG out-of-the-box template...

    Thanks,
    Mark
    Thursday, July 30, 2009 9:25 PM

Answers

  • I have also attempted to make WISP work for a customer, and was unable to. Unfortunately, this is not a supported application at this time, though I suspect it might be achieveable by someone who has a very deep understanding of the inner workings of the Citrix server. I'm closing this thread as unresolved.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, December 21, 2009 6:23 PM
    Monday, December 21, 2009 6:22 PM

All replies

  • I've just done this via a portal without client components (i.e. no socket forwarder required) by reverse publishing TCP 1494 and 2598 traffic using ISA rules on the IAG.  The Citrix guys configured WISP to send ICA files with the IP address of the IAG instead of the pres server... it works, except the ICA client prompts for authentication again.  Apparently there's no way in IAG to fix that, it's a Citrix issue, so the guys are looking at putting in a CSG box in parallel with the IAG.  Clients log on to portal, access WISP, download the ICA file, ICA file points them to CSG, apparently WISP talks to CSG so there should be no re-authentication.

    Bottom line is that it is possible to make it work without the need for client components if you don't mind creating some ISA rules after all the Whale rules :-)

    • Marked as answer by Erez Benari Tuesday, August 11, 2009 5:04 PM
    • Unmarked as answer by Mark Resnik Wednesday, August 19, 2009 7:45 PM
    Tuesday, August 11, 2009 3:26 AM
  • I unmarked the previous response as an "answer".

    Not using IAG at all, and allowing ICA traffic to be handled completely indepdent to the IAG authentication and endpoint checks is not really a solution; certainly not a solution Microsoft should accept.   Anyone ever even used or heard of someone using Citrix WISP?  Anyone get it to work thru IAG without Socket Forwarder?
    Wednesday, August 19, 2009 7:48 PM
  • I am attempting to design this exact solution. In my test lab I have a Citrix Netscalar in a back end subnet. ISA 2006 Enterprise is in the Internet Facing Zone (IFZ). Intranet clients access Netscalar in the back end subnet directly. For Internet access, the only way to allow a Published Application to access the Citrix STA through and the Citrix XenApp (ICA) servers through Netscalar is to configure the ISA to stream HTTPS allowing SSL Citrix STA and ICA traffic to pass through using a Server Publishing Rule without authentication. Unfortunately, this does not perform a reverse proxy to the NetScalar server and it basically provides for zero ICA protection by passing the traffic through wich will not be approved by my security organization. Attempting to create an ISA Web Publishing Rule does prompt for a Client Cetificate when launching a Published Application but then hangs and times out  accessing the STA server for Ticket validation. This is forcing me to move the Netscalar in parallel with ISA in the IFZ to allow it to reverse proxy and protect the traffic from hacks.

    Erickson, can you detail your reverse publishing ICA IAG solution?

    I have the SharePoint WISP part of this issue fully functional using KCD throug ISA. Contact me for details on the correct SPN/Delegation configuration that deviates from the Citrix documentation to get this working.




    Tuesday, August 25, 2009 10:41 AM
  • I have also attempted to make WISP work for a customer, and was unable to. Unfortunately, this is not a supported application at this time, though I suspect it might be achieveable by someone who has a very deep understanding of the inner workings of the Citrix server. I'm closing this thread as unresolved.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, December 21, 2009 6:23 PM
    Monday, December 21, 2009 6:22 PM
  • Hi Mark. What I am going to tell is something you already know so this post is gonna be some kind useless but I am very chatty so I will post anyway ;-)

    I haven´t worked with WISP but I have done with the traditional Citrix Web Interface and I guess WISP is just a web part to show the Web Interface integrated in SharePoint so the logic under must be the same. I agree with you that a customized wrapper is likely to be needed but the good news are that the same template used for the Web Interface could be reused for that purpose. The template for CWI changes the definition file of the remote application (.ica) on the fly and set the setting for using a socks proxy redirecting to a local listener that has been turned on by the SSL Wrapper so there is no need to use the winsock provider making the application non windows O.S dependent.

    Hope it helps. It was just an idea :)
    // Raúl - I love this game
    Tuesday, December 22, 2009 7:58 PM
  • Raul,

    Unfortunately WISP is different than WI.   For WI, as you mentioned no need for SF as ica file is modified on the fly to point at local socks proxy.   However the request for the ica file with WISP is very different than that for WI.  In fact the request for ica file is really just another request to MOSS.    So without a SF up and ready and listening, their is no "queue", at least not be default, for when the ssl wrapper should start, and which MOSS requests it should ignore versus which one may result in in an ica file response.   Hence why I asked if anyone had already reverse enigineered yet to figure out how to create a template capable of starting sslwrapper at the right time, and having it do the right thing..

    Ben, BTW-  WISP works fine with a pre-launched SF.  Though as my original post suggests this is not ideal.

    -Mark
    Friday, January 8, 2010 6:36 PM