- 
                    
                    Understanding the Citrix Virtual Apps and Desktops Administration Model 
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                                    about_Broker_Policies 
 
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
about_Broker_Policies
Topic
Citrix Broker SDK - Access, Entitlement, and Assignment Policies
Short Description
Overview of the site policies that control users’ access to desktop and application sessions.
Long Description
For an end user to access a desktop or application resource within a site, they must have both an entitlement to use the resource, and have access to the desktop group that contains the resource.
Entitlements to use resources can be granted by one of the following means:
- 
    The site entitlement policy grants entitlements to launch a shared desktop or application session from a pool of shared machines. 
- 
    The site assignment policy grants entitlements for “self service” permanent assignment of machines to users for running desktop or application sessions, and is referred to as “Assign On First Use” (AOFU) 
- 
    Machines can be permanently assigned (“pre-assigned”) to users by the administrator to run either desktop or application sessions. 
- 
    Machines can be configured to allow automatic permanent assignment to their normal user (using the RemotePC feature). 
A user must also be granted access to the desktop group that contains the resource. These access rights are controlled by the site’s access policy.
The access policy controls access using details of the user’s device such as whether it’s connected over a local area network (LAN) or connected through Access Gateway, the user device’s name, IP address or subnet, and the requested connection protocol. The user’s identity can also feed into the access check allowing, for example, certain users access to resources only when locally connected to the site, but others full remote access.
Access and entitlements can be combined to allow rich and fine-grained control over which users have access to site resource from any given user device or location.
Each site has a single access policy, entitlement policy, and assignment policy. Each policy comprises a set of rules. Policies are defined by adding, removing, or changing rules.
Each site policy can also be viewed as a set of distinct policies each relating to a single desktop group. In general a group has one or more policy rules that relate to it, however each rule relates to only a single group. Thus the rules that grant entitlement and access rights to a desktop group define the policy for that group and that group only; changing this policy has no impact on the entitlement and access rights for any other other group in the site.
For detailed information about defining policy rules, see: help New-BrokerAccessPolicyRule help New-BrokerEntitlementPolicyRule help New-BrokerAssignmentPolicyRule help New-BrokerAppEntitlementPolicyRule help New-BrokerAppAssignmentPolicyRule
The mapping of policies to the resources that they make available within a site is described briefly below. For specific information on configuring each category of resource, consult the more detailed help topics listed.
Shared Desktop And Application Sessions
To grant access to a group of shared machines, use the access and entitlement policies:
- 
    The access policy grants access to the desktop group containing the machines to be shared. 
- 
    The entitlement policy grants an entitlement to use one or more machines in the group to specified users or groups of users. 
Groups of shared machines can be used to deliver full desktop or seamless application sessions, or both.
For more detailed information about configuring shared machines, see: help about_Broker_AccessPolicy help about_Broker_EntitlementPolicy
Pre-Assigned Private Machines
To grant access to private machines, use the access policy and a machine assignment:
- 
    The access policy grants access to the desktop group containing the machines. 
- 
    The assignment links the desktop to a specified user. You can assign a machine to just one user, multiple users or user groups. However, for single-session machines, only one user can access the machine at a time. 
Private machines can be used to deliver full desktop or seamless application sessions (but not both).
For more detailed information about configuring private machines, see: help about_Broker_AccessPolicy help Add-BrokerUser
Assign-On-First-Use (Aofu) Machines
To grant access to a desktop group containing assignable machines, use the access policy and the assignment policy:
- 
    The access policy grants access to the desktop group containing the pool of machines. 
- 
    The assignment policy grants users a self-service entitlement to pick one or more machines from the pool. 
AOFU machines can be used to deliver full desktop or seamless application sessions (but not both from the same desktop group).
For more detailed information about configuring AOFU desktops, see: help about_Broker_AccessPolicy help about_Broker_AssignmentPolicy
Remote Pc Machines
The RemotePC feature allows existing physical machines to be assigned automatically to their normal user thus allowing them remote access to their own machine but without the need for the administrator to individually configure access to each machine.
For more detailed information about configuring the Remote PC feature, see: help about_Broker_RemotePC
See Also
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.