There are often misconceptions among customers about what the data flow or process is when making a Citrix HDX connection. Basically, it is quite simple, but sometimes misconceptions persist. My experience tells me that pictures often explain more than language. This is a two-part article and the first part is about the internal connection setup for a single FQDN configuration and then the second part is about how the whole thing works externally. Not every tiny detail will be explained now, but it should clarify the basic process better.
There are two seriously different parts to the connection setup: The listing of applications and desktops, and then the actual HDX connection. In the picture, the listing is represented by the Internet Explorer icon on the client because it is primarily web-based communication. The HDX connection is then indicated by the Citrix Receiver icon.
Note: For better understanding, StoreFront and Delivery Controller are shown as two different systems, but could be the same system.
NFuse ticket = temporary token for logon.
ICA file = parameter file for Workspace App
Target server = VDA with the current lowest load
Explanation
hdx.mydomain.com is the internal as well as external URL for users to launch their applications and/or desktops. It starts with the login and the return of the application set after successful authentication. This makes up the first two stations, and in the next two the download of the ICA file is performed.
Only in the last step is a direct HDX connection established between client and server, with authentication at the target server via an NFuse ticket. At this point, it should be clear that the HDX connection does not go through the StoreFront server or the Netscaler load balancer.
How does the data flow when the user comes from external? This will be explained in the next part.