APM Integration with Citrix
- Mar 07, 2019
Hello Osama,
It seems like your second guess is correct: you're using a separate IP from your dmz range for the address that external users connect to. This virtual server will have the access profile/policy attached to it. Authentication is handled there and then credentials are given to the citrix backend servers. This makes the most sense to me.
I don't know what resources support showed you but the general flow is summed up pretty well here. There's also a more in-depth guide here.
Have you looked into using the citrix iApp template for this deployment? The inline text documentation can be a super helpful walk-through of the configuration. This would also make for an easy change in the future if you need to switch the ip address of the vs.
Best of luck,
Austin