26.0 Virtualization Implementation

You can access the target desktop using the Citrix Virtual Desktop Infrastructure (Citrix VDI). Privileged Account Manager supports PAM agent on target desktop and PAM manager on the Cirtix VDI server.

The users can have remote access to the hosted desktop machines within an organization by using a Virtual Desktop Infrastructure (VDI) environment. You can also monitor the user sessions and define roles for different users by using Citrix VDI environment and installing Privileged Account Manager agent on the target desktop.

You can create rules on PAM Manager for different users for their access and roles. When a user logs in to the target desktop using Citrix VDI server, the defined rules are used for his access and monitoring of the session. The following two different methods demonstrates to access the target desktop:

Using Citrix’s Access Control

  1. Install Privileged Account Manager agent on the target desktop.

  2. Install PAM manager on the Citrix VDI server or any other machine. Register the PAM agent to the installed PAM manager.

  3. Install the Citrix Receiver on the user’s machine to access the target desktop.

  4. Configure the rules for different users to access the target desktop by using Direct RDP in the PAM manager. These rules will be used to decide the login and the privileges of the user.

    For more information about configuring rules for Direct RDP, refer to Direct Remote Desktop Protocol.

  5. The user can access the target desktop using the Citrix receiver.

Using Privileged Account Manager’s Access Control

  1. Install Privileged Account Manager agent on the target desktop.

  2. Install PAM manager on the Citrix VDI server or any other machine. Register the PAM agent to the installed PAM manager.

  3. Add the target desktop to the machine catalog of the Citrix VDI server.

  4. Configure the rules for different users in PAM manager. You can defines rules for access and role. These rules will be used to decide the login and the privileges of the user.

    For more information about rules, refer to Rules .

  5. The user can access the target desktop using RDP Relay, Credential Provider, or Direct RDP.