One of the pain points of running Citrix DaaS with on prem workloads has been that on prem users had to maintain a connection through the Citrix gateway. Thus if you had any kind of Internet outage those users sitting in the same building as your VDAs couldn’t get to them.
Citrix has had a few solutions to this problem over the years. The first was called Direct Workload Routing and it involved using PowerShell to create an on prem site, where you actually had to specify your longitude and latitude among other criteria. I think I might have been one of the first to try this since I had to work with support for a couple of weeks to get it working.
That evolved into Direct Workload Connection, a simple method of specifying your network locations in the DaaS Admin GUI by public IPs. The issue with this was that if your guest wireless network shared that public IP, users on that network could not connect at all.
Cut to CVAD 2411 and we got HDX Direct. Users must still establish their session via Citrix Gateway Service but then the client is able to establish an encrypted direct connection with the VDA if it can negotiate that connection. The requirements are that the VDAs are running at least 2411 and the Workspace Client must be at least 2409. To enable HDX use Citrix Policy – it’s disabled by default. You can verify functionality by looking at a user’s connection details in Monitor under Session Performance.
This feature is pretty easy to implement and the latest documentation is here:
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/hdx-transport/hdx-direct.html