Secure Workstation uses device removal plugs. Secure Workstation renders a service on the machine. The registry has a list of .dll files that implement device removal plug-ins for different devices. Therefore, Secure Workstation can receive device removal events from PCProx cards, smart cards, and third-party plug-ins.
The registry can register a .dll file with Secure Workstation. The .dll file implements entry points to be a device removal plug-in. The .dll file is loaded into Secure Workstation Service's address space so that device removal events can be reported.
When a Secure Workstation service starts up, it loads those .dll files. As part of the Secure Workstation policy, you can configure a device removal event. At the core, the Secure Workstation policy is just events and actions. It listens for events and then, depending on the event, takes some action. For example, you can configure Secure Workstation to lock a workstation as soon as a device is removed.
In this case, when you configure the device removal event, you can specify which devices you want to listen for.
Scenario: Entry Points. A Secure Workstation post-login method delivered a policy to the workstation. Secure Workstation activates the device removal plug-in for the device specified in the policy. Secure Workstation instructs the workstation to call an entry point in the .dll file to start monitoring the device. Secure Workstation provides an entry point to call when the device gets removed. If the plug-in detects that the device isn't there, it informs Secure Workstation of the change. Secure Workstation then takes the action associated with the device removal event.
The problem with this scenario is that the Secure Workstation service is running on the Citrix server, but the devices are attached to the ICA client. In this case, the Secure Workstation service uses the virtual channel to communicate with a .dll file running on the ICA client. The .dll file calls the device removal plug-ins for the devices.
You don't install anything extra on the Citrix server. You just install SecureLogin there. All the files are copied to the server.