The views expressed here are my own and do not necessarily reflect the views of Citrix.
Author Archives: lyndonjonmartin
Understanding XenApp & XenDesktop 7.12 and What’s New
The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop 7.12 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
LOCAL HOST CACHE – lhc
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
FLEXCAST MANAGEMENT ARCHITECTURE – fma
EXPERIENCE 1st – x1
INTERNAL – int
VIRTUAL DESKTOP – vd
VIRTUAL APPS – va
DATA TRANSPORT LAYER – edt
What’s New XenApp/XenDesktop 7.12
1. Yes it’s now avaiable & back “Local Host Cache” or LHC as it was most commonly reffered to previously and its back now within XAD 7.x Flexcast Mangagment Architecture (FMA) platform and everything you need to know is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/manage-deployment/local-host-cache.html* & https://www.citrix.com/blogs/2016/12/07/local-host-cache-for-fma/ but a few note worth points to mention below followed by an overview of LHC vs. Connection Leasing by a Citrix XenApp & XenDesktop PM Craig. I have also embedded a how-to enable below along with a basic and brief architectural overview of LHC in XAD 7.12 which is powered by FMA and not IMA which is for anything XA 6.5 and below.
– N.B LHC is disabled by default to enable it open up PowerShell in Admin mode or launching a PowerShell session using Studio and enter in the following “Set-BrokerSite -LocalHostCacheEnabled $true -ConnectionLeasingEnabled $false” once the command completes execute the following cmdlet “Get-BrokerSite” and check that the following value of “LocalHostCacheEnabled” is set to “True“. Note that CL is now also disabled and both CL and LHC should not be running simultaneously together as this is not supported.
– VDAs re-register with the elected XAD controller (broker)
– Support for up to 5K VDA’s
– LHC services “High Availability Service” performs shadow copy of the control info that the XAD Controller requires and the “Configuration Sync Service” will sync control info/data.
– Adequately size your XAD controllers correctly to account for the compute load required during an outage, please ref to the “RAM size” and “CPU core and socket configuration” sections under “Design considerations and requirements” at LHC documentation at – *.
– LHC utilises Microsoft SQL Server Express LocalDB and is auto installed when you install the XAD 7.12 controller and is installed regardless of weather LHC it enabled or not.
– Local Host Cache is enabled if connection leasing was disabled before the upgrade vs. Local Host Cache is disabled if connection leasing was enabled before the upgrade.
– To force an outage to test LHC in your home lab or organisations test/uat environment on the XAD controller open regedit as a Admin navigate to HKLM\Software\Citrix\DesktopServer\LHC” thereafter create a registry key “OutageModeForced” and set the value to 1 to force an outage mode once you have completed your tests then revert the value to 0. I would suggest prior to attempting to perform this test place a load with a few test by active users for Server VDA based workloads (XenApp) to best understand how LHC works in a failure scenario.
2. Thinwire Compatible Mode 8-bit color depth support (7.12 VDA only otherwise fallback to 24-bit by default) which is configured by select the following HDX policies.
– “ Use video codec for compression” and ref to “http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings/graphics-policy-settings.html#par_richtext_bc19“ for a list of avaiable configurations please note that if configured for the entire screen then 8-bit is NOT SUPPORTED!
– “Preferred color depth for simple graphics” and select the “8-bit” value
3. HTML5 video redirection is now available for INT web sites (disabled by default) and can be enabled by configuring the “Windows Media Redirection” by referring to http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings/multimedia-policy-settings.html#par_richtext_5 and you also need require to add the following “JavaScript files are located in %Program Files%/Citrix/ICA Service/HTML5 Video of the VDA installer to your website” a sample external test web page can be found at the “HDX HTML5 video redirection test page at – https://www.citrix.com/virtualization/hdx/html5-redirect.html”
4. Azure Hybrid Use Benefits support e.g enable or disable support for the Azure Hybrid Use Benefits (HUB).
5. Record sessions based on client IP addr or range, TLS 1.2 encryption during data transfer and finally highlight idle periods in Player
6. NetScaler UG now supports H/A of HDX Framehawk – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/hdx/framehawk.html with supported NS firmware builds for Framehawk which include 11.0.62 & 11.0.64.34 (+ preffered).
7. HDX Enlightened Data Transport (for evaluation only) or “EDT” – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings.html.
Very High Level Overview*
|
|||||
High Defintion eXperience (HDX | |||||
– Only VDA’s configured with IPv4 addressing is supported
– Requirements XAD +VDA 7.12, StoreFront 3.8
– UDP setup on 1494 and 2598 on the VDA remember this is typically TCP but now must also be for UDP
– Enable policy setting “HDX Enlightened Data Transport“. Remember its DISABLED by default and you can setup 3x values “Preferred” UDP data transport is used where possible with a fallback to TCP, “Diagnostic mode” forces a UDP data transports with a fallback to TCP & “Off meaning TCP is used & does’nt affect HDX RealTime”
– If you are evaluating this then please refer to the “Tech Preview of New Adaptive Transport in 7.12” forum at – http://discussions.citrix.com/forum/1663-tech-preview-of-new-adaptive-transport-in-712/
– Note when testing directly from eDoc’s “the new data transport layer (“EDT”) is allowed by default in Citrix Receiver for Windows, however, by default, it will only attempt to use EDT if the setting in the ICA file for HDXoverUDP is Preferred or On” also please ref to the notes relating to Receiver on Mac’s
You can learn more about this evaluation by reading the following blog posts – https://www.citrix.com/blogs/2016/12/14/overcoming-latency-to-serve-a-global-user-population/* and https://www.citrix.com/blogs/2016/12/08/take-a-look-under-the-hood-of-next-generation-hdx/ by Citrix’s HDX PM Derek.
8. You can very easily setup and try XenApp 7.12 in Microsoft Azure today via Azure Marketplace by searching for “XenApp 7.12” or click the following link – https://azure.microsoft.com/en-gb/marketplace/partners/citrix/citrix-xacitrix-xa-trial/ after signing into the Azure Portal at – https://portal.azure.com/.
9. Tagging with “App Groups” now provides the ability to a tag a VM(s) so that when published virtual apps in Application Group or virtual desktops in a Delivery Group are restricted to launch from VM(s) that have been tagged.
10. Advanced Reboot Schedules
11. In StoreFront 3.8 you can create multiple IIS sites and thereafter use the following PoSH cmdlet below to create a StoreFront deployment within your own IIS sites – http://docs.citrix.com/en-us/storefront/3-8/plan.html. What does this actually mean? You can host multiple RfW sites (stores) with each having its own domain name. In order to create your custom websites in IIS for your Stores and ReceiverforWeb firstly open up PowerShell using Studio (Simple way) then close Studio. Next you MUST ensure that NO other StoreFront MMC snap-in consoles are open within your StoreFront cluster and also on the individual Windows server (minimised) that you are setting up IIS sites. StoreFront will disable the mgmt console and displays a message. TIP: To learn how-to setup IIS sites/website please visit – https://support.microsoft.com/en-gb/kb/323972
– From your open PowerShell window enter in the following which will create a custom IIS site/website for virtual apps and one for virtual desktops
– Type “Add-STFDeployment -SiteID 1 -HostBaseURL “https://www.storefront.app.com”” (Virtual apps)
– Type “Add-STFDeployment -SiteID 2 -HostBaseURL “https://www.storefront.desktop.com”” (Virtual desktops)
– Type exit and close the Powershell window prior to opening up Studio or a StoreFront MMC snap-in on any server in the StoreFront cluster
12. Although this one is not strictly new to StoreFront 3.8 and XenApp/XenDesktop 7.12 its often an overlooked feature (For CTX SysAdmins) which is the ability to securely export and then re-import your entire StoreFront configuration including using PoSH credentials for (de)encryption of the backup configuration. To learn more please check out – http://docs.citrix.com/en-us/storefront/3-8/export-import-storefront-config.html and use the feature prior to any StoreFront upgrades or migrations.
Deprecation Forecast
I would strongly recommend that you review and understand the Deprecation forecast announcements made during the XenApp/XenDesktop 7.12 release which is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new.html#par_anchortitle_5da8.
Deploying a Citrix Cloud – XenApp and XenDesktop Service PoC
The following content is a brief and unofficial overview of how-to front your virtual apps & desktops powered by Citrix Cloud XenApp & XenDesktop Service and the NetScaler Gateway Service using an Azure (IaaS) resource location. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions, best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
XENAPP – xa
XENDESKTOP – xd
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
VIRTUAL DESKTOP – vd
THINWIRE COMPATIBLE MODE – tcm also known as ecm or thinwire+
SELF-SERVICE PASSWORD RESET – sspr
VIRTUAL GPU – vgpu
PROOF OF CONCEPT – poc
XENAPP AND XENDESKTOP SERVICE – xad service
CITRIX CLOUD CONNECTOR – CC Connector
ACCESS CONTROL LISTS – acl
FIREWALL – f/w
What is Citrix Cloud?
Firstly this blog post will be updated through-out Nov, Dec 2016 as I still have a few minor additions and adjustments to make but in principle this blog post should help you stand up a Citrix Cloud – XAD Service PoC successfully with your chosen resource location.
Citrix Cloud provides a control plane that includes Citrix technologies as services e.g XenApp and XenDesktop Service that allows Citrix SysAdmin’s to setup, configure and deliver virtual apps & desktops to users on any device, anytime and from any location from your chosen resource location which could be hosts runnings in a data centre running XenServer, Hyper-V, Acropolis*, vSphere vs. hyper-converged appliances (Nutanix*, Atlantis) or it could running in an IaaS or public cloud providers e.g Azure or AWS e.t.c
Your resource location of choice is connected to the Citrix Cloud control plane through something called the Citrix Cloud Connector which is installed onto a supported Windows server OSes that is domain-joined in pairs which runs a services that communicates to the control plane outbound on HTTPS/443 which also has the added benefit of NOT requiring any type of VPN (SSL, R/A or IPSec GRE Tunnel)!
Adopting Citrix Cloud introduces an evergreen or SaaS-style update(s) approach to the Citrix infrastructure components as an example within the XenApp and XenDesktop Service e.g the controller, licensing server, storefront are hosted and managed by Citrix and auto updated (evergreen) thus reducing infrastructure updates, upgrades so IT can focus on other workspace projects e.g implementing Skype for Business – http://axendatacentre.com/blog/2016/04/25/deploying-skype4b-2015-offloaded-from-a-citrix-hdx-virtual-app-or-desktop/ or daily tasks, activities thus reducing System Administration time which equates to cost savings or shifting more IT time onto providing the very best near to local like delivery and user experience as they have more time.
The Goal of this PoC
In this blog post I will describe how-to setup and deploy the “Citrix Cloud – XenApp and XenDesktop Service” using Microsoft Azure as my resource location of choice for this PoC to deliver virtual apps & desktops (Server based) including enabling remote access in its simplest form using the NetScaler Gateway Service which enables secure, remote access to virtual apps & desktops from anywhere with an internet connection using the Citrix Receiver or the HTML5 Receiver all without having to deploy a NetScaler in your resource location – https://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html and accesing a published Skype for Business 2015 HDX optimised virtual app powered by the HDX Optimisation Pack 2.x.n – http://docs.citrix.com/en-us/hdx-optimization/2-1.html published from a Windows Server 2012 R2 OS server to virtual desktop powered by Windows Server 2016.
Traffic Flows, Metadata & Credential Handling
The following provides insight into the traffic flows when/how users connect to there virtual apps & desktop when using the Citrix Cloud – XenApp and XenDesktop Service.
NetScaler Gateway Service
http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html
XAD Service
http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html
Comparing services and pricing is available at – https://www.citrix.com/products/citrix-cloud/subscriptions.html
Pre-requisites & System Requirements
0. Trial Checklist – http://docs.citrix.com/content/dam/docs/en-us/workspace-cloud/downloads/apps-desktops-trial-checklist.pdf which via the XAD Service eDoc root at – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service.html.
1. An Azure subscription with sufficient credits and compute resources for your own personal requirements for your own PoC. You’ll also need to understand the concepts of Azure so I’d suggest you begin with reviewing the online documentation available at – https://azure.microsoft.com/ or visit VMFocus blog at https://vmfocus.com/2016/11/07/70-533-implementing-microsoft-azure-infrastructure-solutions-prep-exam-experience/ and scroll to the prepartion text in bold.
2. A Citrix Cloud account with access to the XAD Service check out – https://www.citrix.com/products/citrix-cloud/ for details and information about a trial.
3. Citrix Cloud Connector downloaded from your XAD Service to your Azure resource location onto a shared folder e.g network share on your Windows domain controller or file server. For the basic’s of how-to download and install check out the installation overview at – http://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-connector/installation.html.
4. Download the VDA’s from https://apps.cloud.com/downloads which is only accessiable once your have sucessfully authenticated at https://citrix.cloud.com/.
5. A Windows Server 2012 R2 VM running at a min “Active Directory”, “DNS” and the “Citrix Cloud Connector” and one more VM optional only if you want to keep costs down but preferred to match a real-work scenario would be to have a second Windows Server 2012 R2 VM running the “Citrix Cloud Connector” so that you have a pair of connectors talking to Citrix Cloud.
6. A pair of Windows Server 2012 R2 one to be used for or as a +hosted shared server virtual desktop and the other to deliver virtual apps e.g Skype for Business 2015-16 HDX Optimised Doc’s – http://docs.citrix.com/en-us/hdx-optimization/2-1/hdx-realtime-optimization-pack-overview.html, video overview at – https://www.youtube.com/watch?v=IpOSi_FkA7c.
7. A Windows Server 2016 VM to be your second +hosted shared server virtual desktop (Preferred choice for me :-)) so you can demonstrate publishing virtual apps into both +virtual desktops and demonstrate Windows Server 2016 as a DaaS VD or just a show and tell back to your organisations management to begin thinking moving to Windows Server 2016 from 2008 R2 or 2012 R2.
Deploying your Citrix Cloud Connectors
1. Prior to starting your installation please be sure to switch “Enhanced Security Configuration (ESC)” off during the installation.
2. Right-click on the CC Connector and run as Administrator.
3. Enter in your Citrix Cloud Administrator access details and you’ll receive a list of available customer accounts in your case you should only have one so select it and continue.
4. The installation will install the required software components and prior to finishing it will perform “connectivity test” this will take up to 60 seconds.
5. Make some coffee or tea if you’re British or a British South African born while the Citrix Cloud Connector communicates with the Citrix CLoud control plane successfully registers.
6. Navigate to Citrix Cloud select from the menu bar in the top left-hand corner “Identity & Access Management” on the “Domains” tab you should now see your domain with a status of “Ready ✓” if you see amber anywhere this is because one of your connectors is not in a ready state or you only have 1x connector in your choosen resource location.
7. Don’t proceed until your connector(s) are in a Ready ✓ state in Citrix Cloud, this is very important!
Deploy your Virtual Apps & Desktops
1. At https://citrix.cloud.com/ select under “Services List” parallel to the “XenApp and XenDesktop Service” click on “Manage” blue button. Note that you can also get to mgmt consoles by clicking the menu icon top left-hand corner and from the list select the service that you wish to administer e.g XAD Service.
2. You’ll now be redirected to https://apps.cloud.com/ and scroll to the bottom of the webpage to identify what your cloud hosted StoreFront server address is e.g https://tttemea10.xendesktop.net/Citrix/StoreWeb/, right click and say open in a new tab.
3. Now click on the downwards arrow on “Manage” and you’ll see two options e.g “Service Creation” and “Service Delivery”. Please click on Service Delivery which should take you to https://apps.cloud.com/delivery and you’ll see the below available options. Simply toggle to select your preferred delivery options for delivery of your virtual apps & desktops choosing in this case to utilise the Citrix Cloud – XAD Service cloud hosted StoreFront and or NetScaler Gateway Service. I will follow-up with another blog post in the future covering off deploying this PoC BUT using StoreFront and NetScaler (Unified) Gateway in your chosen “resource location” BUT for now I am keeping it clean and simple. Please verify that your toggle’s match what you see in the below image prior to proceeding (Also see the 3rd tip!!!). If want to use StoreFront – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/setting-up-storefront.html and NetScaler – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/getting-started.html#par_anchortitle_1403 in your resource location the read the provided links above.
TIP/HINT 1: You can choose to toggle off “Session Reliability”.
TIP/HINT 2: Where you configure the XAD Controller point this to the Citrix Cloud Connector.
TIP/HINT 3: The NetScaler Gateway Service is sold separately from the XAD Service as of 2017 Q1 ref – https://www.citrix.com/products/citrix-cloud/subscriptions.html
4. Now click on the downwards arrow on “Manage” and now please click on Service Creation which should take you to https://apps.cloud.com/manage you’ll notice a spinning icon in the middle of your screen for a few seconds and then your securely hardened Studio console will be avaiable to you published using the latest HTML5 Receiver which includes auto screen resizing dynamically (change the browser window size :-)), copy and paste.
5. Create your “Machine Catalog(s)” as per normal if your unsure then follow the steps as outlined at http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/install-configure/machine-catalogs-create.html then return back to Citrix Cloud published Studio. Create three machine catalog’s if following the blog post 1x machine catalog for virtual apps powered by Win Srv 2012 R2, 2x virtual desktops one powered by Win Server 2012 R2 and one by 2016. Once you have created your machine catalog’s then check that the VM within each “Machine Catalog(s)” have a successful Registered State if the VM(s) in your each catalog(s) don’t register then review my quick troubleshooting guidance below at the end of this blog article.
6. Next create a “Delivery Group” almost like normal once agian if your are unsure the how-to is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/install-configure/delivery-groups-create.html remeber agin if following this blog post 1x delivery group for virtual apps powered by Win Srv 2012 R2 and 2x delivery groups for virtual desktops powered by Win Server 2012 R2 and 2016 BUT there is one very important exception which is that once you select the machines and you get to the user section be very sure to select “⚹Leave user management to Citrix Cloud. This makes the Delivery Group available as an offering when configuring your Citrix Cloud Workspaces.” – http://docs.citrix.com/en-us/citrix-cloud/overview/get-started/creating-and-publishing-a-workspace.html.
⚹
6. Now that you have created a Machine Catalog, Delivery Group you need to assign users to these resources so click the menu icon in the top left-hand corner and select “Workspaces“. You’ll see “My First Workspace” just ignore it for now and select the “+ Workspaces” icon it’s large you just cannot miss it! Note that workspaces are now referred service offerings which you assign to users from your Library – http://docs.citrix.com/en-us/citrix-cloud/overview/get-started/assigning-users-to-offerings-using-library.html.
7. Enter in a name for your workspace e.g PoC Workspace.
8. Select “✎ Manage” under your Workspace name and now from the available “Citrix Cloud Services” list select the “XenApp and XenDesktop Service” and you’ll see your delivery group(s) dependant if you completely followed this blog post on the right-hand side so simply select your virtual apps and virtual desktops that you wish to publish to this workspace, it’s your choice but in this PoC we’ll be selecting all avaiable delivery groups to delivery virtual apps & desktops. Once selected click on “Update Workspace” blue button above.
9. Your workspace now contains virtual apps & desktops that can be consumed by subscribers e.g users.
10. Now that you have created your first Workspace e.g PoC Workspace in Citrix Cloud using the XenApp & XenDesktop Service all that is left to do is to add users BUT in a Citrix Cloud world they are known as “subscribers“!
11. Select your e.g PoC Workspace once more and click on “Subscribers” tab and you’ll see a domain list below on your left-hand side so select your “domain” and to your right you’ll see an input field type in your subscriber’s username e.g lynd which will then query your AD via the Citrix Cloud connector securely and it will find and return your user(s) e.g lyndon-jon@x1co.eu and once it is listed select the user(s) from your query and they will be added to the list below, now repeat the process to add all other test/poc subscribers or AD test/poc security groups to your e.g PoC Workspace and then click on the “Update Workspace” blue button above to save the subscribers to this workspace.
TIP/HINT: You can also select AD Security Groups not just AD users.
Initial Test
Your users/subscribers should now be able to login to the Cloud hosted StoreFront available at e.g https://YOURCUSTOMERNAME.xendesktop.net using an HTML5 internet browser or Citrix Receiver.
HDX Policies
Please assign your policies as you prefer to users, delivery groups e.t.c. You’ll also notice that I have not applied a FPS limit to every policy only the ones that are balanced as most often these need to adjusted to be fit for purpose for standard office workers to enable user density gains on the backend and bandwidth savings while maintaining a decent and good UX. My personal preference is “HDX Adaptive Display v2“.
HDX Adaptive Display v2 | HDX Adaptive Display v2 (Balanced) | Thinwire Compatible Mode | Thinwire Compatible Mode (Balanced) | H.264 |
1.”Use video codec for compression” then select the option to be “For actively changing regions“ | 1.”Use video codec for compression” then select “For actively changing regions“ 2. “Preferred color depth for simple graphics” then select “16 bits per pixel” and also try 24. |
1.”Use video codec for compression” then select the option to be “Do not use video codec“ | 1.”Use video codec for compression” then select the option to be “Do not use video codec“ 2. “Preferred color depth for simple graphics” then select “16 bits per pixel” and also try 24. 3. “Frames Per Second” then enter in a value of “25-30“. |
1.”Use video codec for compression” then select the option to be “For the entire screen“ 2. “Frames Per Second” then enter in a value of “30” (Optional) |
My personal preferred choice | My 2nd personal preferred choice |
Advanced Remote Access using a NetScaler in your Resource Location with(out) StoreFront
The following has been tested using the latest NS firmware 11.1 available in the Azure marketplace as of 05/03/2017.
1. Login to NetScaler admin WebUI using the following firmware 11.1.x.n
2. Check that your appliance is correctly licensed.
3. Select the “Unified Gateway” wizard.
4. Enter in your assigned VIP (private IP addr or in Azure NSIP:8443) and enter in a vServer friendly name e.g myUG
5. Select to “Install Cert” a valid public CA signed cert either *.pfx vs. *.pem.
6. Configure LDAP either use an exciting or add a new server for LDAP auth and choose the “Server Logon Name Attribute” as userPrincipalName .
7. Select “Portal Theme” and select “RfWebUI”
8. Now under the under “Applications” select and add “XenApp/XenDesktop” and now enter in your resource location or Cloud-Hosted StoreFront “FQDN” and select “Test Connection” which should retrieve and auto configure the required settings and thereafter a green bar will appear if successful if not then manually configured based upon the following guidance below.
– Enter in “Site Path” e.g /Citrix/StoreWeb/
– Enter in your Sign Sign-on Domain e.g x1co.eu
– Enter in “Store Name” e.g Store
– Enter in “Secure Ticket Authority (STA) Server” which will be the Citrix Cloud Connector IP addr
– StoreFront server IP Addr:
Option 1 – If using the cloud-hosted StoreFront FQDN e.g https://*.xendesktop.net then please use the IP addr of the Citrix Cloud Connector in your resource location.
Option 2 – If using a StoreFront server in the resource location please use its IP addr.
9. Do not configure a “Xen Farm” please just select and “Continue” and complete steps to finish the Wizard.
10. The dashboard overview of “Unified Gateway” should indicate all up and green.
Remote PowerShell SDK for the XenApp and XenDesktop Service
Coming but have a read of – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/remote-powershell-sdk.html in the intermin.
Troubleshooting Guidance
VDA Registration Issue
1. Make sure that forward and reverse DNS is setup correctly for the VDA’s and the CC Connectors.
2. Check that the following Citrix Cloud services “Citrix Remote Broker Provider” and “Citrix Cloud Agent System, Logger & WatchDog“are successfully started on your Citrix Cloud Connector(s) VM instances.
3. Ensure that HTTPS/443 is NOT disabled outbound on any of your CC Connectors either via the Windows Firewall or your hardware or virtual f/w ACL’s.
Setup Pre-Authentication Endpoint Analysis (EPA) Policy with an Azure NetScaler (Unified) Gateway 11.x.n
The following content is a brief and unofficial overview of how-to setup an Endpoint Analysis (EPA) scan of Windows and Mac devices with an Azure NetScaler (Unified) Gateway VPX 11.x.n using Microsoft Azure (ARM). The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions, best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
ENDPOINT ANALYSIS – epa
FIREWALL – f/w
ANTI-VIRUS = a/v
NETSCALER UNIFIED GATEWAY – nug
NETSCALER GATEWAY – nsg
XENAPP – xa
XENDESKTOP – xd
VIRTUAL DESKTOP – vd
PRE-AUTHENTICATION – pre-auth
CONFIGURATION – cfg
MICROSOFT – ms
What is an Pre-Authentication EPA Scan?
Citrix NUG provides an ability to perform and enforce end-point security checks using the NetScaler’s EPA agent which installed onto supported OSes (Windows, OS X) which then sends the results to the NUG to validated against preconfigured “Preauthentication Policy(s)” which check’s if e.g the Windows Firewall enabled? If YESthen the user is allowed to procced to logon page and if NO the user is denied access until all outstanding end-security requirements have been successful meet.
You can create pre-auth policies using Opswat – http://citrix.opswat.com/ to check for A/V including min version, precense of exsiting registry entries, file policies and much more so be sure to check out https://docs.citrix.com/en-us/netscaler-gateway/11/vpn-user-config/endpoint-policies/ng-endpoint-expressions-client-security-preauth-con.html for more in-depth detail.
User Workflow of Pre-Authentication EPA Scans
1. User attempts to login by opening an internet browser e.g Internet Explorer or Google Chrome and navigates to at https://go.x1co.eu/
2. The user is automatically re-directed to https://go.x1co.eu/epa/epa.html
3. The user will be prompted after 10 seconds if they do not have the EPA agent installed to install it with the download initiating from the NetScaler on https://go.x1co.eu/epa/epa.html.
4. The user follows the onscreen instructions to install the EPA agent and after it’s installation the EPA scan begins automatically.
5. The scanned results are sent to the NetScaler at https://go.x1co.eu/.
6. The NetScaler verifies the sent scanned results based upon the pre-auth policy cfg configured in the “Preauthentication Policy(s)” on the NUG and then returns a pass vs. fail to the device. If the device receives a Pass then the user can login with there organisation credentials at – https://go.x1co.eu/vpn/index.html and if its a Fail then the user is redirected automatically to https://go.x1co.eu/epa/errorpage.html and they should thereafter contact there organisations IT support department with the Case ID presented to the user onscreen to help resolve and validate the end-users required end-point security requirements to be able to login successfully.
The following Image 1 below describes visually the user flow once the end-user has the NetScaler EPA agent installed and a scan is initated if sucessful the user can then attemp to auth against the NetScaler UG and will be presented with various options as configured by the NS & CTX SysAdmins but lets assume they have all three options avaiable to them as part of the NetScaler Unified Gateway offering and the user in this example elect’s to select a virtual desktop from XAD as seen in the Image 2 below.
Image 1
Image 2
Setup Pre-Authentication Policy on your NetScaler 11.x.n+ for a PoC
The following will descirbe’s how-to setup & bound a pre-authentication policy to check the min ClamWin Anti-Virus version installed onto a Windows desktop OS and to check that your Windows Firewall actually ENABLED!
1. Setup your NetScaler Unified Gateway following this detailed Citrix CTX article – https://support.citrix.com/article/CTX205295.
2. Test that you can actually login to your configured NetScal UG and launch a virtual app or desktop or connecting to an internal intranet homepage using the clientless VPN feature prior to proceeding.
3. Go back to the NS Admin WebUi & then navigate to “NetScaler Gateway > Policies > Preauthentication Profiles > Add“.
4. Select “Add” and enter in a name for your policy e.g PreScanPoC and ensure that the “Action” field is set to “ALLOW” then click “Create“.
5. Now in the Expression Editor input field below click on the link entitled “OPSWAT EPA editor“.
6. Now select “Windows” next select “Firewall” then search for and select “Microsoft Windows Firewall” then click on the “+” symbol and configure as follows below:
Version <
Enabled == TRUE
Comment == Microsoft Windows Firewall
7. Next click on “OPSWAT EPA editor” once again & now select “Windows” next select “Antivirus” then search for and select “*YOUR PREFFERD & SUPPORTED ANTI-VIRUS” then click on the “+” symbol and configure as follows below replacing ClamWin Free Antivirus with your *:
Version < 0.99.1
Enabled ==
Comment == ClamWin Free Antivirus
Or if you prefer you could also just copy and paste the following into your expression editor input box “CLIENT.APPLICATION(‘ANTIVIR_177001_VERSION_<=_0.99.1[COMMENT: ClamWin Free Antivirus]') EXISTS && CLIENT.APPLICATION('FIREWALL_6015_ENABLED_==_TRUE[COMMENT: Microsoft Windows Firewall]') EXISTS” or if you only want to configure the pre-auth policy to just detect if your MS Windows Firewall is disabled and deny access then copy and paste the folllwing into the expression editor input box “CLIENT.APPLICATION(‘FIREWALL_6015_ENABLED_==_TRUE[COMMENT: Microsoft Windows Firewall]’) EXISTS“.
8. Once you have finished your inputs then select “Ok“.
9. Now click on the “Action” drop down above and select “Global Bindings“, next select the “pencil icon” and select your created policy e.g “PreScanPoC” as described eariler, once you return back to the Policy Binding view select “Bind” and click “Close”.
10. Now using the menu on the left-hand side navigate to “NetScaler Gateway > Virtual Servers” and select your Unified Gateway configuration and select “Edit”.
11. Scroll to the bottom and look for the “Policies” section and click on the “+” symbol.
12. Next from the “Choose Policy*” drop down list select “Preauthentication” and the “Choose Type*” default should be “Request” and then click on “Continue“.
13. Parallel to “Select Policy*” select the “❯” then select your Preauthentication Policy e.g “PreScanPoC“.
14. Select “Bind” then click on “Close”.
15. Click on “Done” and now you have setup & configured your first pre-authentication Endpoint Analysis (EPA) policy against your NetScaler Unified Gateway configurtion of your Azure NetScaler (Unified) Gateway 11.x.n VPX.
16. Naviagte to your FQDN e.g https://go.x1co.eu/ and attempt to sign-in and you’ll notice it will prompt you to install the EPA agent and thereafter automatically initate the EPA scan which will either allow or deny your access e.g turn your Windows f/w on an off to test how the EPA scanning works.
Troubleshooting
As I only have a Windows laptop my suggusted troubleshooting is only relevant to Windows OSes.
1. On Windows click Start -> Run -> enter in “%localappdata%\Citrix\AGEE\” once Windows Explorer opens the window you can open and review each file for errors however in most cases I would sugguest if you are just trying to get an EPA scan to work based upon this blog article then copy and paste the Windows f/w expression only.
Citrix NetScaler How-to Guides
The follow guides and more can be found at the NetScaler Developer Community webpage – https://www.citrix.com/go/citrix-developer/netscaler-developer-community/howto-guides.html which also includes how-to guides for HDX Framehawk, GSLB, L/B DNS traffic and much much more. The below guides are purely focused on configuriung pre-authentication scans on your NUG prior to allowing to attempt to login.
1. How do I configure EPA for Registery Check – https://www.citrix.com/content/dam/citrix/en_us/citrix-developer/documents/Netscaler/how-do-i-configure-epa-for-registery-check.pdf
2. How do I configure EPA for Symantec Antivirus Check – https://www.citrix.com/content/dam/citrix/en_us/citrix-developer/documents/Netscaler/how-do-i-configure-epa-for-symantec-antivirus-check.pdf
3. How do I configure EPA for Windows Update Check – https://www.citrix.com/content/dam/citrix/en_us/citrix-developer/documents/Netscaler/how-do-i-configure-epa-for-windows-update-check.pdf
Top 10 Suggested Unified Experience Tips for Citrix Users 2016
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
XENDESKTOP – xd
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
EXPERIENCE 1st – x1
XENAPP – xa
VIRTUAL DESKTOP – vd
THINWIRE COMPATIBLE MODE – tcm also known as ecm or thinwire+
SELF-SERVICE PASSWORD RESET – sspr
VIRTUAL GPU – vgpu
PROOF OF CONCEPT – poc
Suggested Top 10 for 2016
This is numbered 1 through 10 but in reality is in no particular order!
1. E-mail discovery for Citrix Receiver using DNS SRV records – http://docs.citrix.com/en-us/receiver/windows/4-3/receiver-windows-install-wrapper/receiver-windows-cfg-command-line-42.html internally and externally on the Gateway – http://docs.citrix.com/en-us/netscaler-gateway/10-1/ng-xa-xd-integration-edocs-landing/ng-clg-integration-wrapper-con/ng-clg-session-policies-overview-con/ng-clg-storefront-policies-con/ng-clg-storefront-email-discovery-tsk.html.
2. Implement SplitDNS or more technically correct “split-horizon DNS” – https://en.m.wikipedia.org/wiki/Split-horizon_DNS my favourite personally over email based discovery :-)!
3. Brand your NetScalers (Unified) Gateway – http://docs.citrix.com/en-us/netscaler-gateway/11-1/vpn-user-config/custom-portal.html and App Store (StoreFront) – http://docs.citrix.com/en-us/storefront/3-7/manage-citrix-receiver-for-web-site/unified-receiver-experience.html to match and keep it clear, clean and simple!
4. Implement HDX Adaptive Display v2 available in 7.11+ – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/policies/reference/ica-policy-settings/graphics-policy-settings.html as your default Graphics Mode and if you can’t then Thinwire Compatible Mode – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/hdx/thinwire.html.
5. If using Skype for Business 2015 or 2016 implement the HDX RealTime Optimisation Pack 2.x.n http://docs.citrix.com/en-us/hdx-optimization/2-1/hdx-realtime-optimization-pack-overview.html to offload the video/audio to the local end-points (Windows, Mac and Linux) saving on backend compute and density loss for XenApp.*
6. Implement domain pass-through for internal users – http://docs.citrix.com/en-us/storefront/3-7/plan/user-authentication.html.
7. Deploy the (latest) HTML5 Receiver for remote access – http://docs.citrix.com/en-us/receiver/html5/2-2/user-experience.html.
8. When using Citrix Receiver for Windows (with HDX engine 14.4), the GPU can be used for H.264 decoding wherever it is available at the client – http://docs.citrix.com/en-us/receiver/windows/4-5/improve.html.
9. Deploy Self-Service Password Reset (SSPR) – http://docs.citrix.com/en-us/self-service-password-reset/1-0.html.
10. The most difficult to justify probably re the cost(s) but assigning a low end vGPU GRID profile or utilising the Intel Iris Pro Graphics with XenServer 7 to provide enough/suitable GPU capacity to all virtual apps & desktops (oldISH and modern) provides a much better experience so setup a PoC to see and try if for yourself and finally NVidia now supports H.264 offloading onto there GRID Cards in 7.11 🙂 – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/whats-new.html#par_anchortitle_59c9.
Front XenApp 7.11+ in Azure with NetScaler (Unified) Gateway 11.x.n
The following content is a brief and unofficial overview of how-to front your virtual apps & desktops powered by XenApp 7.11 with NetScaler 11.x.n using Microsoft Azure (ARM). The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions, best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
XENAPP – xa
XENSERVER – xs
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
INDEPENDENT COMPUTING ARCHITECTURE – ica
NETSCALER – ns
NETSCALER UNIFIED GATEWAY – nsug
AZURE RESOURCE MANAGER – arm
IDENTITY ACCESS & MANAGEMENT – iam
MULTI-FACTOR AUTHENTICATION – mfa
SECURITY ASSERTION MARKUP LANGUAGE – saml
Why this Blog Article?
I’ve had a lot of cloud 1st strategy conversations with IT Pro’s, Citrix SysAdmins & organisations alike recently so I thought everyone whom is searching for how-to front XenApp with an Azure NetScaler could benefit from this blog post :-). This blog post covers a how-to even with NetScaler in single IP mode to achieving https://FQDN (Image 2) for the gateway vs. https://FQDN:8443 (Image 1) when deploying NetScaler in Azure (ARM).
Deploying NetScaler 11.x.n using Azure Resource Manager (ARM)
1. Login to https://portal.azure.com
2. I presume that you have setup a your network, IAM if not refer to https://azure.microsoft.com/en-gb/get-started/ for getting started how-to from Microsoft.
3. Click on + New in the top left of the ARM web ui and type in NetScaler and select NetScaler VPX Bring Your Own License or for a quick review check out – https://azure.microsoft.com/en-gb/marketplace/partners/citrix/netscalervpx110-6531/.
4. Click Create
5. Enter in a name for your NS virtual appliance e.g ne1nug01 and select the VM disk type
5. Enter in a username and choose auth to be either SSH public key or Password I choose password to access the NS Admin WebUI for simplicity of all readers of this blog.
6. Select your chosen of default Subscription if you have more than one and then select your existing Resource Group where you XenApp 7.11+ environment and XenApp 7.11+ VDA Workers and your mgmt. VM running AD/DNS server resides. Remember I am keeping this simple as it’s intended for PoC’s only!
7. Continue to select your chosen Azure instance for NetScaler I choose DS2_V2 Standard which consists of 2 Cores, 7GB of RAM.
8. Select your storage account, virtual network & subnet e.t.c and high availability set then click Select to continue.
9. Review your purchase of NetScaler and then click Ok to purchase and Azure will begin building your NetScaler VPX in your Azure chosen subscription which will take no more typically than 10 minutes.
Setting up & Licensing your NetScaler on Azure
Firstly be aware that when deploying a NetScaler instance on Azure for virtual apps & desktops you’ll be setting up NetScaler to run in single IP mode (YES!) which means that you’re connecting to internal TRU resources on the NetScalers IP addr (NSIP) but you connect using different ports e.g ICA Proxy on 8443 so lets begin with the setup.
1. Login into your NetScaler using the NS Admin Web UI do not provide a SubnetIP Addr (SNIP) just select Do It Later and proceed with the initial setup as per normal.
2. Now that you have setup your NetScaler you need to license it so remain logged into and open a new tab in your browser of choice and Google “Citrix Eval Store” or save this link – http://store.citrix.com/store/citrix/en_US/cat/ThemeID.33753000/categoryID.63401700
3. Select under Networking -> NetScaler ADC
4. Next select the following model “VPX” select variation e.g “Platinum 1000” select duration e.g “90 Days”.
5. Complete the onscreen process note that you will require a .Citrix.com account or you need to create an account.
6. Once you receive an e-mail with your key/code head over to at https://www.citrix.com/account/toolbox/manage-licenses/allocate.html or goto and select find and allocate your licenses or look for the licensing button (link) and select it.
7. If your key/code it not visible select “Don’t see your product?” in text in/around the top right-hand side. A pop-up appears now enter in the code provided on e-mail from the Citrix Eval Store e.g “CTX34-XXXXX-XXXXX-XXXXX-XXXXX” and continue.
8. You will need to enter in the Host Id of your NetScaler it can be found once logged in using the NS Admin Web UI “NetScaler -> System -> System Information” then look under the heading “Hardware Information” and you find “Host Id” copy and paste it into the required field and then download the license file.
9. In the NS Admin Web UI click the cog icon top right then select licensing and upload the license and select to reboot the NS to apply the license.
10. Log back in and enable the features that you require e.g right click on the “NetScaler Gateway” and select “enable” e.t.c
Setup Type Choice 8443 Default without an Azure L/B for XenApp using the XenApp/XenDesktop Wizard
Now that you have setup NetScaler within your Azure subscription in your chosen region you’re ready to begin setting up NetScaler to front virtual apps & desktops (Server OS 2012 R2 or 2016) powered by XenApp 7.11+.
Sample Text Based Diagram
User | Azure | NetScaler | StoreFront | XenApp |
https://FQDN:8443/ | ↔ | Accepts requests from Azure to NSIP on https://8443 (Single IP Mode) | Accepts requests on the Gateway & Call-back FQDN on https://FQDN:8443 | Accepts & launches user’s virtual app(s) & desktop(s) as requested |
1. Login to your NetScaler VPX click “Settings -> Licensing” now check that License type is Platinum and Model ID 1000
2. Select the XenApp/XenDesktop wizard and review the prerequisites carefully prior to continuing BUT in summary you’ll need an SSL Cert, LDAP service account + details, XenApp 7.11+ environment with StoreFront.
3. Enter in the static IP addr assigned by Azure or OTHER METHOD of your NetScaler VPX YES that’s right!
4. IMPORTANT STEP: Change the default port of 443 to 8443 on the Gateway IP addr
5. Set Up the rest of the XAD wizard as normal
6. IMPORTANT STEP: Setup StoreFront to allow remote access however the configured default gateway and Call-back FQDN addresses MUST include 8443 e.g https://go.x1co.eu:8443 instead of just https://go.x1co.eu
7. Setup external DNS entries e.g go.x1co.eu to point to your NetScalers static IP addr found in the Azure ARM Web UI and once you have verified it is functioning correctly using a shell (IPCONFIG /FLUSH after settin-up the DNS entries waiting 10-15 min depednant upon your ISP) the open up an internet browser and type in e.g https://go.x1co.eu:8443 and dont forget the :8443 at the end of the FQDN.
8. Attempt to login either using sAMAccountName e.g username or userPrincipalname e.g username@x1co.eu and then you should be able to successfully login and launch your virtual apps & desktop as per the below image.
Image 1
Setup Type 443 for XenApp using an Azure Load-Balancer & the NetScaler XenApp/XenDesktop Wizard
Sample Text Based Diagram
User | Azure | Azure Load-Balancer | NetScaler | StoreFront | XenApp |
https://FQDN/ | https received request and forwarded to NetScaler on https://FQDN:8443 |
Accepts requests from Azure L/B on https://FQDN fwd to NSIP on https://8443 (Single IP Mode) | Accepts requests on the Gateway from HTTPS://FQDN but the Call-back FQDN is on https://FQDN:8443 | Accepts & launches user’s virtual app(s) & desktop(s) as requested | |
↔ | https://FQDN ↔ AzureL/B ↔ NetScaler:8443 | NetScaler https://FQDN:8443 ↔https://FQDN StoreFront | StoreFront Call-back https://FQDN:8443 | ||
StoreFront configured NetScaler Gateway https://FQDN |
1. If you are choosing this option as your preferred lets hope then complete steps 1-5 and also step 7 to save you time!
2. IMPORTANT STEP: Setup StoreFront to allow remote access however the configured default gateway MUST BE e.g https://go.x1co.eu NOTICE NO :8433 YES not :8443 here. Now on the call-back FQDN addresses YOU MUST include 8443 e.g https://go.x1co.eu:8443 instead of just https://go.x1co.eu otherwise fronting NS with an Azure L/B to acheive HTTPS://FQDN for the XAD Gateway (ICA Proxy) will NOT WORK!!!!
3. Now switch to the Azure ARM Web UI. You should probably read the following useful resources – https://azure.microsoft.com/en-gb/documentation/articles/load-balancer-overview/ and for PowerShell creation check out – https://azure.microsoft.com/en-gb/documentation/articles/load-balancer-get-started-internet-arm-ps/ for any Citrix consultants out there.
4. Azure Load-balancer and click on the “+” at the top and provide a “Name” and for the type choose “Pubic” and select your Azure “Subscription” “Existing Resource Group” and its location (Same as NetScaler deployed instance) then click “Create”
5. Now it will list the available public IP addr just select the “+”
6. Enter in a name and choose your assignment choice “Dynamic” vs. “Static” and click OK.
7. Azure will then provision your Azure L/B (Wait….Maybe coffee or tea break?)
8. Once created select your Azure L/B
9. Select “Backend Pools” enter in a name then choose your availability set and then your VM’s or VM e.g NetScaler. Azure will then provision your Azure L/B with a backend pool (Wait….)
10. Select “Frontend IP Pool” click “+” enter in a name then choose your IP addr e.g NetScaler VM and then enter in a name (all names should differ makes identification easier so a good naming convention helps 🙂 now) and choose your assignment choice “Dynamic” vs. “Static” and click OK (Updating….)
11. IMPORTANT STEP: Select “Inbound NAT Rules” select the resource from your Frontend IP Pool list from the previous point (10). Select the service “HTTPS” and port to be 443 then select the target “NetScaler VM” and then vErY iMpOrtAnt select under “Port Mapping -> Custom” and in the “Target Port enter in 8443” and click save. (Wait…)
12: Now navigate to https://FQDN and attempt to login either using either sAMAccountName e.g username or userPrincipalname e.g username@x1co.eu and thereafter you should be able to successfully launch your virtual apps & desktop published by XenApp 7.11+. The below image represents the end goal when fronting an Azure NetScaler in Single IP Mode with an Azure Load-Balancer as per the below image.
NetScaler VPX in Azure Deployment Guide
http://docs.citrix.com/content/dam/docs/en-us/workspace-cloud/downloads/NetScaler-VPX-in-AZURE-Deployment-Guide.pdf
Advanced Setup & Configuration
The following how-to’s are from a 2016 Citrix Technology Advocates (CTA) – https://www.citrix.com/blogs/2016/05/23/expanding-recognition-for-community-contributors-citrix-technology-advocates/ Dave Bretty – http://bretty.me.uk/ which covers off how-to setup and configure FAS, NetScaler SAML/ADFS Proxy, Azure MFA and much more, so follow the links in order listed below.
1. http://bretty.me.uk/putting-it-all-together-citrix-xendesktop-adfs-azure-mfa-netscaler-unified-gateway-and-citrix-fas-part-1/
2. http://bretty.me.uk/putting-it-all-together-citrix-xendesktop-adfs-azure-mfa-netscaler-unified-gateway-and-citrix-fas-part-2/
3. http://bretty.me.uk/putting-it-all-together-citrix-xendesktop-adfs-azure-mfa-netscaler-unified-gateway-and-citrix-fas-part-3/
4. http://bretty.me.uk/putting-it-all-together-citrix-xendesktop-adfs-azure-mfa-netscaler-unified-gateway-and-citrix-fas-part-4/
5. http://bretty.me.uk/putting-it-all-together-citrix-xendesktop-adfs-azure-mfa-netscaler-unified-gateway-and-citrix-fas-part-5/
6. http://bretty.me.uk/putting-it-all-together-citrix-xendesktop-adfs-azure-mfa-netscaler-unified-gateway-and-citrix-fas-part-6/
HDX Thinwire “For actively changing regions” or HDX Adaptive Display v2
The following content is a brief and unofficial overview of the new HDX policy setting that enables HDX Adaptive Display v2. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions, best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
XENAPP – xa
XENSERVER – xs
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
INDEPENDENT COMPUTING ARCHITECTURE – ica
HDX ADAPTIVE DISPLAY V2 – hdxadv2
Introduction
The following capability is also referred to as Selective use of H.264, Selective H.264, HDX Adaptive Display v2 and Hybrid mode – https://www.citrix.com/blogs/2016/09/28/hdx-graphics-gone-hybrid/ but in this blog post it’s referred to as “HDX Adaptive Display v2” but its technical accurate name from eDoc’s is “Selective use of a video codec (H.264) to compress graphics” as reffered to here – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/whats-new.html#par_anchortitle_59c9.
Overview
In the release of XAD 7.11 (Seven11) a new Thinwire HDX policy was released which is part of the following policy Use video codec for compression” with the following option selected “For actively changing regions” which enables HDX Adaptive Display v2 – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/whats-kmnew.html#par_anchortitle_59c9 which blends the following Citrix HDX Graphics modes H.264 & Thinwire Compatible Mode together to offer the best UX but also to provide a balanced apporach by implementing the most right vs. relevant HDX graphics mode to offer the best rich & HD experience or near to local-like experience while balancing all compute, network resources between the server and or desktop VDA over the organisational network, internet to the users end-point.
The following CTX blog article – https://www.citrix.com/blogs/2016/09/28/lossless-compression-lowering-the-cost-of-pixel-perfection/ most accurately describes the what, the how and the why? So be sure read it and watch the following YouTube video demonstration entitled “Citrix Desktop Master Class – Adaptive Display v2 Demo by Lee Bushen“.
Understanding Actively Changing Regions
If you take a look at the below example of a YouTube web page (rendered in HTML in Oct 2016) e.g delivered as a virtual app published internet browser or a virtual desktop and you access the above YouTube web page HDX Adaptive Display v2 will selectively utilise H.264, Thinwire and overlay lossless text.
To further understand this in greater details please refer to this Citrix blog article first and foremost https://www.citrix.com/blogs/2016/09/28/lossless-compression-lowering-the-cost-of-pixel-perfection/ and then watch
Citrix Desktop Master Class – What’s New in XenApp/XenDesktop 7.11 – Sept 2016available at – https://www.youtube.com/watch?v=rGHdTX202_U but scrub to 1:12:00 if you just want to understand HDX Adaptive Display v2 in greater detail.
Name of application e.g an Internet Browser | ||||||||||||||||||||
|
||||||||||||||||||||
Start menu, taskbar and notification centre |
What’s New and Understanding Citrix XenApp & XenDesktop 7.11 (Seven 11)
The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop 7.11 (Seven 11) prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises.
Shortened Names
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
INDEPENDENT COMPUTING ARCHITECTURE – ica
EXPERIENCE 1st – x1
VIRTUAL DESKTOP – vd
VIRTUAL APPS – va
THINWIRE COMPATIBLE MODE – tcm also known as ecm or thinwire+
UNIVERSAL WINDOWS PLATFORM – uwp
FEDERAL INFORMATION PROCESSING STANDARD – fips
SELF-SERVICE PASSWORD RESET – sspr
PROVISIONING SERVER – pvs
MACHINE CREATION SERVICES – mcs
AZURE RESOURCE MANAGER – arm
What’s New
1. XAD 7.11 infrastructure support on Windows Server 2016 for the Controller, StoreFront, Studio, Director, Server VDA, Session Recording Server & Agent, Universal Print Server.
2. Self-Service Password Reset 1.0 (SSPR) is now part of the StoreFront 3.7 & XAD 7.11 (Platinum feature) release and can be installed on Windows Server 2008 R2, 2012 R2 and 2016* and allows users to unlock or reset their AD passwords through a series of questions. For a detailed overview please read the CTX blog entitled “StoreFront 3.7 has been released!“- https://www.citrix.com/blogs/2016/09/14/storefront-3-7-has-been-released/
3. SQL Server 2014 Express is still installed by default when installing the XAD Controller which became the default in XAD 7.9 release ref – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-9/whats-new.html#par_anchortitle_ddbe so be aware of the installation behavioural changes for SQL and SQL Server 2016 is now supported ref –http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/system-requirements.html#par_anchortitle_384a and for a full list of the supported databases for XAD please refer to http://support.citrix.com/article/CTX114501 which contains and up to date tablised view of XAD versions vs. SQL versions and which are and are’nt supported! Finally DB sizing can be found by referring to the LTSR release of XAD 7.6 at – http://docs.citrix.com/en-us/categories/solution_content/implementation_guides/database-sizing-guidance-for-xendesktop-7-6.html which has great guidance on database sizing for XAD 7.6+.
4. Publish URL’s, documents and media files from network shares (WAHOO!) is now available on as part of the XAD 7.11 release. It currently only supports publishing of content via PoSH cmdlets and all the examples can be found and a detaied overview of the feature is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/install-configure/publish-content.html*.
Example Publishing a Word Document from Citrix eDoc’s*
New-BrokerApplication -Name ReadMe -PublishedName”ReadMe Document” -ApplicationType PublishedContent -CommandLineExecutable \\MyFolderShare\Documents\ReadMe.doc -DesktopGroup Content
5. Use of System Center Virtual Machine Manager to provision VMs used to create AppDisks. If you are unfamiliar with AppDisks the following YouTube video from the Citrix channel demonstrates how’s setup, create and assign your AppDisks to users virtual desktops. There is also a fantastic AppDisks FAQ avaiable at – http://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/xenapp-xendesktop-7-8/downloads/AppDisk%20FAQ.pdf
6. Installation behavioural changes for CIS programs entitled “Citrix Customer Experience Improvement Program (CEIP)” and “Citrix Call Home“. For more information please refer to and read – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/manage-deployment/cis.html.
7. New HDX enhancements include:
– A new HDX policy setting combining Thinwire Compatible Mode (ECM) and H.264 can be enabled by selecting the following policy Use video codec for compression and select For actively changing regions. If you do not then the default HDX graphics mode is used which is Use video codec for compression Use video codec when preferred. For a more detailed overview please check out – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/policies/reference/ica-policy-settings/graphics-policy-settings.html.
– Up to 5% bandwidth reduction with the new behavioural enhancements for video content with Thinwire and requires XAD 7.11 with either Windows Receiver 4.5 or Linux 13.4.
– Support for USB generic mass storage devices for XenApp
– TWAIN 2.0 scanning protocol support with Windows Receiver 4.5+
– New behavioural changes for the optimisation of client USB devices – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/policies/reference/ica-policy-settings/usb-devices-policy-settings.html
– Support for publishing universal apps for Windows 10, Server 2016 using the Microsoft Universal Windows Platform (UWP).
– Support for H.264 hardware encoding with supported nVidia GPU cards (NVENC hardware encoding – https://developer.nvidia.com/nvidia-video-codec-sdk) and also to read the following entitled “Better Together: Citrix XenDesktop 7.11 + NVIDIA GRID” from – https://blogs.nvidia.com/blog/2016/09/14/citrix-xendesktop-nvidia-grid/!
– Default VDA policy settings for XAD 7.11 – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/policies/policies-default-settings.html
8. StoreFront 3.7 includes SSRP 1.0 as mentioned above in point 2., UI support for small form factor devices improving the user’s overall experience when you configur the unified Citrix Receiver experience on StoreFront against your Store(s) which can be configured by reffering to – http://docs.citrix.com/en-us/storefront/3-7/manage-citrix-receiver-for-web-site/unified-receiver-experience.html so when connecting to from e.g Safari on an iPhone your end-users experience is way better try for yourself! Finally a great new addition or rather enhancement to Zones in StoreFront 3.7 & XAD 7.11 is that now client location based zone preference passes the zone information to the controller (required configuration – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/manage-deployment/zones.html#par_anchortitle_1db7) which in turn utilises this information to select the more appropriate workstation/server VDA’s that are closest in proximity to the user so when connecting to virtual apps & desktops there receive the best rich HD experience possible.
9. Windows Server 2016 analysis and reporting including Expanded security analysis with AppDNA 7.11 – http://docs.citrix.com/en-us/dna/7-11/whats-new.html.
10. Automate Director notifications with Citrix Octoblu – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/director/alerts-notifications.html#par_anchortitle_1d19. For a detailed overview and look at this integration be sure to read the blog post – http://horacegoesskiing.com/index.php/2016/09/16/using-xenappxendesktop-7-11-alert-policies-with-octoblu/.
11. Support for Windows Server 2016 as a server and a target platform for PVS 7.11 including an enhanced diagnostic model so much more so be sure to review the PVS 7.11 online documentation at – http://docs.citrix.com/en-us/provisioning/7-11.html.
12. Citrix XenApp and XenDesktop 7.6 FIPS 140-2 Sample Deployments (Technically NOT new but very useful for Citrix customers and partners alike) – http://docs.citrix.com/content/dam/docs/en-us/categories/public-sector/downloads/Citrix%20XenApp%207.6%20and%20XenDesktop%207.6%20FIPS%20140-2%20Sample%20Deployments.pdf
13. Provisioning Citrix workloads in Microsoft Azure using ARM is now available. For a detailed how-to read – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/install-configure/install-prepare/azure-rm.html but before deploying your VM’s be sure to read the following whitepaper entitled “The scalability and economics of delivering Citrix XenApp services from Microsoft Azure” available from – https://www.citrix.com/content/dam/citrix/en_us/documents/white-paper/xa711-scalability-azure-rm.pdf. To get started with deploying and using XenApp 7.x in Azure take a look at deploying the XenApp Trial in the Azure Marketplace at – https://azure.microsoft.com/en-gb/marketplace/partners/citrix/citrix-xacitrix-xa-trial/ which will be you a complete XA 7.x enviromnent in Azure along with StoreFront, NetScaler and 2x VM’s to deliver a server virtual desktop and the other for delivery of just virtual apps.
14. Citrix Receiver 7.1 is ready for iOS 10 – https://www.citrix.com/blogs/2016/09/15/citrix-receiver-ready-for-ios-10/.
15. Finally be sure to check out and be aware of the list of known issues with XAD 7.11 release at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/whats-new/known-issues.html
* Microsoft Windows Server 2016 is currently still in TP and is not officially released as of writing this blog post.
For a completely detailed summary of what is avaiable in XAD 7.11 (Seven 11) check out – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/whats-new.html.
XenApp and XenDesktop 7.x.n (As of this blog post its 7.11) Features
https://www.citrix.com/go/products/xendesktop/feature-matrix.html
Quick upgrade guide to XenApp 7.11 and XenDesktop 7.11 by #Citrix #CTP @ervik
http://www.ervik.as/quick-upgrade-guide-to-xenapp-7-11-and-xendesktop-7-11/
Upgrading My Azure XAD 7.9 environment to XAD 7.11
Coming…
Installing a XAD 7.11 PoC environment on Azure
I have testing installing XAD 7.11 (Seven 11) onto Windows Server 2016 Technical Preview 5 or TP5 on Azure via the Azure Market Place – https://azure.microsoft.com/en-us/marketplace/?term=Windows+Server+2016+TP5. The CLEAN installation that I performed did not have any issues or errors however the when creating the machine catalog for Windows Server 2016 TP5 even installing the Server DVA 7.11 it will revert to recommended VDA release of 7.8 only so you have been warned!
Once Microsoft releases Windows Server 2016 officially I will follow-up with an overview of setting up and configuring XAD 7.11 on Windows Server 2016 hosted on Microsoft Azure.
Scheduled & Coming…
Citrix Acquires Norskale
Citrix has accquired you can read the full announcement at – https://www.citrix.com/blogs/2016/09/08/citrix-acquires-norskale-making-the-industrys-best-app-desktop-delivery-performance-even-better/.
Learn More
Srub to the following point 1.131.27 in the YouTube video below for an interview with a some of the Norskale Workspace Environment Manager team to learn more.
Think Workspaces not 1995?
The views expressed here are my own and do not necessarily reflect the views of Citrix
Why
We now live in a world or era that is always on, digitally connected and contextual.
Users demand the same if not a BETTER user experience (UX) in there workplace or workspace environment as there UX at home with on-demand content, fibre broadband e.t.c is simple, fast, efficient, rich with an HD experience.
Deploying a next generation workplace strategy today in 2016 and beyond is fundamentally as critical as e-mail, unified communications e.g Skype4B vs. deploying your IT infrastructure for business continuity purposes in the unlikely event that disaster strikes.
Comparing The Same Holiday 21yrs Apart
So you maybe thinking well I don’t really gain anything from deploying a next generation or workspace in 2016 right?
Here is one of my own personal comparisons or one of the many ways I describe my workspace which for me is a mobile workspace.
It’s 1995 your on holiday with friends and family at the seaside and you want to watch a video at your seaside holiday home so you goto the video store and browse the movies by genres, select a few and perhaps buy some popcorn (fav your choice of course) and then rent a TV along with the VHS player. You take it home plug it in and watch the first movie happy times! It’s time for a quick comfort break select another bag of popcorn before starting the second movie and sure enough your off in 10-15 min more happy times!
It’s now 2016 this time it’s you on holiday at the seaside with your own children and there friends but there is NO video store anymore or you just don’t care to go out so instead your checking for 3/4G or Wi-Fi connectivity and how good it is, which you sort out some how 🙂 and now your browse then stream a few movies from the movie store on your tablets in some app (kids vs. you) and within a few min the kids are quiet and your off to the kitchen to microwave some of their favourite popcorn which your previously bought on the way at the supermarket to your holiday destination which now also equals happy times!
Outcome
Ultimately both holidays provided that feel good feeling with different but Rich & also HD experiences for there respective times but in today’s world we need to allow users to be agile, dynamic in the way that they want to work but still provide that UX that meets the old workplace or holiday experience along with today’s new digital rich & HD experiences.
What am I saying here?*
You need to bridge the divide or gap so to speak between those comming into the workforce today vs. those exsiting by implmenting a *software-defined workplace to enable workspaces that blend the best of 1995 and 2016 experiences together but working together smarter e.g use secure electronic form apps powered by EMM with workflows on a tablet vs. paper based static print outs (http://thinkbeforeprinting.org/) with comments on the side of the paper or the back which is then scanned to be sent via e-mail at the office.
Now you can fill-in the electronic form over a cup of coffee with your customer along with other employees at their premises discussing how much faster this process now is vs. the paper based approach over the telephone while you were back in the office and then coming to visit them once they downloaded the e-mail and scanned attachment on dial-up the previous day!
You could also undercover new business while building a better and stronger customer relationship. Finally if my holiday comparison between 1995 vs. 2016 to embrace a workspace doesn’t make sense to you then I’d encourage you to watch the embedded video below.
Citrix Helps You Say Yes