Category Archives: Citrix Cloud

Understanding What’s New with the latest XenApp & XenDesktop 7.15 LTSR

The following content is a brief and unofficial prerequisites guide to setup, configure and test accessing secure by design virtual apps and desktops powered by XenApp & XenDesktop 7.15 prior to deploying a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
WEB INTERFACE – wif
LONG TERM SERVICE RELEASE – ltsr
CURRENT RELEASE – cr
FEDERATED AUTHENTICATION SERVICE – fas
SECURITY ASSERTION MARKUP LANGUAGE – saml
IDENTITY PROVIDER – idp
NETSCALER UNIFIED GATEWAY – nug
XENAPP – xa
PROVISIONING SERVICES – pvs
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
STOREFRONT – sf

What is the difference between LTSR vs. CR for XenApp & XenDesktop 7.x?
The Long Term Service Release (LTSR) program for XenApp and XenDesktop provides stability and long-term support for XenApp/XenDesktop releases while the Current Release (CR) provides customers with the very latest version of XenApp and XenDesktop which includes the latest innovations e.g EDT v2

XenApp & XenDesktop 7.15 LTSR Feature Summary Comparison with 7.6 LTSR
The following is a simple one PDF page document that lists all the feature capabilities from initial first LTSR which was XenApp & XenDesktop 7.6 Feature Pack (FP) 1-3 through to the current LTSR XAD 7.15 including the CR releases in-between so its absolutely worth booking marking in your browser or better yet download it to keep it to hand for customer conversations – https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/xenapp-xendesktop-715-ltsr-feature-summary-comparison-to-76-ltsr.pdf.

Noteworthy Points What’s New vs. Excluded
I’d very strongly recommend that your read the following CTX article – https://support.citrix.com/article/CTX205549 entitled “CTX205549 FAQ: XenApp, XenDesktop, and XenServer Servicing Options (LTSR)” and to ensure that you remain compliant post your update/migration to 7.15 LSTR you should download the “CTX209577 Citrix LTSR Assistanthttps://support.citrix.com/article/CTX209577

Its also worth noting the following that are classed as “Excluded Features/Components/OSes” from the XAD 7.15 LTSR but I’d like to stress PLEASE PLEASE refer for eDocs for full caveats vs. supporting statements at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/whats-new/7-15-ltsr-initial-release-.html+ and these listed notes are based upon the initial release however there is now a Cumulative Update 1 (CU1) already available so be sure to read through it as well at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/whats-new/cumulative-update-1.html.

OSes+
– Windows 2008 32-bit (for Universal Print Server)

Behavioural Changes
– Upgrading a XA 6.5 worker to a new 7.15 VDA is now slightly different and the detailed process is listed at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/upgrade-migrate/upgrade/upgrade-xenapp-6-5-to-vda.html and also be sure to review the XenApp 6.x Migration Tool at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/upgrade-migrate/xenapp-worker-upgrade.html and you review the migration tool by watching the embedded YouTube video below.

Finally while your planning your migration to XA 7.15 (FMA) from 6.5 (IMA) you will mostly likely be upgrading vs. migrating away from WIF so please be sure to read and how to migrate features to StoreFront from your WIF environment at – https://docs.citrix.com/en-us/storefront/3-12/migrate-wi-to-storefront.html. Equally I’d encourage any organisation reading this to review how-to setup and configure the “unified user experience” for Citrix Receiver vs. the Green Bubbles which will provide a much better experience for users you can enable it by quiet easily once you’ve read through the following article in eDocs at – https://docs.citrix.com/en-us/storefront/3-12/manage-citrix-receiver-for-web-site/unified-receiver-experience.html.
– Follow the supported leading best practises for upgrading the 7.15 LTSR by reviewing the following node within Citrix’s eDocs – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/upgrade-migrate/upgrade.html
– VDA installation failures for Win 10 N Editions that don’t include Microsoft Media Foundation can now be acknowledged via the installation GUI of the VDA vs. automated deployed (unattended) there is a new option “/no_mediafoundation_ack“.

Excluded Features & Compoments+
– HDX Graphics Mode – Framehawk
– StoreFront Citrix Online Integration
– AppDisks
– Personal vDisk is excl for Win 7, 10
– Load balancing of Session Recording which was an experimental feature in 7.14

What’s Deprecated in the 7.15 LSTR
A full list of what is deprecated is available at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/whats-new/removed-features.html and I am only going to list a few points that I believe of most interest to those whom read my blogs or if your just a Citrix SysAdmin vs. Consultant reading this blog post.

No VDA installations on Windows XP will be supported
– Flash Redirection ++Hello HTML5 GOODBYE Flash wahoo!
– Citrix Receiver for Web classic experience (“green bubbles” user interface) ++Oh YES double wahoo!
– VDAs on Desktop – Windows 10 version 1511 & Windows 7, 8.1 and for Server – Windows Server 2008 R2 and Windows Server 2012
Legacy Thinwire + DirectX Command Remoting (DCR) switch to Thinwire ECM or Adaptive Display v2 see – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/graphics/thinwire.html
– In-place upgrades of certain XAD infrastructure components aren’t supported!
– Studio on Windows 7
– Azure Classic support

++ Personal comment vs. note from the author of the post

XenApp and XenDesktop 7.15 LTSR baseline components
VDA for Desktop OS 7.15
VDA for Server OS 7.15
Delivery Controller 7.15
Citrix Studio 7.15
Citrix Director 7.15
Group Policy Management Experience 3.12
StoreFront 3.12
Provisioning Services (PVS) 7.15
Universal Print Server 7.15
Session Recording 7.15 (Platinum Edition only)
Linux VDA 7.15 (See the Linux VDA documentation for supported platforms)
Profile Management 7.15
Federated Authentication Service 7.15

7.15 LTSR Compatible Components and Platforms
AppDNA 7.15
Citrix SCOM Management Pack for License Server 1.2
Citrix SCOM Management Pack for Provisioning Services 1.19
Citrix SCOM Management Pack for StoreFront 1.12
Citrix SCOM Management Pack for XenApp and XenDesktop 3.13
HDX RealTime Optimization Pack 2.3
License Server 11.14.0 Build 21103
Workspace Environment Management 4.4
App Layering 4.3
Self-Service Password Reset 1.1

What’s New
– Machine Catalog’s functional level within your Site from 7.9 do not require an upgrade
– Machine Creation Services (MSC) now supports generation 2 VMs with Microsoft System Center Virtual Machine Manager SCVMM
– The FMA or 7.x version of Local Host Cache (LHC) is now enabled by default BUT note that if it was disabled from a prior release of the XAD 7.x then you need to enable it and disable Connection Leasing (CL) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-9/manage-deployment/connection-leasing.html which was initially introduced into the 7.x platform to provide a fallback if your SQL database connection was lost or unavailable until LHC was re-introduced in XAD 7.12 – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/manage-deployment/local-host-cache.html but was not enabled by default in the 7.12 release CL was primarily utilised.
– Director App Failure Monitoring – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/policies/reference/virtual-delivery-agent-policy-settings/monitoring-policy-settings.html#App_Failure_Policy_Settings

Security Leading Best Practises
– General Overview https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/best-practices.html.
– Securing your StoreFront 3.12 environment – https://docs.citrix.com/en-us/storefront/3-12/secure.html
– Standardise on a single organisation user identity platform e.g AAD by leveraging NetScaler + + StoreFront + FAS which can convert SAML vs. OAuth tokens into virtual smartcards per configured Store within StoreFront to then SSO a user onto there intended virtual apps & desktops without requiring to re-enter his/her in a directory username + password for that resource location (What’s this? Read – https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-resource-locations.html).
– Slightly obvious to an Citrix expert vs. Citrix Partner but its worth highlighting for newbies to Citrix virtualisation technologies is that XAD management provides Delegated Administration to manage just enough access for different members of the IT vs. compliance departments/business units to have just enough access to complete there daily vs. weekly vs. monthly activities vs. tasks – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/delegated-administration.html and for remote secure access to virtual apps & desktops you will need implement NetScaler Unified Gateway – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/storefront-netscaler.html which can also enable and allow your organisation to control authentication at the edge of your network e.g 2FA vs. MFA vs. using Biometrics with supported 3rd Citrix Ready solutions so check out – https://citrixready.citrix.com. Finally you can also engage with SmartAccess capabilties when fronting XAD for R/A with NUG so check out the following resources for NS 11.x.n – https://docs.citrix.com/en-us/netscaler-gateway/11/integrate-web-interface-apps/ng-smartaccess-wrapper-con/ng-smartaccess-xd-config-con.html and NS 12.x.n – https://docs.citrix.com/en-us/netscaler-gateway/12/integrate-web-interface-apps/ng-smartaccess-wrapper-con/ng-smartaccess-xd-config-con.html and there is also a CTX article entitled “CTX227055 Smart Access Guide for NetScaler Gateway, StoreFront and XenDesktop” to review at – https://support.citrix.com/article/CTX227055 and finally you can configure Pre-Authentication scans to check that the connecting end-point is compliant (Refer to VDI Handbook section below).
Enabling TLS or Transport Layer Security for ICA/HDX Session – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/tls.html for a detailed how-to from the first LTSR check out the following blog article at – https://www.citrix.com/blogs/2014/12/11/how-to-secure-ica-connections-in-xenapp-and-xendesktop-7-6-using-ssl/ or download the white paper entitled “Citrix XenApp and XenDesktop 7.6 LTSR FIPS 140-2 Sample Deployments” from – https://www.citrix.com/content/dam/citrix/en_us/documents/about/citrix-xenapp-and-xendesktop-76-fips-140-2-sample-deployments.pdf. During some research I also came across the following CTX article to disable TLS 1.0 for XAD 7.6 LTSR which may or may not be useful to you check out – https://support.citrix.com/article/CTX215447.
– How do I assign the right vs. relevant security or UX policy? Refer to the built-in policy templates which you can read at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/policies/policies-templates.html which include the same policy type for modern vs. legacy OSes.

Citrix VDI Handbook for the 7.15 LTSR
Recommended pages of interest to read from “Citrix VDI Best Practices for XenApp and XenDesktop 7.15 LTSR” – https://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/7-15-ltsr/downloads/Citrix%20VDI%20Handbook%207.15%20LTSR.pdf which I am commonly asked about so I thought it makes sense with the current LTSR to list them out here for everyone to focus on what is right vs. relevant for PoC’s e.t.c

– Page 11 which focus on CCS Methodology
– Page 32 Five-Layer Design Model and Conceptual Architectures for XAD environments
– Page 35-37 Site topology covering latency, bandwidth vs. number of users
– Page 50-52 covers StoreFront keywords to the behaviour of the delivery of virtual resoucres
– Page 52 Scaling vs. sizing of your StoreFront cluster
– Page 54 Calculate what NetScaler required SSL through-put however i’d strong recommended engage with your Citrix rep for leading best practise vs. guidance as this can/may differ dependant upon your choose appliance vs. firmware version.
– Page 58 Implement GSLB with HDX Optimised routing to ensure connecting users in a regional vs. global deployment connect to better NUG by proximity.
– Page 63 HDX Display Protocol
– Page 66- User Profile types for Local, Roaming, Mandatory & Hybrid vs. virtual apps & desktop chooses model
– Page 79 Built-in Policy templates to optimise the UX based upon your organisational requirements
– Page 88-93 vCPU/RAM/Storage I/O vs. User workload types light, medium and heavy
– Page 94-97 SQL database sizing vs. scaling 5K up to 15K including expected database growth
– Page 98-99 PVS SQL database guidance for suggested sizing
– Page 104 XAD Controller sizing vs. scaling per 5K users which also includes a calculation
– Page 105 LHC considerations if enabled to re-size your control infrastructure for XAD
– Page 107 Citrix Cloud connector sizing for 5K users in private vs. public cloud
– Page 113-116 SQL Database sizing
– Page 121-129 PVS Accelerator with XenServer
– Page 132-140 Hardware Formulas for sizing vs. scaling including GPU(s)

Deploying a XAD 7.15 LSTR PoC
Coming…

My 30 Days of Citrix SecureNotes

The views expressed here are my own and do not necessarily reflect the views of Citrix.

The past 30 days I thought I’d try a XenMobile secure app I’d honestly never really used before as I store my notes within a secure app which is only accessible from my Citrite Windows 7-10 virtual desktop. This blog is a summary of my views about using Citrix Secure Notes why I am now going to switch to Secure notes from my primary note taking app and its NOT a traditional noting taking app at all!. It is also worth mentioning that before I begin discussing Secure Notes I personally have never really found a note taking app that meets my personal requirements vs. DEMANDS maybe that is because I been doing personal/business web development with languages such as PHP, HTML(5), CSS, Javascript in my personal time since I was a teenage so prehaps I’m looking for something that looks vs. feels like something i’d develop one day? Who knows! For now I’ll leave this thought as it stands and back to Secure Notes!

I thought i first start off with a tour of Secure Notes followed on by my personal views and thoughts of using Citrix’s Secure Notes thereafter.

Tour of Secure Notes

1. You can login from a web browser at http://securenotes.citrix.com and if you want to sign-in via your organisations IdP select “Log in with my company credentials
2.Enter in your organisations ShareFile subdomain e.g MyOrgName
3. It will redirect you to you’re organisations IdP login where you will be prompted for a username + password and potentially another form of authentication like a receiving a telephone call, virtual token or asked to verify yourself using your biometric authentication.
4. Once you are signed in your can begin creating a note (secure website version of Secure Notes) by providing it a heading and then in the body text your notes or drag and drop pictures, tag your notes and assign it to a notebook (collection of notes perhaps by project vs. organisation vs. team meetings e.t.c), delete unwanted or irrelevant notes, set a reminder against a note, favourite the note or search of other notes that you’ve created.
5. Now you can see in this image that I have been using for sometime now its still less than 30 days but I’m using notebooks to assign my notes by partner, customer vs. major events and i’ve tagged selective notes that require a follow-up and then I remove tags once its completed.
6. I have switched to the Notebooks view from theAll Notes which organises your notes based upon your created notebooks in my case by customer, partner & events and then I assign my notes to these notebooks so i can easily navigate notes for example by a partner or just use the search filter (whats right vs. relevant to you).
7. All your notes are stored securely within your ShareFile personal folder, and if your using Drive Mapper with your Citrix virtual apps & desktops the path to see your notes is at – “S:\Personal Folders\WorxNotes.root” and it does not matter whether your creating your notes using the website version of Secure Notes at – http://securenotes.citrix.com or even if you create your notes using the secure XenMobile enabled app called “Secure Notes” which is available from the public app store for iOS – https://itunes.apple.com/us/app/citrix-secure-notes/id1157570015?mt=8 and Android – https://play.google.com/store/apps/details?id=com.citrix.note.droid&hl=en_GB and controlled by XenMobile MDX technology to stop cut, copy and paste. You can learn more about MDX by reading the XenMobile security white paper available at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security-understanding-the-technology-used-by-xenmobile.pdf.
8. If I now switch to a mobile world and I mean using a smart phone or tablet and for convenience sake I’ll be using the Secure Notes app I can see that I have the similar same capabilities and functionality vs. the secure website versions.
9. I can insert a picture, tag it, favourite it, set a reminder e.t.c but now I can record audio.
10. I can create my notes offline and when your back online it will sync your note(s) back up to ShareFile and you’ll notice the red cloud icon disappear.
11. Send your notes as an embedded message within Secure Mail body vs. PDF file attachment by selecting your preferred choice.

My Personal Views
Coming….

Lite Tech Overview of Secure Notes
Review all the features and caveat at – https://docs.citrix.com/en-us/xenmobile-apps/10/secure-notes.html

1. Currently only iOS 9-10, Android 5-8 phones BUT its not supported on Tablets!*
2. Selecting a storage location for your notes upon setting up the app your asked if your prefer to store your notes in Microsoft Exchange Server or for your Secure Notes + within a ShareFile StorageZone. You can provide users with a choice of both upon on-boarding within the Secure Notes app.
3. Once users have been setup the XenMobile Secure Hub agent can handle SSO or push the app to users whom have enrolled into XenMobile’s MDM.
4. Supported file formats include – *.M4A, *.JPEG, *.PNG, *.BMP, *.GIF, *.WebP for rich editing experience.

2017 UKI #CitrixPartnerLove Challenge #7 Stop the Difference

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://t.co/nqooPlWElw to print.

2017 UKI #CitrixPartnerLove Challenge #6 Traffic Flows

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://lnkd.in/dN74-97 to print.

My Best of #CitrixSynergy 2017

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
CITRIX USER GROUP COMMUNITY – cugc
HYPER CONVERGED INFRASTRUCTURE – hci

Introduction
Its my 5th #CitrixSynergy and this is def one of the best Synergy’s I have ever had the privilege of watching virtually from London, England. Why not in person? I prefer to watch virtually as I am to consume more content faster and translate that into content to update Citrix partners/customers in a timely manner at high level and tech deep dive where required in particular areas or topics. Finally this blog post will most likely change over the next 2-3 weeks as I consume all of the Synergy 2017 content as when/how I can.

My Highlights of the Key Notes
Vision Keynote

– 4:45 Citrix User Group Community – https://www.mycugc.org THANK YOU! Join the community today its powered by some of the most passionate Citrix and Technology advocates from around the global!
– 11:00 Red Bull Racing I’m not going to say anything you need to watch it!
– 21:45 Cloud powers the world
– 27:00 Digital Frontier Companies
– 39:00 Citrix Secure Digital Workspace with a software-defined preimeter
– 40:57 Citrix Workspace Services and a brief demonstration by Citrix’s CEO
– 42:25 SD-WAN / Gateway / WebApp Firewall / DDoS (NS 12+) as a Service
– 47:35 Citrix Analytics Service
– 1:01:00 “Better Together” and video message from Microsoft CEO Satya Nadella
– 1:12:25 Citrix + Google Chromebook (Skype for Business, Office365 and much more…)
– 1:18:00 Healthcare customer story “Partners Healthcare”

Technology Keynote

– 22:00 Unified Workspace (its Adaptive and Contextual by device/location and it changes the users published resources and its access type!) which brings together some of the most crucial aspects of todays modern apps, desktops, data & your location in a single view with casting capabilities but not demoed as instead instead*
– 29:00 *Workspace IoT (SmartSpaces) demonstration with a users own mobile phone enables an auto login to a Win 10 VD at guest location including welcoming the user based upon his/her smart phone used as there identity. Security people feel free or you will be going nuts right now!
– 32:30 Its all about layering you guessed it Citrix App Layer enabling IT to say YES! Note demo was demoed using a Samsung DEX check it out – https://www.citrix.com/blogs/2017/03/29/instant-desktop-computing-from-the-new-samsung-galaxy-s8-smartphone/
– 39:40 Workspace Appliance Program e.g HCI
– 42:35 Protect against Zero day attacks with XenServer and BitDefender which is available but is something which Citrix announced on 21/06/2016 yes thats right 2016 entitled “A Revolutionary Approach to Advanced Malware Protection” – https://www.citrix.com/blogs/2016/06/21/a-revolutionary-approach-to-advanced-malware-protection/ 21/06/2016 yes 2016!
– 47:00 Brad Anderson Corporate Vice President of the Enterprise Client & Mobility @Microsoft discusses shortly and then prefers to demonstrates our joint Citrix + Microsoft “Better Together” capabilities in Mobility, Virtualisation delivery from Azure and more.
– 1:01:38 Digital Jungle discussion its def worth your time if you about security and managing the experiences of your users workspace!
– 1:47:25 Vision of how the Digital Workspace is going to evolve

Citrix Synergy TV Breakout Sessions
The following are my current top sessions to watch in no particular order that I believe you’ll gain a lot of value out of watching BUT note that this may change as I continue to consume more of the on-demand content from Synergy 2017.

– SYN318 A to Z: best practices for delivering XenApp, XenDesktop – https://www.youtube.com/watch?v=jnnZTKBy18c&feature=youtu.be

– SYN111 – What’s new with Citrix Cloud and what’s to come – https://www.youtube.com/watch?v=C-UunHGKqLY

– SYN120 – NetScaler SD-WAN updates – https://www.youtube.com/watch?v=CdqIkCb86uU

– SYN103 – Citrix App Layering – https://www.youtube.com/watch?v=KBYoVeAYnSA

– SYN118 – What’s new with NetScaler ADC – https://www.youtube.com/watch?v=uMefjGwRMeU

– SYN121 – What’s new with NetScaler Unified Gateway – https://www.youtube.com/watch?v=-ovb4TIb5JY&t=28s

– SYN115 – Why should I use ShareFile if I already have Office 365? – https://www.youtube.com/watch?v=kESgKT7_mJw

Innovation Super Session
Awaiting for the on-demand video publication but for now I will leave you with the following Tweet as a thought or rather a reminder to make sure that you watch it if you missed it!

Synergy 2017 Advocates Blog Posts
Citrix Synergy 2017 – It’s a Wrap – See all the most important announcements listed here! By Christiaan Brinkhoff. – https://blog.infrashare.net/2017/05/29/citrix-synergy-2017-its-a-wrap-see-all-the-most-important-announcements-listed-here/

What’s New in XenApp & XenDesktop 7.13

The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop 7.13 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
SECURITY ASSERTION MARKUP LANGUAGE – saml
LOCAL HOST CACHE – lhc
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
WINDOWS – win
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
VIRTUAL DESKTOP – vd
CUSTOMER EXPERIENCE IMPROVEMENT PROGRAM – ceip
VIRTUAL APPS – va
DATA TRANSPORT LAYER – edt
FIREWALL – f/w
ACCESS CONTROL LISTS – acl
ADVANCED MICRO DEVICE – amd

What’s New
A full and complete list of what’s new is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/whats-new.html. I’ll start with one of my Citrix passions which is any and everything surrounding HDX technologies.

1. HDX Adaptive Transport is disabled by default in XAD 7.13* also referred to as EDT is a new HDX graphics mode that utilises both the UDP and TCP protocols with a fallback to TCP where UDP isn’t available. The HDX engineering team have engineered this new Citrix protocol called Enlightened Data Transport (EDT) which utilises the existing Citrix ports 1494 (ICA/HDX) and 2598 (Session Reliability) for both TCP and now new UDP so f/w ACL changes are near enough straight forward. To test this new graphics mode internally:

– Configure the ACL between your test end-point and through your internal network (over a VPN) VM running the 7.13 VDA to allow UDP and TCP for 1494, 2598
– Your test VM instance could be running in Azure (connected on-prem via a VPN) or on XenServer 7.1 and remember must be running the latest desktop or server VDA
– Your test end-point must be running the following min Citrix Receiver versions for Windows 4.7, Mac 12.4 and for iOS 7.2
– *In Studio create a machine catalogue, delivery group or use an existing one with your VDA upgraded from e.g 7.12 to 7.13 and then create a new HDX policy e.g HDX-TestofEDT and select the following HDX policy entitled “” and choose “Preferred“.

2. AMD Multiuser GPU (MxGPU e.g GPU Virtualization works with vSphere only) on the AMD FirePro S-series server cards for HDX 3D Pro workloads only e.g Desktop OSes ref – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/hdx/gpu-acceleration-desktop.html+ with support for up to 6 monitors, custom blanking & resolution, high frame rate and only GPU Pass-through is supported on the following hypervisors XenServer and Hyper-V. For further details please ref to the AMD website at – http://www.amd.com/en-us/solutions/professional/virtualization.

3. Intel Iris Pro (5-6th Gen Intel Xeon Processor E3) graphics processors supports H.264 h/w encoding for virtual apps & desktops, HDX 3D Pro support for up to 3x monitors (Ref to install options+), custom blanking & resolution, high frame rate. For further details and compatible Intel processors ref to – http://www.intel.com/content/www/us/en/servers/data-center-graphics.html

4. Other HDX enhancements include:

– Bidirectional content redirection – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/policies/reference/ica-policy-settings/bidirectional-content-redirection.html
– Wacom tablets improvements & connection methods – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/hdx/usb.html and also see http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/policies/reference/ica-policy-settings/usb-devices-policy-settings.html
– File copying performance enhancements for client drive mapping

5. StoreFront 3.9 support for the following below and for a closer look check out the following CTX blog article – https://www.citrix.com/blogs/2017/02/24/whats-new-in-storefront-3-9/

– HDX Adaptive Display
– CEIP automatic enrollment by default. To disable please ref to http://docs.citrix.com/en-us/storefront/3-9/install-standard.html#par_anchortitle_8ea6
– Importing of NUG configurations (ZIP file or via PowerShell) into StoreFront to setup through the XAD Wizard using the latest NetScaler UG 11.1.51.21+ ref – http://docs.citrix.com/en-us/storefront/3-9/integrate-with-netscaler-and-netscaler-gateway/import-netscaler-gateway.html to reduce and avoid misconfigurations.
– Not new but if you’re looking to security harden your StoreFront standalone or cluster ref to – http://docs.citrix.com/en-us/storefront/3-9/secure.html
– SAML auth through against your preferred Store with NetScaler Unified Gateway configured as your IdP – http://docs.citrix.com/en-us/storefront/3-9/configure-authentication-and-delegation/configure-authentication-service.html#par_anchortitle_d712

5. The Connection Quality Indicator is not part of the XAD 7.13 release but an invaluable Citrix tool for Citrix SysAdmins check out its capabilities at – https://www.citrix.com/blogs/2017/02/22/citrix-connection-is-slow-not-really/ and you can download it from – https://support.citrix.com/article/CTX220774 and it also inclues group policies for better SysAdmin controls to enable or disable the tool which is supported from XAD 7.6 LTSR and upwards ref the CTX220774 article. The below image is taken from a Window 10 virtual desktop powered by XenDesktop 7.x.

6. Linux Seamless published applications from a Linux supported OS using the 7.13 VDA – http://docs.citrix.com/en-us/linux-virtual-delivery-agent/7-13/whats-new.html and also please read the publishing apps for Linux at – http://docs.citrix.com/en-us/linux-virtual-delivery-agent/1-4/suse/configuring/publish-apps.html for advanced tips and guidance on seamless mode vs. window manger configuration.
7. LHC in 7.13 introduces a new support feature for brokering operations for Citrix Cloud when the internet connection between the Citrix Cloud Connector and the Citrix Cloud control plane at – https://citrix.cloud.com/ is in a failed state or unavailable due to an ISP outage. You can also force an outage following the documentation available at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/manage-deployment/local-host-cache.html++ by creating and manually modifying the following registry entry “HKLM\Software\Citrix\DesktopServer\LHC with entry of OutageModeForced” set to the value in the documentation++ to force an outage for testing and or evaluation purposes prior to implmenting Local Host Cache. I’ve embedded below a simple architectural recap of LHC introdcued in XAD 7.12 and you can read in more depth detail about Local Host Cache from a previous blog post available at – http://axendatacentre.com/blog/2016/12/13/whats-new-in-xenapp-xendesktop-7-12/.

Finally LHC still provides support for brokering operations for traditional XAD Controller Site Database on-prem ref ++. I’d also recommend that you watch this TechTalks To Go covering LHC in XAD 7.12 release.

8. Provisioning Services 7.13 now supports Linux streaming and a brand new caching technique only available and supported on XenServer 7.1 called PVS-Accelerator. Check the following YouTube video from Citrix entitled “Introducing PVS-Accelerator, only available with XenServer!” via https://twitter.com/juancitrix/status/835202277317148672.

9. HDX Thinwire enhancements in 7.13 have resulted in up to 60% bandwidth savings. Take a look at the following CTX blog post at – https://www.citrix.com/blogs/2017/01/11/hdx-next-cuts-bandwidth-by-up-to-60-yes-sixty-percent/ which has some great high level LoginVSI 4.1.6 graphics comparing Thinwire in 7.12 vs. 7.13 on Windows Server 2012 R2 and 2016.
10. AppDNA what’s new ref – http://docs.citrix.com/en-us/dna/7-13/whats-new.html now includes support for Windows 10 Anniversary Update (AU) and now defaultor analysis and reporting, Secure Web reports and finally improved importing to process to analysis OSes and apps. There are a few more to be sure to check out the whats news!

Deploying XenApp 7.13 for Evaluation & Testing Purposes
The fastest way to deploy and test the latest new features from Citrix XA 7.13 release with little to no effort is to deploy the “Citrix XenApp 7.13 Trial” from Microsoft Azure available and accessiable at – https://azuremarketplace.microsoft.com/en-us/marketplace/apps/citrix.citrix-xa?tab=Overview.

Removed from XenApp and XenDesktop 7.13
Please be sure to read and review the complete removed features and future removal features within XAD 7.x platform topics on Azure Classic, AppDisks, Desktop OS support and supported HDX Graphics Modes e.t.c –
https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/whats-new/removed-features.html.

Viso Stencils from Citrix’s Ask the Architect – https://twitter.com/djfeller for XenApp and XenDesktop 7.13.


Image credit: https://twitter.com/djfeller/status/836557405173477376

https://virtualfeller.com/2017/02/28/visioxenappxendesktop713/

Deploying & Understanding the NetScaler Gateway Service from Citrix Cloud

The following content is a brief and unofficial prerequisites guide to better understand NetScaler Gateway Service from Citrix Cloud test delivering virtual apps and desktops powered by XenApp & XenDesktop Service prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
NETSCALER GATEWAY SERVICE – nsg service or ngs
CITRIX CLOUD CONNECTOR – connector
NETSCALER – ns
HIGH-AVAILABILITY – h/a
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
CITRIX CLOUD – cc
INFRASTRUCTURE AS A SERVICE – iaas
VIRTUAL APPLIANCE – vpx
USER EXPERIENCE – ux
ICA PROXY – hdx proxy

Introduction & Overview
The NetScaler Gateway Service is a simple, clean. effortless and but most importantly a powerful way to demonstrate the power of Citrix Cloud by providing secure remote access to your HDX virtual apps and desktops from your resources location over the internet (https) securely. While this service is very very powerful & simple to implement and use, you should under the keep in-mind that NS VPX/MPX/SDX is fully featured vs. the NSG Service which is focused on delivery of HDX virtual apps & desktops! So in summary when implementing service undering what is right vs. relevant for the customer needs and requirements is very important. Finally you can read more about the service and its benefits at https://www.citrix.com/products/citrix-cloud/services.html.

+Enabling the NetScaler Gateway Service
1. Login to https://citrix.cloud.com
2. Select to Manage your XAD Service which will take you to https://xenapp.cloud.com/.
3. Select from the drop down menu “Service Delivery” which is beneath the top menu item displayed “Service Creation
4. Now Select to toggle “ON” and choose to use the NSG service (preferred for blog article only) or your own NetScaler (Unified) Gateway at your resource location and if you enable to the NSG Service you can choose to check the session reliability (2598) checkbox.

The UX
Users connect to https://.xendesktop.net and then login using there AD UPN domain credentials e.g lyndon-jon@x1co.eu and the user’s credentials are encrypted through-out the login process. User’s can equally choose between using a full Citrix Receiver (HDX Optimisation Pack 2.x.n for offloading Skype for Business 2015-2016) vs. HTML5 Receiver (HTML5 compliant internet browser) experience by selecting their username in the top right hand corner and selecting to “Change Receiver” to their preferred choice of Receiver. It also important to set the correct +HDX Policy to get the best UX that is good and balanced (backend vs. network vs. client connected device) so I’d suggest that you implement HDX Adaptive Display v2 by selecting the following policy entitled “Use video codec for compression” and select the following option “For actively changing regions” and thereafter tweak the frame rate and adjust the Thinwire color depth support as described at http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new.html#par_anchortitle_59c9 and you can also read more about benefits and a YouTUBE demostration on HDX Adaptive Display v2 at the following blog article I wrote in 2016 at – http://axendatacentre.com/blog/2016/10/01/foractivelychangingregions/.

HDX Traffic flow of the NSG Service
Please note that traffic flow is based upon the diagram avaiable at – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html as of Jan 2017.

1. User MUST login into cloud hosted StoreFront e.g https://.xendesktop.net. There credentials are securely handled please refer to – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html to understand the traffic follow.
2. Once the user has authenticated successfully he/she can select to launch a virtual app or desktop.
3. User connects to the NSG Service powered by Citrix Cloud
4. Traffic is securely brokered to the Connector in your resource location that is severing up the user’s selected virtual app or desktop or both from the server or desktop VDA.

Tech Overview of the NSG Service
1. The Citrix Cloud NetScaler Cloud Gateway service on your Connector allows and provides the secure remote access feature of the NSG Service from your chosen resource location. I have written a blog article about the Connector services and leading best practises which you can read at – http://axendatacentre.com/blog/2017/01/27/understanding-the-citrix-cloud-its-services-architecture-connectors/.
2. To ensure high availability you should always deploy at a min a pair of Connectors within your resource location and increase the compute capacity of your Connectors as user demand increases initially and thereafter deploy another Connector based upon usage of service.
3. *To use the NSG Service you MUST configure to use the cloud-hosted StoreFront provided by Citrix Cloud under “Service Delivery” tab at https://xenapp.cloud.com/delivery.
4. The NSG Service only supports HDX Traffic only and the service is currently only available on Eastern, Western coasts within the USA and in Europe so for those users accessing virtual apps and desktops via the NSG Service outside of these geos or not in close proximity to an entry point will experience higher latency so tweak your HDX policy(s)+ accordingly or deploy a NS VPX in your resource location.
5. ICA files are STA signed the below example is a small snippet from my own PoC and testing*. I have also intentionally scrammed some of the unreliable text to :-).

Sample ICA file
My Azure vDesktop $S19-38]
Address=;40;CWSSTA;9D09CE5552BDE4581E888CD87EEEEFC
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=5FFE184444B0A0
ClientAudio=On
ConnectionBar=1
DesiredColor=8
DesiredHRES=4294967295
DesiredVRES=4294967295
DesktopRestartAllowed=1
Domain=\78034E8888586B61

The NSG Service currently does not support and or is limited as of writing this blog article in Jan 2017 and based upon the embedded Twitter image – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html. Finally please remember that Citrix Cloud is consistently been updated and upgraded with new feature so please please refer to the online documentation and the service overview of Citrix Cloud even a day after posting the blog article as it may become out of date! You’ve been warned!

6. No support for Unified experiences (e.g Branding with your logo, colour scheme).
7. No support for Two Factor Authentication.
8. No support for authentication via outbound proxies for access outside of the resource location over the internet.

Citrix Cloud – NetScaler Gateway Service (NGS) Offering
You can find out more about the NGS subscription options which is avaiable at – https://www.citrix.com/products/citrix-cloud/subscriptions.html#tab-41499 and the service overview at – https://www.citrix.com/products/citrix-cloud/services.html#tab-23235

Understanding the Citrix Cloud, its Services, Architecture & Connectors (Draft)

The following content is a brief and unofficial prerequisites guide to better understand Citrix Cloud, Connector technology and the overall architecture required to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop Service prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
HIGH-AVAILABILITY – h/a
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
CITRIX CLOUD – cc
INFRASTRUCTURE AS A SERVICE – iaas
CITRIX CLOUD CONNECTOR – connector

The Three Primary Cloud Types (Draft Section)
Firstly i’d like to provide my definition of public, private vs. hybrid cloud and in my personal view things like SaaS, PaaS have naturally been spin out or off from IaaS e.g Public Cloud.

Public Cloud is whereby a ISP provides you with SPLA licensing (OS, Application, Service), compute, storage and network capabilities which in turn enables you to create your very own VM instances running in a virtual datacentre on the ISP’s h/w and example providers may include AWS, Azure, Google Cloud Platform e.t.c

Private Cloud is where you the organisation owns there own OS, Application or Service licenses as well as the physical hardware that allows you to create your own VM instances within your virtual datacentre. In this scenario the h/w is could (a) be purely Colocatied (Colocation) at ISP with or without managed services over and above the Colocation and example providers could include Rackspace, Qubems, Peer1 or (b) your h/w is hosted within your own custom and purpose built data centres facility or comms room dependant upon the organisations size and IT/Technology requirements.

Hybrid Cloud is when public and private clouds are connected securely over a IPSec R/A, L2L or SSL VPN connection.

What is and how Citrix Cloud works
Citrix Cloud is an evergreen, managed control plane from Citrix that provides the traditional Citrix management technologies to delivery e.g Virtual Apps & Desktops as Services thereby reducing overhaul management updates & upgrades. This means that Citrix is responsible for the availability of your Citrix management infrastructure in there Control Plane including ensuring that it is on the latest up to day and production version of e.g XAD to deliver DaaS and or virtual apps. Citrix customers and partners are responsible for what is known as a resource location which is where your apps, network and data resides and can exist in a public, private or hybrid cloud deployment scenario and each resource location is securely connected to the control plane using the Citrix Cloud Connector which initiates an outbound HTTPS connection so your completely in control of your apps, network & data within your resource location(s) at all times.

If I have not technically explained what is and how Citrix Cloud works successfully then please feel free to watch the below embedded YouTUBE video.

Please note that Citrix Workspace Cloud is now know as Citrix Cloud

Citrix Cloud Services as of Jan 2017
The following is my own technical spin/view of each of the Citrix services you can review the Citrix official view of each service at – https://www.citrix.com/products/citrix-cloud/services.html.

XenApp and XenDesktop Service – HDX virtual app & desktop delivery from any supported resource location running server/workstation VDA(s) while all the XenApp/XenDesktop mgmt infrastructure (Studio/Director) resides in your tenant/account at https://citrix.cloud.com.

XenMobile Service – Deploy Secure Apps (MAM), MDM to control your organisation devices with no need to deploy the XenMobile v/a even at your resource location all you need is either an IPSeC VPN tunnel or the Connector to enumerate users in AD to be assigned to delivery groups.

ShareFile Service – Follow-me data now controlled within one WebUI.

NetScaler Gateway Service – Provides a simple and easy deployment method to gain external remote access to virtual apps & desktops from your resource location(s) via the Citrix Cloud Connector.

Smart Tools Service previously Lifecycle Management – Design, build, automate, auto check & update your resource locations with Citrix validated blue prints.

Secure Browser Service – Provides a secure remote virtual browser(s) to access web (internal vs. external), SaaS apps from the Citrix Cloud with zero configuration, with only a link to access your published web apps via the HTML5 Receiver.

Citrix Cloud Labs – My personal favourite as this area of Citrix Cloud allows you get to test out some of the latest Citrix Innovations from our Labs team as services e.g AppDNA Express; Citrix Provisioning for Microsoft Office 365; IoT Automation; Citrix Launch for Microsoft Access; XenMobile MDX Service and Session Manager

Connector Architecture & Security
The following diagram depicts the H/A deployment of Citrix Cloud Connector for use with the XenApp and XenDesktop Service from Citrix Cloud. Please note that this is a simple architectural diagram that does not include a NetScaler in resource location so the assumption is that you users will connect to their virtual apps and desktops either from within the actual Resource Location or via the NetScaler Gateway service hosted and managed by Citrix Cloud. My personal preference is to leverage a NetScaler physical or virtual appliance within your resource location as the benefits of a NetScaler far exceed and go above and beyond that of a simple ICA Proxy gateway for XenApp/XenDesktop. Perhaps a follow-up blog article why I presume NetScaler in the resource location from my personal view point only or I may decide to update this blog article.

To better understand how to best secure or harden your Cirix Cloud implmentation and its services please refer to – http://docs.citrix.com/en-us/citrix-cloud/overview/get-started/secure-deployment-guide-for-the-citrix-cloud-platform.html for leading best practises, process & procedures and configuration requirements.

Citrix Cloud Connector
The following is deep dive overview of Citrix Cloud connector technology for all the services with the exception of the Smart Tools service which leverages its own connector which is used to check your Citrix workloads, scale up/down and or even build or tear down workloads in resource location(s) via blueprints.

Installation & Troubleshooting
You must download and only install the Citrix Cloud Connector for your resource location from “Identity and Access Management” that matched your domain forest, don’t mix and match these! The installation is fairly straight forward and simple as descriobed and outlined at http://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-connector/installation.html, once the installation completes wait for the connectvity test to pop-up and complete successfully prior to navigating back to Citrix Cloud to validate that the Connector has scuessfully registered with Citrix Cloud+.

You can also perform automated installation leveraging the following command line arguments when installing the Connector “CWCConnector.exe /q /Customer:Customer /ClientId:ClientId /ClientSecret:ClientSecret /ResourceLocationId:ResourceLocationId /AcceptTermsOfService:true.

Although the Connector communicates outbound on HTTPS 443 it make also require one or more of the following ports outbound only as described at – http://docs.citrix.com/en-us/citrix-cloud/overview/get-started/secure-deployment-guide-for-the-citrix-cloud-platform.html for one or more of the Citrix Cloud Services so please consultant the documenation for each Service carefuly for high security enviroments to ensure that the organisations firewall ACL’s for the PoC are correctly configured.

You can install hypervisor tools, anti-virus software (Tested as of 26/10/2016++ McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8) on your VM instances that have the Citrix Cloud Connector technology installed however it is not recommended to install any other software or unnecessary system services nor should you allow any domain users access unless they are a Domain or System administrator of the Citrix environment. In summary treat these Connectors as you would your XAD Controller(Broker).

The installation logs are available at “%LOCALAPPDATA%\Temp\CitrixLogs\CloudServicesSetup” and post the installation its consolidated to the following location “%ProgramData%\Citrix\WorkspaceCloud\InstallLogs“.

Understanding Credential Handling
Coming…http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html

Monitoring your Citrix Cloud Services
1. http://status.cloud.com/ is your friend and will provide you with vital up to date information about the Citrix Cloud platform (control plane or SaaS tier) and each of its Services e.g XenApp and XenDesktop Service or Smart Tools.
2. Monitor the following Connector services described below ++
3. The leading best practises is for the Citrix Cloud Connectors to not be offline longer than two weeks as the connectors are regularly updated from Citrix Cloud with the latest updates (Evergreen) which is why each resource location requires at a bare min 2x or a pair of Connectors.

Connectivity & High-Availability
The Citrix Cloud Connector firstly should always be implemented in pairs at a minimum within any resource location and installed onto either Windows Server 2012 R2 or 2016 AD joined VM instances. The connectors are stateless and brokering requests are load-balanced via Citrix Cloud to the connectors within your resource location(s) and if a connector does not respond the queued tasks are redistributed to the remaining connector(s). As the connectors are stateless this also means that they do store any mgmt configuration for Citrix Workloads at the resource location as this is held within the Citrix Cloud by the Service that you are utilising e.g XenApp and XenDesktop Service.

+If you setup a PoC with a single Connector it will probably display as amber for a period of time prior to turning green as you have only configured 1x Connector for your resource location. You can check your Connector status for your resource locations by navigating from https://citrix.cloud.com/ to https://citrix.cloud.com/identity and under “Domains” select your domain forest(s) and expand it and you can review your Connectors name e.g servername.dommain e.g connector1.x1co.eu and its status (red, amber or green).

The leading best practise for h/a at your resource location is for your Citrix Cloud Connectors to be implemented as N+1 for redundancy – – https://en.wikipedia.org/wiki/N%2B1_redundancy.

Logs & Services++ of the Connector
The Connector logs are stored at “C:\ProgramData\Citrix\WorkspaceCloud\Logs or use %ProgramData%\Citrix\WorkspaceCloud\Logs” for verifying ongoing communication and helping with troubleshooting. Once the log(s) size exceeds a certain threshold its deleted BUT Administrators are able to control the log retention size by adjusting the following entry in the Windows registry “HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CloudServices\AgentAdministration\MaximumLogSpaceMegabytes” to meet your organisations logging/auditing requirements.

The core four primary functions/roles of the Connector are Authentication, Proxy, Provisioning and Identity which are powered by the following Citrix Cloud services listed below (as of Jan 2017). You can view a detailed architecture technical diagram of the Connector under the XenApp and XenDesktop Service online documentation at – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html.

Connector Functions/Roles
For a more accurate diagram please check out – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html

Authentication Proxy Provisioning Identity
NetScaler
Unified Gateway
StoreFront
(Optional)

Hypervisor 
Server VDA
 Server 2012 R2, 2016
Desktop VDA
Windows 10

Active Directory, DNS

I’ll update this section with what each of the Connector services actually does

Citrix Cloud AD Provider
Citrix Cloud Agent Logger
Citrix Cloud System
Citrix Cloud WatchDog
Citrix Cloud Credential Provider
Citrix Cloud WebRelay Provider
Citrix Cloud Config Synchronizer Service
Citrix Cloud High Availability Service
Citrix Cloud NetScaler Cloud Gateway
Citrix Cloud Remote Broker Provider
Citrix Cloud Remote HCL Server
Citrix Cloud Session Manager Proxy

Citrix Cloud PoC Guide for the XenApp and XenDesktop Service
I have writen a fairly detailed blog article describing how-to deploy the XenApp and XenDesktop Service here.

Understanding XenApp & XenDesktop 7.12 and What’s New

The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop 7.12 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
LOCAL HOST CACHE – lhc
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
FLEXCAST MANAGEMENT ARCHITECTURE – fma
EXPERIENCE 1st – x1
INTERNAL – int
VIRTUAL DESKTOP – vd
VIRTUAL APPS – va
DATA TRANSPORT LAYER – edt

What’s New XenApp/XenDesktop 7.12
1. Yes it’s now avaiable & back “Local Host Cache” or LHC as it was most commonly reffered to previously and its back now within XAD 7.x Flexcast Mangagment Architecture (FMA) platform and everything you need to know is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/manage-deployment/local-host-cache.html* & https://www.citrix.com/blogs/2016/12/07/local-host-cache-for-fma/ but a few note worth points to mention below followed by an overview of LHC vs. Connection Leasing by a Citrix XenApp & XenDesktop PM Craig. I have also embedded a how-to enable below along with a basic and brief architectural overview of LHC in XAD 7.12 which is powered by FMA and not IMA which is for anything XA 6.5 and below.

N.B LHC is disabled by default to enable it open up PowerShell in Admin mode or launching a PowerShell session using Studio and enter in the following “Set-BrokerSite -LocalHostCacheEnabled $true -ConnectionLeasingEnabled $false” once the command completes execute the following cmdlet “Get-BrokerSite” and check that the following value of “LocalHostCacheEnabled” is set to “True“. Note that CL is now also disabled and both CL and LHC should not be running simultaneously together as this is not supported.
– VDAs re-register with the elected XAD controller (broker)
– Support for up to 5K VDA’s
– LHC services “High Availability Service” performs shadow copy of the control info that the XAD Controller requires and the “Configuration Sync Service” will sync control info/data.
– Adequately size your XAD controllers correctly to account for the compute load required during an outage, please ref to the “RAM size” and “CPU core and socket configuration” sections under “Design considerations and requirements” at LHC documentation at – *.
– LHC utilises Microsoft SQL Server Express LocalDB and is auto installed when you install the XAD 7.12 controller and is installed regardless of weather LHC it enabled or not.
– Local Host Cache is enabled if connection leasing was disabled before the upgrade vs. Local Host Cache is disabled if connection leasing was enabled before the upgrade.
– To force an outage to test LHC in your home lab or organisations test/uat environment on the XAD controller open regedit as a Admin navigate to HKLM\Software\Citrix\DesktopServer\LHC” thereafter create a registry key “OutageModeForced” and set the value to 1 to force an outage mode once you have completed your tests then revert the value to 0. I would suggest prior to attempting to perform this test place a load with a few test by active users for Server VDA based workloads (XenApp) to best understand how LHC works in a failure scenario.

2. Thinwire Compatible Mode 8-bit color depth support (7.12 VDA only otherwise fallback to 24-bit by default) which is configured by select the following HDX policies.

– “ Use video codec for compression” and ref to http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings/graphics-policy-settings.html#par_richtext_bc19 for a list of avaiable configurations please note that if configured for the entire screen then 8-bit is NOT SUPPORTED!
– “Preferred color depth for simple graphics” and select the “8-bit” value

3. HTML5 video redirection is now available for INT web sites (disabled by default) and can be enabled by configuring the “Windows Media Redirection” by referring to http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings/multimedia-policy-settings.html#par_richtext_5 and you also need require to add the following “JavaScript files are located in %Program Files%/Citrix/ICA Service/HTML5 Video of the VDA installer to your website” a sample external test web page can be found at the “HDX HTML5 video redirection test page at – https://www.citrix.com/virtualization/hdx/html5-redirect.html
4. Azure Hybrid Use Benefits support e.g enable or disable support for the Azure Hybrid Use Benefits (HUB).
5. Record sessions based on client IP addr or range, TLS 1.2 encryption during data transfer and finally highlight idle periods in Player
6. NetScaler UG now supports H/A of HDX Framehawk – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/hdx/framehawk.html with supported NS firmware builds for Framehawk which include 11.0.62 & 11.0.64.34 (+ preffered).
7. HDX Enlightened Data Transport (for evaluation only) or “EDT” – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings.html.

Very High Level Overview*

Adaptive Display
EDT
(Evaluation Only)
TCP
UDP
High Defintion eXperience (HDX 

– Only VDA’s configured with IPv4 addressing is supported
– Requirements XAD +VDA 7.12, StoreFront 3.8
UDP setup on 1494 and 2598 on the VDA remember this is typically TCP but now must also be for UDP
– Enable policy setting “HDX Enlightened Data Transport“. Remember its DISABLED by default and you can setup 3x values “Preferred” UDP data transport is used where possible with a fallback to TCP, “Diagnostic mode” forces a UDP data transports with a fallback to TCP & “Off meaning TCP is used & does’nt affect HDX RealTime”
– If you are evaluating this then please refer to the “Tech Preview of New Adaptive Transport in 7.12” forum at – http://discussions.citrix.com/forum/1663-tech-preview-of-new-adaptive-transport-in-712/
– Note when testing directly from eDoc’s “the new data transport layer (“EDT”) is allowed by default in Citrix Receiver for Windows, however, by default, it will only attempt to use EDT if the setting in the ICA file for HDXoverUDP is Preferred or On” also please ref to the notes relating to Receiver on Mac’s

You can learn more about this evaluation by reading the following blog posts – https://www.citrix.com/blogs/2016/12/14/overcoming-latency-to-serve-a-global-user-population/* and https://www.citrix.com/blogs/2016/12/08/take-a-look-under-the-hood-of-next-generation-hdx/ by Citrix’s HDX PM Derek.

8. You can very easily setup and try XenApp 7.12 in Microsoft Azure today via Azure Marketplace by searching for “XenApp 7.12” or click the following link – https://azure.microsoft.com/en-gb/marketplace/partners/citrix/citrix-xacitrix-xa-trial/ after signing into the Azure Portal at – https://portal.azure.com/.
9. Tagging with “App Groups” now provides the ability to a tag a VM(s) so that when published virtual apps in Application Group or virtual desktops in a Delivery Group are restricted to launch from VM(s) that have been tagged.

10. Advanced Reboot Schedules

11. In StoreFront 3.8 you can create multiple IIS sites and thereafter use the following PoSH cmdlet below to create a StoreFront deployment within your own IIS sites – http://docs.citrix.com/en-us/storefront/3-8/plan.html. What does this actually mean? You can host multiple RfW sites (stores) with each having its own domain name. In order to create your custom websites in IIS for your Stores and ReceiverforWeb firstly open up PowerShell using Studio (Simple way) then close Studio. Next you MUST ensure that NO other StoreFront MMC snap-in consoles are open within your StoreFront cluster and also on the individual Windows server (minimised) that you are setting up IIS sites. StoreFront will disable the mgmt console and displays a message. TIP: To learn how-to setup IIS sites/website please visit – https://support.microsoft.com/en-gb/kb/323972

– From your open PowerShell window enter in the following which will create a custom IIS site/website for virtual apps and one for virtual desktops
– Type “Add-STFDeployment -SiteID 1 -HostBaseURL “https://www.storefront.app.com”” (Virtual apps)
– Type “Add-STFDeployment -SiteID 2 -HostBaseURL “https://www.storefront.desktop.com”” (Virtual desktops)
– Type exit and close the Powershell window prior to opening up Studio or a StoreFront MMC snap-in on any server in the StoreFront cluster

12. Although this one is not strictly new to StoreFront 3.8 and XenApp/XenDesktop 7.12 its often an overlooked feature (For CTX SysAdmins) which is the ability to securely export and then re-import your entire StoreFront configuration including using PoSH credentials for (de)encryption of the backup configuration. To learn more please check out – http://docs.citrix.com/en-us/storefront/3-8/export-import-storefront-config.html and use the feature prior to any StoreFront upgrades or migrations.

Deprecation Forecast
I would strongly recommend that you review and understand the Deprecation forecast announcements made during the XenApp/XenDesktop 7.12 release which is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new.html#par_anchortitle_5da8.