Category Archives: XenApp and XenDesktop Service

Citrix Virtual Apps & Desktops or CVAD Service Migration Strategies

The path to operating from the Citrix Cloud Platform for Citrix Virtual Apps and Desktops often can appear like your need to climb to the summit of K2, this is purely because for IT its foreseen as another key yet, rapid IT Transformation project to solve a multitude of business and business IT challenges (its different organisation by organisation). I’ve therefore put together a simple blended digital doodle on this very topic highlighting some key learnings, leading practises from the field and my own thoughts and thinking on this very topic.

If you want to go deep or even get started on your own migration project today, then i strongly recommend that you read and review the “Proof of Concept: Automated Configuration Tool” available at – https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/citrix-automated-configuration.html, which covers off a step by step guide from installation to migration of on-premises CVAD configurations to the CVAD Service operating and run in the Citrix Cloud Platform – https://citrix.cloud.com. The following series of TechZone articles list at – https://docs.citrix.com/en-us/tech-zone.html#citrix-virtual-apps-and-desktops will also add value in your pivot to the CVAD Service.

If you have the right subscription access at https://training.citrix.com, then you can also complete the following on-demand eLearning course “eCWS-2014 | Automated Configuration Tool for Virtual Apps and Desktops” – https://training.citrix.com/elearning/coursequests/1/quest/184, which took me around 45 minutes to complete.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Citrix Workspace app is released Hello World

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Introduction
What is Citrix Workspace app? It brings together all your LOB tools which in todays modern world consists of (virtual/micro/installed/mobile) apps, SaaS, desktops & content. I’ve embedded a sample of what this actually looks like below.

Overview
The new Citrix Workspace app way more than purely an upgrade of Citrix Receiver e.g grey to blue icon and a skin change, this NEW Citrix client app release is simply extraordinary, working for Citrix I can be considered bias however once you actually begin to consume the Citrix Workspace app you’ll understand exactly what I mean. Citrix Workspace app is for me all about an experience, and that experience is extraordinarily AWESOME! As I begin consuming my LOB (Line of Business) tools wherever I am + want and in a setting/context that suites me (home, Paddington vs. partner offices, trains, taxi e.t.c) the chosen LOB tool delivered context can change dependant upon criteria (I won’t be covering this today) or how IT (say YES!) has chosen to deliver the LOB tool through Citrix Access Control Service – https://docs.citrix.com/en-us/citrix-cloud/access-control/get-started.html.

I now have all my content available all in the same AWESOME app thank you Citrix Content & Collaboration aka ShareFile. I can upload, download and even favourite particular content e.g “L-J’s H1/2 Citrix Partner Tech Super Deck” which is then available directly from the home view/tab. In the below example I am uploading the LeasePlan Citrix SD-WAN case study – https://www.citrix.co.uk/customers/leaseplan-en.html and the actual video is available at – https://www.youtube.com/watch?v=4Hq-yryxfS0 take a look and remember to listen to the outcomes Citrix SD-WAN provides LeasePlan.

How do I get started today?
Firstly I will do a more detail blog post on getting it all up and running with use cases time dependant of course.

1.Start by navigating to https://docs.citrix.com/en-us/citrix-workspace-app.html and then goto Citrix.com and login with your access details, next navigate to https://www.citrix.com/downloads/workspace-app/ and download Citrix Workspace app for your chosen end-point. If you are running a TP of Citrix Workspace app code base please UNINSTALL it prior to installing the GA production code base as a few community individuals I know had issues upgrading from TP code base. I would like to state for the record I upgraded from PRODUCTION Citrix Receiver to the Citrix Workspace app for Mac 1808 on my Mac without ANY issues see below tweet.

2. Please carefully read the System Requirements for your chosen platform here is the link for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/system-requirements.html and Windows https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/system-requirements.html.

3. Review the installation guidance for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/install-configure.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html.

4. Please carefully read the configuration of Workspace app for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/configure.html
and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html e.t.c. for other platform and if you are looking for multi-monitor support or Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/improve-user-experience.html#using-multiple-monitors for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/improve.html#multi-monitor-support, and securing communications between Workspace app and your StoreFront for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/secure-communications.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication.html (Pay attention to deprecated cipher suites node) and finally if your are you a Smart Card user pay attention to the recitations at the bottom of both docs for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/requirements-for-smartcard-authentication.html and for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/authentication/config-smart-card.html and for WIF 5.4 (yes I know really however some of you still may need it while your upgrading to XAD 7.x platform) https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication/config-smart-card–for-web-interface.html.

5. Sign-up vs. Login to Citrix Cloud today and trial vs. acquire a Citrix Cloud service e.g ShareFile Service or the XAD Service and if you want to aggregate on-premises LOB apps into the new Citrix Workspace experience then setup “Site Aggregation” today. To learn how please read this CTXS blog post and watch the embedded YouTUBE video which provides a how-to overview at – https://www.citrix.com/blogs/2018/08/03/site-aggregation-for-citrix-workspace-is-now-ga/.

Thats all folks for now on the technical overview its brief I know so I will follow-up in future with more detailed overview + how-to e.t.c either here or on the https://www.mycugc.org website in the experts area.

Upgrading to Citrix Workspace from Citrix Receiver for smart devices

In Closing
I work for Citrix, I have been a Citrix + IaaS advocate for well over a decade (now SD-WAN swell) so I am mostly likely bias you’ll think however Citrix Workspace app is truly AWESOME and way more than what you see at a glance, I encourage you all to begin consuming it today to see for yourself just what I am talking about and why I personally say its “AWESOME“.

Citrix Innovation Award Finalists for #CitrixSynergy 2018

Its that time of the year where you Citrix customers, partners can vote for your favourite Citrix Innovation Award Finalist.

This year see’s a great mixture of customers in different markets all leveraging Citrix technologies as the enabler for transformation within there organisations to embrace a new way of working or #ThisIsHowTheFutureWorks powered by Citrix Networking, Workspace and Security & Platform Analytics from https://www.cloud.com/.

I would encourage you to watch all three videos describing there journey before casting your vote as there is some really great innovation happening within these Citrix customers and if you want to get started visit https://www.citrix.com or https://www.cloud.com/ today.

Beazley from the UK – Insurance

Quote “A new mindset to work wherever I am, because I have the tools that Citrix provides and Beazley…” – @dalesteggles

Health Choice Network, US – Healthcare

WAGO, Germany – Engineering

All the very best to this years Finalists.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Session Watermarking for App & Desktop Security by Citrix XenApp & XenDesktop 7.17 or #CitrixCloud

The following content is a brief and unofficial prerequisites guide to setup, configure and deploy Session Watermark policy feature with the XenApp & XenDesktop Service (April 2018) or XenApp & XenDesktop 7.17 on-premises prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
SECURITY – sec
NETSCALER – ns
NETSCALER GATEWAY SERVICE – nsg service
WINDOWS – win
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad

Introduction to “Session Watermark”
The latest release of the XenApp & XenDesktop Service powered by Citrix Cloud or if you are performing a private cloud (on-premises) upgrade or net new installation of XenApp & XenDesktop 7.17 has some NEW features (another post brewing) and one that I have been waiting on for quiet sometime now has not finally arrived (WAHOO!) and its VERY VERY simple to configure and aids in improving your security posture (I believe) for delivery of apps & desktops powered by Citrix against e.g IP theft. In the below tweet can you see it?

The above is from my initial tests using a Windows Server 2016 VM hosted in Azure Northern Europe region running the 7.17 VDA configured to my Citrite #CitrixCloud XenApp & XenDesktop Service so I did not need to upgrade anything to get this new SHINY cool feature yes I said it SHINY. All I was required to do was deploy a new Windows Server 2016 VM from the Azure marketplace, domain join it, install the VDA and connect it to my Cloud Connector and I was ready in less than 25 minutes from initially deploying the VM from the marketplace.

Finally on a personal note for me Citrix SysAdmins enabling the “Session Watermark” feature obviously initally tested in a safe environment e.g UAT with a few users from a couple of departments and then rolling it out into production (as when/how your ready) will be making IT the modern “App & Desktop Security Heroes“. IT can apply and configure these new policies to be the most right vs. relevant for your organisations security needs while not hindering the end-users Rich HD eXperience.

Session Watermark Policies
You have 8 watermarking policies to apply with the 9th one enabling this security capability or feature set with the following list of quirks, suggested policy configuration and more available at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/policies/reference/ica-policy-settings/session-watermark-policy-setting.html.

Before we get started it is worth mentioning that this feature does add an overhead to the compute on the backend (VDA side) and therefore it is suggested to enable up to two water marking features or items. In my overview of this feature I will wont cover off the cost of implementing this security policy as there are multiple variables to consider e.g HDX Graphics Mode and associated policies to provide the right vs. relevant end-user experience vs. how many watermark items do I apply? I have begun testing so bare with me and I’ll publish my findings either on my personal blog here or on https://www.mycugc.org under the “Expert Insights” area.

Enable session watermark
By default this feature is DISABLED as the default behaviour which I believe is the right approach considering its Citrix’s initial release of this #security feature (in my personal view) and secondly online documentation at eDocs suggested recommendations it to enable NOT more than two watermark text items. Finally * indicates that this policy is DISABLED by default when Session Watermark is enabled.

Include client IP address
* This is the IP addr of the device connecting to the virtual app & desktop.

Include connection time
* Utilises the following format yyyy/mm/dd hh:mm to display the users initial connection time to there virtual app or desktop.

Include logon user name
ENABLED by default when you enable Session Watermark as a policy and uses the following format USERNAME@DOMAINNAME is most optimise for 20 characters or less otherwise truncation might occur of the users logon username.

Include VDA host name
ENABLED by default when you enable Session Watermark as a policy and provides the VDA hostname e.g ne1vad01

Include VDA IP address
* Provides the internal IP addr that corresponding the VDA’s hostname e.g ne1vad01 = 10.1.0.7

Session watermark style
ENABLED by default using “Multiple e.g displays five watermark labels” when you enable Session Watermark as a policy or you can configure “Single e.g displays a single watermark label in the centre of the session“. TIP switching to SINGLE and sticking to two watermark text items for me in my initial tests is a good starting policy however time will tell as I continue to test out this new feature and its capabilities with different HDX Graphics Modes and associated tweaks.

Watermark custom text
* A unicode maximum of 25 characters is supported if you exceed this limit it will be truncated.

Watermark transparency
ENABLED by default set to “17 out of 100” when you enable Session Watermark as a policy, personally I think setting it to just 1 is fine in my initial tests as you want it to be not so in your face to the end-users to be bluntly honest.

Understanding What’s New with the latest XenApp & XenDesktop 7.15 LTSR

The following content is a brief and unofficial prerequisites guide to setup, configure and test accessing secure by design virtual apps and desktops powered by XenApp & XenDesktop 7.15 prior to deploying a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
WEB INTERFACE – wif
LONG TERM SERVICE RELEASE – ltsr
CURRENT RELEASE – cr
FEDERATED AUTHENTICATION SERVICE – fas
SECURITY ASSERTION MARKUP LANGUAGE – saml
IDENTITY PROVIDER – idp
NETSCALER UNIFIED GATEWAY – nug
XENAPP – xa
PROVISIONING SERVICES – pvs
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
STOREFRONT – sf

What is the difference between LTSR vs. CR for XenApp & XenDesktop 7.x?
The Long Term Service Release (LTSR) program for XenApp and XenDesktop provides stability and long-term support for XenApp/XenDesktop releases while the Current Release (CR) provides customers with the very latest version of XenApp and XenDesktop which includes the latest innovations e.g EDT v2

XenApp & XenDesktop 7.15 LTSR Feature Summary Comparison with 7.6 LTSR
The following is a simple one PDF page document that lists all the feature capabilities from initial first LTSR which was XenApp & XenDesktop 7.6 Feature Pack (FP) 1-3 through to the current LTSR XAD 7.15 including the CR releases in-between so its absolutely worth booking marking in your browser or better yet download it to keep it to hand for customer conversations – https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/xenapp-xendesktop-715-ltsr-feature-summary-comparison-to-76-ltsr.pdf.

Noteworthy Points What’s New vs. Excluded
I’d very strongly recommend that your read the following CTX article – https://support.citrix.com/article/CTX205549 entitled “CTX205549 FAQ: XenApp, XenDesktop, and XenServer Servicing Options (LTSR)” and to ensure that you remain compliant post your update/migration to 7.15 LSTR you should download the “CTX209577 Citrix LTSR Assistanthttps://support.citrix.com/article/CTX209577

Its also worth noting the following that are classed as “Excluded Features/Components/OSes” from the XAD 7.15 LTSR but I’d like to stress PLEASE PLEASE refer for eDocs for full caveats vs. supporting statements at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/whats-new/7-15-ltsr-initial-release-.html+ and these listed notes are based upon the initial release however there is now a Cumulative Update 1 (CU1) already available so be sure to read through it as well at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/whats-new/cumulative-update-1.html.

OSes+
– Windows 2008 32-bit (for Universal Print Server)

Behavioural Changes
– Upgrading a XA 6.5 worker to a new 7.15 VDA is now slightly different and the detailed process is listed at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/upgrade-migrate/upgrade/upgrade-xenapp-6-5-to-vda.html and also be sure to review the XenApp 6.x Migration Tool at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/upgrade-migrate/xenapp-worker-upgrade.html and you review the migration tool by watching the embedded YouTube video below.

Finally while your planning your migration to XA 7.15 (FMA) from 6.5 (IMA) you will mostly likely be upgrading vs. migrating away from WIF so please be sure to read and how to migrate features to StoreFront from your WIF environment at – https://docs.citrix.com/en-us/storefront/3-12/migrate-wi-to-storefront.html. Equally I’d encourage any organisation reading this to review how-to setup and configure the “unified user experience” for Citrix Receiver vs. the Green Bubbles which will provide a much better experience for users you can enable it by quiet easily once you’ve read through the following article in eDocs at – https://docs.citrix.com/en-us/storefront/3-12/manage-citrix-receiver-for-web-site/unified-receiver-experience.html.
– Follow the supported leading best practises for upgrading the 7.15 LTSR by reviewing the following node within Citrix’s eDocs – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/upgrade-migrate/upgrade.html
– VDA installation failures for Win 10 N Editions that don’t include Microsoft Media Foundation can now be acknowledged via the installation GUI of the VDA vs. automated deployed (unattended) there is a new option “/no_mediafoundation_ack“.

Excluded Features & Compoments+
– HDX Graphics Mode – Framehawk
– StoreFront Citrix Online Integration
– AppDisks
– Personal vDisk is excl for Win 7, 10
– Load balancing of Session Recording which was an experimental feature in 7.14

What’s Deprecated in the 7.15 LSTR
A full list of what is deprecated is available at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/whats-new/removed-features.html and I am only going to list a few points that I believe of most interest to those whom read my blogs or if your just a Citrix SysAdmin vs. Consultant reading this blog post.

No VDA installations on Windows XP will be supported
– Flash Redirection ++Hello HTML5 GOODBYE Flash wahoo!
– Citrix Receiver for Web classic experience (β€œgreen bubbles” user interface) ++Oh YES double wahoo!
– VDAs on Desktop – Windows 10 version 1511 & Windows 7, 8.1 and for Server – Windows Server 2008 R2 and Windows Server 2012
Legacy Thinwire + DirectX Command Remoting (DCR) switch to Thinwire ECM or Adaptive Display v2 see – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/graphics/thinwire.html
– In-place upgrades of certain XAD infrastructure components aren’t supported!
– Studio on Windows 7
– Azure Classic support

++ Personal comment vs. note from the author of the post

XenApp and XenDesktop 7.15 LTSR baseline components
VDA for Desktop OS 7.15
VDA for Server OS 7.15
Delivery Controller 7.15
Citrix Studio 7.15
Citrix Director 7.15
Group Policy Management Experience 3.12
StoreFront 3.12
Provisioning Services (PVS) 7.15
Universal Print Server 7.15
Session Recording 7.15 (Platinum Edition only)
Linux VDA 7.15 (See the Linux VDA documentation for supported platforms)
Profile Management 7.15
Federated Authentication Service 7.15

7.15 LTSR Compatible Components and Platforms
AppDNA 7.15
Citrix SCOM Management Pack for License Server 1.2
Citrix SCOM Management Pack for Provisioning Services 1.19
Citrix SCOM Management Pack for StoreFront 1.12
Citrix SCOM Management Pack for XenApp and XenDesktop 3.13
HDX RealTime Optimization Pack 2.3
License Server 11.14.0 Build 21103
Workspace Environment Management 4.4
App Layering 4.3
Self-Service Password Reset 1.1

What’s New
– Machine Catalog’s functional level within your Site from 7.9 do not require an upgrade
– Machine Creation Services (MSC) now supports generation 2 VMs with Microsoft System Center Virtual Machine Manager SCVMM
– The FMA or 7.x version of Local Host Cache (LHC) is now enabled by default BUT note that if it was disabled from a prior release of the XAD 7.x then you need to enable it and disable Connection Leasing (CL) https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-9/manage-deployment/connection-leasing.html which was initially introduced into the 7.x platform to provide a fallback if your SQL database connection was lost or unavailable until LHC was re-introduced in XAD 7.12 – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/manage-deployment/local-host-cache.html but was not enabled by default in the 7.12 release CL was primarily utilised.
– Director App Failure Monitoring – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/policies/reference/virtual-delivery-agent-policy-settings/monitoring-policy-settings.html#App_Failure_Policy_Settings

Security Leading Best Practises
– General Overview https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/best-practices.html.
– Securing your StoreFront 3.12 environment – https://docs.citrix.com/en-us/storefront/3-12/secure.html
– Standardise on a single organisation user identity platform e.g AAD by leveraging NetScaler + + StoreFront + FAS which can convert SAML vs. OAuth tokens into virtual smartcards per configured Store within StoreFront to then SSO a user onto there intended virtual apps & desktops without requiring to re-enter his/her in a directory username + password for that resource location (What’s this? Read – https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-resource-locations.html).
– Slightly obvious to an Citrix expert vs. Citrix Partner but its worth highlighting for newbies to Citrix virtualisation technologies is that XAD management provides Delegated Administration to manage just enough access for different members of the IT vs. compliance departments/business units to have just enough access to complete there daily vs. weekly vs. monthly activities vs. tasks – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/delegated-administration.html and for remote secure access to virtual apps & desktops you will need implement NetScaler Unified Gateway – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/storefront-netscaler.html which can also enable and allow your organisation to control authentication at the edge of your network e.g 2FA vs. MFA vs. using Biometrics with supported 3rd Citrix Ready solutions so check out – https://citrixready.citrix.com. Finally you can also engage with SmartAccess capabilties when fronting XAD for R/A with NUG so check out the following resources for NS 11.x.n – https://docs.citrix.com/en-us/netscaler-gateway/11/integrate-web-interface-apps/ng-smartaccess-wrapper-con/ng-smartaccess-xd-config-con.html and NS 12.x.n – https://docs.citrix.com/en-us/netscaler-gateway/12/integrate-web-interface-apps/ng-smartaccess-wrapper-con/ng-smartaccess-xd-config-con.html and there is also a CTX article entitled “CTX227055 Smart Access Guide for NetScaler Gateway, StoreFront and XenDesktop” to review at – https://support.citrix.com/article/CTX227055 and finally you can configure Pre-Authentication scans to check that the connecting end-point is compliant (Refer to VDI Handbook section below).
Enabling TLS or Transport Layer Security for ICA/HDX Session – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/tls.html for a detailed how-to from the first LTSR check out the following blog article at – https://www.citrix.com/blogs/2014/12/11/how-to-secure-ica-connections-in-xenapp-and-xendesktop-7-6-using-ssl/ or download the white paper entitled “Citrix XenApp and XenDesktop 7.6 LTSR FIPS 140-2 Sample Deployments” from – https://www.citrix.com/content/dam/citrix/en_us/documents/about/citrix-xenapp-and-xendesktop-76-fips-140-2-sample-deployments.pdf. During some research I also came across the following CTX article to disable TLS 1.0 for XAD 7.6 LTSR which may or may not be useful to you check out – https://support.citrix.com/article/CTX215447.
– How do I assign the right vs. relevant security or UX policy? Refer to the built-in policy templates which you can read at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/policies/policies-templates.html which include the same policy type for modern vs. legacy OSes.

Citrix VDI Handbook for the 7.15 LTSR
Recommended pages of interest to read from “Citrix VDI Best Practices for XenApp and XenDesktop 7.15 LTSR” – https://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/7-15-ltsr/downloads/Citrix%20VDI%20Handbook%207.15%20LTSR.pdf which I am commonly asked about so I thought it makes sense with the current LTSR to list them out here for everyone to focus on what is right vs. relevant for PoC’s e.t.c

– Page 11 which focus on CCS Methodology
– Page 32 Five-Layer Design Model and Conceptual Architectures for XAD environments
– Page 35-37 Site topology covering latency, bandwidth vs. number of users
– Page 50-52 covers StoreFront keywords to the behaviour of the delivery of virtual resoucres
– Page 52 Scaling vs. sizing of your StoreFront cluster
– Page 54 Calculate what NetScaler required SSL through-put however i’d strong recommended engage with your Citrix rep for leading best practise vs. guidance as this can/may differ dependant upon your choose appliance vs. firmware version.
– Page 58 Implement GSLB with HDX Optimised routing to ensure connecting users in a regional vs. global deployment connect to better NUG by proximity.
– Page 63 HDX Display Protocol
– Page 66- User Profile types for Local, Roaming, Mandatory & Hybrid vs. virtual apps & desktop chooses model
– Page 79 Built-in Policy templates to optimise the UX based upon your organisational requirements
– Page 88-93 vCPU/RAM/Storage I/O vs. User workload types light, medium and heavy
– Page 94-97 SQL database sizing vs. scaling 5K up to 15K including expected database growth
– Page 98-99 PVS SQL database guidance for suggested sizing
– Page 104 XAD Controller sizing vs. scaling per 5K users which also includes a calculation
– Page 105 LHC considerations if enabled to re-size your control infrastructure for XAD
– Page 107 Citrix Cloud connector sizing for 5K users in private vs. public cloud
– Page 113-116 SQL Database sizing
– Page 121-129 PVS Accelerator with XenServer
– Page 132-140 Hardware Formulas for sizing vs. scaling including GPU(s)

Deploying a XAD 7.15 LSTR PoC
Coming…

What Citrix Receiver & HDX Optimisation Pack should I deploy?
You should consider reviewing and if fit for purpose for your organisation implement the Windows 4.9 LTSR Citrix Receiver version – https://docs.citrix.com/en-us/receiver/windows/4-9.html along with if you utilise Skype for Business for UC the LTSR of the HDX Optimisations Pack – https://docs.citrix.com/en-us/hdx-optimization/2-4-ltsr.html and you can find out more information about the lifecycle at – https://support.citrix.com/article/CTX200466.

2017 UKI #CitrixPartnerLove Challenge #7 Stop the Difference

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://t.co/nqooPlWElw to print.

2017 UKI #CitrixPartnerLove Challenge #6 Traffic Flows

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://lnkd.in/dN74-97 to print.

Deploying & Understanding the NetScaler Gateway Service from Citrix Cloud

The following content is a brief and unofficial prerequisites guide to better understand NetScaler Gateway Service from Citrix Cloud test delivering virtual apps and desktops powered by XenApp & XenDesktop Service prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
NETSCALER GATEWAY SERVICE – nsg service or ngs
CITRIX CLOUD CONNECTOR – connector
NETSCALER – ns
HIGH-AVAILABILITY – h/a
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
CITRIX CLOUD – cc
INFRASTRUCTURE AS A SERVICE – iaas
VIRTUAL APPLIANCE – vpx
USER EXPERIENCE – ux
ICA PROXY – hdx proxy

Introduction & Overview
The NetScaler Gateway Service is a simple, clean. effortless and but most importantly a powerful way to demonstrate the power of Citrix Cloud by providing secure remote access to your HDX virtual apps and desktops from your resources location over the internet (https) securely. While this service is very very powerful & simple to implement and use, you should under the keep in-mind that NS VPX/MPX/SDX is fully featured vs. the NSG Service which is focused on delivery of HDX virtual apps & desktops! So in summary when implementing service undering what is right vs. relevant for the customer needs and requirements is very important. Finally you can read more about the service and its benefits at https://www.citrix.com/products/citrix-cloud/services.html.

+Enabling the NetScaler Gateway Service
1. Login to https://citrix.cloud.com
2. Select to Manage your XAD Service which will take you to https://xenapp.cloud.com/.
3. Select from the drop down menu “Service Delivery” which is beneath the top menu item displayed “Service Creation
4. Now Select to toggle “ON” and choose to use the NSG service (preferred for blog article only) or your own NetScaler (Unified) Gateway at your resource location and if you enable to the NSG Service you can choose to check the session reliability (2598) checkbox.

The UX
Users connect to https://.xendesktop.net and then login using there AD UPN domain credentials e.g lyndon-jon@x1co.eu and the user’s credentials are encrypted through-out the login process. User’s can equally choose between using a full Citrix Receiver (HDX Optimisation Pack 2.x.n for offloading Skype for Business 2015-2016) vs. HTML5 Receiver (HTML5 compliant internet browser) experience by selecting their username in the top right hand corner and selecting to “Change Receiver” to their preferred choice of Receiver. It also important to set the correct +HDX Policy to get the best UX that is good and balanced (backend vs. network vs. client connected device) so I’d suggest that you implement HDX Adaptive Display v2 by selecting the following policy entitled “Use video codec for compression” and select the following option β€œFor actively changing regions” and thereafter tweak the frame rate and adjust the Thinwire color depth support as described at http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new.html#par_anchortitle_59c9 and you can also read more about benefits and a YouTUBE demostration on HDX Adaptive Display v2 at the following blog article I wrote in 2016 at – http://axendatacentre.com/blog/2016/10/01/foractivelychangingregions/.

HDX Traffic flow of the NSG Service
Please note that traffic flow is based upon the diagram avaiable at – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html as of Jan 2017.

1. User MUST login into cloud hosted StoreFront e.g https://.xendesktop.net. There credentials are securely handled please refer to – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html to understand the traffic follow.
2. Once the user has authenticated successfully he/she can select to launch a virtual app or desktop.
3. User connects to the NSG Service powered by Citrix Cloud
4. Traffic is securely brokered to the Connector in your resource location that is severing up the user’s selected virtual app or desktop or both from the server or desktop VDA.

Tech Overview of the NSG Service
1. The Citrix Cloud NetScaler Cloud Gateway service on your Connector allows and provides the secure remote access feature of the NSG Service from your chosen resource location. I have written a blog article about the Connector services and leading best practises which you can read at – http://axendatacentre.com/blog/2017/01/27/understanding-the-citrix-cloud-its-services-architecture-connectors/.
2. To ensure high availability you should always deploy at a min a pair of Connectors within your resource location and increase the compute capacity of your Connectors as user demand increases initially and thereafter deploy another Connector based upon usage of service.
3. *To use the NSG Service you MUST configure to use the cloud-hosted StoreFront provided by Citrix Cloud under “Service Delivery” tab at https://xenapp.cloud.com/delivery.
4. The NSG Service only supports HDX Traffic only and the service is currently only available on Eastern, Western coasts within the USA and in Europe so for those users accessing virtual apps and desktops via the NSG Service outside of these geos or not in close proximity to an entry point will experience higher latency so tweak your HDX policy(s)+ accordingly or deploy a NS VPX in your resource location.
5. ICA files are STA signed the below example is a small snippet from my own PoC and testing*. I have also intentionally scrammed some of the unreliable text to :-).

Sample ICA file
My Azure vDesktop $S19-38]
Address=;40;CWSSTA;9D09CE5552BDE4581E888CD87EEEEFC
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=5FFE184444B0A0
ClientAudio=On
ConnectionBar=1
DesiredColor=8
DesiredHRES=4294967295
DesiredVRES=4294967295
DesktopRestartAllowed=1
Domain=\78034E8888586B61

The NSG Service currently does not support and or is limited as of writing this blog article in Jan 2017 and based upon the embedded Twitter image – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/netscaler-gateway-as-a-service.html. Finally please remember that Citrix Cloud is consistently been updated and upgraded with new feature so please please refer to the online documentation and the service overview of Citrix Cloud even a day after posting the blog article as it may become out of date! You’ve been warned!

6. No support for Unified experiences (e.g Branding with your logo, colour scheme).
7. No support for Two Factor Authentication.
8. No support for authentication via outbound proxies for access outside of the resource location over the internet.

Citrix Cloud – NetScaler Gateway Service (NGS) Offering
You can find out more about the NGS subscription options which is avaiable at – https://www.citrix.com/products/citrix-cloud/subscriptions.html#tab-41499 and the service overview at – https://www.citrix.com/products/citrix-cloud/services.html#tab-23235

Understanding the Citrix Cloud, its Services, Architecture & Connectors (Draft)

The following content is a brief and unofficial prerequisites guide to better understand Citrix Cloud, Connector technology and the overall architecture required to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop Service prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
HIGH-AVAILABILITY – h/a
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
CITRIX CLOUD – cc
INFRASTRUCTURE AS A SERVICE – iaas
CITRIX CLOUD CONNECTOR – connector

The Three Primary Cloud Types (Draft Section)
Firstly i’d like to provide my definition of public, private vs. hybrid cloud and in my personal view things like SaaS, PaaS have naturally been spin out or off from IaaS e.g Public Cloud.

Public Cloud is whereby a ISP provides you with SPLA licensing (OS, Application, Service), compute, storage and network capabilities which in turn enables you to create your very own VM instances running in a virtual datacentre on the ISP’s h/w and example providers may include AWS, Azure, Google Cloud Platform e.t.c

Private Cloud is where you the organisation owns there own OS, Application or Service licenses as well as the physical hardware that allows you to create your own VM instances within your virtual datacentre. In this scenario the h/w is could (a) be purely Colocatied (Colocation) at ISP with or without managed services over and above the Colocation and example providers could include Rackspace, Qubems, Peer1 or (b) your h/w is hosted within your own custom and purpose built data centres facility or comms room dependant upon the organisations size and IT/Technology requirements.

Hybrid Cloud is when public and private clouds are connected securely over a IPSec R/A, L2L or SSL VPN connection.

What is and how Citrix Cloud works
Citrix Cloud is an evergreen, managed control plane from Citrix that provides the traditional Citrix management technologies to delivery e.g Virtual Apps & Desktops as Services thereby reducing overhaul management updates & upgrades. This means that Citrix is responsible for the availability of your Citrix management infrastructure in there Control Plane including ensuring that it is on the latest up to day and production version of e.g XAD to deliver DaaS and or virtual apps. Citrix customers and partners are responsible for what is known as a resource location which is where your apps, network and data resides and can exist in a public, private or hybrid cloud deployment scenario and each resource location is securely connected to the control plane using the Citrix Cloud Connector which initiates an outbound HTTPS connection so your completely in control of your apps, network & data within your resource location(s) at all times.

If I have not technically explained what is and how Citrix Cloud works successfully then please feel free to watch the below embedded YouTUBE video.

Please note that Citrix Workspace Cloud is now know as Citrix Cloud

Citrix Cloud Services as of Jan 2017
The following is my own technical spin/view of each of the Citrix services you can review the Citrix official view of each service at – https://www.citrix.com/products/citrix-cloud/services.html.

XenApp and XenDesktop Service – HDX virtual app & desktop delivery from any supported resource location running server/workstation VDA(s) while all the XenApp/XenDesktop mgmt infrastructure (Studio/Director) resides in your tenant/account at https://citrix.cloud.com.

XenMobile Service – Deploy Secure Apps (MAM), MDM to control your organisation devices with no need to deploy the XenMobile v/a even at your resource location all you need is either an IPSeC VPN tunnel or the Connector to enumerate users in AD to be assigned to delivery groups.

ShareFile Service – Follow-me data now controlled within one WebUI.

NetScaler Gateway Service – Provides a simple and easy deployment method to gain external remote access to virtual apps & desktops from your resource location(s) via the Citrix Cloud Connector.

Smart Tools Service previously Lifecycle Management – Design, build, automate, auto check & update your resource locations with Citrix validated blue prints.

Secure Browser Service – Provides a secure remote virtual browser(s) to access web (internal vs. external), SaaS apps from the Citrix Cloud with zero configuration, with only a link to access your published web apps via the HTML5 Receiver.

Citrix Cloud Labs – My personal favourite as this area of Citrix Cloud allows you get to test out some of the latest Citrix Innovations from our Labs team as services e.g AppDNA Express; Citrix Provisioning for Microsoft Office 365; IoT Automation; Citrix Launch for Microsoft Access; XenMobile MDX Service and Session Manager

Connector Architecture & Security
The following diagram depicts the H/A deployment of Citrix Cloud Connector for use with the XenApp and XenDesktop Service from Citrix Cloud. Please note that this is a simple architectural diagram that does not include a NetScaler in resource location so the assumption is that you users will connect to their virtual apps and desktops either from within the actual Resource Location or via the NetScaler Gateway service hosted and managed by Citrix Cloud. My personal preference is to leverage a NetScaler physical or virtual appliance within your resource location as the benefits of a NetScaler far exceed and go above and beyond that of a simple ICA Proxy gateway for XenApp/XenDesktop. Perhaps a follow-up blog article why I presume NetScaler in the resource location from my personal view point only or I may decide to update this blog article.

To better understand how to best secure or harden your Cirix Cloud implmentation and its services please refer to – http://docs.citrix.com/en-us/citrix-cloud/overview/get-started/secure-deployment-guide-for-the-citrix-cloud-platform.html for leading best practises, process & procedures and configuration requirements.

Citrix Cloud Connector
The following is deep dive overview of Citrix Cloud connector technology for all the services with the exception of the Smart Tools service which leverages its own connector which is used to check your Citrix workloads, scale up/down and or even build or tear down workloads in resource location(s) via blueprints.

Installation & Troubleshooting
You must download and only install the Citrix Cloud Connector for your resource location from “Identity and Access Management” that matched your domain forest, don’t mix and match these! The installation is fairly straight forward and simple as descriobed and outlined at http://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-connector/installation.html, once the installation completes wait for the connectvity test to pop-up and complete successfully prior to navigating back to Citrix Cloud to validate that the Connector has scuessfully registered with Citrix Cloud+.

You can also perform automated installation leveraging the following command line arguments when installing the Connector “CWCConnector.exe /q /Customer:Customer /ClientId:ClientId /ClientSecret:ClientSecret /ResourceLocationId:ResourceLocationId /AcceptTermsOfService:true.

Although the Connector communicates outbound on HTTPS 443 it make also require one or more of the following ports outbound only as described at – http://docs.citrix.com/en-us/citrix-cloud/overview/get-started/secure-deployment-guide-for-the-citrix-cloud-platform.html for one or more of the Citrix Cloud Services so please consultant the documenation for each Service carefuly for high security enviroments to ensure that the organisations firewall ACL’s for the PoC are correctly configured.

You can install hypervisor tools, anti-virus software (Tested as of 26/10/2016++ McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8) on your VM instances that have the Citrix Cloud Connector technology installed however it is not recommended to install any other software or unnecessary system services nor should you allow any domain users access unless they are a Domain or System administrator of the Citrix environment. In summary treat these Connectors as you would your XAD Controller(Broker).

The installation logs are available at “%LOCALAPPDATA%\Temp\CitrixLogs\CloudServicesSetup” and post the installation its consolidated to the following location “%ProgramData%\Citrix\WorkspaceCloud\InstallLogs“.

Understanding Credential Handling
Coming…http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html

Monitoring your Citrix Cloud Services
1. http://status.cloud.com/ is your friend and will provide you with vital up to date information about the Citrix Cloud platform (control plane or SaaS tier) and each of its Services e.g XenApp and XenDesktop Service or Smart Tools.
2. Monitor the following Connector services described below ++
3. The leading best practises is for the Citrix Cloud Connectors to not be offline longer than two weeks as the connectors are regularly updated from Citrix Cloud with the latest updates (Evergreen) which is why each resource location requires at a bare min 2x or a pair of Connectors.

Connectivity & High-Availability
The Citrix Cloud Connector firstly should always be implemented in pairs at a minimum within any resource location and installed onto either Windows Server 2012 R2 or 2016 AD joined VM instances. The connectors are stateless and brokering requests are load-balanced via Citrix Cloud to the connectors within your resource location(s) and if a connector does not respond the queued tasks are redistributed to the remaining connector(s). As the connectors are stateless this also means that they do store any mgmt configuration for Citrix Workloads at the resource location as this is held within the Citrix Cloud by the Service that you are utilising e.g XenApp and XenDesktop Service.

+If you setup a PoC with a single Connector it will probably display as amber for a period of time prior to turning green as you have only configured 1x Connector for your resource location. You can check your Connector status for your resource locations by navigating from https://citrix.cloud.com/ to https://citrix.cloud.com/identity and under “Domains” select your domain forest(s) and expand it and you can review your Connectors name e.g servername.dommain e.g connector1.x1co.eu and its status (red, amber or green).

The leading best practise for h/a at your resource location is for your Citrix Cloud Connectors to be implemented as N+1 for redundancy – – https://en.wikipedia.org/wiki/N%2B1_redundancy.

Logs & Services++ of the Connector
The Connector logs are stored at “C:\ProgramData\Citrix\WorkspaceCloud\Logs or use %ProgramData%\Citrix\WorkspaceCloud\Logs” for verifying ongoing communication and helping with troubleshooting. Once the log(s) size exceeds a certain threshold its deleted BUT Administrators are able to control the log retention size by adjusting the following entry in the Windows registry “HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CloudServices\AgentAdministration\MaximumLogSpaceMegabytes” to meet your organisations logging/auditing requirements.

The core four primary functions/roles of the Connector are Authentication, Proxy, Provisioning and Identity which are powered by the following Citrix Cloud services listed below (as of Jan 2017). You can view a detailed architecture technical diagram of the Connector under the XenApp and XenDesktop Service online documentation at – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html.

Connector Functions/Roles
For a more accurate diagram please check out – http://docs.citrix.com/en-us/citrix-cloud/xenapp-and-xendesktop-service/technical-security-overview.html

Authentication Proxy Provisioning Identity
↕
NetScaler
Unified Gateway
StoreFront
(Optional)

↕
Hypervisor 
Server VDA
 Server 2012 R2, 2016
Desktop VDA
Windows 10
↕

Active Directory, DNS

I’ll update this section with what each of the Connector services actually does

Citrix Cloud AD Provider
Citrix Cloud Agent Logger
Citrix Cloud System
Citrix Cloud WatchDog
Citrix Cloud Credential Provider
Citrix Cloud WebRelay Provider
Citrix Cloud Config Synchronizer Service
Citrix Cloud High Availability Service
Citrix Cloud NetScaler Cloud Gateway
Citrix Cloud Remote Broker Provider
Citrix Cloud Remote HCL Server
Citrix Cloud Session Manager Proxy

Citrix Cloud PoC Guide for the XenApp and XenDesktop Service
I have writen a fairly detailed blog article describing how-to deploy the XenApp and XenDesktop Service here.

Understanding XenApp & XenDesktop 7.12 and What’s New

The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop 7.12 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
LOCAL HOST CACHE – lhc
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
FLEXCAST MANAGEMENT ARCHITECTURE – fma
EXPERIENCE 1st – x1
INTERNAL – int
VIRTUAL DESKTOP – vd
VIRTUAL APPS – va
DATA TRANSPORT LAYER – edt

What’s New XenApp/XenDesktop 7.12
1. Yes it’s now avaiable & back “Local Host Cache” or LHC as it was most commonly reffered to previously and its back now within XAD 7.x Flexcast Mangagment Architecture (FMA) platform and everything you need to know is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/manage-deployment/local-host-cache.html* & https://www.citrix.com/blogs/2016/12/07/local-host-cache-for-fma/ but a few note worth points to mention below followed by an overview of LHC vs. Connection Leasing by a Citrix XenApp & XenDesktop PM Craig. I have also embedded a how-to enable below along with a basic and brief architectural overview of LHC in XAD 7.12 which is powered by FMA and not IMA which is for anything XA 6.5 and below.

N.B LHC is disabled by default to enable it open up PowerShell in Admin mode or launching a PowerShell session using Studio and enter in the following “Set-BrokerSite -LocalHostCacheEnabled $true -ConnectionLeasingEnabled $false” once the command completes execute the following cmdlet “Get-BrokerSite” and check that the following value of “LocalHostCacheEnabled” is set to “True“. Note that CL is now also disabled and both CL and LHC should not be running simultaneously together as this is not supported.
– VDAs re-register with the elected XAD controller (broker)
– Support for up to 5K VDA’s
– LHC services β€œHigh Availability Service” performs shadow copy of the control info that the XAD Controller requires and the β€œConfiguration Sync Service” will sync control info/data.
– Adequately size your XAD controllers correctly to account for the compute load required during an outage, please ref to the “RAM size” and “CPU core and socket configuration” sections under “Design considerations and requirements” at LHC documentation at – *.
– LHC utilises Microsoft SQL Server Express LocalDB and is auto installed when you install the XAD 7.12 controller and is installed regardless of weather LHC it enabled or not.
– Local Host Cache is enabled if connection leasing was disabled before the upgrade vs. Local Host Cache is disabled if connection leasing was enabled before the upgrade.
– To force an outage to test LHC in your home lab or organisations test/uat environment on the XAD controller open regedit as a Admin navigate to HKLM\Software\Citrix\DesktopServer\LHC” thereafter create a registry key “OutageModeForced” and set the value to 1 to force an outage mode once you have completed your tests then revert the value to 0. I would suggest prior to attempting to perform this test place a load with a few test by active users for Server VDA based workloads (XenApp) to best understand how LHC works in a failure scenario.

2. Thinwire Compatible Mode 8-bit color depth support (7.12 VDA only otherwise fallback to 24-bit by default) which is configured by select the following HDX policies.

– “ Use video codec for compression” and ref to http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings/graphics-policy-settings.html#par_richtext_bc19 for a list of avaiable configurations please note that if configured for the entire screen then 8-bit is NOT SUPPORTED!
– “Preferred color depth for simple graphics” and select the “8-bit” value

3. HTML5 video redirection is now available for INT web sites (disabled by default) and can be enabled by configuring the “Windows Media Redirection” by referring to http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings/multimedia-policy-settings.html#par_richtext_5 and you also need require to add the following “JavaScript files are located in %Program Files%/Citrix/ICA Service/HTML5 Video of the VDA installer to your website” a sample external test web page can be found at the “HDX HTML5 video redirection test page at – https://www.citrix.com/virtualization/hdx/html5-redirect.html
4. Azure Hybrid Use Benefits support e.g enable or disable support for the Azure Hybrid Use Benefits (HUB).
5. Record sessions based on client IP addr or range, TLS 1.2 encryption during data transfer and finally highlight idle periods in Player
6. NetScaler UG now supports H/A of HDX Framehawk – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/hdx/framehawk.html with supported NS firmware builds for Framehawk which include 11.0.62 & 11.0.64.34 (+ preffered).
7. HDX Enlightened Data Transport (for evaluation only) or “EDT” – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/policies/reference/ica-policy-settings.html.

Very High Level Overview*

Adaptive Display
EDT
(Evaluation Only)
TCP
UDP
High Defintion eXperience (HDX 

– Only VDA’s configured with IPv4 addressing is supported
– Requirements XAD +VDA 7.12, StoreFront 3.8
UDP setup on 1494 and 2598 on the VDA remember this is typically TCP but now must also be for UDP
– Enable policy setting “HDX Enlightened Data Transport“. Remember its DISABLED by default and you can setup 3x values “Preferred” UDP data transport is used where possible with a fallback to TCP, “Diagnostic mode” forces a UDP data transports with a fallback to TCP & “Off meaning TCP is used & does’nt affect HDX RealTime”
– If you are evaluating this then please refer to the “Tech Preview of New Adaptive Transport in 7.12” forum at – http://discussions.citrix.com/forum/1663-tech-preview-of-new-adaptive-transport-in-712/
– Note when testing directly from eDoc’s “the new data transport layer (“EDT”) is allowed by default in Citrix Receiver for Windows, however, by default, it will only attempt to use EDT if the setting in the ICA file for HDXoverUDP is Preferred or On” also please ref to the notes relating to Receiver on Mac’s

You can learn more about this evaluation by reading the following blog posts – https://www.citrix.com/blogs/2016/12/14/overcoming-latency-to-serve-a-global-user-population/* and https://www.citrix.com/blogs/2016/12/08/take-a-look-under-the-hood-of-next-generation-hdx/ by Citrix’s HDX PM Derek.

8. You can very easily setup and try XenApp 7.12 in Microsoft Azure today via Azure Marketplace by searching for “XenApp 7.12” or click the following link – https://azure.microsoft.com/en-gb/marketplace/partners/citrix/citrix-xacitrix-xa-trial/ after signing into the Azure Portal at – https://portal.azure.com/.
9. Tagging with “App Groups” now provides the ability to a tag a VM(s) so that when published virtual apps in Application Group or virtual desktops in a Delivery Group are restricted to launch from VM(s) that have been tagged.

10. Advanced Reboot Schedules

11. In StoreFront 3.8 you can create multiple IIS sites and thereafter use the following PoSH cmdlet below to create a StoreFront deployment within your own IIS sites – http://docs.citrix.com/en-us/storefront/3-8/plan.html. What does this actually mean? You can host multiple RfW sites (stores) with each having its own domain name. In order to create your custom websites in IIS for your Stores and ReceiverforWeb firstly open up PowerShell using Studio (Simple way) then close Studio. Next you MUST ensure that NO other StoreFront MMC snap-in consoles are open within your StoreFront cluster and also on the individual Windows server (minimised) that you are setting up IIS sites. StoreFront will disable the mgmt console and displays a message. TIP: To learn how-to setup IIS sites/website please visit – https://support.microsoft.com/en-gb/kb/323972

– From your open PowerShell window enter in the following which will create a custom IIS site/website for virtual apps and one for virtual desktops
– Type “Add-STFDeployment -SiteID 1 -HostBaseURL “https://www.storefront.app.com”” (Virtual apps)
– Type “Add-STFDeployment -SiteID 2 -HostBaseURL “https://www.storefront.desktop.com”” (Virtual desktops)
– Type exit and close the Powershell window prior to opening up Studio or a StoreFront MMC snap-in on any server in the StoreFront cluster

12. Although this one is not strictly new to StoreFront 3.8 and XenApp/XenDesktop 7.12 its often an overlooked feature (For CTX SysAdmins) which is the ability to securely export and then re-import your entire StoreFront configuration including using PoSH credentials for (de)encryption of the backup configuration. To learn more please check out – http://docs.citrix.com/en-us/storefront/3-8/export-import-storefront-config.html and use the feature prior to any StoreFront upgrades or migrations.

Deprecation Forecast
I would strongly recommend that you review and understand the Deprecation forecast announcements made during the XenApp/XenDesktop 7.12 release which is avaiable at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new.html#par_anchortitle_5da8.