Professional Documents
Culture Documents
XenDesktop Solution
The User layer represents the end-user devices used to connect to XenDesktop resources
regardless of whether the end user is connecting from an internal or external device. Citrix
Receiver, Receiver for Web Sites, of Citrix HTML 5 Receiver can be used from these devices to
access the resources.
Citrix Receiver :-> Citrix Receiver is installed on end-user devices to provide and users with
quick, secure, self-service access to documents, applications, and desktops from any end-user
device, including smartphones, tablets and PCs. Receiver provides on-demand access to
Windows, Web, and Software as a Service (SaaS) applications.
The access layer contains the components that provide end-user access to the environment: Citrix
NetScaler and StoreFront. NetScaler provides secure access and intelligent load balancing for
StroeFront, Deliver Controller, and related infrastructure. Internal end-user devices connect from the
user layer to the access layer using StoreFront.
NetScaler is an integrated Web application delivery controller that slashes server and bandwidth
requirements, cutting the costs of delivering enterprise applications. NetScaler functions as an
application accelerator through layer-7 load balancing and content switching functions. NetScaler also
includes application security using a Web application firewall. NetScaler offloads applications and Web
servers to ensure application availability, increased security through SSL, and server consolidation. It
reduces the cost of ownership of Web application delivery and optimizes the end-user experience.
Ctirx StoreFront:- StoreFront delivers a powerful, self-service Windows applications store to provide a
single, simple, and consistent aggregation point for all IT user services.
The control layer is home for the various controllers and infrastructure components required for
managing and delivering virtual desktops. Within the control layer, decisions surrounding the
management and maintenance of the overall solution are addressed. The Control layer is comprised of
access controllers, delivery controllers, and infrastructure controllers. Once an end-user connection
moves past the access layer, Citrix StoreFront communicates with the Delivery Controller in the control
layer.
Delivery Controller:- The Delivery Controller is installed on servers in the datacentre and consists of
services that communicate with the hypervisor to distribute applications and desktops, authenticate and
manage end-user access, and broker connections between end user and their virtual desktops and
applications. The Controller manages the state of the desktops, starting and stopping them based on
demand and administrative configuration. Each site has one or more delivery controllers.
Machine Creation Services (MCS) :- It is a collection of services that run on the Delivery Contr9oller to
generate multiple clone-like machines from a single virtual machine serving as the primary image. The
Machine Creation Service communicates with the hypervisor and crates the desired number of
machines using storage-based snapshot technologies, while the Citrix AD Identity Service generates the
computer accounts within Active Directory.
Citrix Provisioning Services (PVS) :- PVS uses network-based streaming technology to deliver the
operating system for both single-user virtual-desktops and multi-user, server-based resources. Citrix
Provisioning Services allows a single vDisk to be used to deliver a consistent virtual desktop across the
environment and to simplify image management and maintenance.
The resource layer contains the end users virtual desktop and applications and is subdivided in to three
components: applications, operating system image, and personalization.
OS (Operating System): Virtual desktop delivery with XenDesktop involves delivering an image of an
Operating System (such as Windows 7) to the end user.
Apps: (Applications can be installed on Server OS or Desktop OS machines in your XenDesktop
environment. These applications are delivered to end users.
Profile: Profile management provides an easy, reliable, and high-performance way to manage end-user
personalization settings in virtualized or physical Windows environments. Profile management allows
end users to customize their virtual and physical desktops, applications, and server settings. Managed
through Citrix policies or GPOs, Profile management can provide a central point of configuration and
control to give a consistent experience regardless of hich machine hosts the end-user session.
Policy: Citrix Policies are the most efficient method of controlling connection, security, and bandwidth
settings. Policies can be created for specific groups of end users, devices, or connection types. Each
policy can contain multiple settings and different settings from policies can be mearged. Any confilicts
between settings are resolved using a system of priorities.
PvD : With the personal vDisk feature, you can manage pooled and streamed desktops from a single
image while offering end users the flexibility to install applications and change personal settings.
The management layer contains all of the consoles and utilities used to configure and manage the
XenDesktop components.
Ctirx Studio :- It is a management console that enables you to configure and manage your deployment,
eliminating the need for separate management consoles for managing delivery of applications and
desktops. Studio provides various wizards to guide you through the process of setting up your
environment, creating you workloads to host applications and desktops, and assigning applications and
desktops to end users.
Cirtix Director: It is a web-based tool that enables IT support and Help Desk teams to monitor a
XenDesktop environment, troubleshoot issues before they become system critical, and perform support
tasks for end users.
Introduction to Studio:
Studiois the primary management console for XenDesktop. It enables you to configure and manage your
deployment, eliminating the need for separate management consoles to manages the delivery of
applications and desktops.
If you transition from XenApp to XenDesktop, Studio replaces the Delivery Services Console.
Platinum
Enterprise
Apps
VDI
The License Administration Console enables you to manage and monitor Citrix licenses through
a Web browser. Studio can also be used for license administration and these consoles can be
used interchangeably. However, the License Administration Console manages licenses during
the deployment of XenDesktop, prior to the installation of Studio.
Scopes:
Scopes represent a collection of objects. An object can exist in more than one scope.
Scopes group objects in a way that is relevant to your organization. The built-in All
scope contains all objects and is always paired with the Full Administrator role.
You can now apply roles and scopes to groups in Active Directory instead of applying
roles and scopes to individuals only
Large Deployments: Even larger deployments might require more (or more specific) scopes in
addition to different administrators with unconventional roles. In this case, edit or create additional
scopes, create custom roles, and create each administrator with a built-in or custom role along with
existing and new scopes.
Run a delegated administration report through Citrix Studio to list the permissions for an individual
administrator.
The HTML report describes the Resultant Set of Policy (RSOP), which shows the role\scope pairs
associated with an administrator and lists the individual permissions for each type of object.
Architecture Overview
Creating a Virtual Machine from an ISO
o Creating a Virtual Machine
To Create a Virtual Machine Using XenCenter
To Install a Windows OS onto a Virtual Machine
o Installing XenServer Tools
To Install XenServer Tools on a Virtual Machine
o Generalizing the Virtual Machine
Control Domain: The Control Domain manages the network I/O and storage I/O of all virtual machines.
VIF: A virtualized representation of a computer network interface. A virtual machine connects to a
virtual interface to provide network connectivity to other virtual machines and the physical network.
PIF: A physical interface that corresponds to an actual connection to network prots.
Physical NIC: A physical network card that is installed on the host hardware.
Virtual Machine: Virtual Machine appear to end users as separate computers, each with its own
network identity, user authorization, authentication capabilities, operating system version,
configuration, applications, and data. The abstraction from physical hardware allows the virtual machine
to be protable.
Virtual NIC: Software that allows a computer to connect to a virtual network.
Guest OS: The operating System that is installed on a virtual machine.
Supported Hypervisors:
The hypervisor works by virtualizing the hardware. Hardware virtualization abstracts system components, such as
hard drives, resources, and ports, and allocates them to the virtualized machines running on the system. The
virtual machines run operating systems and applications that are known as guest software. The hypervisors
supported by XenDesktop 7 are:
1- XenServer
2- Hyper-V and System Center Virtual Machine Manager (SCVMM)
3- VMware vSphere
Hypervisor Tools
When using a hypervisor to host your XenDesktop virtual machines, ensure that the proper tools are installed. For
example, XenServer Tools must be installed in order to properly manage virtual machines within XenServer Tools,
you cannot:
Virtual machines are deployed to end users or used as server machines. New virtual machines are created
for many reasons, including proper allocation of resources, replacing physical boxes with virtual machines,
hosting different operating systems, and end-of-life replacement. Virtual machines never leave the
datacentre, which offers a much higher level of security and simplifies administration and management.
XenServer Tools provide high performance Windows drivers and a management agent, enhancing disk
and network performance for XenServer virtual machines. Install XenServer Tools on each virtual machine
in order to use the xe command-line interface (CLI) or XenCenter.
Note: Running a virtual machine without installing the XenServer Tools is not a supported configuration.
Citrix recommends that you generalize a virtual machine before using it to create a template. This
eliminates the possibility of conflicts between virtual machines created from the same template. On a
Windows operating system, use the Sysprep tool (bundled with all versions of Windows from Vista
forward).
Note: This process is only required if you create a template from a virtual machine.
With the virtual machine properly prepared and generalized, create the template in XenServer.
Note: This process is only required if you create a template from a virtual machine.
A snapshot is an image of a virtual machine that preserves the current settings and data at the point in
time in which the snapshot is taken. Taking a snapshot allows a virtual machine to be restored if it fails.
Use the Revert To option to discard changes made to the virtual machine and reset it back to the original
state when the snapshot was taken.
A benefit of creating virtual machines is that they can be easily copied. You should create a copy of a
virtual machine when you want to.
o Complete a virtual machine backup
o Troubleshoot
o Test applications for fault tolerance.
o Provide the ability to roll back in the event of problems.
Prior to installation on a live machine.
o Repurpose the machine for other needs within the environment.
Adjusting storage: Before purchasing additional storage hardware, verify that the existing storage is
allocated appropriately. Make adjustments as needed to support end-user requirements and use
existing storage resources more efficiently if possible.
Adding storage: With the appropriate resources, storage can easily be added to a virtual machine or a
template.
Memory: The hypervisor manages, memory allocation and allows additional memory assignment to a virtual
machine when it is running low on resources or if the end users require more memory to use resource-intensive
applications.
Processing Power :
Adjusting vCPUs: The processing power available to virtual machines can be a limiting factor within an
environment. Although each vCPU must be allocated strategically, XenCenter is used to set the priority of vCPUs
and gives more options when distributing processors across the environment.
Network Resources:
Adding a Virtual Network Interface Controller: You may need to add NICs in your virtual environment to associate
virtual machines with the appropriate network. When you install an interface into the virtual machine, link it to the
relevant network, allocate it a MAC address, and select the option of completing Quality of Service (QoS).
Configuring Alerts
Hypervisors allow for the configuration of events and alerts to simplify monitoring the
environment. Alerts raise awareness when resources reach a pre-determined level and respond
to selected system events, or when CPU, memory usage, network, storage throughput, or VM
disk activity go over a specified threshold on a managed host, VM, or storage repository.
Architecture overview
Managing Machine Catalogs
o Creating New Resource Setting
Machine Creation Services
Creating Machine Catalog
o Creating a Machine Catalog for Windows Server
Installing VDA
o Creating a Server OS Machine Catalog
o Creating a Machine Catalog for Windows Desktop
Installing the VDA
o Creating A Desktop OS Machine Catalog
o Creating a Remote PC Access Machine catalog
Managing Delivery Groups
o Creating a Delivery Group for User Desktops
o Creating a Delivery Group for Application Delivery
Managing Resources
o Adding Machines to a Machine Catalog
o Updating Desktops in a Machine Catalog
o Managing Computers Accounts
o Managing Power for Machines in a Desktop OS Delivery Group
o Reallocating Machines in a Delivery Group
o Discussion Question
o Shutting Down and Restarting Desktops
o Discussion Question
Deleting Resources
o Enabling and Disabling Maintenance Mode
o Removing Desktops from Delivery Groups
o Deleting a Delivery Group
o Deleting a Delivery from a Machine Catalog
o Deleting a Machine Catalog
Troubleshooting : Managing Desktops and Applications
Reinforcement Exercise: Delivering Server Desktops
Architectural Overview
The Delivery Controller (Controller) is responsible for managing end-user access, load balancing
connections, and optimizing connections.
Are task workers who require standardized virtual desktops and applications, such
as call center operators and retail workers.
Optimize hardware use by providing only the number of desktops required at any
one time rather than assigning each user a specific desktop.
Maintain control over desktops and increase security by preventing end users from
making permanent changes.,
Minimize desktop management costs by providing a locked-down standardized
environment for your end users.
Specify groups of end users who access desktops, applications, or desktops and applications.
Add end users and groups of users.
Defining the end-user experience in the Delivery Group means that settings do not need to be duplicated or
maintained across multiple pools of resources, and the backend resources can be changed without affecting
the end-user experience.
2-
3-
4-
5-
6-
Put a machine in maintenance mode in order to perform administrative tasks on the associated
image, such as applying updates and upgrading using image management tools.
When the machine is in maintenance mode, end-user activity is affected in the following ways:
With Server OS machines, end users can connect to existing sessions but cannot start
new sessions.
With Desktop OS and Remote PC Access machines, end users cannot connect or
reconnect. If the end user is already connected, they will stay connected until they
either disconnect or log off.
Machines are available for end-user connections when you take them out of maintenance
mode.
Removing a machine deletes it from a Delivery Group but does not delete the associated VM
from the machine catalog on which the group is based. Therefore, the machines are available
for assignment to other Delivery Groups. You can use this process when you want to delete the
machine but retain the virtual machine it was created from and its associated Active Directory
accounts.
Machines can only be removed while in maintenance mode. Putting the machine in
maintenance mode temporarily prevents end users from connecting to the machine during
removal.
Machines may contain personal data. Manage this activity appropriately, especially if the
machine is allocated to another end user.
There are Delivery Groups for desktops and for applications. Machines may need to be moved
to another Delivery Group and the leftover Delivery Group needs to be deleted, which requires
putting Delivery Group into maintenance mode.
When a machine is deleted end users can no longer access it and the machine is deleted form
the machine catalog. Before deleting the machine, make sure all user data is backed up. No end
users can be logged on the machine that is being deleted. Put the machine in maintenance
mode to stop end users from connecting to the machine.
Contents
Managing StoreFront ............................................................................... Error! Bookmark not defined.
1.0
2.0
3.0
Manage StoreFront
Lesson 1: Architectural Overview
StoreFront is a front-end Web server responsible for aggregating resources from different
locations and presenting end users with a list of resources, including desktops and applications.
When an end user subscribes to a resources, they can customize the presentation and home
page display of that resource.
StoreFront Components
The StoreFron server records the details of end-user application subscriptions locally along with
associated shortcut names and locations. When an end user accesses a store, the application
synchronization feature automatically updates the subscribed applications on the end-user
device to match the configuration stored on the StoreFront server. The credentials are later
retrieved by the Store Service to authenticate to XenDesktop, ensuring that end users have a
consistent experience across all devices.
Note: StoreFront requires a minimum of 2 GB of storage space on the StoreFront server.
The StoreFront authentication service authenticates end users to XenDesktop sites. When an
end users credentials have been validated, the authentication service handles all subsequent
interactions to ensure that the end user only needs to log on once. The credentials are stored
using built-in Windows security features.
The store retrieves end-user credentials from the authentication service to authenticate end
users to the components providing the resources. The store also enumerates and aggregates
the resources currently available from XenDesktop sites and the Delivery Controller (SaaS
applications). End users access the stroe through Citrix Receiver or a Receiver for Web site.
This site enables end users to access stores through a Web page. Furthermore; this site can
verify the version of Receiver installed locally on the end-user device and guide the end user
through an upgrade or installation procedure if required. In scenarios where Receiver cannot be
locally installed, an HTML 5-based Receiver will be used.
1- An end user accesses their resources through Receiver. If Citrix Receiver is not installed
on the endpoint, end users can download Citrix Receiver using the Receiver for Web
site.
2- The authentication service of StoreFront retrieves the end-user credentials and validates them
with a domain controller. The StoreFront servermust be a member of the same Active Directory
forest as the end-user account and the accessed resources.
3- StoreFront retrieves the end users application subscriptions locally and loads them into
memory.
4- StoreFront forwards the end-user credentials as part of an XML query to the XenDesktop
Delivery Controller.
5- The Delivery Controller validates the end-user credentials with a domain controller
6- After a successful validation, the Delivery Controller checks which resuorces have been
published for this end user within its SQL Server database.
7- The Delivery controller sends an XML response to StoreFront, which contains all resources
available for theend user from XenDesktop. Site.
8- StoreFrontsends the list of available resources including the existing subscriptions to Citrix
Receiver or displays them in the Receiver for Web site.
Creating New Stores: StoreFront can create as many stores as needed for a particular group of
end users or can group together a specific set of resources. To create a store, identify and
configure communications with the servers providing the resources that you want to make
available.
3.1 To Create and Add a New Store
o Log on to the StoreFrontServer-1 virtual machine using the CCH\Admin1
and Password1 credentials.
Hiding a Store: Hiding a store prevents end users from adding stores to their accounts when
they configure citrix Receiver through email-based account discovery. By default, when a store
is created it is presented as an option for end users to add within Citrix Receiver when they
discover the StoreFront server hosting the store. Hiding the store does not make it inaccessible;
instead, end users must configure Citrix Receiver with connection details for the store, either
manually using a setup URL or with a provisioning file.
4.1 To Hide a Store
o Select the Stores node.
Manging Authentication
The management of authentication within StoreFront is necessary to allow end users access to
XenDesktop applications and desktops. StoreFront will then handle all interactions to ensure that end
users only need to log on once.
Select an authentication method within the StoreFront management console to enable or disable enduser authentication method set up. If end users experience difficulty accessing the store or Receiver for
Web site, you may need to review their authentication settings.
User name and password: Enables explicit authentication. End users enter their credentials
when they access their stores.
Domain pass-through: Enables pass-through of domain credentials from user devices. End users
authenticate to their domain-joined Windows computers and are automatically logged on when
they access their stores. In order to take advantage of this option, pass-through authentication
must be enabled when Receiver for Windows is installed on user devices.
Smart card: Enables an authentication method in which a physical card is inserted into a reader
along with an end user entering a pin or a password. This adds an extra level of security since a
card is required.
Pass-through from NetScaler Gateway: Enables pass-through authentication from NetScaler.
End users authenticate to NetScaler and are automatically logged on when they access their
stores.
Perform this task to enable end users accessing stores with explicit domain credentials to reset
their expired passwords when logging on. When this setting is enabled, end users who cannot
log on because their passwords have expired are redirected to the Change Password dialog box.
StoreFront then contacts the domain controller to reset the end-user password.
If this feature is enabled, ensure that the policies for the domains containing your Citrix-based
servers do not prevent end users from resetting their passwords and ensure that there is
sufficient disk space on your StoreFront server to store profiles for all your end users. By
default, StoreFront warns end users if their passwords are due to expire. To perform the
password expiry check, StoreFront creates local user profiles on the StoreFront server.
Enabling end users to reset expired passwords exposes sensitive security functions to anyone
who can access any of the stores that use this authentication service. If your organization has a
security policy that restricts end-user password reset functions for internal use this
authentication service are accessible from outside your internal network. End-user resetting of
expired passwords is disabled.
After creating a store within StoreFront, you may need to add other controllers. Adding
controllers alleviates the issue of having a single point of failure. There may also be
times in which you want to modify or remove existing Delivery Controllers that are
available to particular store.
Select Store.
Select XenApp.
Click Add.
Select HTTP.
If you are using certificates to secure connections between StoreFront and Delivery
Controllers, ensure that the server names you specify in the Servers list match
exactly (including the case) the names on the certificates for the servers.
Click OK twice.
Click OK.
In order for end users to have the latest version of Receiver, it is important to specify the
mechanism of delivery for any updates. This procedure will offer options tomanage updates and
allow end users to have full functionality of stores.
Removing a Store
If an existing store is being replaced or is no longer usable for a particular group or user, it may
be necessary to remove the store. When a store is removed, any associated Receiver for Web
sites are also deleted.
o To Remove a Store
Unfiltered Policy
Using a Policy Template in Studio
Creating a Policy Using Studio
Applying a Policy Using studio
Editing a Policy Using studio
Assign polices to groups rather than individual end users. If you assign policies to
groups, assignments are updated automatically when you add or remove end users
from the group.
Policy Precedence
Prior to creating policies, It is important evaluate whether policies will be managed and stored
in Studio or using GPOs. Citrix recommends managing and storing policies using GPOs if you
have the appropriate permissions in Active Directory. In situations where policies exist that
have been created using both studio and GPOs, Group Policy-based settings take precedence
over policies stored within the site database.
session either when the machine registers with the broker or when an end user connects to the
relevant resource.
Before creating a policy, decide which group of end users or devices you want it to affect. You
may want to create a policy based on end-user job function, connectiontype, end-user device,
or geographic location. Citrix recommends that you define a baseline policy set which outlines
all of the common configuration options for an organization within a single policy set, and then
configure policy exceptions as required to override decisions for specific needs. The key is to
keep the policy configuration simple and well-structured in order to avoid confusion.
Unfiltered Polices
Policy settins that will be applied to all objects and sessions in a site can be applied using an
unfiltered policy. When a XenDesktop site is created, some policy. When a XenDesktop site is
created, some policy settings are applied by default using the unfiltered policy. If you want
polices to impact specific groups, end users or objects, use policy filters to apply these settings.
The pre-created unfiltered policies cannot be deleted. If there are end users you do not want
affected by these policies, create a policy containing exceptions for these end users and then
set the priority higher than the priority of the unfiltered policy.
If your network environment includes Active Directory and you have the appropriate
permissions to manage Group Policy, use the Group Policy Management Console (GPMC) to
create policies for your site. Using Active Directory group policy allows you to manage both
Windows policies and Citrix policies in the same location and minimizes the administrative tools
required for policy management. The settings you configure affect the GPOs that you specify
through the GPMC. Polices created using Group Policy are stroed on the domain controller and
updates are pushed to the virtual desktop at regular intervals as part of the GPO refresh policy.
Policy Flow
Directions: Click the arrow to view the next step in the policy flow process.
to all their own personal settings, shortcuts, toolbars, templates desktop wallpapers, and
favorites.
Profile management addresses end-user profile deficiencies in environments where
simultaneous domain logons introduce complexity and consistency issues to the profile. It
optimizes profiles by saving registry changes and file and folder changes to the user store for
each end user at various intervals as well as when the end user logs off.
Profile management is installed by default on master images when you install the VDA.
Active Write Back: Periodically writes user settings back to a users profile.
Active Directory Actions: When configured, applies log settings.
Directories to Synchronize: Allows you to choose particular directory paths to include
within Profile Management.
CC
Scenario: The CCH Engineering teams IDE and programming tools will eventually be hosted
on a desktop provided by XenDesktop 7. Since they have access to the source code,
management wants you to put some policies in place that may make it more difficult for the
source code to be taken outside company systems. Your objective is to put a group policy
object in place to put some safeguards in place to limit how the Engineering team can transfer
this kind of data.
Director Overview
o Accessing Director
Monitoring within the Director Sashboard
o Monitoring Infrastructure
o Monitoring Connected Sessions
o Monitoring Logon Duration Averages
o Monitoring Machine and User Connection Failures
Monitoring AND Managing User Sessions
o Viewing User Sessions
o Searching for a User
o Monitoring User Application
o Monitoring User Machine Processes
o Managing a Users Machine Power Status
o Enabling or Disabling Maintenance Mode
o Resetting a Users Profile
o Discussion Question
o Monitoring HDX Channels
o Sending a Message to a User
o Shadowing a User Session
o Disconnecting a User Session
Infrastructure
Sessions Connected
Average Logon Duration
The Dashboard gives a general overview of the current status of the environment and
allows you to quickly view unusual and irregular activity.
Specifies the order in which XenDesktop attempts to use Universal printer drivers,
beginning with the first entry in the list. Drivers can be added, edited, or removed and
the order of the drivers in the list can be changed.
The diagram show the UPD components and a typical work flow for a printer locally
attached to a device.
The Universal Print Server provides universal printing support for network printers.
The Universal Print Server uses the Universal Printer Driver, which is installed with XenDesktop.
Citrix recommends the Citrix Universal Print Server for remote print server scenarios.
Universal printing image compression limit defines the maximum quality and the
minimum compression level available for images printed with the Universal print driver.
By default, the image compression limit is set to Best Quality (lossless compression).
Universal printing print quality limit specifies the maximum dots per inch (dpi) available
for generating printed output in the session. BY default, no limit is specified.
The Printer redirection bandwidth limit setting specifies the bandwidth available for
printing in kilobits per second (Kbps).
The Printer redirection bandwidth limit setting limits the bandwidth available for
printing to a percentage of the overall bandwidth available.
Updating vDisks
A vDisk update delivers new versions of a vDisk to all target devices without creating and
imaging an entirely new vDisk. Another4 advantage of performing a vDisk update, rather than
creating a new vDisk, is that target devices do not need to be reconfigured to use a new vDisk.
A vDisk update can be used to add or remove third-party software applications or files to or
form a vDisk Enabling vDisk updates requires configuring settings in the properties of both the
server and the vDisk.