You are on page 1of 77

Citrix

HDX for Dummies


version 2.3
Written by Alexander Ervik Johnsen
Citrix Technology Professional (CTP)
VMware vExpert
Nutanix NSEN
Igel Insider
www.ervik.as



Table of Contents
About the author .......................................................................................................................................... 2
Changelog ..................................................................................................................................................... 3
Credits .......................................................................................................................................................... 3
Introduction ................................................................................................................................................. 4
Background .................................................................................................................................................. 4
What is HDX Technology .............................................................................................................................. 4
Citrix Receiver .............................................................................................................................................. 5
FrameHawk .................................................................................................................................................. 6
HDX RichGraphics / 3D Background ........................................................................................................... 18
HDX 3D Pro ................................................................................................................................................. 19
NVIDIA GRID Technology ............................................................................................................................ 23
AMD GPU Graphics .................................................................................................................................... 35
HDX Adaptive Transport Protocol .............................................................................................................. 36
HDX Adaptive Display v2 ............................................................................................................................ 37
HDX Plug-n-play .......................................................................................................................................... 41
HDX Broadcast ............................................................................................................................................ 43
HDX Mobile ................................................................................................................................................ 43
HDX WAN Optimization ............................................................................................................................. 44
HDX SoC ...................................................................................................................................................... 45
HDX MediaStream Flash Redirection ......................................................................................................... 46
HDX MediaStream HTML 5 Multimedia redirection .................................................................................. 58
HDX IntelliCache ......................................................................................................................................... 62
HDX Adaptive Orchestration ...................................................................................................................... 63
HDX RealTime Optimization Pack 2.0 for Skype for Business .................................................................... 64
HDX Thinwire ( Thinwire + / Plus ) .............................................................................................................. 70
Multi-Stream and Multi-Port ICA ............................................................................................................... 72
Policy Templates ........................................................................................................................................ 75
Summary .................................................................................................................................................... 76



ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 1


About the author

Alexander Ervik Johnsen is a Senior Solution Architect, Technology Evangelist, Author and Speaker,
based in Oslo - Norway. Alexander has been working with Microsoft and Citrix products since 1997 as a
senior consultant, and Solution Architect. He now works for the Citrix VAD Reseller, ArrowECS in Norway
as a Product Manager Citrix and Nutanix / Senior Solution Architect. In his role he primarily work as a
pre-sale and travel around Norway and Europe evangelizing Citrix, Nutanix, Cloud, Virtualization, Thin
clients and 3 party solutions.

In previous jobs, he worked with both small and large scale Citrix and Application Delivery
implementations, both in Norway and Europe.
Alexander is also a speaker, speaking at both Norwegian events such as Citrix User Group Norway ,
partner events and Roadshows across Norway. Alexander has also been speaking at Citrix Synergy
events in both the United States of America and Europe. Alexander is also the owner of the well-known
website: www.ervik.as – Alexander is also a Citrix Certified Instructor ( CCI ).

In May 2008, he was awarded Citrix Technology Professional (CTP), which is a true honor for him, since
Citrix, Virtualization, Cloud and Application Delivery is his big passion in this industry.



Alexander also holds a degree in Information Technology from the The Norwegian School of Information
Technology(NITH) , and industry certifications from Citrix CCP-V, CCA-N and Microsoft MCSA.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 2


Changelog
Version Date Author Reviewer Notes
1.0 26.06.2014 Alexander Ervik Johnsen Timco Hazelaar
Douglas Brown
2.0 21.07.2015 Alexander Ervik Johnsen -
2.1 20.02.2016 Alexander Ervik Johnsen -
2.2 18.05.2016 Alexander Ervik Johnsen Added 2016 stuff
2.3 15.06.2016 Alexander Ervik Johnsen - Added 7.15 HDX

Credits
I want to give a shout out to the following industry leaders for reviewing this eBook and giving me
feedback that made this eBook as good as it could be! Without their review of this eBook, it would have
turned out different from the result, which I hopefully think you like.

Timco Hazelaar from Thipc.com

Douglas Brown from DABCC Inc


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 3


Introduction

The Citrix HDX technologies is nothing new to XenApp and XenDesktop products. IT organizations are
faced with the challenge of providing a virtual computing experience for employees that is the same or
better than that of a local PC, regardless of whether users are accessing their virtual desktops from
corporate owned devices or BYO mobile devices, whether from challenging, low bandwidth high latency
WANS, highly variable 3G/4G mobile networks or a reliable corporate network (LAN).Some virtual
desktop solutions take a narrow approach to this problem, relying on point technologies that work only
under a limited set of conditions. Only Citrix HDX technologies addresses the networking and application
delivery challenges virtual desktop computing brings. With HDX technologies, Citrix XenDesktop and
XenApp delivers a brilliant user experience on a wide variety of devices, equaling or surpassing the local
PC experience.

This eBook provides an overview of HDX capabilities and its benefits for users and IT administrators.

Background
This free eBook will guide you through the different HDX Technologies, what they can do, and what they
mean for the overall implementation of Citrix XenApp, XenDesktop and NetScaler technologies. In
addition, a vital part to get the HDX Technology to work is the Citrix Receiver.

What is HDX Technology


Citrix HDX technology is a set of capabilities that work together to deliver a high-definition user
experience of virtual desktops and applications to any device over any network from the data center or
cloud. The goal of Citrix HDX technology is to ensure that XenDesktop and XenApp users receive a high
definition desktop virtualization user experience similar to that achieved with traditional desktop
computers. HDX Technology incorporates different and several types of technology.

Citrix HDX includes a broad set of technologies that reside across the entire end-to-end delivery system.
HDX in the datacenter leverages the processing power and scalability of servers to deliver advanced
graphical and multimedia performance, regardless of the capabilities of the endpoint device. HDX on the
network incorporates advanced optimization and acceleration capabilities such as the Citrix ICA® virtual
delivery protocol and other third-party technologies to deliver a great user experience over any
network, including for remote desktop access over high-latency, low-bandwidth environments. HDX at
the device leverages the computing capacity of endpoint devices to enhance user experience in the
most efficient way possible.


In this eBook, I will guide you through the different types of HDX technologies and explain what they do.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 4


Citrix Receiver
Citrix Receiver is a free download designed as an integral component for VDI-in-a-Box, XenDesktop and
XenApp installations. Citrix Receiver is a universal software client that provides secure, high-
performance delivery of virtual desktops and applications.

This easy-to-install software client lets you access your applications, desktops and data easily and
securely from any device, including smartphones, tablets, PCs and Macs. Working with a Citrix-enabled
IT infrastructure, Receiver gives you the mobility, convenience and freedom you need to get your work
done.

Citrix Receiver provides end users with:

• Simple, self-service access to virtual desktops, applications, and IT services


• Hi-definition user experience on any network or device
• Instant updates to users with IT control and visibility
• Easier management of Enterprise data, apps, desktops, and SaaS apps through secure,
centralized deployment to any user device

Citrix Receiver Plug-ins, such as the Offline Plug-in, provide advanced features and capabilities. Citrix
Receiver Updater for Windows, Receiver Updater for Mac, and Merchandising Server are components
that streamline the installation and management of Citrix Receiver on the user desktops. Merchandising
Server provides the administrative interface for configuring, delivering, and upgrading plug-ins for your
users' computers.

For a complete feature list-> http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-receiver-feature-matrix.pdf



Citrix Receiver and HDX RealTime Media Engine 2.0 for Windows

Please note if you hold a valid mycitrix.com account and have a Enterprise or Platinum version of
XenApp or XenDesktop, then you will now also find the Citrix Receiver now also features a version which
has a built in Optimization Pack for Skype you can find it here:

https://www.citrix.com/downloads/citrix-receiver/additional-client-software/hdx-realtime-media-engine-20.html


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 5


FrameHawk

With the release of XenApp and XenDesktop 7.6 Feature Pack 2, Citrix has introduced their Framehawk
technology. Framehawk is a new ICA virtual channel extending the Citrix HDX technologies. These
technologies are a set of capabilities that work together to deliver a high definition in-session user
experience of virtual desktops and applications for users running Citrix Receiver. The Framehawk virtual
channel optimizes the delivery of virtual desktops and applications to users on broadband wireless
connections, when high packet loss or congestion occurs. You can use Citrix Policies to implement either
Framehawk or Thinwire (enabled by default) for a set of users in a way that is appropriate for your
network characteristics and is aligned with overall scalability and performance expectations.

What issues Framehawk addresses

With a growth of the mobile workforce has enabled productivity from anywhere, anytime, which allows
access to business resources inside or outside the physical office. Technologies such as Citrix HDX are
designed to maintain the same level of user experience, whether on remote connection, or on a direct,
wired, connection to the office network. These technologies are pushed to their limits when mobile
users connect over WiFi and cellular networks where issues such as intermittent or poor connectivity
exist due to network congestion, high packet loss or high latency. Due to retransmissions and time-outs
on such networks, pages take longer to load, the connection is frequently disrupted, and user inputs fail
to register. Framehawk is resilient to such conditions and maintains a smooth user experience where
other technologies start to falter.

Framehawk is a display remoting technology for mobile workers on broadband wireless connections
(Wi-Fi and 4G/LTE cellular networks). Framehawk overcomes the challenges of spectral interference and
multipath propagation, delivering a fluid and interactive user experience to users of virtual apps and
desktops. Framehawk might be a suitable choice for users on long-haul (high latency) broadband
network connections where a small amount of packet loss can degrade the user experience. We suggest
using adaptive transport for this use case - for more information, see Adaptive transport.

You can use Citrix policy templates to implement Framehawk for a set of users and access scenarios in a
way that is appropriate for your organization. Framehawk targets single-screen mobile use cases such as
laptops and tablets. Use Framehawk where the business value of real time interactive performance
justifies the extra cost in server resources and the requirement for a broadband connection.

How Framehawk maintains a smooth user experience

Think of Framehawk as a software implementation of the human eye, looking at what's in the frame
buffer and discerning the different types of content on the screen. What's important to the user? When
areas of the screen are changing rapidly, like video or moving graphics, it doesn't matter to the human
eye if some pixels are lost because they are quickly overwritten with new data.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 6


But when it comes to static areas of the screen, such as the icons in the notification area or a toolbar, or
text after scrolling to where the user wants to start reading, the human eye is fussy. A user expects
those areas to be pixel perfect. Unlike protocols aiming to be technically accurate from a ones and
zeros perspective, Framehawk aims to be relevant to the human being who is using the technology.

Framehawk includes a next-generation Quality of Service signal amplifier plus a time-based heat map for
a finer-grained and more efficient identification of workloads. It uses autonomic, self-healing transforms
in addition to data compression, and avoids retransmission of data to maintain click response, linearity,
and a consistent cadence. On a lossy network connection, Framehawk can hide loss with interpolation,
and the user still perceives good image quality while enjoying a more fluid experience. In addition,
Framehawk algorithms intelligently distinguish between different types of packet loss. For example,
random loss (send more data to compensate) versus congestion loss (don't send more data because the
channel is already clogged).

The Framehawk Intent Engine in Citrix Receiver distinguishes between scrolling up or down, zooming,
moving to the left or right, reading, typing, and other common actions. The engine also manages the
communication back to the Virtual Delivery Agent (VDA) using a shared dictionary. If the user is trying to
read, the visual quality of the text must be excellent. If the user is scrolling, it must be quick and smooth.
And it has to be interruptible, so that the user is always in control of the interaction with the application
or desktop.

By measuring cadence on the network connection (gearing, analogous to tension on a bicycle chain), the
Framehawk logic reacts more quickly, providing a superior experience over high latency connections.
This unique and patented gearing system provides constant up-to-date feedback on network conditions,
allowing Framehawk to react immediately to changes in bandwidth, latency, and loss.

Design considerations using Thinwire and Framehawk

While Thinwire has led the industry in bandwidth efficiency and is suited to a broad range of access
scenarios and network conditions, it uses TCP for reliable data communications. Therefore, it must
retransmit packets on a lossy or overburdened network, leading to lag in the user experience. Thinwire
over an enlightened data transport (EDT) layer is available, addressing the limitations of TCP on high
latency network connections.

Framehawk uses a data transport layer built on top of (User Datagram Protocol (UDP). UDP is a small
part of how Framehawk overcomes lossiness, as you can see when comparing the performance of
Framehawk with other UDP-based protocols. UDP provides an important foundation to the human-
centric techniques that set Framehawk apart.

How much bandwidth does Framehawk require?

The meaning of broadband wireless depends on several factors, including how many users are sharing
the connection, the quality of the connection, and apps being used. For optimal performance, Citrix
suggests a base of 4 Mbps or 5 Mbps plus about 150 Kbps per concurrent user.

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 7


Our bandwidth recommendation for Thinwire is generally a base of 1.5 Mbps plus 150 Kbps per user. For
details, see the XenApp and XenDesktop bandwidth blog). At 3% packet loss, you will find that Thinwire
over TCP needs much more bandwidth than Framehawk to maintain a positive user experience.

Thinwire remains the primary display remoting channel in the ICA protocol. Framehawk is disabled by
default. Citrix recommends enabling it selectively to address the broadband wireless access scenarios in
your organization. Remember that Framehawk requires considerably more server resources (CPU and
memory) than Thinwire.

Framehawk and HDX 3D Pro

Framehawk supports all the HDX 3D Pro use cases, both for XenApp (Server OS) and XenDesktop
(Desktop OS) apps. It was validated in customer environments with 400-500 ms latency and 1-2% packet
loss. Thus, providing good interactivity using typical 3D modeling apps such as AutoCAD, Siemens NX,
and others. This support extends the ability to view and manipulate large CAD models while on the
move, or working from an offshore location or poor network conditions. (Organizations that have a
requirement to deliver 3D applications over long haul network connections are encouraged to use
adaptive transport. For more information, see Adaptive transport.)

Enabling this functionality doesn't require any additional configuration tasks. When installing the VDA,
select the 3DPro option at the beginning of the installation:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 8


By using this selection, HDX uses the GPU vendor video driver rather than the Citrix video driver. It
defaults to full-screen H.264 encoding over Thinwire rather than the usual default of Adaptive Display
and Selective H.264 encoding.

Requirements and considerations

Framehawk requires minimum VDA 7.6.300 and Group Policy Management 7.6.300.

The endpoint must have a minimum Citrix Receiver for Windows 4.3.100 or Citrix Receiver for iOS 6.0.1.

By default, Framehawk uses a bidirectional User Datagram Protocol (UDP) port range (3224-3324) to
exchange Framehawk display channel data with Citrix Receiver. The range can be customized in a policy
setting called Framehawk display channel port range. Each concurrent connection between the client
and the virtual desktop requires a unique port. For multi-user OS environments, such as XenApp servers,
define sufficient ports to support the maximum number of concurrent user sessions. For a single-user
OS, such as VDI desktops, it is sufficient to define a single UDP port. Framehawk attempts to use the first
defined port, working up to the final port specified in the range. This applies both when passing through
NetScaler Gateway, and internal connections directly to the StoreFront server.

For remote access, a NetScaler Gateway must be deployed. By default, NetScaler uses UDP port 443 for
encrypted communication between the client Citrix Receivers and the Gateway. This port must be open
on any external firewalls to allow secure communication in both directions. The feature is known as
Datagram Transport Security (DTLS).

Note: Framehawk/DTLS connections are not supported on FIPS appliances.

Encrypted Framehawk connections are supported, starting with NetScaler Gateway version 11.0.62 and
NetScaler Unified Gateway version 11.0.64.34 or later.

NetScaler High Availability (HA) is supported from XenApp and XenDesktop 7.12.

Consider the following best practices before implementing Framehawk:

• Contact your Security administrator to confirm UDP ports defined for Framehawk are open on
the firewall. The installation process does not automatically configure the firewall.

• Often, NetScaler Gateway might be installed in the DMZ, flanked by firewalls on both the
external and the internal side. Ensure UDP port 443 is open on the external firewall. Ensure UDP
ports 3224-3324 are open on the internal firewall if the environment is using the default port
ranges.

Configuration

Caution: Citrix recommends that you enable Framehawk only for users who are likely to experience high
packet loss. We also recommend that you do not enable Framehawk as a universal policy for all objects
in the Site.

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 9


Framehawk is disabled by default. When enabled, the server attempts to use Framehawk for user
graphics and input. If the prerequisites are not met for any reason, the connection is established using
the default mode (Thinwire).

The following policy settings affect Framehawk:

• Framehawk display channel: Enables or disables the feature.

• Framehawk display channel port range: Specifies the range of UDP port numbers (lowest port
number to highest) that the VDA uses to exchange Framehawk display channel data with the
user device. The VDA attempts to use each port, starting at the lowest port number and
incrementing for each subsequent attempt. The port handles inbound and outbound traffic.

Opening ports for the Framehawk display channel

From XenApp and XenDesktop 7.8, an option is available to reconfigure the Firewall during
the Features step of the VDA installer. This check box opens UDP ports 3224-3324 on the Windows
Firewall, if selected. Manual Firewall configuration is required in some circumstances:

• For any network Firewalls.


or

• The default port range is customized.

To open these UDP ports, select the Framehawk check box:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 10

You can also use the command line to open UDP ports for Framehawk
using /ENABLE_FRAMEHAWK_PORT:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 11

Verifying Framehawk UDP port assignments

During installation, you can verify the UDP ports assigned to Framehawk in the Firewall screen:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 12

The Summary screen indicates if the Framehawk feature is enabled:

NetScaler Gateway support for Framehawk

Encrypted Framehawk traffic is supported on NetScaler Gateway 11.0.62.10 or later, and NetScaler
Unified Gateway 11.0.64.34 or later.

• NetScaler Gateway refers to the deployment architecture where the Gateway VPN vServer is
directly accessible from the end user device. That is, the VPN vServer has a public IP address
assigned and the user connects to this IP address directly.

• NetScaler with Unified Gateway refers to the deployment where the Gateway VPN vServer is
bound as a target to the Content Switching vServer (CS). In this deployment, CS vServer has the
public internet protocol address and the Gateway VPN vServer has a dummy internet protocol
address.

To enable Framehawk support on NetScaler Gateway, the DTLS parameter on the Gateway VPN vServer
level must be enabled. After the parameter is enabled and the components on XenApp or XenDesktop
are updated correctly, Framehawk audio, video, and interactive traffic is encrypted between the
Gateway VPN vServer and the user device.

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 13


NetScaler Gateway, Unified Gateway, and NetScaler Gateway + global server load balancing are
supported with Framehawk.

The following scenarios are not supported with Framehawk:

• HDX Insight

• NetScaler Gateway in IPv6 mode

• NetScaler Gateway Double Hop

• NetScaler Gateway with Cluster setup

Scenario Framehawk support

NetScaler Gateway Yes

NetScaler + global server load balancing Yes

Yes
NetScaler with Unified Gateway Note: Unified Gateway version 11.0.64.34 and later is
supported.

HDX Insight No

NetScaler Gateway in IPv6 mode No

NetScaler Gateway Double Hop No

Multiple Secure Ticket Authority (STA) on NetScaler


Yes
Gateway

NetScaler Gateway and High Availability (HA) Yes

NetScaler Gateway and Cluster setup No

Configuring NetScaler for Framehawk support

To enable Framehawk support on NetScaler Gateway, enable the DTLS parameter on the Gateway
VPN vServer level. After the parameter is enabled and the components on XenApp or XenDesktop are
updated correctly, Framehawk audio, video, and interactive traffic is encrypted between the Gateway
VPN vServer and the user device.

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 14


This configuration is required if you are enabling UDP encryption on NetScaler Gateway for remote
access.

When configuring NetScaler for Framehawk support:

• Ensure UDP port 443 is open on any external firewalls

• Ensure CGP port (default 2598) is open on any external firewalls

• Enable DTLS in the settings for the VPN virtual server

• Unbind and rebind the SSL cert-key pair. This step is not required if you are using NetScaler
version 11.0.64.34 or later.

To configure NetScaler Gateway for Framehawk support:

1. Deploy and configure NetScaler Gateway to communicate with StoreFront and authenticate
users for XenApp and XenDesktop.

2. In the NetScaler Configuration tab, expand NetScaler Gateway, and select Virtual Servers.

3. Click Edit to display Basic Settings for the VPN Virtual Server; verify the state of the DTLS setting.

4. Click More to display more configuration options:

5. Select DTLS to provide communications security for datagram protocols such as Framehawk.
Click OK. The Basic Settings area for the VPN Virtual Server shows that the DTLS flag is set
to True.

6. Reopen the Server Certificate Binding screen, and click + to bind the certificate key pair.

7. Choose the certificate key pair from earlier, click Select.

8. Save the changes to the server certificate binding.

9. After saving, the certificate key pair appears. Click Bind.

10. Ignore the No usable ciphers configured on the SSL vserver/service warning message, if it
appears.

Steps for older NetScaler Gateway versions

If you are using a version of NetScaler Gateway older than 11.0.64.34:

1. Reopen the Server Certificate Binding screen, and click + to bind the certificate key pair.

2. Choose the certificate key pair from earlier, click Select.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 15


3. Save the changes to the server certificate binding.

4. After saving, the certificate key pair appears. Click Bind.

5. Ignore the No usable ciphers configured on the SSL vserver/service warning message, if it
appears.

To configure Unified Gateway for Framehawk support:

1. Ensure that Unified Gateway is installed and properly configured. For additional information,
see Unified Gateway information on the Citrix Product Documentation site.

2. Enable the DTLS parameter on the VPN vServer, which is bound to CS vServer as Target vServer.

Limitations

If there are stale DNS entries for the NetScaler Gateway virtual server on the client device, adaptive
transport and Framehawk might fall back to TCP transport instead of UDP transport. If fallback to TCP
transport occurs, flush the DNS cache on the client and reconnect to establish the session using UDP
transport.

Support for other VPN products

NetScaler Gateway is the only SSL VPN product to support the UDP encryption required by Framehawk.
If another SSL VPN or an incorrect version of NetScaler Gateway is used, the Framehawk policy might fail
to apply. Traditional IPsec VPN products support Framehawk without any modifications.

Configure Citrix Receiver for iOS to support Framehawk

To configure older versions of Citrix Receiver for iOS to support Framehawk, you must manually edit
default.ica.

1. On the StoreFront server, access the App_Data directory of your store in c:\inetpub\wwwroot\.

2. Open the default.ica file and add the following line in the WFClient section: Framehawk=On

3. Save the changes.

This procedure allows Framehawk sessions to be established from a compatible Citrix Receiver on iOS
devices. This step is not required if you are using Citrix Receiver for Windows.

Note

When using Citrix Receiver for iOS version 7.0 and later, you do not have to add the
parameter Framehawk=On explicitly in the default.ica file.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 16


Monitoring Framehawk

You can monitor the use and performance of Framehawk from Citrix Director. The HDX Virtual Channel
Details view contains useful information for troubleshooting and monitoring Framehawk in any session.
To view Framehawk related metrics, select Graphics-Framehawk.

If the Framehawk connection is established, you see Provider = VD3D and Connected = True in the
details page. It is normal for the virtual channel state to be idle, because it monitors the signaling
channel, which is used only during the initial handshake. This page also provides other useful statistics
about the connection.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 17


HDX RichGraphics / 3D Background

Citrix has more experience in 3D graphics remoting than any other vendor in our space. Enable secure,
real-time, remote collaboration on design data with stunning performance by centrally hosting 3D apps
and data with XenDesktop and XenApp with HDX 3D Pro. Back in 2006 their K2 technology was
developed for Boeing, enabling Dassault CATIA to be delivered to Dreamliner (787) design engineers
around the world. After the introduction of XenDesktop, Citrix brought GPU-accelerated 3D graphics
remoting to General Availability in 2009 with the introduction of XenDesktop HDX 3D Pro. At that time,
the solution required a blade workstation for each user. In 2010, Citrix introduced high performance
GPU Sharing for DirectX based applications, driving down cost per user. 2011 saw the introduction of the
first GPU Pass-through technology to the market as part of XenServer 6.0. This allowed customers to
install multiple GPUs on the server, again bringing down the cost per user. And in 2012 Citrix introduced
XenDesktop 5.6 Feature Pack 1 which was the first product to leverage NVIDIA’s VGX API (rebranded as
GRID in 2013) for direct GPU frame buffer access, resulting in an even more responsive user experience.
2012 also saw improvements to their H.264-based Deep Compression technology for delivering 3D
graphics over bandwidth-constrained WAN connections. 2013 and 2014 is the year of high density, high
performance GPU sharing for OpenGL and DirectX.

In the past, virtualizing design/engineer workstations and line of business, graphics-intensive


applications such as CAD/CAM was never seriously considered due to existing technology limitations.
Today, by leveraging various recent software virtualization advancements, many organizations have
begun to successfully virtualize their high-end graphics apps.

In an increasingly global economy, companies are looking to improve time-to-market by securely


collaborating and managing design lifecycles with offshore, mobile and remote employees while
maintaining secure control over intellectual property. Organizations are seeing desktop virtualization as
an enabling technology to accomplish these dual goals. Leveraging XenDesktop with HDX 3D pro for
application and workstation virtualization, with its advancements in deep compression to improve
utilization of network bandwidth, and the latest XenServer integrations of GPU acceleration technology
for virtualized environments from Nvidia, Citrix is demonstrating a leadership position in addressing this
underserved high-end 3D graphics applications segment.

Key Points: There are many business drivers influencing the trend to virtualize high-end graphics
applications such as CAD/CAM including:

• The need to leverage a global talent base The need to secure product design IP

• The need to extend mobile device access to users viewing, presenting design models

• The need to improve time to market and be more cost efficient


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 18


HDX 3D Pro
HDX 3D Pro is a set of graphics acceleration technologies designed to optimize the virtualization of rich
graphics apps. HDX 3D Pro is a feature of XenDesktop Enterprise and Platinum editions that enables you
to deliver workstations and applications that perform best with a graphics processing unit (GPU) for
hardware acceleration, including 3D professional graphics applications based on OpenGL and DirectX.

With HDX 3D Pro, you can use XenDesktop to deliver complex interactive graphics over wide area
network (WAN) connections with bandwidths as low as 1.5Mbps using various deep compression CPU
and GPU techniques.

On local area network (LAN) connections, HDX 3D Pro enables you to replace complex and expensive
workstations with much simpler user devices, moving the graphics processing into the data center for
centralized management.
You can use HDX 3D Pro to virtualize, for example, tools for computer-aided design, manufacturing, and
engineering (CAD/CAM/CAE), geographical information system (GIS) software, and picture archiving and
communication system (PACS) workstations for medical imaging. Applications using the latest OpenGL,
DirectX, NVIDIA CUDA, and OpenCL and WebGL versions.

Computationally intensive non-graphical applications that use NVIDIA Compute Unified Device
Architecture (CUDA) GPUs for parallel computing


Use HDX 3D Pro graphic acceleration technologies with:

• Computer-aided design, manufacturing, and engineering (CAD/CAM/CAE) applications


• Geographical information system (GIS) software
• Picture Archiving Communication System (PACS) workstations for medical imaging
• Latest OpenGL, DirectX, CUDA and CL versions supported
• Latest NVIDIA Grid cards

HDX 3D pro now has the following new capabilities built in:

• Self-tuning codec technology


o Adaptive Display automatically detects transient and/or video images
o Image quality dynamically adapts to network bandwidth
o Fine Drawing codec eliminated; improved H.264 codec performs much better
• HDX 3D Pro now available for Windows Server RDS workloads
o Adaptive H.264-based Deep Compression
o GPU acceleration and sharing for OpenGL and DirectX (including WPF), plus experimental
support for CUDA and OpenCL

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 19


o Faster frame rate at higher resolutions compared to XenApp 6.5 GPU Sharing
• Auto screen resolution detection
o No longer necessary to disconnect /reconnect when changing resolution J

• 5 versions of Receiver now include decoding of Deep Compression


o Windows, Linux, iOS, Mac, Android
• HDX Monitor now reports on HDX 3D Pro
o Details on fps, codec, performance
o Replaces previous HDX 3D Pro Health Check Tool
• Quad monitor support
o Not a hard limit but we tested with up to 4 monitors with good performance

HDX 3D Pro is compatible with GPU passthrough and GPU virtualization technologies offered by the
following hypervisors, in addition to bare metal:

• Citrix XenServer

• GPU passthrough with NVIDIA GRID and Intel GVT-d

• GPU virtualization with NVIDIA GRID and Intel GVT-g

• Microsoft Hyper V

• GPU passthrough (Discrete Device Assignment) with NVIDIA GRID and AMD

• VMware vSphere

• GPU passthrough (vDGA) with NVIDIA GRID, Intel, and AMD IOMMU

• GPU virtualization with NVIDIA GRID and AMD MxGPU

• Nutanix AHV

• GPU virtualization passthrough -> NVIDIA GRID M10 and M60 are compatible with
Nutanix NX-3155 and NX-3175 series. Please not that running XenServer or VMWare
ESXi supports the same as native XenServer and VMware ESXi.

• Nutanix has announced vGPU support in their upcoming release for later in 2017.

For the supported XenServer versions, see Citrix XenServer Hardware Compatibility List.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 20


HDX 3D Pro provides 2 types of Deep Compression options – CPU based or GPU based.

CPU-based deep compression -> In June 2012, Citrix released the latest HDX 3D Pro VDA which includes
advancements in CPU compression and is designed to offload compression processing from the GPU.
This gives us the following an advantage that you can use a less expensive GPU card if you choose and
the GPU processing can focus on graphics command delivery for better graphics performance. With the
CPU deep compression codec, it is possible to achieve good performance with as little as 1.5 Mbps of
bandwidth.

GPU-based deep compression -> GPU-based compression is advantageous on servers with limited CPU
resources. To leverage our GPU-based deep compression codec, the host workstation in the data center
must be equipped with NVIDIA graphics card with at least 96 CUDA cores (128 or more recommended).

Fine drawing codec -> HDX 3D Pro also includes a fine drawing codec for rendering fine detail graphics
and images.

Lossless compression -> HDX 3D Pro supports lossless compression, which enables you to deliver pixel-
perfect images for applications such as medical imaging.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 21


VDI or RDS/XenApp

So, when do you choose which HDX 3D Pro technology? Good question and it all comes down to the
user needs and if the application will work in a multi user environment RDS/XenApp. While in most
cases, XenApp will do the trick, and is far more cost efficient, some applications will just not work in a
XenApp multi user environment. The latter might need xxx CUDA cores, to render stuff, and then it will
be the best bet to go with VDI. So, the question what should we choose, really comes down to 2 things:

1. Will the application work in a XenApp environment? – Many 3D applications has usb
keys with licenses on them to get the app running, will this work? Does the application
support the amount of users that you need pr XenApp host?
2. User needs – what is the user doing? Is he rendering stuff? On the other hand, are they
just viewing 3d cad models? Find out the user pattern for the app in question!


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 22


NVIDIA GRID Technology

The Grid technology from NVIDIA is a result in several years of development between Citrix and
NVIDIA. The NVIDIA GRID portfolio of technologies leverages the power of the GPU and the
world's best graphics applications to deliver GPU-accelerated applications and games over the
network to any user. NVIDIA GRID GPUs are based on the NVIDIA Kepler™ GPU architecture,
delivering fast, reliable, energy-efficient performance.

This architecture's virtualization capabilities lets multiple users simultaneously share GPUs with
ultra-fast streaming display capability that eliminates lag, making a remote data center feel like
it's next door. NVIDIA GRID software is a complete stack of GPU virtualization, remoting and
session-management libraries that allows multiple users to experience graphics-intensive
desktops, applications and games using GPUs. This enables exceptional capture, efficient
compression, fast streaming, and low-latency display of high-performance games and
enterprise applications.

NVIDIA GRID™ vGPU™ brings the full benefit of NVIDIA hardware-accelerated graphics to
virtualized solutions. This technology provides exceptional graphics performance for virtual
desktops equivalent to local PCs when sharing a GPU among multiple users.

GRID vGPU is the industry's most advanced technology for sharing true GPU hardware
acceleration between multiple virtual desktops—without compromising the graphics
experience. Application features and compatibility are exactly the same as they would be at the
desktop in the office.

With GRID vGPU technology, the graphics commands of each virtual machine are passed
directly to the GPU, without translation by the hypervisor. This allows the GPU hardware to be
time-sliced to deliver the ultimate in shared virtualized graphics performance.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 23




VGPU PROFILES MEAN CUSTOMIZED, DEDICATED GRAPHICS MEMORY

Take advantage of vGPU Manager to assign just the right amount of memory to meet the specific needs
of each user. Every virtual desktop has dedicated graphics memory, just as if they would at their desk, so
they always have the resources they need to launch and use their applications.

vGPU Manager enables up to eight users to share each physical GPU, assigning the graphics resources of
the available GPUs to virtual machines in a balanced approach. Each NVIDIA GRID K1 card has up to four
GPUs, allowing 32 users to share a single card.

GRID K1 Virtual GPU Types


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 24


GRID K2 Virtual GPU Types

Tesla M60 Virtual GPU Types


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 25


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 26


TESLA M10 Virtual GPU Types


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 27


Tesla M6 Virtual GPU Types

GRID vGPU is a licensed feature on Tesla M6, Tesla M10, and Tesla M60. A software license is required to use
full vGPU features within the guest VM. Virtualized applications are rendered in an off-screen buffer.
Therefore, the maximum resolution for the A series of GRID vGPUs is independent of the maximum
resolution of the display head. GRID vGPUs with less than 1 Gbyte of frame buffer support only 1 virtual
display head on a Windows 10 guest OS.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 28


The GRID K100 and K200 GPU profiles are designed for the lighter graphics workloads associated with
the applications that knowledge workers and power users use most of their time. These include
Windows 8.1, Windows 7 with Aero enabled, viewing rich web content such as Adobe Flash or HTML 5,
or simply getting the full interactive experience of Microsoft Office (PowerPoint, Excel, Word). To
understand more about the graphics requirements of your applications, consult your application vendor.
Each GPU within a system must be configured to provide a single vGPU profile, however separate GPU’s
on the same GRID board can each be configured separately. For example, a single K2 board could be
configured to serve eight K200 enabled VM’s on one GPU and two K260Q enabled VM’s on the other
GPU. The key to efficient utilization of a system’s GRID resources requires understanding the correct end
user workload to properly configure the installed GRID cards with the ideal vGPU profiles maximizing
both end user productivity and vGPU user density.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 29


How to Install NVIDIA GRID vGPU on XenServer

1. Make sure you have configured XenServer 6.5 SP1 and XenDesktop 7.9 or XenApp 7.9
Visit www.citrix.com/go/vgpu for more information.
2. Download the NVIDIA GRID vGPU Software by visiting www.nvidia.com/drivers and selecting:
a. Product Type: GRID.
b. Product Series: NVIDIA GRID vGPU.
c. Product: GRID K1 or K2.
3. The GRID vGPU software package includes:
a. Release Notes
b. GRID vGPU User Guide
c. GRID vGPU Manager
d. Driver for GRID K1 or K2
4. Installing the NVIDIA Virtual GPU Manager for XenServer. The NVIDIA Virtual GPU Manager runs
in XenServer's Control Domain (dom0). If it is provided as an RPM file, which must be copied to
XenServer's dom0 and then installed. To do this:

5. Use the rpm command to install the package:
[root@xenserver ~]# rpm -iv NVIDIA-vgx-xenserver -6.5-331.59.i386.rpm
Preparing packages for installation…
NVIDIA-vgx-xenserver-6.2-331.59.i386.rpm
[root@xenserver1~]
6. Reboot the XenServer host:
[root@xenserver1~]# shutdown -r now
Broadcast message from root (pts/1) Wed Sept 25 13:05:31 2013):
[root@xenserver1
7. After the XenServer host has rebooted, verify that the GRID package has installed and loaded
Correctly by checking for the NVIDIA kernel driver in the list of kernel loaded modules:
[root@xenserver1~]#lsmod |grep nvidia
nvidia 9656305 256
i2c_core 20294 1 nvidia
[root@xenserver ~]#
Note: If at this stage, the NVIDIA module (nvidia) is not loaded correctly,
refer to CTX139834 for troubleshooting.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 30


8. Verify that the NVIDIA kernel driver can successfully communicate with the GRID physical GPUs
in your host by running the nvidia-smi command, which produces a listing of the GPUs in your
platform similar to:


9. When successful you should have something in the line of this under the GPU tab in XenCenter.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 31


10. Now, you are ready to create a vGPU enabled Virtual Machine


11. Now, that you’ve created the new VM and have done the setup of your preferred OS, you need
to install the 32- or 64-bit NVIDIA Windows driver package in the VM and run setup.exe file that
came with the package.


If the installer comes up with a message about that a NVIDIA card is not found then you need to
troubleshoot the install process.
12. Now you need to install XenTools, choose it from the XenCenter and follow the onscreen
instructions.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 32


13. Also check the Delivery Controller and Policies – Check that the HDX 3D Pro stuff is set.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 33


14. Install the VDA of choice. Please note that if you are installing a VDI, with windows 7 or
Windows 8, you will have the option to choose HDX 3D Pro during install:


PLEASE NOTE THAT THIS IS THE SAME FOR XA/XD 7.x also for 7.15!

15. Done!

Please note that the NVIDIA GRID™ vGPU™ is only supported on compatible versions of Citrix XenServer 6.2 and up. Consult Citrix for
compatibility. Also, always check the hcl list for XenServer, to see if your HW or server is supported.

To revert the process, aka uninstall please follow these steps:


root@xenserver10 ~]# lsmod | grep nvidia
[root@xenserver10 ~]# rpm -qa | grep NVIDIA
NVIDIA-vgx-312.38-xenserver-6-2
[root@xenserver10 ~]# rpm -ev NVIDIA-vgx-312.38-xenserver-6-2


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 34


AMD GPU Graphics

With XenApp and XenDesktop 7.13 you now have the ability to leverage AMD graphics cards for HDX 3D
also. Citrix-certified hardware.

AMD FirePro™ S-series server cards support Citrix XenServer and enable IT to create virtual
environments for power users with dedicated graphics in a model with one server card per virtual
machine. To ensure AMD FirePro S-series cards and workstation systems are compatible with Citrix
XenServer, the server cards and systems are thoroughly vetted and tested for compatibility, reliability
and performance by Citrix.

HDX 3D Pro now supports AMD GPUs for Desktop OS VDAs. Use HDX 3D Pro graphics acceleration
technologies with AMD Multiuser GPU (MxGPU) on the AMD FirePro S-series server cards. This release
includes support for up to six multi-monitors, console blanking, custom resolution and high frame rate.
This feature is enabled by default and will function as long as the AMD driver is installed and the AMD
API is available.

Note: Server VDI VDA with AMD GPU is not supported by HDX 3D Pro in this release.

System Requirements

• This feature only supports Windows 7 and Windows 10 Desktop OS VDAs. Windows 8/8.1 is not
supported.

• Install the 7.13 Desktop OS VDA with HDX 3D Pro enabled

• Virtualized graphics acceleration is supported with AMD Multiuser GPU (MxGPU) on the AMD
FirePro S-series server cards. For more information, see AMD Virtualization Solution.

Limitations

• AMD MxGPU is available only on VMWare vSphere. XenServer and Hyper-V are supported with
GPU pass-through. For more information on GPU pass-through with XenServer, see Configuring
XenServer 7.0 for Graphics.

For more information se http://www.amd.com/en-us/solutions/professional/virtualization/citrix


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 35

HDX Adaptive Transport Protocol


A new experimental feature, HDX Adaptive Transport, it was released in XenDesktop 7.13.
(Please Note: This feature was introduced in XenApp and XenDesktop 7.12 for evaluation only, to fully
use it you must have XA7XD 7.13)

HDX Adaptive Transport Protocol uses a new protocol called EDT (Enlightened Data Transport) which
allows for use of UDP instead of TCP for ICA sessions. Adaptive transport for XenApp and XenDesktop
optimizes data transport by leveraging a new Citrix protocol called Enlightened Data Transport (EDT) in
preference to TCP whenever possible. Compared to TCP and UDP, EDT delivers a superior user
experience on challenging long-haul WAN and Internet connections, dynamically responding to changing
network conditions while maintaining high server scalability and efficient use of bandwidth. EDT is built
on top of UDP and improves data throughput for all ICA virtual channels, including Thinwire display
remoting, file transfer (Client Drive Mapping), printing, multimedia redirection. When UDP is not
available, adaptive transport automatically reverts to TCP.

This feature also allows for fallback between transport protocols when, for instance, UDP is not available
or it is blocked, the ICA connection will fallback to TCP. Using UDP as transport protocol allows for
remarkable UI responsiveness in high network latency scenarios, and increases the speed of file
transfers and print jobs. The downside with UDP is that the protocol, by default, is connectionless and
therefore might result in packet loss. Citrix however is utilizing an application-based protocol on top of
UDP which is UDT (UDP-based Data Transfer) which provides reliable traffic over UDP.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 36


Adaptive transport for XenApp and XenDesktop optimizes data transport by applying a new Citrix
protocol called Enlightened Data Transport (EDT) in preference to TCP whenever possible. Compared to
TCP and UDP, EDT delivers a superior user experience on long-haul WAN and internet connections. EDT
dynamically responds to changing network conditions while maintaining high server scalability and
efficient use of network capacity. EDT is built on UDP and improves data throughput for all ICA virtual
channels. If UDP is not available, adaptive transport automatically reverts to TCP.

Enable adaptive transport using the HDX Adaptive Transport policy setting. The same setting is
applicable on both LAN and WAN conditions.

To display the transport protocol being used, Director has introduced a new field
labelled, Protocol below the Connection type field in the Session Details section of Client Details page.

• For HDX Connection type,

o the Protocol is displayed as UDP, if EDT is used for the HDX connection.

o the Protocol is displayed as TCP, if TCP is used for the HDX connection.

HDX Adaptive Display v2


Adaptive transport is a new data transport mechanism for XenApp and XenDesktop. It is faster, more
scalable, improves application interactivity, and is more interactive on challenging long-haul WAN and
internet connections. Adaptive transport maintains high server scalability and efficient use of
bandwidth. By using adaptive transport, ICA virtual channels automatically respond to changing network
conditions. They intelligently switch the underlying protocol between the new Citrix protocol called
Enlightened Data Transport (EDT) and TCP to deliver the best performance. It improves data throughput
for all ICA virtual channels including Thinwire display remoting, file transfer (Client Drive Mapping),
printing, and multimedia redirection. The same setting is applicable for both LAN and WAN conditions.

When set to Preferred, data transport over EDT is used as primary, with fallback to TCP.

By default, adaptive transport is disabled (Off) and TCP is always used.

For testing purposes, you can set Diagnostic mode, in which case only EDT is used, and fallback to TCP is
disabled.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 37

Requirements and considerations

• XenApp and XenDesktop 7.13

• VDA for Desktop OS 7.13

• VDA for Server OS 7.13

• StoreFront 3.9

• Citrix Receiver for Windows 4.7

• Citrix Receiver for Mac 12.5

• Citrix Receiver for iOS 7.2

• IPv4 VDAs only. IPv6 and mixed IPv6 and IPv4 configurations are not supported.

• NetScaler 11.1-51.21. For more information on NetScaler configuration, see Configuring


NetScaler Gateway to support Advanced Transport.

Configuration

1. Install XenApp and XenDesktop 7.13.

2. Install StoreFront 3.9.

3. Install the 7.13 VDA (for Desktop OS or Server OS)

4. Install Citrix Receiver for Windows 4.7 (Citrix Receiver for Mac 12.4 or Citrix Receiver for iOS
7.2).


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 38


5. In Studio, enable the policy setting, HDX Adaptive Transport (it is disabled by default). We also
recommend that you do not enable this feature as a universal policy for all objects in the Site.

• To enable the policy setting, set the value to Preferred, then click OK.

• Preferred. Adaptive transport over EDT is used when possible, with fallback to
TCP.

• Diagnostic mode. EDT is forced on and falls back to TCP is disabled. We


recommend this setting only for troubleshooting.

• Off. TCP is forced on, and EDT is disabled.

6. Click Next, and complete the steps in the wizard.

7. The policy takes effect when the user reconnects the ICA session. Though not required, you can
run gpupdate /force to pull the policy setting to the server, but the user still has to reconnect
the ICA session.

8. Launch a session from a supported Citrix Receiver to establish a connection using adaptive
transport.

9. For secure external access, configure DTLS encryption on NetScaler Unified Gateway. For more
information, see Configuring NetScaler Gateway to support Advanced Transport.

To confirm that the policy setting has taken effect:

• Check that the ICA UDP services are enabled on a VDA using netstat -a.

• Check that the virtual channels are running over EDT using Director or
the CtxSession.execommand-line utility available on the VDA.

Director example

In Director, Session Details > Connection Type displays the policy settings. Look for Connection
type HDX. If the protocol is UDP, EDT is active for the session. If the protocol is TCP, the session is in
fallback or default mode. If the Connection type is RDP, ICA is not in use and the protocol is n/a. For
more information, see Monitor sessions.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 39

CtxSession.exe example

This example illustrates that EDT over UDP is active for the session. Type CtxSession.exe in the command
line.

C:\Program Files (x86)\Citrix\System32>CtxSession

Session 2 Transport Protocols: UDP -> CGP -> ICA

To see verbose statistics, use the -v switch:

>CtxSession -v


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 40


OpenGL Software Accelerator

The OpenGL Software Accelerator is a software rasterizer for OpenGL applications such as ArcGIS,
Google Earth, Nehe, Maya, Blender, Voxler, and CAD/CAM applications. Sometimes, the OpenGL
Software Accelerator can eliminate the need to use graphics cards to deliver a good user experience
when using OpenGL applications.

Important

We provide the OpenGL Software Accelerator as is and must be tested using all applications because it
might not support some applications. If the Windows OpenGL rasterizer does not provide adequate
performance, it is a solution to try . If the OpenGL Software Accelerator supports your applications, you
can use it as a way to avoid the cost of GPU hardware.

The OpenGL Software Accelerator is provided in the support folder on the installation media, and is
supported on all valid VDA platforms.

When to try the OpenGL Software Accelerator:

• On servers without graphics processing hardware, and the performance of OpenGL applications
running in virtual machines on XenServer or other hypervisors is an issue. For some applications,
the OpenGL Accelerator outperforms the Microsoft OpenGL software rasterizer that is included
in Windows because the OpenGL Accelerator uses SSE4.1 and AVX. OpenGL Accelerator also
supports applications using OpenGL versions up to 2.1.

• For applications running on a workstation, first try the default version of OpenGL support
provided by the workstation graphics adapter. If the graphics card is the latest version, usually it
delivers the best performance. If the graphics card is an earlier version or does not deliver
satisfactory performance, try the OpenGL Software Accelerator.

• 3D OpenGL applications that are not adequately delivered using CPU-based software
rasterization might benefit from OpenGL GPU hardware acceleration. This feature can be used
on bare metal or virtual machines.

HDX Plug-n-play

HDX Plug-n-Play enables simple connectivity for multi-monitor support, smart card support, special
folder redirection, universal printing, file-type association, and USB support. It also includes local
machine resources capabilities.
These capabilities include:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 41


§ C l i e n t t i m e z o n e s u p p o r t – Automatically adjusts the time zone based on the user’s location
instead of the server’s location.
§ D y n a m i c d i s p l a y r e c o n f i g u r a t i o n – Ensures that the display automatically configures
correctly, when users switch devices or plug in new monitors.
§ F i l e t y p e a s s o c i a t i o n a n d c o n t e n t r e d i r e c t i o n – Configures whether a local or hosted
application should be launched when a file is opened, and where data should be saved.
§ M u l t i - m o n i t o r s u p p o r t – Enables users to have their desktops and applications span across
multiple monitors and screen layouts.
§ P a n n i n g a n d s c a l i n g – Enables users to zoom in and pan on a much larger desktop or application
window while viewing from a smaller display area on their local device.
§ S m a r t C a r d s u p p o r t – Enables the use of a smart card to authenticate user into their desktop
and applications
§ S p e c i a l f o l d e r r e d i r e c t i o n – Enables special folders such as My Documents and Desktop to map
to a user’s session automatically. The application can ask the operating system where an appropriate
location for certain kind of files can be found, regardless of what version, language or operating
system is being used.
§ T W A I N i m a g e s c a n n i n g d e v i c e s u p p o r t – Redirects client-connected TWAIN imaging devices
(like document scanners) from the client to the server, regardless of connection type. This allows
users to control client-attached imaging devices from applications that run on the server; the
redirection is transparent.
§ U n i v e r s a l p r i n t d r i v e r – Provides local printer access on a variety of platforms and accelerates
print jobs while using less bandwidth and memory. Users can access advanced printer functions like
stapling and trays.
§ U S B s u p p o r t – Lets users connect USB devices and use them with their hosted virtual applications
and desktops.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 42


HDX Broadcast
HDX Broadcast ensures reliable, high-performance connectivity over any network with ICA and RDP
protocol support for access with any device.

HDX Mobile
The Mobile SDK for Windows Apps provides a rich toolkit for enterprise Windows / .NET developers to
mobilize existing line of business Windows applications or write new touch-friendly, mobilized
applications that are hosted on Citrix XenApp or XenDesktop and delivered to any mobile device with
Citrix Receiver. These mobilized Windows applications are able to leverage a wide variety of mobile
device functionality including GPS, sensors, cameras, local controls, and device buttons in the same way
that native applications running locally on the mobile device do.

The SDK has over 100 APIs and out-of-the-box support for a number of programming language bindings.
These APIs allow developers to produce mobile-friendly user interfaces for new and existing enterprise
applications that match the capabilities of smartphone and tablet devices.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 43


HDX WAN Optimization
HDX WAN Optimization with CloudBridge reduces bandwidth requirements to support satellite offices
while optimizing the user experience.

Citrix CloudBridge provides a unified platform that accelerates applications across public and private
networks, resulting in superior application performance and end user experience. CloudBridge offers a
broad base of features including protocol acceleration, market-leading optimization for Citrix®
XenDesktop, secure tunnels between enterprise locations and sophisticated quality of service (QoS).
CloudBridge combines these features with extensive bandwidth and application usage reporting for
application optimization giving IT fine-grained control over public and private network resources. With
the option of an integrated Windows Server as well as 3rd party applications, CloudBridge also supports
branch IT consolidation.
Available as a virtual, physical or multi-tenant appliance, CloudBridge provides deployment options that
help improve the user experience, reduce IT capital and operating costs by enabling on-demand network
resource provisioning. With its QoS management capabilities, CloudBridge is not just a network-centric
WAN optimization controller (WOC) infrastructure, but it also supports service management for users

Key Benefits

• Significantly improves Citrix XenDesktop and XenApp capacity and performance over the WAN
• Accelerates enterprise applications and multimedia to branches, data centers and mobile users
• Securely extends and accelerates the enterprise data center network (L2 or L3) connection to
public clouds
• Simplifies IT with integrated Windows appliance options
• Provides granular, application level performance reporting for detailed usage analysis
• Scales up to 5,000 XenDesktop users in a single platform with the ability to “scale out” by load
sharing across multiple devices

Key Features

• HDX WAN Optimization


• Storage Replication Acceleration
• Application Acceleration
• Integrated Windows Server
• Video Caching
• Integrated Cloud Connectivity
• Quality of Service
• Security and Data Protection
• Flexible Centralized Management
• Plug-and-Play for any Network



ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 44


HDX SoC

HDX SoC, short for HDX System on a Chip. Is a technology that Citrix has developed for hardware
vendors to embed in a chip. HDX SoC is an embedded technology for thin clients.

Citrix provides an SDK to System-on-Chip vendors that enables compute intensive HDX algorithms to
execute outboard from the CPU, allowing inexpensive ARM processor based devices to deliver a high
definition user experience. Device manufacturers using these SoCs have now brought to market a broad
portfolio of low cost HDX Ready thin clients, zero clients and other products. Unlike competing solutions
that burn the remoting protocol into silicon, which can result in a device becoming obsolete within
months, the Citrix approach allows for ongoing innovation without hardware replacement. Click here for
the latest information HDX SoC thin clients available from HP, Igel Technologies, Dell/Wyse, NComputing
and others.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 45


HDX MediaStream Flash Redirection

A regular pain for any IT administrator is the use of Flash on webpages. Citrix developed a technology
that redirects and offloads the flash media (audio and video). HDX MediaStream and Flash Redirection
allows you to move the processing of most Adobe Flash content from Internet Explorer on the server to
LAN- and WAN-connected users' Windows and Linux devices. This processing includes animations,
videos, and applications. By moving the processing to the user device, Flash Redirection helps reduce
server and network load, resulting in greater scalability while ensuring a high definition user experience.

HDX accelerates multimedia performance by sending compressed streams to endpoint devices and
playing them locally; it works by running the Flash Player on the client, rather than the server. The
browser (IE) instance that contains the Flash Player remains on the XenApp server. The interface
between IE and the Flash Player is the ActiveX interface. Finally, The HDX service on the server, "Citrix
HDX MediaStream for Flash", runs under the Local Service account, and has the most limited privileges’
needed by the service to perform these functions.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 46


HDX MediaStream for Flash can only function if the HDX MediaStream for Flash Virtual Channel is
present on both the server and client.

HDX MediaStream for Flash is enabled by default when the Server side service component is installed
and running. It is not required to have the Client or Server side HDX GPO template enabled or configured
for HDX to work. The GPO template allows an administrator to control per user availability of the HDX
features. Various settings can be set in both the client and server GPO, to assist an administrator in
managing and configuring their HDX environment.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 47

Client Side Content Fetching


By default when redirecting the execution of Flash content to the client, the Flash content is fetch from
the client directly to the web server. This includes swf files as well as images, movies and any other type
of resource that the Flash application requests.
There is still communication between the end point and the virtual desktop via the ICA connection but
this is mostly control information. The bulk of the content is transferred between the website and the
end point. This is ideal if you want to optimize server usage. You can be playing a 1080p HD movie and

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 48


the server will hardly be doing anything.

HDX MediaStream for Flash allows you to move the fetching and processing of Adobe Flash Player
content to user devices rather than using network server resources. This scenario results in a high-
definition experience when using Windows Internet Explorer to access Flash content, including
animations, videos, and applications. By moving the processing to the user device, HDX MediaStream for
Flash reduces server and network load, resulting in greater scalability.

HDX MediaStream for Flash is a powerful feature. However, HDX MediaStream is not compatible with all
network environments. Please also note that you should turn on the Flash Intelligent fallback, to avoid
backwards compability issues with older Flash versions on XenApp and Virtual Machines running a
Desktop OS.

Server side content fetching

This feature is also, what I call, Plan B. Why? Because if the client device is not capable of “offloading”
the flash content to the device the user is connecting from then Server side content fetching kicks inn. In
the server side content fetching, the client does not reach out to the web server.
HDX MediaStream for Flash provides the ability to fetch and render Flash content on the endpoint,
thereby reducing server load, and optimizing the end-user experience. There are some cases when the


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 49


default client-side content fetching is not desirable, or functional. For example, the Flash Player using a
network address that is internal to an organization might reference the content (for example:
http://mywebsitethatwantstoshowflash/video.swf).

Such an URL can only be resolved on the server, and server-side content fetching must be used. Perhaps
the most common use case requiring HDX MediaStream for Flash server-side content fetching is an
organization that restricts the network connectivity of their ICA client devices so that they can
communicate only with their XenApp or XenDesktop servers. Such an organization would configure HDX
MediaStream for Flash to use server-side content fetching for all Web sites.

Server-side content fetching is the exception and can be configured on a per-URL basis using a server-
side configuration setting. In addition, you must enable server-side content fetching on the client.
The virtual desktop acts as a proxy and sends all resources via the ICA connection:

This model while it takes more resources on the virtual desktop, it enables end point with no access to
the internet. Client side content fetching is enabled by default and you do not need to do anything if this
is the model you want to work with.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 50


In versions of XenApp 6.5 and back confirm that SSCF is being used, you must first ensure that the
content is being rendered by verifying that PseudoContainer.exe is running on the client. If the client is
rendering the content, verify that the client is not fetching the content directly by watching the HTTP
traffic (using Fiddler or similar trace tool).

If SSCF is working, there should not be any direct HTTP traffic from the client, only from the server or
Virtual Desktop Agent.

If you observe traffic from the client to the content, and PseudoContainer.exe is running, check your
server-side content fetching list syntax, and test with a single * entry to enable SSCF for all content.

If PseudoContainer.exe is not running on the client, use the HDX Experience Monitor for XenApp to
confirm that HDX Flash prerequisites have been met.

In XenDesktop 7.x and XenApp 7.5 and beyond the process is called Citrix HDX Engine.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 51


Windows Media client-side content fetching

Windows Media client-side content fetching enables a client device to stream multimedia files directly
from the source provider on the Internet or Intranet, rather than through the host server. Benefits
include:

• Improved network utilization and server scalability. The host does not perform any processing on the
media; media files are streamed directly to the client for processing.

• The client device requires only the ability to play a file from a URL; it does not need an advanced
multimedia framework such as Microsoft DirectShow or Media Foundation.

• Multicasting is allowed on networks that support it, enabling a single Windows Media source
transmission to serve multiple users.
Windows Media client-side fetching requires the following:

• The application uses Microsoft DirectShow or Media Foundation framework in a manner that
Windows Media client-side content fetching can intercept.

• The client device has access to the source provider on the Internet or Intranet.

• Any prior attempt to play the requested URL in the current session using Windows Media client-side
content fetching did not fail. (Failed URLs are added to a blacklist for the duration of the session; the
list resets when the user logs out.)

• The media content uses one of the following URL protocols:

o HyperText Transfer Protocol – http://, https://

o Microsoft Media Server – mms://, mmsu://, mmst://

o Real Time Streaming Protocol – rtsp://, rtspu://, rtspt://


Due to operating system restrictions, Microsoft Media Server and Real Time Streaming Protocol are not
supported for iOS clients.

Two Policy settings control this feature: Windows Media Client-Side Content Fetching and Windows
Media Redirection. By default, both are set to Allowed. If Windows Media client-side content fetching
fails, content is fetched by the host and redirected to the client using Windows Media redirection; if
Windows Media redirection fails, content is rendered on the host. Windows Media client-side content
fetching provides the best user experience in most cases. If you find it necessary to turn off this feature,
add the Windows Media Client-Side Content Fetching setting to a policy and set its value to Prohibited.
If you turn off Windows Media redirection, Windows Media client-side content fetching is also turned
off.



ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 52


Real-time Windows Media multimedia transcoding

Real-time multimedia transcoding enables audio and video media streaming to mobile devices, and
enhances the user experience by improving how Windows Media content is delivered over a WAN:

• Transcoding converts the media content into a format that can be rendered locally on the client
hardware, eliminating the need to fall back to server-side rendering.

• If configured, offloading the transcoding to the GPU improves server scalability.

• Policies help administrators predict and manage multimedia content network consumption,
maintaining multimedia Quality of Service (QoS).

• Transcoding can compress media data to reduce file size, or convert the data to a format supported
on the target device. For example, transcoding enables video formats that are not compatible with
iOS, such as .wmv, to be converted and played on iOS clients.

• Transrating lowers the bitrate of the media to match the available bandwidth to the client device,
providing smooth playback with synchronized audio and video – even for users playing HD videos on
WANs or low bandwidth Wi-Fi connections. Examples include decreasing the media’s resolution or
frame rate to achieve a lower bit rate.
Three policy settings control the real-time multimedia transcoding feature:

• Windows Media redirection

• Optimization for Windows Media multimedia redirection Over WAN

• Use GPU for optimizing Windows Media multimedia redirection Over WAN
By default, Windows Media Redirection and Optimization for Windows Media multimedia redirection
Over WAN are Allowed so real-time multimedia transcoding automatically deploys as needed. GPU
transcoding is prohibited by default; to configure GPU transcoding, add the Use GPU for optimizing
Windows Media multimedia redirection Over WAN setting to a policy and set its value to Allowed. To
configure GPU transcoding, Optimization for Windows Media multimedia redirection Over
WAN and Windows Media Redirection must also be in the policy and set to Allowed; if either of these
policy settings is Prohibited, GPU transcoding is also.

Transcoding occurs on the Virtual Delivery Agent (VDA). To improve server scalability, if the VDA has a
supported Graphics Processing Unit (GPU) for hardware acceleration and the Use GPU for optimizing
Windows Media multimedia redirection Over WAN is Allowed, transcoding is done in the GPU;
otherwise, transcoding falls back to the CPU. The media stream is then translated to achieve the target
transmission bitrate and redirected to the client device, where it is recompressed and rendered.
In most cases, real-time multimedia transcoding provides the best user experience. If you find it
necessary to turn off real-time multimedia transcoding, add the Optimization for Windows Media
multimedia redirection Over WAN setting to a policy and set its value to Prohibited. If you prohibit

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 53


Windows Media redirection, real-time multimedia transcoding (including GPU transcoding) is also
prohibited.

Configuring Windows Media Related Policies

In previous versions of XenDesktop and XenApp, there was a load of tuning guides and other tuning
policies out there. I made one as well, that to date is in use, check out the www.ervik.as download
section to grab it. Starting from XenDesktop 5.x/XenApp 6.5 and up Citrix made it easier for the admin’s
out there. Most of the policies that make up the user experience is by Default: Allowed in the policies.

Now, tuning your environment might be crucial for the user experience that your users get. These
setting depends on many factors, like WAN, Latency, what kind of link the users have etc. etc…


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 54


Manage network consumption by multimedia content
Use the policy setting Limit Video Quality to maintain multimedia QoS by limiting the maximum video
quality for an HDX connection to the specified value. The default value of this policy setting is Not
Configured. Streaming multiple videos simultaneously on the same server consumes large amounts of
resources and may affect server scalability.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 55


Minimum version checking for Flash redirection

Warning

Editing the Registry incorrectly can cause serious problems that may require you to reinstall your
operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry
Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit
it.

You can add registry settings to specify the minimum version required for Flash redirection for client
devices accessing VDAs using Citrix Receiver for Windows or Citrix Receiver for Linux. This security
feature ensures that an outdated Flash version is not used.

ServerFlashPlayerVersionMinimum is a string value that specifies the minimum version of the Flash
Player required on the ICA Server (VDA).

ClientFlashPlayerVersionMinimum is a string value that specifies the minimum version of the Flash
Player required on the ICA Client (Citrix Receiver).

These version strings can be specified as "10" or "10.2" or "10.2.140". Only the major, minor and build
numbers will be compared. The revision number will be ignored. For example, for a version string
specified as "10" with only the major number specified, the minor and build numbers will be assumed to
be zero.

FlashPlayerVersionComparisonMask is a DWORD value that when set to zero will disable comparing the
version of the Flash Player on the ICA Client against the Flash Player on the ICA Server. The comparison
mask has other values, but these should not be used because the meaning of any non-zero mask may
change. It is recommended to only set the comparison mask to zero for the desired clients. It is not
recommended to set the comparison mask under the client agnostic settings. If a comparison mask is
not specified, Flash redirection will require that the ICA Client has a Flash Player with greater or equal
version to the Flash Player on the ICA Server. It will do so by comparing only the major version number
of the Flash Player.

In order for redirection to occur the client and server minimum checks need to be successful in addition
to the check using the comparison mask.

The subkey ClientID0x51 specifies Citrix Receiver for Linux. The subkey ClientID0x1 specifies Citrix
Receiver for Windows. This subkey is named by appending the hexadecimal Client Product ID (without
any leading zeros) to the string "ClientID". A full list of Client IDs can be found in the Mobile SDK for
Windows Apps documentation https://www.citrix.com/community/citrix-developer/mobile-sdk-for-
windows-apps.html.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 56


32-bit VDA example registry configuration

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer] Client
agnostic settings

"ClientFlashPlayerVersionMinimum"="13.0" Minimum version required for the ICA client


"ServerFlashPlayerVersionMinimum"="13.0" Minimum version required for the ICA server
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x1
] Windows ICA Client settings

"ClientFlashPlayerVersionMinimum"="16.0.0" This specifies the minimum version of the Flash Player


required for the Windows client
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x5
1] Linux ICA Client settings

"FlashPlayerVersionComparisonMask"=dword:00000000 This disables the version comparison-check for


the linux client (checking to see that the client has a more recent Flash Player than the server)
"ClientFlashPlayerVersionMinimum"="11.2.0" This specifies the minimum version of the Flash Player for
the Linux client.

64-bit VDA example registry configuration

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoSe
rver]

"ClientFlashPlayerVersionMinimum"="13.0"
"ServerFlashPlayerVersionMinimum"="13.0"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix
\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x1]

"ClientFlashPlayerVersionMinimum"="16.0.0"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citri
x\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x51]

"FlashPlayerVersionComparisonMask"=dword:00000000 "ClientFlashPlayerVersionMinimum"="11.2.0"


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 57


HDX MediaStream HTML 5 Multimedia redirection

HTML5 multimedia redirection extends the multimedia redirection features of HDX MediaStream to
include HTML5 audio and video. Because of growth in online distribution of multimedia content,
especially to mobile devices, the browser industry has developed more efficient ways to present audio
and video.

Flash has been the standard, but it requires a plug-in, doesn't work on all devices, and has higher battery
usage in mobile devices. Companies like Youtube, NetFlix.com, and newer browsers versions of Mozilla,
Google, and Microsoft are moving to HTML5 making it the new standard.

HTML5-based multimedia has many advantages over proprietary plug-ins, including:

• Company-independent standards (W3C)

• Simplified digital rights management (DRM) workflow

• Better performance without the security issues raised by plug-ins

HTTP progressive downloads

HTTP progressive download is an HTTP-based pseudo-streaming method that supports HTML5. In a


progressive download, the browser plays back a single file (encoded at a single quality) while it is being
downloaded from an HTTP web server. The video is stored on the hard drive as it's received and is
played from the hard drive. If you rewatch the video, the browser can load the video from cache.

For an example of a progressive download, see the HTML5 video redirection test page. Use the
developer tools in your browser to inspect the video element in the webpage and find the source (an
mp4 container format) in the HTML5 video tag:

<video src="https://www.citrix.com/content/dam/citrix61/en_us/images/offsite/html5-redirect.mp4"
controls="" style="width:800px;"></video>

Comparison between HTML5 and Flash

Feature HTML5 Flash

Requires a proprietary player No Yes


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 58

Feature HTML5 Flash

Runs on mobile devices Yes Some

Running speed on different platforms High Slow

Supported by iOS Yes No

Resource usage Less More

Load faster Yes No

Requirements

We support only redirection for progressive downloads in mp4 format. We don't support WebM and
Adaptive bitrate streaming technologies like DASH/HLS.

We support:

• Server side render

• Server fetch client render

• Client side fetching

Control these by using policies. For more information, see Multimedia policy settings.

Minimum versions of Citrix Receiver:

• Citrix Receiver for Windows 4.5

• Citrix Receiver for Linux 13.5


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 59

Minimum VDA browser version Windows OS version/build/SP

Windows 10 x86 (1607 RS1) and x64 (1607


RS1)

Windows 7 x86 and x64

Internet Explorer 11.0


Windows Server 2016 RTM 14393 (1607)

Windows Server 2012 R2

Windows 10 x86 (1607 RS1) and x64 (1607


RS1)


Firefox 47

Windows 7 x86 and x64


Manually add the certificates to the Firefox
certificate store or configure Firefox to search

for certificates from a Windows trusted
certificate store. For more information,
Windows Server 2016 RTM 14393 (1607)
see https://wiki.mozilla.org/CA:AddRootToFirefox

Windows Server 2012 R2

Windows 10 x86 (1607 RS1) and x64 (1607


RS1)

Windows 7 x86 and x64

Chrome 51

Windows Server 2016 RTM 14393 (1607)

Windows Server 2012 R2


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 60


Components of the HTML5 video redirection solution

• HdxVideo.js - JavaScript hook intercepting video commands on the website. HdxVideo.js


communicates with WebSocketService using Secure WebSockets (SSL/TLS).

• WebSocket SSL Certificates - Two certificates are installed on the Trusted Root Certificates store
on the VDA:

• Issued to Citrix HDX and issued by Citrix HDX

• Issued to 127.0.0.1 and issued by Citrix HDX

• WebSocketService.exe - Runs on the local system and performs SSL termination and user
session mapping. TLS Secure WebSocket listening on 127.0.0.1 port 9001.

• WebSocketAgent.exe - Runs on the user session and renders the video as instructed from
WebSocketService commands.

How 2 enable HTML5 video redirection

In this release, this feature is available for controlled webpages only. It requires the addition of the
HdxVideo.js JavaScript (included in the XenDesktop and XenApp Installation media) to the webpages
where the HTML5 multimedia content is available. For example, videos on an internal training site.

Websites like youtube.com, which are based on Adaptive Bitrate technologies (for example, HTTP Live
Streaming (HLS) and Dynamic Adaptive Streaming over HTTP (DASH)), are not supported.

Troubleshooting Tips

Errors might occur when the webpage tries to execute HdxVideo.js. If the JavaScript fails to load, the
HTML5 redirection mechanism fails. Ensure there are no errors related to HdxVideo.js by inspecting the
console in the developers tool windows of your browser. For example:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 61


HDX IntelliCache
IntelliCache refers to Citrix current and future capabilities to locally cache bandwidth intensive data and
graphics and locally stage streamed applications. Here Citrix CloudBridge is used to illustrate IntelliCache
as it caches common application display data for multiple users locally to the branch office, eliminating
redundant transfer of commonly used application objects.
Using IntelliCache, hosted VDI deployments are more cost-effective because IntelliCache enables you to
use a combination of shared storage and local storage. Performance is enhanced and network traffic is
reduced. The local storage caches the master image from the shared storage, which reduces the amount
of reads on the shared storage. For shared desktops, writes to the differencing disks are written to local
storage on the host and not to shared storage.

Your shared storage must be NFS when using IntelliCache.

Citrix recommends that you use a high performance local storage device to ensure the fastest possible
data transfer.

To enable IntelliCache in XenServer

When installing XenServer, select Enable thin provisioning (Optimized storage for XenDesktop). Citrix
does not support mixed pools of servers that have IntelliCache enabled and servers that do not.

For more information on using IntelliCache, see the XenServer and IntelliCache chapter in the XenServer
Installation Guide available from the XenServer node.

To enable IntelliCache in this product

IntelliCache is disabled by default. You can update the setting only when you create a connection; you
cannot disable IntelliCache later. When you add a XenServer connection from Studio:

1. Select Shared as the storage type.


2. Select Use IntelliCache to reduce load on the shared storage.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 62


HDX Adaptive Orchestration
HDX Adaptive Orchestration refers to current and future capabilities that enable seamless interaction
between the HDX Technology categories. A central concept is that all these components work adaptively
to tune the unified HDX offering for the best possible user experience.

HDX Adaptive Orchestration queries the graphics capabilities of the endpoint device and intelligently
determines how to combine client-side and server-side rendering. Furthermore, rendering decisions can
be made based on available network bandwidth or application characteristics. The result is a high
definition user experience, increased server scalability and optimal use of network bandwidth.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 63


HDX RealTime Optimization Pack for Skype for Business
Citrix developed this technology some years back, to combat the issues with running Microsoft Skype for
Business/Lync on XenApp servers or XenDesktop Virtual Desktops (VDI). The idea behind this nifty piece
of technology is to offload audio/video to combat WAN and latency issues, as well as lower the CPU
requirements pr user on XenApp servers and on Virtual Desktops delivered via XenDesktop. HDX
RealTime Optimization Pack, developed in close collaboration with Microsoft, optimizes delivery of the
Skype® for Business client from XenApp and XenDesktop. Users can seamlessly participate in clear, crisp
high-definition audio-video or audio-only calls to and from other HDX RealTime users, native Skype® for
Business and Lync® client users, and other standards-based video desktop and conference room
systems. The Optimization Pack consists of the HDX RealTime Connector for Skype for Business, which
connects to the Microsoft Skype for Business client on the virtual desktop, and the HDX RealTime Media
Engine which runs on the user device as a plug-in to the Citrix Receiver. The HDX RealTime Media Engine
is available for Windows, Linux and Mac devices.

HDX RealTime Optimization Pack provides a scalable solution for delivering audio-video conferencing
and voice over Internet Protocol enterprise telephony through Microsoft Skype for Business. The
Optimization Pack supports XenDesktop and XenApp environments to users on Linux, Mac, Windows,
and (through a partnership with Dell) Wyse ThinOS devices. The Optimization Pack uses your existing
Microsoft Skype for Business infrastructure, on premises or in the cloud, and inter-operates with other
Microsoft Skype for Business endpoints running natively on devices.

The Optimization Pack consists of both client and server components:

• Client component. Citrix HDX RealTime Media Engine and Citrix Receiver integrate on the
endpoint device and performs media processing directly on the user device. It offloads the
server for maximum scalability, minimizing network bandwidth consumption, and ensuring
optimal audio-video quality.

For information about the RealTime Optimization Pack Capability Checker for Windows, which
determines endpoint ability to support the Optimization Pack,
see https://support.citrix.com/article/CTX222459.

• Server-side (and virtual desktop) component. Citrix HDX RealTime Connector is a connector to
the virtualized Microsoft Skype for Business client running on the XenApp or XenDesktop server.
It drives the RealTime Media Engine on the endpoint. RealTime Connector runs in the virtual
server environment alongside Microsoft Skype for Business. It communicates signaling
information over a Citrix ICA virtual channel to the RealTime Media Engine running on the user
device.

The Optimization Pack supports users who are on the corporate network or working remotely. For
information about configuring secure remote access to Skype for Business using the HDX RealTime
Optimization Pack, see https://support.citrix.com/article/CTX201116.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 64

• Comprehensive functionality, including audio-video and telephony features, when the Skype for
Business client is hosted on Citrix XenApp or XenDesktop

• Fully native user experience

• Uncompromised qualityof voice and video

• Maximum XenApp/XenDesktop server scalability

• Support for a broad range of devices and OS

• Joint story from both vendors on roadmap and support


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 65


HDX RealTime Optimization Pack architecture looks like this:


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 66


There are many of the Generic HDX RealTime technologies help to maintain a good user experience if
there is no media engine available on the endpoint.
These include:

• Optimized-for-speech codec technology, featuring fast encode and low bandwidth utilization

• Adaptive H.264 video in Thinwire display remoting (video quality and frame rate self-adjust to
the network)

• Webcam Video Compression in the Citrix Receivers for Windows, Linux and Mac, offering
excellent bandwidth efficiency and network latency tolerance

• Jitter buffering in the Citrix Receiver for Windows to ensure smooth audio even when network
latency is variable, and Echo Cancellation when using a microphone and speakers

• Audio device plug-n-play (devices can be plugged in mid-session)

• Audio device routing (for example, ringtone can be directed to speakers but voice to a headset)

• Multi-stream ICA transport for full QoS support (up to 4 TCP channels and 2 UDP channels)

• UDP/RTP audio for superior performance on lossy and congested network connections

• DSCP packet tagging for RTP packets (Layer 3) and WMM tagging for Wi-Fi

Check the Citrix Receiver feature matrix for details, but the quick summary is that generic support for
real-time audio and webcam video is currently available for Windows, Linux, Mac OS X and ChromeOS,
plus Dell support Generic HDX RealTime for Wyse ThinOS (WTOS).

NetScaler can also play an important role when delivering audio-video streams over ICA, with features
such as:

• NetScaler CloudBridge support for QoS and multi-stream ICA, including UDP, and optional
packet duplication for superior audio-video quality

• NetScaler Gateway support for UDP/RTP and DTLS


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 67


Also there are some added security benefits of running Microsoft Skype for Business from XenApp or
XenDesktop. These added security benefits include

– Usernames and Passwords - that are entered into the Skype Client never leaves the Datacenter

– Virus and Malware - Easier to combat, because the security measures in place in the datacenter
can detect and get rid of threats. This surpasses the de-centralized solution with each laptop
and each AntiVirus/Maleware program/scan etc.

– Chat log and Contacts – never leave the datacenter! These logs and contacts are stored locally
on each computer that the Skype for Business Client is installed. When running in XenApp or a
VDI machine from the datacenter, this data never leaves the datacenter.

– Avoid Spam and Phishing – easier to stop Spam and Phishing attempts from a central point that
from all the de-centralized computers out there…

– File Sharing - Files shared during session land on the server rather than the client. It will increase
the overall security measures as companies try to combat insecure methods of sharing files
between employees and external entities.

Whats new in 2.3 release:

• Improved video quality. For information about factors that impact video quality,
see https://support.citrix.com/article/CTX222553.

• Implemented simulcast video transmission (multiple concurrent video streams) to


improve video quality on conference calls and Skype Meetings. Each XenApp or
XenDesktop user sees a single video stream because Gallery View is not available when
the Skype for Business client is virtualized
(see https://support.citrix.com/article/CTX200279). Simulcast allows endpoints to send
more than one video stream at a time, if more than one resolution is requested for
incoming Video Source Requests. There are many factors that determine how many
streams and their resolution, frame rate, and bit rate. These factors include the
endpoint capabilities, bandwidth availability, and decoding/encoding capabilities.

• Supports the H.264 unified communications (UC) codec as the default for all calls. Also
enables video forward error correction (FEC) to provide superior video quality on
network connections that experience packet loss (for example, Wi-Fi).

• Optimizing bandwidth usage. RealTime Media Engine requests video resolution based on the
size of the video window on the user screen. Transmitted resolutions are lower because
endpoints aren't subscribing to video resolution higher than they can display. If other
participants in the conference maximize their windows, the endpoint starts sending at a higher
resolution, up to its limit. This update minimizes average network and CPU load without
sacrificing quality.

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 68


• Enhanced call statistics. Added the Citrix_HDXRTConnector_Simulcast_Stream class to WMI and
updated call statistics to include simulcast video statistics. These statistics include codec,
resolution, frames per second, and bitrate for all streams being sent. Also, the statistics show
how many viewers are receiving each of the streams. During the time active speakers change
and participants join or leave the meeting, the statistics update to reflect the changes in the
streams sent.

• Quality of Experience statistics. Added additional network connectivity parameters in Quality of


Experience reports. We report the simulcast information in the outbound stream statistics:

• Codecs/Codec Types: list all codecs used in all streams

• Resolution: highest resolution being sent across all streams

• FPS: highest frame rate being sent across all stream

• Bitrate: sum of all streams

• Call admission control. Extended support for call admission control to include configurations
without an Edge Server.

• Citrix Receiver auto-update feature. RealTime Media Engine is compatible with the Citrix
Receiver for Windows minimum version 4.8 and Citrix Receiver for Mac minimum version 12.6
auto-update feature.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 69


HDX Thinwire ( Thinwire + / Plus )

So what is this new HDX Thinwire, you might ask?

The new Thinwire has been a core engine of the ICA virtual display channels, in one form or other, for
over two decades! Under the hood, different methods are employed to address the wide range of
conditions between the centralized resources and the user. It is continually evolving to keep up with
advances in hardware, operating systems, peripherals, networks and other building blocks of the
ecosystem. Feature Pack 3 (FP3) includes a new invention to deliver great user experience
with significantly smaller CPU and bandwidth footprint. During its development, this innovation was
variously known as Project Snowball, Thinwire Plus, Enhanced Thinwire, Enhanced Compatibility Mode,
Next-Gen Thinwire, and so on. It’s also been formerly known as Extra Color Compression (ECC) is a policy
that can be applied to control how HDX manages bandwidth vs. quality and other resources (example,
CPU). This technologically means that it is chromatic (color) sub-sampling of JPEG data. The benefits of
Extra Color Compression is an optimization that can save up to 20% on the size of lossy compressed
images, but at a small expense of quality. This can reduce bandwidth significantly particularly when
customers have simpler, legacy applications with limited graphical-richness.

Thinwire is the Citrix default display remoting technology used in XenApp and XenDesktop.

Display remoting technology allows graphics generated on one machine to be transmitted, typically
across a network, to another machine for display.

A successful display remoting solution should provide a highly interactive user experience that is similar
to that of a local PC. Thinwire achieves this by using a range of complex and efficient image analysis and
compression techniques. Thinwire maximizes server scalability and consumes less bandwidth than other
display remoting technologies.

Because of this balance, Thinwire meets most general business use cases and is used as the default
display remoting technology in XenApp and XenDesktop.

All these terms refer to the same thing: a new method within the good old HDX Thinwire protocol.

This policy is relevant to HDX graphics modes technologies are:

• The original thinwire mode (now the “legacy graphics mode” in XenDesktop/XenApp 6.5.

• Thinwire+ technologies

• Thinwire Compatibility Mode

o Intelligent bitmap matching for a bitmap-only provider.


• Bitmap translation analysis for efficient window movement and scrolling.
o Backwards compatible. There is no requirement for client or Citrix Receiver upgrades or
hardware acceleration.

ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 70


• Tested on a range of older thin clients up to and over 5 years old.
o Optimized for very low server CPU usage and improved server scalability.
o An emulated 16-bit mode, which reduces bandwidth by a further 15-20% for typical
workloads.
o Transient detection for server-rendered video content.
• Multi-transient handling for an improved multimedia experience. For example,
when watching multiple videos or ticker tapes.
• Selective sharpening for regions that leave a transient state.
o Optimized for CloudBridge acceleration. In tests, we have seen up to a 6:1 ratio of
bandwidth reduction on Office-type workloads.
o Adaptive display, which can be tuned through policy settings. For more information
see Moving image compression inMoving image policy settings.
o VDA's and Windows OS's up to and including Windows 10 VDA are supported.
o New "Build to Lossless" mode for 3D Pro, which improves responsiveness, interactivity, and
interruptible sharpening for a better user experience on low bandwidth.
o Default static photographic imagery quality is higher than in Legacy Graphics Mode.

For the Build to lossless visual quality, Thinwire Compatibility Mode uses a "fuzzy-first" approach for
large screen updates. This setting is targeted at 3D Pro users who are manipulating 3D models or other
graphic-intensive applications. If the activity continues, a transient mode is assumed and the affected
area is sharpened and cached once transient activity stops. For the initial large change, some lightweight
image analysis is performed on the change area to determine whether to use "fuzzy transient" or "sharp
transient" (lossless) - for example, when rotating a wireframe. It is more efficient, for FPS (Frames Per


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 71


Second) and bandwidth, to encode simple imagery using the Citrix lossless codec and no loss in quality
occurs.

By default HDX will still use H.264 based technologies if the hardware and Citrix receiver in your
deployment can support them – so this new mode may need to be turned on, although it is now the
default for end-points that can’t do H.264 so if you have a mixture of Receiver versions or end-client
hardware levels, some users will get this mode automatically.

Please note that from XD/XA 7.6 FP3, you don’t have to disable DCR as it is now disabled by default.

Please note that if you intend to use this feature of the HDX stack, there is a small additional CPU cost.

Thinwire or Framehawk

Thinwire should be used for delivering typical desktop workloads, for example, desktops, office
productivity or browser-based applications. Thinwire is also recommended for multi-monitor, high
resolution or high DPI scenarios, and for workloads with a mixture of video and non-video content.

Framehawk should be used for mobile workers on broadband wireless connections where packet loss
can be intermittently high.

Multi-Stream and Multi-Port ICA


Multi-Stream and Multi-Port ICA allow assigning a separate TCP Port for each of the four groups of ICA
Channels. These TCP ports can then be assigned unique priorities on Network Devices. It is a mechanism
to prioritize network traffic to help ensure that the most important data gets through the network as
quickly as possible.

With the release of XenApp 6.5 and XenDesktop 5.5, with Receiver 3.0 (including Online Plugin 13.0),
Citrix introduced support for true network based Quality of Service (QoS) to the ICA or HDX protocol.

This QoS is a mechanism to prioritize network traffic to help ensure that the most important data gets
through the network as quickly as possible

To decide if it is required and to decide how to implement Multi-Stream and Multi-Port ICA in an
environment, it is necessary to understand what the ICA Channels are, and how they are divided into the
four priority groups.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 72

Starting with XenDesktop 5.5 & XenApp 6.5 is to use multiple TCP connections (aka Multi-Stream ICA) to
carry the ICA traffic between the client and the server. In addition, in XenDesktop, there is an optional
UDP connection along with multiple TCP connections. Each of these connections will be associated with
a different class of service. Each ICA virtual channel will be associated with a specific class of service and
be transported in the corresponding TCP connection. The network administrator will be able to prioritize
each of these classes of service, independently from each other, based on the TCP port number used for
the connection.
These are the four classes of services that we can configure:

• Very High Priority (for real-time channels like audio)


• High Priority (for interactive channels like graphics, keyboard, and mouse)
• Medium Priority (for bulk virtual channels like drive mapping, scanners (TWAIN), etc.)
• Low Priority (for background virtual channels like Printing)


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 73


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 74


Policy Templates

With the release of 7.6 FP3 of XenApp and XenDesktop, Citrix now offer predefined Policy Templates.

How do you get started and get more familiar with the built-in policy templates? The first step is to
download the new Group Policy Management 7.6.300 from the Feature Pack 3 page on Citrix.com. You
can get the related product documentation at http://www.citrix.com/policytemplates
PLEASE NOTE THAT IN 7.7 and 7.8 release of XenApp and XenDesktop these policies are included and
there is no need to download anything extra!

Also, be sure to stop by Group Policy Management Template Updates for XenApp/XenDesktop
http://support.citrix.com/article/CTX202000 for a regular update from Citrix!

The XenApp and XenDesktop installation now includes the following policy templates that replace and
enhance the previously available built-in Citrix templates:

o Very High Definition User Experience. This template enforces default settings which maximize
the user experience. Use this template in scenarios where multiple policies are processed in
order of precedence.

o High Server Scalability-Legacy OS. This High Server Scalability template applies only to VDAs
running Server 2008 R2 or Windows 7 and earlier. This template relies on the Legacy graphics
mode which is more efficient for those operating systems.

o High Server Scalability. Apply this template to economize on server resources. This template
balances user experience and server scalability. It offers a good user experience while increasing
the number of users you can host on a single server. This template does not use video codec for
compression of graphics and prevents server side multimedia rendering.

o Optimized for WAN-Legacy OS. This Optimized for WAN template applies only to VDAs running
Server 2008 R2 or Windows 7 and earlier. This template relies on the Legacy graphics mode
which is more efficient for those operating systems.

o Optimized for WAN. This template is intended for task workers in branch offices using a shared
WAN connection or remote locations with low bandwidth connections accessing applications
with graphically simple user interfaces with little multimedia content. This template trades off
video playback experience and some server scalability for optimized bandwidth efficiency.

o Security and Control. Use this template in environments with low tolerance to risk, to minimize
the features enabled by default in XenApp and XenDesktop. This template includes settings
which will disable access to printing, clipboard, peripheral devices, drive mapping, port
redirection, and Flash acceleration on user devices. Applying this template may use more
bandwidth and reduce user density per server.


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 75


Summary
I hope you have enjoyed this eBook, Citrix HDX technologies for Dummies. My goal was to clarify the
different HDX technologies that Citrix delivers. Citrix still has by far the best remoting protocol out there
as of 2016, and are constantly working on ways to make it even better. The addition of the Thinwire+,
Optimization Pack for Skype and Framehawk technology will help satellite and poor bandwidth links
tremendously. As things evolve in this industry, watch out for an updated version.

Check out www.ervik.as regularly for updates from the End User Computing industry. The only known
facts is that Change is constant, so there will be more great stuff coming out from Citrix in 2016 as well!


ALEXANDER ERVIK JOHNSEN – © 2017 – WWW.ERVIK.AS 76