Citrix Virtual Apps and Desktops – Component Architecture

Glossary Citrix Virtual Apps and Desktops – On-Premises Deployment Citrix Virtual Apps and Desktops – Hybrid Cloud Deployment Citrix Virtual Apps and Desktops – Citrix Cloud Deployment
An on-premises Citrix Virtual Apps and Desktops architecture provides any user on any device and secure access to any Windows or Linux desktop or application hosted on Citrix A hybrid cloud Citrix Virtual Apps and Desktops architecture adheres to the same architecture as the on-premises model except hosting platforms expand to include Microsoft Azure, Amazon AWS or other The Citrix Virtual Apps and Desktops Service hosted in the Citrix Cloud is a variant of a hybrid cloud architecture except that the access and control layers of the solution are managed by Citrix in the Citrix Cloud, eliminating the
Hypervisor, Microsoft Hyper-V, Nutanix Acropolis, VMware vSphere and physical servers across multiple on-premises data centers. cloud hosting providers for resource layer components (Windows and Linux desktops and applications), while all managed from a centralized controller architecture. need for the local infrastructure team to manage, maintain and upgrade the access and control components. Each unique cloud or on-premises location hosting resources must deploy a Citrix Cloud Connector component, which
Virtual Desktop Models provides the link to the Citrix Cloud service.

Windows Apps – a Windows app interface running on a server-

based OS, accessible to many users.
Users Access Control Resources Users Access Control Resources Users Access Control Resources
Linux Apps – the Linux app interface running on a server-based
OS, accessible to many users.

Secure Browser – an app, encapsulated within a compatible Microsoft Azure Cloud Connector Microsoft Azure
Windows Apps Windows Apps
browser tab to the user’s preferred browser. Database Windows Apps Database

VM-Hosted App - the Windows app interface running on a

desktop-based OS, accessible to a single user.

Shared Windows Desktop – a Windows desktop interface Amazon AWS

Gateway Gateway Gateway Service
running on a server-based OS, accessible to many users. . User Devices StoreFront Virtual Apps and Desktops User Devices StoreFront Virtual Apps and Desktops Linux Apps User Devices Virtual Apps and Desktops Linux Apps
Linux Apps
Controller Controller Workspace Service

Cloud Connector Citrix Hypervisor

Shared Linux Desktop – a Linux desktop interface running on a
server-based OS, accessible to many users.
Citrix Hypervisor
Studio Licenses Director Studio Licenses Director Pooled Windows Desktops Pooled Windows Desktops
Pooled Windows Desktops
Pooled Windows Desktop – a randomly assigned desktop-
based Windows OS, accessible to a single user.

Citrix Hypervisor Nutanix Acropolis Physical Server Microsoft Hyper-V VMware vSphere Microsoft Hyper-V Citrix Cloud Citrix Cloud
Pooled Linux Desktop – a randomly assigned desktop-based
Linux OS, accessible to a single user.

Host
Host Host
Personal Windows Desktop – a statically assigned desktop-
based Windows OS, accessible to a single user.

Personal Linux Desktop – a statically assigned desktop-based

Windows OS, accessible to a single user.

Pro Graphics Desktop – a virtual desktop utilizing a hardware-

based graphical processing unit (GPU), accessible to a single User Authentication and Resource Enumeration HDX Networking Traffic and Ports: On-Premises and Hybrid Cloud Deployments
user.
HDX (High Definition eXperience) is a collection of integrated technologies providing and end-to-end delivery
system leveraging end point, virtual machine and host capabilities to provide the user with the best experience 80 HTTP
Local VM – a desktop running within a virtual container on the A user initiates a connection to the Gateway possible.
1
end point device. URL and provides logon credentials. Users Access Control Resources Host 88 Kerberos
Users Access Control Resources
135 RPC
Remote PC Access – a traditional Windows PC available to a
The credentials are validated against Active
HDX Technologies
remote user. 2 389 LDAP
Directory.
1 1 2 HDX Broadcast – ensure reliable, high-performance connectivity over any network 443 1494 2598 443 8008 FH IA
443 SSL/TLS
Gateway
Gateway forwards the user credentials to 6 Gateway Virtual Desktop Native Windows Auth
3 Devices Workspace app 464 Change Passwords
StoreFront. Delivery Group Active Directory
External Users HDX MediaStream – optimized technologies for playing video and audio recordings (External User)
80/443 636 LDAP SSL
Virtual Apps and Desktops Components When StoreFront is in the same domain as the 4a Director Microsoft Azure
controller, StoreFront validates the user
3 6 1433 SQL Server
4a HDX RealTime – support for softphones, voice chat and unified communications like Skype
Delivery Controller – central infrastructure server responsible credentials against Active Directory and 4b
for Business
for distributing, enumerating and assigning resources. forwards to the delivery controller. 1494 Citrix ICA
4a 4b Active Directory
When StoreFront is not in the same domain as 8000 2598 Citrix Session Reliability
Citrix Hypervisor
StoreFront – an app store uniquely generated for each user the delivery controller , credentials are Pooled Windows Desktops HDX Mobile – optimizes the delivery of Windows apps to mobile form factor devices Workspace app (Web)
4b 389/636 Pool Master
based on user credentials. forwarded to the delivery controller for 6 (External User) 3268 LDAP Global Catalog
validation against Active Directory. StoreFront Virtual Apps and Desktops
Controller 3269 LDAP Global Catalog SSL
Gateway – encapsulates all Virtual Apps and Desktops network 80/443 STA 443
traffic destined for the end point within SSL (443). The Virtual Apps & Desktops delivery controller HDX Plug-n-Play – extends hosted virtual resources to support locally attached USB devices
5 retrieves a list of available resources by 5 VMware vCenter 3389 Remote Assistance
StoreFront Virtual Apps and Desktops
querying the SQL Database. Controller
Studio – an MMC-based admin console used to configure the
environment. 8008 ICA for HTML5
The list of available resources is sent to HDX RichGraphics – optimizes delivery of 2D and 3D graphics to remote devices

6
StoreFront, which populates the user’s Citrix SQL Database
1433 8000 Gateway Load Balancing Monitor
Workspace app, Windows Start Menu or Microsoft SCVMM Server
Director – a web-based support console used to monitor and
browser 80, 443, or custom -
troubleshoot the environment. HDX WAN Optimization – optimizes bandwidth requirements, allowing access from satellite STA Secure Ticket Authority
and branch office locations
Database – a Microsoft SQL instance used to store all 8100 WCF
configuration and usage information for the environment.
HDX Adaptive Orchestration – dynamically integrates all HDX Technologies based on host, SQL Database Licenses LS 27000, 7279, 8083 - License Server
Studio Amazon AWS
Virtual Delivery Agent – installed on each resource, it enables a network and device
resource to register with the delivery controller, allowing users FH 3224-3324 - Framehawk
to request a session.
IA 16500-16509 – ICA Audio
Machine Catalog – collections of virtual or physical machines,
managed as a single entity.
Session Launch ICA Protocol
Delivery Group – identify which users can access which
desktops/applications within which machine catalog.
When the user selects a resource from The ICA protocol integrates the different HDX technologies into the network stack by use of virtual
1 Workspace app, the request is sent to channels. Networking Traffic and Ports: Virtual Apps and Desktops Service on Citrix Cloud
Workspace app – installed on each end point device, provides StoreFront through Gateway.
users with secure access to app and desktop resources Users Access Control Resources Drives
Skype 80
80
HTTP
HTTP
StoreFront forwards the resource request to Printing
2
the delivery controller. Keyboard /
Multitouch
Users Access Control Resources Host 389
389
LDAP
LDAP
Mouse Audio

3
The delivery controller queries the SQL
Database to determine an appropriate host to
1 1 7 9 ICA Clipboard

Smartcards
Seamless
Windows
Adaptive
Display
443
443
443
SSL/TLS
SSL/TLS

Virtual Apps and Desktops Cloud Components fulfill the request. Mobile Multimedia 1494
1494
Citrix ICA
Citrix ICA
6 Gateway Sensors
Devices
The delivery controller sends the host and Delivery Group Pooled Windows Desktops Generic USB
Flash 2598
2598
Citrix Session Reliability
Citrix Session Reliability
4 External Users 443 443
443
Citrix Cloud – A type of hybrid cloud deployment where the connection information to StoreFront (443).
Microsoft Azure 3268
3268
LDAP Global Catalog
LDAP Global Catalog
control-layer items are hosted and managed by Citrix. The ICA protocol utilizes adaptive transport orchestration to send the packets across the network with Gateway Service Virtual Apps and Desktops
8 Workspace app
StoreFront requests and receives a one-time- 1 6 either TCP or EDT (Enlightened Data Transport – Citrix proprietary intelligent UDP-based transport (External User)
Service 8100 WCF
8100 WCF
Cloud Connector – provides the link between resources hosted 5 389 3268
use ticket via the Secure Ticket Authority. protocol), based on network conditions and capabilities.
on-premises/cloud with the Virtual Apps and Desktops service AD
hosted on Citrix Cloud. Active Directory Citrix Hypervisor AD 123 – W32Time
123 – W32Time
Virtual Desktop Pool Master 135 – RPC
StoreFront generates a launch file, including 135 – RPC
2 5 464 – Kerberos
Virtual Apps and Desktops Service – an offering within Citrix 6 the ticket information, which is sent to the user 464 – Kerberos
Drives 80 / 443 49152-65535 – LSA, SAM, Netlogon
Cloud where Citrix manages the deployment, management, through Gateway. Skype AD 49152-65535 – LSA, SAM, Netlogon
389 – LDAP
fault tolerance of the control layer components. 4 Printing 389 – LDAP
Multitouch 443 VMware vCenter 636 – LDAP SSL
StoreFront
7
Citrix Workspace app uses the launch file and
makes a connection to the Gateway (443).
Virtual Apps and Desktops
Controller
Adaptive
Enlightened
Keyboard /
Mouse Audio
636 – LDAP SSL
3268 – LDAP Global Catalog
3268 – LDAP Global Catalog
Secure Browser Service – an offering within the Citrix Cloud
providing simple and secure remote access to web
3
Transport
Data Transport ICA Clipboard

Smartcards
Seamless
Windows
Adaptive
Display
Workspace app (Web)
(External User)
Workspace
3269 – LDAP Global Catalog SSL
3269 – LDAP Global Catalog SSL
53 – DNS
53 – DNS
applications. (TCP or EDT) Microsoft SCVMM Server 88 – Kerberos
Gateway validates the ticket with the STA (80 Mobile Multimedia 88 – Kerberos
8 Cloud 445 - SMB
or 443) Sensors
445 - SMB
Gateway Service – an offering within the Citrix Cloud providing Generic USB
Flash Connector
secure VPN access to Virtual Apps and Desktops and Endpoint
Management applications Gateway initiates a connection to the resource SQL Database
9 Amazon AWS
(1494 or 2598) on the user’s behalf.

© Copyright Citrix 2018 Current as of October 23, 2018