Citrix XenApp and XenDesktop

7.15 – Component Architecture

Windows Apps – a Windows app interface running on a server- based OS, accessible to many
users.
Linux Apps – the Linux app interface running on a server-based OS, accessible to many users.
Secure Browser – an app, encapsulated within a compatible browser tab to the user’s preferred
browser.
VM-Hosted App - the Windows app interface running on a desktop-based OS, accessible to a
single user.
Shared Windows Desktop – a Windows desktop interface running on a server-based OS,
accessible to many users. .
Shared Linux Desktop – a Linux desktop interface running on a server-based OS, accessible to
many users.
Pooled Windows Desktop – a randomly assigned desktop- based Windows OS, accessible to a
single user.
Pooled Linux Desktop – a randomly assigned desktop-based Linux OS, accessible to a single
user.
Personal Windows Desktop – a statically assigned desktop- based Windows OS, accessible to a
single user.
Personal Linux Desktop – a statically assigned desktop-based Windows OS, accessible to a
single user.
Pro Graphics Desktop – a virtual desktop utilizing a hardware- based graphical processing unit
(GPU), accessible to a single user.
Local VM – a desktop running within a virtual container on the end point device.
Remote PC Access – a traditional Windows PC available to a remote user.
Delivery Controller – central infrastructure server responsible for distributing, enumerating and
assigning resources.
StoreFront – an app store uniquely generated for each user based on user credentials.
NetScaler Gateway – encapsulates all XenApp & XenDesktop network traffic destined for the
end point within SSL (443).
Studio – an MMC-based admin console used to configure the environment.
Director – a web-based support console used to monitor and troubleshoot the environment.
Database – a Microsoft SQL instance used to store all configuration and usage information for
the environment.
Virtual Delivery Agent – installed on each resource, it enables a resource to register with the
delivery controller, allowing users to request a session.
Machine Catalog – collections of virtual or physical machines, managed as a single entity.
Delivery Group – identify which users can access which desktops/applications within which
machine catalog.
Receiver – installed on each end point device, provides users with secure access to app and
desktop resources
Citrix Cloud – A type of hybrid cloud deployment where the control-layer items are hosted and
managed by Citrix.
Cloud Connector – provides the link between resources hosted on-premises/cloud with the
XenApp and XenDesktop service hosted on Citrix Cloud.
XenApp and XenDesktop Service – an offering within Citrix Cloud where Citrix manages the
deployment, management, fault tolerance of the control layer components.
Secure Browser Service – an offering within the Citrix Cloud providing simple and secure
remote access to web applications.
Glossary
Citrix XenApp & XenDesktop 7.15 – On-Premises Deployment
Citrix XenApp & XenDesktop 7.15 – Hybrid Cloud Deployment
Citrix XenApp & XenDesktop 7.15 – Citrix Cloud Deployment
An on-premises Citrix XenApp and XenDesktop architecture provides any user on any device
and secure access to any Windows or Linux desktop or application hosted on Citrix XenServer,
A hybrid cloud Citrix XenApp and XenDesktop architecture adheres to the same architecture as
the on-premises model except hosting platforms expand to include Microsoft Azure, Amazon
AWS or other

he Citrix XenApp & XenDesktop Service hosted in the Citrix Cloud is a variant of a hybrid
cloud architecture except that the access and control layers of the solution are managed by Citrix
in the Citrix Cloud, eliminating the need Microsoft Hyper-V, Nutanix Acropolis, VMware
vSphere and physical servers across multiple on-premises data centers.
cloud hosting providers for resource layer components (Windows and Linux desktops and
applications), while all managed from a centralized controller architecture.

or the local infrastructure team to manage, maintain and upgrade the access and control
components. Each unique cloud or on-premises location hosting resources must deploy a Citrix
Cloud Connector component, which Virtual Desktop Models
provides the link to the Citrix Cloud service.

Host
Host
Host
XenApp & XenDesktop Components
XenApp & XenDesktop Cloud Components
NetScaler Gateway Service – an offering within the Citrix Cloud providing secure VPN access to
XenApp, XenDesktop and XenMobile applications

Users
Access Control Resources Users
Access Control Resources Studio
Licenses Director Studio

Licenses Director Users Access Control Resources Database

Windows Apps
Database
Windows Apps
Microsoft Azure
Cloud Connector
Windows Apps
Microsoft Azure
User
Devices
NetScaler
StoreFront
User
Devices
NetScaler
StoreFront
Amazon AWS
NetScaler Gateway Service
XenApp & XenDesktop Service
Citrix XenServer
Citrix XenServer
Pooled Windows Desktops
Pooled Windows Desktops
Citrix XenServer Nutanix Acropolis Microsoft Hyper-V VMware vSphere
Microsoft Hyper-V
Citrix Cloud Citrix Cloud
© Copyright Citrix 2017
XenApp / XenDesktop Controller
Linux Apps
XenApp / XenDesktop
Linux Apps
User
Devices

inux Apps Controller

Cloud Connector
Pooled Windows Desktops
Physical Server
User Authentication and Resource Enumeration
Users Access Control Delivery Group
Devices
External Users
HDX
Networking Traffic and Ports: On-Premises and Hybrid Cloud Deployments
HDX (High Definition eXperience) is a collection of integrated technologies providing and
end-to-end delivery system leveraging end point, virtual machine and host capabilities to provide
the user with the best experience possible.

HDX Technologies
HDX Broadcast – ensure reliable, high-performance connectivity over any network
Receiver (External User)
HDX RealTime – support for softphones, voice chat and unified communications like Skype for
Business
HDX Mobile – optimizes the delivery of Windows apps to mobile form factor devices
HDX Plug-n-Play – extends hosted virtual resources to support locally attached USB devices
HDX RichGraphics – optimizes delivery of 2D and 3D graphics to remote devices
HDX WAN Optimization – optimizes bandwidth requirements, allowing access from satellite
and branch office locations
HDX Adaptive Orchestration – dynamically integrates all HDX Technologies based on host,
network and device
80 HTTP
1
A user initiates a connection to the NetScaler Gateway URL and provides logon credentials.

Resources
Users
Access Control Resources
Host
88 Kerberos
135 RPC
2
The credentials are validated against Active Directory.
389 LDAP
11
2
443
1494 2598 443 8008 FH IA
443 SSL/TLS
3
NetScaler Gateway forwards the user credentials to StoreFront.
6
NetScaler Gateway
Active Directory
NetScaler
Virtual Desktop
464
Native Change Windows Passwords
Auth
HDX MediaStream – optimized technologies for playing video and audio recordings
80/443
36
4a
Director
4a
4a
8000
Active Directory
Pooled Windows Desktops

TML5 Receiver 6
(External User)
3268 LDAP Global Catalog
5
3389 Remote Assistance
SQL Database
8000 NetScaler Load Balancing Monitor
Studio
SQL Database
Licenses
FH 3224-3324 - Framehawk

ICA Protocol
Enlightened Data Transport
636 LDAP SSL
When StoreFront is in the same domain as the controller, StoreFront validates the user
Microsoft Azure
credentials against Active Directory and forwards to the Delivery Controller.
4b
3269 LDAP Global Catalog SSL
STA
Amazon AWS

433 SQL Server 4b

Networking Traffic and Ports: XenApp & XenDesktop Service on Citrix
Cloud
Receiver (External User)
1494 Citrix ICA
When StoreFront is not in the same domain as

b the Delivery Controller, credentials are forwarded to the Delivery Controller for
389/636
Citrix XenServer
2598 Citrix Session Reliability
Pool Master
validation against Active Directory.
StoreFront
XenApp / XenDesktop
The XenDesktop Delivery Controller retrieves a
Controller
80/443 STA 443
5
list of available resources by querying the SQL Database.
StoreFront
XenApp / XenDesktop
VMware vCenter
Controller
8008 ICA for HTML5
The list of available resources is sent to 6
StoreFront, which populates the user’s Citrix Receiver, Windows Start Menu or browser
1433
Microsoft SCVMM Server
80, 443, or custom - Secure Ticket Authority
8100 WCF
LS 27000, 7279, 8083 - License Server
IA 16500-16509 – ICA Audio
Session Launch
 When the user selects a resource from 1
Receiver, the request is sent to StoreFront through NetScaler Gateway.

Users
Access Control Resources
The ICA protocol integrates the different HDX technologies into the network stack by use of
virtual channels.
StoreFront forwards the resource request to
Drives

kype 2

the Delivery Controller.

Printing
Multitouch

80 HTTP
The Delivery Controller queries the SQL 3
Database to determine an appropriate host to
Keyboard / ICA
Mouse
Audio Clipboard
Seamless Smartcards
Windows
Adaptive Display

Users Access Control Resources Host

389 LDAP
11
7
9
443 SSL/TLS
fulfill the request.
Delivery Group
Devices
6
Mobile
Multimedia Sensors Generic USB

lash External Users

NetScaler Gateway
1494 Citrix ICA
4
The Delivery controller sends the host and connection information to StoreFront (443).
16
8
The ICA protocol utilizes adaptive transport orchestration to send the packets across the network
with either TCP or EDT (Enlightened Data Transport – Citrix proprietary intelligent UDP-based
transport protocol), based on network conditions and capabilities.
2598 Citrix Session Reliability
3268 LDAP Global Catalog
8100 WCF
AD
123 – W32Time
2
135 – RPC 464 – Kerberos
4
49152-65535 – LSA, SAM, Netlogon 389 – LDAP 636 – LDAP SSL
3
Pooled Windows Desktops
7
HTML5 Receiver (External User)
443 443 443 NetScaler Gateway Service
XenApp & XenDesktop Service
Microsoft Azure
5
StoreFront requests and receives a one-time- use ticket via the Secure Ticket Authority.
389 3268
StoreFront generates a launch file, including the ticket information, which is sent to the user
Active Directory
Citrix XenServer
6
through NetScaler Gateway.
5
Drives
Skype

2598
Virtual Desktop
Pool Master
StoreFront
XenApp / XenDesktop Controller

Adaptive
Printing
Multitouch

Transport
8
(TCP or EDT)
Multimedia
Flash

AD
1494
Citrix Receiver uses the launch file and makes a connection to the NetScaler Gateway (443).
Keyboard / ICA
Mouse
 Audio Clipboard
Seamless Smartcards
Windows
Adaptive Display

80
VMware vCenter
3268 – LDAP Global Catalog 3269 – LDAP Global Catalog SSL
NetScaler Gateway validates the ticket with the STA (80 or 443)

3 – DNS Mobile

Microsoft SCVMM Server

8 – Kerberos Sensors
Cloud

45 - SMB Generic USB

Connector
9
SQL Database
Amazon AWS

ersion 1.02 NetScaler Gateway initiates a connection to the resource (1494 or 2598) on the user’s
behalf.