XenApp 6.

5 for Windows Server 2008 R2

© 2011 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement

Contents

XenApp 6.5 for Windows Server 2008 R2 XenApp 6.5 for Windows Server 2008 R2 About This Release Known Issues System Requirements Plan Design and Plan Farm Terminology and Concepts Planning a Successful User Experience Farm Hardware Considerations Planning for Applications and Server Loads Assessing Applications for XenApp Compatibility Evaluating Application Delivery Methods Planning for Application Streaming Placing Applications on Servers Determining the Number of XenApp Servers to Deploy Deciding How Many Farms to Deploy Planning Server Functions Planning the XenApp Data Store Database Server Hardware Performance Considerations Replication Considerations Planning for Configuration Logging and IMA Encryption Planning for Data Collectors Designing Zones for a XenApp Deployment Planning for the Web Interface and XML Broker Planning for Accounts and Trust Relationships Recommendations for Active Directory Environments Planning for System Monitoring and Maintenance Planning for UAC

22 23 26 29 34 39 43 47 51 53 54 55 56 59 60 64 65 67 68 70 72 73 74 75 78 80 82 85 86

2

Planning for Shadowing Securing Delivery and Access Planning for Supported Languages and Windows MUI Support Planning for Passthrough Client Authentication Install and Configure Install and Configure Preparing to Install and Configure XenApp Before Installing XenApp Before Configuring XenApp Installing XenApp Using the Wizard-Based Server Role Manager Installing XenApp from the Command Line Configuring XenApp Server Role License Information Configuring XenApp Using the Wizard-based Server Configuration Tool Configuring XenApp from the Command Line Configuration Command Syntax Preparing for XenApp Imaging and Provisioning Removing Roles and Components Data Store Database Reference Microsoft SQL Server Database Oracle Database Migrate XenApp Migration Center Migration Center Interfaces Objects You Can Migrate Requirements and Installation Migrating XenApp Using the Graphical Interface Migrating XenApp Using the Command Line Interface Cmdlet Reference Post-migration Tasks Indirect Migrations and Advanced Cmdlets Manage XenApp 6 for Windows 2008 R2 Management Consoles and Other Tools To start the AppCenter and discover servers To view zones To refresh user data automatically Managing Citrix Administrators

87 88 89 90 91 93 94 95 97 99 101 104 106 110 112 118 123 126 127 130 133 135 137 139 141 144 146 148 154 155 158 160 162 164 165 166 167

3

Delegating Tasks to Custom Administrators Delivering XenApp to Software Services Subscribers To enable Windows 7 look and feel and control desktop customization Working with Citrix Policies Navigating Citrix Policies and Settings Creating Citrix Policies Working with Citrix Policy Templates Creating Policy Templates Importing and Exporting Policy Templates Comparing Policies and Templates Configuring Policy Settings To add settings to a policy Applying Citrix Policies To add filters to a policy Managing Multiple Policies Prioritizing Policies and Creating Exceptions Determining Which Policies Apply to a Connection To simulate connection scenarios with Citrix policies Applying Policies to Access Gateway Connections Enabling Scanners and Other TWAIN Devices Managing Session Environments and Connections Defining User Environments in XenApp Controlling the Appearance of User Logons Controlling Access to Devices and Ports To enable user execute permissions on mapped drives Displaying Local Special Folders in Sessions Configuring Audio for User Sessions To enable or disable audio for published applications To configure bandwidth limits for audio To configure audio compression and output quality To enable support for microphones and speakers To use and set sound quality for digital dictation devices Ensuring Session Continuity for Mobile Workers Maintaining Session Activity Configuring Session Reliability Configuring Automatic Client Reconnection Configuring ICA Keep-Alive 4

169 172 175 177 179 181 183 185 187 189 190 192 193 196 197 198 200 202 203 205 207 209 210 211 212 213 216 217 218 219 220 221 222 224 225 226 228

Session Linger Managing and Monitoring XenApp Sessions Monitoring Session Information Viewing User Sessions Viewing User Sessions with the Shadow Taskbar Enabling Logging for Shadowing Enabling User-to-User Shadowing with Policies Controlling Client Connections in XenApp Preventing Specific Client Connection Types Specifying Connection Limits Limiting Connections to a Server Farm Sharing Sessions and Connections Limiting Application Instances Logging Connection Denial Events Configuring the ICA Listener Preventing User Connections During Farm Maintenance Optimizing User Sessions for XenApp Optimizing Audio and Video Playback Configuring Windows Media Redirection Optimizing Flash Content Optimizing Throughput of Image Files Optimizing Display of Image Files Optimizing Keyboard and Mouse Responsiveness Configuring SpeedScreen Latency Reduction Adjusting SpeedScreen Latency Reduction for an Application To configure latency reduction settings for input fields in an application To create exception entries for non-standard input fields in an application Configuring HDX Broadcast Display Settings Enhancing the User Experience With HDX Configuring HDX MediaStream Flash Redirection Configuring HDX MediaStream Flash Redirection on the Server Configuring HDX MediaStream Flash Redirection on the User Device Configuring Audio Avoiding Echo During Multimedia Conferences With HDX RealTime

229 230 233 234 235 237 238 240 241 242 243 244 246 247 248 249 250 251 253 254 255 256 257 258 259 262 264 266 267 268 270 275 280 284

5

Video Conferencing with HDX RealTime Webcam Video Compression Increasing 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic Adding Dynamic Windows Preview Support Configuring Read-Only Access to Mapped Client Drives Securing Server Farms Securing Access to Your Servers Securing the Data Store Securing Client-Server Communications Using SecureICA Enabling SSL/TLS Protocols To configure session data encryption To set a policy for ICA encryption Configuring SSL/TLS Between Servers and Clients Obtaining and Installing Server and Root SSL Certificates Choosing an SSL Certificate Authority Acquiring a Signed SSL Certificate and Password To enable the SSL Relay and select the relay credentials Using the SSL Relay with the Microsoft Internet Information Service (IIS) Configuring the Relay Port and Server Connection Settings To run the SSL Relay on port 443 without using HTTPS Configuring the Ciphersuites Allowed by the SSL Relay Using the Secure Gateway Using the Secure Ticket Authority Securing Network Communications Configuring TCP Ports Using Proxy Servers Configuring Authentication for Workspace Control Using Smart Cards with XenApp Configuring Kerberos Logon Logging Administrative Changes to a XenApp Farm Setting up the Configuration Logging Database Defining Database Permissions for Configuration Logging To configure the connection to the Configuration Logging database To set Configuration Logging properties Clearing Entries from the Configuration Logging Database 6

285 287 288 290 291 292 293 294 296 297 298 299 300 301 303 304 305 306 307 308 310 311 312 313 315 316 317 318 319 321 323 325 327 329 330 331

Encrypting Configuration Logging Data To generate a key and enable IMA encryption on the first server in a farm To load a key on servers that join the farm Managing IMA Encryption XenApp Service Account Privileges Maintaining Server Farms To search for objects in your farm To change a server's desktop settings To limit the number of server connections per user To enable or deny logons to servers Restarting Servers at Scheduled Times Removing and Reinstalling XenApp To rename a XenApp server To move or remove a server Monitoring Server Performance with Health Monitoring & Recovery Using Citrix Performance Monitoring Counters Using Worker Groups for Enhanced Resource Access To create a worker group Creating and Prioritizing Load Balancing Policies Enhancing the Performance of a Remote Group of Servers Using Preferential Load Balancing Resource Allotment Multiple Published Applications in the Same Session Managing CPU Usage Deploying virtual memory optimization Managing Farm Infrastructure Maintaining the Local Host Cache Tuning Local Host Cache Synchronization To configure zones and back-up data collectors Updating Citrix License Server Settings To set the product edition Configuring the Citrix XML Service Port and Trust To manually change the XML Service port to use a port different from IIS after installation To manually configure Citrix XML Service to share the TCP port with IIS Manage Server and Resource Loads

332 334 335 336 337 342 343 344 345 346 347 348 350 351 352 355 357 360 361 362 363 364 367 368 370 373 374 375 376 378 379 380 382 383 384

7

To create a new load evaluator List of Load Management Rules Assigning Load Evaluators to Servers and Applications Scheduling Server Availability Power and Capacity Management About Load Consolidation and Power Management Installing Power and Capacity Management System Requirements for Power and Capacity Management Interactively Installing Components Silently Installing Components Upgrading Administration Components Removing Components Configuring and Using Power and Capacity Management Configuring a Server Profile Configuring Server Properties Setting Global Configuration Values Configuring Sites Adding Virtual Machine Managers Managing the Concentrator Creating Setpoints and Schedules Enabling Load Consolidation and Power Management Understanding XenApp Printing Introduction to Windows Printing Concepts Local and Remote Print Job Spooling XenApp Printing Concepts Overview of Client and Network Printing Pathways Provisioning Printers for Sessions Auto-Creating Client Printers Auto-Creating Network Printers Letting Users Provision Their Own Printers Device or Session-Based Print Settings Device-Based Print Settings Controlling Printing Settings and User Preferences Setting Default Printers Printing and Mobile Workers Optimizing Printing Performance by Routing Managing Printer Drivers

386 387 389 391 392 394 396 397 401 403 409 410 411 415 417 419 420 421 423 425 428 429 430 432 434 435 440 442 446 447 448 449 450 453 454 456 457

8

Planning Your Printing Configuration Default Printing Behavior Printing Policy Configuration Printing Security Purchasing Printing Hardware Configuring and Maintaining XenApp Printing Configuring Printer Autocreation Settings Configuring Citrix Universal Printing Configuring Network Printers for Users To add a network printer while configuring the Session printers setting To specify a default printer for a session To edit the printer settings in the sessions policy To configure server local printers Configuring Printers for Mobile Workers Changing Network Print Job Routing Providing Tools for User Provisioning To store users’ printer properties To synchronize properties from the printer Controlling Printer Driver Automatic Installation Configuring Universal Printer Drivers on Farm Servers Mapping Client Printer Drivers Improving Session Performance by Limiting Printing Bandwidth Displaying Printers Managing Printers Using the Network Printing Pathway Displaying Printers Using the Client Printing Pathway XenApp Server Utilities Reference ALTADDR APP AUDITLOG CHANGE CLIENT CTXKEYTOOL CTXXMLSS DSCHECK DSMAINT ENABLELB ICAPORT IMAPORT 9

459 460 461 462 463 464 465 466 468 469 470 471 472 473 474 475 477 478 479 482 484 486 488 489 490 491 492 494 497 500 504 506 508 510 515 516 518

QUERY FARM QUERY PROCESS QUERY SESSION QUERY TERMSERVER QUERY USER Performance Counters Reference Citrix CPU Utilization Mgmt User Counters Citrix IMA Networking Counters Citrix Licensing Counters Citrix MetaFrame Presentation Server Counters ICA Session Counters Secure Ticket Authority Counters Policy Settings Reference Policy Settings: Quick Reference Table ICA Policy Settings Audio Policy Settings Auto Client Reconnect Policy Settings Bandwidth Policy Settings Desktop UI Policy Settings End User Monitoring Policy Settings File Redirection Policy Settings Flash Redirection Policy Settings Graphics Policy Settings Caching Policy Settings Keep Alive Policy Settings Legacy Server Side Optimizations Policy Settings Multimedia Policy Settings Multi-Stream Connections Policy Settings Port Redirection Policy Settings Printing Policy Settings Client Printers Policy Settings Drivers Policy Settings Universal Printing Policy Settings Security Policy Settings Server Limits Policy Settings Session Limits Policy Settings Session Reliability Policy Settings

520 523 525 527 529 531 532 533 534 535 537 540 541 542 548 550 552 553 558 559 560 565 569 571 572 573 574 576 578 580 582 585 587 590 592 593 595

10

Shadowing Policy Settings Time Zone Control Policy Settings TWAIN Devices Policy Settings USB Devices Policy Settings Visual Display Policy Settings Moving Images Policy Settings Still Images Policy Settings Licensing Policy Settings Power and Capacity Management Policy Settings Server Policy Settings Connection Limits Policy Settings Database Policy Settings Health Monitoring and Recovery Policy Settings Memory Optimization Policy Settings Offline Applications Policy Settings Reboot Behavior Policy Settings Server Session Settings Virtual IP Policy Settings XML Service Policy Settings Publish Publish Publishing in XenApp Evaluating Application Delivery Methods Publishing Resources using the AppCenter To configure servers to publish for multiple users To publish a resource using the Publish Application wizard To select a resource type and delivery method To configure locations of published applications To configure locations of published content To disable command-line validation To pre-launch applications to user devices Publishing Applications for Streaming New Features in This Release System Requirements for Application Streaming Application Streaming Overview Components for Application Streaming Deciding Which Plug-ins to Use for Application Streaming

597 599 600 601 603 604 605 607 608 609 612 613 615 616 619 620 623 624 626 627 629 630 631 634 636 637 639 641 642 643 644 647 649 650 653 655 658

11

Providing Single Sign-on for Streamed Applications Creating Application Profiles Targets Overview Service Pack Level System Drive Letter Operating System Language Inter-Isolation Communication Overview Isolating Services Specifying Trusted Servers for Streamed Services and Profiles Managing Isolation Environment Rules Types of Isolation Environment Rules Restrictions and Limitations for Rules Creating Isolation Environment Rules for a Target To create an isolation environment rule To modify a rule Using Environment Variables to Construct Rules Preparing a Workstation for Profiling Applications Known Limitations for Profiling To install the profiler To disable and enable profile signing To start the profiler Creating a Profile and Its Initial Target To create a profile and target To allow users to update applications To set up inter-isolation communication To select an install option To install multiple applications through Advanced Install To choose an installation program for the application To create a virtual hard disk To support legacy plug-ins To install Internet Explorer plug-ins To include files and folders in a target To include registry settings To install an application in the profile To run an application in the profiler To select applications for listing in the profile 12

660 661 663 665 666 667 668 669 670 673 674 677 678 679 680 681 683 685 686 687 688 689 690 693 694 696 697 698 700 702 703 704 705 706 707 708

To sign a profile Editing Profiles To view profile information To edit the profile name, description, or location To view details about applications in a profile To view File Type Associations set in a profile To check for launch prerequisites To check for prerequisite registry entries To check for prerequisite applications and files To specify pre-launch and post-exit scripts To add a target to a profile To resolve target conflicts To resolve invalid shortcuts To delete a target from a profile To delete a folder from a profile To remove a profile from a linked profile Editing Targets To edit the target name and description To modify the application properties in the target To modify the operating system and language properties of a target To update a target To remove an old version of an updated target Profile Contents on the Server Manifest File Targets Digital Signature Icons Scripts Publishing Streamed Applications To select a streaming delivery method To force a delivery method for streamed applications To provide HTTP or HTTPS delivery method Configuring Offline Access Offline Plug-in 6.5 for Windows New Features in This Release System Requirements for Application Streaming Citrix Offline Plug-in Overview 13

709 710 711 712 713 714 715 716 718 719 720 721 723 724 725 726 727 728 729 731 732 733 734 735 736 737 738 739 740 741 743 745 748 751 752 753 756

Deciding Which Plug-ins to Use for Application Streaming Specifying Trusted Servers for Streamed Services and Profiles Using the Merchandising Server and Citrix Receiver Updater to Deploy the Plug-ins To install the Offline Plug-in To deliver the AppHubWhiteList to user devices To configure the cache size of the Offline Plug-in To deploy the Offline Plug-in using the command-line To configure an .MSI package for the Offline Plug-in using transforms To deploy the Offline Plug-in to user devices through Active Directory To deploy applications to user devices To clear the streamed application cache on user devices To clear merged rules for linked profiles on user devices Configuring Content Redirection To enable content redirection from server to client To configure content redirection from client to server Managing Application Properties To rename a published application To configure locations of servers for published resources To specify locations of applications for streaming To enable an application for offline access To configure user access to applications Granting Access to Explicit or Anonymous Users To configure shortcuts for user devices To configure access controlled by the Access Gateway To associate published applications with file types To update file type associations To configure alternate profiles To pass parameters to published applications To reduce user privileges for a streamed application To configure application limits and importance To configure audio and encryption options for published applications To configure application appearance To disable or enable a published application To delete a published application

757 759 762 763 765 766 767 769 770 771 773 775 776 777 779 780 781 782 783 784 785 787 788 789 790 792 794 795 796 797 798 800 801 802

14

To move a published application to another folder To duplicate published application settings To export published application settings to a file To import published application settings from a file Making Virtual IP Addresses Available to Applications How Virtual IP Addressing Works Binding Applications To determine whether an application needs to use virtual IP addresses To make virtual IP addresses available to applications running in sessions To make a virtual loopback address available to applications running in sessions To supply client IP addresses to published applications on a server VM Hosted Apps System Requirements Plan Install and Set Up Installing and Removing Server Components for VM Hosted Apps To configure a VM hosted apps site To replace the default XenServer SSL certificate Installing and Removing the Virtual Desktop Agent To configure firewalls manually To deploy the Virtual Desktop Agent using Active Directory Group Policy Objects To use Windows XP virtual desktops with Single Sign-on Manage Working With Machine Catalogs and Desktop Groups To create an application desktop group Managing Application Desktop Groups Working With Applications To create an application To modify applications To manage applications sessions Organizing Applications with Folders and Tags Customize Configuring USB Support for VM Hosted Apps Publishing App-V Sequences in XenApp

803 804 805 806 807 808 809 810 811 812 813 815 818 819 822 823 825 828 830 832 833 834 835 836 838 839 840 842 844 846 848 849 850 854

15

XenApp Connector for Configuration Manager 2007 System Requirements for XenApp Connector for Configuration Manager 2007 Install and Set Up XenApp Connector Uninstalling XenApp Connector Enabling Power and Capacity Management for XenApp Connector Deploying Applications to XenApp Servers and Publishing Applications with XenApp Connector To publish applications with XenApp Connector for Configuration Manager 2007 Deploying WSUS Updates to XenApp Servers with XenApp Connector Viewing and Maintaining Log Files Enterprise Management Enterprise Management Management Pack for System Center Operations Manager 2007 System Requirements for the Management Pack To install the Management Pack Management Pack Post-Installation Tasks Uninstalling the Management Pack Security Considerations for the Management Pack Troubleshooting Query Errors in Operations Manager Citrix Managed Objects Included in the Management Pack Citrix Views Included in the Management Pack To view state monitors and processing rules Viewing XenApp Alert and Event Information Viewing XenApp Deployment State Information Viewing Citrix Presentation Server Topology Diagrams To reconfigure security settings on zone data collectors Viewing XenApp Performance Information Viewing License Server Information Configuring and Enabling Site-specific Monitors To open the AppCenter from the Operations Manager Console Installation Manager Requirements and Installation Using the Installation Manager Console Using Installation Manager PowerShell Cmdlets Installation Manager Messages Reference Managing Providers and WMI

858 859 861 865 866 868 871 873 874 876 877 879 881 882 883 884 885 886 887 888 889 890 891 892 896 897 898 899 901 902 904 907 911 917 923

16

XenApp Provider Overview Licensing Provider Overview Installing the XenApp Provider Installing the Licensing Provider Starting the Provider Services Security Considerations Uninstalling the Providers WMI Schema XenApp Provider WMI Schema (Part 1 of 3) XenApp Provider WMI Schema (Part 2 of 3) XenApp Provider WMI Schema (Part 3 of 3) Citrix Licensing Provider WMI Schema Optimize WAN Access Provision Secure Enterprise Network Secure Gateway Citrix XenApp Components That Work with Secure Gateway Secure Gateway Features System Requirements for Secure Gateway Certificate Requirements Planning a Secure Gateway Deployment Deploying the Secure Gateway in a Single-Hop DMZ Running the Web Interface behind the Secure Gateway in the Demilitarized Zone Locking Down Internet Information Services Running the Web Interface Parallel with the Secure Gateway Setting Up the Web Interface and the Secure Gateway in a Single-Hop Demilitarized Zone Deploying the Secure Gateway in a Double-Hop DMZ Setting Up the Secure Gateway and the Secure Gateway Proxy in a Double-Hop DMZ Publishing the Web Address for the Secure Gateway in a Double-Hop Demilitarized Zone Setting Up and Testing a Server Farm Installing the Secure Ticket Authority Testing Your Deployment Installing and Configuring the Secure Gateway and Secure Gateway Proxy Upgrading Secure Gateway or Secure Gateway Proxy

924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 945 947 949 950 952 954 955 956 957 960 961 962 963 964 965 966

17

Using Firewall Software with the Secure Gateway or Secure Gateway Proxy Installing the Secure Gateway or Secure Gateway Proxy To install the Secure Gateway or Secure Gateway Proxy Configuring the Secure Gateway or Secure Gateway Proxy To start the configuration wizard manually To select a configuration level (Secure Gateway) To select a configuration level (Secure Gateway Proxy) Task Summary for Secure Gateway, Advanced or Standard Configuration Task Summary for Secure Gateway Proxy, Advanced or Standard Configuration To select a server certificate To configure secure protocol settings To configure inbound client connections To configure outbound connections To configure an access control list for outbound connections To configure servers running the Secure Gateway Proxy To add the Secure Ticket Authority details To configure connection parameters To configure logging exclusions To add the Web Interface server details To configure the logging parameters To complete the configuration To stop the Secure Gateway/Secure Gateway Proxy service To uninstall the Secure Gateway Managing the Secure Gateway Viewing Session and Connection Information with the Secure Gateway Console Viewing Secure Gateway Performance Statistics To view the Secure Gateway performance statistics Performance Counters Available for the Secure Gateway Generating the Secure Gateway Diagnostics Report Viewing the Secure Gateway Events Viewing the Secure Gateway Access Logs Secure Gateway Configuration Wizard Secure Gateway Optimization and Security Guidelines Configuring Firewalls for the Secure Gateway

967 968 969 970 971 972 973 974 975 976 977 978 979 980 982 983 984 985 986 987 988 989 990 991 992 994 995 996 1000 1001 1003 1004 1005 1006

18

Ensuring High Availability of the Secure Gateway Load Balancing Multiple Secure Gateway Servers Load Balancing an Array of the Secure Gateway Proxy

1007 1009 1010

Certificate Requirements for Load Balancing Secure Gateway 1011 Servers Using Load Balancers and SSL Accelerator Cards with Secure Gateway Servers 1012

Coordinating Keep-Alive Values Between the Secure Gateway and 1013 Citrix XenApp Setting Connection Keep-Alive Values and the Secure Gateway Improving Security (Recommendations) Preventing Indexing by Search Engines Troubleshooting the Secure Gateway To check your certificates Client Connections Launched from IP Addresses in the Logging Exclusions List Fail Load Balancers Do Not Report Active Client Sessions if Connections Are Idle Performance Issues with Transferring Files Between a User Device and a Citrix XenApp Server Gateway Client Connections Fail When Using Windows XP Service Pack 2 Failed Client Connections to the Secure Gateway Result in Duplicate Entries in the Secure Gateway Log Placing the Secure Gateway Behind a Reverse Web Proxy Causes an SSL Error 4 Run the Secure Gateway Parallel to the Reverse Web Proxy Use a Network Address Translator Instead of a Reverse Web Proxy Digital Certificates and the Secure Gateway Understanding Cryptography Types of Cryptography Combining Public Key and Secret Key Cryptography Understanding Digital Certificates and Certificate Authorities Certificate Chains Certificate Revocation Lists Deciding Where to Obtain Certificates Obtaining and Installing Server Certificates Obtaining and Installing Root Certificates Support for Wildcard Certificates with the Secure Gateway Secure Application Access Monitor 1014 1015 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1036 1038 1039 1041 1043 1044 1045 1046

19

Record Record System Requirements for SmartAuditor Example Usage Scenarios Getting Started with SmartAuditor Planning Your Deployment Security Recommendations Installing Certificates Scalability Considerations Important Deployment Notes Pre-Installation Checklist To install SmartAuditor Automating Installations To configure SmartAuditor to play and record sessions Granting Access Rights to Users Creating and Activating Recording Policies Using System Policies Creating Custom Recording Policies To create a new policy To modify a policy To delete a policy To activate a policy Understanding Rollover Behavior To disable or enable recording To configure the connection to the SmartAuditor Server Creating Notification Messages Enabling Custom Event Recording To enable or disable live session playback To enable or disable playback protection To enable and disable digital signing To specify where recordings are stored Specifying File Size for Recordings Viewing Recordings To launch the SmartAuditor Player To open and play recordings To search for recorded sessions To play recorded sessions

1047 1048 1051 1054 1055 1057 1060 1061 1062 1065 1066 1067 1069 1070 1072 1073 1074 1075 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1091 1092 1093 1094 1096 1098

20

To use events and bookmarks To change the playback display To display or hide window elements To cache recorded session files To change SmartAuditor Servers Troubleshooting SmartAuditor Verifying Component Connections Testing IIS Connectivity Troubleshooting Certificate Issues SmartAuditor Agent Cannot Connect SmartAuditor Server Cannot Connect to the SmartAuditor Database Sessions are not Recording Searching for Recordings in the Player Fails Troubleshooting MSMQ Unable to View Live Session Playback To change your communication protocol Reference: Managing Your Database Records Single Sign-on Automate

1101 1104 1106 1107 1109 1110 1111 1113 1115 1116 1117 1118 1119 1120 1121 1122 1124 1126 1127

21

XenApp 6.5 for Windows Server 2008 R2

About This Release Known Issues for XenApp 6.5 System Requirements for XenApp 6.5

Publishing Resources Enhancing the User Experience With HDX Delivering XenApp to Software Services Subscribers (Windows Desktop Experience Integration) Power and Capacity Management Profile Management Licensing Your Product Web Interface Receiver (Updater) for Windows Receiver (Updater) for Macintosh

Issues Fixed for XenApp 6.5 Installing and Configuring XenApp 6.5 XenApp Migration Center Designing a XenApp Deployment Receiver For Windows Self-service Plug-in

Other XenApp Features
Citrix XenApp™ includes additional features in each edition to help enhance the user application virtualization experience. This table includes links to the product documentation located in Citrix eDocs or in the Citrix Knowledge Center describing these features.

Desktop Director Provisioning Services Service Monitoring (EdgeSight) Single Sign-on Branch optimization powered by Citrix Branch Repeater SmartAccess powered by Citrix Access Gateway™ Doc Finder

VM Hosted Apps XenApp Connector for Configuration Manager 2007 R2 Smart Auditor Load testing services Secure Gateway XenVault Workflow Studio orchestration

22

5 for Windows Server2008 R2 This release includes several new features and enhancements to Citrix XenApp.About Citrix XenApp 6. 23 .

published resources. helps minimize delays when users reconnect to existing sessions. Fast Reconnect. q Citrix HDX Enhancements XenApp includes the latest HDX enhancements: q HDX MediaStream Flash Redirection Audio Settings Multimedia Conferencing with HDX RealTime Increased 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic q q q q 24 . See Delivering XenApp to Software Services Subscribers for more information. By implementing Session Linger policy settings. rather than terminating when users close applications. sessions remain alive for a configurable period before termination. When installed and enabled. see System Requirements. and sessions. this feature also removes the Windows Server Manager Console from the XenApp server's toolbar and relocates the Citrix XenApp administrative tools such as the AppCenter to the Start menu's Administrative Tools\Citrix folder.5 for Windows Server 2008 R2 What's New q Server Platform Support The XenApp software can be installed on the following platforms. q Session Pre-launch. server farms. this feature provides a Windows 7 look and feel including desktop customization. By using configurable Session Pre-launch policy settings. you can configure and monitor servers. For Citrix XenApp. q Citrix AppCenter The AppCenter provides a streamlined interface for performing management functions. From the AppCenter. such as Citrix Secure Access and Citrix Single Sign-On.XenApp 6. Session Linger. a session is started automatically when a user logs on to the farm. For all system requirements. PowerShell script options enable administrators to control desktop and environment defaults while allowing end users to customize their desktops. built into XenApp and requiring no configuration. q Microsoft Windows Server 2008 R2 q q Microsoft Windows Server 20008 R2 Service Pack 1 Windows Desktop Experience Integration Installed by default when installing the XenApp server role. you can manage components administered through other Citrix products. and Fast Reconnect This collection of features improves the user experience by eliminating delays when launching and maintaining sessions.

XenApp 6. Universal Printing policy settings enable the administrator to control print quality.5 for Windows Server 2008 R2 q Dynamic Windows Preview Support q Migration Center with Graphical User Interface With the choice of using a PowerShell cmdlet command line or graphical user interface. lower bandwidth required for printing. q Improved Performance for Pooled Desktops Application launch time in pooled desktop environments is improved through the use of virtual hard disks. See the printing topics in the Manage node of this documentation for more information. and improved user experience when printing to redirected client printers. the application is launched from the virtual hard disk. See XenApp Migration Center for requirement and installation information. the virtual hard disk is mounted and all the profile contents are copied to the virtual hard disk. Using the Streaming Profiler. 25 . For all subsequent launches. virtual hard disks can be created when profiling an application. and other XenApp object types from farms running previous versions of XenApp into XenApp 6. folder. resulting in a speedier launch. and optimization defaults. q Printing Optimization XenApp printing features include improved print session performance. spooling. server configuration.5 farms. XenApp administrators can import application. When the application is launched for the first time.

About Citrix XenApp 6.5 for Windows Server2008 R2 This release includes several new features and enhancements to Citrix XenApp. 26 .

and sessions. By using configurable Session Pre-launch policy settings. and Fast Reconnect This collection of features improves the user experience by eliminating delays when launching and maintaining sessions. this feature also removes the Windows Server Manager Console from the XenApp server's toolbar and relocates the Citrix XenApp administrative tools such as the AppCenter to the Start menu's Administrative Tools\Citrix folder. See Delivering XenApp to Software Services Subscribers for more information. For all system requirements. sessions remain alive for a configurable period before termination. For Citrix XenApp. q Session Pre-launch. q Citrix AppCenter The AppCenter provides a streamlined interface for performing management functions. By implementing Session Linger policy settings. Fast Reconnect. helps minimize delays when users reconnect to existing sessions. published resources. PowerShell script options enable administrators to control desktop and environment defaults while allowing end users to customize their desktops. this feature provides a Windows 7 look and feel including desktop customization. q Microsoft Windows Server 2008 R2 q q Microsoft Windows Server 20008 R2 Service Pack 1 Windows Desktop Experience Integration Installed by default when installing the XenApp server role.About This Release What's New q Server Platform Support The XenApp software can be installed on the following platforms. From the AppCenter. see System Requirements. you can manage components administered through other Citrix products. rather than terminating when users close applications. you can configure and monitor servers. When installed and enabled. q Citrix HDX Enhancements XenApp includes the latest HDX enhancements: q HDX MediaStream Flash Redirection Audio Settings Multimedia Conferencing with HDX RealTime Increased 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic q q q q 27 . server farms. Session Linger. a session is started automatically when a user logs on to the farm. such as Citrix Secure Access and Citrix Single Sign-On. built into XenApp and requiring no configuration.

the virtual hard disk is mounted and all the profile contents are copied to the virtual hard disk. q Printing Optimization XenApp printing features include improved print session performance. folder. XenApp administrators can import application. spooling. See XenApp Migration Center for requirement and installation information. q Improved Performance for Pooled Desktops Application launch time in pooled desktop environments is improved through the use of virtual hard disks. and optimization defaults. For all subsequent launches. Universal Printing policy settings enable the administrator to control print quality. lower bandwidth required for printing. and improved user experience when printing to redirected client printers. and other XenApp object types from farms running previous versions of XenApp into XenApp 6. server configuration. Using the Streaming Profiler. 28 . virtual hard disks can be created when profiling an application. the application is launched from the virtual hard disk.About This Release q Dynamic Windows Preview Support q Migration Center with Graphical User Interface With the choice of using a PowerShell cmdlet command line or graphical user interface. When the application is launched for the first time. See the printing topics in the Manage node of this documentation for more information.5 farms. resulting in a speedier launch.

Known Issues for XenApp 6.0 Contents q Installation Issues SmartAuditor Issues Application Streaming Issues Single Sign-on Issues Other Known Issues q q q q 29 .5 for Windows Server 2008 R2 Readme Version: 1.

[#261892] SmartAuditor Issues q The SmartAuditor Player might fail to correctly display sessions launched with Citrix Receiver for Windows 3. you may see user interface crashes or other failures if you select this component to install from a network location.ps1 script from CTX130208 in the Citrix Knowledge Center and replace the script on the XenApp server. the PowerShell and Server Manager icons are not removed from the Taskbar as expected. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. The Configuration Manager Console Extension operates normally after installation. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. [#0034277] q After installing the Windows Desktop Experience Integration role through the XenApp Server Role Manager on a computer running a non-English operating system and configuring the CtxStartMenuTaskbarUser Group Policy Object (GPO). download the updated Enable-CtxDesktopExperienceUser. To prevent this. Citrix recommends that you install the Provisioning Services Target Device software using one of the following methods [#229881]: q Install from a local DVD image or ISO Copy the installation media locally before performing the installation Select Manually Install Components from the Autorun menu q q q q Install with a command-line installation If you are installing the Configuration Manager Console Extension component of the XenApp Connector for Configuration Manager 2007 on a computer that has a remote Configuration Manager console installed. ignore this warning and continue installing the Configuration Manager Console Extension. This occurs because the script Enable-CtxDesktopExperienceUser. [#254644] 30 . Be sure to back up the registry before you edit it. Use Registry Editor at your own risk. Additionally. Install will continue. disable the gradient fill feature on the XenApp server hosting the sessions by creating this DWORD registry on the server and setting its value to 1: HKLM\SOFTWARE\Citrix\Ica\Thinwire\DisableGdiPlusSupport. but the console extension feature will not be operable without ConfigMgr.Known Issues Installation Issues q The Provisioning Services Target Device software resets your network connection during install. this warning might display: “Configuration Manager Console Extension is selected. the Internet Explorer and Windows Media Player icons are not added to the Taskbar. As a result. but ConfigMgr 2007 R2 or higher is not installed. To resolve this issue. instead showing a black screen in the Player window. Sessions recorded after this change is made display correctly.ps1 does not run correctly on non-English operating systems.” If the installed Configuration Manager console is from Microsoft System Center Configuration Manager 2007 R2 or R3.0.

Known Issues q The SmartAuditor Player might fail to play sessions launched with the Citrix Online Plug-in for Windows 12.microsoft.2 or IBM ClearQuest. For best practices for streaming Office 2010 applications. change ”12.[#260133] q Application Streaming Issues Issues for streaming Microsoft Office applications: q Profiling Microsoft Office 2010 SP1 is not supported in this release.00. the fonts load correctly when the applications are launched on the user device.citrix. To fix the issue.99. If this occurs. [#223553] There are no workarounds for these issues.com/article/CTX124565 in the Citrix Knowledge Center.1 or Citrix Receiver for Windows 3. you might receive an Access Denied error for Microsoft Office applications that are streamed to server. see http://support.1. change ”12. edit this text in the SmAudPlayer. even when Excel 2007 is also streamed.0.exe /regserver. To play these sessions. run: %SystemDrive%\Program Files (x86)\Citrix\System32\mfreg. if the operating system fails with a blue screen.exe. update the profiling workstation with the latest Windows updates and install the Microsoft Hotfix located at http://support. To prevent this issue. [#248727] Streamed Office Project 2007 has the following known issues: q q Creating Visual Reports in Project 2007 is not supported when users stream Project to their desktops. the option to Enable User Updates fails if the applications are published to stream to client desktops. [#254795.9999”.00.config file: <add key=”Windows” value=”12.00.9999”. q Although the fonts for Office 2010 applications do not load during profiling. [#223304] Running Office Web Components in Project 2007 is not supported on Windows 7 operating systems. [#262465] q q q When profiling Office 2010 on Windows 7 using the streaming profiler.9999”/>. To view sessions launched with Receiver for Windows 3.com/kb/2359223/en-US.9999” to ”13.0. [#262124] While profiling Microsoft Office 2010 applications. To view sessions launched with Online Plug-in for Windows 12. #255780] If SmartAuditor Administration components are installed on a XenApp server. the Citrix AppCenter console might not be able to complete discovery on the server. To resolve this issue. [#259830] 31 . restart the server and run the flushall command again.00. q Third-party known issues for application streaming: q This release does not support streaming IBM Personal Communications 4. do not use that profiling option for Office 2010 applications. [#259362] When using the RadeCache flushall command. the profiling workstation is probably missing Windows updates and a Microsoft Hotfix.9999” to ”12.

[#261051] On user devices that are running double-byte character language operating systems and have the Single Sign-on Plug-in 5. [#262752] The AppHubWhiteList is sometimes deleted when you update the Offline Plug-in.20 or earlier versions on a non-English platform displays the user interface in English. you cannot modify the "Enable User Updates" setting for the profile. [#262709] q Single Sign-on Issues q Features that require the Single Sign-on Service might fail if the Single Sign-on Plug-in 5. for the specified groups of users. the language drop-down located at File > Options > General > Language is blank. add it manually. open the command prompt inside the Profiler. As a workaround.0 Other known issues for application streaming: q q Launching the streamed application SAP 7. There is no workaround for this issue. only one parameter is supported. While profiling. even if you manually select a different setting for subsequent targets. the policy fails to prevent the fallback option. [#262856] q 32 . Input Method Editor (IME) might fail against the question-based authentication dialog boxes for self-service password reset and self-service account unlock.0 runtime library is installed on the user device before installing the Single Sign-on Plug-in. and the application will be delivered as specified in the publishing process. and after installation. [#260029] q After creating the first target. After updating the plug-in. [#252225] The Load Balancing policy fails to prevent a fallback option for delivery of an application published for dual-mode streaming (streamed if possible. ensure that their answers to security questions are in languages that do not require IME. To prevent this. The Load Balancing policy is supposed to be able to override the dual mode and force one or the other delivery method.0 runtime library installed. In this release. multiple parameters are supported. otherwise stream accessed from a server). install the SAP application in the profile. and if missing. If there are no spaces in the parameter. if you add an extra parameter that has spaces.Known Issues q This release does not support streaming to clients through Web Interface on the following browsers: [#262650. The setting that you select for the first target applies to all other targets that you add to this profile.0 installed. 257135] q Microsoft Internet Explorer 9 Mozilla Firefox 4. To allow users to use account self-service from these user devices. ensure that the Visual C++ 8. [#258537] q q An application that is streamed to the server cannot support more than one extra parameter when there is a space character in one of the parameters. In addition.0 is installed on user devices that do not have the Visual C++ 8. disallowing the other. Navigate to the Lang folder (C:\Program Files\SAP\FrontEnd\SAPgui\Lang\) and copy all the files to location C:\Lang\. verify that the AppHubWhiteList is still included with the plug-in.

1-KB2383928-x64 on the server prevents this from occurring. use server-rendered Flash delivery for user devices using WAN connections. You may need to manually disconnect and restart any existing sessions.Known Issues Other Known Issues q XenApp servers might stop responding when multiple users are making frequent connections to the servers. while the AppCenter might correctly display default settings. This issue affects only the display of these settings. [#261879] When using Secure Gateway in an environment where data is encrypted using SSL protocol. [#259611] When publishing content to a XenApp server." [#261647] 33 . This condition is indicated by this system event log message. [#261283] q q q q Published applications might fail to launch. [#254069] Adobe Flash content playback is poor when using server-side content fetching over a slow WAN connection. Installing Service Pack 1 for Windows Server 2008 R2 or Microsoft Hotfix Windows. SSL-secured sessions might disconnect unexpectedly. the XenApp command Get-XAApplication might display that no Access Gateway connections are allowed. To avoid this issue. with picadd as its source: "The Citrix Thinwire driver stopped because it cannot allocate the required memory. use the XenApp SDK to configure and publish content applications. See Microsoft Knowledge Base article #2383928 for more information. if system memory is low. This may result in response failures for the Flash window or Web browser and extremely long buffer times and pauses. displaying a black window in place of the application window. reporting an SSL Library Error 45. the access control settings appear differently depending on whether you view them with the AppCenter console or with the XenApp command Get-XAApplication. To ensure a consistent display of access control settings. For example. users can access the published content normally.

Citrix does not support using a console from a previous XenApp release to manage XenApp 6. 34 . At the time of its release. You can deploy prerequisites with PowerShell cmdlets. Service Monitoring. Citrix does not support installing XenApp on a domain controller. the Microsoft ServerManagerCmd.0 farm.5 System requirements for the XenApp server role and the Citrix AppCenter are described below. including tasks to complete before installing and configuring XenApp. the XenApp Server Role Manager (using the Server Role Installer) automatically installs XenApp prerequisites. plug-ins. System requirements for other XenApp features. For command-line installations. components.1 was also tested and can be used. SmartAuditor. XenApp 6. plug-ins and agents.5 media to manage a XenApp 6. as noted below.0). Web Interface. q You must be in the Administrators group to install and configure the XenApp server role. or the Microsoft Deployment Image Servicing and Management (DISM) tool. you must install the prerequisite software and Windows roles before installing XenApp (except as noted).5 farm. Application Session Recording. and related technologies are described in their respective system requirements documentation. Important: q Do not install XenApp on a domain controller.5 features and correct operation: q Use the Citrix License Server Version 11. You must use the AppCenter from the 6. and Power and Capacity Management. but some XenApp 6.5 farms.System Requirements for XenApp 6. Install the most recent version of any receivers. q q q Deploying Prerequisites During a wizard-based installation. Single Sign-on. that includes receivers. The Citrix Online Plug-in (Web and Full) 12. EdgeSight.0 (with plug-in 13.9 (minimum).5 features will not be available.5 media to manage the XenApp 6.) See Installing and Configuring XenApp for additional guidance.exe command. Provisioning Services. To ensure the availability of XenApp 6. and agents you use. Elevating your privilege to local administrator through User Account Control is not a substitute for Administrators group membership. you can use the AppCenter from the XenApp 6. (However. Do not join servers running this XenApp version to a deployment with servers running previous XenApp versions (including early release and Technical Preview versions).5 was tested with Receiver for Windows 3.

the Citrix XML Service and IIS share a port (default = 80). Standard. You can change the port during or after XenApp configuration.NET Framework 3. the Citrix XML Service defaults to standalone mode with its own port settings. additional research may be needed to determine if current hardware meets the requirements. For complete information. Most servers running the supported operating systems meet the hardware requirements for XenApp with ample processing power to host user sessions accessing the published resources. The IIS role services are listed below. if it is not already installed: q . When this component is installed. When this component is not installed. 35 . it is deployed automatically when you choose to add the XenApp server role from the Autorun menu) Windows Server Remote Desktop Services role (if you do not have this prerequisite installed. XenApp Server Role Supported operating systems: Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (Enterprise. The Server Role Installer checks for installed IIS role services and whether the component is selected or specified. restart the server before starting the XenApp server role installation. q CPU: q 64-bit architecture with Intel Pentium Xeon family with Intel Extended Memory 64 Technology AMD Opteron family AMD Athlon 64 family q q q q Compatible processor Memory: 512MB RAM (minimum) q q Disk space: 32GB (minimum) The XenApp Server Role Manager deploys the following software (except as noted). However.System Requirements If installation of a required Windows role or other software requires a restart (reboot). you will be asked to restart the server and resume the installation when you log on again) Windows Application Server role Microsoft Visual C++ 2005 SP1 Redistributable (x64) Microsoft Visual C++ 2008 SP1 Redistributable (x64) q q q q When you install the XenApp server role. see Before Installing XenApp. the Server Role Manager installs it and enables the RDP client connection option.5 SP1 (this is a prerequisite for the XenApp Server Role Manager. Datacenter. and Foundation). XML and Internet Integration Service (IIS) integration is an optional component.

although not checked for XenApp installation. you can install and run the AppCenter on a separate computer. from the XenApp Autorun menu. For more information.NET Extensibility) Web Server (IIS) > Application Development > ISAPI Extensions Web Server (IIS) > Application Development > ISAPI Filters Web Server (IIS) > Security > Windows Authentication Web Server (IIS) > Security > Request Filtering Web Server (IIS) > Management Tools > IIS 6 Management Compatibility (includes IIS 6 Metabase Compatibility. SP2 Windows XP Professional. 32-bit edition. and IIS 6 Management Console) q q q q q q If you plan to use Philips SpeechMike devices with XenApp. By default. 64-bit edition Windows Server 2008 Enterprise. AppCenter XenApp Management includes the AppCenter. however. SP2 Windows Server 2003 R2. SP3 Windows XP Professional.NET (selecting this automatically selects Web Server (IIS) > Application Development > . Supported operating systems: q Windows Server 2008 R2. 32-bit and 64-bit editions. IIS 6 Scripting Tools.NET Extensibility. 32-bit and 64-bit editions Windows Server 2003. the AppCenter is installed on the same server where you install the XenApp server role. you may need to install drivers on the servers hosting sessions that record audio before installing XenApp.System Requirements q Web Server (IIS) > Common HTTP Features > Default Document (selecting this automatically selects Web Server (IIS) > Management Tools > Management Console. SP2 q q q q q q q q Requirements: 36 . SP1 Windows Server 2008 R2. To install the AppCenter on a workstation. 64-bit edition. IIS 6 WMI Compatibility.NET requires . 32-bit edition. 32-bit and 64-bit editions. 64-bit edition. which is not required or checked for XenApp installation) Web Server (IIS) > Application Development > ASP. see Citrix information on the Philips web site. SP1 Windows Vista Enterprise. ASP. 32-bit and 64-bit editions. select Manually Install Components > Common Components > Management Consoles. SP2 Windows 7 Enterprise.

NET Framework 3.0 (installed by default) For other supported Windows operating systems: MMC 2.0 Microsoft Windows Group Policy Management Console Microsoft Visual C++ 2005 SP1 Redistributable (x64) Microsoft Visual C++ 2008 SP1 Redistributable (x64) Microsoft Visual C++ 2008 SP1 Redistributable Microsoft Visual C++ 2005 SP1 Redistributable Microsoft Primary Interoperability Assemblies 2005 q q q q q q q If you install the AppCenter on a computer that previously contained the Microsoft Group Policy Management Console (GPMC) and a Citrix Delivery Services Console earlier than the version delivered with XenApp 6.0. if it is not already installed: q q Microsoft . and Windows Server 2008 R2 SP1: MMC 3. 37 . Windows Server 2008 R2.System Requirements q Disk space: 25MB Microsoft Management Console (MMC): q q For Windows Vista. Windows 7.0 The XenApp Server Role Manager deploys the following software.0 or 3. you may also need to uninstall and reinstall the Citrix XenApp Group Policy Management Experience (x64) program in order to use the GPMC to configure Citrix policies.5 SP1 Microsoft Windows Installer (MSI) 3. Data Store Database The following databases are supported for the XenApp data store: q Microsoft SQL Server 2008 Express R2 Microsoft SQL Server 2008 Express SP3 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 SP2 Microsoft SQL Server 2005 SP4 Oracle 11g R2 32-bit Enterprise Edition q q q q q Microsoft SQL Server 2008 Express can be deployed for you by the XenApp Server Configuration Tool when creating a XenApp farm.

38 . For information about requirements.System Requirements For information about the latest supported database versions. see Data Store Database Reference. see CTX114501.

where to install the applications on XenApp servers. you have many choices of deployment designs and XenApp features. Becoming familiar with XenApp and XenApp Setup by creating a small. 7. 10. Releasing the farm into production. and to determine and provide the best method of delivery. servers. Determining application to application communication.this includes testing and evaluating the applications and peripheral requirements. Determining the total number of servers you need for your farm and evaluating hardware requirements. Client-side application virtualization: XenApp streams applications on demand to the user device from the Data Center and runs the application on the user device. 39 . To help you understand how a XenApp deployment delivers applications so you can complete planning tasks. back to the application. 4. Determining the number of servers you need for applications. Deciding which applications to deliver to users. Creating and testing a pre-production pilot farm based on your farm design. Defining the installation processes. and relays user actions from the device. XenApp presents each application interface on the user device and relays user actions from the device. which you can tailor for your users' needs. such as keystrokes and mouse actions. back to the application. Creating the network infrastructure design. and which applications can be collocated. consider the following diagram.Design and Plan XenApp is the central software component of the Citrix Windows Application Delivery Infrastructure. VM hosted application virtualization: problematic applications or those requiring specific operating systems run inside a desktop on the Data Center. q q To provide these types of application delivery. XenApp offers three methods for delivering applications to user devices. XenApp presents each application interface on the user device. and virtual desktops: q Server-side application virtualization: applications run inside the Data Center. 5. 2. 8. Determining how you want to deliver applications . A typical process for planning a XenApp farm includes: 1. The goals of XenApp and the Citrix Windows Application Delivery Infrastructure are to deliver on-demand applications to both physical and virtual desktops. one-server or two-server test farm. 9. such as keystrokes and mouse actions. 6. 3.

q On the left of this diagram is Citrix Receiver. and their locations. their devices. which represents the set of devices on which you can install client software. When designing a XenApp deployment.Plan A XenApp deployment consists of three deployment groups: user device (represented in this diagram by Citrix Receiver). you consider how your users work. you consider how applications are deployed based on your user types and their devices. When designing a XenApp deployment. and Virtualization Infrastructure. q q The following diagram shows the access infrastructure in greater detail. 40 . Citrix Receiver manages the client software that enables your users to interact with virtualized applications. and management your organization requires. you provide secure access points for the different types of users in your organization. monitoring. Virtualization Infrastructure represents a series of servers that control and monitor application environments. the number of servers you need. Access Infrastructure. When designing a XenApp deployment. Access Infrastructure represents secure entry points deployed within your DMZ and provide access to resources published on XenApp servers. and which features you want to enable in order to provide the support.

Plan In this access infrastructure diagram: q Citrix Receiver runs the applications. the XenApp servers invoke the correct application delivery type for the user. In this virtualization infrastructure diagram: q The XML service relays information and requests. Remote-site users access applications through sites replicated by Citrix Branch Repeater. The VM Hosted Apps server isolates problematic applications inside a seamless desktop. Session and q q q 41 . Based on Active Directory profiles and policies. The App Hub provides Streamed Application Profiles. The desktop images are provisioned through Provisioning Server. Onsite users within your corporate firewall interact directly with the XenApp Web and Services Site. can be virtualized on the user device or on the server. The Merchandising Server makes available self-service applications to your users through Citrix Dazzle. The XML Service relays requests and information between the Access Infrastructure and the Virtualization Infrastructure. depending on the user profile. which. Session and deployment configuration information are stored in data collectors and a central data store represented by the deployment data store. Off-site users access applications though secure access. such as Access Gateway. The XenApp servers provide server-side application virtualization and session management. which are client-side virtualization applications housed in your enterprise storage. q q q q q The following diagram shows the virtualization infrastructure in greater detail.

SmartAuditor provides session monitoring. Passwords are stored in the account authority. Service Monitoring enables you to test server loads so you can estimate how many servers you need for your deployment and to monitor those servers once they are deployed.Plan server configuration information are stored in the enterprise database. Power and Capacity Management enables you to reduce power consumption and manage server capacity by dynamically scaling the number of online servers. q q q q 42 . Single Sign-on provides password management for virtualized applications. Recorded sessions are stored in your enterprise storage and configuration information is stored in the deployment data store. q Provisioning Services delivers desktops to servers. which are stored as desktop images in your enterprise database.

Pilot farm A preproduction pilot farm used to test a farm design before deploying the farm across the organization. q In small deployments. Access infrastructure consists of server roles such as the Web Interface. and XenApp servers that support sessions and administration. A true pilot is based on access by select users. Design validation farm A farm that is set up in a laboratory environment. About Infrastructures XenApp farms have two types of infrastructures: q The virtualization infrastructure consists of the XenApp servers that deliver virtualized applications and VM hosted Applications. and user load play a part in determining which functions can be collocated. Citrix XML Broker. such as the data store. In large deployments. and Service Monitoring components. Secure Gateway (optional). 43 . Factors other than size can affect how you group server functions. typically as the design or blueprint for the production farm. and Access Gateway (optional) that provide access administration.Farm Terminology and Concepts Terminology The XenApp planning documentation uses the following terminology: Multi-user environment An environment where applications are published on servers for use by multiple users simultaneously. virtualized servers. Security concerns. and then adding users until all users access the farm for their everyday needs. Production farm A farm that is in regular use and accessed by users. Configuration Logging database (optional). data collector. you provide services on one or more dedicated servers. you can group one or more server functions together. Citrix License Server. Load Testing Services database (optional).

users connected. Install the license server on either a shared or stand-alone server. 44 . in a small farm. depending on your farm’s size. published applications. Data Store The data store is the database where servers store farm static information. After you install the license server. printers. such as configuration information about published applications. perhaps also the Citrix License Server and the Web Interface. Application publishing To deliver an application to your users. session status. you segregate session and administrative functions onto distinct servers. Medium and large farms might group similar functions.Design and Plan Typically. users. the Citrix License Server and the Web Interface are typically hosted on separate servers. Data Collector A data collector is a server that hosts an in-memory database that maintains dynamic information about the servers in the zone. in larger farms. during enumeration. About Virtualization Infrastructure The virtualization infrastructure. concerns the following concepts: Application enumeration Application enumeration is when Citrix client software lists virtualized applications available on the XenApp servers. each infrastructure service would likely have one or more dedicated servers. Data collectors receive incremental data updates and queries from servers within the zone. Citrix Receiver communicates through the Citrix XML Service with the XenApp server to determine applications available for that user. In some larger deployments. the data store might be configured on the same server as the data collector and the XML Broker and. download the appropriate license files and add these to the license server. Data collectors relay information to all other data collectors in the farm. the XML Broker might be grouped with the data collector. Each server farm has a single data store. whether virtualized on the desktop or the server. such as server loads. For example. Citrix Licensing A Citrix License Server is required for all XenApp deployments. For small farms. Small farms that require redundancy might have one or two servers hosting session and administrative functions. The client software transmits data to locate servers on the network and retrieves information about the published applications. which is the center of a XenApp deployment. you might have one server hosting infrastructure functions and multiple servers hosting published applications. and license usage. For example. use the AppCenter to publish the application. For example. and servers. In large farms.

The fewest number of zones should be implemented. with one being optimal. as well as the target files. and all other servers configured with the controller server mode have equal rights to become the data collector if the data collector fails. however. even small ones. Streaming Profiles You can deliver applications to users by either virtualizing them on the desktop (streaming) or by virtualizing them on the server (hosting). The data collector maintains all load and session information for the servers in its zone. When the zone’s data collector fails. Farms determine the data collector based on the election preferences set for a server. If you are virtualizing applications on the desktop. All farms have at least one zone. In large farms with multiple zones. the icons repository (Icondata. either streaming to the client or server. the Web Interface is sometimes collocated with other functions. respectively) provide an interface to the server farm from the client device. a data collector election occurs and another server takes over the data collector functionality. The profile consists of the manifest file (. the XML Broker: 45 .bin). Web Interface The Web Interface is a required component in any environment where users access their applications using either Receiver or a Web browser. When a user authenticates to a XenApp Web or XenApp Services site. Multiple zones are necessary only in large farms that span WANs. Zones A zone is a grouping of XenApp servers that communicate with a common data collector.Design and Plan By default. where resources are limited. When a user authenticates to the Web Interface. you create profiles of the application and then store the profile on a file or Web server. and a scripts folder for pre-launch and post-exit scripts. XenApp Web and XenApp Services Sites XenApp Web and XenApp Services sites (formerly known as Access Platform and Program Neighborhood Agent Services sites. To virtualize applications on the desktop. either directly or through Receiver or the Access Gateway. create a streaming profile server in your environment. each zone has a server designated as its data collector. a hash key file. Data collectors in farms with more than one zone function as communication gateways with the other zone data collectors. Install the Web Interface on a stand-alone computer. the site: q Forwards the user’s credentials to the Citrix XML Service Receives the set of applications available to that user by means of the XML Service q Displays the available applications to the user either through a Web page or by placing shortcuts directly on the user’s computer Citrix XML Service and the Citrix XML Broker q The Citrix XML Broker functions as an intermediary between the other servers in the farm and the Web Interface. the data collector is configured on the first server when you create the farm.profile). Applications are typically not published on the data collector. which is an XML file that defines the profile.

In a large farm. the XML Broker is typically designated on a server dedicated to several infrastructure functions. the XML Broker might be configured on one or more dedicated servers. Upon receiving the user’s request to launch an application. the term XML Broker is used to refer to when the XML Service functions as the intermediary between the Web Interface and the IMA service. The XML Broker retrieves this application set from the Independent Management Architecture (IMA) system and returns it to the Web Interface. only the XML Service on the server specified in the Web Interface functions as the broker. The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service. For clarity. By default. the broker locates the servers in the farm that host this application and identifies which of these is the optimal server to service this connection based on several factors.Design and Plan q Receives the user’s credentials from the Web Interface and queries the server farm for a list of published applications that the user has permission to access. 46 . The XML Broker returns the address of this server to the Web Interface. (The XML Service on other farm servers is still running but is not used for servicing end-user connections. However. regardless of whether it is hosted on a dedicated server or collocated with other functions. the XML Service is installed on every server during XenApp installation.) In a small farm. q The XML Broker is a function of the Citrix XML Service.

q In small deployments. Citrix License Server. Design validation farm A farm that is set up in a laboratory environment. Security concerns.Farm Terminology and Concepts Terminology The XenApp planning documentation uses the following terminology: Multi-user environment An environment where applications are published on servers for use by multiple users simultaneously. you provide services on one or more dedicated servers. In large deployments. typically as the design or blueprint for the production farm. Load Testing Services database (optional). Production farm A farm that is in regular use and accessed by users. About Infrastructures XenApp farms have two types of infrastructures: q The virtualization infrastructure consists of the XenApp servers that deliver virtualized applications and VM hosted Applications. A true pilot is based on access by select users. and Access Gateway (optional) that provide access administration. you can group one or more server functions together. and XenApp servers that support sessions and administration. and then adding users until all users access the farm for their everyday needs. and Service Monitoring components. Citrix XML Broker. 47 . Configuration Logging database (optional). and user load play a part in determining which functions can be collocated. Secure Gateway (optional). Pilot farm A preproduction pilot farm used to test a farm design before deploying the farm across the organization. such as the data store. Access infrastructure consists of server roles such as the Web Interface. Factors other than size can affect how you group server functions. data collector. virtualized servers.

Data collectors receive incremental data updates and queries from servers within the zone. Install the license server on either a shared or stand-alone server.Farm Terminology and Concepts Typically. during enumeration. After you install the license server. you segregate session and administrative functions onto distinct servers. which is the center of a XenApp deployment. and servers. The client software transmits data to locate servers on the network and retrieves information about the published applications. For example. 48 . Data Store The data store is the database where servers store farm static information. printers. perhaps also the Citrix License Server and the Web Interface. whether virtualized on the desktop or the server. Application publishing To deliver an application to your users. In some larger deployments. concerns the following concepts: Application enumeration Application enumeration is when Citrix client software lists virtualized applications available on the XenApp servers. Data collectors relay information to all other data collectors in the farm. the data store might be configured on the same server as the data collector and the XML Broker and. each infrastructure service would likely have one or more dedicated servers. and license usage. in larger farms. users. Citrix Receiver communicates through the Citrix XML Service with the XenApp server to determine applications available for that user. In large farms. published applications. For small farms. such as server loads. depending on your farm’s size. the XML Broker might be grouped with the data collector. Data Collector A data collector is a server that hosts an in-memory database that maintains dynamic information about the servers in the zone. you might have one server hosting infrastructure functions and multiple servers hosting published applications. the Citrix License Server and the Web Interface are typically hosted on separate servers. use the AppCenter to publish the application. such as configuration information about published applications. session status. For example. Citrix Licensing A Citrix License Server is required for all XenApp deployments. About Virtualization Infrastructure The virtualization infrastructure. Medium and large farms might group similar functions. Small farms that require redundancy might have one or two servers hosting session and administrative functions. in a small farm. download the appropriate license files and add these to the license server. Each server farm has a single data store. users connected. For example.

each zone has a server designated as its data collector. XenApp Web and XenApp Services Sites XenApp Web and XenApp Services sites (formerly known as Access Platform and Program Neighborhood Agent Services sites.bin). Web Interface The Web Interface is a required component in any environment where users access their applications using either Receiver or a Web browser. the XML Broker: 49 . The profile consists of the manifest file (. the data collector is configured on the first server when you create the farm. create a streaming profile server in your environment. All farms have at least one zone. When the zone’s data collector fails. respectively) provide an interface to the server farm from the client device. where resources are limited. Data collectors in farms with more than one zone function as communication gateways with the other zone data collectors. In large farms with multiple zones. Zones A zone is a grouping of XenApp servers that communicate with a common data collector. however. The data collector maintains all load and session information for the servers in its zone. The fewest number of zones should be implemented. the icons repository (Icondata. To virtualize applications on the desktop. with one being optimal. a hash key file. either streaming to the client or server. even small ones.profile). Farms determine the data collector based on the election preferences set for a server. you create profiles of the application and then store the profile on a file or Web server. as well as the target files. and all other servers configured with the controller server mode have equal rights to become the data collector if the data collector fails. When a user authenticates to a XenApp Web or XenApp Services site. and a scripts folder for pre-launch and post-exit scripts.Farm Terminology and Concepts By default. If you are virtualizing applications on the desktop. the site: q Forwards the user’s credentials to the Citrix XML Service Receives the set of applications available to that user by means of the XML Service q Displays the available applications to the user either through a Web page or by placing shortcuts directly on the user’s computer Citrix XML Service and the Citrix XML Broker q The Citrix XML Broker functions as an intermediary between the other servers in the farm and the Web Interface. Install the Web Interface on a stand-alone computer. which is an XML file that defines the profile. the Web Interface is sometimes collocated with other functions. either directly or through Receiver or the Access Gateway. Multiple zones are necessary only in large farms that span WANs. Applications are typically not published on the data collector. Streaming Profiles You can deliver applications to users by either virtualizing them on the desktop (streaming) or by virtualizing them on the server (hosting). When a user authenticates to the Web Interface. a data collector election occurs and another server takes over the data collector functionality.

The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service. the XML Broker is typically designated on a server dedicated to several infrastructure functions. the XML Broker might be configured on one or more dedicated servers. q The XML Broker is a function of the Citrix XML Service. regardless of whether it is hosted on a dedicated server or collocated with other functions. the broker locates the servers in the farm that host this application and identifies which of these is the optimal server to service this connection based on several factors. By default. The XML Broker retrieves this application set from the Independent Management Architecture (IMA) system and returns it to the Web Interface.Farm Terminology and Concepts q Receives the user’s credentials from the Web Interface and queries the server farm for a list of published applications that the user has permission to access.) In a small farm. the term XML Broker is used to refer to when the XML Service functions as the intermediary between the Web Interface and the IMA service. (The XML Service on other farm servers is still running but is not used for servicing end-user connections. The XML Broker returns the address of this server to the Web Interface. only the XML Service on the server specified in the Web Interface functions as the broker. For clarity. the XML Service is installed on every server during XenApp installation. 50 . Upon receiving the user’s request to launch an application. In a large farm. However.

q q q q Printing Configuration Your printing configuration directly affects how long sessions take to start and the traffic on your network. and how easily users can print. if appropriate. loading user profiles. connection speed and programs in the Startup items within the session. Roaming profile size and location . q q 51 . Whether the data collector has sufficient resources to make load balancing decisions efficiently . this can consume significant amounts of the CPU usage.In environments with collocated infrastructure servers. where the license server is in relation to the zone.Planning a Successful User Experience Two key factors impact your users' satisfaction when working in a multi-user environment: how quickly sessions start. Adjust printer bandwidth using XenApp policy rules. querying Lightweight Directory Access Protocol (LDAP) directory servers. Consider these recommendations: q Use Citrix Universal printer drivers and the Universal Printer whenever possible. Also.When a user logs onto a session where Microsoft roaming profiles and home folders are enabled. can affect start times.For WANs with multiple zones. Network activities occurring independently of sessions . the roaming profile contents and access to that folder are mapped during logon. Consider using home folders with redirected personal folders to mitigate this problem. Citrix suggests hosting the Citrix XML Broker on the data collector to avoid delays. In some cases. which is the default setting. License server location .Operations such as logging on to Active Directory. and writing environment variables to the registry. executing logon scripts.Consider limiting the number of printers that are autocreated if session start time is a factor. how to provision printers in sessions. which uses additional resources. Session Start-up Times Certain factors can cause sessions to start slower than necessary. and how to maintain printer drivers. Planning your printing configuration includes determining the printing pathway to use. Disable the automatic installation of printer drivers. q Printer autocreation policy settings . mapping network drives. can affect session start times. This results in fewer drivers and less troubleshooting. such as virus scanners.

use the XenApp Print job routing policy rule to route print jobs through the client device. Printers must be PCL or PS compatible and not host-based. Test new printers with the Stress Printers utility. q Choose printers that are tested with multiuser environments. The printing manufacturer determines whether printers work in a XenApp environment.Planning a Successful User Experience q If printing across a WAN. which is described in the Citrix Knowledge Center. not Citrix. 52 .

Disk speed . 90% CPU usage or 80% memory usage) q q q General recommendations for selecting and configuring farm hardware include: q RAID . If possible (assuming a multicore or multiprocessor system).In multiprocessor configurations. Reducing hard disk failure . Because each user’s Remote Desktop Services profile is loaded on the server. You must have enough disk space for these profiles on the server. This prevents input/output bottlenecks when the operating system needs to access the CPU. You can reduce the likelihood of hardware failure with a RAID 1 (mirroring) and RAID 5 (striped set with distributed parity) configuration. Dual-processor (dual-core) deployments combine overall efficiency and a lower total cost of ownership.Faster hard disks are inherently more responsive and might eliminate or curtail disk bottlenecks. Isolate the operating system as much as possible. install the operating system on a separate hard drive from XenApp and the applications.Farm Hardware Considerations The number of users a XenApp server can support depends on several factors.Partition and hard-disk size depend on the number of users connecting to the XenApp server and the applications on the server. Citrix recommends a RAID (Redundant Array of Independent Disks) setup. Server scalability does not increase linearly with the number of processors: scalability gains level off between eight to sixteen CPU cores. 53 . Citrix recommends installing at least two controllers: one for the operating system and another to store applications and temporary files. including: q The server’s hardware specifications The applications deployed (CPU and memory requirements) The amount of user input being processed by the applications The maximum desired resource usage on the server (for example. once a system has a dual-core processor. Distribute hard drive access load as evenly as possible across the controllers. q q q q Hard disk partitions . This principle also applies in small farms. consider that large numbers of user profiles can use gigabytes of disk space on the server. with no applications installed on its controller. implementing additional processors does not necessarily provide proportionate performance increases.For quad or eight-way servers. However.Hard disks are the most common form of hardware failure. a fast Serial Attached SCSI (SAS) or a Small Computer System Interface (SCSI) Ultra-320 drive is recommended. XenApp supports hardware and software RAID. If RAID is not an option. Number of controllers .

you might also want users to run applications in seamless windows.Planning for Applications and Server Loads Before you can determine how many servers you need in your farm and on which servers to install applications. q q q q 54 . How many users do I anticipate will want to connect to each application during peak and off-peak hours? Do I need to allocate servers for load balancing? Will users be accessing certain applications frequently? Do I want to publish all of these applications on the same server to facilitate session sharing and reduce the number of connections to a server? If you want to use session sharing. Consider these factors when defining your farm’s hardware and operating system configuration: q Can I run the applications? Citrix recommends testing non-Vista-compliant applications before you publish them on your farm. Will any of my applications be graphically intensive? If so. consider using the XenApp SpeedScreen. Will my organization need to provide proof of regulatory compliance for certain applications? Will any applications undergo a security audit? If you intend to use SmartAuditor to record sessions on these servers. In addition. install the SmartAuditor agent on these servers. decide which applications you want to deliver and how you want to deliver them. Memory Utilization Management. Some non-Vista-compliant applications run using the Application Compatibility feature. or CPU Utilization Management features as well as more robust hardware for sessions hosted on these servers. make sure the servers have sufficient system resources to ensure adequate performance.

55 . document the setting in your farm design document.Assessing Applications for XenApp Compatibility Ensure applications are compatible with the server operating system and are multiuser compatible. investigate how the application works with Remote Desktop Services or XenApp. Because a server can run multiple instances of the application. Application compatibility drives the application delivery method (for example. After you find resolutions to these issues. if so. Applications that function correctly should be tested for conflicts with other applications you want to install on the server and. attempts to share files or DLLs. issues compared with noncompliant applications. you might need to find and fix the root cause of the problem. Applications that use the computer name or IP address for identification purposes. consider using tools like the Microsoft Application Compatibility Toolkit (ACT) or Microsoft’s Windows Sysinternals. the application server’s scalability. Custom applications developed with hard-coded paths in the registry. Evaluate whether or not applications are compatible with multiuser environments and. Initial application compatibility testing typically involves publishing the application so that it is installed and hosted on a server in a test farm and having multiple test users connect to it. all instances could use the same IP address or computer name. accessed from the server. using features like Virtual IP. if any. q q When you find any of these hard-coded settings or other conflicts. which can cause the application to fail. Before testing applications for compatibility. or streamed to client desktops). Applications that do not function correctly might not have been designed for multiuser. Examples of common issues include: q . multiapplication environments. or other functionality within an application can make it incompatible.INI files that contain hard-coded file path names. requirements for the exclusive use of files or DLLs. database connection settings. Applications not designed for these environments can conflict with other applications or have scalability or performance issues. You can resolve some application issues through streaming. To identify root applications issues. streamed to server. if these solutions do not work. Registry settings. and read/write file locking configurations that need to be reconfigured to prevent file conflicts. scalability. design your farm and test your design by creating a pilot test farm. or siloing the application. After testing. then. Remote Desktop Services-compliant and Windows Logo certified applications experience few.

Evaluating Application Delivery Methods The application delivery method is a factor in determining the number of servers in a farm and their individual hardware requirements.NET framework). Farm servers require sufficient resources to support the applications. q q q q 56 . User devices do not require extensive resources. Users must be connected to the server or network to run the applications (no offline access). This delivery method supports thin clients. where the processing takes place. this provides the lowest cost of ownership for IT resources because it provides the greatest scalability. This method provides a consistent user experience regardless of the user device. For many organizations. while others might work in remote locations and run applications while disconnected from the network. How you choose to deliver applications depends on your organization's needs and end-users' requirements. This is the traditional XenApp application delivery model. For example. the existing hardware infrastructure might affect the delivery method selected. as can the types of applications to be delivered. You manage applications centrally. some end-users might run all applications while connected to the company network. and accessed from the server. In other organizations. such as excessive memory or hard drive space. This method is effective for applications with components that are intertwined with the operating system (such as a . some organizations use XenApp to streamline administration. Method/Description Installed on the server: Advantages q Considerations q Applications are installed on the server. In addition.

Evaluating Application Delivery Methods Streamed to server: Executables for applications are put in profiles and stored on a file server or Web server (the App Hub). such as those using a . such as multiple versions of the same application. Using application properties and Citrix policies and filters for Offline Applications. or Vista. the user devices cannot be thin clients. as well as the license period for offline use. are streamed to desktops. streaming to server lets conflicting applications. q Farm servers require sufficient resources to support the applications. q q q User devices must have sufficient resources to run the applications locally. you control the applications and users that have offline access. Users must be connected to the server or network (no offline access). When launched. the user experience is similar to running applications locally. Updating applications is simplified because you update only a single application profile. In many cases. Some applications are not candidates for profiling. q q 57 . run on the same server without needing to silo them. but you manage the applications centrally. such as graphics applications. User devices must run Windows operating systems. When applications are streamed to the user device. including Windows 7. Users can have the local application experience. q q q q Streamed to desktop: Executables for applications are put in profiles and stored on a file server or Web server (the App Hub). and application processing takes place on the user device instead of the XenApp server. they stream to the server. and application processing takes place on the server.NET framework. however. including a consistent user experience. streamed applications are stored in the App Hub and provide application isolation by design. central management. XP. Users might have a better experience when resource-intensive applications. Unlike installed applications. the files required to execute the application are streamed to the user device. q This method has similar advantages as for installed applications. users can continue running the apps after disconnecting from the network (referred to as offline access). when launched. After applications are cached on the user device. and use of server resources instead of those of the user device.

decide if you want to publish the desktop or publish applications. such as the server's Load Balancing Policies for Streamed App Delivery. plus a backup delivery method for the rest. q Publishing the desktop . (For security. You control delivery options centrally using Citrix policies and filters. XenApp tries to stream the application to the user device first. you can specify that some users. q For the backup method to occur. otherwise accessed from a server" (referred to as dual mode or fallback). and run them as installed applications when they are accessing them from handheld mobile or kiosk-type devices. For example. offering all the advantages of streaming to desktops for supported user devices.) Publishing applications .Evaluating Application Delivery Methods Dual mode delivery: q When you select "streamed if possible.Presents users with an entire Windows Server desktop when they log onto XenApp. run applications streamed to desktop when they are accessing the applications from Windows devices. ensure that the application is either installed on the XenApp server or the streaming profile is configured for a target operating system that matches the server. but uses the backup access method if streaming to desktop is not supported on the user device. the desktop should be locked down . This option provides greater administrative control and is used most frequently. 58 . q Choosing Between Published Desktops and Published Applications Before selecting the method for delivering applications. such as sales personnel. q You can use policies to prevent users from accessing server drives and features with both methods of application delivery.Publishes specific applications and delivers only those applications to users. This method provides the most versatility for application delivery.

For the Streaming Profiler.Using a Web server sends all the traffic between the client devices and the file share over HTTP or HTTPS. this configuration doubles the connection speed of a traditional single network-card configuration. use dual network cards.Planning for Application Streaming Streaming applications requires a workstation for creating the application profiles and a streaming file share to store the profiles. depending on the fault-tolerant solution desired. If your network infrastructure and configuration does not support this speed. use a separate. clean workstation with an operating system similar to that of your end-users. q q Streaming file shares can be hosted on a file server or a Web server. To store streaming profiles on a network file server. A single 1 Gbps network card or multiple 100 Mbps cards. A RAID storage configuration. if feasible. Instead of putting a file share at each branch office.For performance (and in some countries. Citrix suggests the following hardware: q Network-attached storage (NAS) or storage area network (SAN) solution. which is faster than a file transmission protocol. legal) reasons. 59 . There are two configurations for a streaming file share in branch office environments: q A streaming file share in each branch office hosted on network file servers . A streaming file share in the main office hosted on a Web Server . q Using a Web server for the file share reduces the need to have a file share in each branch office for performance reasons. For the streaming file share server. configure a streaming file share in each branch office. you can put all the profiles on the Web server file share at the main office. branch offices cannot connect to a network file server in a main office.

you install all applications on each server. However. and on Server B install an enterprise resource planning (ERP) application. For example. if an application interacts with an email client by letting users send email notifications. Some servers might have only one application. others might have a set of interrelated applications. if the ERP application is integrated with email. to segregate mission-critical applications. install the application and the email client on the same server. each server has a limited number of applications. you might install a medical application on Server A. for business reasons. or to separate frequently-updated applications.   Advantages Disadvantages 60 . you might also have an email client on Server B. two strategies for grouping applications on servers are siloing applications and not siloing applications. With a nonsiloed approach. or including them in the same streaming profile.Placing Applications on Servers When designing your farm. siloing applications is not as efficient as nonsiloed applications for hardware use and network traffic. consider the following: q The servers on which the applications are installed If load balancing or preferential load balancing changes your need to dedicate servers to mission-critical or highly used applications The geographic location of the servers delivering applications (for WANs and organizations with branch offices) q q Grouping Applications on Servers Traditionally. Siloing is sometimes required when applications have unique hardware requirements. Citrix recommends installing applications that interact with each other on the same server. When applications are siloed on farm servers. Applications can be installed traditionally or in isolation (installing them in separate profiles). Likewise. if applications share settings and preferences (such as Microsoft Office). For example. However. install them on the same server.

the existing session is shared. reducing the need for silos. or high-availability applications. XenApp offers two methods of load balancing: q Load Manager . You can use Preferential Load Balancing to assign importance levels (Low. consider streaming the application. which allows conflicting applications to run on a single server. q Preferential Load Balancing . if that application is not published on the same server. and no load management occurs. based on criteria you configured. or High) to specific users and applications. mission-critical. rather than silo it on one server. Load Manager is invoked and another load-balancing decision is made. When a user launches the first published application. q When an application conflicts with other applications. When you publish an application on multiple servers. Planning Server Loads Consider how you want to balance server loads. Streaming the application effectively isolates it. that user session is established on the least loaded server in the farm. load balancing automatically ensures that the user is sent to the least-loaded server.Lets you balance new connections to the server. For 61 . Load-balancing is enabled by default. you might not need to silo mission-critical applications or applications with high levels of peak usage. When the user launches a second application that is published on the same server. You might want to load balance resource-intensive. However.Placing Applications on Servers Siloed q It is easy to track the application’s location and usage Centralization makes it is easy to configure and maintain the application Other applications do not interfere with the installed application Can be useful for mission-critical applications Reduces the number of servers required for applications in smallto medium-sized farms Might simplify user permissions and ensure consistent settings during application installation q Additional servers are required to ensure sufficient redundancy q q q Nonsiloed q q Cannot be used when applications conflict with other applications q A single server is accessed by each user and session sharing is ensured By using features such as Load Manager and Preferential Load Balancing.Lets you allocate a specific portion of CPU resources to a specific session or application. Normal.

By default. Different application workloads can co-exist on a server. collocate those XenApp servers within the same data center. for an enterprise resource planning application. near the users who access the applications or in the same geographic region as the users.   Servers centralized at one site Advantages q Disadvantages q Centralized server administration and support. simply assign important applications a higher importance level. they would be more likely to enable the Exchange servers within each region and then locate the XenApp servers hosting Outlook there as well. Citrix does not recommend it. Although you can use applications as the basis for Load Manager decisions. For example. application servers might be located centrally with the infrastructure servers (for example. These important users and applications with higher levels of service have more computing resources available to them. whereas Load Manager treats each session the same. in a data center) or decentrally. Another example is a multinational corporation that uses Microsoft Exchange 2007 as the data source for email. a Normal level of service is assigned to all users and applications. if the site loses connectivity. Although the company could centralize all the Exchange servers at the primary data center. Centralized application management. q Single point of failure. doctors in a hospital could be specified as important users and MRI scans or X-rays could be specified as important applications. users have no alternative access. The key difference between the Load Manager and Preferential Load Balancing features is that the Preferential Load Balancing can be used to treat each session differently. Centralizing or Distributing Application Servers For organizations with geographically dispersed sites. Potentially better physical security than in branch offices.Placing Applications on Servers example. q 62 . Citrix recommends invoking Load Manager based on the server only. Citrix does not recommend load balancing across zones on a WAN. Citrix recommends placing application servers logically near any data sources.

trusts.Placing Applications on Servers Servers distributed across multiple sites q Enhanced business continuity and redundancy. q q q q q Determining How to Install Applications In large farms. you can install these applications by using Installation Manager. 63 . installation scripts. Zone Preference and Failover can be invoked if multiple zones. placing servers at those sites provides users with local access to the data. If users need access to multiple sites. if one site loses connection. Sites can administer their own servers. Sites might need added local administration and support. To solve these issues. Microsoft System Center Configuration Manager (formerly known as Systems Management Server (SMS)). you might need to coordinate and replicate domains. installing applications on servers can be time consuming. Also. applications on load-balanced servers require identical configuration options and settings. it does not affect all application access. When data is maintained at different sites. q Server-to-server communication crosses the WAN. user profiles. or streaming the applications. and data.

you can track a variety of Perfmon counters. to determine the resource limits of the servers in your environment. Depending on the network topography and the application being delivered. Thread Queue Length. Running 32-bit applications on 64-bit operating systems requires more RAM than running a 32-bit application on a 32-bit operating system. For applications virtualized on the server. The size of the files with which your users work and how they use them. see its product documentation. such as Total Processor Time. After setting up your test farm. 64 .Determining the Number of XenApp Servers to Deploy After you identify the applications you are delivering to your users and their methods of delivery. and Pages Per Second. Memory Consumption. you can estimate the number of XenApp servers required for your deployment. a deployment where applications are installed on the servers can service more users than a deployment with an equal number of servers where the applications are streamed to the servers. the number of servers required depends on the following factors: q The processing requirements of the applications and the processing capacity and available RAM of your servers. The native operating system of the applications. To determine the processing requirements for an application. Whether you are streaming applications to the server or installing the applications on the server. This will help you determine the number of servers to deploy in your production environment. q q q Using this data you can roughly estimate the number of servers to deploy in your test farm. use Load Testing Services on the XenApp servers to simulate how your users run applications on your servers. With Load Testing Services.

Citrix recommends that you replicate the data store to remote sites when using one farm in a WAN environment. The decision to implement a single farm or multiple farms is influenced by: q Location and needs of the users or your organization . q Citrix regularly tests farm scalability based on 1000-server farms. Consider using multiple farms when you have geographically dispersed data centers that can support their own data store database.If your IT infrastructure is organized by region and managed in a decentralized manner. but general guidelines can help: q In general. Network infrastructure limitations . Organizational security policies concerning server communications . Multiple farms might make it easier to demonstrate compliance with specific service level agreements. Farm Element or Component Data Store Data Store Replication Single Farm The farm has one data store. q q q There is no exact formula for determining the ideal number of farms. or when you do not want communication between servers within the farm to cross a firewall or WAN. A significant benefit to deploying a single farm is needing only one data store database. a single farm meets the needs of most deployments. multiple farms could improve farm performance.If your organization is a service provider. you might need multiple farms for regulatory compliance. However. there are some circumstances in which deploying multiple farms makes sense. breaking the environment into multiple farms can increase performance. you might want to dedicate a farm to each organization for which you provide service. If each remote site is a farm with its own data store. multiple farms may perform better than a single farm with multiple zones. Multiple Farms Each farm must have a data store. Geographic layout of your organization . For very large deployments with thousands of servers.Consider multiple farms if your organization needs to segregate data based on security level. 65 .In WANs with high latency or error rates. there is no need for data store replication.Deciding How Many Farms to Deploy Most organizations deploy a single farm. Likewise. Multiple farms could also save time when coordinating farm administration and simplify troubleshooting farm-wide issues.

q q q 66 .Deciding How Many Farms to Deploy Load Balancing You can load balance an application across the farm. consequently. EdgeSight . Firewall Traversal Server-to-server Communication Management Tools You can monitor and configure multiple farms from management console. Multiple farms might improve performance over a single farm when server-to-server traffic crosses a WAN link or when the farm is very large. Note that servers running Presentation Servers 4. performance might be affected if you use only one license server for all servers in a WAN.Sharing Web Interface between farms provides central access to applications published on different farms. data collectors communicate dynamic information such as logons and application use across the farm.5 agents appear as endpoints. If the farm spans multiple sites. it is not necessary to consolidate all servers in one farm to prevent deploying these components multiple times: q Web Interface . firewall ports must be open for server-to-server communication. For example. Communicating with multiple farms from the console requires logging on to each farm. Sharing Components Between Farms Some Citrix components can be shared between multiple farms. you can configure multiple farms to use a single SmartAuditor Server. You can monitor and configure the farm from a single management console and need to log on to only one farm to do so. Site-based farms eliminate the need to open firewall ports for server-to-server communication. however. SmartAuditor .You can manage multiple farms using one Citrix License Server. all components are independent of the server farm. Citrix Licensing . Data store information is synchronized with member servers through notifications and queries. When a farm has multiple zones.You can use EdgeSight and Resource Manager powered by EdgeSight to monitor multiple farms. You cannot load balance an application across servers in different farms.With the exception of the SmartAuditor Agent.

medium.Planning Server Functions Regardless of your farm size. large) as determined by the number of servers. When the peak number of users is connected to the farm. can indicate the general category of your farm. Because applications can scale differently from server to server (some servers might support 100 user connections. Publishing applications on a server that also hosts administrative functions slows down application enumeration. watch the Windows Performance Monitor counters: q When the peak number of users is connecting simultaneously to the farm. Determine how you want to group functions by designing an initial configuration. then fine tune the design after testing the pilot farm. Citrix recommends having at least one server dedicated to functions other than those related to running published applications. If you decide to install administrative functions on a server hosting published applications. looking solely at the number of servers might be misleading. While farm size (small. q If the counters exceed the values listed in the table. consider the number of user connections.90% > 80% > 0 for extended periods of time > 0 for extended periods of time > 5000 ms (typically evaluated only in large farms) 67 . move the administrative functions on to separate servers until the counter metric no longer exceeds the value. Performance Monitor Counter Name CPU Memory ResolutionWorkItemQueueReadyCount WorkItemQueueReadyCount LastRecordedLicenseCheck-OutResponseTime Criteria > 85% . others might support only ten). As you add user connections in your test configuration. choose a server that hosts an infrequently used and not resource-intensive application (or lower the load threshold for that server so that it accepts fewer connections).

you can obtain a performance advantage by replicating the data store and distributing the load over multiple database servers. they query the data store for configuration information. Choosing a Database Consider these factors before deciding which database product to use: q The number of servers you currently plan to have in the farm. The data store provides a repository of persistent information. When deploying large farms across a WAN. SQL Server and Oracle are 68 .Planning the XenApp Data Store When you deploy your server farm. including: q Farm configuration information Published application configurations Server configurations Citrix administrator accounts Printer configurations q q q q The System Requirements lists the databases you can use for the farm data store. For information about supported database versions. see http://support. redundancy. which would result in expanding the size and maintenance of the database Any database maintenance requirements.com/article/CTX114501. based on the following size table. and replication q q q General recommendations are listed below.   Servers Named Users Applications q Small 1-50 < 150 < 100 Medium 25-100 < 3000 < 100 Large 50-100 < 5000 < 500 Enterprise 100 or more > 3000 < 2000 Microsoft SQL Server and Oracle are suitable for any size environment and are recommended for all large and enterprise environments.citrix. it must have an associated data store. When servers in a farm come online. such as backup. and whether or not you plan to expand that number Whether or not you have a database administrator with the expertise to configure and manage a data store running on SQL Server or Oracle Whether or not you foresee the enterprise expanding.

Planning the XenApp Data Store suitable for large farms and support replication. which do not have branch offices across a WAN. See the database product documentation for hardware requirements for the database server. q SQL Server Express is suitable for all small and many medium environments located in one physical location. Do not install XenApp on the SQL Server or Oracle database server. Important: Ensure that the data store is backed up regularly. You cannot recreate the data store from an existing farm. If the data store database is lost. you must recreate the farm. 69 .

with measurements of various metrics in the farm. and how long it takes to start multiple servers simultaneously. how long it takes to add (configure) and remove a server from the farm. Adding processors to the server hosting the data store can improve response time when executing multiple simultaneous queries. In the following chart. In environments with large numbers of servers coming online simultaneously and at frequent intervals. recreating the local host cache. The capabilities of the processor on the database server affect management console performance. five sample farm configurations (A through E) are listed. Configuration Number of servers in farm Number of applications published to all servers Number of user policies Printers per server Printer drivers installed per server Network print servers with printers Number of Load Manager load evaluators Number of application folders in management console Number of server folders in management console A 50 50 25 5 25 5 10 10 8 B 100 50 25 5 25 5 10 10 16 C 250 50 25 5 25 5 10 10 25 D 500 50 25 5 25 5 10 10 50 E 1000 50 25 5 25 5 10 10 50 70 .Database Server Hardware Performance Considerations Increasing the CPU power and speed of the database server can improve the response time of queries made to the data store when: q Starting the Citrix IMA Service on multiple servers simultaneously Adding a server to the farm Removing a server from the farm q q The response time of other events (such as starting the IMA Service on a single server. or replicating printer drivers to all servers in the farm) is affected more by the farm size than by the data store response time. additional processors can service requests faster.

Database Server Hardware Performance Considerations Number of Application Isolation Environments Number of Citrix administrators 10 10 10 10 10 10 10 10 10 10 Size of data store database in megabytes 32 51 76 125 211 The following table lists suggested hardware for the server hosting the data store. 71 .0GHz with 4GB RAM A X X B X X C X X D   X E     Quad Pentium 4/3.0GHz with 4GB RAM X X X X X The actual performance of a farm’s data store varies depending on the database engine and the level of performance tuning achieved. for each configuration in the previous table. Configuration Dual Pentium 4/1.6GHz with 2GB RAM Dual Pentium 4/3.

XenApp controllers must synchronize all of the farm data. Future versions of Microsoft SQL Server may not support the replication model that XenApp supports (transactional replication with immediate updating subscribers). In XenApp 6. you might choose to configure SQL data store replication at each remote site. You specify the XenApp server mode through the Server Role Manager when you configure the XenApp role to join a farm. while session-only servers must synchronize only a subset of the information to their LHC. However. While session-only XenApp servers can host XenApp user sessions. while the remaining member servers are session-only servers whose sole task is to host user sessions. a significant amount of time can be spent waiting for the server's Citrix Independent Management Architecture (IMA) service to start and come online. Additionally. and faster IMA startup performance. resulting in a large amount of data store transactions and bandwidth consumption. When a XenApp server joins a farm.Replication Considerations When you join a new server to a XenApp farm. all member servers of the farm were required to download all farm data to their LHC during a join. As a result. they cannot perform the role of data collectors. the overhead of administering SQL subscribers at each of your sites becomes a burden.5 data store on SQL Server 2008 R2 and earlier versions. with proper planning and placement of XenApp controller servers. therefore. However. leveraging the session-only model can optimize your farm performance and reduce IMA bandwidth and server provisioning time. 72 . although you can replicate a XenApp 6. note that in XenApp 6. q Therefore. you can configure servers in session-host mode (also known as session-only mode). as your farm expands geographically. management tasks such as AppCenter discovery or PowerShell tasks cannot be run directly on a session-only server. the Web Interface cannot use them to perform application enumerations. The XML service does not run on session-only XenApp servers. For more information. you can dedicate a select few servers as XenApp controllers which are responsible for farm management tasks. In XenApp 6. nor can they participate in or trigger a data collector zone election. These changes result in fewer database transactions. This server mode allows XenApp servers to join a farm in significantly less time with substantial bandwidth savings. and you may not be able to with later SQL Server versions. it performs numerous read and write operations to the IMA data store as well as a download of the farm data to its Local Host Cache (LHC). you do not need to.5. to allow member servers to point to their local SQL subscriber and avoid the slowness of traversing the WAN. In previous releases of XenApp. less bandwidth consumption. see the XenApp Server Mode section in Before Configuring XenApp. If you used data store replication in previous XenApp deployments.5.5: q Replication is no longer required because IMA architectural changes have significantly improved WAN performance.

73 . you specify a key which is used for all the servers in your farm. XenApp uses the standard encryption used in previous versions of XenApp. and performing an unattended installation q If you have multiple farms in your environment. use CTXKEYTOOL. Enabling IMA encryption provides an additional layer of security for the data preserved by the Configuration Logging feature. If you do not enable IMA encryption. using a UNC path to specify the location.Planning for Configuration Logging and IMA Encryption The IMA encryption feature provides a robust AES encryption algorithm to protect sensitive data in the IMA data store. and including the key file as part of the server image Generating a key. putting the key in a folder on your network. and when to enable these features. which is available on the installation media. For custom installations or provisioning servers in large environments. Citrix recommends you generate separate keys for each farm. To generate the key. Configuration Logging. The Securing Server Farms documentation contains more information about IMA encryption. To enable IMA encryption. consider: q Deploying XenApp by using images.

data collector memory consumption increases as farm size increases. and the number of users launching applications increases. after installing other member servers. In general. the number of zones increases. the Independent Management Architecture service running on the data collector typically uses 300 MB on a 1000 server farm. Citrix recommends reducing the number of data collectors and zones. Citrix recommends having one zone with a dedicated data collector (although you can have backup data collectors). it is not significant.Planning for Data Collectors When planning for data collectors. which infrastructure services can share the same server If you need a zone in each geographic region. consider: q If you need a dedicated data collector If you do not need a dedicated data collector. On most networks. Likewise. Citrix recommends installing XenApp on the server you want to host the data collector functionality and. creating network traffic. In general. 74 . A data collector hosted on a dual-processor server can support over 1000 servers in its zone. CPU usage is not significant. CPU usage increases as the number of servers in a zone increases. which means that you need data collectors for those regions as well q q To maintain consistent information between zones. data collectors relay information to all other data collectors in a farm. For example. if you have a farm with 100 servers in one location. configuring a server as the backup data collector. However. For example.

XenApp member servers replicate their dynamic data to the ZDC designated for their zone. Unless otherwise specified during XenApp Setup. all servers in the farm belong to the same zone. All farms have at least one zone. data collectors also act as communication gateways between zones. Each zone’s data collector communicates with the other data collectors across the WAN link. This illustration depicts a server farm with multiple zones. Data collectors store information about the zone’s servers and published applications. which is named Default Zone. In farms with more than one zone.Designing Zones for a XenApp Deployment A zone is a configurable grouping of XenApp servers. it is important to design zones so that there is adequate bandwidth among ZDCs. Because session and load information within a XenApp farm can become large in enterprise deployments—up to several megabytes—to ensure a scalable and resilient XenApp farm. 75 . Zones have two purposes: q Collect data from member servers in a hierarchical structure Efficiently distribute changes to all servers in the farm q Each zone contains a server designated as its data collector. it is imperative that you design zones based on your network topology. All servers must belong to a zone. XenApp uses a star topology for replication among zones—each ZDC replicates all of its zone dynamic data to all other ZDCs in the farm. Thus.

50 servers in New York. in large networks. if the WAN connection between Sydney and the other locations is poor or zone preference and failover is required. Data collectors generate a lot of network traffic because they communicate with each other constantly: q Each zone data collector has an open connection to all data collectors in the farm. Separate zones are not required for remote sites. even ones on separate continents. During a zone update. Citrix does not recommend having more than one zone in a farm unless it has servers in geographically distributed sites. Failover requirements might determine the number of zones required. data collectors have the session information for all zones. Data collectors relay changes to the other data collectors. you can configure for user connections to be redirected to another zone (failover) or control to which zones specific users connect (preference). The lower the bandwidth and the higher the latency. However. configuring only one zone for the farm does not reduce performance or make the farm harder to manage. Consider these zone design guidelines: q Minimize the number of zones in your farm. For large farms with servers in different geographic regions. If a site has a small number of servers. group that site in a larger site’s zone. member servers update the data collector with any requests and changed data. the most important variables to consider are latency and bandwidth. such as organizations with data centers on different continents. create zones based on the location of significant numbers of servers. Conversely. In farms distributed across WANs. bandwidth consumption and network traffic increase with the number of zones. Citrix recommends grouping Sydney with the larger location. Consequently.Designing Zones for a XenApp Deployment When designing zones. latency is the biggest factor in determining if servers should be put in their own zone. If all farm servers are in one location. the longer a farm takes to resynchronize the dynamic data among zones after an election. and three servers in Sydney could create two or three zones. with one being optimal. Also. Also decide if you want to configure failover zones or preferred zones. There are 1000-server farms that have only one zone. an organization with 20 farm servers in London. If the Sydney location has good connectivity to either New York or London. Zones are not necessary to divide large numbers of servers. Citrix recommends using the fewest number of zones possible. For example. q q 76 . grouping geographically-related servers in zones can improve farm performance. zones enhance performance by grouping geographically related servers together. The amount of bandwidth and the impacts of latency are highly dependent on your XenApp deployment. Create zones for major datacenters in different geographic regions. Keep in mind that data collectors must replicate changes to all other data collectors in the farm. If a zone fails. Citrix recommends configuring three zones. q q In general.

q 77 . Instead. group them with other sites with which they have the best connectivity. Citrix does not recommend exceeding five zones. this might form a hub-and-spoke zone configuration. do not place those branch offices in their own zone. group the smaller sites with the larger zones. When combined with other zones. If you have more than five sites.Designing Zones for a XenApp Deployment q If your organization has branch offices with low bandwidth or unreliable connectivity.

in very small farms (one to five servers). In small to medium farms. Shielding the XML Broker from the external Internet protects the XML Broker and the farm from Internet security threats. based on the user’s permissions. such as the data collector or the data store. The XML Broker determines which applications appear in the Web Interface. Install a certificate on the Web Interface server and configure SSL Relay on the servers hosting the Citrix XML Broker. 78 . dedicate a server to the XML Broker to accommodate authentication traffic. depending on your security considerations. Citrix recommends grouping the XML Broker with the data collector. q In larger farms. When determining whether or not to dedicate servers to the Web Interface and the XML Broker. In deployments with dedicated servers for infrastructure functions.Planning for the Web Interface and XML Broker The Web Interface and the XML Broker are complementary services. Citrix recommends: q Configuring the XML Broker on data collectors or dedicated servers. The Web Interface provides users with access to applications. put the Web Interface server in the DMZ with Secure Gateway or Access Gateway. set the correct port in the Receiver. This configuration requires putting the Web Interface on a separate Web server. Running the Web Interface on dedicated Web servers. consider scalability and security. you can: q Run XenApp and the Web Interface on the same server. q Do not publish applications on the server functioning as the XML Broker Important: If you change the port used by the Citrix XML Service on the XML Broker. Citrix recommends locating the Web Interface server on the internal network and the Citrix XML Broker with the XenApp farm. Group the XML Broker with other infrastructure services. Security Considerations When users access the Web Interface from the Internet. If you must place the Web Interface in the DMZ and want to secure the connection between the XML Broker and the Web Interface.

Planning for the Web Interface and XML Broker In very small farms. This deployment is used primarily in environments that do not have users connecting remotely. this might not be possible if your organization does not want Web servers such as Internet Information Services (IIS) in the farm. 79 . However. configuring the Web Interface and the XML Broker on the same server eliminates having to secure the link from the Web Interface to the farm.

Citrix XenApp prevents you from deleting the last full authority administrator account. the user might not be able to access the resource. in a farm with multiple. servers in domains that do not trust each other can be members of the same farm. However. if no administrator accounts exist in the farm data store database. users can be routed to a server in a domain in which they do not have access permissions. you might need to establish domain trust relationships between users or servers. To ensure your users are routed only to servers in domains in which they have access permissions: q Publish copies of an application in each domain. To avoid these issues. q System Account Considerations Consider the following when deciding how to configure your Citrix administrator accounts: q One full authority administrator account must always exist for the server farm. q Including Servers from Other Domains XenApp supports trust-based routing. users could be connected to any of these servers when they access the resource. untrusted domains. if a user does not have permissions for all servers. ensure that all users you are going to add as Citrix administrators are Domain Users for the domain in which your farm resides. Therefore.Planning for Accounts and Trust Relationships Consider how users will access resources. Users who are Citrix administrators who take server snapshots must also be authorized Windows Management Instrumentation (WMI) users on each server for which they are taking snapshots. the server determines from the data store which servers can perform the operation and routes the request to the most accessible server: 80 . When a server needs to perform one of the following operations on an untrusted domain. when servers are load balanced. and allow users access only to the copy of the application in the domain in which they have access permissions. Also. To create effective Citrix administrator accounts. a local administrator account can log on to the AppCenter to set up Citrix administrator accounts. When multiple servers host the same published application. Create a Worker Group Preference and Failover policy that routes users to servers in domains in which the users have access permissions.

81 . Changing service accounts after installation is not supported. Substituting Domain Accounts for User Accounts By default. If you are changing the accounts for services and your farm has servers in multiple domains. you do so before installing XenApp.Planning for Accounts and Trust Relationships q Authenticating a Citrix administrator Refreshing the display or launching an application in Web Interface Enumerating users and groups Resolving users or groups when adding users to published application. Install XenApp as a domain administrator to ensure the accounts are created correctly. or defining new Citrix administrators q q q Requests to enumerate applications are routed to a server that has the required domain trust relationship if the originating server does not. the domains must have trust relationships with each other. XenApp creates local accounts to run the following XenApp services: XenApp Service CPU Utilization Mgmt/CPU Rebalancer Default Local User Account ctx_cpuuser Configuration Manager for the Web Interface Ctx_ConfigMgr Service Citrix strongly recommends that if you want to change local accounts to domain accounts. printer auto-creation lists.

Important: Citrix XenApp does not support UPN logons if a server farm spans multiple Active Directory forests. q q q q Active Directory User Permission Active Directory security groups can affect authenticating to published applications or the management console. keeping servers from different silos organized in their own OUs. Create OUs for application silos. users cannot log on by entering user principal names (UPNs). Trust-based routing does not guarantee that a user’s logon request is sent to a server in the same domain as the domain local group. The server farm is in a single Active Directory forest.) All servers reside in the same domain. However. If your farm has servers in more than one forest. however. The server farm domain has no trust relationships with non-Active Directory domains. Network configurations do not affect authentication to the management console because that console allows only pass-through authentication. Also. Domain Global Groups Authenticating to published applications Authenticating to management console   No adverse effects No adverse effects 82 . if the server farm has multiple forests. UPN logons do not require a domain to be specified. With Active Directory. (You can.Recommendations for Active Directory Environments Citrix recommends the following configuration for server farms with Active Directory: q XenApp servers are in their own Organizational Units (OUs). problems occur if the same UPN identifier exists in two domains in separate forests. as this can affect operations requiring trusted domains. if a user is a member of a domain local group. the group is in the user’s security token only when the user logs onto a computer in the same domain as the domain local group. The tables that follow contain best practice guidance. create application silos that span multiple OUs. UPN logons use the format username@UPN identifier. because Active Directory can locate full UPN logons in the directory.

Rationale: Non-Active Directory domain controllers and domains outside a universal group’s forest have no information about the universal group. the console must connect to a server that belongs to an Active Directory domain in the universal group’s forest. It is possible for a server in a non-Active Directory domain to load balance an application with servers in an Active Directory domain if the domains have an explicit trust relationship. the user must connect the console to a server in the same domain as the domain local group. 83 . Universal Groups Authenticating to published applications   Recommendation: If universal groups are assigned permission to the application. When you publish applications. Authenticating to management console Recommendation: If a user is authenticating to the console and is a Citrix administrator only by membership in a universal group. so the user is denied access to the application. universal groups are not in the user’s security token. If a published application has users from any domain local groups and you add a server from a different domain. Rationale: Domain local groups assigned to an application must be from the common primary domain of all the load balancing servers. Authenticating to management console Recommendation: If a user is a Citrix administrator only by membership in a domain local group. the user is denied access to the console because the domain local group is not in the user’s security token.Recommendations for Active Directory Environments Domain Local Groups Authenticating to published applications   Recommendation: All servers that load balance an application must be in the same domain if a domain local group is authorized to use the application. because all servers must be able to validate any user with permission to run the application. all servers that manage the application must be in an Active Directory domain. domain local groups are removed from the configured users list. Rationale: A server in a non-Active Directory domain could authenticate the user to run the application. In this case. domain local groups appear in the accounts list if the condition above is met and accounts from the common primary domain are displayed. Rationale: If the user connects the console to a server in a different domain than the domain local group.

ensure the port sharing with IIS option and ensure that IIS is configured to support HTTPS. Set up a trust relationship between the server running the Web Interface and any other servers in the farm communicating with the Web Interface through the Citrix XML Broker. configure trust requests on the server before you take the image. The Web Interface must be able to access the certificate revocation list (CRL) for the Certificate Authority used by the federation servers. If you need to provide a business partner with access to published applications. To provide users with access to resources on those servers. If you are provisioning the farm by imaging. If you plan to use AD FS with XenApp. q q q For more information about configuring support for AD FS. see the Web Interface documentation. To prevent external users from having unauthorized access to services on farm servers. Citrix recommends: q When installing XenApp on each server in your farm. These trust requests must be enabled on each server in the farm and cannot be set at a farm level. add the relevant services to the Services list using the MMC Active Directory Users and Computers snap-in. 84 . configure all XenApp servers for constrained delegation.Recommendations for Active Directory Environments Active Directory Federated Services XenApp supports Active Directory Federated Services (AD FS) when used with the Citrix Web Interface. see System Requirements for more information. AD FS might be a better alternative than creating multiple new user accounts on the enterprise domain.

Designing for monitoring and management should include hardware. software. 85 . Citrix EdgeSight is an excellent technology for monitoring XenApp farms. Citrix suggests customizing the default Resource Manager and EdgeSight metrics to meet your specific monitoring needs. software. Consider incorporating one or more monitoring tools into your environment and customizing them to provide alerts based on metrics associated with hardware. include a monitoring and management strategy to ensure the sustainability of your environment. performance.Planning for System Monitoring and Maintenance When designing your XenApp farm. For hardware monitoring. Citrix recommends the hardware management tools provided by most server vendors. and network areas. and usage requirements.

install the application as a built-in administrator or enable the Create Users setting when prompted by UAC. or part of the Administrators group on the local computer: q AppCenter XenApp Commands SSL Relay tool Speedscreen Latency Reduction Manager q q q These permissions are in addition to any requirements for the feature. provided you join the domain before installing XenApp. q q The following XenApp management features and tools require users be domain administrators. such as having a Citrix administrator account.Planning for UAC Consider the following suggestions if you will be installing XenApp on a system with User Account control (UAC) enabled. Enable the Print Services role so you can manage printer drivers and print queues on clients. the domain policy is applied automatically. q Instruct the Windows server to elevate the UAC level automatically. by configuring a Local Security Policy setting. without prompting. Instruct Windows to elevate the UAC level without prompting. When a computer joins the domain. through an Active Directory Default Domain Policy. delegated administrators. 86 . This avoids having to enable this setting on each server before installation. To allow multiuser access to an application.

Shadowing is protocol-specific.Planning for Shadowing Session shadowing monitors and interacts with user sessions. 87 . Shadowing can be a useful tool for user collaboration. When you shadow a user session. You can also use your keyboard and mouse to remotely interact with the user session. This means you can shadow ICA sessions over ICA and Remote Desktop Protocol (RDP) sessions over RDP only. and teachers. If you disable shadowing. shadowing is enabled. Any user policies you create to enable user-to-user shadowing are subject to the restrictions you place on shadowing during XenApp configuration. you can view everything that appears on the user’s session display. Citrix does not recommend disabling shadowing as a substitute for user and group connection policies. Shadowing is a server-level setting. you cannot change those settings later. or change shadowing features when configuring XenApp. Shadowing restrictions are permanent. troubleshooting. You must reinstall and reconfigure XenApp on the server to change shadowing restrictions. and monitoring by supervisors. help desk personnel. training. Important: By default.

including Citrix Single Sign-on. If users will connect to your farm over the Internet. Employing a SmartAccess strategy (for example. Citrix Access Gateway. and SQL Server Express (if that database is specified during XenApp configuration). q q q q Important: XenApp installation and configuration opens Windows firewall ports to allow incoming connections. If you use one of these technologies to control remote access to the farm. the Citrix XML Service. 88 . Limiting automatic printer driver installation on servers (enabled by default) if users are connecting from devices with locally attached printers. especially if they connect from airport kiosks or other public locations. consider: q Increasing security through two-factor authentication (adding a second authentication method such as RSA tokens). Citrix Independent Management Architecture service. See the Securing Server Farms documentation for details. You can also use SSL Relay to secure Citrix XML Broker traffic. using the Access Gateway and configuring policies that limit access according to conditions on the user’s client device or location). such as those from ICA traffic. If you want to use SSL/TLS encryption. Determining how you will deploy Citrix Receiver to users. set your firewall ports to communicate with the technology and the server farm. Securing connections to published applications with SSL/TLS. Citrix recommends enabling SSL/TLS encryption when you publish a resource. If Receiver communicates with your farm across the Internet. and Secure Gateway.Securing Delivery and Access XenApp allows secure access to resources by users. use either the SSL Relay feature (for farms with fewer than five servers) or the Secure Gateway to relay ICA traffic to the XenApp server. It also enables administrators to control and monitor access to each resource and component. Complementary XenApp technologies help provide end-to-end security.

see the Microsoft documentation. The following table indicates which XenApp user interface language is installed for each Windows System Language locale setting. For information about installing the Language Pack and changing language options. The XenApp user interface language is selected based on the language locale set in the Windows Server operating system when XenApp is installed. install the target Windows Language Pack on the Windows Server. providing six XenApp user interface languages.) 89 .Planning for Supported Languages and Windows MUI Support XenApp 6 supports all languages of Windows Server (both native and Language Packs). Windows Server 2008 R2 Language Locale English and languages other than those listed in this table French German Japanese Simplified Chinese XenApp User Interface Language English French German Japanese Simplified Chinese Spanish Spanish Before installing XenApp. (Changing the Windows system locale after installing and configuring the XenApp server role may cause data store issues. and change the language options (such as system locale and display language) to the target language.

If you are deploying the Receiver as the client for users.) Enabling passthrough authentication requires configuring components on all XenApp application servers and enabling passthrough authentication in the Citrix Receiver installed on end-user client devices. This prevents the user from having to re-authenticate when opening applications on different servers.Planning for Passthrough Client Authentication Citrix recommends enabling passthrough client authentication. In this illustration. If the passthrough authentication feature is not enabled before deploying the Receiver to end users. users must reinstall the Receiver with this feature enabled before passthrough authentication will work. When the user connects to applications published on different servers. 90 . install a Citrix Receiver on each XenApp server. passthrough client authentication enables XenApp to automatically pass user credentials from the initial server to the server hosting the next application. To configure passthrough authentication functionality on the server. install the Receiver on your server as the passthrough client. XenApp passes the user credentials from the server hosting Microsoft Outlook to the server hosting Microsoft Excel when the user opens the Microsoft Excel attachment from an email message hosted on a different server (The passthrough authentication functionality described in this topic is not the same functionality provided by Citrix Single Sign-on or password management applications in general.

Single sign-on service. From the XenApp Server Role Manager. SmartAuditor Server. q For a wizard-based XenApp installation or configuration. enter the command with valid options and properties at a Windows Server command prompt.exe command to install the XenApp server role and the XenAppConfigConsole.5 roles and components Upgrade roles (other than the XenApp server role) in XenApp 6 deployments q q q q q q q q q q For command-line installation or configuration. and port) Launch the XenApp Server Configuration Tool to configure the XenApp server role Launch configuration tools for other roles Initiate a XenApp server restart (reboot) Remove a server from a farm Prepare a server for imaging and provisioning Remove fully-integrated XenApp 6. This task division provides flexibility when using provisioning tools and disk imaging.Installing and Configuring XenApp XenApp installation and configuration are separate tasks.exe command to configure the XenApp server role. Power and Capacity Management Administration. use the XenApp Server Role Manager. The wizard-based XenApp Server Role Manager uses the Server Role Installer to help you add certain XenApp roles. server. EdgeSight Server) Launch the Citrix License Configuration Tool to configure the XenApp role license parameters (mode. It detects the deployment phase for each role and displays the next task required to complete the installation and configuration of that role. From the command line. Web Interface. and Provisioning Server) Launch installers for partially-integrated roles (Secure Gateway. Citrix licensing. q XenApp uses roles for XenApp features and related technologies. use the XenAppSetupConsole. you can: q Install role prerequisites Install fully-integrated server roles (XenApp. 91 .

0 to 6.5 media to perform a clean install of the XenApp server role on a Windows Server 2008 R2 or Windows Server 2008 R2 SP1 server. In these cases. clicking that link starts the upgrade process. reimage the server before installing the XenApp 6. After you install and configure XenApp 6. the Server Role Manager is installed locally and runs every time you log on to the XenApp server (you can disable this feature by selecting a checkbox on the main Server Role Manager page). Using the XenApp Media to Install and Upgrade Citrix recommends using the XenApp 6. the version on the installation media is used. you can migrate settings from a server running a XenApp 5 or XenApp 6. or from its Program Files location (Program Files (x86)\Citrix\XenApp\ServerRoleManager\XenAppServerRoleManager). Important: Do not attempt to upgrade components and features in a XenApp 6. see CTX130614. see XenApp Migration Center. You can also remove a XenApp server role that was installed using the XenApp 6. new software may be available for installed roles and components other than the XenApp server role.0 to the new XenApp 6. unless explicitly instructed to do so. however.0 deployment using MSIs from the XenApp 6. If you run the Server Role Manager from the XenApp 6.5 farm. Citrix provides a XenApp 6. For details. If you have an earlier XenApp version installed (including an early release or Technical Preview version). you cannot use this functionality to remove an earlier version of the XenApp server role. You can also run the Server Role Manager from Start > All Programs > Administrative Tools > Citrix > XenApp Server Role Manager.Install and Configure Accessing the Server Role Manager The XenApp Server Role Manager runs initially from the XenApp installation media.0 server.5. Clean install means that there is no previous version of the XenApp server role installed on the server.5 media. If a Server Role Manager is installed locally and you invoke a different one from the XenApp installation media.5 server role. If you cannot coordinate that recommended process. 92 . the Server Role Manager will display Upgrade next to the role or component.5 media on a XenApp 6.5 media. After you install a role.5 Upgrade Utility that you can customize for your servers.

install the most recent version of receivers. Do not join servers running this version of XenApp to a deployment with servers running previous versions of XenApp.5 media. Citrix does not support installing XenApp on a domain controller. Citrix does not support using a console from a previous XenApp release. (Elevating your privilege to local administrator through User Account Control is not a substitute for Administrators group membership. plug-ins.5 farm. and agents you use.) Important: q Do not install XenApp on a domain controller. You must use the AppCenter from the 6. When installing roles or role components other than XenApp server. q q To ensure availability of the features and functionality of XenApp to your users. see the role documentation for details about information you must provide during installation and configuration.5 media to manage the XenApp 6. For items to consider and tasks to complete before installing or configuring XenApp. You must be in the Administrators group to install and configure the XenApp software. and Installing and Configuring XenApp for how you can use the XenApp 6.Preparing to Install and Configure XenApp Review Known Issues for late-breaking information. see: q Before Installing XenApp Before Configuring XenApp q 93 .

5 media. and agents you use. see the role documentation for details about information you must provide during installation and configuration. You must be in the Administrators group to install and configure the XenApp software. install the most recent version of receivers. and Installing and Configuring XenApp for how you can use the XenApp 6.5 farm. (Elevating your privilege to local administrator through User Account Control is not a substitute for Administrators group membership. see: q Before Installing XenApp Before Configuring XenApp q 94 . q q To ensure availability of the features and functionality of XenApp to your users. Do not join servers running this version of XenApp to a deployment with servers running previous versions of XenApp. For items to consider and tasks to complete before installing or configuring XenApp. Citrix does not support using a console from a previous XenApp release. Citrix does not support installing XenApp on a domain controller.Preparing to Install and Configure XenApp Review Known Issues for late-breaking information.5 media to manage the XenApp 6. You must use the AppCenter from the 6.) Important: q Do not install XenApp on a domain controller. When installing roles or role components other than XenApp server. plug-ins.

the Citrix XML Service defaults to standalone mode with its own port settings. Ensure the server has the latest Microsoft hotfixes and that the operating system clock has the correct time. For command-line XenApp installations. as well as options you specify. XML and IIS integration is an optional component.) q q Citrix XML and IIS Integration When you install the XenApp role. Before installing XenApp. which you can change during XenApp configuration. q q In most cases. the Microsoft ServerManagerCmd. For more information. You cannot change the Citrix XML port during XenApp configuration. if needed. the Citrix XML Service and IIS share a port (default = 80). 95 . Prepare for Windows Multilingual User Interface (MUI) support. you must install the prerequisite software and Windows roles before installing XenApp. and change language options (such as system locale and display language) to the target language. see the Microsoft documentation.exe command. You can deploy prerequisites with PowerShell cmdlets.Before Installing XenApp q Review the installation topics (wizard-based or command-line) to learn what information you must provide. (Changing the Windows system locale after installing and configuring the XenApp server role may cause data store issues. install the target Windows Language Pack on the server. q When this component is installed. q The Server Role Installer checks if certain IIS role services are installed on the server. Deploying prerequisites may require a server restart before you can install the XenApp server role. q q Ensure there is no other instance of the XenApp server role installed on the server. wizard-based XenApp installations include automatic installation of prerequisite software and required Windows roles. installing the integration XML and IIS integration component is controlled through a checkbox. q In a wizard-based installation. You must configure a nondefault port only if you do not integrate with IIS and if IIS (or any other software) is using port 80. Review the XenApp System Requirements and the system requirements for other roles you plan to install. or the Microsoft Deployment Image Servicing and Management (DISM) tool. When this component is not installed.

The component is not installed. results. unexpected results may occur. component. The component is not installed Select the XML IIS Integration Specify the /install:XA_IISIntegration component checkbox. Do not specify the /install:XA_IISIntegration option. Citrix recommends you use these options to help prevent potential confusion in the future when the presence of IIS role services on the server or image may be unknown. and defaults. For a list of IIS role services. The component is installed. The component is installed. If the XML Service policy is enabled and contains a different port number setting. The following table describes the possible combinations. The component is installed (default). Specify the /exclude:XA_IISIntegration option. Clear the XML IIS Integration component checkbox. XenApp uses the installed integration component defaults. The option. IIS role services installed? Yes Wizard-based install Command-line install Select the XML IIS Integration component checkbox (default). installing the component is controlled through the /install:XA_IISIntegration and /exclude:XA_IISIntegration options. The component is not installed. and their smart defaults. see XenApp System Requirements. This is the recommended configuration. No 96 . The component is not installed.Before Installing XenApp q In a command-line installation. Do not specify the /install:XA_IISIntegration option. The Server Role Installer Server Role Installer installs the installs the IIS role services and the IIS role services and the component. Yes Yes No Do not select the XML IIS Integration component checkbox (default). When the XML and IIS integration component is installed and the XML Service Policy is disabled. - Specify the /install:XA_IISIntegration option.

The Citrix XML Service must run on a server configured in controller mode. Application enumeration and resolution are invoked only on servers configured in controller mode. q A XenApp server configured in controller mode monitors other controller servers in the XenApp farm and triggers data collector elections when necessary. During configuration. Use the /DsnFile:dsn_file option to specify the file location on the XenApp configuration command line. provided you remove the value for any workstation-specific information (such as the Oracle WSID). create a Data Source Name (DSN) file before configuring XenApp. The XenApp server mode specifies whether the server can only host sessions (session-host only mode. Additional information is available at Data Store Database Reference. (A wizard-based configuration creates the DSN file for you. If you use a Microsoft SQL Server or Oracle database for the farm data store.Before Configuring XenApp q Review the configuration topics (wizard-based or command-line) to learn what information you must provide. q If you are using a custom DSN file. q q 97 . ensure you have sufficient servers configured in controller mode that can serve as backup data collectors for your zones. also called controller). You can create the file and copy it to other servers. See CTX114501 for supported versions. the file must have write permission for the Network Service.) Each server in the farm must have the DSN file. XenApp Server Mode All XenApp servers can host sessions. q q If you use a Microsoft SQL Server Express database. also called session-only) or if it can also perform the controller functions of being elected a data collector and hosting the XML broker (controller and session-host mode. you must load the encryption key on servers that join the farm after configuring XenApp but before restarting the server. or put it on a network share. q If you use a Microsoft SQL Server or Oracle database. For an Oracle database. you specify the database to be used for the XenApp farm data store: Microsoft SQL Server Express. ensure that you also install an Oracle client on the XenApp server and restart the server. q If you plan to use the Configuration Logging feature and encrypt the data being logged. While configuring servers as session-only can improve performance (particularly in large farms with multiple zones). and use command-line XenApp configuration. or Oracle. XenApp configuration installs it automatically. Microsoft SQL Server. install and configure the database before configuring XenApp.

you cannot configure session-only on the first server in a XenApp farm.Before Configuring XenApp q The AppCenter can discover and connect only to servers configured in controller mode.) The following table shows how to specify the server mode during XenApp configuration. 98 . server mode was not configurable. you must leave and then rejoin the XenApp farm. specifying the desired mode. If you plan to migrate an earlier XenApp version to XenApp 6. By default. q q When you create a XenApp farm. Every zone and every farm must have at least one server configured in controller mode. you can choose the mode. but cannot be a data collector or XML broker Select Enable Session-host mode only Wizard-based configuration Command-line Specify Specify configuration /ImaWorkerMode:False /ImaWorkerMode:True To change the configured server mode.   Server can host sessions. all XenApp servers operated in controller mode. When you configure another server to join that farm.5. (In earlier XenApp versions. a server joins the farm in controller mode.5 server configured in controller mode. the migration operation must be run on a XenApp 6. the XenApp Server Configuration Tool automatically configures the server in controller mode. This ensures that the XenApp farm has at least one data collector. and be a data collector and XML broker (default) Select Enable Controller and Session-host modes Server can host sessions.

Installing XenApp Using the Wizard-Based Server Role Manager To install XenApp using the wizard-based Server Role Manager: 1. If you do not want to install a default component. clear its checkbox. 4. Select the roles you want to add. (The Server Role Manager displays only the roles supported in the XenApp edition you selected. install them at the same time you install the XenApp server role. then select Add server roles. Select Install XenApp Server.) 7. double-click autorun. q q 99 . The Autorun menu launches. which includes the Citrix AppCenter. Power and Capacity Management Agent. 5. The Citrix Receiver for Windows (formerly the online plug-in) and the Citrix Offline Plug-in are installed automatically when you install the XenApp role.exe. Roles may have default and optional components. 3. its default components are selected automatically. q When you select a role. this optional component is selected by default. 6. Windows Desktop Experience Integration. The Server Role Manager launches and checks if any roles are already installed. These items do not appear in the components lists. Select your XenApp edition. If you already installed roles other than XenApp. For more information. Select Add server roles. Otherwise. see Citrix XML and IIS Integration. q q For information about the XML Service IIS Integration optional component. Some roles may require current Citrix Subscription Advantage membership. install these components from the packages on the XenApp media. and you cannot disable these installations. Select role components. Accept the End User License Agreement. SmartAuditor Agent. The XenApp role has the following default components: q XenApp Management. If you plan to use role agents/plug-ins on this server (EdgeSight Agent. On the installation media. or Provisioning Services Target Device). select Add or remove server roles. 2. see Delivering XenApp to Software Services Subscribers. which configures a XenApp server to deliver remote desktops containing Windows 7 features and Microsoft applications. If IIS role services are installed on the server. Single Sign-on Plug-in.

For partially integrated roles. Review the summary. the task list indicates the next task necessary for installation or configuration. which indicates which role or component needs the prerequisite.Installing XenApp Using the Wizard-Based Server Role Manager 8. which launches the Licensing Configuration Tool. Important: When installing the XenApp role. See the role documentation for details. such as creating or joining a farm and data store database information. the display indicates whether the XenApp installation media contains the software or you must obtain it elsewhere. Review the prerequisites summary. nor are any configuration options set. 9. For installed fully integrated roles that require configuration. which lists the selected roles and components to be installed or prepared. After the installation result displays and you click Finish. q If you have not configured the license parameters for the XenApp role. It also lists prerequisites which will be automatically deployed for all selected roles. and whether the Server Role Installer installs it or you must install it. click Configure to launch the configuration tool for that role. the IMA Service is not started. After you click Install. a display indicates installation progress and the result. Run the Licensing Configuration Tool before configuring the XenApp server role. the Server Role Manager task list displays. click Install to launch the installer for that role. q q 100 . For each role you selected. click Specify Licensing. For software you must install.

exe options_properties The following table describes installation command options. /logfile:path Path for the log file generated during the installation. Installation options and properties /help Displays command help. Default = c:\Windows\Temp 101 . from the "XenApp Server Setup\bin\" directory on the XenApp media.Installing XenApp from the Command Line Command Syntax On the server where you want to install XenApp or other roles. type the following at a command prompt: XenAppSetupConsole.

SmartAuditorAgentFeature. if you do not specify the following optional components. Provisioning. PVDeviceFeature. PCMAgentFeature. Web Interface. EdgeSight Agent. Citrix Offline Plug-in. Valid values are: q EdgeSightServer. Single sign-on service. SmartAuditorServer. Power and Capacity Management Agent. see Delivering XenApp to Software Services Subscribers). PCMAdmin. Single Sign-on Plug-in. features. SsonService. You can also specify one or more of the following optional components to install. SmartAuditor Agent. they are not installed. SSONAgentFeature. this component is installed regardless of whether you specify it on the command line. EdgeSight Server. Citrix Licensing Server. If you specify XenApp. q q q q q 102 . If IIS role services are installed on the server. the Server Role Manager automatically installs the Citrix AppCenter. Licensing. Citrix Receiver for Windows (formerly online plug-in). q q q q q q q q q XA_IISIntegration. separated by commas. see Citrix XML and IIS Integration. XenApp. Except as noted. unless you use the /exclude option to exclude it. SecureGateway. Provisioning Services. SmartAuditor server. components. or technologies to install. and Windows Desktop Experience Integration feature (for more information. WebInterface. EdgeSightAgentFeature.Installing XenApp from the Command Line /install:items Comma-delimited list of roles. Secure Gateway. Power and Capacity Management administration components. XenApp server. IIS and XML Service integration. Provisioning Services Target Device. For more information.

Excludes installation of the Windows Desktop Experience Integration feature.exe /install:XenApp. Default: C:\Program Files\Citrix ONLINE_PLUGIN_INSTALLDIR=directory Specifies where to install the Citrix Receiver for Windows.Installing XenApp from the Command Line /exclude:items (Valid only when installing the XenApp server role) Comma-separated list of components to be omitted from the installation. q /edition Specifies the XenApp edition.exe /install:XenApp /Platinum The following command installs the XenApp server Platinum edition and the Web Interface in C:\Program Files\Citrix (which is the default location). XenAppSetupConsole. see Citrix XML and IIS Integration. Default: C:\Program Files\Citrix\ICA Client Examples The following command installs the XenApp server Platinum Edition in its default location. Excludes installation of the AppCenter. For more information. XenAppSetupConsole.SSONAgentFeature /exclude:XA_Console 103 . You cannot exclude the installation of the Receiver for Windows or the Offline Plug-in.WebInterface INSTALLDIR=C:\Program Files\Citrix The following command installs the XenApp server Platinum Edition and the Single Sign-on Plug-in.exe /install:XenApp. XA_IISIntegration. XenAppSetupConsole. and excludes installation of the AppCenter. Excludes installation of the XML IIS Integration component. Valid values are: q Platinum (default) Enterprise Advanced q q INSTALLDIR=directory Specifies where to install the items. Valid values are: q XA_Console. q XenAppEnhancedDesktopExperience.

recommendations are noted on the Select Licensing Model page. launch the Licensing Configuration Tool before configuring the XenApp role. After installing the XenApp role. If you clicked Test Connection on the previous page. or a mixture of unique XenApp and XenDesktop licenses on the license 104 . If you do not change the license server port value. and to check if the license server has any licenses. Specify the case-sensitive license server name. q From the Server Role Manager. Click Specify licensing. select one of the following: q Connect to existing license server. On the Select Licensing Model page. use the wizard-based Licensing Configuration Tool after installing the XenApp server role. include license server information in the XenApp server role configuration command (XenAppConfigConsole. This option is recommended if the Test Connection operation discovered no licenses. On the Enter License Server Information page. Click Test Connection to verify that the specified license server is running and using a compatible software version. q Configure later via a policy. based on licenses found on the license server.exe). the default value 27000 is used. The Licensing Configuration Tool launches. you can select a licensing model option or defer the selection to a later time. 2. 3. q See Licensing Your Product for complete Citrix licensing information. Select this model if you plan to use only XenApp licenses. which is based on the licenses currently on the license server. q XenApp. 1. Important: Select the licensing model best suited to your planned deployment. From the command line. which may differ from the recommendation. only XenApp licenses. 4. Configuring XenApp License Information using the Wizard-based Licensing Configuration Tool If you are using the Server Role Manager.Configuring XenApp Server Role License Information XenApp server role license information must be specified before a XenApp server can accept connections. access the XenApp Server Role Manager.

/LicenseServerPort. 105 . Select this model if you plan to use XenDesktop user or device licenses. you can configure XenApp license information when you configure the XenApp server role with the XenAppConfigConsole. q XenDesktop concurrent system. q To change license server and licensing model information later. click Edit Licensing in the XenApp Server Role Manager. see License server options.exe command. Configuring XenApp License Information from the Command Line From the command line.Configuring XenApp Server Role License Information server. XenDesktop user/device. For more information. This option is recommended if the Test Connection operation discovered only XenDesktop concurrent licenses on the license server. and /LicenseModel options. This option is recommended if the Test Connection operation discovered XenDesktop user/device licenses or both XenDesktop user/device and XenDesktop concurrent licenses. Select this model if you plan to use XenDesktop concurrent user licenses. Use the /LicenseServerName.

that server is where you create a new farm during configuration. and the authentication method. You are prompted for the Net Service name. 3. The database uses Windows authentication. Click Configure under XenApp.Configuring XenApp Using the Wizard-based Server Configuration Tool To configure XenApp using the wizard-based XenApp Server Configuration Tool: 1. q 4. q Create. After you install XenApp on the first server. with the instance name CITRIX_METAFRAME and database name MF20.) Existing Microsoft SQL Server database Existing Oracle database 106 . This database can be located on a remote SQL server. If you are using Oracle as your Configuration Logging database. up to 32 characters (can include spaces). (The Oracle entry appears only if the Oracle client is installed on the server where you are configuring the XenApp role. 5. 2. q q Leave. you add each server to (join) an existing farm. Join. the database name. The Server Configuration Tool launches. q If you choose the entry for New database Action When creating a farm. (Valid only if the XenApp server role was previously configured) Prepares the server for imaging. You are prompted for the instance name. the Server Configuration Tool installs the Microsoft SQL Server Express database automatically. (Valid only if the XenApp server role was previously configured) Removes the server from the farm. on the Enter basic information page: q Enter a farm name. When creating a farm. do not use hyphens in the farm name. After you install XenApp on other servers. Specify the domain and username for a user who will be the first Citrix administrator. The remainder of this procedure assumes you are creating a new farm or adding a server to a farm. Prepare this server for imaging and provisioning. Select the data store database type and connection information. Select the task to perform. The administrator has full permissions to the farm and can create additional administrator accounts. Access the Server Role Manager.

and failures are logged in the Windows event log. Shadow connections are always logged. 8. Shadowing settings supplied during XenApp configuration override system or domain policy for user-to-user shadowing. Important: Shadowing features are permanent and should be changed only if you want to permanently prevent system or domain policy from affecting that setting. If selected: q q All shadowing attempts. q 107 . 7. SQL Server Express requires an existing Windows account. you can optionally test the connection to the database. If selected: q Authorized users can view sessions but do not have keyboard and mouse input q Remote control is permanently prohibited. Force a shadow acceptance prompt. Force logging of all shadow connections. If you do not change the following server settings. The result does not affect Server Configuration Tool operations. Specify the database credentials. but it does not need to be a server or system administrator.Configuring XenApp Using the Wizard-based Server Configuration Tool 6. Default = unselected Enables user session shadowing on this server. the Server Configuration Tool uses default values. If selected. successes. Option Prohibit shadowing of user session on this server Allow shadowing of user sessions on this server Description Disables user session shadowing on this server. The default session shadowing settings (which allow shadowing) are recommended for most farms. Specify the user name in the form <DBMACHINE>\<USER> or <DOMAIN>\<USER>. If you disable shadowing or change shadowing features during configuration. shadowing cannot be enabled on this server through policies. The Server Configuration Tool adds two database administrators to SQL Server Express: (local)\administrators and the supplied credentials for the local or domain user. this cannot be disabled on this server through policies. this cannot be disabled on this server through policies. q A shadow acceptance prompt is shown on every shadowing attempt. you cannot reconfigure them later. this cannot be enabled on this server through policies. Default = selected When you enable shadowing. you can apply the following features (default = all unselected): q Prohibit remote control. When adding a server to (joining) a farm. If selected: q q Authorized users must send an acceptance prompt when attempting to shadow a session.

If you installed a plug-in or agent for the Single sign-on. you must add them manually to the Remote Desktop Users group. q Add Anonymous users. Adds all current users from the Users group to the Remote Desktop Users group. q (Displayed only when joining a farm) Select a server mode: q Enable controller and Session-host modes (default). Until you add users to this group. This server can host sessions and serve as a data collector or XML broker. Default = selected Add the Authenticated users. If the configuration fails. If you add users later. a display indicates configuration progress and the result. you are returned to the XenApp Server Role Manager. specify the requested information to enable communications with them. Adds anonymous users to the Remote Desktop Users group. EdgeSight. (The feature roles use separate tools for their configuration. Only members of the Remote Desktop Users group can connect to published applications. Enable Session-host mode only. Review the summary page. This server can host sessions but cannot serve as a data collector or XML broker. click View Log to display the configuration log. only administrators can connect remotely to the server. or Power and Capacity Management features on this server. which indicates if any requirements remain. select the checkbox and enter the name. XML Service Receiver Remote Desktop Users Citrix XML Service port.) q 10. For more information about server modes. SmartAuditor. q q The default zone name is ‘Default Zone. Select one or more of the following. Default = selected 9. Adds current (and future) domain accounts in the Windows Users group to the Remote Desktop Users group. see XenApp Server Mode. 108 . Default = unselected q Add the list of users from the Users group. Server name or URL of the Web Interface server used by the Citrix Receiver.Configuring XenApp Using the Wizard-based Server Configuration Tool Setting Data Collection Description Specify the server mode and zone name. After you click Apply.’ To create a custom zone name. see Citrix XML and IIS Integration. After configuration completes. For more information.

Configuring XenApp Using the Wizard-based Server Configuration Tool q If you have not yet configured XenApp license information. click Reboot. q 109 . To initiate a server restart. click Specify licensing.

Configuring XenApp from the Command Line
Note: The Configuration Command Syntax topic lists and describes the XenApp configuration command-line options. This topic contains information about using the XenApp configuration command and its options.

Command Conventions
Several options use Boolean values (true or false).
q

If you omit an option that requires a Boolean value, the default value is used. For example, if you do not include the /AddLocalAdmin:True|False option in the command, the default value (false) is used (that is, a local administrator is not added). If you specify an option that requires a Boolean value but you omit the value, the option default value is true. For example, for the /AddLocalAdmin:True|False option, if you specify only /AddLocalAdmin (with no :True or :False value), the option is true (that is, a local administrator is added).

q

You can use environment variables to represent one or more command-line options. For example, you can group the standard Pause, Confirm, and NotStrict options as a single environment variable. You can also use environment variables in the command-line option values (for example, /ServerName:%currentServer%, where currentServer is defined as an environment variable).

Return Codes
The XenAppConfigConsole command supports the following return codes: Value 0 1 Meaning Success Invalid command-line options - for example, the command includes the options /ServerName:server_name and /ExecutionMode:Create (an option that is valid only when joining a farm was specified when creating a farm) Unmatched parameters - an unrecognized option was specified Invalid parameters - for example, for an option that requires a Boolean value (that is, True or False), you specified 'Bob' Commit failed - the configuration process did not complete; check the log file for details

2 3 4

110

Configuring XenApp from the Command Line

Mapping of Earlier XenApp Version Properties to Options
XenApp versions earlier than 6.0 supported installation and configuration properties. Some of those properties have equivalent options in XenApp 6. Property in Earlier XenApp Version CTX_MF_FARM_SELECTION CTX_MF_NEW_FARM_NAME CTX_MF_DOMAIN_NAME, CTX_MF_USER_NAME CTX_MF_SILENT_DSNFILE CTX_MF_ODBC_USER_NAME CTX_MF_ODBC_PASSWORD CTX_MF_LICENSE_SERVER_NAME CTX_MF_LICENSE_SERVER_PORT CTX_MF_ZONE_NAME CTX_MF_XML_PORT_NUMBER, CTX_MF_XML_CHOICE CTX_MF_SHADOWING_CHOICE:yes CTX_MF_SHADOW_PROHIBIT_REMOTE_ICA CTX_MF_SHADOW_PROHIBIT_NO_NOTIFICATION CTX_MF_SHADOW_PROHIBIT_NO_LOGGING CTX_MF_ADD_ANON_USERS CTX_MF_CREATE_REMOTE_DESKTOP_USERS Option in XenApp 6 /ExecutionMode /FarmName /CitrixAdministratorAccount:domain\user /DsnFile /OdbcUserName /OdbcPassword /LicenseServerName /LicenseServerPort /ZoneName /CustomXmlServicePort /ProhibitShadowing:false /ProhibitRemoteControl /ForceShadowPopup /ForceShadowLogging /AddAnonymousUsersToRemoteDesktopUserGroup /AddUsersGroupToRemoteDesktopUserGroup

111

Configuration Command Syntax
On the server where the XenApp server role is installed, from C:\Program Files (x86)\Citrix\XenApp\ServerConfig, type the following at a command prompt: XenAppConfigConsole.exe [options] The following tables describe configuration command options, grouped by category. Note: You can also use this command to remove the XenApp server role; see Removing Roles and Components.

Configuration process and command-related options /help Displays command help. /NotStrict Allows the executable to continue processing even if options do not apply in the current context. /Confirm Displays a confirmation message before modifying the server. This can be useful when testing for correct use of command options. /Pause Pauses the executable after processing completes. This prevents the command prompt from closing when launching the command from a batch file. /LogFilename:file Logs the progress of the executable to a log file. In the log, the symbols >> indicate a function call; the symbols << indicate a function return. Default: C:\Windows\Temp General farm information options

112

Configuration Command Syntax /ExecutionMode:Create | Join | Leave | ImagePrep (Required) Specifies the task to perform.
q

Create. After you install XenApp on the first server, that server is where you create a new farm during configuration. Join. After you install XenApp on other servers, you add each server to (join) an existing farm. ImagePrep. (Valid only if the XenApp server role was previously configured) Prepares the server for imaging. Leave. (Valid only if the XenApp server role was previously configured) Removes the server from the farm.

q

q

q

/FarmName:name (Required and valid only with /ExecutionMode:Create) Specifies the farm name, up to 32 characters (can include spaces). If you are using Oracle for the Configuration Logging database, do not use hyphens in the farm name. /CitrixAdministratorAccount:domain\user (Required and valid only with /ExecutionMode:Create) Specifies the domain and username for the user who will be the first Citrix administrator. The administrator has full permissions to the farm and can create additional administrator accounts. /ZoneName:name Specifies the zone name. Default = Default Zone /AddLocalAdmin:True | False Enables or disables creation of Citrix administrator accounts for all user accounts in the local Administrators group. Default = False /ImaWorkerMode: True | False (Valid only with /ExecutionMode:Join) Enables or disables ability of the server to be a data collector or XML broker. For more information, see XenApp Server Mode. Default = False (server can be a data collector or XML broker) Database used for farm data store options If you use a Microsoft SQL Server Express database, you can simplify configuration by using the /SimpleDB option when creating the XenApp farm. When joining a farm that uses that database, use the /ServerName option to specify the name of the XenApp server on which you created the farm. /SqlExpressRootDir:ir Specifies the location of the SQL Server Express source installation directory. Default = C:\Program Files (x86)\Citrix\XenApp\ServerConfig\SqlExpress_2008. /SimpleDB Indicates the farm uses a SQL Server Express database for the data store.

113

Configuration Command Syntax /ServerName:name (Valid only with /ExecutionMode:Join and required with /SimpleDB) Specifies the name of the server where the XenApp farm was created (that is, where the SQL Server Express database was installed). /DsnFile:file Specifies the path to the DSN file used to connect to the data store. /AuthenticationType:Windows | Sql (Valid only when using a SQL Server database for the farm data store) Specifies the authentication type. Default = Windows /OdbcUserName:name (Required when creating or joining a farm) Specifies the database user name in the form <DBMACHINE>\<USER> or <DOMAIN>\<USER>. SQL Server Express requires an existing Windows account, but it does not need to be a server or system administrator. XenApp configuration adds two database administrators to SQL Server Express: (local)\administrators and the supplied credentials for the local or domain user. Specify the database password with the /OdbcPassword option. /OdbcPassword:password (Required when creating or joining a farm) Specifies the database user password. Specify the database user name with the /OdbcUserName option. License server options For more information, see Licensing Your Product. /LicenseServerName:name Specifies the name of the existing license server. /LicenseServerPort:port Specifies the license server port. Default = 27000 /LicenseModel:model Specifies the licensing model. Valid values are:
q

XA. Specify this model if you plan to use only XenApp licenses. XDC. Specify this model if you plan to use XenDesktop concurrent user licenses.

q

q XDUD. Specify this model if you plan to use XenDesktop user or device licenses. Default = XA

Session shadowing options

114

Configuration Command Syntax Important: Citrix recommends using the default values (that is, do not specify them in this command). Shadowing settings specified during XenApp configuration override system or domain policy for user-to-user shadowing. Shadowing features are permanent and should be changed only if you wish to permanently prevent system or domain policy from affecting that setting. If you disable shadowing or change shadowing features during configuration, you cannot reconfigure them later. /ProhibitShadowing:True | False Disables or enables session shadowing. Default = False (shadowing is enabled) /ProhibitRemoteControl:True | False (Valid only if shadowing is enabled) Prohibits or allows remote control shadowing. When this option is true, authorized users can view sessions but do not have keyboard and mouse input. Default = False /ForceShadowPopup:True | False (Valid only if shadowing is enabled) Enables or disables sending a shadowing acceptance popup. When this option is true, authorized users must send an acceptance prompt when attempting to shadow a session. Default = False /ForceShadowLogging:True | False (Valid only if shadowing is enabled) Enables or disables logging of all shadow connections. When this option is true, all shadowing attempts, successes, and failures are logged to the Windows event log. Default = False Citrix XML service port options For information about the XML IIS Service Integration component, see Citrix XML and IIS Integration. /CustomXmlServicePort:port Specifies the port number to be used by the Citrix XML Service. Default = 80 /SkipXmlSetting:True | False When this option is true, the Citrix XML service and IIS port numbers are not configured (that is, the default port 80 is not used). Default = False Remote Desktop Users Group options Only members of the Remote Desktop Users Group can connect to published applications. Until you add users to this group, only administrators can connect remotely to the server. Specify one or more of the following options. /AddAnonymousUsersToRemoteDesktopUserGroup:True | False Enables or disables adding anonymous users to the Remote Desktop Users group. Default = True /AddAuthenticatedUsersToRemoteDesktopUserGroup:True | False Enables or disables adding current (and future) domain accounts in the Windows Users group to the Remote Desktop Users group. Default = False

115

Configuration Command Syntax /AddUsersGroupToRemoteDesktopUserGroup:True | False Enables or disables adding all current users from the Users group to the Remote Desktop Users group. If you add users later, you must add them manually to the Remote Desk-top Users group. Default = True Image preparation and provisioning options For more information, see Preparing for XenApp Imaging and Provisioning. /RemoveCurrentServer:True | False (Valid only with /ExecutionMode:ImagePrep) Enables or disables removing the current server instance from the XenApp farm. Default = True /PrepMsmq:True | False (Valid only with /ExecutionMode:ImagePrep) Enables or disables resetting the MSMQ ID during resealing. Default = True /ClearLocalDatabaseInformation:True | False (Valid only with /ExecutionMode:ImagePrep) Enables or disables removing the server, database, and failover partner entries from the DSN file and setting the equivalent LGPO settings to NotConfigured. Default = True Important: If you enable removal of the database information, XenApp assumes an Active Directory policy will provide database settings. If a policy is not applied, the server will not restart. Feature and component options /SmartAuditorServerName:name (Required if you installed the SmartAuditor agent on the XenApp server) Specifies the name of the SmartAuditor server. /SsoPluginUncPath:path UNC path to the Single sign-on central store. Default = use Active Directory /OnlinePluginServerUrl:name_url Server name or URL of the Web Interface server used by the Citrix Receiver. /PcmFarmName:farm Power and Capacity Management farm name. /PcmWorkloadName:name Power and Capacity Management workload name. /EdgeSightCompanyName:name EdgeSight company name.

116

Configuration Command Syntax /EdgeSightServerName:name EdgeSight server name. /EdgeSightServerPort:port EdgeSight server port. Default = 80 Other options /RemoveAnonymousCitrixAccounts:True | False Removes anonymous Citrix accounts Anon000-Anon014, which are created automatically when the XenApp server role is installed. Default = False

Example
The following command, issued from the typical XenApp Server Configuration Tool location (C:\Program Files (x86)\Citrix\XenApp\ServerConfig\XenAppConfigConsole.exe), joins the server to the farm, specifying database credentials and the DSN file location, license server and model information, log file location, and Remote Desktop User Group configuration settings. “C:\Program Files (x86)\Citrix\XenApp\ServerConfig\ -XenAppConfigConsole.exe" /ExecutionMode:Join /OdbcUserName:administrator /OdbcPassword:somepasswd /LicenseServerName:somelicenseserver /LicenseServerPort:27000 /LicenseModel:XA /ZoneName:some_zone_name /DsnFile:"c:\somepath\to\example.dsn" /Log:c:\SomewhereConfigLog.txt /CustomXmlServicePort:8080 /AddAnonymousUsersToRemoteDesktopUserGroup:True /AddUsersGroupToRemoteDesktopUserGroup:True /AddAuthenticatedUserstoRemoteDesktopUserGroup:True

117

Preparing for XenApp Imaging and Provisioning
Primary deployment methods for XenApp servers include server imaging, virtualization, and provisioning. Separation of the XenApp server role installation and configuration tasks offers flexibility in deciding when to capture (create) XenApp images. Provisioning a XenApp server uses one of three typical approaches; the approach you use depends on when you configure XenApp (earlier or later) in your preparation steps. The XenApp server joins its farm on the first restart (reboot) after configuration; this ensures that the XenApp server image joins or rejoins the farm after it has been cloned with its final identity. Important: Cloning is not supported for the first server in the farm (where you created the farm during configuration), and should be used only for creating new member servers for an existing farm. The following descriptions assume you already created a XenApp farm containing at least one server. You need the data store database information and credentials for the farm.

Approach 1: Capture an image after XenApp installation, but before configuration and restart
In this approach, you install the XenApp server role, but wait to configure XenApp (join a farm) until after the server is cloned and booted. XenApp server configuration is automated, using a script. This approach is not supported in Citrix Provisioning Services using Shared Image mode. 1. Install the XenApp server role, but do not configure the server. You may want to restart the server to ensure the system path is updated properly before installing other applications. 2. Install your applications and configure the settings you want in your image. Deploying prerequisites such as Remote Desktop Services roles may require a server restart before you can install XenApp. 3. Run the generalization tools you normally run. 4. Set up a script to run when each cloned server boots. This script configures the XenApp server (including farm information) using the XenAppConfigConsole.exe command. The script then restarts the server, whereupon the server joins the farm. You can set up scripts using typical methods such as Active Directory startup scripts or the RunOnce registry key.

118

Preparing for XenApp Imaging and Provisioning 5. Capture an image of the server.

Approach 2: Capture an image after XenApp installation and configuration, but before restart
In this approach, you install and configure the XenApp server role, but wait to restart the server until after it is cloned. When the server restarts as a clone of the original image, it joins the farm with its new identity. You do not need direct access to your database server or network during configuration, so this approach can be used to prepare XenApp images for remote deployments. If you do not or cannot verify your database credentials, and they are invalid, XenApp will not join the farm when the server restarts. In that case, run the XenApp Server Configuration Tool, providing correct credentials, and then recapture an image. 1. Install your applications and configure the settings you want in your image. 2. Install the XenApp server role. Deploying prerequisites such as Remote Desktop Services roles may require a server restart before you can install XenApp. 3. Configure the XenApp server to add the server to (join) a farm, but do not restart the server. 4. Run the generalization tools you normally run. 5. Capture an image of the server. Note: If you are using the SmartAuditor agent or other features that depend on Microsoft Messaging Queuing (MSMQ), use Approach 3.

Approach 3: Capture or update an image after XenApp installation, configuration, and restart
If you require XenApp to be installed and working before you create a final image, you must remove the server from the farm, then rejoin the farm before your final shutdown (for example, after sysprep), so that the server will join the farm on the next restart, with its new identity. 1. Install the XenApp server role. Optionally, install the Provisioning Services Target Device software. This software resets your network connection during installation. Failures may occur if you install this component from a network location. Although these failures are not commonly harmful, Citrix recommends installing the Provisioning Services Target Device software from a DVD, mounted ISO, or local copy of the installation media. 2. Configure XenApp to join a farm, and then restart (reboot) the server. 3. Install your applications and configure the settings you want in your image.

119

Preparing for XenApp Imaging and Provisioning 4. Edit your XenApp configuration and select the task Prepare this server for imaging and provisioning. (For a command-line configuration, specify the /ExecutionMode:ImagePrep option.)
q

If you are working with an image template that you do not want to keep in the current farm, select the Remove this current server instance from the farm checkbox. (For a command-line configuration, use the /RemoveCurrentServer:True option.) If you are provisioning the XenApp server with SmartAuditor or other features that depend on MSMQ, selecting the Prepare Microsoft Messaging Queuing provisioning checkbox ensures a new unique machine identifier when the server image boots. (For a command-line configuration, use the /PrepMsmq:True option.) If you select the Clear database location settings from this server checkbox, the default database information is removed from local settings (server, database, and failover partner entries are removed from the DSN file; LGPO is set to NotConfigured). This ensures that cloned servers can join only a XenApp farm that is specified with inherited group policy settings. (For a command-line configuration, use the /ClearLocalDatabaseInformation:True option.)

q

q

Important: If you select this checkbox, XenApp assumes an Active Directory policy will provide database settings. If a policy is not applied, the IMA Service will not start. 5. Run the generalization tools you normally run. 6. Capture an image of the server. The server joins the farm when the image boots.

Resealing an image
If a golden image requires updating (for example, with Citrix or Windows hotfixes, or third-party applications and patches), you can reseal the image. This procedure is similar to approach 3. 1. Boot into the image to make modifications. The XenApp server will try to join the farm if it can. 2. Modify the server as needed. 3. Proceed with step 4 in Approach 3. During the resealing process, the Server Configuration Tool:
q

Removes server-specific information, such as WSID in MF20.dsn, WSID in RadeOffline.dsn. Creates a unique Secure Ticket Authority (STA) ID in CtxSta.config, using the MAC address. Resets the local databases and removes the Servers setting from the Independent Management Architecture (IMA) data store by clearing the IMA local host cache and

q

q

120

Preparing for XenApp Imaging and Provisioning RadeOffLine databases.
q

Places the following configuration information into the Local Group Policy Object (LGPO) if they have nondefault values (nondefault values appear as Configured, default values appear as NotConfigured).
q

Product feature and server edition License server hostname License server port number XML Service port Database server, database, and failover partners (if that checkbox was selected)

q

q

q

q

Installation and Configuration Considerations
For provisioning purposes, you can install the XenApp server role using the wizard-based XenApp Server Role Manager or the command line. For wizard-based installations, do not proceed to configuring the XenApp server role until you are ready, based on the approach you select. Configuring the XenApp server after it is instanced (approach 1) should be automated using the command line. You can use the wizard-based XenApp Server Configuration Tool or the command line to configure the XenApp server if you choose approach 2 or 3. When preparing a XenApp server for imaging and provisioning:
q

The server should not be the only server in the XenApp farm. The server should not be the data collector. The server should not have the data store database installed on it. The server should not have the Citrix License Server installed on it.

q

q

q

Important: When provisioning XenApp, you must remove the server SSL certificate before running XenConvert; otherwise, the SSL certificate will be distributed to all provisioned XenApp servers. For example, the following command, issued from the root of the installation media, installs the XenApp server role and the Provisioning Services target device, and excludes installation of the AppCenter. \XenApp Server Setup\bin\XenAppSetupConsole.exe /install:XenApp,PVDeviceFeature /exclude:XA_Console The following command prepares XenApp for imaging and provisioning. The server will be removed from the current farm, and when the server image boots, it will contain a unique MSMQ machine identifier. Database identification information will be removed from the DSN file.

121

Preparing for XenApp Imaging and Provisioning “C:\Program Files (x86)\Citrix\XenApp\ServerConfig\ -XenAppConfigConsole.exe" /ExecutionMode:ImagePrep /RemoveCurrentServer:True /PrepMsmq:True /ClearLocalDatabaseInformation:True

122

Removing Roles and Components
You can remove the following fully-integrated XenApp 6.5 roles and some components using the wizard-based Server Role Manager or the command line:
q

XenApp Web Interface Licensing Single sign-on service Provisioning server

q

q

q

q

Important: Although you can use Windows Programs & Features to remove fully-integrated XenApp 6.5 roles, Citrix strongly recommends using the Server Role Manager. To remove other roles (EdgeSight server, SmartAuditor server, Power and Capacity Management administration components, Secure Gateway), use Windows Programs & Features. You cannot use the XenApp 6.5 Server Role Manager to remove fully-integrated roles in an earlier XenApp version deployment (including early release or Technical Preview versions). In those cases, Citrix recommends reimaging the server and then installing XenApp. When you remove the XenApp server role, the process automatically removes the server from the XenApp farm.

123

Removing Roles and Components

Removing Roles and Components Using the Wizard-based Server Role Manager
1. Access the XenApp Server Role Manager. 2. Select Add or remove server roles. 3. On the Select a task page, select Remove server roles. 4. Select one or more roles to remove. If you select a role that has default components, those default components are automatically selected; you cannot change this (that is, you cannot remove the role without also removing its default components). To remove only a default component (for example, to remove the AppCenter but leave the XenApp server role installed), select only the component, not the role. You cannot remove the XenApp XML IIS Integration default component or the Windows Enhanced Desktop Experience optional component. Required role components are not listed. The Receiver for Windows and the Offline Plug-in are automatically installed with the XenApp server role; you cannot remove them using the Server Role Manager unless you also remove the XenApp server role. 5. Review the summary, which lists the roles and components to be removed. After you click Remove, a display indicates the progress and the result.

Removing XenApp Roles and Components Using the Command Line
On the server where you want to remove a role or component, from either the “%PROGRAMDATA%\Citrix\XenAppUninstall\” or “XenApp Server Setup\bin\” directory, type the following at a command prompt: XenAppSetupConsole.exe options Valid options are:

/help Displays command help. /logfile:path Path for the log file generated during the removal.

124

Removing Roles and Components /uninstall:items Comma-delimited list of roles and components to remove. Valid values are:
q

WebInterface. Web Interface role. Licensing. License server role. SsonService. Single sign-on service role. Provisioning. Provisioning Services role. XenApp. XenApp server role. XA_Console. AppCenter. EdgeSightAgentFeature. EdgeSight agent. SmartAuditorAgentFeature. SmartAuditor agent. SSONAgentFeature. Single Sign-on Plug-in. PCMAgentFeature. Power and Capacity Management agent. PVDeviceFeature. Provisioning Services target device.

q

q

q

q

q

q

q

q

q

q

Note: You cannot remove the XenApp XML IIS Integration or Enhanced Desktop Experience components. The Receiver for Windows and the Offline Plug-in are removed when you remove the XenApp server role. Important: When using the XenAppSetupConsole.exe command to remove roles or components, do not specify options that configure the XenApp role.

Examples
The following command removes the XenApp server role and all its default components. XenAppSetupConsole.exe /uninstall:XenApp The following command removes the Web Interface and the XenApp server role. XenAppSetupConsole.exe /uninstall:XenApp,WebInterface The following command removes the SmartAuditor agent component. XenAppSetupConsole.exe /uninstall:SmartAuditorAgentFeature

125

Data Store Database Reference
See the database vendor documentation before installing, configuring, and using the database software. CTX114501 contains information about supported database versions. If you use a Microsoft SQL Server 2008 Express database for the farm data store, XenApp configuration automatically installs it. Important:
q

Citrix does not support case-sensitive databases. To avoid corruption, do not directly edit data in the data store database with utilities or tools other than those provided by Citrix.

q

Maintaining, Backing up, and Restoring a XenApp Data Store
Most database maintenance requires running the dsmaint and dscheck server utilities on XenApp farm servers. The XenApp Server Utilities Reference contains syntax and use details. Use dsmaint to:
q

Upgrade the XenApp data store Move the data in the data store to a different database server Change the name of the DSN file

q

q

If the data store fails, each farm server can run from the data in its Local Host Cache indefinitely, provided it can contact the license server. However, you cannot make any modifications to the farm or use the AppCenter. Create a backup copy of the data store (dsmaint backup). Without a backup, you must manually recreate all of the farm policies, settings, accounts, and other persistent data in the data store. To restore a backup database or to migrate to a new server, use the dsmaint migrate utility. Without a backup, prepare a new data store the way you did before configuring XenApp and run the XenApp Server Configuration Tool from any farm server. After running the Server Configuration Tool, manually reenter the lost settings. If you use the same name as the previous data store, you do not need to reconfigure the farm servers.

126

Microsoft SQL Server Database
The server hosting the Microsoft SQL Server database should meet the following minimum requirements:
q

Approximately 100MB of disk space for every 250 servers and 50 published applications in the XenApp farm. Provide more disk space for greater numbers of published applications. Set the "temp" database to automatically grow on a partition with at least 1GB of free disk space. Citrix recommends 4GB if the farm is large and includes multiple print drivers.

q

The default database installation settings and database sizes usually suffice for XenApp data store needs. Microsoft SQL Server supports Windows and Microsoft SQL Server authentication. For high-security environments, Citrix recommends using Windows authentication only. The user account for installing, upgrading, or applying hotfixes to the data store must have database owner (db_owner) rights to the database. When you finish installing the database with database owner rights, set the user permissions to read/write only to increase the security of the database. Change the rights back to database owner before installing service packs or feature releases; installations can fail if the user account used to authenticate to the data store during Setup does not have database owner rights. When using Microsoft SQL Server in a replicated environment, use the same user account for the data store on each Microsoft SQL Server. Each farm requires a dedicated database. However, multiple databases can be running on a single server running Microsoft SQL Server. Do not configure the farm to use a database that is shared with any other client/server applications. Back up the database regularly and follow Microsoft recommendations for configuring database and transaction logs for recovery (for example, setting the Truncate log on Checkpoint option to control log space).

127

Microsoft SQL Server Database

Using Sockets to Connect to a Microsoft SQL Server Database
Two protocols used to connect to a database are TCP/IP sockets and named pipes. Named pipes is an authenticated communication protocol, so any time you attempt to open a connection to the SQL Server database using this protocol, the Windows authentication process occurs. TCP/IP sockets do not rely on Windows authentication to establish a connection, but do provide user/password authentication to the database after the connection is established. Windows authentication reduces the possibility of an error occurring when the server hosting SQL Server and the XenApp server do not have the correct domain or Active Directory trust relationship. Therefore, Citrix recommends using TCP/IP sockets. If you use named pipes, manually enable the named pipes option on the database server using the Surface Area Configuration tool packaged with SQL Server.

Creating a Microsoft SQL Server Data Source Connection
1. On the Create a New Data Source to SQL Server screen, enter the data source description and select the SQL Server to which to connect. 2. Select Windows NT Authentication or SQL Server Authentication. 3. Click Client Configuration. 4. Select TCP/IP from the available network libraries. 5. After installing XenApp, modify the Data Source Name (DSN) created during configuration and change its client configuration to use TCP/IP. To modify a DSN, use the Windows ODBC Data Source Administrator utility to open the File DSN, which is located by default in the %ProgramFiles(x86)%\Citrix\Independent Management Architecture folder, and select TCP/IP as the connection protocol for the client configuration.

Using Failover with Microsoft SQL Server
For fault tolerance with Microsoft SQL Server, use Microsoft clustering, which provides failover and failback for clustered systems. Failover of the SQL Server database in a clustered environment is transparent to XenApp. The database files for an instance of Microsoft SQL Server are placed in a single cluster group owned by the node on which the instance is installed. If a node running an instance of Microsoft SQL Server fails, the cluster group containing the data files for that instance is switched to another node. The new node already has the executable files and registry information for that instance of Microsoft SQL Server on its local disk drive, so it can start 128

Microsoft SQL Server Database up an instance of Microsoft SQL Server and start accepting connection requests for that instance. Microsoft Cluster Services clustering does not support load balancing among clustered servers because it functions in active/passive mode only.

Using Distributed Databases with Microsoft SQL Server
XenApp supports distributed (replicated) databases. Replicated databases are useful when too many read requests to the data store create a processing bottleneck. Microsoft SQL Server uses replication to create the distributed database environment. XenApp requires data coherency across multiple databases. Therefore, a two-phase commit algorithm is required for storing data in the database. When configuring Microsoft SQL Server for a two-phase commit, use the Immediate Updating Subscriber model. When configuring Microsoft SQL Server, you may need to increase the value of the Max Text Replication Size property to improve replication performance. Caution: To avoid corruption, do not use merged replication. To set up a distributed environment for an existing XenApp farm: 1. Configure a Publisher (the Microsoft SQL Server currently hosting the data store) and Subscribers (remote sites) using Microsoft SQL Server Enterprise Manager. 2. Run the dsmaint publishsqlds command on a server in the farm. This executes the necessary SQL statements to create the published articles on the current Microsoft SQL Server (Publisher). 3. Configure the remote sites (Subscribers) to subscribe to the published articles created in the previous step.

129

Oracle Database
The server hosting the Oracle database should meet the following minimum requirements:
q

Approximately 100MB of disk space for every 250 servers and 50 published applications in the farm. Provide more disk space for greater numbers of published applications. 20 MB minimum tablespace size.

q

Oracle supports Windows and Oracle authentication. Oracle for Solaris supports Oracle authentication only; it does not support Windows authentication. In the Oracle sqlnet.ora file, set SQLNET.AUTHENTICATION_SERVICES= (NONE). The default setting (NTS) will cause connection failures. Do not install XenApp on a server hosting an Oracle database. Install the Oracle client on the server where you will be installing XenApp and then restart the server before you install XenApp. The Oracle user account must be the same for every server in the farm because all XenApp servers share a common schema. If you are using one database to hold information for multiple farms, each farm represented in the database must have a different user account because the data store information is stored in the Oracle user account. The account used to connect to the data store database has the following Oracle permissions:
q

Connect Resource Unlimited Tablespace (optional)

q

q

Consider the following guidelines when configuring an Oracle server.
q

Use Shared/Multi-Threaded Server mode to reduce the number of processes in farms with more than 100 servers (performance may be affected during periods of high data store load). If you are using Multi-Threaded Server mode, verify that values in the Init.ora file are greater than or equal to the following values. If you are running multiple farms on the same Oracle database, include all XenApp servers in the calculations. Round up fractional values. shared_servers = Number of servers / 10 max_shared_servers = Number of servers / 5

q

130

Oracle Database Where Number of servers is the total number of servers running XenApp.
q

When using an Oracle server in dedicated mode, add one additional process for each server connected directly to the Oracle database. For example, if the Oracle server uses 100 processes before installing XenApp, and the farm has 50 servers, set the processes value to at least 150 in the Init.ora file on the Oracle server. Create online backups using Archivelog mode, which reduces the recovery time of an unresponsive database. If you are using the same Oracle database for multiple server farms, create a unique tablespace with its own user name and password for added security for each farm. Do not use the default system account within Oracle. Maintain a standby database for quick disaster recovery. A standby database maintains a copy of the production database in a permanent state of recovery.

q

q

q

Using Distributed Databases with Oracle
Oracle uses replication to create the distributed database environment. To reduce the load on a single database server, install read/write replicas and distribute the farm servers evenly across the master and replicas. XenApp requires data coherency across multiple databases. Therefore, a two-phase commit algorithm is required for writes to the database. Using Oracle as a distributed database solution has the following requirements:
q

All participating databases must be running Oracle. All participating databases must be running in Multi-Threaded Server/Shared mode (rather than Dedicated mode). All Oracle clients (XenApp servers that connect directly to the Oracle database) must be SQL*Net Version 2 or Net8. Install the farm data store database first on the master site, then configure replication at the sites used for database replication snapshots. Replicate all objects contained in the data store user schema (tables, indexes, and stored procedures).

q

q

q

q

If the performance at the replicated database site is significantly slower, verify that all the indexes for the user’s schema are successfully replicated. When configuring Oracle for a two-phase commit:
q

Use synchronous snapshots that can be updated with a single master site. XenApp requires write access to snapshot. Use the Oracle Fast Refresh feature where possible (this requires snapshot logs). When setting up the replication environment, do not configure conflict resolution.

q

q

131

they can block local data transfers (because all connections share a set of worker threads). With Oracle replication. data is not sent over the link. To remedy this. increase the value of the Max_Mts_Servers parameter in the Init. if no changes are made. When Oracle is configured in Multi-Threaded Server mode and remote data transfers are initiated from the remote site.ora file. q 132 .Oracle Database q Set the replication link interval to be as frequent as the network environment allows.

5 Upgrade Utility that you can customize for your servers.) If you cannot coordinate that recommended process. use the Web Interface user roaming feature to help ensure that users can access applications and resources. Citrix recommends performing the entire migration from a server in the new XenApp farm. see CTX130614.5 XenApp 6.5 test/pilot source farm. worker groups already exist.5 deployed in a test/pilot farm XenApp 6. If you are migrating a XenApp 6. q If you are migrating a XenApp 5 source farm.0 to 6.XenApp Migration Center The XenApp Migration Center pulls data from a server in a source XenApp server farm and imports (adds) it to a new XenApp server farm. Then. use the XenApp Server Configuration Tool to create a new farm or join servers to that new farm. so you do not need to set up server mappings before the migration. q You can preview (analyze) a migration. The data is grouped as object types. (Clean install means that there is no previous version of the XenApp server role installed on the server. if your deployment does not allow this. However. that is. After you configure and restart the new XenApp server. without actually performing the migration.0 source farm or a XenApp 6.0 New Farm XenApp 6. As the migration of more source farm servers continues.5 XenApp 6. use the Migration Center installed on that server to import objects from the source farm. Source farm XenApp 5 for Windows Server 2003 (with minimum HRP5) or XenApp 5 for Windows Server 2008 XenApp 6. If you then migrate those objects. you can 133 . the current value in the new farm is overwritten with the current value in the source farm. You can repeat the migration as additional servers in the source farm become ready for reimaging in the new farm. The following table lists the supported XenApp versions for the source farm and the new farm. Citrix recommends you first use the XenApp 6. the Migration Center indicates which objects will be imported during a migration. this is a direct migration. and lists differences.5 media to perform a clean install of the XenApp server role on one or more Microsoft Windows Server 2008 R2 or Microsoft Windows Server 2008 R2 SP1 servers. servers in that source farm are migrated to worker groups in the new farm according to server-to-worker-group mappings you specify before starting the migration. the Migration Center compares source farm objects with objects in the new farm. Citrix provides a XenApp 6.5 deployed in a production farm In all migrations. During subsequent migration previews. Servers in the mapping are representative servers chosen from each server silo in the XenApp 5 farm.

Then. you split the migration process by installing and using the Migration Center on a server in the source farm to export settings. In this case. 134 . you import the settings into the new farm. using the Migration Center installed on a server in the new XenApp farm.Migrate perform an indirect migration.

and then use the graphical interface to preview and run the migration. Action Command-line interface Graphical interface 135 . error messages and the command-line interface refer to the remote server in the legacy farm. you can configure them through the command-line interface. * Supports direct migrations. regardless of the CPU priority level in the source farm. The graphical interface refers to the XenApp 6. the command-line interface uses new farm. You can override an object property value (setting). (Both interfaces honor Migration Center settings configured from either interface. preview. Imports all property values (settings) for all objects. display. The interfaces use different terminology: q The graphical interface refers to the server in the source farm.5 farm as the target farm. For example. preview. Imports all objects from the source farm into the new farm. You can also explicitly specify 32-bit applications to be migrated. q The following table summarizes the differences between the interfaces. For example. the command-line interface uses that value for subsequent actions. or other customizations in the graphical interface. Supports direct and indirect migrations. display. if not explicitly overridden with a different server name in the command line.) The following table summarizes how to perform migration tasks in each interface. their paths will be converted to \Program Files (x86)\ so they will launch properly in the 64-bit farm environment. if you specify a source server in the graphical interface. and can specify a different location where the data exported from the source farm is placed before importing it into the new farm. you can specify a CPU priority level for applications imported to the new farm. You can use the Migration Center through a graphical interface or a command-line interface. objects to include or exclude. You can specify object types and named objects to include and exclude from the migration. Graphical interface Application that guides you through a series of set up. * Command-line interface A collection of PowerShell cmdlets that you issue in a recommended sequence to set up. and other action screens. and other actions.Migration Center Interfaces The Migration Center comprises a PowerShell module. * Although you cannot specify setting overrides.

display.XenApp Migration Center Add. or remove a server mapping (valid only when migrating a XenApp 5 farm) Specify a source farm server name Add-XAServerMapping. Get-XASettingOverride. Get-XAServerMapping. display. Remove-XASettingOverride Start-XAMigration –PendingReportOnly Start-XAMigration Start-XAMigration {-ExportOnly | -ImportOnly} Worker group mappings Choose a source farm Specify a nondefault data folder location Specify objects to include or exclude Display migration options Specify. or remove a value for an individual object property Preview a migration Migrate Import only or export only (configure in command-line interface) (configure in command-line interface) (display in command-line interface) (configure in command-line interface) Analyze Farms Migrate to Target Farm (use command-line interface) 136 . Remove-XAServerMapping Set-XAMigrationOption –RemoteServerName or Start-XAMigration -RemoteServerName Set-XAMigrationOption -DataFolderPath Set-XAMigrationOption –ObjectType –Include –Exclude Get-XAMigrationOption Add-XASettingOverride.

The graphical interface refers to the XenApp 6. The interfaces use different terminology: q The graphical interface refers to the server in the source farm. display. Imports all objects from the source farm into the new farm. error messages and the command-line interface refer to the remote server in the legacy farm. the command-line interface uses new farm. objects to include or exclude. if not explicitly overridden with a different server name in the command line. You can specify object types and named objects to include and exclude from the migration. preview. preview. you can specify a CPU priority level for applications imported to the new farm. their paths will be converted to \Program Files (x86)\ so they will launch properly in the 64-bit farm environment.) The following table summarizes how to perform migration tasks in each interface. Action Command-line interface Graphical interface 137 . if you specify a source server in the graphical interface. * Although you cannot specify setting overrides. and other action screens. regardless of the CPU priority level in the source farm. or other customizations in the graphical interface. and can specify a different location where the data exported from the source farm is placed before importing it into the new farm. and other actions. * Supports direct migrations.Migration Center Interfaces The Migration Center comprises a PowerShell module. For example. For example. Imports all property values (settings) for all objects. and then use the graphical interface to preview and run the migration. You can override an object property value (setting). you can configure them through the command-line interface. Graphical interface Application that guides you through a series of set up. * Command-line interface A collection of PowerShell cmdlets that you issue in a recommended sequence to set up.5 farm as the target farm. Supports direct and indirect migrations. You can also explicitly specify 32-bit applications to be migrated. display. (Both interfaces honor Migration Center settings configured from either interface. q The following table summarizes the differences between the interfaces. You can use the Migration Center through a graphical interface or a command-line interface. the command-line interface uses that value for subsequent actions.

display. Remove-XASettingOverride Start-XAMigration –PendingReportOnly Start-XAMigration Start-XAMigration {-ExportOnly | -ImportOnly} Worker group mappings Choose a source farm Specify a nondefault data folder location Specify objects to include or exclude Display migration options Specify. Get-XASettingOverride. or remove a value for an individual object property Preview a migration Migrate Import only or export only (configure in command-line interface) (configure in command-line interface) (display in command-line interface) (configure in command-line interface) Analyze Farms Migrate to Target Farm (use command-line interface) 138 . or remove a server mapping (valid only when migrating a XenApp 5 farm) Specify a source farm server name Add-XAServerMapping. display. Get-XAServerMapping. Remove-XAServerMapping Set-XAMigrationOption –RemoteServerName or Start-XAMigration -RemoteServerName Set-XAMigrationOption -DataFolderPath Set-XAMigrationOption –ObjectType –Include –Exclude Get-XAMigrationOption Add-XASettingOverride.Migration Center Interfaces Add.

Policies are migrated by creating an IMA (Independent Management Architecture) User GPO (Group Policy Object) with the same name as the policy. but they are not attached to servers. for the corresponding worker group to be associated with the application. Citrix policies that are configured in Active Directory using the Group Policy Management Console are not migrated. For user filters. the server objects are not migrated. Worker groups are created as necessary. this includes worker groups. Migrated load evaluators are attached to applications (where applicable). This policy is filtered by worker group. this includes pre-launched applications. Load evaluators and their rules are migrated. Object Type Application Description All applications are enumerated. Citrix policies in the source farm that are configured in XenApp Management (Delivery Services Console or AppCenter) can be migrated. this includes load balancing policies. but they are not associated with servers or OUs (Organizational Units).Objects You Can Migrate You can migrate the following XenApp object types. the application path is not translated. only the accounts that can be resolved on the target server in the new farm (account authorities that are trusted in the new farm) are migrated. When migrating from a XenApp 6.0 farm or a XenApp 6. configuration settings for servers specified in the server mapping file are migrated by creating an IMA Machine GPO named "WorkerGroupname" where name is the name of the worker group specified in the server mapping file. Folder Includes application folders and server folders. Server filters are migrated by using the Server Group (worker group) filter for the servers in the mapping file.5 test/pilot farm. Load evaluator Policy 139 .5 test/pilot farm. Server configuration When migrating from XenApp 5.0 farm or a XenApp 6. When migrating from a XenApp 6. however. Server folders are migrated so that server permissions can be copied. When migrating from a 32-bit XenApp 5 platform. Only users that can be resolved on the server in the new farm (account authorities that are trusted in the new farm) are migrated.5 test/pilot farm. the application must be published to one of the servers specified in the server mapping file. When migrating from a XenApp 6. however.

whether they correspond to a deprecated feature or a configuration setting that is now supported as a policy. a group policy is created for the initial zone. the Zone Preference and Failover policy is converted to a load balancing policy that is filtered by worker groups. if all servers in a worker group are in the same zone. if all servers in a worker group have the same load evaluator. HMR test configurations are migrated into policies in the new farm. When migrating from a XenApp 6. q q The following settings are not migrated: q Printer management Configuration Logging settings q Only settings that reside in the IMA data store are migrated. Permissions that do not exist in the XenApp 6.Objects You Can Migrate Farm configuration Administrator Farm configuration settings are migrated by creating an IMA Machine GPO named "Farm. Health Monitoring and Recovery (HMR) test executables are not copied. so they are copied. When migrating worker groups from a XenApp 6. but the printer path is not validated on the new farm. it is assumed that the source farm has zone and load evaluator policies. a policy is created.0 farm. The conversion uses the server mappings specified for the migration.5 test/pilot farm. an initial zone policy is not created. settings that reside only in the server registry are not migrated. such as AIE (Application Isolation Environment). and a warning appears. Session printers are migrated. The migration process ignores the following settings: q Deprecated settings. zones and load evaluator attachments to servers are not migrated.5 release. If all servers are not in the same zone. however." This policy is unfiltered. however. and a filter by worker group is applied. q 140 . For zones and load evaluators: q When migrating from a XenApp 5 farm. Farm and server settings from the source farm are compared against the default values used when the new farm was created. The corresponding setting in the policy in the new farm is set to "Not Configured" if it matches the default value for the same setting in the new farm. Only Citrix administrators whose accounts can be resolved on the server in the new farm are migrated (the corresponding account authorities are trusted in the new farm or they represent Citrix built-in accounts). Similarly.

network printers used by policies (session printers) must have a 64-bit driver installed in the print server. and the MFCOM service must be available. you must be a member of the DCOM users group.0 farm) or XenApp 6. or XenApp 5 for Windows Server 2008.5 (in the XenApp 6.0 (in the XenApp 6.5 test/pilot farm). Requirements for a XenApp 5 Source Farm q The servers in the XenApp 5 farm must be running XenApp 5 for Windows Server 2003 with at least Hotfix Rollup Pack 5 (HRP5).5 Test/Pilot Source Farm q The servers in the farm must be running XenApp 6. The XACOM service must be available. those printers will not be migrated. When migrating from a 32-bit XenApp 5 farm. and a Citrix administrator with at least view-only privileges. You must be a Citrix administrator with at least view-only privileges. q q q Requirements for a XenApp 6. The source server must have network COM+ access enabled. q q 141 . To access the source server using a remote connection.Requirements and Installation You can migrate a single XenApp farm.0 Source Farm or a XenApp 6. otherwise.

Set the PowerShell execution policy to AllSigned (Set-ExecutionPolicy AllSigned) or above. You must have write access to the folder where the exported data from the source farm is placed before being imported into the new farm. By default.Install_x64. update the new farm with file type associations (using the Update file types from registry task in the Citrix AppCenter) before you migrate applications. By default. If your deployment does not allow this. plus server mappings (when migrating a XenApp 5 farm). You must be a Citrix administrator with full privileges. double-click Citrix. This software is required for XenApp server installation and configuration. q If you are migrating from a XenApp 5 farm. (However. In the Administration\Delivery Services Console\setup folder.) Restart the server after configuration. (You cannot use the Migration Center on a XenApp 6. so it is likely to already be installed. execution of PowerShell scripts is disabled. The XenApp server must be configured with the XenApp controller server mode.xml file containing any migration options and property overrides you set through the Migration Center command-line interface.xenapp. You can specify a different folder in the command-line interface with the Set-XAMigrationOption cmdlet.msi.Requirements and Installation Requirements for the New XenApp 6. This folder also contains the migrationoptions.) Installing the Migration Center The XenApp Migration Center is installed automatically when you install and configure the XenApp 6.0 q q q PowerShell 2. entirely from a server in the new farm.5 server configured with the XenApp session-only server mode.5 server role. the Migration Center creates it. This allows the migration process to create the associations in the new farm.5 server role must be installed and configured on the Microsoft Windows Server 2008 R2 or Microsoft Windows Server 2008 R2 SP1 server where you will use the Migration Center. If you need to re-install the Migration Center at a later date.5 SP1 MSI 3.XenApp. q q q q q q .Migration.5 media. The following software is required to run the Migration Center. create worker groups in the new farm for server and application silos. this is a folder named Data.5 Farm q The XenApp 6. see Indirect Migrations and Advanced 142 . The IMA and XACOM services must be running.migration). use the installation file on the XenApp 6. Note: Citrix recommends performing direct migrations.NET Framework 3.0 If the source farm uses file type association for published applications. located under the XenApp Migration Center installation files in C:\Users\user\appdata\local\citrix\citrix. if a worker group you specify in a server mapping does not exist.

Requirements and Installation Cmdlets for additional installation information about indirect migrations. 143 .

a XenApp 5 farm migration is not complete without them. or preview a migration. Although mappings are not required. the welcome page appears. Important: If you previously used the command-line interface to configure a migration with setting overrides. and the XenApp version (the display for servers in a XenApp 5 farm may indicate XenApp 4. 3.5). From the Start menu. click Add. If you have not specified a server in the source farm (for a previous migration or preview). To manage server mappings (if you are migrating a XenApp 5 farm). Click Check. if needed. select All Programs > Citrix > XenApp Migration > Citrix XenApp Migration Center. you can change the source server. b. click Change source farm. The Configure worker group mappings dialog box appears.5). and other customizations. the display indicates the XenApp farm name to which the server belongs. Each mapping specifies a representative server chosen from a server silo in the source farm. If the specified server is found. To change the source server. The application launches and the environment initializes. a.Migrating XenApp Using the Graphical Interface 1. click Worker group mappings. If the specified server is found. object inclusions or exclusions. or the Zone Preference and Failover policy). the display indicates the XenApp farm name to which the server belongs. select the entry and click Edit and then change values. Enter the name or IP address of a server in the source farm and the name of a worker group in the new (target) farm. server settings. 4. From the welcome page. or browse for the server and worker group. those customizations are applied when you use the graphical interface to preview or migrate. Important: Before migrating a XenApp 5 farm for the first time. 5. If you change the source server. the welcome page indicates that customizations were previously configured. q To add a mapping. q 144 . After you specify a server in the source farm. 2. the Choose a source farm dialog box appears. and the XenApp version (the display for servers in a XenApp 5 farm may indicate XenApp 4. application servers. To edit a mapping. and click Check. In this case. because no data about the servers will be migrated (for example. be sure to update any previously-configured custom migration options and worker group mappings that refer to objects or locations in the source farm. enter the name or IP address of the server in the source farm. listing all previously-configured mappings. you must configure mappings. Enter the name or IP address of the server in the XenApp source farm. manage server-to-worker-group mappings (if you are migrating a XenApp 5 farm).

the display identifies new and changed objects (that is. leaving the differences unchanged. and use the command-line interface to customize the migration to accommodate any differences you want to retain. or objects you want to expressly include or exclude during subsequent migrations. if you select the Automatically perform migration if analysis is successful checkbox. Then. q 145 . 6. 7. without taking any action). select the entry and click Remove. Remember: Any customizations you configured previously using the command-line interface are used when you preview or migrate in the graphical interface. the actual migration will start automatically if the analysis completes successfully and identifies differences between the farms. Click View log to display the PowerShell log containing details of the analysis. see what will happen during a migration. After a migration. continue with Post-migration Tasks. click Analyze Farms. you can: q Click Migrate to Target Farm to start the migration. different objects and objects with different setting values in the source farm and the target farm). To preview a migration (that is. During the analysis.Migrating XenApp Using the Graphical Interface q To delete a mapping. Click Change analysis settings to return to the welcome page. the current value of each setting in the new farm is overwritten with the current value from the source farm. q q q Exit the application. For changed objects. If the analysis completes successfully. when you launch another preview or a migration from either interface. After the analysis completes. Click Analyze Farms Again to start another preview. New objects are added to the new farm. those customizations will be applied.

or the Zone Preference and Failover policy). use the Get-XAServerMapping cmdlet. q Use the Add-XAServerMapping cmdlet to map servers in the XenApp 5 farm to worker groups in the new farm. Before starting a migration. you must configure server mappings. Use the Set-XAMigrationOption cmdlet to customize the migration. use the Get-XAMigrationOption cmdlet. The servers in the mapping are representative servers chosen from each server silo in the legacy farm. server settings. select All Programs > Citrix > XenApp Migration > Windows PowerShell with Citrix XenApp Migration Module. q To display the server mappings you specified. migration options and property value overrides. 2. if needed. To display the migration options you specified. their paths will be converted from \Program Files\ to \Program Files (x86)\. this is the name of the server in the source farm from which objects will be migrated. use the following cmdlets to build a file containing server-to-worker-group mappings (if migrating from XenApp 5) and optionally. use the Remove-XAServerMapping cmdlet. Object types and named objects to include or exclude from the migration. Although mappings are not required. The PowerShell console launches. From the Start menu.Migrating XenApp Using the Command Line Interface Note: See Cmdlet Reference for information about cmdlet options and properties. q 32-bit applications to be migrated to the 64-bit farm. q 146 . be sure to update any previously-configured custom migration options and worker group mappings that refer to objects or locations in the source farm. q To remove a server mapping. 1. Setting migration options is optional. Specifying the remote server name as a migration option eliminates having to specify it each time you start a migration. application servers. q A nondefault folder location where the exported data from the legacy farm is stored. because no data about the servers will be migrated (for example. a XenApp 5 farm migration is not complete without them. Important: Before migrating a XenApp 5 farm for the first time. q You can specify: q A remote server name. If you change the source server.

Launch the migration with the Start-XAMigration cmdlet. After running a migration. Specifying setting overrides is optional. enter Start-XAMigration -PendingReportOnly. use the Get-XALegacySettingName cmdlet. use the Remove-XASettingOverride cmdlet. You can tailor the display to report differences from an existing snapshot. if you do not want to migrate specific values from the source farm to the new farm. unless expressly overridden. and property value overrides file. if migrating from XenApp 5) specified in the command-line interface. After a migration. To display the property override values you specified. 147 . Note: Subsequent migrations (launched from either interface) will use the current migration options. To preview the migration (that is. 4. This helps monitor equivalency between the new farm and the legacy farm. continue with Post-migration Tasks. without taking any action). q To remove a property override value you specified. q 3. 5.Migrating XenApp Using the Command Line Interface q Use the Add-XASettingOverride cmdlet to specify values for individual object properties. use the Get-XAMigrationObjectCount cmdlet to display a count of the objects in the legacy and new farms. see what will happen during a migration. use the Get-XASettingOverride cmdlet. Remember: Previews and migrations launched from either interface will use the customizations (and mappings. q To display the names of object properties you can specify with the Add-XASettingOverride cmdlet.

q To see examples. q q The Migration Center cmdlets support the PowerShell common parameters. use the Get-XALegacySettingName cmdlet. If the worker group does not exist. it is created. For technical information. Name of the worker group in the new farm. In particular. Add-XAServerMapping -ServerName OfficeApps5 -WorkerGroupName DenverAcctg Add-XASettingOverride Specifies a value for an object property (setting). regardless of the value of the property in the source farm (it overrides the setting in the source farm). 148 . use the -examples option. using the -PendingReportOnly option with the Start-XAMigration cmdlet provides more detailed information when previewing a migration. Add-XAServerMapping (Valid only when migrating a XenApp 5 farm) Adds a mapping between a server in the source farm and a worker group in the new farm. This value is used for the object property in the new farm. type Get-Help cmdlet-name. You must specify the following options: Option -ServerName server-name -WorkerGroupName name Description MFCOM name of the server in the source farm. use the -detailed option. use the -full option. Although the -WhatIf common parameter is supported. For example. the following cmdlet maps the server named OfficeApps5 to the worker group named DenverAcctg. For detailed information.Cmdlet Reference Cmdlet Summary For PowerShell help. -Confirm and -Verbose can be helpful in the migration process. To display the names of object properties you can specify with the Add-XASettingOverride cmdlet.

Object type. Add–XASettingOverride CpuPriorityLevel High The following cmdlet changes the CommandLineExecutable property value to C:\Program Files\Test\Test.exe" -MatchValue "C:\Program Files (x86)\Test\Test. You can use wildcards. Add-XASettingOverride -PropertyName CommandLineExecutable -ObjectType Application -Value "C:\Program Files\Test\Test. LoadEvaluator. and ServerConfiguration. LoadEvaluator. Policy. the override is skipped. FarmConfiguration.exe" Get-XALegacySettingName Lists the settings you can use with the Add-XASettingOverride cmdlet. the following cmdlet specifies a CPU priority level of "high" for migrated applications in the new farm. Valid values are: Administrator. Folder.exe. Policy. If this option is omitted. -ObjectName object-name Object name. You can use wildcards. the override always occurs. and ServerConfiguration. Original property value to match before overriding the setting with the new value. FarmConfiguration.exe when its current value is C:\ProgramFiles (x86)\Test\Test. 149 . -Value -MatchValue New property value. If the value does not match. Application. You can use wildcards. Folder. You can specify the following options: Option -PropertyName property-name -ObjectType object-type Description Property name. Valid values are: Administrator. For example.Cmdlet Reference You can specify the following options: Option -PropertyName property-name -ObjectType object-type Description Property name. You can use wildcards. Object type. Application.

Get-XALegacySettingName *LicenseServer* -ObjectType Server* Get-XAMigrationObjectCount Displays counts of objects in the source and new farms. Use the -ImportOnly option to generate the differences from an existing snapshot. object property values previously specified with Add–XASettingOverride cmdlets). Remove-XAServerMapping (Valid only when migrating a XenApp 5 farm) Removes a server-to-worker-group mapping (that is. Get-XAMigrationOption Lists migration options (that is. migration options previously specified with Set-XAMigrationOption cmdlets). the following cmdlet gets a list of valid settings that contain "LicenseServer" in the property name. Get-XAServerMapping (Valid only when migrating a XenApp 5 farm) Lists server-to-worker-group mappings (that is. mappings previously specified with Add-XAServerMapping cmdlets). 150 . Get-XALegacySettingName *LicenseServer* The following cmdlet gets a list of valid settings for object types that start with "Server" and that contain "LicenseServer" in the property name. Remove-XASettingOverride Removes a setting override (that is.Cmdlet Reference For example. Get-XASettingOverride Lists setting overrides (that is. a mapping previously specified with an Add-XAServerMapping cmdlet). an object property value previously specified with an Add-XASettingOverride cmdlet).

If you do not specify the -RemoteServerName option in the Start-XAMigration or Set-XAMigrationOption cmdlet. FarmConfiguration. application folders that contain applications will be migrated. if needed. -DataFolderPath path Path to the folder where exported data from the source farm is placed. or a server in the source farm when using the graphical interface. the Migration Center will attempt to create it. Application. -ObjectType object-type Object type. LoadEvaluator. You can use wildcards. Folder. -Include object-name Object names to include in the migration. However. be sure to update any previously-configured custom migration options and worker group mappings that refer to objects or locations in the source farm. Valid values are: Administrator. If you exclude folder objects from the migration. which specify object names. Separate multiple object names with commas. Option -RemoteServerName name Description Name of the server in the source farm from which objects will be exported.Cmdlet Reference Set-XAMigrationOption Sets migration options. Separate multiple object names with commas. and ServerConfiguration. If you do not specify this option. Provides an alternative to using the -Exclude * option to exclude all objects specified with the -ObjectType option from the migration. This value is used if you do not specify the -RemoteServerName option in the Start-XAMigration cmdlet. or if you did not specify a server name in the source farm using the graphical interface. Object names to exclude from the migration. exported data is moved to the Data folder located under the Migration Center installation files. the migration ends. You can use wildcards. Policy. This option is used with the –Include and –Exclude options. If you change the source server. in order to preserve the structure and prevent duplication. -Exclude object-name -Enabled $false | $true 151 . If the folder does not exist. This option is used with the –ObjectType option. This option is used with the –ObjectType option. server folders and application folders that do not contain applications will not be migrated.

Cmdlet Reference 32-bit application to be migrated. Set-XAMigrationOption –ObjectType Application –Enabled $false The following cmdlet uses the -X86ApplicationList option to migrate the 32-bit applications app1 and app2. the migration ends. or if you did not specify a server name in the source farm using the graphical interface. but you specified a -RemoteServerName option in the Set-XAMigrationOption cmdlet. 152 . plus all 32-bit applications with names containing "office. be sure to update any previously-configured custom migration options and worker group mappings that refer to objects or locations in the source farm. that name is used. A2 The following cmdlet uses the -ObjectType. if needed. or a server in the source farm when using the graphical interface. The path for this application will be converted from \Program Files\ to \Program Files (x86)\. *office* -X86ApplicationList application Start-XAMigration Starts a migration or migration preview. and -Exclude options to include all applications with a name containing "Microsoft" except "Office. the following cmdlet uses the -ObjectType and -Exclude options to exclude applications named "A1" and "A2" from the migration. If you do not specify the -RemoteServerName option in the Start-XAMigration or Set-XAMigrationOption cmdlet." the paths for these applications will be converted to \Program Files (x86)\. You can use wildcards. -Include. You can specify the following options: Option -RemoteServerName name Description Name of the server in the source farm from which objects will be exported. Set-XAMigrationOption –ObjectType Application –Exclude A1. If you do not specify this option. If you change the source server. Set-XAMigrationOption -X86ApplicationList app1." Set-XAMigrationOption –ObjectType Application –Include *Microsoft* –Exclude *Office* The following cmdlet uses the -ObjectType and -Enabled options to disable migration of all applications. app2. For example. Separate multiple application names with commas.

153 . see Indirect Migrations and Advanced Cmdlets. see Indirect Migrations and Advanced Cmdlets. This option is generally used only during an indirect migration.Cmdlet Reference -PendingReportOnly Generates records that indicate which objects will be migrated and which values will be changed. This option is generally used only during an indirect migration. but does not import them to the new farm. This option provides more detail than the standard PowerShell -WhatIf option. but does not actually perform the migration. -ImportOnly Imports objects to the new farm. -ExportOnly Exports objects from the source farm to a file. Use this option to preview a migration.

add new servers in the old server folder hierarchy to preserve delegated permissions. the Policy object refers to IMA policies configured in a XenApp 5 source farm. q q q q q q q 154 . The Group Policy object refers to policies configured using XenApp Management (AppCenter or Delivery Services Console) in a XenApp 6. Configure printer settings. Create load evaluator policies. look in the Data folder under c:\Users\user\AppData\Local\Citrix\Citrix. After migrating a 32-bit XenApp 5 farm.XenApp.x farm. After you confirm that the migration completed successfully: q Associate servers or OUs with worker groups.Post-migration Tasks After a migration completes. Optionally. rebuild profiled applications. Create zone policies. Initiate Configuration Logging in the new farm. From the command-line interface. such as Skipped invalid File type <file-type>. to enable streamed-to-server applications to launch. Items that do not migrate successfully generate descriptive log entries. Copy Health Monitoring test executables to the new farm and configure Health Monitoring settings. check the log to confirm success. select View Log. To view the log: q From the graphical interface.Migration (or an alternate location you specified before the migration with the -SetXAMigrationOption cmdlet) q Note: In command-line displays and the log.

From the Start menu. You must have write access to the folder where the exported data from the source farm is placed.Install_x86. Build a file containing server mappings (if you are migrating a XenApp 5 farm). 1. you run the Migration Center from a server in the source farm to export settings.Migration. Additionally: q Ensure the IMA service is running (for XenApp 6. On a server in the source farm: a.NET Framework 3. and property value overrides. Double-click Citrix. You must use the command-line interface for an indirect migration.XenApp. if the source farm and new farm cannot communicate.Indirect Migrations and Advanced Cmdlets Indirect Migrations Important: Indirect migrations to XenApp 6.XenApp. However. b.5 media. the XACOM service must also be running). select All Programs > Citrix > XenApp Migration > Windows PowerShell with Citrix XenApp Migration Module. From the Administration\Delivery Services Console\setup folder: q q Double-click Citrix. you must install the Migration Center on a server in the source farm. you can perform an indirect migration.5 from previous XenApp versions are not supported. 155 .msi to install the Migration Center on a 32-bit computer. and PowerShell 2.0 source farms. then import the settings using the Migration Center on a server in the new farm.5 SP1.Migration.msi to install the Migration Center on a 64-bit computer. Set the PowerShell execution policy to AllSigned (Set-ExecutionPolicy AllSigned) or above.Install_x64. as described in Migrating XenApp Using the Command Line Interface. In an indirect migration.0. migration options. MSI 3. (Select Citrix XenApp Migration Module x86 on a 32-bit server. Citrix recommends performing the migration entirely from a server in the new XenApp farm (a direct migration). q q Install the required software (. Complete the requirements for the source farm. In this case. c. Install the Migration Center from the XenApp 6.0). as described in Requirements and Installation.) q d. perhaps because they are in different domains that do not have a trust relationship.

Advanced XALegacy Cmdlets Using the advanced XALegacy cmdlets can be helpful if an object did not migrate as expected.5 test/pilot farm. This includes the file containing server mappings. These cmdlets use the configured server mappings (when migrating a XenApp 5 farm). Copy the XML files to the server in the new farm. q Import-XAAdministrator Import-XAApplication Import-XAFarmConfiguration Import-XAFolder Import-XALoadBalancingPolicy * Import-XALoadEvaluator Import-XAPolicy Import-XAServerConfiguration Import-XAWorkerGroup * q q q q q q q q * Valid only when migrating a XenApp 6. and Remove-XALegacyConnection cmdlets when creating a custom migration script that does not use the Import-XA* or Start-XAMigration cmdlets. migration options. These cmdlets offer alternatives to using the –ImportOnly option with the Start-XAMigration cmdlet and the -ObjectType and -Include options with the Set-XAMigrationOption cmdlet. 156 . launch the Migration Center. For interactive testing. New-XALegacyConnection. 3. You can use the Convert-XALegacyObject. and property value overrides. unattended migrations. The Get-XALegacy* cmdlets connect to the legacy farm and read the settings for an object in the legacy farm. For complete PowerShell syntax. the Migration Center includes additional object-specific import cmdlets. You can also use these cmdlets during indirect migrations. 2. From a server in the new farm. and object property value overrides. Export settings with a Start-XAMigration -ExportOnly cmdlet. replacing the files on that server. Advanced Import Cmdlets The Start-XAMigration cmdlet is intended for scripted. type Get-Help cmdlet. and import the settings with a Start-XAMigration -ImportOnly cmdlet or one of the advanced import cmdlets. The output is a series of XML files.Indirect Migrations and Advanced Cmdlets e. migration options.0 farm or a XenApp 6.

These advanced cmdlets include objects that cannot be migrated alone (for example.5 test/pilot farm. type Get-Help cmdlet. and HMR tests that are inside farm or server settings). session printers that are inside a user policy.0 farm or a XenApp 6. with multiple sets of properties. q Get-XALegacyAdministrator Get-XALegacyApplication Get-XALegacyFarmConfiguration Get-XALegacyFolder Get-XALegacyHmrTest Get-XALegacyLoadBalancingPolicy * Get-XALegacyLoadEvaluator Get-XALegacyPolicy Get-XALegacyPolicyConfiguration Get-XALegacyPolicyFilter Get-XALegacyServer Get-XALegacyServerConfiguration Get-XALegacySessionPrinter Get-XALegacyWorkerGroup * Convert-XALegacyObject New-XALegacyConnection Remove-XALegacyConnection q q q q q q q q q q q q q q q q * Valid only when migrating a XenApp 6. because these objects are more complex. 157 . This greater granularity may be helpful when troubleshooting migration.Indirect Migrations and Advanced Cmdlets For complete PowerShell syntax.

and so on. define. and delete farm administrators. using Worker Groups. How to control the XenApp experience through specific policies and policy settings. Maintain a secure XenApp environment. You can also administer and modify your environment through policy-based settings. Describes XenApp farm maintenance tasks. and publish resources. Describes a broad set of technologies designed to provide a high-definition user experience Describes the XenApp server utilities. such as monitoring CPU usage. How to set up.Managing and Administering Your XenApp Environment The management and administration of your Citrix XenApp environment consists of performing tasks in the console to administer servers. How to implement the Windows Desktop Experience. modify. and optimize the XenApp end user sessions. and monitor server and published application loads in a server farm so that users can run the published applications they need quickly and efficiently. includng a Windows 7 look and feel to desktops. farms. manage. Provides XenApp printing concepts and how to implement printing in your XenApp environment. updating the License Server settings. You can launch all tools by accessing the Citrix program group on the Start menu. manage administrators. and connections. How to create. Management Console and Other Tools Describes the Citrix tool set for managing servers. published resources. Managing Citrix Administrators Delivering XenApp to Software Service Subscribers Working with Citrix Policies Citrix Policies Reference Managing Session Environments and Connections Securing Server Farms Maintaining Server Farms Understanding XenApp Printing Configuring and Maintaining XenApp Printing Manage Power and Capacity Describes XenApp Power and Capacity Management to help reduce power consumption and manage XenApp server capacity by dynamically scaling up or scaling down the number of online XenApp servers. which provide an alternative method to using the console for maintaining and configuring servers and farms. Manage. monitor. Manage Loads Configure HDX XenApp Server Utilities Reference 158 .

Manage Performance Counters Reference Describes how to use the Window Performance Monitor to observe performance counters associated with sessions. networking. and security. 159 .

you can use one MMC console that has separate AppCenter snap-ins to manage each farm. Citrix AppCenter The AppCenter (formerly Delivery Services Console) is a tool that snaps into the Microsoft Management Console (MMC) and enables you to perform a number of management functions. view hotfix information for your Citrix products. search for particular updates on your system. Citrix SSL Relay Configuration Tool Use this tool to secure communication between a server running the Web Interface and your farm.Management Consoles and Other Tools Citrix provides a comprehensive set of tools for managing servers. and track administrative changes. published resources. select Citrix Resources > Configuration Tools > Hotfix Management. farms. check which hotfixes are applicable to your Citrix products. create a My View display to monitor your preferred performance data for two sets of servers in different server farms. For XenApp. and identify servers where up-to-date hotfixes must be applied. troubleshoot alerts. and connections. diagnose problems in your farms. see the License Administration console Help and Getting Started with Citrix Licensing in Licensing Your Product. The performance-related information in a My View display is refreshed at regular intervals. If your deployment includes multiple XenApp farms (such as one farm comprising servers running the latest version of XenApp. and another farm comprising servers running a legacy version of XenApp). License Administration Console Use this console to manage and track Citrix software licenses. you can manage load balancing. server farms. you can set up and monitor servers. With Hotfix Management. and sessions. In the left pane of the AppCenter. Configure application access (both through the Web Interface and the Citrix Online Plug-in) and set up policies and printers. In addition. For example. You can launch all tools by accessing the Citrix program group on the Start menu. My Views are configurable displays that give you quick access to items you must examine regularly or items in different parts of the AppCenter tree that you want to group together. For more information about licensing. 160 . published resources.

Use the Shadow Taskbar to shadow sessions and to switch among multiple shadowed sessions. You can also shadow ICA sessions with the AppCenter.XenApp 6 for Windows 2008 R2 Shadow Taskbar Shadowing allows users to view and control other users’ sessions remotely. SpeedScreen Latency Reduction Manager Use this tool to configure local text echo and other features that improve the user experience on slow networks. 161 .

select Citrix Resources > Configuration Tools > Hotfix Management. check which hotfixes are applicable to your Citrix products. For example. and identify servers where up-to-date hotfixes must be applied. diagnose problems in your farms. If your deployment includes multiple XenApp farms (such as one farm comprising servers running the latest version of XenApp. view hotfix information for your Citrix products. and connections. For more information about licensing. Configure application access (both through the Web Interface and the Citrix Online Plug-in) and set up policies and printers. and track administrative changes. and another farm comprising servers running a legacy version of XenApp). published resources. and sessions. you can set up and monitor servers. You can launch all tools by accessing the Citrix program group on the Start menu. you can manage load balancing. published resources. Citrix AppCenter The AppCenter (formerly Delivery Services Console) is a tool that snaps into the Microsoft Management Console (MMC) and enables you to perform a number of management functions. License Administration Console Use this console to manage and track Citrix software licenses. With Hotfix Management. 162 . In the left pane of the AppCenter.Management Consoles and Other Tools Citrix provides a comprehensive set of tools for managing servers. you can use one MMC console that has separate AppCenter snap-ins to manage each farm. troubleshoot alerts. search for particular updates on your system. farms. Citrix SSL Relay Configuration Tool Use this tool to secure communication between a server running the Web Interface and your farm. The performance-related information in a My View display is refreshed at regular intervals. server farms. In addition. For XenApp. create a My View display to monitor your preferred performance data for two sets of servers in different server farms. see the License Administration console Help and Getting Started with Citrix Licensing in Licensing Your Product. My Views are configurable displays that give you quick access to items you must examine regularly or items in different parts of the AppCenter tree that you want to group together.

163 . You can also shadow ICA sessions with the AppCenter. SpeedScreen Latency Reduction Manager Use this tool to configure local text echo and other features that improve the user experience on slow networks. Use the Shadow Taskbar to shadow sessions and to switch among multiple shadowed sessions.Management Consoles and Other Tools Shadow Taskbar Shadowing allows users to view and control other users’ sessions remotely.

and find the items to manage. but the user name and password should be the same for all local administrator accounts for all servers in your farms.To start the AppCenter and discover servers When you install the first server in a new server farm. only the Run discovery task is available. After this. If you are logging on to the AppCenter for the first time. configure the discovery process. You can configure discovery only for some components. The AppCenter tree refreshes automatically each time you add. When discovery is complete. Appropriate changes then appear in the AppCenter tree. Important: Citrix recommends that you use a domain account to run the AppCenter. specify the name or IP address of at least one server running XenApp in each farm that you want to manage. select Citrix Resources or the product or component whose objects you want to discover. using a previous version of the console with this version of XenApp is not supported. In the AppCenter tree. you provide credentials for a full authority Citrix administrator. The Configure and run discovery task appears in the Actions pane only for configurable components. otherwise. Discovery is an important operation that checks for items (such as devices or applications) that were added to or removed from your XenApp environment. 1. 164 . remove. click Run discovery. you must specify the name or IP address of at least one server in each farm that you want to manage. Citrix supports using the AppCenter only with this version of Citrix XenApp. the AppCenter tree displays the items that you specified. 2. or to run discovery without any configuration. This account has the authority to manage and administer all areas of farm management. Click Configure and run discovery. Using the AppCenter with servers running a previous version of XenApp is not supported. run the discovery process only if you want to refresh the view of your deployment. use this account to log on and to add other individuals to the Citrix administrators group. You can use your local administrator account. Click Start > All Programs > Administrative Tools > Citrix > Management Consoles > Citrix AppCenter. 3. When using discovery to connect to your XenApp deployment. Likewise. or modify items in your deployment. When discovering XenApp deployments. The configuration process can vary among components. The first time you open the AppCenter you are automatically prompted to start the discovery process: you select the components you want.

expand the Zones node.To view zones Zones can be viewed and configured in the console. 2. For information on configuring zones. Under Zones. select a zone. 1. see To configure zones and back-up data collectors. 165 . The results pane displays the servers in the chosen zone. From the AppCenter. in the left pane.

q Automatically refresh user data for applications. select one of these nodes (depending on what type of user data you want to refresh automatically): q The farm for which you want to refresh the user data automatically The server for which you want to refresh the user data automatically q q The application for which you want to refresh the user data automatically 2. 60. the associated Refresh rate field becomes available. server folder. the associated Refresh rate field becomes available. After selection. select the number of seconds between each update (10. and published application information on the Citrix AppCenter. Automatically refresh user data for farms and server folders. Note: Do not enable this feature if you have many sessions. click Refresh user data and choose one of these options: q Automatically refresh user data for servers. Selecting this option enables automatic refreshing of the folder organization for farm and server. the associated Refresh rate field becomes available. Selecting this option enables automatic refreshing of each published application’s configuration and connection information. q 166 . 30. In the left pane. 3.To refresh user data automatically Refreshing user data automatically is disabled by default. because it can affect performance. In the Actions pane or from the Other Tasks section (depending on the node that you selected). Selecting this option enables automatic refreshing of each server’s configuration and connection information. 1. The auto-refresh settings apply only to the AppCenter you are running and not other instances of the AppCenter on your network. After selection. After selection. In the Refresh rate (seconds) box. or 90). You can control the frequency of automatic updates to server.

expand Citrix Resources > XenApp and the farm. 5. From the Start menu. then choose the Administrators node. 1. From the left pane. Click Add and select the configured user or user group account to designate as a Citrix administrator. expand Citrix Resources > XenApp and select a farm. On the Privileges page. 4. select the tasks you want to delegate to the custom administrator. On the Administrators tab. To modify a Citrix administrator 1. If you are creating a custom administrator account. 6. 2. . 3.Managing Citrix Administrators Citrix administrators are individuals tasked with managing server farms. in the Tasks pane. From the Start menu. On the Actions pane. In the left pane. click Administrator properties. 4. 5. From the Actions pane on the right. select All Programs > Citrix > Management Consoles > Citrix AppCenter. To create a Citrix administrator You can make any member of a Windows or Novell Domain Services for Windows account authority a Citrix administrator. 3. select the administrator whose properties you want to change. open the Permissions page q 167 . select the authority level you want to grant the administrator account. 2. open the Privileges page To assign or update custom permissions. Choose from the following options: q To change an administrator's privilege level. select All Programs > Citrix > Management Consoles > Citrix AppCenter. click Add administrator.

To remove a Citrix administrator Remove a Citrix administrator if you want to delete the account and settings. the administrator icon appears in grey and an Enable task becomes available. on the Actions pane. To re-enable a Citrix administrator 1. Select the administrator or administrators whose account you want to remove. 168 . On the Actions pane. Select the administrator whose privileges you want to enable and then. click Disable. When an administrator is disabled. Important: If only one Citrix administrator account with full access remains on the list. 2.Managing Citrix Administrators To disable a Citrix administrator Disable a Citrix administrator if you want to temporarily remove access for an administrator but retain the account and settings. 1. 1. Select the administrator whose privileges you want to disable. click Delete administrator. 2. Only administrators with full access can disable or remove other Citrix administrator accounts. you cannot remove it. click Enable. On the Actions pane.

Note: To apply the same permissions to a new folder as to its parent folder. When you create custom Citrix administrators. before you delegate tasks for applications and servers. You cannot grant permissions to applications and servers directly. Therefore.Delegating Tasks to Custom Administrators You can delegate tasks through the Citrix AppCenter by associating custom Citrix administrator accounts with permissions to perform select tasks. or NDS groups to assign these permissions. and any folders within) apply only to the applications and servers contained within the selected folder. 169 . simply select the group instead of individual users. Citrix recommends you create Windows. you must first place the applications or servers in folders and then grant permissions at the folder level. servers. Permissions you set on folders (applications. make sure you group the applications and servers in folders that allow you to delegate the tasks in a meaningful way. This allows you to add and remove users to these groups without reconfiguring all of the permissions. Active Directory. To grant permissions to applications and servers. Permissions you set on nodes apply farm wide. select the Copy permissions from the parent folder option when you create the new folder.

2. The resulting dialog box lists the administrators who currently have access to the selected folder. Click on a folder in the Folders list to view additional tasks. 4. under Actions. From the left pane. select Other Tasks. click Add and then click the check box to allow access to the folder. he or she must manually rerun discovery. From the Start menu. From the Start menu. then Permissions. Note: If you change an administrator’s OBDA permissions. click Add to create the administrator. To view and change permission on objects. the Copy to Subfolders button becomes active. select it. as appropriate. In the Citrix Administrator Properties dialog box. you assign object permissions at the farm level. From the left pane. Click this button if you want to copy the permissions from the parent node or folder to the constituent folder. If you set permissions on a node or a folder that contains a subfolder. If the administrator to whom you want to give access does not appear in the Add Access to folder dialog box. 170 . click Administrator properties. To give access to an administrator that is not on the Administrators list. select or clear the check boxes. From the right pane. To select the tasks to which the administrator has access. select All Programs > Citrix > Management Consoles > Citrix AppCenter. 8. To assign folder permissions To allow custom administrators to perform specific tasks in the farm. on the Privileges pane. 3. On the Administrators tab. 7. then choose the Administrators node.Delegating Tasks to Custom Administrators To delegate tasks to existing custom administrators 1. 9. expand Citrix Resources > XenApp and the farm. you must be a Citrix administrator with full access to view and change object permissions. 2. if Custom is not selected. select the folder under the farm to which you want to grant access. Click Permissions to view the task permissions assigned to the administrator. 4. From the Actions pane. 5. 1. 6. such as printers. 3. select the administrator to whom you want to delegate tasks. select All Programs > Citrix > Management Consoles > Citrix AppCenter.

6. 1. 4. 3. From the Administrators list select the administrator to whom you want to assign additional or change existing folder permissions. select the farm to whose objects you want to grant access. you assign object permissions at the farm level. the following options become available: q Choose Copy the permissions of this administrator for this folder to its subfolders to copy newly configured permissions to all folders nested in the selected folder for the custom administrator. under Actions. From the Start menu. then Set permission on objects. Choose Copy the permissions of all administrators for this folder to its subfolders to copy the newly configured permissions of each custom administrator who has access to the selected folder to the folders nested within it. To view and change permission on objects. use the check boxes to change specific permissions in the Tasks pane. Select the object whose permissions you want to change and click Permissions. such as printers. 5. you must be a Citrix administrator with full access to view and change object permissions. click Edit and change the administrator's privilege level to Custom. When you make changes to top level folders. click Add and select the administrator. From the right pane. Under Administrators. If the administrator you want is not a custom administrator. From the left pane. you can see the administrators who have access to tasks related to the object. With the administrator selected. 2. If the administrator you want is not on the list. choose Other Tasks. This allows you to change the administrator's permissions. q 171 .Delegating Tasks to Custom Administrators To assign or change object permissions To allow custom administrators to perform specific tasks in the farm. select All Programs > Citrix > Management Consoles > Citrix AppCenter. use either the Copy the permissions of this administrator for this folder to its subfolders or the Copy the permissions of all administrators for this folder to its subfolders function to copy the permissions again. If the folder contains subfolders. the changes are not automatically copied to the nested folders. Note: If you change the permissions later in the top level folder.

or Microsoft SQL Server Express 2008 or later Citrix Licensing server Access Gateway Servers running Windows Server 2008 R2. images displayed through hosted desktops and applications are optimized for low-bandwidth connections. Infrastructure Setup The Infrastructure Setup feature enables service providers to deploy XenApp farms quickly.Delivering XenApp to Software Services Subscribers XenApp enables service providers to deliver hosted desktops and applications through the Infrastructure Setup and Enhanced Desktop Experience features. To do this. Additionally. and add servers as needed to manage farm capacity. the server administrator or user with an administrator account on the primary server can execute PowerShell scripts to install and configure a XenApp farm consisting of the following components: q Data collector and backup data collector Web Interface configured to use Access Gateway q The following components must be present in your environment and configured prior to executing the scripts: q Active Directory Database server running Microsoft SQL Server 2008 or later. to facilitate remote configuration Firewall q q q q q q 172 . add tenants. joined to the domain Windows PowerShell Remoting enabled on the servers. The PowerShell scripts used to install and configure these features are located at %Program Files (x86)%\Citrix\App Delivery Setup Tools.

refer to the following resources: 173 . this compression is not applied as such connections exceed the bandwidth threshold. in kilobits per second. The installation sequence performs the following tasks: q Adds the Desktop Experience and XPS Viewer features to the Windows server configuration Moves the Citrix folder items in the Start menu to the Administrative Tools folder (including the Citrix AppCenter) Creates a new Windows Theme file and sets the default wallpaper Starts the Windows Themes service and configures it to start automatically q q q Usage Reporting Premium Edition service providers have the option to use Citrix EdgeSight to monitor XenApp user sessions and application usage. Add the Extra Color Compression Threshold setting and enter the value. Additional Information for Service Providers For more information about delivering hosted desktops.Delivering XenApp to Software Services Subscribers Enhanced Desktop Experience The Enhanced Desktop Experience feature enables service providers to deploy hosted desktops with the Windows 7 look and feel and to control desktop customization by users through Group Policy. available from the Citrix Web site. this feature is selected by default when you choose to install the XenApp server role. below which compression is applied. If the client connection bandwidth falls below the specified threshold. extra color compression is applied. compared to turning off compression entirely. such as in a LAN environment. For high-bandwidth connections. and generate reports. More information on using EdgeSight for tenant usage reporting is included in the Citrix Service Provider Toolkit. create or edit a User policy and enable the Extra Color Compression setting. Optimized Image Display Extra color compression improves the display of images based on a bandwidth threshold being reached. Installed as the Windows Desktop Experience Integration component. images appear clearer and session bandwidth is minimized. To configure extra color compression. This feature provides a flexible means for Citrix Service Providers to optimize image display according to users' connections. When this occurs. such as with low-bandwidth WAN connections.

and access to the Citrix Service Provider community.ps1 at the PowerShell command line. access to technical resources. including requirements and script usage.Delivering XenApp to Software Services Subscribers q Citrix Cloud App Delivery Setup Tools Administration Guide provides information about the Infrastructure Setup and Enhanced Desktop Experience features.\scriptname. q q 174 . Help is available by typing Get-Help . Script help provides detailed information about each script and its parameters within the PowerShell command window. The Citrix Service Provider CDN Web site (http://community.com/p/csp) provides information about the Citrix Service Provider program.citrix. This PDF document is available for download through the Citrix Service Provider CDN Web site.

Run the New-CtxManagedDesktopGPO. the PowerShell execution policy on the server must be set to AllSigned. When configuring user sessions. 1. This GPO restricts users from accessing Windows Update or removable server drives. add the user accounts to the GPO's scope. In the Group Policy Management Editor.ps1 script located at %Program Files (x86)%\Citrix\App Delivery Setup Tools. apply either the CtxPersonalizableUser or the CtxRestrictedUser GPO to the user account. It configures Windows policies to limit the available Control Panel applets and restricts users from installing programs. see the help included with the New-CTXManagedDesktopGPO script. Some Microsoft hotfixes may be required for all policies to function appropriately. For additional information about these GPOs. Link the CtxRestrictedComputer GPO to the OU containing the XenApp servers allocated to the tenant. scheduling tasks. In the Active Directory Users and Computers console. Add the XenApp servers to the scope of the CtxRestrictedComputer GPO. link the User GPOs to the OU containing the tenant's user accounts. To ensure the script executes correctly. CtxPersonalizableUser configures the user account that is accessing the XenApp server. this GPO configures the Desktop wallpaper policy to prevent users from personalizing their desktops and prevents users from modifying settings for the Start menu and Taskbar. for each User GPO. CtxRestrictedUser includes most of the policies from the CtxPersonalizableUser GPO. q q CtxRestrictedComputer configures certain restrictions on the XenApp servers allocated to the tenant. you need to run the New-CtxManagedDesktopGPO. viewing properties.To enable Windows 7 look and feel and control desktop customization After the Windows Desktop Experience Integration role is installed through the Server Role Manager. you can deploy hosted desktops with the Windows 7 look and feel and control desktop customization through Group Policy.ps1 script at the PowerShell command line. or shutting down the server. Additionally. 175 . 4. 5. To perform this task. This GPO includes a script that executes when a user logs on to the server for the first time. 2. q 3. This script creates the following GPOs: q CtxStartMenuTaskbarUser enables the Windows 7 look and feel for published desktops. It also changes the pinned shortcuts on the Taskbar and configures the user's Start menu to match the Windows 7 environment.

locked-down desktops. and the desktops they deliver.To enable Windows 7 look and feel and control desktop customization Important: Be aware that applying these policies is only one step in the process of delivering secure. are protected. 176 . You still need to follow your organization’s security best practices for ensuring the servers.

You can create policies for specific groups of users. Organizational Units 177 . devices. use the Group Policy Management Editor to create policies for the XenApp servers in your environment. The settings you configure affect the GPOs you specify through the Group Policy Management Console. The console or tool you use to do this depends on whether or not your network environment includes Microsoft Active Directory and whether or not you have the appropriate permissions to manage Group Policy Objects (GPOs). Policy Processing and Precedence Group Policy settings are processed in the following order: 1. Using the Group Policy Management Editor If your network environment includes Active Directory and you have the appropriate permissions to manage Group Policy. Domain-level GPOs 5. configure a Citrix policy.Working with Citrix Policies To control user access or session environments. You can work with policies through the Group Policy Management Console in Windows or the AppCenter in XenApp (formerly the Delivery Services Console). Citrix policies are the most efficient method of controlling connection. and bandwidth settings. security. Local GPO 2. or connection types. Using the AppCenter If your environment includes a different directory service (such as Novell Domain Services for Windows) or you are a Citrix administrator without permission to manage Group Policy. The settings you configure are stored in a farm GPO in the data store. XenApp farm GPO (stored in the farm data store) 3. Site-level GPOs 4. Each policy can contain multiple settings. use the AppCenter to create policies for your farm.

Working with Citrix Policies However. To ensure Citrix policy settings are included in reports when Resultant Set of Policy is calculated. Configure policy settings. Site-level GPOs 4. This means that policy settings take precedence in the following order: 1. Workflow for Citrix Policies The process for configuring policies is as follows: 1. 5. 3. policy settings that are processed last can overwrite those that are processed earlier. Local GPO For example. Organizational Units 2. This happens because Policy B was processed at the domain level and Policy A was processed at the XenApp farm GPO level. Active Directory Functional Levels Citrix policies are supported for use in Active Directory environments running at the Windows 2000 domain functional level. When the sales employees log on to the farm. Apply the policy to connections by adding filters. Meanwhile. Prioritize the policy. a Citrix administrator creates a policy (Policy A) through the AppCenter that enables client file redirection for the company's sales employees. at a minimum. Domain-level GPOs 3. another administrator creates a policy (Policy B) through the Group Policy Management Editor that disables client file redirection for the sales employees. at least one domain controller running Windows Server 2003 must be present in the forest. 2. XenApp farm GPO (stored in the farm data store) 5. Create the policy. Policy B is applied and Policy A is ignored. in the event of a conflict. 178 . 4. Verify the effective policy by running the Citrix Group Policy Modeling wizard.

you can search the policies you create and their settings and filters. Beneath this list. 179 . All searches find items by name as you type. Computer configuration settings pertain to servers. in the Settings to show box. use the search tool near the list of Citrix policies For searching settings. Computer policy settings pertain to XenApp servers and are applied when the server is rebooted. selecting a product version to display only the settings or filters that are supported in the selected version. use the search tool on the Filters tab q q You can refine your search by: q On the Settings or Filters tabs. you can access policies and settings by clicking the Policies node from the console tree and then selecting either the Computer or User tabs in the middle pane. You can perform searches from the following places: q For searching policies. use the search tool on the Settings tab For searching filters. User policy settings pertain to user sessions and are applied for the duration of the session. regardless of where they log on. the following tabs are displayed: q Summary displays the settings and filters currently configured for the selected policy Settings displays by category the available and configured settings for the selected policy Filters displays the available and configured filters for the selected policy q q Searching Policies and Settings From these consoles. you can access policies and settings by clicking the Citrix Policies node under Computer Configuration or User Configuration in the tree pane. User configuration settings pertain to users accessing the server. In the Group Policy Management Editor. regardless of who logs on. Accessing Policies and Settings In the AppCenter console. XenApp policies and settings are collected into similar categories: Computer and User. The Computer and User tabs each display a list of the policies that have been created.Navigating Citrix Policies and Settings In Active Directory. policy settings are collected into two main categories: Computer Configuration and User Configuration.

respectively. selecting Active Settings or Active Filters. 180 . On the Settings tab. selecting a category such as Auto Client Reconnect or Bandwidth to search only the settings in that category. to search only the settings or filters that have been added to the selected policy. q To search the entire catalog of settings or filters. select All Settings or All Filters.Navigating Citrix Policies and Settings q On the Settings or Filters tabs.

you can use the same criteria that you use for Windows Active Directory group policies. 4. Choose the filters you want to apply to the policy. select the Citrix Policies node in the left pane. Consider naming the policy according to who or what it affects. select the Policies node in the left pane and then select the Computer or User tab. 1. 5. Choose the policy settings you want to configure. Depending on the console you use to manage Citrix policies: q From the AppCenter. a description. empty policy to which you can add the settings you need. Accounting Department or Remote Users. client device. Elect to leave the policy enabled or clear the Enable this policy checkbox to disable the policy. Click New. Disabling the policy prevents it from being applied. If you need to prioritize the policy or add settings at a later time. You may want to create a policy based on user job function. 2. connection type. 6. Enter the policy name and. decide which group of users or devices you want it to affect. The New Policy wizard appears. or geographic location. Avoid creating a new policy solely to enable a specific setting or to exclude the policy from applying to certain users. consider editing the policy and configuring the appropriate settings instead of creating another policy.Creating Citrix Policies Before you create a policy. for example. 181 . If you already created a policy that applies to a group. q 3. You can create policies using the following methods: q Create a new policy using the New Policy wizard Create a new policy based on the settings included in a policy template q To create a new policy with the New Policy wizard The New Policy wizard enables you to create a new. From the Group Policy Management Editor. Enabling the policy allows it to be applied immediately to users logging on to the farm. Alternatively. optionally. consider disabling the policy until you are ready to apply it to users.

the new policy includes all the same settings as the original template. Elect to leave the policy enabled or clear the Enable this policy checkbox to disable the policy. Choose whether or not to customize the policy. consider disabling the policy until you are ready to apply it to users. 4. The New Policy wizard appears. and then select Citrix Policies. Click New Policy. If you choose to customize the policy.Creating Citrix Policies To create a new policy based on a template By default. and you specify the same name as an existing policy. However. you can choose to accept these settings or to customize the policy according to your needs. Note: If you enter a name that is in use by an existing policy. 7. Select and configure a filter for the new policy. The settings you selected are retained. 1. no policy is created. 5. Enabling the policy allows it to be applied immediately to users logging on to the farm. Depending on the console you use to manage Citrix policies: q From the AppCenter. Enter a unique name for the new policy or accept the default name that XenApp generates automatically. If you use the Copy-Item PowerShell cmdlet to create a policy from a template. however. 6. Disabling the policy prevents it from being applied. add or remove the settings you want. If you need to prioritize the policy or add settings at a later time. If you choose not to customize the policy. q 3. From the Group Policy Management Editor. expand the Computer Configuration or User Configuration nodes. 2. Click the Templates tab and select the template from which you want to create the policy. 8. you must re-run the policy wizard. the -Force switch allows you to merge the settings you selected into the existing policy. proceed to Step 7. expand the Policies node. 182 . select the Policies node in the left pane.

templates for both Computer and User settings are displayed in a single list. graphics. Computer templates are displayed when you are working with Computer policies. including default values. and video to users. Built-in Templates XenApp comes with the following built-in templates: q Citrix High Definition User Experience templates include Computer and User settings for providing high quality audio. In the Group Policy Management Editor. Citrix Optimized Bandwidth for WAN templates include Computer and User settings for providing an optimized experience to users with low bandwidth or high latency connections. Likewise. Citrix High Server Scalability templates include Computer and User settings for providing an optimized user experience while hosting more users per server. Templates consist of pre-configured settings that can apply to a server or to a user session. You can use templates in the following ways: q As a source for creating other policies As a tool with which to compare existing policies As a method for delivering or receiving policy configurations from Citrix Support or trusted third parties q q You can perform the following tasks with policy templates: q Create new templates using existing templates or policies Create new policies using existing templates Import and export templates Compare settings. User templates are displayed when you are working with User policies. q q 183 . In the AppCenter.Working with Citrix Policy Templates Policy templates allow you to configure Citrix policies quickly and deploy them to your XenApp environment. of selected policies and templates q q q Templates tab Policy templates are displayed on the Templates tab in the AppCenter console and the Group Policy Management Editor.

if applicable. You cannot modify or delete these templates. description.Working with Citrix Policy Templates q Citrix Security and Control templates include User settings for disabling on user devices access to peripheral devices. q q 184 . you can modify or delete templates that you create or import through the AppCenter or the Group Policy Management Editor. Properties displays information such as the template creator. Template Information When selected. Prerequisites displays information pertaining to additional requirements needed for the settings in the template to be effective when applied in a policy. You can also view the default values for each setting alongside the configured values. You can use these templates as a model for creating new policies or templates. each template displays the following information tabs beneath the templates list: q Settings displays a list of all the configured settings and their values in the selected template. drive mapping. port redirection. However. and Flash acceleration. This tab is displayed only when a built-in template is selected. Built-in templates are created and updated by Citrix. and modification date.

5. The new template appears on the Templates tab. q 3. 6. Templates can include either Computer settings or User settings. Remove any existing settings that should not be included. From the Group Policy Management Editor. Click New Template. expand the Computer Configuration or User Configuration nodes. The New Template wizard appears. 185 . To create a new template based on an existing template 1. Filters assigned to the original policy are not included in the template. Depending on the console you use to manage Citrix policies: q From the AppCenter. expand the Policies node. The new template is then populated with the same settings as the original template or policy. select the Policies node in the left pane. You cannot include both types of settings in a template. Select and configure the policy settings you want to include in the template. Click the Templates tab and then select the template from which you want to create the new template. Enter a name for the template. 4. and then select Citrix Policies. Click Create. 2.Creating Policy Templates You create templates from an existing template or an existing policy.

186 . On the Policies tab. select the Policies node in the left pane and then select the Computer or User tab. expand the Computer Configuration or User Configuration nodes. Depending on the console you use to manage Citrix policies: q From the AppCenter. The new template appears on the Templates tab. q 3.Creating Policy Templates To create a new template based on an existing policy 1. expand the Policies node. Enter a name and a description for the new template. 5. select the policy from which you want to create the template. Click Save. From the Group Policy Management Editor. 4. Click Actions and select Save as Template. The Save as Template dialog box appears. and then select Citrix Policies. 2.

187 . and the template is a different type (for example. Select the template file you want to import and click Open.Importing and Exporting Policy Templates Policy templates are local to the computer on which you are running the console to manage your farm. Depending on the console you use to manage Citrix policies: q From the AppCenter. This allows you to perform the following tasks: q Implement policy configurations from XenApp servers in other farms Create backups of your template files to aid recovery of policy configurations Supply policy configurations from your farm to aid Citrix Support in troubleshooting issues Implement policy configurations created by Citrix Support to resolve issues in your farm q q q To import a template 1. you can choose to overwrite the existing template or save the template with a different name that is generated automatically. and then select Citrix Policies. From the Group Policy Management Editor. 2. expand the Policies node. If you are importing a template through the Group Policy Management Editor. importing a Computer template while viewing User templates). Note: If you import a template with the same name as an existing template. expand the Computer Configuration or User Configuration nodes. q 3. a message appears. The imported template appears in the templates list. The Import Template dialog box appears. select the Policies node in the left pane. including other farms that you manage on the computer running the console. You transfer templates by importing or exporting them. You can transfer policy configurations between environments. notifying you the imported template is located in the appropriate templates list. Click the Templates tab and then click Actions > Import .

and then select Citrix Policies. Click Actions > Export. 188 . expand the Policies node. expand the Computer Configuration or User Configuration nodes. A .Importing and Exporting Policy Templates To export a template 1. The Export Template dialog box appears. From the Group Policy Management Editor. Depending on the console you use to manage Citrix policies: q From the AppCenter. Click the Templates tab and then select the template you want to export. 4. select the Policies node in the left pane.gpt file is created in the location you specified. q 3. Select the location where you want to save the template and click Save. 2.

and then select Citrix Policies. Note: To change the position of the Configured Settings and Defaults columns. just above the template list. For policies. drag and drop the columns to the positions you want. the properties and prerequisites appear in tabs beneath the Compare View. you might need to verify setting values to ensure compliance with best practices for your environment. To compare all available settings for the selected items. Select the policies or templates you want to include. To compare policies and templates 1. expand the Computer Configuration or User Configuration nodes. For example. click the Configured Settings arrow and select Add/Remove Columns. To include default values in the comparison. q 3. you might need to compare the settings in a policy or template with those in other policies or templates. You can display policy templates in two views: List View and Compare View. 2. if selected. 6. Default values. You can access these views by clicking the List View or Compare View buttons on the right side of the console. select the Compare to setting defaults checkbox. From the Group Policy Management Editor. For templates. click the Configured Settings arrow and select Show All Settings. are displayed in the second column by default. Compare View displays the settings of selected policies and templates in a side-by-side view. Click Compare. Click the Templates tab and then click the Compare View icon. The configured settings for the selected items are displayed in columns. 4. expand the Policies node.Comparing Policies and Templates In some cases. 189 . The Compare Templates and Policies dialog box appears. select the column header of the policy or template. select the Policies node in the left pane. List View displays policy templates in a list similar to that shown for Computer or User policies. To modify the comparison. Depending on the console you use to manage Citrix policies: q From the AppCenter. 5. the properties and filters appear. To view additional information about policies or templates included in the comparison.

If you disable a setting. meaning they are not added to a policy. If the Client drive redirection setting is disabled. This occurs regardless of the value that was entered before selecting Use default value. medium compression is always applied to images when the policy is enforced. Settings can be applied only when they are added to a policy. User policy setting changes go into effect the next time the relevant users establish a connection. You can limit configuration of the setting by selecting Use default value. even if the setting was previously configured as High or None. To allow users to access their network drives. the action controlled by the setting is either allowed or prevented. By default. For example.Configuring Policy Settings Policies contain settings that are applied to connections when the policy is enforced. For example. both this setting and the Client network drives setting must be added to the policy. 190 . In general. users can control menu animations in their client environment. the Client drive redirection setting controls whether or not users are allowed to access the drives on their devices. Policy setting changes can also take effect when XenApp re-evaluates policies at 90 minute intervals. q For settings that are Allowed or Prohibited. you can enter a value or you can choose a value from a list when you add the setting to a policy. users are allowed or prevented from managing the setting's action in the session. or not configured. it is not enabled in lower-ranked policies. disabled. if the Menu animation setting is set to Allowed. Computer policy setting changes go into effect when the server reboots. Default Values of Settings For some policy settings. Some policy settings can be in one of the following states: q Allowed or Prohibited allows or prevents the action controlled by the setting. Selecting this option disables configuration of the setting and allows only the setting's default value to be used when the policy is enforced. In some cases. users cannot access their network drives even if the Client network drives setting is enabled. policy settings are not configured. the default value is Medium. For example. Policy settings can be enabled. When you add this setting to a policy and select Use default value. Default values for all Citrix policy settings are located in the Policy Settings Reference. Enabled or Disabled turns the setting on or off. some settings control the effectiveness of dependent settings. In addition. for the Lossy compression level setting.

assignments are updated automatically when you add or remove users from the group. Disable unused policies. In some cases. q q 191 . keep all settings consistent (enabled or disabled) for ease of troubleshooting. Remote Desktop Session Host Configuration provides similar functionality to Citrix policy settings. Do not enable conflicting or overlapping settings in Remote Desktop Session Host Configuration.Configuring Policy Settings Best Practices for Policy Settings Citrix recommends the following when configuring policy settings: q Assign policies to groups rather than individual users. When possible. Policies with no settings added create unnecessary processing. If you assign policies to groups.

Settings can be applied only when they are added to a policy. policy settings are not configured. 2. 1. You can accept or change this value according to your policy requirements. when creating a new policy Using the Settings tab of the Edit Policy dialog box. The configured setting appears on the Settings tab of the console in the Active Settings view. when modifying an existing policy Using the Settings tab of the AppCenter or Group Policy Management Editor (located beneath the policies list). You can add settings to policies using one of the following methods: q Using the New Policy wizard. 192 . meaning they are not added to a policy. when you modify a policy using the Edit Policy dialog box. displaying the setting's default value. when modifying an existing policy q q Note: When you modify a policy using the Settings tab on the console. enter the appropriate value for your environment. the changes you make are applied to the policy immediately after you configure the selected setting. Click OK to add the setting to the policy. changes you make are applied to the policy only after you click OK on the Edit Policy dialog box. By default. The Add Setting dialog box appears. Select a setting you want to add to the policy and click Add. If no default value is present. disabled. or not configured.To add settings to a policy Policy settings can be enabled. However. if applicable.

The following table lists the available filters: Name Filter Description Applies a policy based on the access control conditions through which a client is connecting.0 12. izational q Computer policies User policies q Note: The Organizational Unit filter is applicable o context of the XenApp farm and is configurable on AppCenter console.0. If you manage Citrix policies t Group Policy Management Editor.0.0. this filter is not Applies a policy based on the user or group membership of the user connecting to the session. based on a combination of criteria.0. the policy is applied to all connections.* 12.Applying Citrix Policies When you add a filter to a policy. You can add as many filters as you want to a policy. The availability of certain filters depends on whether you are applying a Computer policy or a User policy.1-12. Applies a policy based on whether or not a user session was launched through Citrix Branch Repeater.0. the policy's settings are applied to connections according to specific criteria or rules. User policies only or Group 193 .0. Applies a policy based on the organizational unit (OU) of the desktop hosting the session.0.0.1/24 q q q IPv6 Examples: q 2001:0db8:3c4d:0015:0:0:abcd:ef12 2001:0db8:3c4d:0015::/54 User policies only q Name Applies a policy based on the name of the user device from which the session is connected. If no filter is added. IPv4 Examples: q Policy Scope User policies only User policies only User policies only s Control h Repeater IP Address 12.0. Applies a policy based on the IP address of the user device used to connect to the session.0.70 12.

er Group q Computer policies User policies When a user logs on. The settings added to this policy apply to all connections. If you use Active Directory in your environment and use the Group Policy Management Editor to manage Citrix policies. XenApp sorts the identified policies into priority order. Policy settings that are not configured are ignored. one set to Allow and one set to Deny. settings you add to the Unfiltered policy are applied to all farm servers and connections that are within the scope of the Group Policy Objects (GPOs) that contain the policy. the policy is applied if the connection does not match the filter criteria. If you use the AppCenter console to manage Citrix policies. XenApp provides Unfiltered policies for Computer and User policy settings. settings you add to the Unfiltered policy are applied to all servers and connections in the farm. Unfiltered Policies By default. Example: Filters of Like Type with Differing Modes In policies with two filters of the same type. The Sales-US GPO is configured with an Unfiltered policy that includes several user policy settings. compares multiple instances of any policy setting. For example. When the US Sales manager logs on to the farm. the Sales OU contains a GPO called Sales-US that includes all members of the US sales team. If the mode is set to Deny.Applying Citrix Policies Applies a policy based on the worker group membership of the server hosting the session. The following examples illustrate how filter modes affect Citrix policies when multiple filters are present. provided the connection satisfies both filters. 194 . If the mode is set to Allow (the default). XenApp recalculates the policy every 90 minutes after the user logs on to the farm. q Any policy setting that is disabled takes precedence over a lower-ranked setting that is enabled. Filter Modes A filter's mode determines whether or not the policy is applied only to connections that match all the filter criteria. and applies the policy setting according to the priority ranking of the policy. the policy is applied only to connections that match the filter criteria. For example: Policy 1 includes the following filters: q Filter A is a User filter that specifies the Sales group and the mode is set to Allow. the settings in the Unfiltered policy are automatically applied to the session because the user is a member of the Sales-US GPO. XenApp identifies the policies that match the filters for the connection. the filter set to Deny takes precedence.

q When the Sales manager logs on to the farm from the office. For example: Policy 2 includes the following filters: q Filter C is a User filter that specifies the Sales group and the mode is set to Allow.Applying Citrix Policies q Filter B is a User filter that specifies the Sales manager's account and the mode is set to Deny. Policy 3 includes the following filters: q Filter E is a User filter that specifies the Sales group and the mode is set to Allow. the policy is not applied when the Sales manager logs on to the farm. the policy is applied because the connection satisfies both filters. Example: Filters of Differing Type with Like Modes In policies with two or more filters of differing types. Because the mode for Filter B is set to Deny. Filter D is a Client IP Address filter that specifies 12. even though the user is a member of the Sales group.* (the corporate network) and the mode is set to Allow. Filter F is an Access Control filter that specifies Access Gateway connection conditions and the mode is set to Allow.0.0. set to Allow. the policy is not applied because the connection does not satisfy Filter F. the connection must satisfy at least one filter of each type in order for the policy to be applied. q When the Sales manager logs on to the farm from the office. 195 .

changes you make are applied to the policy only after you click OK on the Edit Policy dialog box.To add filters to a policy To apply a policy according to specific criteria. 5. 4. when creating a new policy Using the Filters tab of the Edit Policy dialog box. the policy applies to all connections. From the New Filter dialog box. However. Click OK to save the filter criteria. when modifying an existing policy Using the Filters tab of the AppCenter or Group Policy Management Editor (located beneath the policies list). 1. 2. Select the filter you want to apply and click Add. Leave the Enable this filter element checkbox selected. when modifying an existing policy q q Note: When you modify filters using the Filters tab on the console. 3. If no filter is added. the changes you make are applied to the policy immediately after you configure the selected filter. 6. when you modify filters using the Edit Policy dialog box. click Add to add the criteria you want XenApp to evaluate when determining if the policy should be applied. You can add filters using one of the following methods: q Using the New Policy wizard. Click OK to add the filter to the policy. This allows the filter criteria to be considered when the policy is evaluated. 196 . Depending on the type of policy created. open a Command Prompt window and type gpupdate /force. To force an immediate update. you must add at least one filter. the policy is applied the next time the server is rebooted (in the case of a Computer policy) or the next time users log on to the server (in the case of a User policy). Select the mode for the filter.

Menu animation. In a XenApp environment. 197 . for specific servers. if some people in the user group do need access to their local drives. always overrides other settings and policies. Note: When managing policies through the AppCenter. For some policy settings. Citrix policies interact with policies you set in your operating system. if you make changes to five policies. The exception to this principle is security. In a large farm with multiple policies. In general. However. geographic locations. You then rank or prioritize the two policies to control which one takes precedence in the event of a conflict. this frequent synchronization can result in delayed server responses to user requests. the encryption settings that you specify when you are publishing an application should be at the same level as the encryption settings you specified throughout your environment.Managing Multiple Policies You can use multiple policies to meet users’ needs based on their job functions. propagating the change to other servers in the farm. For example. the server synchronizes the farm GPO five times. If a higher priority encryption level is set elsewhere. be aware that making frequent changes can adversely impact server performance. including the operating system and the most restrictive shadowing setting. you can create another policy for only those users. or on the client. For example. arrange to make these changes during off-peak usage periods. The highest encryption setting in your environment. the Secure ICA policy settings that you specify in the policy or when you are publishing an application can be overridden. This includes settings that are related to typical Remote Desktop Protocol (RDP) client connection settings such as Desktop wallpaper. To ensure server performance is not impacted by needed policy changes. policies override similar settings configured for the entire server farm. the XenApp server synchronizes its copy of the farm Group Policy Object (GPO) with the data store. compliance with security protocols may require you to place restrictions on user groups who work regularly with highly sensitive data. When you modify a policy. the settings in policies must match the settings in the operating system. For example. Citrix settings override the same settings configured in an Active Directory policy or using Remote Desktop Session Host Configuration. or connection types. such as Secure ICA. You can create a policy that requires a high level of encryption for sessions and prevents users from saving sensitive files on their local client drives. and View window contents while dragging.

When you create policies for groups of users. all policies that match the filters for the connection are identified. The process XenApp uses to evaluate policies is as follows: 1. You prioritize policies by giving them different priority numbers. Any disabled setting overrides a lower-ranked setting that is enabled. When a user logs on. By default.Prioritizing Policies and Creating Exceptions Prioritizing policies allows you to define the precedence of policies when they contain conflicting settings. or servers. applying the setting according to the priority ranking of the policy.* and the mode is set to Allow. client devices. XenApp sorts the identified policies into priority order and compares multiple instances of any setting. the policy is not applied to the user logging on to the farm with the user account specified in Filter B.0.0. However. You can create exceptions by: q Creating a policy only for those group members who need the exceptions and then ranking the policy higher than the policy for the entire group Using the Deny mode of a filter added to the policy q A filter with the mode set to Deny tells XenApp to apply the policy to connections that do not match the filter criteria. If policy settings conflict. For example. you may find that some members of the group require exceptions to some policy settings. 2. new policies are given the lowest priority. Filter B is a User filter that specifies a particular user account and the mode is set to Deny. 198 . q The policy is applied to all users who log on to the farm with IP addresses in the range specified in Filter A. a policy with a higher priority (a priority number of 1 is the highest) overrides a policy with a lower priority. even though the user's computer is assigned an IP address in the range specified in Filter A. Settings are merged according to priority and whether the setting is disabled or enabled. a policy contains the following filters: q Filter A is a Client IP address filter that specifies the range 12.

3. 199 . From the console tree. 2. From the middle pane. select the policy you want to prioritize. choose to view Citrix Computer Policies or Citrix User Policies. Click Increase Priority or Decrease Priority as appropriate until the policy has the preferred rank.Prioritizing Policies and Creating Exceptions To change the priority of a policy 1.

if you are logged on to the server as a local user and run the wizard from the AppCenter. the wizard calculates the resultant set of policy by including settings from Active Directory Group Policy Objects (GPOs). q You can launch both tools from the Group Policy Management console in Windows. However. Citrix policy filter evidence values. including Citrix policies. 200 . it can override the settings you configure in the original policy. are currently being applied to a particular user and server. You can calculate the Resultant Set of Policy in the following ways: q Use the Citrix Policy Modeling Wizard to simulate a connection scenario and discern how Citrix policies might be applied Use Group Policy Results to produce a report describing the Citrix policies in effect for a given user and server. If you are logged on to the server as a domain user and your environment includes Active Directory. If a higher priority policy also applies to a connection. If you run the wizard from the AppCenter. Using the Citrix Policy Modeling Wizard With the Citrix Group Policy Modeling Wizard. you can launch the Citrix Group Policy Modeling Wizard from the Actions pane of the AppCenter. you can specify conditions for a connection scenario such as domain controller.Determining Which Policies Apply to a Connection Sometimes a connection does not respond as expected because multiple policies apply. The report that the wizard produces lists the Citrix policies that would likely take effect in the scenario. Using Group Policy Results The Group Policy Results tool helps you evaluate the current state of GPOs in your environment and generates a report that describes how these objects. users. If your XenApp environment does not include Active Directory. and simulated environment settings such as slow network connection. the farm GPO residing on the server is included in this calculation as well. the wizard calculates the Resultant Set of Policy using only the farm GPO. You can determine how final policy settings are merged for a connection by calculating the Resultant Set of Policy.

This can result in conflicts where a policy may not behave as expected. you might discover that no policies are applied to user connections. IP addresses.Determining Which Policies Apply to a Connection Troubleshooting Policies Users. When this happens. This occurs when: q No policies have filters that match the policy evaluation criteria Policies that match the filter do not have any settings configured Policies that match the filter are disabled q q If you want to apply policy settings to the connections that meet the specified criteria: q Make sure the policies that you want to apply to those connections are enabled Make sure the policies that you want to apply have the appropriate settings configured q 201 . and other filtered objects can have multiple policies that apply simultaneously. users connecting to their applications under conditions that match the policy evaluation criteria are not affected by any policy settings. When you run the Citrix Group Policy Modeling Wizard or the Group Policy Results tool.

To simulate connection scenarios with Citrix policies 1. click the Policies node. open the Citrix Group Policy Modeling Wizard: q From the AppCenter. environment settings. grouping effective Citrix policy settings under User Configuration and Computer Configuration headings. the report appears as a node in the AppCenter tree. In the AppCenter. 202 . Follow the wizard to select the domain controller. users. From the Group Policy Management console. q When you click Finish. and Citrix filter criteria you want to use in the simulation. the wizard produces a report of the modeling results. underneath the Policies node. 2. Depending on your XenApp environment. computers. right-click the Citrix Group Policy Modeling node in the console tree and then select Citrix Group Policy Modeling Wizard. The Modeling Results tab in the middle pane displays the report. and then click Run the modeling wizard from the Actions pane.

0 or later) or Access Gateway Enterprise Edition (Version 9. you must complete all of the following: q Create one or more filters within Access Gateway. Create a Computer policy within XenApp that has the Trust XML requests policy setting enabled. See the Access Gateway section of Citrix eDocs for more information about creating filters. Prerequisites for Filtering on Access Gateway Connections For Citrix XenApp to filter on Access Gateway connections. You can selectively enable client-side drive mapping. select Allow connections made through Access Gateway Advanced Edition in the application properties. cut and paste functionality. Ensure that your farm is configured to allow Access Gateway connections. and local printing based on the logon point used to access the published application.1 or later) to create filters that work with XenApp.Applying Policies to Access Gateway Connections You can create a policy that is applied to Access Gateway connections or to Access Gateway connections with certain properties. logon point. q q q 203 . You can create Citrix policies to accommodate different access scenarios based on factors such as authentication strength. q For published applications. and client device information such as endpoint analysis. Note: You must be using Access Gateway Advanced Edition (Version 4. Create a User policy within XenApp that includes a filter referencing Access Gateway filters. which it is by default.

7.Applying Policies to Access Gateway Connections To apply a policy filter based on Access Gateway connections 1. Select an existing User policy or create a new User policy. 6. To apply the policy to connections made through Citrix Access Gateway based on existing Access Gateway policies. and filter names. In Access condition. q 3. enter the name of the Access Gateway farm. enter the name of the endpoint session policy for XenApp to use. b. Click Add to configure the filter. 204 . perform the following actions: a. Selecting Deny tells XenApp to apply the policy to connections that do not match the filter criteria. enter the name of the Access Gateway filter for XenApp to use. select the Policies node in the left pane and then select the User tab in the middle pane. To apply the policy to connections made through Citrix Access Gateway without considering Access Gateway policies. select the Citrix Policies node. select Deny. q Important: XenApp does not validate Access Gateway farm. enter one of the following items: q q If using Access Gateway Advanced Edition. 4. 5. In AG farm name. Select With Access Gateway. The filter's mode tells XenApp whether or not to apply the policy to connections that match the filter criteria. under User Configuration in the left pane. enter the virtual server name of the Access Gateway appliance. Follow the policy wizard to the filters page or click the Filters tab in the middle pane of the console. server. 9. From the Group Policy Management Editor. in the Mode list box. so always verify this information with the Access Gateway administrator. Select Access Control and then click Add. If using Access Gateway Enterprise Edition. accept the default entries in the AG farm name and Access condition fields. To apply the policy to every connection except those made through Access Gateway. 8. 2. If using Access Gateway Enterprise Edition. enter one of the following items: q If using Access Gateway Advanced Edition. Depending on the console you use to manage Citrix policies: q From the AppCenter.

While other TWAIN devices may work. You can add the TWAIN device redirection bandwidth limit or the TWAIN device redirection bandwidth limit percent settings to the policy and enter the appropriate values denoting the maximum bandwidth allowed for image transfers. Users can connect regardless of connection type. However. XenApp 32-bit and 64-bit servers support TWAIN redirection for 32-bit TWAIN applications only. from published applications. Citrix Online Plug-in 11. To configure image compression. This feature is known as TWAIN redirection because XenApp provides TWAIN support by redirecting commands sent from a published application on the server to the client device. add the TWAIN compression level setting and select the appropriate compression level. q q q The following table lists the TWAIN hardware and software tested with XenApp. only those listed are supported. 205 . or the Citrix Offline Plug-in. Citrix Receiver 3. The Client TWAIN device redirection policy setting must be added to the appropriate policy.x or later. such as scanners and cameras.0. Scanners and Scanning Devices Canon CanoScan 3200F Canon CanoScan 8000F Canon CanoScan LiDE600F Fujitsu fi-6140 Fujitsu ScanSnap 9510 HP ScanJet 8250 IRIScan Express 2 Software Microsoft Office Publisher 2007 Microsoft Office Word 2007 Clip Organizer OmniPage SE Consider the following after enabling TWAIN redirection: q Configure bandwidth limits for image transfers. XenApp does not support 16-bit TWAIN drivers. XenApp requires the following for TWAIN support: q The imaging device must be connected locally to the user device and have the associated vendor-supplied TWAIN driver installed locally.Enabling Scanners and Other TWAIN Devices XenApp lets users control client-attached TWAIN imaging devices.

microsoft. 206 . C:\Documents and Settings\UserName\Windows). You can also correct this by adding the application to the Remote Desktop Session Host application compatibility list with the following two flags specified: q Windows-based 32-bit application: 0x00000008 Return system \Windows directory instead of user \Windows directory for GetWindowsDir: 0x00000400 For more information about using compatibility flags. see the article "Program compatibility flags" on the Microsoft TechNet Web site at http://technet.com.Enabling Scanners and Other TWAIN Devices q Some applications are not Remote Desktop Session Host aware and look for Twain32.dll into the \Windows directory of each user profile resolves this issue. q q This feature supports the following modes of TWAIN information transfer: q Native Buffered Memory (most scanning software works by default in Buffered Memory mode) q Note: The disk file transfer mode is not supported. Copying Twain32.dll in the \Windows directory of the user profile (by default.

the client device links to the server through a connection and establishes a session. the printers that are available. When a user logs on to the farm. 207 . managing. including whether or not users can access mapped drives. and optimizing sessions q q When a user initially connects to your farm and opens a published application. if they can access local special folders. such as the local client device’s hard disk. In XenApp. Users access published applications in sessions after the client device establishes a connection with the server. Users access published resources through client connections. the server opens the application in a session. You can change these settings based on the location from where the users are connecting. This connection is known as the client connection. and the amount of bandwidth used for audio support. As an administrator. inside of sessions. the term session refers to a particular instance of a user’s activity on the server. you can customize users’ environments.Managing Session Environments and Connections Provide user access to your farm’s resources by: q Customizing user environments Controlling connections Monitoring. sessions are the virtualization of the user’s environment.

You can also monitor users’ sessions. 208 . and their sessions’ status.Managing Session Environments and Connections XenApp provides settings to ensure sessions remain reliable. by shadowing.

By either allowing or preventing users from accessing their local devices or ports during a session. you can also customize the user’s experience by choosing whether you want published applications and desktops to appear in a window within a Remote Desktop window or “seamlessly. Some features that relate to session environments or connections. if necessary. q q q For the Citrix Receiver. always have the most appropriate printers and devices available to them inside of a session. 209 . By defining whether or not users can hear audio or use microphones during sessions. By ensuring that mobile workers. Certain features are available only in seamless mode.Defining User Environments in XenApp XenApp provides different ways to control what users experience in their session environments. published applications and desktops appear in separate resizable windows. You can control audio either at the group level through policies or at the published application level. such as dual-monitor mode support and information about logons. you can specify the level of audio compression and limit bandwidth. You can customize user environments in the following ways: q By suppressing the number of progress bars users see when they first open an application. which make the application appear to be installed locally. You can also prevent users from accessing devices and ports during remote sessions. If you enable audio support. such as travelling salespeople or workers inside a hospital. so that XenApp appears to be an integrated part of their everyday environment. are plug-in specific. Details about these features are located in the Citrix Receiver and the Web Interface documentation.” In seamless window mode.

To do this. In that case. from the time they double-click a published application icon on the client device. Active Directory group policies take precedence over equivalent local group policies on servers. Therefore. XenApp achieves this logon look and feel by suppressing the status screens generated by a server’s Windows operating system when a user connects. do not configure these group policies in Active Directory.Controlling the Appearance of User Logons When users connect to a server. they see all connection and logon status information in a sequence of screens. users see the status screens generated by the Windows operating system when connecting to that server. when you install XenApp on servers that belong to an Active Directory domain. through the authentication process. to the moment the published application launches in the session. those Active Directory policies may prevent XenApp from suppressing the status screens generated by the Windows operating systems of the individual servers. For optimal performance. 210 . XenApp Setup enables the following Windows local group policies on the server on which you install the product: q Administrative Templates > System > Remove Boot / Shutdown / Logon / Logoff status messages Administrative Templates > System > Verbose versus normal status messages q However.

For more information. The client drives are displayed with descriptive names so they are easy to locate among other network resources. see the Receiver documentation. redirection settings are used for mapping.Controlling Access to Devices and Ports Citrix Receiver supports mapping devices on client computers so users can access the devices within sessions. Receiver reports the available client drives and COM ports to the server. In Citrix policies. These drives are used by Windows Explorer and other applications like any other network drive.wav files) playback from the session q q During logon. 211 . Redirecting Client COM Ports and Audio Client COM port redirection allows a remote application running on the server to access devices attached to COM ports on the user device. By default. COM port and audio redirection are configured with the Client COM port redirection and Client audio redirection User policy settings. Client device mapping provides: q Access to local drives and ports Cut-and-paste data transfer between a session and the local clipboard Audio (system sounds and . client drives appear as network resources so the drives appear to be directly connected to the server.

This allows the user to access client drive letters in the same way locally and within sessions. the server maps client drives without user execute permission. After installing XenApp. Be sure to back up the registry before you edit it. set ExecuteFromMappedDrive to 1. 4. As a security precaution. To grant users execute permission on mapped drives. the user device's hard disk drive appears as "C: on ClientName. 2. In doing so. Use Registry Editor at your own risk. Restart the server. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Find the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\picadm\Parameters\ExecuteFromMappedDrive 3. hard drive. 5." where ClientName is the name of the user device. CD-ROM drives. To deny users execute permission on mapped drives. You can turn off client drive redirection through XenApp policies. set ExecuteFromMappedDrive to 0. override this default by editing the registry on a XenApp server. XenApp displays client drive letters as they appear on the user device. 212 . open the Registry Editor. for example.To enable user execute permissions on mapped drives In general. To enable users to execute files residing on mapped client drives. by default. you also turn off mapping to client floppy disk drives. when a user logs on to XenApp. or remote drives regardless of the policy settings for those individual devices. 1.

Because Special Folder Redirection must interact with the client device.x or later or the Web Interface. If users must run multiple sessions simultaneously. some settings prevent Special Folder Redirection from working. Special Folder Redirection only works for the Desktop and Documents folders. users must access the farm with the Citrix online plug-in 11. Caution: Special Folder Redirection does not redirect public folders on Windows Vista and Windows Server 2008. Computer. some applications might be unstable when trying to perform read/write operations to the denied folders. Currently. you can enable Special Folder Redirection. In large environments where many servers host the same application. instruct users not to save to public folders. for the Citrix Receiver. access is denied to the user’s local workstation drives. the Documents and Desktop icons that appear in a session point to the user’s Documents and Desktop folders on the server. For Special Folder Redirection to work. it could be difficult to 213 . the Documents folder in the Start menu maps to the Documents folder on the client device. To avoid this. Citrix does not recommend using Special Folder Redirection with published Windows Explorer. including the user’s local Documents and Desktop folders. As a result. In addition. Special folders is a Microsoft term that refers to Windows folders such as Documents. If users save documents to public folders. Special Folder Redirection works only for the Documents folder. such as opening or saving a file. If users are connecting to servers that are not in their domain. the user must log off from the session on the first client device and start a new session on the second client device. they are accessing the special folder on their local computers. they are saving them to a local folder on the server hosting the published application. Without Special Folder Redirection enabled. Special Folder Redirection redirects actions. always grant full local access when Special Folder Redirection is enabled. so that when users save or open files from special folders. You cannot have policy settings that prevent users from accessing or saving to their local hard drives. When a user launches an application through the Web Interface and uses File Security to select No Access in the File Security dialog box in Connection Center. use roaming profiles or set a home folder for that user in the User Properties in Active Directory. and the Desktop. for seamless and published desktops. For seamless applications. Restrictions Do not enable Special Folders Redirection in situations when a user connects to the same session from multiple client devices simultaneously. To use Special Folder Redirection.Displaying Local Special Folders in Sessions To make it easier for your users to save files to their special folders locally. Special Folder Redirection requires access to the Documents and Desktop folders on the user’s local computer.

Select the correct options. To enable Special Folder Redirection for Web Interface This procedure requires that you already created a XenApp Web site. 2. From the AppCenter. Instructions for users are provided in their plug-in help. Enable the Special Folder Redirection policy setting and apply filters to ensure the setting is applied to the users you want accessing local special folders. To Select the options 214 . 3. 1. If you enable Special Folder Redirection without success. such as Music or Recent Documents. 3. To enable Special Folder Redirection Special Folder Redirection support is enabled by default. In the Managing Session Preferences page.Displaying Local Special Folders in Sessions determine which server contains the public folder where the user saved the document. Decide if you want to let users turn this feature on and off in their sessions. Ensure you do not have any policy settings enabled that are not supported with Special Folder Redirection (such as preventing accessing or writing to local hard drives). select Citrix Resources > Configuration Tools > Web Interface > XenApp Web Site Name. To prevent local special folders from being redirected. select Remote Connection > Local Resources. use Search to determine if any settings conflict with this feature. From the Action menu. still point to the server. Tip: Let your users know that other Special Folders. but you must provide this feature to users through the Citrix Receiver and Web Interface. 2. 4. You can either enable Special Folder Redirection for all users or configure that users must enable the feature themselves in their client settings. If users save documents to these folders. ensure a filter is configured that targets the users you do not want accessing local special folders. 1. You can allow or prevent specific users from having redirected special folders with the Special folders redirection policy setting. they are saved to the server. choose Manage session preferences.

choose Change session options. Provide Special Folder Redirection to all users Allow users to customize Special Folder Redirection Disable Special Folder Redirection by default. 1. select Citrix Resources > Configuration Tools > Web Interface > XenApp Services Site Name > config. Select the correct options. In the Change Session Options page. but let users turn it on in their session options Enable Special Folder Redirection by default and prevent users from turning it on or off Allow users to customize Special Folder Redirection Provide Special Folder Redirection to all users To enable Special Folder Redirection for Citrix Receiver This procedure requires that you already created a XenApp Services site. To Enable Special Folder Redirection by default and let users turn it off in their session options.xml. 4. From the Action menu. From the AppCenter. select Remote Connection > Local Resources. but let users turn it on in their session options Enable Special Folder Redirection by default and prevent users from turning it on or off Allow users to customize Special Folder Redirection Provide Special Folder Redirection to all users 215 .Displaying Local Special Folders in Sessions Enable Special Folder Redirection by default and let users turn it off in their session options. 3. Select the options Provide Special Folder Redirection to all users Allow users to customize Special Folder Redirection Disable Special Folder Redirection by default. 2.

When audio is enabled. you can also use policy settings to set compression levels and bandwidth allocation. including: q Audio properties you configure for individual published applications Audio related policy settings you configure for specific connection types Audio settings the user configures on the user device q q For example. both in terms of quality and cost in resources. users must also enable audio on the user device. and configure another setting to disable audio for connections where it is not essential. You can configure a policy setting to enable audio for connections where audio is essential. 216 . Important: To use audio in sessions. Use policy settings to control the availability of speakers and microphones in sessions. you can use audio-related connection policy settings to control bandwidth usage and server CPU utilization.Configuring Audio for User Sessions XenApp provides tools to manage and control the availability of sound in sessions.

To enable or disable audio for published applications If you disable audio for a published application. audio is not available within the application under any condition. If you enable audio for an application. 1. 217 . Select or clear the Enable legacy audio check box. 2. and select Action > Application properties. In the Application Properties dialog box. select the published application for which you want to enable or disable audio. click Advanced > Client options. In the AppCenter. you can use policy settings and filters to further define under what conditions audio is available within the application.

In this procedure. accommodating the different amounts of bandwidth each group will have available. Audio redirection bandwidth limit percent.To configure bandwidth limits for audio Use policy settings to configure the amount of bandwidth you want to allocate to audio transfers between servers and client devices. q 218 . you might want to create separate policy settings for groups of dial-up users and for those who connect over a LAN. Specify the bandwidth available for audio in kilobits per second. such as servers or users. Configure the following Citrix User policy settings: q Audio redirection bandwidth limit. For example. If you configure this setting. 1. Limit the bandwidth available for audio to a percentage of the overall bandwidth available. you must enable the Overall session bandwidth limit setting. you are editing settings for a policy that applies to a specific group of filtered objects.

This is recommended for most LAN-based connections. the lower data rate allows reasonable performance for a low-bandwidth connection. such as servers or users. In this procedure. however. The CPU requirements and benefits of this setting are similar to those of the Medium setting. Sounds at the highest quality level require about 1.To configure audio compression and output quality Use Citrix policy settings to configure the compression levels to apply to sound files.for low-speed connections. you are editing settings for a policy that applies to a specific group of filtered objects. 1. This setting allows client devices to play a sound file at its native data rate. where bandwidth typically is limited. High . Medium . This causes any sounds sent to the client device to be compressed to a maximum of 16Kbps. This is recommended for connections where bandwidth is plentiful and sound quality is important. higher sound quality requires more bandwidth and higher server CPU utilization. create a policy for dial-up connections that applies high compression levels to sound and another for LAN connections that applies lower compression levels. You can use sound compression to balance sound quality and overall session performance. q q 219 . Over dial-up connections.optimized for speech. This setting causes any sounds sent to the client device to be compressed to a maximum of 64Kbps. and result in increased CPU utilization and network congestion. This compression results in a significant decrease in the quality of the sound. users likely care more about download speed than sound quality. Generally. Configure the Audio quality Citrix User policy setting with one of the following options: q Low .high definition audio. For such users. This compression results in a moderate decrease in the quality of the sound played on the client device.3Mbps of bandwidth to play clearly. Consider creating separate policies for groups of dial-up users and for those who connect over a LAN. Transmitting this amount of data can increase bandwidth requirements.

To enable audio input for sessions. On the client device. 1. both audio input (for microphones) and output (for speakers) must be enabled. Web Interface users can override the policy and disable their microphones by selecting No in the Audio Security dialog box. users control audio input and output in a single step—by selecting an audio quality level from the Options > Session Options dialog box. when you configure these settings. This allows you to implement separate connection policies. This lets mobile users record notes from the field. for example. 2. In this procedure. but prevents the server from sending audio to the mobile devices. which they access from the Citrix Connection Center. and the Windows CE and Linux plug-ins. you must configure both to ensure that audio input and output are enabled. By default. Audio input and output are controlled by two policy settings. for users of mobile devices and for users who connect over a LAN. Note: Microphone input is supported on the Citrix Receiver for Windows. Enabling audio input and output also enables support for digital dictation. ensuring better session performance.To enable support for microphones and speakers For users to use speaker and microphones in sessions. configure the Client audio redirection Citrix User policy setting. you are editing settings for a policy that applies to a specific group of filtered objects. such as servers or users. To enable audio output for sessions. audio input is enabled on client devices. you may want to enable audio input but disable audio output. 220 . For the mobile user group. configure the Client microphone redirection Citrix User policy setting.

To enable Phillips SpeechMike devices. To enable the use of Philips SpeechMagic Speech Recognition server with WinScribe software. 3.To use and set sound quality for digital dictation devices If you have enabled microphone and speaker support. install the device drivers associated with the products on the XenApp server and on client devices. Set sound quality to at least medium quality. XenApp requires no additional configuration to allow users to record audio using a standard microphone. 4. you must install and configure the associated software and set session sound quality to accommodate them. select Session Options. In the Sound area. select the XenApp Services site you want to configure. 2. install this software on the XenApp server. From Citrix Web Interface Management. go to the Philips web site for information and software downloads. set sound quality to high to enable accurate speech-to-text translation.optimized for speech High . to allow users to use digital dictation devices such as Philips SpeechMike devices and dictation software such as WinScribe Internet Author and Internet Typist. To make Philips SpeechMike devices or similar products available in user sessions. 1. After installation. select one of: q Medium . However.high definition audio q 221 . Note: The Citrix plug-ins for Linux and Windows CE do not support Philips SpeechMike products. To make dictation software such as WinScribe Internet Author and Internet Typist available. Refer to the product documentation for instructions. Select Color and Sound. you might be required to enable the controls for the dictation device within the dictation software. In the Action pane.

For example. Logging off. If you configure Workspace Control options to allow it. these workers can disconnect from multiple applications at one client device and then reconnect to open the same applications at a different client device. or log off from the Web Interface only. you can configure—and allow users to configure—these activities: q Logging on. For users accessing applications through the Web Interface or Citrix Receiver. if a health care worker logs off from a client device in the emergency room of a hospital and then logs on to a workstation in the hospital’s X-ray laboratory. you can configure the Log Off command to log the user off from the Web Interface and all active sessions together. Through Workspace Control. By default. or to log off from all running applications. Policies and mappings are applied according to the client device where the user is currently logged on to the session. After logging on to the server farm. User policies. you can configure the logon reconnection behavior to open only the applications that the user disconnected from previously. Disconnecting from an application leaves the application running on the server. and client drive mappings appropriate for the session in the X-ray laboratory go into effect at the session startup. bypassing the need to reopen individual applications. the policies. For example. Users can disconnect from all running applications at once without needing to disconnect from each application individually. Disconnecting. You can configure Reconnect to open only those applications that the user disconnected from previously. 222 . Reconnecting. q q q Workspace Control is enabled in the server farm by default and is available only for users accessing applications through the Web Interface or Citrix Receiver. users can reconnect to all their applications at any time by clicking Reconnect.Ensuring Session Continuity for Mobile Workers The Workspace Control feature provides users with the ability to disconnect quickly from all running applications. For users opening applications through the Web Interface. Reconnect opens applications that are disconnected plus any applications currently running on another client device. Workspace Control enables users to move among client devices and gain access to all of their open applications when they log on. printer mappings. client drive mappings. you can use Workspace Control to assist health-care workers in a hospital who need to move quickly between workstations and access the same set of applications each time they log on to XenApp. to reconnect to applications. By default. If you have roaming users who need to keep some applications running on one client device while they reconnect to a subset of their applications on another client device. Workspace Control enables users to reconnect automatically to all running applications when logging on. users can open disconnected applications plus applications active on another client device. and printer configurations change appropriately when a user moves to a new client device.

and other aspects of their printing experiences. 223 . For more information about enabling and configuring Workspace Control for users. see the Web Interface documentation. how much bandwidth is consumed when users connect remotely.Ensuring Session Continuity for Mobile Workers You can customize what printers appear to users when they change locations as well as control whether they can print to local printers.

and range limitations of wireless devices. You can leverage these three features of XenApp to optimize the reliability of sessions and to reduce the amount of inconvenience.Maintaining Session Activity Users can lose network connectivity for various reasons. downtime. q Session Reliability Auto Client Reconnect ICA Keep-Alive q q 224 . including unreliable networks. Losing connectivity often leads to user frustration and a loss of productivity. highly variable network latency. and loss of productivity users incur due to lost network connectivity.

Session Reliability reconnects users without reauthentication prompts. the session is disconnected and disappears from the user’s screen. By default. Ordinarily. With Session Reliability. therefore. unless you change the port number with the Citrix Computer policy Session reliability port number setting. If you use both Session Reliability and Auto Client Reconnect. You can edit the port on which XenApp listens for session reliability traffic and edit the amount of time Session Reliability keeps an interrupted session connected. prompt the user for reauthentication. or three minutes. The user continues to access the display during the interruption and can resume interacting with the application when the network connection is restored. the user session after the amount of time you specify in the Citrix Computer policySession reliability timeout setting. If you do not want users to be able to reconnect to interrupted sessions without having to reauthenticate. Though you can extend the amount of time Session Reliability keeps a session open. You can configure the Citrix Computer policy Auto client reconnect authentication setting to prompt users to reauthenticate when reconnecting to interrupted sessions. the user’s display freezes and the cursor changes to a spinning hourglass until connectivity resumes on the other side of the tunnel. To indicate that connectivity is lost. Take. attempting to reconnect the user to the disconnected session. Session Reliability closes. 225 . use the Auto Client Reconnect feature. Session Reliability is enabled through policy settings. The Session reliability timeout setting has a default of 180 seconds. a user with a wireless connection who enters a railroad tunnel and momentarily loses connectivity. Incoming session reliability connections use port 2598. the Auto Client Reconnect policy settings take effect. Users continue to see the application they are using until network connectivity resumes. the session remains active on the server. Citrix Receiver users cannot override the server setting. If you extend the amount of time a session is kept open indiscriminately. and the user has to reconnect to the disconnected session. this feature is designed to be convenient to the user and it does not. for example. The Citrix Computer policy Session reliability connections setting allows or prevents session reliability. This feature is especially useful for mobile users with wireless connections. Note: You can use Session Reliability with Secure Sockets Layer (SSL). After that. or disconnects. potentially leaving the session accessible to unauthorized users.Configuring Session Reliability Session Reliability keeps sessions active and on the user’s screen when network connectivity is interrupted. the two features work in sequence. chances increase that a user may get distracted and walk away from the client device. You can customize the policy settings for this feature as appropriate.

Settings for connections also affect Auto Client Reconnect. Auto Client Reconnect uses the cookie on the client device to disconnect an active session before attempting to reconnect. Note: For maximum protection of users’ credentials and sessions. see the Citrix Receiver or plug-in documentation. Users can reconnect only to sessions that are in a disconnected.Configuring Automatic Client Reconnection The Auto Client Reconnect feature allows Citrix Receiver for Windows and plug-ins for Java and Windows CE to detect broken connections and automatically reconnect users to disconnected sessions. XenApp displays a dialog box to users requesting credentials when Receiver or the plug-in attempts to reconnect automatically. Enables or disables automatic reconnection by the same client after a connection has been interrupted. Instead. it attempts to reconnect the user to the session until there is a successful reconnection or the user cancels the reconnection attempts. The server decrypts the credentials and submits them to Windows logon for authentication. Because users can be reconnected only to disconnected sessions. Disable Auto Client Reconnect on Citrix Receiver for Windows by using the icaclient. the server farm does not provide a combined log of reconnection events for all servers. or inactive. Configure Auto Client Reconnect with the following Citrix Computer policy settings: q Auto client reconnect. Auto client reconnect authentication. When enabled. Each server stores information about reconnection events in its own System log. state. it may leave the server session in an active state. Enables or disables the requirement for user authentication upon automatic reconnection Auto client reconnect logging. When cookies expire. q q Auto Client Reconnect incorporates an authentication mechanism based on encrypted user credentials. When a user initially logs on to a server farm. XenApp encrypts and stores the user credentials in memory. Cookies are not used if you enable the Auto client reconnection authentication setting. 226 . the server's System log captures information about successful and failed automatic reconnection events. use SSL encryption for all communication between clients and the server farm. Logging is disabled by default. Enables or disables logging of reconnection events in the event log. For more information. and creates and sends a cookie containing the encryption key to Receiver or the plug-in. Receiver or the plug-in submits the key to the server for reconnection.adm file. When Receiver or a plug-in detects an involuntary disconnection of a session. When a connection breaks. users must reauthenticate to reconnect to sessions. Cookies containing keys to user credentials and session IDs are created on the client device when sessions are started.

Automatic reconnection can fail if Receiver or the plug-in submits incorrect authentication information.Configuring Automatic Client Reconnection Configuring Connections for Automatic Client Reconnection By default. However. attempting to reconnect initiates a new session. the ICA TCP connection refers to a XenApp’s virtual port (rather than an actual network connection) that is used for sessions on TCP/IP networks. In this context. 227 . automatic reconnection does not occur. The connection can be configured to reset. rather than restoring a user to the same place in the application in use. the application is restarted. Auto Client Reconnect is enabled through policy settings on the farm level. or log off. if a server’s ICA TCP connection is configured to reset sessions with a broken communication link. If XenApp is configured to reset sessions. the ICA TCP connection on a XenApp server is set to disconnect sessions with broken or timed out connections. Disconnected sessions remain intact in system memory and are available for reconnection by Receiver. By default. User reauthentication is not required. which might occur during an attack or the server determines that too much time has elapsed since it detected the broken connection. This process requires users to enter their credentials to log on to the server. sessions with broken or timed out connections. Auto Client Reconnect creates a new session. When a session is reset. Auto Client Reconnect works only if the server disconnects sessions when there is a broken or timed out connection.

Only configure ICA Keep-Alive for connections that do not use Session Reliability. no mouse movement. If the session is no longer active. Do not configure this option if you want your network monitoring software to close inactive connections in environments where broken connections are so infrequent that allowing users to reconnect to sessions is not a concern. 228 . The 60 second default interval causes ICA Keep-Alive packets to be sent to client devices every 60 seconds. XenApp marks the session as disconnected. If a client device does not respond in 60 seconds. Session Reliability has its own mechanisms to handle this issue. the ICA Keep-Alive feature does not work if you are using Session Reliability. Important: Servers running the Citrix Access Gateway intercept packets being sent from servers to client devices. no screen updates). ICA Keep-Alive settings override keep-alive settings that are configured in Microsoft Windows Group Policy.Configuring ICA Keep-Alive Enabling the ICA Keep-Alive feature prevents broken connections from being disconnected. However. Doing so allows ICA sessions to be changed from active to disconnected as intended. this feature prevents Remote Desktop Services from disconnecting that session. the status of the ICA sessions changes to disconnected. Sends or prevents sending ICA keep-alive messages periodically. q ICA keep alives. 1. When enabled. XenApp sends keep-alive packets every few seconds to detect if the session is active. Configure the following Citrix Computer policy settings: q ICA keep alive timeout. Specifies the interval (1-3600 seconds) used to send ICA keep-alive messages. Set keep-alive values on the Access Gateway servers to match ICA Keep-Alive values on XenApp servers. no clock change. if XenApp detects no activity (for example.

229 . the user session returns to the active monitoring state. the session ends. If no application starts during this interval. a lingering session will not disconnect. You can use session linger to provide a better user experience by eliminating the launch delay between applications. Anonymous user sessions do not have a disconnected state. If a new application starts during this interval. when a user exits from an application. It is possible that other factors may cause a session to be disconnected before the Linger Disconnect Timer Interval expires.Session Linger A user session ends after user processes and visible windows end (for example. To use session linger for named user sessions. If this policy setting is not used. the disconnected session remains in the disconnected state until the Linger Terminate Timer Interval expires. configure the following Citrix User policy settings: q Linger Terminate Timer Interval specifies the number of minutes a session remains active after the last application terminates. they are either active or terminated. if the Linger Terminate Timer Interval and Linger Disconnect Timer Interval policy settings are used. q Linger Disconnect Timer Interval specifies the number of minutes to wait after lingering begins before disconnecting the session. If this policy setting is not used. the session ends). the effective Linger Terminate Timer Interval setting is the same as the Linger Disconnect Timer Interval setting. If a new application starts during this interval. Therefore. session linger is disabled. the user session returns to the active monitoring state. For a non-seamless named user session.

For example. you reset the ICA sessions of all users connected to the server. You can monitor sessions through AppCenter displays or directly through shadowing. this does not log off the user. you close the connection between the client device and the server. However. A user can reconnect to a disconnected session from a different client device without loss of data. 230 . When you refresh the AppCenter display or when the next automatic refresh occurs. Your session must support the same video resolution as the disconnected session. You can also connect to a user’s disconnected session when you are using the AppCenter from within a client session on a XenApp server. however. or sending messages to users. Disconnecting and Resetting Sessions A disconnected session is still active and its applications continue to run. session state displays indicate Down. When you reset a disconnected session. Special sessions that listen for requests to connect to the server indicate Listening in session state displays.) When a session is disconnected. the session no longer appears in the list of sessions. if you reset the ICA listener session. (Some applications that rely on virtual channels. You can also reset a user’s client session or a disconnected session. but the client device is no longer communicating with the server. the audio stops playing because the audio virtual channel is no longer available. For example. Resetting a session terminates all processes that are running in that session. You can reset a session to remove remaining processes in the case of a session error. session state displays indicate Disconnected. and programs that were running in the session are still running on the server. if you disconnect from a session running Media Player while playing audio.Managing and Monitoring XenApp Sessions You can interact directly with sessions by resetting. such as media players. If the client user then connects to the server (by selecting a published application or custom connection to the server). you might disconnect users’ sessions if they experience problems on their client device and do not want to lose data from their applications. the disconnected session is reconnected. To connect. For example. may behave differently. you must know the password of the user who started the session. You can log off users from their sessions. the server resets all sessions that use the protocol associated with the listener. When you disconnect a session. If you reset a listener session. resetting a session can cause applications to close without saving data. disconnecting or logging off sessions.

In the results pane. Select the session you want to log off. 4. 1. Confirm the logoff when prompted. 2. In the Actions pane. select Terminate. select Disconnect. Select the session you want to reset. Select the server to which the user is connected. click the Processes tab and select the process you want to terminate. 1. In the results pane. click the Sessions tab. To terminate processes in a user session: Caution: Terminating a process may abruptly end a critical process and leave the server in an unusable state. Before initiating the logoff. send a message to warn users to exit all applications. In the results pane. select Log off. 3. (You can select one or more sessions. To logoff from a session: Caution: Ending user sessions using Logoff can result in loss of data if users do not close their applications first. (You can select one or more sessions. q q q 231 . click the Sessions tab. In the results pane. 2. In the Actions pane. In the Actions pane. Only reset a session when it malfunctions or is not responding. 3. click the Users tab and select the session for which you want to terminate a process. select Reset. 3. (You can select one or more sessions. Select the server to which the user is connected. Select the server to which the user is connected. 2. 1.) 4. click the Sessions tab. To disconnect a session: 1.Managing and Monitoring XenApp Sessions To use session controls From the AppCenter: q To reset a session: Caution: Resetting effectively deletes the session and results in loss of data for the user. 2. Select the server to which the user is connected.) 4. In the Actions pane.) 4. 3. In the lower portion of the results pane. Select the session you want to reset.

select a farm node instead of a server. 1. In the results pane. or warning of a logoff or system shutdown. To send a message to all user sessions in the farm. 4. 3. The Send Message dialog box appears. click the Users tab and select one or more sessions. 232 . Edit the title of the message. if required. and enter the message text. select Send Message. requesting a shadowing session. From the AppCenter. 2. In the Actions pane.Managing and Monitoring XenApp Sessions To send a message to one or more users from the AppCenter Sending a message that appears in user sessions can be helpful in situations such as broadcasting information about new applications and upgrades. select the server to which the users are connected.

and Send Message. q 233 . Disconnect.537 and numbered backward sequentially. Listen.Monitoring Session Information 1. The display lists all sessions running on the server. Client Modules. the user name is a string beginning with "Anon" followed by a session number. From the AppCenter. and Processes. In the results pane. The lower portion of the results pane displays tabs containing additional information: Information. How long the session has been idle. Name of the published application running in the session. Session type: ICA or RDP Active. Client Cache. 2. Depending on the session you select: q Tasks become available in the Actions pane. select the server on which you want to monitor sessions. By default. Log off. click the Sessions tab. Idle. When the user logged on. Select a session. or Down. Disconnected. Session ID Application Type State Client Name Logon Time Idle Time Server Server on which the application is running. Unique number that begins with 0 for the first connection to the console. the upper portion of the results pane includes the following information for all sessions (click Choose columns to specify which columns to display and the display order): Field User Description Name of the user account that initiated the session. Listener sessions are numbered from 65. For anonymous connections. 3. these can include Reset. Session Information. Name of the client device that is running the session.

the operation fails. When shadowing. For shadowing options by connection type. Important: Your client device and shadowing ICA session must support the video resolution of the user’s ICA session (the shadowed session). 234 . By default. Shadowing a session provides a powerful tool for you to assist and monitor users. If not. the user is notified of the pending shadowing and asked to allow or deny shadowing. you must reinstall XenApp to get shadowing functionality. mouse. and user notification options. use the Remote Desktop Session Host Configuration tool. If you do not leave the shadowing option enabled during configuration. Shadowing is a useful option for your Help desk staff who can use it to aid users. If configured. You can also use shadowing for remote diagnosis and as a teaching tool. You can shadow using either the AppCenter or the Shadow Taskbar. You cannot shadow a system console from another session. which allows shadowing on all connections on the server.Viewing User Sessions You can view another user’s session on another device by using shadowing. you can monitor the session activity as if you are watching the screen of the client device that initiated the session. You enable shadowing on a server when you configure XenApp and select the default option. you can also use your keyboard and mouse to control the user’s keyboard and mouse remotely in the shadowed session. Help desk personnel can view a user’s screen or actions to troubleshoot problems and can demonstrate correct procedures. such as keyboard.

so limit the number of simultaneous shadow sessions. q q Each shadowed session is represented by a task button on the Shadow Taskbar. choose All Programs > Citrix > Administration Tools > Shadow Taskbar. You must enter your user name and password to start an ICA session on the server running the Shadow Taskbar. Use the Shadow button to start shadowing one or more users. Note the following: q The client uses a license to log on to the server and start shadowing a user. Each shadow session consumes memory on the server. From the Start menu. To start the Shadow Taskbar 1. To configure shadowing options. The Shadow Taskbar uses the client to launch an ICA session to monitor a user. 235 . Use this button to switch quickly between the shadowing sessions you have open. including the server console. click its button in the Shadow Taskbar.Viewing User Sessions with the Shadow Taskbar Use the Shadow Taskbar to shadow multiple ICA sessions from a single location. 2. To switch to a shadow session. You can view servers in a different domain by logging on to an account in that domain and restarting the Shadow Taskbar. right-click an empty area of the Shadow Taskbar and select Exit. The Shadow Taskbar shows sessions on the server or domain you logged on to. A separate ICA session is started for each shadowed user. right-click an empty area of the Shadow Taskbar or press SHIFT + F10. To close the Shadow Taskbar.

Shadowing is initiated for all users in the Shadowed Users list when you click OK. The selected users move to the Shadowed Users list. Tip: You can end a shadow session by right-clicking the session’s task button on the Shadow Taskbar and clicking Stop Shadow. You can shadow only client user sessions. q The Available Users list shows user sessions that can be selected for shadowing in the current domain. q To end a shadowing session 1. select one or more users to shadow and click Add. click the Shadow button. 2. The Shadow Session dialog box appears. 2. 236 . In the Available Users list. published applications. The Shadowed Users list shows user sessions selected for shadowing and existing shadow sessions. In the Shadowed Users list.Viewing User Sessions with the Shadow Taskbar To select users and initiate shadowing 1. The Shadow Session dialog box appears. select the users to stop shadowing and click Remove. and users. click the Shadow button. On the Shadow Taskbar. On the Shadow Taskbar. User sessions are organized by servers. it also displays the user name of currently shadowed users next to the shadow icon. You can end all shadow sessions by right-clicking the Shadow Taskbar and clicking Stop All Shadowed Sessions.

Click Clear Log to empty the current log file. Select the Enable Logging check box and specify a log file path.Enabling Logging for Shadowing After configuring XenApp. When you configure shadow logging through the Shadow Taskbar. To configure shadow logging to log in a central file 1. the logged events are not recorded in the Windows Event log. To enable shadow logging in the Windows Event log Configure the Citrix User policy Log shadow attempts setting. q For ease of management. However. such as when users stop shadowing. Click on an empty area of the Shadow Taskbar and press SHIFT + F10. 2. you can enable shadow logging and configure shadow logging output to one of two locations on the server: q In a central file. such as when and who started a shadowing session and who is being shadowed. Instead. 237 . In the Windows Event log. failure to launch shadowing. Configuring this option logs several different event types in the Application log of the Windows Event log. so they are more centralized and easier to review. Configuring this option records a limited number of logging events. These include user shadowing requests. they go to a file that you specify. Click Logging Options. Only shadowing events go in to this file. consider logging events in a central file. and access to shadowing denied. 3. these events are logged as they occur and it can be cumbersome to see a shadowing history because the events are strewn throughout the Event log.

The list of users permitted to shadow is exclusive for each user for whom a policy is assigned. Example: To create a user policy for user-to-user shadowing and assign it to users This example demonstrates how to enable user-to-user shadowing by creating a policy for your “Sales” user group that allows them to shadow the department manager for online collaboration on sales leads. 3. With user-to-user shadowing. and many-to-many online collaboration. which allows users to shadow other users without requiring them to be members of the Citrix administrator group. This procedure shows the creation of a shadowing policy. multiple users from different locations can view presentations and training sessions.” 2. Create a new policy named “Sales Group Shadowing. The Shadow taskbar cannot function in seamless mode. If you choose to prohibit shadowing during configuration. Important: You configure shadowing settings during XenApp configuration. you cannot enable shadowing with user policies.Enabling User-to-User Shadowing with Policies You can create a user policy to enable user-to-user shadowing. To create a policy to define users who can shadow 1. 1. Be sure to instruct these users how to initiate shadowing from their client devices. Assign the policy to the users to be shadowed. For example. You enable user-to-user shadowing by creating policies that define users who can and cannot shadow. you can enable Help Desk personnel to shadow users’ sessions or allow your Sales Department to hold an online meeting to review sales leads. Note: Instruct users not to launch the Shadow taskbar in seamless mode. unless you add more users to the list of users who can shadow in the same policy’s Property sheet. Also. Publish the Citrix Shadow Taskbar and assign it to the users who will shadow. You then assign the policies to the users to be shadowed. many-to-one. allowing one-to-many. this policy allows only User A to shadow User B. if you create a policy that permits User A to shadow User B. 2. Create a user policy that identifies the users who can shadow other users’ sessions. Add the Shadowing Citrix Computer policy setting and set it to Allowed. 238 .

Because the Sales Manager may work with sensitive data. 6. 5. Add the User filter and select the users who can receive shadowing requests. To specify users who cannot shadow the Sales Manager.Enabling User-to-User Shadowing with Policies 3. add the Users who cannot shadow other users Citrix User policy setting. add the Input from shadow connections Citrix User policy setting and set it to Prohibited. Add the Users who can shadow other users Citrix User policy setting. and select the users who can shadow the Sales Manager. If the Sales Manager does not want other users to be able to take control of his mouse and keyboard. and select users. 4. add the Notify user of pending shadow connections Citrix User policy setting and set it to Enabled. 239 .

including SSL or encryption requirements. Settings you can define include the maximum number of connections to an application. Active Directory Citrix provides a Group Policy Object (GPO) template. icaclient. that contains Citrix-specific rules for securing client connections. importance level of the application. and encryption requirements. audio properties.adm. and the properties for the user’s environments after the connection is established. Citrix recommends using XenApp policies whenever possible to control connections. Connection settings defined through XenApp policies also supersede all other connection settings in your environment. including those specified at the operating system level and when you publish an application Application Publishing You can define connection settings on a per-application basis when you are publishing a resource. user routing. 240 . trusted server configuration. proxy servers. For more information. types of connections that can access an application. remote client devices. maximum number of instances an application can run in the farm. and the user experience.Controlling Client Connections in XenApp You can control XenApp client connections in different places: q XenApp policies Application Publishing Active Directory q q XenApp policies Policies let you define how you want clients to connect. This GPO template lets you configure rules for network routing. see the Citrix Receiver for Windows documentation.

Denies access through any other connection. including any version of Access Gateway. Citrix Access Gateway. to increase security.0 or later).0 or later). Citrix Receiver. and Web Interface connections only allows access to published applications through the listed connections. Citrix Access Gateway connections only allows access to published applications only through Access Gateway Advanced Edition servers (Version 4. q q 241 . Configure the Connection access control Computer policy setting with one of the following options: q Any connections allows access to published applications through any connection. For example.Preventing Specific Client Connection Types You can specify the types of client connections from which users can start sessions. you can specify that users must connect through Access Gateway Advanced Edition (Version 4. To configure connection access control 1. This allows you to benefit from filters created in Access Gateway.

(You cannot configure connection limits in the plug-ins.) There are two types of connection limits: q Concurrent connections to the server farm . Published application instances . including the option to log denials resulting from connection limits. 242 . . See Limiting Application Instances.Restricts the number of simultaneous connections that each user in the server farm can establish. q By default. and prevents users from launching more than one instance of a published application.Restricts the total number of instances of a published application that can run in the server farm at one time.Specifying Connection Limits To help maintain the availability of resources in a server farm. XenApp does not limit connections in any way. you can limit the number of connections to servers and published applications. Setting connection limits helps prevent: q Performance degradation and errors resulting from individual users who run more than one instance of a published application at the same time Denial-of-service attacks by malicious users who run multiple application instances that consume server resources and connection license counts Over-consumption of resources by non-critical activities such as Web browsing q q Connection limits. are configured in Computer policy settings. See Limiting Connections to a Server Farm.

Connection control affects users only if a connection attempt is prevented. 1. For example. Limiting connections for Citrix administrators can adversely affect their ability to shadow other users. Limiting connections can help prevent over-consumption of server resources by a few users. You can also limit the number of connections on a farm by ensuring that session sharing is enabled. the limit you set prevents the additional connection. Active sessions and disconnected sessions are counted for the total number of concurrent connections. even if the server has availability. q To specify the maximum number of connections a user can make to the server farm at a given time When this setting is used and the specified number is reached. you can limit the number of concurrent connections that users are permitted to establish. 243 . Enables or disables connection limit enforcement for Citrix administrators. as long as the limit has not been reached. If a user’s number of connections exceeds a connection limit. the user cannot launch additional sessions. Local administrators are exempt from the limit so they can establish as many connections as necessary. Limits on administrator sessions. To specify the total number of sessions that can logon to a server When this setting is used. A value of 0 indicates no connections. Configure the Citrix User Policy Concurrent logon limit setting. in the range 0-8192. the plug-in displays a message that describes why the connection is not available. you can set a limit of three concurrent connections for users. 1. If a user has three concurrent connections and tries to establish a fourth. Configure the following Citrix Computer policy settings: q Limit user sessions. The maximum number of concurrent connections a user can establish.Limiting Connections to a Server Farm To conserve resources. users can still launch additional sessions. A message tells the user that a new connection is not allowed.

ensure all applications are published with the same settings. Might want to publish desktops or individual applications. Session sharing occurs when a user has an open session and launches another application that is published on the same server. a new client connection is created between the client device and the server. Desktops are typically published in non-seamless window mode. Inconsistent results may occur when applications are configured for different requirements. and other plug-ins. the session counts as one connection. such as encryption. it can either appear in a seamless or non-seamless window.Sharing Sessions and Connections Depending on the Receiver or plug-in. Web Interface. This creates the effect of the application appearing in two windows. Each published application and desktop appears in its own resizable window. If your users will be using.. These window modes are available for Citrix Receiver for Windows. when a user opens an application.. Might want to publish desktops. If you want to share sessions. Might want to publish individual applications. q In seamless window mode. For session sharing to occur. If session sharing is not configured. q The mode that you choose typically depends on the type of client device that your users will be using and whether you are publishing a desktop or individual applications. 244 . Session sharing is configured by default when you specify that applications appear in seamless window mode.. both applications must be hosted on the same server. In non-seamless window mode. published applications and desktops are contained within an ICA session window. the result is that the two applications run in the same session.. Local computers Local computers with locally installed applications Thin clients Kiosks then you. Note: Session sharing is not supported on PocketPC clients. If a user runs multiple applications with session sharing. Users can switch between published applications and the local desktop. which allows the user to have a more holistic experience and provide more control from a security perspective. Session sharing is a mode in which more than one published application runs on a single connection. as if it is physically installed on the client device. a new session is opened on the server each time a user opens an application. Receiver or the plug-in establishes a connection to a XenApp server and initiates a session. published applications and desktops are not contained within an ICA session window. Must publish desktops. every time a user opens a new application. When a user launches a published application. Likewise. This table provides examples of when you might want to publish desktops and applications.

245 .Sharing Sessions and Connections Session sharing takes precedence over load balancing. except when a server is fully loaded.

Once 30 users are running the application at the same time. In the Properties tree. From the AppCenter. 2. q Allow only one instance of application for each user. select Application properties. You can apply application limits independently to each published application. You can specify the maximum number of instances that a published application can run at one time or concurrently in the server farm. running more than one instance in a single user context can cause errors. no more users can launch the application because the limit of 30 concurrent instances was reached. Enter the maximum number of instances that can run at one time in the server farm without regard to who launches the application. 246 . You can limit only the total concurrent instances of another application. you can apply the limitations on total concurrent instances and multiple instances by a single user to one published application. To specify a limit for a published application or desktop 1. 3. Note: Connection control options apply to published applications and published desktops only and do not affect published content such as documents and media files that execute on the client device. you can publish an application and set a limit of 30 concurrent instances in the farm. For example. With some applications. By default. XenApp does not limit the number of instances of a published application that can run at one time in a farm. if you enter 10 and a user tries to launch the application when 10 instances are running. Prevents any user from running more than one instance of this application at the same time. You can configure a third application to limit launching of multiple instances by individual users. For example. select Limits.Limiting Application Instances By default. Select the application or desktop you want to modify. a user can launch more than one instance of a published application at the same time. the server denies the connection request and records the time and the name of the published application in the System log. select the farm. In the Action menu. Select one or both of the following options: q Limit instances allowed to run in server farm. Another connection control option lets you prevent any user from running multiple instances of a particular published application. then select Applications. For example.

Each server records the data in its own System log. By default. this type of event logging is disabled. 247 . configure the Logging of logon limit events Citrix Computer policy setting. You can configure XenApp to log when limits are reached (and connections denied) for the following: q Maximum connections per user Application instance limits Application instances per user q q To enable or disable logging of connection denial events.Logging Connection Denial Events Event logging records an entry in the System log each time a server denies a user connection because of a connection control limit.

see CTX125139. 248 .Configuring the ICA Listener To configure the ICA listener. Important: Do not use Microsoft Remote Desktop Services tools to configure the ICA listener. use the Citrix ICA Client Configuration Tool (CtxICACfg. For more information.exe).

Note: To reenable disabled logons. select the server. This is helpful when you are installing applications that require there be no active sessions on the server. 2. 249 . To disable logons on a server 1. By default. From the AppCenter. In the Actions pane.Preventing User Connections During Farm Maintenance You might want to prevent logons to a server when you install software or perform other maintenance or configuration tasks. select Other Tasks > Logon Control > Prohibit logons only. It also lets you restart the server without having to wait for users to disconnect. logons are enabled when you install XenApp and users can launch an unlimited number of sessions and instances of published applications. select Other Tasks > Logon Control > Allow logons and reconnections. You can prevent users from connecting to a server in the farm by disabling logons.

Allows you to control and optimize how XenApp servers deliver Adobe Flash animations to users. These HDX technologies allow you to improve connection speed and responsiveness during user sessions. HDX Broadcast Display provides control over settings that let you reserve bandwidth by limiting session-memory usage and discarding obsolete queued images on the client.Optimizing User Sessions for XenApp XenApp includes various HDX features that allow you to enhance user experience by maintaining session activity and improving session responsiveness. effectively shielding the user from experiencing latency on the network. If the image is not immediately changed or overwritten by the application. HDX 3D Progressive Display. Helps reduce a user’s perception of latency when typing and clicking. providing a fast (but low quality) initial display. Network latency and bandwidth availability can impact the performance of connections to published applications and content. HDX Broadcast Display. a feature that accelerates the display of input text. Instructions for configuring these features are provided in the corresponding topics: q MDX MediaStream Multimedia Acceleration. Allows you to control and optimize the way XenApp servers deliver streaming audio and video to users. q q q q q q 250 . SpeedScreen Latency Reduction. HDX Broadcast Browser provides control over whether or not the servers in your network will respond to broadcast messages sent from Citrix Receiver. it is then improved in the background to produce the normal quality image. You may reduce bandwidth consumption if you disable these options. HDX 3D Image Acceleration. Enables you to adjust the quality of photographic image files as they appear on client devices and the amount of bandwidth the files consume on their way from the server to the client. as defined by the normal lossy compression level. Allows you to improve interactivity when displaying high-detail images by temporarily increasing the level of compression (decreasing the quality) of the image when it is first transmitted over a limited bandwidth connection. It provides visual feedback for mouse clicks and Local Text Echo. HDX Broadcast Browser. HDX MediaStream Flash.

Optimizing Audio and Video Playback HDX MediaStream Multimedia Acceleration improves the user’s experience of accessing published audio-visual applications and content. Network Bandwidth. 251 . Server CPU Utilization. the server decompresses and renders the multimedia file. The server sends the file over the network in uncompressed form. Enabling this feature increases the quality of audio and video rendered from the server to a level that compares with audio and video played locally on a client device. it reduces use of network bandwidth and server processing and memory because compressed multimedia files are intercepted and forwarded to the client to be uncompressed. such as those supported by Windows Media Player or RealOne Player. Users can download a wide range of codecs. This reduces bandwidth consumption and leaves the media for the client device to decompress and render. DirectShow and Media Foundation are application programming interfaces (APIs) that allow. It offers significant performance gains in these areas: q User Experience. The client device decompresses and renders multimedia content. freeing server CPU utilization. a codec compatible with the encoding format of the multimedia file must be present on the client device. With HDX MediaStream Multimedia Acceleration. among other things. and Media Foundation standards. DirectX Media Objects (DMO). both in terms of server CPU utilization and network bandwidth consumption. HDX MediaStream Multimedia Acceleration optimizes multimedia files that are encoded with codecs (compression algorithms) that adhere to Microsoft’s DirectShow. and RealOne Player. When you play multimedia content in a session. which increases the server’s CPU utilization. Windows Media Player. Multimedia playback in sessions is much smoother. from vendor Web sites. Users accessing audio-visual applications on servers on which HDX MediaStream Multimedia Acceleration is enabled use a little more memory but far less bandwidth than when this feature is disabled. Instead. users can adjust volume and balance from the volume controls available from the device notification area. Users use only a little more memory or bandwidth when accessing audio-visual applications compared to regular enterprise applications. you can play back the same file on the same client device within a session. the cumulative cost of several users playing multimedia content in sessions simultaneously is high. To play back a given multimedia file. if you can play back a given multimedia file locally on a given client device. compressed form. multimedia playback. q q Note: With HDX MediaStream Multimedia Acceleration enabled. Multimedia content is passed over the network in compressed form. the server streams multimedia to the client in the original. RealOne Player’s built-in volume and balance controls do not work within client sessions. Generally. Without HDX MediaStream Multimedia Acceleration. thereby reducing server CPU utilization. which consumes more bandwidth than the same file requires in compressed form. This feature optimizes multimedia playback through published instances of Internet Explorer. In addition. reducing bandwidth consumption.

Arrange for users to play media on the network where more bandwidth is available. generally only the video or audio is played using HDX MediaStream Multimedia Acceleration. DirectX Media Objects (DMO). Other requirements for using HDX MediaStream Multimedia Acceleration are: q Users must be running Citrix Receiver. When the quality of media playing on a user device deteriorates. q By default. q q Note: HDX MediaStream Multimedia Acceleration does not support media files protected with Digital Rights Management (DRM). The correct codec to decompress the media file type used (MPEG for example) must reside on the user device. all variations of MPEG. turn on audio or give the users permission to turn on audio themselves in Citrix Receiver. Install the needed codec on the client or use media content on the server for which clients have both codecs. Both file-based and streaming (URL-based) media formats: WAV. By default. Windows devices have the most common codecs already installed. If audio and video are not synchronized. HDX MediaStream Multimedia Acceleration is enabled at the server farm level. possible solutions are: q If video appears in slowly changing slides while audio is intact or audio becomes choppy. This can happen if a client device lacks a codec for either video or audio. and Media Foundation filter technologies such as Windows Media Player. RealPlayer. as they leverage Windows Media Player. this is caused by low bandwidth. all other plug-ins and methods are configured with audio enabled and optimized for speech sound quality.Optimizing Audio and Video Playback To allow users to run multimedia applications in ICA sessions. and Windows Media Audio (WMA). you can download them from the Web sites of the manufacturers of media players. Applications like Internet Explorer and Microsoft Encarta are also supported. unprotected Windows Media Video (WMV). The user device must have the same memory and processing speed as is needed for playing multimedia locally. q q Note: To make Windows Media Player 11 and Media Foundation components available on your XenApp server. install and configure the Microsoft Windows Server 2008 Desktop Experience in the Server Manager. 252 . Applications and media formats supported by HDX MediaStream Multimedia Acceleration are: q Applications based on Microsoft’s DirectShow. If you need additional codecs.

Configure the following Citrix Computer policy setting: q Windows Media Redirection. specify the buffer size with the Windows Media Redirection default buffer size option q q 253 . Windows Media Redirection buffer size use.Configuring Windows Media Redirection Configure Windows Media Redirection in a Citrix policy. When this option is enabled. Enables or disables use of a buffer. turn on audio or give the users permission to turn on audio themselves on their user devices. To allow users to run multimedia applications in sessions. Specifies the buffer size in seconds. audio is disabled on the client. Enables or disables the feature. You can see how much server memory the selected buffer can use by changing the buffer time. 1. Windows Media Redirection buffer size. Note: By default. in the range 1-10. requires enabling the Windows Media Redirection default buffer size use option.

which renders the content on the server. To reduce bandwidth consumption and improve video playback and server scalability. you must have the Flash plug-in and the corresponding ActiveX control installed in the Web browser before you publish it. such as over a WAN.Optimizing Flash Content HDX MediaStream server-side Flash functionality allows you to optimize the way XenApp renders and delivers Adobe Flash content to users. users get higher quality Flash animation. The result is minimized CPU usage on the servers on which users are using Flash within Internet Explorer. less data is downloaded and the quality of Flash content is lower. Select this option if bandwidth is not limited. it also means that each frame consumes considerable bandwidth on its way to the user. Optimize Adobe Flash animation options for low bandwidth connections only. starts in high-quality mode by default. server-side rendering is overridden. slow session responsiveness. To display Flash content in sessions. q 254 . HDX MediaStream server-side Flash functionality is enabled at the server farm level. or a combination of both. By default. configure the Citrix Computer policy setting for Queueing and tossing. Users playing Flash content in published applications might observe poor rendering quality of the animation. for example on a LAN. This feature also reduces the amount of processing power that is required to render Flash content. On restricted bandwidth connections. no smoothing or anti-aliasing). q Do not optimize Adobe Flash animation options. While this guarantees the highest possible rendering mode for each frame. if HDX MediaStream client-side Flash functionality is enabled. However. 1. 2. Configuring this setting can cause animations to become choppy due to dropped frames. Select this option to improve responsiveness when Flash content is sent to users on restricted bandwidth connections (under 150Kbps). Select this option to always reduce the amount of Flash data sent to users. When bandwidth is not limited. Configure the Flash quality adjustment Citrix User policy setting with one of the following options: q Optimize Adobe Flash animation options for all connections. HDX MediaStream server-side Flash functionality improves the user’s session responsiveness by forcing the Flash Player to use simpler graphics (for example. This occurs when Adobe Flash Player.

which amounts to slightly better performance due to slightly lower image quality. for example. the data loss is minimal and its effect nominal. after configuring the policy setting for the lossy compression level. If this policy setting is not configured. To configure Image Acceleration without enabling Progressive Display. SpeedScreen Image Acceleration lets you find a balance between the quality of photographic image files as they appear on client devices and the amount of bandwidth the files consume on their way from server to client. configure the Progressive compression level Citrix User policy setting with the None option. Using lossy image compression. SpeedScreen Image Acceleration applies a lossy compression scheme to reduce the size of image files that the server sends to the client for faster throughput. of X-ray images. This feature is enabled by default. However. Configure the Lossy compression level Citrix User policy setting with one of the following options: Level High Medium (default) Low Image quality Low Good High Bandwidth requirements Lowest Lower Higher None Same as original Highest Choose none or low compression for users who need to view images at original or near original quality levels. image files contain redundant or extraneous data that is of little benefit to the user and slows down the user’s session while downloading and rendering. medium compression is used for all connections. Citrix recommends that you use discretion in applying this feature where preservation of image data may be vital. Often. 1.Optimizing Throughput of Image Files The size of image files affects the amount of time the files take to travel from server to client. as in the case. 255 . The compression scheme removes redundant or extraneous data from the files while attempting to minimize the loss of information. Under most circumstances. Use policy settings to override the default settings and accommodate different user needs by applying different levels of image compression to different connections.

The quality of the final image is controlled by Image Acceleration. Progressive Display speeds the initial display of an image file by choosing an increased compression level while an image is dynamic. or Ultra high). such as when scrolling through a PDF or similar document. High. This initial display is then sharpened up to normal quality in the background if the image is not immediately changed or overwritten in the application. but also those parts of an image that are dynamic.Optimizing Display of Image Files You can enable Progressive Display to increase the performance of displaying images or parts of images that are changing. and configure the Lossy compression level Citrix User policy setting to None. Very high. Progressive Display can improve the performance not only of applications that render and display images. Configure the Progressive compression level Citrix User policy setting with the desired level (Low. Medium. 256 .

You can enable and disable this feature both at the server and application level. You can also configure Local Text Echo settings for individual input fields within an application. which renders the fonts and returns the updated screen to the client. the ICA software immediately changes the mouse pointer to an hourglass to show that the user’s input is being processed. Local Text Echo On high latency connections. Local Text Echo is disabled. You can enable and disable Mouse Click Feedback at the server level. the keystrokes are sent to the server. You can bridge the delay between keystroke and screen redraw by enabling Local Text Echo. Local Text Echo temporarily uses client fonts to immediately display text a user types while the screen redraw from the server is in transit. Note: Applications that use non-standard Windows APIs for displaying text may not support Local Text Echo. 257 . Mouse Click Feedback. Mouse Click Feedback On high latency connections. When a user types text.Optimizing Keyboard and Mouse Responsiveness SpeedScreen Latency Reduction is a collective term used to describe features such as Local Text Echo and Mouse Click Feedback that help enhance user experience on a slow network. When the user clicks the mouse. By default. indicating that the system is processing the user’s request. users often click the mouse multiple times because there is no visual feedback that a mouse click resulted in an action. which is enabled by default. changes the appearance of the pointer from idle to busy after the user clicks a link. users often experience significant delays between when they enter text at the keyboard and when it is echoed or displayed on the screen.

you must be a domain administrator. select SpeedScreen Latency Reduction Manager from the Citrix > Administration Tools program group in the Start menu. 258 . a tool provided with XenApp. and can be used to customize SpeedScreen Latency Reduction settings only on that server. or input fields within an application. SpeedScreen Latency Reduction Manager must be installed on a XenApp server. You can also use it as a troubleshooting tool to fine-tune SpeedScreen Latency Reduction behavior for applications. Through SpeedScreen Latency Reduction Manager. as well as for individual input fields within an application. that exhibit incompatibility with this SpeedScreen feature. you must add the application. delegated administrator. or you will be prompted for administrator credentials. for single or multiple instances of an application. you can configure common SpeedScreen Latency Reduction settings for all applications on a server or select custom settings for individual applications. or part of the Administrators group on the local computer. Before you can configure any settings.Configuring SpeedScreen Latency Reduction SpeedScreen Latency Reduction Manager. To launch SpeedScreen Latency Reduction Manager. allows you to configure SpeedScreen Latency Reduction settings for a XenApp server. Note: To run the Speedscreen Latency Reduction Manager with the User Account Control (UAC) enabled.

or all instances of the selected application on the server. To adjust SpeedScreen Latency Reduction for an application If a published application exhibits abnormal behavior after it is configured to use SpeedScreen Latency Reduction. see Optimizing Keyboard and Mouse Responsiveness q 259 . From the Start menu. The application must be running when you select it. To optimize usability of the application. use one of these methods: q Click the icon at the bottom of the page and drag the pointer onto the window of an application. Use the Define the Application screen to select an application instance on the server. 3. or turn off SpeedScreen Latency Reduction for the application. Before you can adjust Speedscreen Latency Reduction for an application. 1. From the Applications menu of SpeedScreen Latency Reduction Manager. use this wizard to adjust. use this wizard to adjust. select All Programs > Citrix > Administration Tools > SpeedScreen Latency Reduction Manager. Specify whether Local Text Echo is enabled or disabled on the application by selecting or clearing the Enable local text echo for this application check box. or turn off SpeedScreen Latency Reduction for the application. select New to start the wizard and follow the prompts. For a definition of Local Text Echo. or all instances of the selected application on the server. turn on. turn on. To specify the application. Note: The application must be running before you can use this wizard to modify existing settings.Adjusting SpeedScreen Latency Reduction for an Application If a published application exhibits abnormal behavior after it is configured to use SpeedScreen Latency Reduction. 4. Note: The application must be running before you can use this wizard to modify existing settings. 2. you must add the application to the Speedscreen Latency Reduction Manager. you can use the Add New Application wizard included with SpeedScreen Latency Reduction Manager to adjust latency reduction functionality for the selected application. To optimize usability of the application. Click the Browse button and navigate to the application. you can use the Add New Application wizard included with SpeedScreen Latency Reduction Manager to adjust latency reduction functionality for the selected application.

Select this check box to enable Local Text Echo for all applications on the server. Test all aspects of an application with Local Text Echo in a non-production environment before enabling it to ensure that the display is acceptable to users. the settings are saved in the ss3config folder in the Citrix installation directory of that server. applying the settings to all instances of the selected application ensures that the settings apply regardless of where the application is located on the destination server. therefore. Specify a threshold value above which SpeedScreen options should be enabled. q q q High latency threshold. Specify whether the setting you selected in the previous step should be applied to all instances of the application on the server or just the instance selected. Paths to published applications might differ from one server to another. Latency threshold times for SpeedScreen (in milliseconds). When you configure SpeedScreen Latency Reduction Manager on a particular server. Low latency threshold. select Apply settings to all installations of the selected application when configuring Local Text Echo through the wizard. Specify a threshold value below which SpeedScreen options should be disabled. Enable mouse click feedback as default for all applications on this server. q 260 . 2. Select this check box to enable Mouse Click Feedback for all applications on the server. All users connecting to the server benefit from the SpeedScreen options you set here. Configure the SpeedScreen Latency Reduction settings that you want to be applied to all of the applications on the server. Note: If you plan to propagate SpeedScreen Latency Reduction Manager settings to other servers. see Optimizing Keyboard and Mouse Responsiveness. From the Start menu.Adjusting SpeedScreen Latency Reduction for an Application 5. Latency threshold times are used when the client device setting for SpeedScreen is set to Auto. select All Programs > Citrix > Administration Tools > SpeedScreen Latency Reduction Manager. Changes made to SpeedScreen Latency Reduction settings at an application level override any server-wide settings. From the Application menu. You can propagate the settings to other servers by copying this folder and its contents to the same location on the other servers. The Server Properties dialog box containing existing settings for the selected server appears. To configure latency reduction settings for all applications on a server 1. For a definition of Local Text Echo and Mouse Click Feedback. select Server Properties. q Enable local text echo as default for all applications on this server. 3.

4. for example. and select the type of text display you need from the drop-down list.exe. It contains this information: q Application Name. The current setting for Local Text Echo is displayed. In the SpeedScreen Latency Reduction Manager. select the application. Limit local text echo for this application. Path to Application. configure application settings: q q Disable local text echo for this application. for example. If desired. 2. The Application Properties tab containing existing SpeedScreen Latency Reduction settings for the selected application appears.exe. 3. q q 261 .Adjusting SpeedScreen Latency Reduction for an Application To configure custom latency reduction settings for an individual application 1. From the Start menu. The application executable name appears here. Forces Speedscreen to treat all input fields in the selected application in native mode. The path to the application executable appears here. Clear the check box to enable it. Select the check box to limit Local Text Echo functionality for this application. select All Programs > Citrix > Administration Tools > SpeedScreen Latency Reduction Manager. Excel. select Properties. Select the check box if you configure a setting that forces SpeedScreen to treat all input fields in the selected application in native mode. C:\Microsoft Office\Excel. Select the check box to disable Local Text Echo for this application. From the Application menu. The current Local Text Echo setting for the application appears.

q Click New to run the Advanced Input Field Compatibility wizard to add a new input field. q Click Delete to delete the selected input field from the Configured Input Field List. or other undesirable font behavior. This wizard guides you through the process of configuring SpeedScreen Latency Reduction settings for an input field. Choose the percentage by which to reduce the font size. From the Start menu. Percentage values available are 10%. Select one of the two available settings: q Display text in place ensures text is echoed in place. The entries shown in the tree view are the window class names of the configured fields. you can apply more Local Text Echo settings to the selected field. The Application Settings window appears. Select an application. If this check box is selected. select Properties. From the Applications menu. select All Programs > Citrix > Administration Tools > SpeedScreen Latency Reduction Manager. non-standard input fields 262 . 4. SpeedScreen Latency Reduction tries to auto-detect the text and background colors used in input fields. Enable local text echo for this input field enables Local Text Echo. however. q q Use system default colors forces non-standard input fields to use system default colors. _WwG is the window class name of the main document window in Microsoft Word. For example. 20%. Select the Input Field Configuration tab. oversized fonts. q The Configured Input Field List displays the list of configured input fields. q Display text in a floating bubble ensures text is echoed within a floating bubble. Use this setting when input fields in non-standard applications display misaligned text. then configure these settings as needed. 3.To configure latency reduction settings for input fields in an application Input fields in an application are fields where text can be added. 1. Reduce font size forces input fields in non-standard applications to display text at a reduced font size. and 30%. 2. SpeedScreen Latency Reduction uses a window hierarchy to identify the input fields that need special settings. q q Limit local text echo forces behavior in input fields in nonstandard applications that may not behave correctly. You can use SpeedScreen Latency Reduction Manager to set latency reduction behavior for selected input fields in a configured application to reduce delays between when users enter text at the keyboard and when it is echoed or displayed on the screen.

As a result. This setting forces hidden characters to display as asterisks or spaces. This setting turns off auto-detection and controls how system default colors are applied to input fields. compromising security. Choose Hidden characters denoted by spaces if you want Local Text Echo for password input fields to be replaced by spaces. q Choose The background only to apply system default colors only to the background. hidden characters are located in password entry fields. q q Choose Hidden characters denoted by “*” if you want Local Text Echo for such input fields to be replaced by asterisks. Typically. q 263 .To configure latency reduction settings for input fields in an application sometimes report incorrect or inadequate information. Input field is a password controls how hidden characters are displayed in non-standard input fields. q Choose Both the text and background to apply system default colors to both text and background. Text echo in non-standard input fields might make these hidden characters appear as normal text. text echo in input fields on nonstandard applications can appear corrupted.

Select Start > All Programs > Citrix > Administration Tools > SpeedScreen Latency Reduction Manager. select Low. The default compatibility level is Auto. select the level of SpeedScreen Latency Reduction compatibility to apply to the selected input field. The Input Field Compatibility wizard included with SpeedScreen Latency Reduction Manager guides you through the process of selecting non-standard input fields and creating exception entries for them. 1. select Properties. Note: The application must be running before you can configure an input field within it. downgrade the latency reduction functionality level to Medium. Low. because the field being configured is not displaying the desired behavior. or Off. Use the slider bar to select the desired compatibility level. Click New to start the wizard and follow the prompts. 5. while still providing minimal latency reduction functionality for the rest of the application. Drag the pointer onto the input field window for which SpeedScreen behavior needs to be customized. The Application Settings window appears. 2. Select the Input Field Configuration tab.To create exception entries for non-standard input fields in an application Some input fields do not conform to standard Windows behavior and thus do not work correctly with SpeedScreen Latency Reduction. However. Low Compatibility. 3. which provides full SpeedScreen Latency Reduction functionality. Text echo appears in a floating text bubble rather than within the input field. To define the level of compatibility for the input field. From the Applications menu in SpeedScreen Latency Reduction Manager. With the application running. b. If the SpeedScreen Latency Reduction Manager window is obscuring the target input field. Use this level of compatibility for input fields that are incompatible with the default Auto setting. 4. If an input field is incompatible with both the Auto and Medium compatibility settings. select the input field you want to configure and complete these steps: a. You can create exception entries for such fields. q 264 . This causes the SpeedScreen Latency Reduction Manager window to be hidden from view. check the Hide SpeedScreen Latency Reduction Manager check box. Text echo appears in place with limited acceleration. Start the application. 6. q Medium Compatibility.

To create exception entries for non-standard input fields in an application q Off. and Low compatibility settings. Medium. or Zero Compatibility. disable Local Text Echo for that field by selecting Off. 265 . If an input field is incompatible with Auto.

This is useful when bandwidth is limited. the maximum memory required is: (24bpp / 8) * 600 pixels * 800 pixels = 1440000 bytes of memory required You can specify 1440KB in maximum memory to handle connections with these settings.Configuring HDX Broadcast Display Settings To configure HDX Broadcast display settings 1. You can specify an amount in kilobytes from 300 to 65536. Select this option if you want resolution to be lowered before color depth when the session memory limit is reached. Queued images that are replaced by another image are discarded. configure the Citrix Computer policy Notify user when display mode is degraded setting. if the color depth is 24. Possible reasons for degradation include exceeding the memory limit and connecting with a client that cannot support the requested parameters. 5. 2. Enter the maximum memory to be used on the server for each client connection with the Citrix Computer policy Display memory limit setting. You can calculate the maximum memory required by using this equation: (color depth in bits per pixel / 8) * vertical resolution in pixels * horizontal resolution in pixels = memory required in bytes For example. Using more color depth and higher resolution for connections requires more memory. A drawback to selecting this option is that it can cause animations to become choppy because intermediate frames get dropped. Select this option if you want color depth to be reduced before resolution is lowered when the session memory limit is reached. the vertical resolution is 600. For the Citrix Computer policy Display mode degrade preference setting. and the horizontal resolution is 800. To improve the response when graphics are sent to the client. 3. 4. q 266 . Degrade resolution first. To display a brief explanation to the user when a session is degraded. To make scrolling smoother because sections of an image can be retrieved from the cache. configure the Citrix Computer policy Queueing and tossing setting. configure one of the following options: q Degrade color depth first. configure the Citrix Computer policy Image caching setting.

Quick Links q Configuring HDX MediaStream Flash Redirection Configuring Audio Multimedia Conferencing with HDX RealTime Increasing 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic Adding Dynamic Windows Preview Support q q q q q 267 . HDX builds on existing technologies in Citrix products.Enhancing the User Experience With HDX Citrix HDX includes a broad set of technologies designed to provide a high-definition user experience. extending them with new innovations for today’s media-rich user environments.

Second Generation Flash Redirection Flash Redirection has been revised for use with: q Citrix XenApp 6. The second type is used with non-Internet Explorer browsers and is identified by Adobe as Flash Player for Windows . q q q System Requirements for Flash Redirection The following is accurate at the time this content was published. This player is sometimes referred to as an ActiveX player. 268 . resulting in greater scalability while ensuring a high definition user experience. By moving the processing to the user device. Intelligent Fallback. which allows Flash sessions. This player is sometimes referred to as an NPAPI (Netscape Plugin Application Programming Interface) Flash Player. Flash Redirection helps reduce server and network load.5 Citrix XenDesktop 5. This processing includes animations. and applications. See https://www. The Flash URL Compatibility List replaces the original Flash URL Blacklist setting. Note: Two types of Adobe Flash Players are required to use Flash Redirection.Configuring HDX MediaStream Flash Redirection HDX MediaStream Flash Redirection allows you to move the processing of most Adobe Flash content to LAN. Listed URLs can now be blocked or specified for rendering on the user device or the server. One type is used with Windows Internet Explorer and is identified by Adobe as Flash Player for Windows Internet Explorer. The second generation and legacy versions of Flash Redirection are complete and run in separate virtual channels. on a per-instance basis.com/support/product-lifecycle/product-matrix for more information about supported versions of Citrix products. videos.Other Browsers.and WAN-connected users' Windows devices rather than using server resources. to be determined to be more efficient when rendered on the server.0 q q New second generation Flash Redirection features include: q WAN-connected user support.citrix.5 Citrix Receiver 3.

5 server.1 or above for Windows Internet Explorer is installed on the servers running XenApp and XenDesktop's Virtual Desktop Agents. To use XenDesktop Virtual Desktop Agents. or the Flash Player cannot be installed on the user device. an edit to the registry of the XenApp server is required. Note: If an earlier version of the Flash Player is installed on the user device. Internet Explorer 8.5 supports Internet Explorer 9.1 or above for Windows .1 is supported on the user device for the original. or legacy. q In order to enable support for Internet Explorer 9 on the XenApp 6. Caution: Flash Redirection requires significant interaction between the user device and server components. Use Registry Editor at your own risk. 269 . Be sure to back up the registry before you edit it. Flash Redirection should be enabled only if the Flash Player itself is secured. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. establish a network connection between the user's Windows device and the agent. Flash Redirection requires the Flash Player to be installed on the user device.5 or Citrix XenDesktop 5. this feature should be used only in environments where security separation between the user device and server is not needed. Second generation Flash Redirection on XenDesktop 5. Therefore. A network connection exists and is enabled. Flash Redirection features only. Online plug-in 12. q For a 32-bit operating system: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer Add the entry named IEBrowserMaximumMajorVersion with a DWORD value = 00000009. Internet Explorer 9.0 (formerly called the online plug-in) is required on the user device to use the second generation Flash Redirection features. q q For servers running Citrix XenApp 6.5: q Flash Player 10.Other Browsers is installed on the user device. or Internet Explorer 7. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system.Configuring HDX MediaStream Flash Redirection For user devices: q Citrix Receiver 3. Adobe Flash Player 10. q For a 64-bit operating system HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServ Add the entry named IEBrowserMaximumMajorVersion with a DWORD value = 00000009. User devices should be configured to use the Flash Redirection feature only with trusted servers. Therefore. Flash content is rendered on the server.

Connection Second generation on a user device and second generation on a server Legacy mode on a user device and second generation on a server Result Second generation Legacy mode Second generation on a user device Legacy mode and Legacy mode on a server The Enable HDX MediaStream Flash Redirection on the user device setting on the user device must also be enabled. one for each generation of Flash Redirection. Those devices can access the legacy Flash Redirection features only. This is done by providing two separate virtual channels. supporting user devices with earlier versions of the online plug-in (now the Citrix Receiver). You control the Flash Redirection features through the following Citrix User Policy settings: q Flash backwards compatibility Flash default behavior Flash intelligent fallback Flash latency threshold Flash server-side content fetching URL list Flash URL compatibility list Flash event logging Flash acceleration Flash background color list q q q q q q q q To enable backward compatibility The second generation of Flash Redirection can be configured to be backward compatible with its legacy features.Configuring HDX MediaStream Flash Redirection on the Server You can configure HDX MediaStream Flash Redirection settings on the server through the Policies node of Citrix Desktop Studio or Citrix AppCenter. 270 . The following table shows the resulting level of functionality when using a mix of Flash Redirection modes. on the servers and user devices.

Enable Flash acceleration To set Flash intelligent fallback Use this setting if you do not want all instances of Flash content to be redirected for rendering on the user device. Note: Backwards compatibility is not available if the Only with Second Generation option is selected. 271 . Option Block Flash player Disable Flash acceleration Behavior The user cannot view any Flash content. or Disabled. Second Generation is available where its requirements are met. q To establish the Flash acceleration default behavior The Citrix User Policy setting Flash Default Behavior lets you establish the default behavior of Flash acceleration. Three options are available in this second generation feature. Enable Flash acceleration is the default and will be used if no option is selected. Using this Citrix User Policy setting causes no interruption or failure in the loading of the Web page or the Flash application. enable the Enable HDX MediaStream Flash Redirection on the user device setting. Flash intelligent fallback detects these instances and renders the content on the server. Second generation and Legacy mode Flash Redirection is not used. on the user device. enable the Enable HDX MediaStream for Flash on the user device setting. small Flash movies are frequently used to play advertisements. In addition. The user can view server-side rendered Flash content if Flash Player for Windows Internet Explorer compatible with the content is installed on the server. Legacy mode is available when backwards compatibility is enabled. which is the default. The default behavior can be overridden for individual Web pages and Flash instances based on the configuration of the Flash URL Compatibility List. Second generation and Legacy mode Flash Redirection. Typically. On the user device. enable the Citrix User Policy setting Flash backwards compatibility. Configure the Flash intelligent fallback setting by selecting Enabled. Flash Redirection is used. selecting the Always or Ask options.Configuring HDX MediaStream Flash Redirection on the Server To use the backward compatibility feature: q On the server running Desktop Studio or AppCenter. and server-side rendering are not used.

server-side rendering for such sites is used. To identify Web sites for server-side content fetching Flash Redirection downloads Flash content to the user device where it is played. If the latency is determined to be within an acceptable threshold.com/*. Instead. The XenApp or XenDesktop server provides that connection. Flash Redirection Legacy mode is used to render Flash content on the user device. This setting is frequently used when the user device does not have direct access to the Internet. Note: Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP). The prefixes http:// or https:// are used when present. Increasing the value over 30 milliseconds may result in a degraded user experience. Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list. Consider the following when configuring the Flash server-side content fetching URL list setting: q Add the URL of the Flash application.sitetoallow. If the latency is above this threshold. The default threshold setting is 30 milliseconds. The Flash server-side content fetching URL list setting allows you to specify Web sites whose Flash content can be downloaded to the server then sent to the user device. it is intended for use with Intranet sites and internal Flash applications.html page that instantiates the Flash Player to the list. Flash Redirection Legacy mode measures the round trip latency between the server and user device the first time an individual browser or browser tab accesses an embedded Flash Player. it is best practice not to increase the latency threshold setting. For typical use.Configuring HDX MediaStream Flash Redirection on the Server To set the Flash latency threshold The Flash latency threshold policy setting only applies to Legacy mode features. This setting works with the Enable server-side content fetching setting on the user device. not the top-level . the Flash content is rendered on the network server if a Flash player is available there and delivered over the virtual channels. 272 . Use a trailing wildcard to allow all child URLs. This measurement includes both the latency of the network connection and any other latency in the data path. for example http://www. While server-side content fetching works with most Internet sites. Configure the Flash latency threshold setting by typing a value between 0 and 30 in the Value field. but they are not required. This Citrix User Policy is only applicable if Flash backwards compatibility is enabled. q q q Configure the Flash server-side content fetching URL list setting by clicking New to add new URLs to the list.

Configuring HDX MediaStream Flash Redirection on the Server Important: You must enable the Enable server-side content fetching setting on the user device for the Flash server-side content fetching URL list on the server to work.sitetoblock. In the URL Pattern box. 4. The prefixes http:// or https:// are used when present. Rendered on the server. Select an action (Render on Client. type the URL of the Web site upon which you want to act. 2. Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list. for example http://www. You can review the event log to determine whether Flash Redirection is being used and to gather details about any issues. q q q q To configure the Flash URL compatibility list setting: 1. or Block). and rendering locations at the top. using the Render on Server or Block options. The action occurs only when this specific Flash instance connects with the listed Web site. q Select Any: The action occurs any time any Flash instance connects with the listed Web site. Select the Flash instance you want to serve as a trigger. 3. To specify where Flash content renders The second generation of Flash Redirection lets you specify whether Flash content from listed Web sites is: q Rendered on the user device. Click New to open the Add Flash URL Compatibility list entry dialog box. Add sites containing Flash content that does not render correctly on the user device to the list. Select Specific: Type the Flash player ID. q To enable server-side event logging Flash Redirection uses Windows event logging on the server to log Flash events. Blocked from rendering.com/*). The following are common to all events logged by Flash Redirection: 273 . q q Consider the following when configuring the Flash URL compatibility list setting: q Prioritize the list with the most important URLs. Render on Server. but they are not required. actions. Use a trailing wildcard to refer to all child URLs.

274 . which is the default. Configuration is not available for Second Generation Flash Redirection. Use a trailing wildcard to enable matching in all child URLs.com/* FF0000. To enable and disable the Legacy mode HDX MediaStream Flash Redirection from the server Legacy mode Flash Redirection is enabled on the server for client-side rendering by default. This can improve the appearance of the Web page when using Flash Redirection. on computers with Windows 7 or Windows Vista. If Windows XP is used. consider using a color not typically used on the Web page.Configuring HDX MediaStream Flash Redirection on the Server q Flash Redirection reports events to the Application log. in the Flash Redirection category. for example. a Flash Redirection-specific log appears in the Applications and Services Logs node. Configure the Flash acceleration setting by selecting Enabled. If Disabled is selected.sitetomatch. The Category value is None. To enable matching between the Web page and Flash instances Using the Flash background color list Citrix User Policy setting. q q In addition to the Windows event log. For best results. all Flash content from sites not blocked by the Flash URL compatibility list is rendered on the user device using Legacy mode. Flash Redirection log information is found only in the Windows application event log. or Disabled. Configure the Flash event logging setting for Legacy mode by selecting Enabled. The Source value is Flash. or Disabled. which is the default. For example. such as black. all Flash content is rendered on the server.com/ FF0000. Click New and type the Web site URL followed by the appropriate 24-bit Web color hexadecimal number. you can use: http://www. http://www.sitetomatch. When Enabled is selected. Flash Redirection-specific log is also available on Windows Server 2008 R2 computers running this Early Release version of XenApp. you can match the colors of Web pages and Flash instances. You can enable and disable Legacy mode Flash Redirection from the server through the Citrix User Policy setting Flash acceleration.

expand either the Computer Configuration or User Configuration node. 275 . To enable Flash Redirection on the user device Configure Enable HDX MediaStream Flash Redirection on the user device to determine whether Flash Redirection is enabled on your users' Windows devices. 2. Create or select an existing Group Policy Object. q Note: For details on creating Group Policy Objects and importing and adding templates. one of the following will occur.Client. Select Not Configured. For 64-bit computers: %Program Files (x86)%\Citrix\ICA Client\Configuration\language. 3.Configuring HDX MediaStream Flash Redirection on the User Device You can change the default settings on the user device with the Group Policy Object Editor. see the Microsoft Active Directory documentation at http://www. To configure HDX MediaStream Flash Redirection on the User Device with Group Policy Objects 1. All other conditions: The user receives a dialog box the first time they access Flash content in each session in which the user can enable HDX MediaStream Flash Redirection. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream Flash Redirection . q 1. or Disabled. available in: q For 32-bit computers: %Program Files%\Citrix\ICA Client\Configuration\language.adm). 2.com. select Enable HDX MediaStream Flash Redirection on the user device and click policy setting. From the Setting list. If no configuration is set.microsoft. based on your users' environment: q Desktop Lock is used: Flash Redirection is enabled by default. Enabled. Import and add the HDX MediaStream Flash Redirection .Client administrative template (HdxFlash-Client. In the Group Policy Object Editor. 4.

The dialog box appears the first time the user encounters Flash content each session. the Citrix Receiver . At this point.Flash Dialog Box Display specific choices for the user in the Citrix Receiver . Don't ask me again is not visible. the Citrix Receiver . If you selected Enabled. The user can change this setting at the q q q 276 . If the user selects Ask me later. the optimization choice will be used in future sessions. a page with contents similar to the Citrix Receiver . q Controlling the Citrix Receiver . Note: Selecting Ask results in users receiving the Citrix Receiver . Changing this setting requires editing the user device registry. Never. Before downloading. Selecting Always.Configuring HDX MediaStream Flash Redirection on the User Device 5. The dialog box does not appear in the future. XenDesktop only: If the user opens the Citrix Receiver .Flash dialog box appears. select Always. Select Always to always use Flash Redirection to play Flash content on the user device. Don't ask me again is not visible. from the Use HDX MediaStream Flash Redirection list. the Citrix Receiver .Flash dialog box appears. sometimes referred to as an NPAPI (Netscape Plugin Application Programming Interface Flash Player)). The user can choose whether or not to optimize Flash content in future sessions on this page. Never.Desktop Viewer Preferences dialog box and selects the Flash tab. User Configuration: Users in the organizational unit must log off and then log on to the network. an explanation of why the player is needed appears.Flash dialog box offers the user the opportunity to obtain and install a copy of the correct player.Other Browsers. At this point. 6.Flash dialog box appears the first time the user accesses Flash content in each session. For the policy to take effect: q Computer Configuration: Changes take effect as computers in the organizational unit restart. or Only with Second Generation.Flash dialog box the first time they access Flash content in each session in which the user can enable Flash Redirection. Ask. XenApp only: If Not Configured is selected. the Flash content is played on the server. the Citrix Receiver . If the user does not enable Flash Redirection. If Enabled and Ask are selected. the user can choose whether or not to optimize Flash content for the rest of the session. the user can choose whether or not to optimize Flash content for the rest of their session. If the user selects Don't ask me again.Flash dialog box appears the first time the user encounters Flash content each session. Select Only with Second Generation to use the latest Flash Redirection functionality when the required configuration is present and revert to server-side rendering when the required configuration is not present.Flash dialog box based on how you configure Flash Redirection on the user device. The following all refer to configuring Enable HDX MediaStream Flash Redirection on the user device: q If Citrix Receiver detects the user device does not have the required version of the Adobe Flash Player (Flash Player for Windows . and Only with Second Generation does not result in this dialog box. Select Never to never use Flash Redirection and have Flash content play on the server.

Unless there is an overriding policy. as needed. Instead. Enabled. they remain available if the synchronization policy is later disabled. The user device connects to internal sites through Citrix Access Gateway. 1. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream Flash Redirection . 2. The second generation of Flash Redirection introduces three new enabling options as described in the following table.Client. Two of these options include the ability to cache server-side content on the user device. the content will play on the user device. select Enable synchronization of the client-side HTTP cookies with the server-side and click policy setting. or Disabled. such as a site blocked through the Flash URL compatibility list policy setting. This improves performance because content that is 277 . From the Setting list. This setting is frequently used when: q The user device does not have direct access to the Internet. In the Group Policy Object Editor. q Note: Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP). Select Not Configured. expand either the Computer Configuration or User Configuration node. 3. For the policy to take effect: q Computer Configuration: Changes take effect as computers in the organizational unit restart. by sites containing Flash content. Enabling server-side content fetching causes the Flash content to download to the server and then be sent to the user device. These HTTP cookies are then used for client-side content fetching and are available to be read.Configuring HDX MediaStream Flash Redirection on the User Device Citrix Receiver . 5. server-side rendering for such sites is used. To synchronize client-side HTTP cookies with the server-side Enable synchronization of the client-side HTTP cookies with the server-side in order to download HTTP cookies from the server. User Configuration: Users in the organizational unit must log off and then log on to the network. q To enable server-side content fetching By default.Desktop Viewer Preferences dialog box. 4. HDX MediaStream Flash Redirection downloads Adobe Flash content to and plays the content on the user device. Client-side cookies are not replaced during the synchronization.

Content obtained through server-side fetching is cached on the user device and deleted at the end of the session. Enables server-side content fetching for Web pages and Flash applications identified in the Flash server-side content fetching URL list. For the policy to take effect: q 278 . Also introduced in the second generation is server-side content fetching fallback. 2. From the Setting list. Option Disabled Description Disables server-side content fetching. or Disabled.Client. Server-side content fetching fallback is also disabled.swf files fails. Enabled Enabled (persistent caching) Enabled (temporary caching) Important: The Flash server-side content fetching URL list setting on the server must be enabled and populated with target URLs for server-side content fetching to work. 5. Select Not Configured. If you enabled this setting. server-side content fetching automatically begins if client-side fetching of . Enables server-side content fetching for Web pages and Flash applications identified in the Flash server-side content fetching URL list. In the Group Policy Object Editor. Enabled. When one of the three Enabled options is selected. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream Flash Redirection . overriding the Flash server-side content fetching URL list setting on the server. Enables server-side content fetching for Web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. 3. 1. Note: The contents of this cache are stored separately from other HTTP content cached on the user device. Server-side content fetching fallback is available. expand either the Computer Configuration or User Configuration node. Flash content is not cached. Server-side content fetching fallback is available.Configuring HDX MediaStream Flash Redirection on the User Device reused is already available on the user device for rendering. Content obtained through server-side fetching is cached on the user device and stored from session to session. choose an option: q Disabled Enabled Enabled (persistent caching) q q Enabled (temporary caching) 6. 4. select Enable server-side content fetching and click policy setting.

Enabled. 4. When configuring this feature. User Configuration: Users in the organizational unit must log off and then log on to the network. From the Setting list. 2. In the Group Policy Object Editor. a delay between the loading of the Web page and Flash content can occur. 1. 3.Configuring HDX MediaStream Flash Redirection on the User Device q Computer Configuration: Changes take effect as computers in the organizational unit restart. Some Web sites delivering Flash content use CDN redirection to enable the user to obtain the content from the nearest of a group of servers containing the same content. type the matching pattern in the Value name box and the replacement pattern in the Value box. or Disabled. q 279 . the server request is redirected to the closest server and the user device request follows to the same location. If CDN is in use. When using the Flash Redirection client-side fetching feature. however. 6. while the rest of the Web page on which the Flash content resides is requested by the server. User Configuration: Users in the organizational unit must log off and then log on to the network. click Show and using Perl regular expression syntax. Select Not Configured. Depending on distance. If you enabled this setting. it is redirected to the Web site specified by the second pattern (the replacement pattern). q To redirect user devices to other servers for client-side content fetching You can redirect an attempt to obtain Flash content using the URL rewriting rules for client-side content fetching setting which is a second generation Flash Redirection feature. You can use this setting to compensate for content delivery networks (CDN). If the user device attempts to fetch content from a Web site matching the first pattern (the matching pattern) . the Flash content is requested from the user device. select URL rewriting rules for client-side content fetching and click policy setting.Client. you provide two URL patterns using Perl regular expression. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream Flash Redirection . expand either the Computer Configuration or User Configuration node. For the policy to take effect: q Computer Configuration: Changes take effect as computers in the organizational unit restart. 5. This may not be the location closest to the user device.

You can use sound compression to balance sound quality and overall session performance. Use policy settings to configure the compression levels you want to apply to sound files. Consider creating separate policies for groups of dial-up users and for those who connect over a LAN or WAN. Configure the Audio quality setting by choosing from these audio quality levels: q Low . users likely care more about download speed than sound quality. unsecured. Sounds sent to the client are compressed up to 16Kbps.for low-speed connections for low-bandwidth connections. where bandwidth typically is limited. This compression results in a significant decrease in the quality of the sound but allows reasonable performance for a low-bandwidth connection. User Datagram Protocol (UDP) audio uses a separate. create a policy for dial-up connections that applies high compression levels to sound and another for LAN or WAN connections that applies lower compression levels. To set audio quality Generally. Over dial-up connections.Configuring Audio You can configure audio through the Policies node of Citrix Desktop Studio (Citrix XenDesktop) or Citrix AppCenter (Citrix XenApp). transport mechanism. For such users. higher sound quality requires more bandwidth and greater server CPU utilization. You control the settings for the audio features through the following Citrix User Policy settings: q Audio Plug-n-Play (XenApp only) Audio quality Client audio redirection Client microphone redirection Audio redirection bandwidth limit Audio redirection bandwidth limit percent Audio over UDP Real-timeTransport (XenDesktop only) Audio UDP Port Range (XenDesktop only) q q q q q q q Most audio features are transported using the ICA stream and are secured in the same way as other ICA traffic. q 280 .

but provides low latency and consumes very low bandwidth. formerly the Citrix online plug-in. Note: High definition increases bandwidth requirements by sending more audio data to user devices and increases server CPU utilization.optimized for speech for delivering Voice over IP applications. this setting has no effect. the user device needs either a built-in microphone or a device that can be plugged into the microphone jack or USB port. Currently. Important: You must also enable audio on Client audio settings on the user device. or Prohibited. Use this setting when network bandwidth is plentiful and sound quality is important. To redirect audio reception You can allow users to receive audio from an application on a server through speakers or other sound devices. For security. the Audio Plug-n-Play setting must be enabled to use multiple audio devices.Configuring Audio Select Medium . the default. To record audio. such as headphones. This compression results in a moderate decrease in the quality of the audio played on the client device. The Client audio redirection setting must be enabled for an enabled Client microphone redirection to work. If audio is disabled on the client software. Users can choose to accept or reject access prior to using the microphone. 281 .high definition audio when delivering media applications. Users can disable the alert on the Citrix Receiver. Configure the Client audio redirection setting by choosing Allowed. Important: You must also enable audio on Client audio settings on the user device. When using XenApp. Important: When Client audio redirection is disabled. Real-time Transport (RTP) over UDP is only supported when this audio quality is selected. Use this audio quality even for delivering media applications for the challenging network connections like very low (less than 512Kbps) lines and when there is congestion and packet loss in the network. q Select High . To activate user device microphones You can allow users to record audio using input devices such as microphones on the user device. Client audio mapping may cause more load on the servers and the network than is preferred. all audio functionality is disabled. users are alerted when servers that are not trusted by their user devices try to access microphones. Audio sent to the client is compressed up to 64Kbps. on their user devices. This setting provides high fidelity stereo audio but consumes more bandwidth than the Medium quality setting.

Important: Audio data transmitted with UDP is not encrypted. If both settings are configured. UDP is not available on XenApp. or Prohibited. Important: You must also enable audio on Client audio settings on the user device. Important: You must also enable audio on Client audio settings on the user device. When using XenApp. Important: You must also enable audio on Client audio settings on the user device. To set audio redirection bandwidth limits You can set limits on the allowed bandwidth in kilobits for playing and recording audio.Configuring Audio Configure the Client microphone redirection setting by choosing Allowed. the default. you can enable the Audio over UDP Real-time Transport user policy setting. To use other ports. configure the Audio UDP Port Range machine policy setting by typing the port number or range into the Value field. Use the Audio redirection bandwidth limit percent to identify the maximum percentage of the total available bandwidth to be used. the Audio Plug-n-Play setting must be enabled to use multiple input devices. 282 . To send and receive audio with UDP XenDesktop allows you to send and receive lossy audio with UDP using RTP. If Voice over IP (VoIP) quality is unsatisfactory at medium quality on the Audio quality setting. the one with the lowest bandwidth limit is used. UDP audio on XenDesktop uses two consecutive ports within the range of ports 16500 to 16509 to pass through the Windows firewall. Configure the Audio redirection bandwidth limit and Audio redirection bandwidth limit percent by typing a number in the Value field. By default. Use the Audio redirection bandwidth limit setting to identify a specific maximum kilobit per second bandwidth for a session.

7. or Low sound quality. For UDP audio only. 5. Select a High. select Enable Real-Time Transport. 4. 2. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select Citrix Component > Citrix Receiver > User Experience. select Enable audio. From the Setting list. select Client Audio Settings and click policy setting. 3. Enabled. use Medium only. expand either the Computer Configuration or User Configuration node. For UDP audio. For UDP audio only.Configuring Audio To configure audio on the user device 1. Select Not Configured. 6. In the Group Policy Object Editor. If you selected Enabled. This range must be consistent with the range set in the Audio UDP Port Range machine policy. 283 . Medium. or Disabled. 8. set the range of ports to use to pass through the Windows firewall.

Echo cancellation is available with Citrix Receiver 3. For that reason. These devices must not be too close to each other or too far from each other. open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio\EchoCancellation. For 64-bit computers: On the user device.for low-speed connections audio quality.1 for Windows. Use Registry Editor at your own risk. type TRUE or FALSE to enable or disable echo cancellation. as well as Web Interface 5.0 for Windows and Citrix Online Plug-in 12. The effectiveness of echo cancellation is sensitive to the distance between the speakers and the microphone. rather than conference speech and should be avoided for conferences. For echo cancellation to be most effective. Be sure to back up the registry before you edit it. 284 . open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio\EchoCancellation. the user should select either Medium . they may hear an echo in their audio. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system.3. Citrix recommends the use of headsets for audio and video conferences. The High . 2. To enable or disable echo cancellation 1. enabled by default. In the Value data field. which minimizes echo during a conference.Avoiding Echo During Multimedia Conferences With HDX RealTime When users take part in audio or video conferences. HDX RealTime provides an echo cancellation option. For 32-bit computers: On the user device.high definition audio setting is intended for music playback. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved.optimized for speech or Low . Echoes usually occur when speakers and microphones are too close to each other.

Note: Best practice indicates installing Microsoft Office Communications Server 2007 on a different computer than XenApp. See https://www. Where possible. This is not a published application.1 for Windows on the user device.citrix. Assign one processor per user per session. q q Publish Microsoft Office Communicator 2007 on your XenApp server. Enable the following policies settings: q q q q q Client audio redirection Client microphone redirection Multimedia conferencing q q q Windows Media Redirection Install Drivers for web cameras on the user device.Video Conferencing with HDX RealTime Webcam Video Compression HDX RealTime provides your users with a complete desktop multimedia conferencing feature. The following conditions are required to use the HDX RealTime Webcam Video Compression: q Install Citrix Receiver 3.0 for Windows. use drivers obtained from the camera manufacturer.com/support/product-lifecycle/product-matrix for more information about supported versions of Citrix products. Use the web camera default settings. or Citrix Online Plug-in 12. rather than from a third party. Ensure the user device has the appropriate hardware to produce sound. whether physical or virtual devices are used for video conferencing. Install Microsoft Office Communications Server 2007 in the same environment as the computer running XenApp. q 285 . formerly Citrix online plug-in. System Requirements for HDX RealTime Webcam Video Compression The following is accurate at the time this content was published.

Configuring Windows Media Redirection Windows Media Redirection is a Citrix Computer Policy setting. Client microphone redirection is enabled by default. If a device has multiple web cameras attached. It allows or prevents the redirection of sound from a hosted application to a sound device on the user device. Configuring Client Audio redirection Client audio redirection is a Citrix User Policy setting. Windows Media Redirection is enabled by default. It allows or prevents the redirection of microphones. 286 . Use this setting to allow or prohibit the delivery of streaming audio and video to users. Configuring Client Microphone Redirection Client microphone redirection is a Citrix User Policy setting.Video Conferencing with HDX RealTime Webcam Video Compression Note: Only one web camera is supported at a time. continuing in succession until a connection is made. By default. Client audio redirection is enabled by default. HDX RealTime tries the first camera found. Configuring Multimedia Conferencing Multimedia conferencing is a Citrix Computer Policy setting. This policy allows or prevents support for multimedia conferencing applications. Multimedia conferencing is enabled.

10. Be sure to back up the registry before you edit it. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. By moving DirectX. create the EnableWPFHook key with a key type of REG_DWORD and set its value to 1. the server's central processing unit (CPU) is not slowed by graphics rendering. To enable WPF applications to render using the server's GPU. This feature is only available on servers with a GPU that supports a display driver interface (DDI) version of 9ex. DirectX and Direct3D require no special settings.Increasing 2D and 3D Application Scalability and Performance HDX 3D allows graphics-heavy applications running on XenApp on a physical server to render on the server's graphics processing unit (GPU). 287 . Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Direct3D and Windows Presentation Foundation (WPF) rendering to the server's GPU. Additionally. in the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook\AppInit_Dlls\Multiple Monitor Hook subkey in the registry of the server running XenApp. Use Registry Editor at your own risk. or 11. the server is able to process more graphics because the workload is split between the CPU and GPU.

Assigning Priorities to Network Traffic With XenApp and XenDesktop. q q q XenDesktop supports multiple channel streaming connections only for Virtual Desktop Agents installed on Windows 7 environments. and mouse. Each virtual channel is associated with a specific priority and transported in the corresponding TCP connection. The Secure Sockets Layer (SSL) connections are only supported when the connections are traversing an Access Gateway that supports multi-stream. The four priorities are: q Very High: for realtime activities. or the CGP ports. a Citrix Users Policy setting in XenDesktop and a Citrix User Policy setting in XenApp. Four Transmission Control Protocol (TCP) connections are available to carry ICA traffic between the user device and the server (XenDesktop provides an additional User Datagram Protocol (UDP) connection). multi-stream connections with SSL are not supported (this includes SSL Relay. priorities are assigned to network traffic across multiple connections for a session with quality of service (QoS)-supported routers. Citrix recommends using Internet Protocol Security (IPsec) or Secure Sockets Layer ( SSL). keyboard. you must configure: q Multi-Stream. are configured. such as webcam conferences. q q 288 . Caution: Use transport security when using this feature. Low: for background activities. To assign priorities to network traffic To set quality of service for multiple streaming connections. such as printing. Quality of service is supported only when multiple session reliability ports. You can set the channels independently. Medium: for bulk processes. based on the TCP port number used for the connection. When running on an internal corporate network. a Citrix Machine Policy setting in XenDesktop and a Citrix Computer Policy setting in XenApp. such as Client Drive Mapping (CDM). Work with your company's network administrator to ensure the Common Gateway Protocol (CGP) ports configured in the Multi-Port Policy setting are assigned correctly on the network routers. a Citrix Machine Policy setting in XenDesktop and a Citrix Computer Policy setting in XenApp. such as the screen. Multi-Stream. on the XenApp server). Multi-Port Policy. High: for interactive elements.

Type additional CGP ports in CGP port1. In Machine settings (XenDesktop) or Computer settings (XenApp). open the Multi-Stream Add Setting dialog box and select Enabled or Disabled. 5. For the policies to take effect. select a priority. as needed. 4.Assigning Priorities to Network Traffic 1. open the Multi-Stream Connections Add Setting dialog box and select Enabled or Disabled. 289 . Important: Firewalls on Virtual Desktop Agents or XenApp Server must be explicitly configured to allow the additional TCP traffic as part of the Multi-Port Policy setting. users must log off and then log on to the network. In Users settings (XenDesktop) or User settings (XenApp). and CGP port3. CGP port2. From the CGP default port priority list. In Machine settings (XenDesktop) or Computer settings (XenApp). 3. 2. open the Multi-Port Policy Add Setting dialog box. and identify priorities for each.

290 . You can disable and then enable the feature with the Dynamic Windows Preview computer policy setting on the XenApp server. Dynamic Windows Preview is available for user devices running: q Citrix Receiver 3. the following Windows Aero preview options are available to XenApp users with published applications: q Taskbar Preview When the user hovers over a window's taskbar icon. an image of that window appears above the taskbar. q Flip 3D When the user presses TAB+Windows logo key. large images of the open windows cascade across the screen. small preview icons are shown for each open window. q Windows Peek When the user hovers over a taskbar preview image.0 for Windows Windows 7 configured for Aero q To configure Dynamic Windows Preview Dynamic Windows Preview is enabled by default. q Flip When the user presses ALT+TAB.Adding Dynamic Windows Preview Support With the Dynamic Windows Preview feature enabled. a full-sized image of the window appears on the screen.

This policy setting is only applicable for XenDesktop 5. Important: When using this setting.5 VM Hosted Apps sessions. files and folders on mapped client-drives are available in read/write mode from within the session. files and folders on mapped client-drives cannot be added or modified from within the session. the setting is disabled.Configuring Read-Only Access to Mapped Client Drives With the Citrix User Policy setting Read-only client drive access. By default.5 Virtual Desktop Agent and XenApp 6. When disabled. be sure to include Client drive redirection in the policy and that it is set to Allowed. When enabled. Files and folders on mapped client-drives are available in read-only mode only. you can control whether users can copy files from their virtual environments to their user devices. 291 .

add the following groups to the Allow Logon through Remote Desktop Services setting for servers in the OU. Refer to the Windows XP and Windows Vista security guides available at http://technet.microsoft. The Citrix Receiver is compatible with and functions in environments where the Microsoft Specialized Security . where domain-name is the name of the domain q 292 .0) security template is applied. To avoid this.0) or Enterprise Configuration Member Server (WS08R2-EC-Member-Server 1. q For anonymous users: server-name\Anonymous for each XenApp server in the farm. These templates are supported in the Microsoft Windows XP and Vista platforms. where server-name is the name of the XenApp server For domain users: domain-name\Domain Users for each XenApp server in the farm.com for more information about the template and related settings.Limited Functionality (SSLF) desktop security template is used. In deployments where the XenApp server is part of an organization unit (OU) to which a Microsoft Specialized Security Limited Functionality Member Server (WS08R2-SSLF-Member-Server 1. applications might fail to launch for anonymous users or domain users.Securing Server Farms Consult with your organization’s security experts for a comprehensive security strategy that best fits your needs.

Trusted Server Configuration This feature identifies and enforces trust relations involved in client connections. Also. Securing the AppCenter You can use the AppCenter to connect to any server in your farm. This can be used to increase the confidence of client administrators and users in the integrity of data on client devices and to prevent the malicious use of client connections.Securing Access to Your Servers An important first step in securing your server farm is securing access to the servers. ensure that only administrators can access it. Use it only in environments where packet sniffing cannot occur. You can set NTFS permissions so that non-administrators do not have Execute permission for the AppCenter executable. install XenApp only on NTFS-formatted disk partitions. When this feature is enabled. clients can specify the requirements for trust and determine whether or not they trust a connection to the server. Using NTFS partitions To ensure that appropriate access control can be enforced on all files installed by XenApp. 293 .

Keep the user name and password secure and give it to administrators only to install XenApp. If the Microsoft SQL Server is configured for mixed mode security. you may want to create a Microsoft SQL Server user account for the sole purpose of accessing the data store. Citrix recommends using only Windows authentication. Consult the database vendor documentation for more information. Changing the user account’s permission from db_owner may cause problems installing future service packs or feature releases for XenApp. Important: For improved security. 294 . System administrator account credentials are not needed for data store access.Securing the Data Store Protecting the data store involves not only protecting the data in the data store database but also restricting who can access it. Microsoft SQL Server The user account that is used to access the data store on Microsoft SQL Server has public and db_owner roles on the server and database. you can change the user account’s permission to db_reader and db_writer after the initial installation of the database with db_owner permission. To reconfigure the Citrix IMA Service password. there is no risk of compromising a Windows domain if the user’s password is compromised. In general: q Users who access your farm’s servers do not require and should not be granted any access to the data store. Select a password that is not easy to deduce. For high-security environments. use the dsmaint config command on each affected server. meaning that you can use either Microsoft SQL Server authentication or Windows authentication. Be sure to change the account permission back to db_owner before installing a XenApp service pack or feature release. do not use a system administrator account because this poses an additional security risk. the Citrix IMA Service fails to start on all servers configured with that account. Because this Microsoft SQL Server user account would access only the data store. Be sure to create a backup of your data store before changing the password on your data store. q Caution: If the user account for accessing the database is changed at a later time. All farm servers share a single user account and password for accessing the data store.

Oracle Give the Oracle user account employed for the server farm "connect" and "resource" permissions only. For security reasons. 295 . change the password with the dsmaint config command and keep the information in a safe place.Securing the Data Store Microsoft SQL Server Express Windows authentication is supported for the Microsoft SQL Server Express database. System administrator (system or sys) account permissions are not needed for data store access. The user name and password typically are those for the local system administrator account. If users have access to the data store server. Microsoft SQL Server authentication is not supported.

when you publish an application or resource. all ICA communications are set to Basic ICA protocol encryption. The Web Interface and Citrix Receiver automatically detect and use the settings specified on the server (that is. increase the level of ICA protocol encryption when you want to encrypt internal communication within a LAN or a WAN. The settings you specify for client-server encryption can interact with any other encryption settings in XenApp and your Windows operating system. By default. but it does not perform any authentication. and integrity of session data. The SecureICA feature encrypts the session data sent between a server running XenApp and a client. you must enable SSL encryption. Citrix recommends that you enable SSL/TLS protocols. when you publish a resource).Securing Client-Server Communications There are two methods for encrypting the session data transmitted between clients and servers: SecureICA and SSL/TLS encryption. Increasing the level of ICA protocol encryption prevents session data from being sent in clear text. depending on your network configuration. authentication. Enabling SSL/TLS ensures the confidentiality. the TSCC settings and the policies override the application settings. In general. If the encryption level for an application is lower than what you specified through the TSCC and connection policies. The difference between the two types of client-server encryption is as follows: q SecureICA. settings you specify for published resources can be overridden. The Basic setting obfuscates data but does not provide industry standard encryption. q If you enable protection against both internal and external threats. Both protocols are enabled on the server side. The most secure setting out of any of the settings below is used: q The setting in Remote Desktop Session Host Configuration The XenApp policy setting that applies to the connection The client-server setting (that is. make sure that it is consistent with the encryption settings you specified elsewhere. You can increase the level of SecureICA encryption up to 128-bit and/or add SSL/TLS encryption. SSL/TLS protocols. 296 . or you want to encrypt internal access to an intranet. SSL/TLS protocols can protect you from internal and external threats. If a higher priority encryption level is set on either a server or client device. Using SecureICA with SSL or TLS provides end-to-end encryption. any encryption setting you specify in the TSCC or connection policies cannot be higher than the application publishing setting. the level you set when you publish a resource) The Microsoft Group Policy q q q When you set an encryption level. For example.

you may want to use ICA encryption in the following situations: q You need to secure communications from devices that use Microsoft DOS or run on Win16 systems You have older devices running software that cannot be upgraded to use SSL As an alternative to SSL/TLS encryption. Citrix does not recommend SecureICA as your only method of encryption. SecureICA does not check data integrity. client-server communications are obfuscated at a basic level through the SecureICA feature. Citrix Receiver uses the ICA protocol to encode user input (keystrokes and mouse clicks) and address it to a server farm for processing. Unlike SSL/TLS encryption. does not provide authentication of the server. Server farms use the ICA protocol to format application output (display and audio) and return it to the client device. You can increase the level of encryption for the ICA protocol when you publish a resource or after you publish a resource. 297 . SecureICA. In addition to situations when you want to protect against internal security threats. when there is no risk of a “man-in-the-middle” attack q q When traversing public networks. used on its own. Citrix recommends using SSL/TLS encryption for traversing public networks. which can be used to encrypt the ICA protocol. such as eavesdropping. Also.Using SecureICA By default. Therefore information could be intercepted as it crosses a public network and then be rerouted to a counterfeit server.

For client devices communicating with your farm internally. you can do one of the following to pass client communications to the computer running XenApp: q q Use the Secure Gateway with an internal firewall and place your farm behind the firewall Use the SSL Relay feature to secure the traffic between servers in your farm In larger environments. you may want to use the Secure Gateway with an internal firewall if you are concerned with internal threats. see the information about SSL in the Secure Gateway and Web Interface administrator documentation. Citrix recommends that you use the Secure Gateway to pass client communications to the computer running XenApp. if you want to use SSL.Enabling SSL/TLS Protocols If client devices in your environment communicate with your farm across the Internet. 298 . The nature of your environment may determine the way in which you enable SSL: q For client devices communicating with your farm remotely. q Regardless of whether you use the Secure Gateway or SSL Relay. The Secure Gateway can be used with SSL Relay on the computer running XenApp to secure the Secure Gateway to XenApp traffic. If you are using Web Interface with the Secure Gateway. Citrix recommends enabling SSL/TLS encryption when you publish a resource. depending on your requirements. you must use either the SSL Relay feature or the Secure Gateway to relay ICA traffic to the computer running XenApp. it may not be convenient to use SSL Relay because doing so requires storing certificates on every server in your farm. If you want to use SSL/TLS encryption. you must select the Enable SSL and TLS protocols setting when you publish an application. In large environments.

select a published application in the left pane. Creating a SecureICA policy prevents you from accidentally publishing a resource at a lower level of encryption. such as the Web Interface and Citrix Receiver. In the Application Properties dialog box. that if you enable an encryption policy. select Application properties. From the Action menu. you can set a policy for encryption. select a higher level of encryption from the drop-down list box. select one or more of the following: q Select the Enable SSL and TLS protocols check box. Citrix recommends as a best practice.To configure session data encryption The following procedure explains how to increase the level of encryption by enabling SecureICA (ICA protocol encryption) or SSL/TLS (Secure Sockets Layer and Transport Layer Security) encryption after you publish an application. In the Encryption section. you publish applications (or resources) by replicating an existing published application and editing it so as to replace the application with the new application you want to publish. 299 . This option requests the use of the SSL and TLS protocols for clients connecting to the published application. 3. In the Connection encryption section. Therefore. q If you are using SecureICA and you want to ensure that ICA traffic is always encrypted at a certain level. 2. From the AppCenter. 1. this can be problematic. If this policy is enabled and you publish a resource at a lower level of encryption than the policy requires. For software that takes its encryption settings from the server. the server rejects client connections. 4. select Advanced > Client options.

but it can be decrypted. use SecureICA with SSL/TLS encryption.To set a policy for ICA encryption The settings you specify for client-server encryption can interact with any other encryption settings in XenApp and your Windows operating system. To provide end-to-end encryption for your server farm. Encrypts the client connection with RC5 40-bit encryption. It protects the data stream from being read directly. Encrypts the client connection with RC5 56-bit encryption. RC5 (40 bit). RC5 (56 bit). Configure the Citrix User policy SecureICA minimum encryption level setting with one of the following options: q Basic. configure the server and Citrix Receiver to avoid using SecureICA. RC5 (128 bit). settings you specify for published resources can be overridden. Encrypts the client connection with RC5 128-bit encryption. 1. If this is an issue. Encrypts the client connection using a non-RC5 algorithm. RC5 (128 bit) logon only. Encrypts the logon data with RC5 128-bit encryption and the client connection using Basic encryption. q q q q 300 . SecureICA does not perform authentication or check data integrity. SecureICA does not use FIPS-compliant algorithms. If a higher priority encryption level is set on either a server or client device.

It uses TCP packets instead of UDP. After this authentication. In general. and XenApp servers that are using SSL or TLS.Configuring SSL/TLS Between Servers and Clients For XenApp to accept connections encrypted with SSL or TLS. SSL Relay is installed with XenApp in C:\Program Files (x86)\Citrix\SSLRelay. By default. servers running the Web Interface. use SSL Relay for SSL/TLS support when you: q Want to secure communications with servers that host the Citrix XML Service. q q q q Configure SSL Relay and the appropriate server certificate on each XenApp server in the server farm. you must use SSL Relay to configure support on each XenApp server. Citrix SSL Relay can secure communications between clients. Need end-to-end encryption of data between clients and servers. SSL Relay decrypts the requests and passes them to the server. which encrypts the data and forwards it to the client to be decrypted. Have a small number of servers to support (five or fewer). Message integrity checks verify that each communication is not tampered with. To use SSL/TLS to protect against internal threats in larger farms. Do not need to secure access at a DMZ. consider configuring SSL/TLS support with Secure Gateway. Data sent between the two computers is decrypted by the SSL Relay and then redirected using SOCKSv5 to the Citrix XML Service. the server sends all information through SSL Relay. When returning the information to Receiver. The default port for the Citrix XML Service is 80. where C is the drive where you installed XenApp. 301 . Each Receiver authenticates the SSL Relay by checking the relay’s server certificate against a list of trusted certificate authorities. Receiver and SSL Relay negotiate requests in encrypted form. which allows connections to work across most firewalls. SSL Relay operates as an intermediary in the communications between Citrix Receiver and the Citrix XML Service running on each server. Do not need to hide server IP addresses or you are using Network Address Translation (NAT). The Citrix XML Service is included in the server. The Citrix XML Service provides an HTTP interface for enumerating applications available on the server.

To run the SSL Relay tool. you might be prompted for administrator credentials. you must have the following privileges and associated permissions: q Domain administrator Delegated administrator Administrator group of the local computer where you are installing the tool q q 302 .Configuring SSL/TLS Between Servers and Clients Installing and Configuring the SSL Relay Tool If you configure the SSL Relay tool with the User Account Control (UAC) feature of Microsoft Windows enabled.

SSL Relay uses the same registry-based certificate store as IIS. you must install the root certificate from the same CA on each client device that will communicate with SSL Relay. Install the server certificate on each server. so you can install certificates using IIS or the Microsoft Management Console (MMC) Certificate Snap-in. When you receive a certificate from the CA. an enterprise CA (a CA that your organization makes accessible to you). 303 . Root certificates are available from the same CAs that issue the server certificates. You can install server and client certificates from a CA that is bundled with your operating system. you can view and import certificates on the computer using the MMC and adding the certificate as a stand-alone snap-in. you can restart the Web Server Certificate wizard in IIS and the wizard will install the certificate. In addition to installing a server certificate on each server.Obtaining and Installing Server and Root SSL Certificates A separate server certificate is required for each XenApp server on which you want to configure SSL or TLS. or a CA not bundled with your operating system. Certificates must be signed by a trusted entity called a Certificate Authority (CA). so you must know the fully qualified domain name (FQDN) of each server. Consult your organization’s security team to find out which of the following methods they require for obtaining certificates. The server certificate identifies a specific computer. Alternatively.

Some of the newer Windows operating systems include native support for many CAs. Certificates from CAs that are not bundled with your operating system or made accessible to you by your organization must be installed manually on both the server running Citrix SSL Relay and on each client device.Choosing an SSL Certificate Authority You can obtain and install certificates for your servers and client devices in the following ways: q Certificates from a CA bundled with the operating system. If you choose to install the certificate from a bundled CA. consult your security team. see your Microsoft documentation. see your Microsoft documentation. For more information about using this wizard. For more information about whether or not your company uses an enterprise CA. For instructions about installing certificates from an external CA. q 304 . see the documentation for the servers and clients in your configuration. double-click the certificate file and the Windows Certificate Store wizard installs the server certificate on your server. that CA appears in your list of CAs. you can install certificates using Active Directory or the IIS snap-in: q q q If your computers belong to an Active Directory server. You can use the Microsoft Web Server Certificate wizard in the IIS snap-in to request and import a certificate. see your Microsoft documentation. you can install the certificates using Active Directory. For instructions about how to use Active Directory to install your certificates. Double-click the certificate file and the Windows Certificate Store wizard installs the server certificate on your server. Certificates from a CA not bundled with the operating system. For information about which operating systems include native support. Alternatively. If your organization makes a CA accessible to you for use. Certificates from an enterprise CA.

For information about what software you can use to generate the CSR. The CA processes the request and returns the signed SSL certificate and password to you. if you are using the IIS snap-in to obtain your certificates. consult the documentation for your chosen CA.Acquiring a Signed SSL Certificate and Password After you choose a Certificate Authority (CA). 305 . Important: The common name for the certificate must be the exact fully qualified domain name of the server. you can use Microsoft Enterprise Certificate Services to generate the CSR. generate a certificate signing request (CSR) and send it to the CA using the Web server software that is compatible with the CA. After acquiring the signed certificate and password from your CA. For example. install the certificates on each server and client in your configuration using the appropriate method.

To enable the SSL Relay and select the relay credentials 1. the entire subject name is used. Select the Display Friendly Name check box to display the certificate’s friendly name. click All Programs > Citrix > Administration Tools > Citrix SSL Relay Configuration Tool. Select the Enable SSL relay check box to enable the relay features. If you check this box and no friendly name exists. Click the Relay Credentials tab. If Display Friendly Name is not checked. 4. Select the server certificate from the Server Certificate drop-down box (used to identify the SSL Relay identity). On the server where you installed Citrix SSL Relay. if available. 306 . Some certificates contain an additional friendly name field. 5. 2. This check box determines which information from the certificate appears in the Server Certificate list. 3. the certificate’s subject common name is used (which is typically the server name).

To run SSL Relay on a server running Windows Server 2003 or 2008 (with Web Server IIS installed and enabled). for example. It is not installed by default on Windows Server 2008. 307 . Most firewalls open this port by default. Optionally. you must: q Install a server certificate on IIS before you change the port number. SSL Relay uses TCP port 443. you must change the port number that IIS or the SSL Relay use. you can configure the SSL Relay to use another port. see the relevant Microsoft documentation. the standard port for SSL connections. Microsoft IIS is installed by default on Windows Server 2003 and allocates port 443 for SSL connections. if you install the Web Interface and XenApp on the same server. You can use the same server certificate with IIS and the SSL Relay.Using the SSL Relay with the Microsoft Internet Information Service (IIS) To use the SSL Relay and Microsoft Internet Information Services (IIS) on the same server. q To change the SSL port for Internet Information Services. Be sure that the port you choose is open on any firewalls between the client devices and the server running the SSL Relay. Configure IIS to use a different port or configure the SSL Relay to use a different port.

you must make the same change on the client device. By default. You can add other computers in the same server farm for redundancy. You may also need to open the port on any firewalls between the client device and the SSL Relay. 308 . no servers are listed. The protocol that is required is configured using the SSL Relay configuration tool. For more information. the default ICA and Citrix XML Service ports are added for the local computer. If your server has multiple IP addresses. The default port number is 443.Configuring the Relay Port and Server Connection Settings The SSL Relay relays packets only to the target computers listed on the Connection tab of the Citrix SSL Relay Configuration Tool. you must set SSLProxyHost to the new port number in the Citrix Receiver icaclient. If you change this value. By default. The fully qualified domain name (FQDN) of the server to which to relay the decrypted packets. If certificates are configured. Use the Connection tab to configure the listener port and allowed destinations for the SSL Relay. The target server and port specified on your server running the Web Interface or Citrix Receiver must be listed on this tab. this port is used on all of them. Once a certificate is added. q q q Important: If you change the default Citrix SSL Relay port. see the Receiver administrator documentation. See Configuring TCP ports for a list of ports used in a server farm. Ports. The TCP port where SSL clients connect to the SSL Relay. The TCP ports where ICA and the Citrix XML Service are listening. SSL Relay can be configured to use either SSL or TLS. Encryption Standard. Server Name. no servers are listed.adm file. the FQDN of the server on which the SSL Relay is running appears here. The SSL Relay relays packets only to the target computers listed on the Connection tab. the SSL Relay is configured to relay packets only to the target computer on which the SSL Relay is installed. If certificates are not configured. q Relay Listening Port.

click All Programs > Citrix > Administration Tools > Citrix SSL Relay Configuration Tool. b. q To add a server to the destination server list: a. Type the FQDN of the computer in the Server Name box. Click New. In the field below Destination ports. c. (This additional server must also be specified in the configuration of servers running the Web Interface. q 309 .Configuring the Relay Port and Server Connection Settings To modify the destination server list 1. Click the Connection tab. To change the port for a server listed in the destination server list: a. 2. select a destination port to remove and click Delete. Select the server entry and click Edit. In the Target Server Properties dialog box. Type the port number of the Citrix XML Service in the Destination ports box and click Add.) c. type the number of the new destination port and click Add. b. On the server where you installed Citrix SSL Relay.

3. The SSL Relay uses port 443 before IIS. including when the server is restarted. 32-bit Edition. Configure and start the SSL Relay service. members of the User group are allowed to edit registry entries in the registry hive HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Secure\Citrix\Citrix SSL Relay. Note: When you configure XenApp. Stop the Microsoft Internet Information Service. 2.To run the SSL Relay on port 443 without using HTTPS 1. You can use the Microsoft Security Configuration and Analysis tool to prevent members of the User group from editing these registry entries. 310 . Restart the Microsoft Internet Information Service. or HKEY_LOCAL_MACHINE\SOFTWARE\Secure\Citrix\Citrix SSL Relay on XenApp.

Available ciphersuites are grouped into GOV (Government) or COM (Commercial). Click the Ciphersuites tab.rfc-editor. from the right column. connections using any of the supported ciphersuites are allowed. The SSL Relay accepts connections only from clients that support at least one of the allowed ciphersuites. click Add. To add or remove ciphersuites 1. 311 . available online at http://www. To disallow it. To allow it. Installing additional ciphersuites is not supported.Configuring the Ciphersuites Allowed by the SSL Relay Use the Citrix SSL Relay Configuration Tool to configure which combinations of ciphersuites the SSL Relay will accept from the client (a server running the Web Interface or Citrix Receiver). click Remove. The Ciphersuites dialog box lists the available and allowed ciphersuites. click All Programs > Citrix > Administration Tools > Citrix SSL Relay Configuration Tool. On the server where you installed Citrix SSL Relay.org. Descriptions of ciphersuites are found in Appendix C of the Internet Society RFC 2246. any combination of ciphersuite and security protocol can be used. Contact your organization’s security expert for guidance about which ciphersuites to use. Select a ciphersuite from the left column. Note that GOV ciphersuites are normally used when TLS is specified. However. By default. 2.

For more information. 312 . However. In general. including the servers hosting the Citrix XML Service. because ICA communication is encrypted only between the client and the gateway. Establishing the gateway simplifies firewall traversal because ICA traffic is routed through a widely accepted port for passage in and out of firewalls. use the Secure Gateway when: q You want to hide internal IP addresses You want to secure public access to your farm’s servers You need two-factor authentication (in conjunction with the Web Interface) q q Using the Secure Gateway provides the following benefits: q Secure Internet access Removes the need to publish the addresses of every server running XenApp Simplifies server certificate management Allows a single point of encryption and access to the servers q q q Use the Secure Gateway to create a gateway that is separate from the computers running XenApp. combined with encryption of the HTTP communication between the Web browser and the Web server. see the Secure Gateway for Windows administrator documentation.Using the Secure Gateway Use the Secure Gateway to provide SSL/TLS encryption between a secure Internet gateway server and an SSL-enabled client. The Secure Gateway provides increased scalability. you may want to use SSL Relay to secure the traffic between the gateway and the servers running XenApp. Using the Secure Gateway makes firewall traversal easier and improves security by providing a single point of entry and secure access to your server farms.

2. To display STA performance statistics In addition to monitoring the performance of the server running the Secure Gateway. 4.log 313 . Use the Windows Performance Console controls that appear at the top of the right pane to switch views and add counters. In most cases. The STA is embedded within the Citrix XML Service. When you install XenApp. 3. Right-click in the right pane and click Add Counters. internally generated certificates are used for this purpose. 6. Click Close. Access the Performance Monitor. Citrix recommends monitoring the performance of the server running the Secure Ticket Authority (STA) as part of your administrative routine. ensure that you install a server certificate on the server running the STA and implement SSL Relay. Select the performance counters you want to monitor and click Add. select Secure Ticket Authority. From the Performance Object drop-down list. Important: If you are securing communications between the Secure Gateway and the STA. These session tickets form the basis of authentication and authorization for access to published resources. select Use local computer counters. you also install the STA. When creating a log. For the location of the performance counters. which is located in the \inetpub\scripts directory. 1. 5.Using the Secure Ticket Authority The Secure Ticket Authority (STA) is responsible for issuing session tickets in response to connection requests for published resources on XenApp. the STA uses the following format for naming log files: stayyyymmdd-xxx. 7. Identifying Entries in the STA Log The STA logs fatal errors to its application log.

it may be due to lack of write privileges to the \inetpub\scripts directory. use a plain-text editor to open the log file. If the STA does not create a log file.Using the Secure Ticket Authority where yyyy is the year. To view entries in the STA log. and dd is the day of the log file creation. it creates a log file. mm is the month. 314 . The first time the STA is loaded.

q 315 . To deploy XenApp on internal networks.Securing Network Communications Network communication between servers and client devices can be a security risk in any enterprise environment. Depending on your security needs. when clients are communicating with your farm remotely across the Internet: q q Secure Gateway Secure Ticket Authority Network firewalls q q Proxy servers Part of securing your server farm is making sure that only properly authenticated users can access your servers and resources. In addition to physically securing servers. you can incorporate the following network communication security components when designing XenApp deployments: q At the client-server level inside your network: q By encrypting the Independent Computing Architecture (ICA) protocol using SecureICA q Secure Socket Layer/Transport Layer Security (SSL/TLS) encryption At the network level. most organizations install network security measures including firewalls to isolate servers running XenApp and Web browsers from the Internet and publicly accessible networks. secure communications between the client and server by means of SSL/TLS or other security measures. which can include smart cards.

open the farm or server properties page. and other Citrix services use in a server farm. 1433. or 443 for MS-SQL 2512 2513 2598 Configuration Not configurable See Using the SSL Relay with the Microsoft Internet Information Service (IIS) See Install and Configure Not configurable See ICAPORT See the licensing documentation In the console. and select License Server See the documentation for the database software See IMAPORT See IMAPORT See Configuring Session Reliability 316 . Communication Citrix AppCenter Citrix SSL Relay Citrix XML Service Client-to-server (directed UDP) ICA sessions (clients to servers) License Management Console Server to license server Server to Microsoft SQL Server or Oracle server Server to server Remote AppCenter to server Session reliability Default port 135 443 80 1604 1494 8082 27000 139.Configuring TCP Ports This table lists the TCP/IP ports that the servers. This information can help you configure firewalls and troubleshoot port conflicts with other software. Citrix Receiver. IMA Service.

6 STABLE 4 Microsoft Proxy Server 2.0 q q q 317 . uses a different port from that used by the XenApp servers. much like using a firewall. as opposed to a firewall. A proxy server. For information about using proxy servers with the Citrix Receiver. gives you more control over access to the XenApp servers and provides a heightened level of security for your network. Using a proxy server.Using Proxy Servers A proxy server accepts connection requests from client devices and redirects those requests to the appropriate XenApp servers.6 Squid 2. Supported proxy servers are: q Microsoft Internet Security and Acceleration (ISA) Server 2004 and 2006 iPlanet Web Proxy Server 3. see the Citrix Receiver documentation.

consider these factors: q The trust relationship is not necessary unless you want to implement Workspace Control and your users log on using smart cards or pass-through authentication. or other security technology. configure the Citrix Computer policy Trust XML requests setting. For more information about Workspace Control. When you set up the trust relationship. use SSL Relay.Configuring Authentication for Workspace Control If users log on using smart cards or pass-through authentication. IPSec. see Ensuring Session Continuity for Mobile Workers. If you set up the trust relationship without using IPSec. firewalls. Enable the trust relationship only on servers directly contacted by the Web Interface. Reconnect. These servers are listed in the Web Interface Console. To avoid security risks. firewalls. if the Citrix XML Service is sharing a port with IIS. the Disconnect. you depend on the Web Interface server to authenticate the user. or other technology that you use to secure the environment so that they restrict access to the Citrix XML Service to only the Web Interface servers. you must set up a trust relationship between the server running the Web Interface and any server in the farm that the Web Interface accesses for published applications. The Citrix XML Service communicates information about published applications among servers running the Web Interface and servers running XenApp. For example. Configure SSL Relay. it is possible for any network device to disconnect or terminate client sessions. To set up the trust relationship. you can use the IP address restriction capability in IIS to restrict access to the Citrix XML Service. IPSec. If you configure a server to trust requests sent to the Citrix XML Service. You do not need to set up a trust relationship if your users authenticate to the Web Interface or Citrix Receiver by typing in their credentials. and Log Off (“Workspace Control”) commands fail for those users logging on with smart card or pass-through authentication. q q q 318 . or any technology that ensures that only trusted services communicate with the Citrix XML Service. firewalls. Without the trust relationship.

Citrix has tested smart cards that meet Standard 7816 of the International Organization for Standardization (ISO) for cards with electrical contacts (known as a contact card) that interface with a computer system through a smart card reader device. In addition. consult your smart card vendor or integrator to determine detailed configuration requirements for your specific implementation. your users can authenticate to applications and content published on servers. Instead of merely presenting the smart card (one factor) to conduct a transaction. meaning the private key and digital certificates never leave the card. USB. is employed to prove that the cardholder is the rightful owner of the smart card. The reader can be connected to the host computer by the serial. These cards include support for cryptographic operations such as digital signatures and encryption. In a XenApp environment. In addition. smart card functionality within these published applications is also supported. You can also use smart cards with the Web Interface for XenApp. Smart cards are small plastic cards with embedded computer chips. Note: XenApp does not support the RSA Security Inc. Cryptographic cards are designed to allow secure storage of private keys such as those used in Public Key Infrastructure (PKI) security systems. PKCS (Public-Key Cryptography Standard) #11 functional specification for personal cryptographic tokens.Using Smart Cards with XenApp You can use smart cards in your XenApp environment. a published Microsoft Outlook application can be configured to require that users insert a smart card into a smart card reader attached to the client device to log on to the server. Citrix supports the use of PC/SC-based cryptographic smart cards. 319 . After users are authenticated to the application. see the Web Interface administrator documentation. smart cards can be used to: q Authenticate users to networks and computers Secure channel communications over a network Use digital signatures for signing content q q If you are using smart cards for secure network authentication. For details. Smart Card Requirements Before using smart cards with XenApp. Citrix supports two-factor authentication for increased security. known only to the user. These cards perform the actual cryptographic functions on the smart card itself. they can digitally sign email using certificates stored on their smart cards. a user-defined PIN (a second factor). For example. or PCMCIA port.

are beyond the scope of this documentation. You do not need to attach the smart card reader to your server during CSP software installation if you can install the smart card reader driver portion separately from the CSP portion. Configuration of smart card implementations and configuration of third-party security systems. 320 . such as certificate authorities. see the Receiver or client documentation. See your smart card vendor for information about whether these software components are supported or must be replaced with vendor-specific software. Smart cards are supported for authenticating users to published applications or for use within published applications that offer smart card functionality. CSP. The following Citrix Receivers and clients support smart cards: q Receiver for Windows Receiver for Linux Receiver for MacIntosh Client for Windows-based terminals q q q To configure smart card support for Receiver or client users. Configuring XenApp for Smart Cards A complete and secure smart card solution can be complex and Citrix recommends that you consult your smart card vendor or integrator for details. Only the former is enabled by default upon installation of XenApp. If you are using pass-through authentication to pass credentials from your client device to the smart card server session. CSP software must be present on the client device. or smart card reader drivers already present.Using Smart Cards with XenApp The following components are required on the server: q PC/SC software Cryptographic Service Provider (CSP) software q These components are required on the device running the supported Citrix Receiver or client: q PC/SC software Smart card reader software drivers Smart card reader q q Your Windows server and client operating systems may come with PC/SC.

pass-through authentication leverages Kerberos authentication. Administrator group users attempt to access network resources such as shared folders and printers q q 321 . an option you configure through the Active Directory Users and Computers management tool.Configuring Kerberos Logon Citrix Receiver features enhanced security for pass-through authentication. System requirements Kerberos logon works only between clients and servers that belong to the same or to trusted Windows domains. Rather than sending user passwords over the network. User Access Control and Administrator Sessions The User Access Control feature prompts users to enter credentials when all of the following requirements are met: q Kerberos logon is enabled on the server running XenApp Users logging on to the computer running XenApp are members of the Administrator group on that computer After logon. Kerberos logon is not available: q If you use the following Remote Desktop Services options: q Use standard Windows authentication q Always use the following logon information or Always prompt for password If you route connections through Secure Gateway q q If the server running XenApp requires smart card logon Kerberos requires Citrix XML Service DNS address resolution to be enabled for the server farm or reverse DNS resolution to be enabled for the Active Directory domain. Kerberos logon offers security-minded users the convenience of pass-through authentication combined with secret-key cryptography and data integrity provided by industry-standard network security solutions. Kerberos is an industry-standard network authentication protocol built into the Windows operating systems. Servers must also be trusted for delegation.

Mozilla Firefox. Kerberos and NTLM. To prevent Kerberos authentication for users on a specific server. but some do not. Kerberos is based on security tickets issued by domain controllers. However the NTLM protocol does not operate in a XenApp session that is started using the Kerberos pass-through authentication. Use Registry Editor at your own risk. When Kerberos pass-through authentication is used to start a XenApp session. To disable Kerberos logon to a server Caution: Using Registry Editor can cause serious problems that can require you to reinstall the operating system. To enable Citrix XML Service DNS address resolution Configure the Citrix Computer policy DNS address resolution setting. and others. In addition. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Apple Safari. Internet Explorer. q Applications running on XenApp that depend on the NTLM protocol for authentication generate explicit user authentication prompts or fail. When the maximum refresh period has ended. can use Windows pass-through authentication to access network resources without explicit user authentication prompts. there are technical limitations that may affect application behavior. which impose a maximum refresh period (typically one week). Most applications and network services that support Windows pass-through authentication accept both Kerberos and NTLM protocols. preventing applications that cannot use Kerberos from authenticating silently. Windows obtains a new Kerberos ticket automatically by using the cached network credentials that are required for the NTLM protocol. so applications such as Windows Explorer. these network credentials are not available when the XenApp session was started using Kerberos pass-through authentication. create the following registry key as a DWORD Value on the server: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Logon\ DisableSSPI = 1 You can configure Citrix Receiver to use Kerberos with or without pass-through authentication. q Kerberos pass-through authentication for applications expires if the XenApp session is left running for a very long time (typically one week) without being disconnected and reconnected. Microsoft Office. However. Google Chrome. Kerberos does not operate across certain types of domain trust links in which case applications automatically use the NTLM protocol. 322 .Configuring Kerberos Logon Limitations of Kerberos Pass-through Authentication to XenApp Windows supports two authentication protocols.

if you want to log administrative tasks and if you want to allow administrators to make changes to a farm if the task cannot be logged (for example. you can enable the IMA encryption feature when you deploy your server farm. you can determine what changes were made to your server farm. if the database is disconnected). if necessary. It also facilitates the identification and. This determines if you need to set up additional database user accounts and if you want to make XenApp administrators enter credentials before clearing logs. you cannot disable it without losing the data it encrypted. administrative changes initiated from the following components lead to the creation of log entries in a central Configuration Logging database: q Citrix AppCenter some command-line utilities tools custom built with SDKs q q Before you enable the Configuration Logging feature: q Determine the level of security and control you need over the configuration logs. Determine how strictly you want to log tasks. and which administrators made them. After this is enabled. q q Important: To securely store the credentials used for accessing the Configuration Logging database. Determine if you want to allow administrators to be able to clear configuration logs and if you want them to have to supply credentials for this purpose. This requires the permission to Edit Configuration Logging settings. when they were made. however. By generating the reports that this feature makes available. Citrix recommends that you configure IMA encryption before the Configuration Logging feature is configured and used. for example. When this feature is enabled for a licensed server farm. reversion of administrative changes that may be causing problems for the server farm. To enable the Configuration Logging feature: q Set up the Configuration Logging database Define the Configuration Logging database access permissions Configure the Configuration Logging database connection Set the Configuration Logging properties q q q 323 . This is especially useful when multiple administrators are modifying the configuration of your server farm.Logging Administrative Changes to a XenApp Farm The Configuration Logging feature allows you to keep track of administrative changes made to your server farm environment.

as needed The Configuration Logging feature. runs in the background as administrative changes trigger entries in the Configuration Logging database. 324 . To generate a configuration logging report. clearing the Configuration Logging database. The only activities that are initiated by the user are generating reports. For more information. and displaying the Configuration Logging properties. see help for Get-CtxConfigurationLogReport or Windows PowerShell with Common Commands. use the PowerShell command Get-CtxConfigurationLogReport.Logging Administrative Changes to a XenApp Farm q Delegate administrative permissions. after it is properly enabled.

325 . regardless of how many domains are in the farm. or a user who has the "connect" and "resource" roles and "unlimited tablespace" system privilege for Oracle. for information about supported versions. you also must ensure that the appropriate database permissions are provided for XenApp so that it can create the database tables and stored procedures (preceded by “CtxLog_AdminTask_”) needed for Configuration Logging. Only one Configuration Logging database is supported per server farm.Setting up the Configuration Logging Database The Configuration Logging feature supports Microsoft SQL Server and Oracle databases. Tables and stored procedures are created in the schema associated with the user who initially configured the Configuration Logging feature. Do this by creating a database user who has “ddl_admin” or “db_owner” permissions for SQL Server. Each server in the server farm must have access to the Configuration Logging database. The Configuration Logging feature does not allow you to use a blank password to connect to the Configuration Logging database. see CTX114501. When the Configuration Logging database is set up. Ensure that all Citrix administrators accessing the same farm are configured to use the same default schema. the database user must have db_owner permissions. The database user who will create the Configuration Logging tables and stored procedures must be the owner of the default schema. This is used to provide XenApp full access to the Configuration Logging data. When using Windows Integrated Authentication. the database user must have ddl_admin permissions. use a different schema. create a second Configuration Logging database. To store Configuration Logging information for a second farm in the same database instance. only fully qualified domain logons are valid. If you are using dbo as the default schema. see the Oracle documentation. The Configuration Logging database must be set up before Configuration Logging can be enabled. Considerations for SQL Server Only one server farm is supported per Configuration Logging database. Local user account credentials will fail to authenticate on the database server that hosts the Configuration Logging database. To store Configuration Logging information for a second farm. For information about managing and using a different schema. See the SQL Server documentation for information about managing and using schemas. If you are using ddl_admin as the default schema. Considerations for Oracle Only one farm is supported per schema.

Important: To use an Oracle database for configuration logging.ora client file to include the connectivity information needed to access the available databases.Setting up the Configuration Logging Database The user name connecting to the Oracle database should not begin with a number. Before running the AppCenter. 326 . update the Oracle tnsnames. otherwise. the 32-bit Oracle client must be installed on the AppCenter. you cannot display the log from the AppCenter.

tables.Defining Database Permissions for Configuration Logging The first time the Configuration Logging feature is enabled. After the database schema is created. and stored procedures. XenApp then creates the database schema. If you do not have permission to execute an existing GetFarmData stored procedure.all_objects. this farm is invisible to the Configuration Logging components. XenApp needs full access to the database. and for sequence objects and the "create session" system privilege q To create a report q EXECUTE for the Configuration Logging stored procedures SELECT q q SQL Sever: for sysobjects and sysusers Oracle: for sys. q 327 .all_objects. The following table lists the minimum permissions required to perform the Configuration Logging tasks. and for sequence objects and the "create session" system privilege q To clear the log q DELETE/INSERT for the database tables EXECUTE for the GetFarmData stored procedure SELECT q q q SQL Server: for sysobjects and sysusers Oracle: for sys. and for sequence objects and the "create session" system privilege The Configuration Logging components must have access to the GetFarmData stored procedure to find out if a Configuration Logging database is associated with a farm. it connects to the Configuration Logging database and discovers that the database schema does not exist. full access is no longer necessary and you have the option of creating additional users with fewer permissions. Configuration Logging task To create log entries in the database tables Database permissions needed q INSERT for the database tables EXECUTE for the stored procedures SELECT q q q SQL Server: for sysobjects and sysusers Oracle: for sys.all_objects. To create a database schema.

Defining Database Permissions for Configuration Logging Considerations for SQL Server Before you configure the Configuration Logging database connection. The authentication mode must be the same for the database user who creates log entries in the database tables and the database user who clears the log. grant EXECUTE permission to the sp_databases system stored procedure to list the databases on the database server. 328 .

To configure the connection to the Configuration Logging database After the Configuration Logging database is set up by your database administrator and the appropriate database credentials are provided to XenApp. From the Action menu. The wizard opens. you cannot set the database back to None. the connection will fail. For SQL Server. 9. if the database server to which you are connecting does not support encryption. Select or type the name of the database. Click Configure Database. You can also type the entry. From the AppCenter. 6.ora client file). however. 1. Enter a valid user name and password for the database. A display indicates whether or not the connection established successfully. 2. the possible exception is Use encryption. select a farm. You can use the default values for these settings. Credentials are always required (even if you are using Windows Integrated Authentication with SQL Server). Each server that creates log entries uses the credentials to connect to the Configuration Logging database.) 10. 8. Click Test Database Connection on the summary page to check for encryption support. After you configure the connection to the Configuration Logging database. Select the connection type (SQL Server or Oracle). 7. 4. use the Configuration Logging Database wizard to configure the connection to the database. use the drop-down list to select a SQL Server. The credentials are stored using the IMA encryption feature. select a net service name (from the Oracle tnsnames. 5. (SQL Server only). 3. clear the Log administrative tasks to Configuration Logging database check box in the Configuration Logging dialog box. For security reasons. Click Test Database Connection. 329 . Configure connection options and connection pooling options. select Farm properties. the default value is Yes. (For SQL Server. Select an authentication mode: Windows integrated security (recommended) or SQL Server authentication. (SQL Server only). Click Configuration Logging. To stop logging. for Oracle.

or they can authorize other administrators to perform these tasks by assigning them the delegated administration Edit Configuration Logging Settings permission. select Farm properties. From the Action menu. 330 . configure the database and the connection to the database. select a farm.To set Configuration Logging properties Before you set Configuration Logging properties. From the AppCenter. Otherwise. To prompt administrators to enter their credentials before clearing the log. 1. select the Allow changes to the farm when logging database is disconnected check box. If you want administrators to be able to make changes to the server farm when log entries cannot be saved to the Configuration Logging database. select the Log administrative tasks to Configuration Logging database check box. Click Configuration Logging. 5. 3. select the Require administrators to enter database credentials before clearing the log check box. To enable Configuration Logging. Full Citrix administrators can edit the Configuration Logging settings and clear the log. 4. the Configuration Logging property fields are not active. 2. Without this permission. ordinary administrators cannot perform these functions.

Select Clear history in the Actions pane or the Action menu. The credentials must correspond to the authentication mode you selected when you connected to the database initially. Specifically: q For SQL authentication. credentials with permissions for the Configuration Logging database on the SQL server are required For Windows Integrated authentication. q 331 . Citrix recommends that you enable the Require administrators to enter database credentials before clearing the log check box in the Configuration Logging properties. see help for Clear-XAConfigurationLog or Windows PowerShell with Common Commands. XenApp impersonates the database user when it connects to the SQL database. so credentials for the Windows user account are required q Use one of the following methods to clear log entries from the Configuration Logging database: q From the AppCenter.Clearing Entries from the Configuration Logging Database It may become necessary to clear the entries in the Configuration Logging database if the population of the tables becomes too large. To manage which database users can clear the configuration log. Use the PowerShell command Clear-XAConfigurationLog. expand the farm node and select History. Anyone attempting to clear the log is prompted for database credentials. For more information.

Key file The same valid IMA encryption key must be loaded on all servers in the farm if IMA encryption is enabled. Citrix recommends that you keep the key file in a secure location and that you do not freely distribute it. and enable it Make the key file accessible to other servers in the farm or put it on a shared network location Load the key onto other servers in the farm (that is. To preserve the integrity of the encryption. IMA encryption has the following components: Component CTXKEYTOOL Description Also known as the IMA encryption utility. IMA encryption is a farm-wide setting that applies to all servers in the farm after encryption is enabled. CTXKEYTOOL is a command-line utility you use to manage IMA encryption and generate key files. Configuring IMA encryption includes the following tasks: q Key On the first server in a farm (that is. 332 . For IT environments with heightened security requirements. This information is stored in the IMA data store. IMA encryption protects administrative data used by Configuration Logging. After copying the key file to a server. monitoring. to use IMA encryption. One example would include environments that require strict separation of duties or where the Citrix Administrator should not have direct access to the Configuration Logging database. Consequently. The IMA data store stores all XenApp configurations. generate a key file. you must enable it on all servers in the farm. you give the key for each farm a different name. CTXKEYTOOL is in the Support folder of the XenApp media. the server on which you create the farm during XenApp configuration). You create the key file using CTXKEYTOOL. and operating all XenApp functions. The key file contains the encryption key used to encrypt sensitive IMA data. you load the key by using CTXKEYTOOL. load the key. using IMA encryption provides a higher degree of security for Configuration Logging. the servers that join the farm during configuration) q q Citrix recommends that if you are enabling IMA encryption in environments that have multiple farms.Encrypting Configuration Logging Data Independent Management Architecture (IMA) is the underlying architecture used in XenApp for configuring.

3. You can store the CTXKEYTOOL.exe file from the Support folder of XenApp media to your local computer. 2. Copy the entire Support\Resource\en folder to the new Resource folder.Encrypting Configuration Logging Data Storing CTXKEYTOOL Locally 1. provided you maintain the same relative directory structure used on the media. 333 . Copy the CTXKEYTOOL.exe file and the Resource\en folder anywhere on your computer. Create a folder named Resource at the same level in your directory structure as the CTXKEYTOOL file.

specifying the full UNC or absolute path (including the key file name) to the location where you stored the key file. If the key loaded successfully. for example. and to the administrator performing the installation. If IMA encryption is enabled successfully. save it to a local directory (as you normally would). copy the key file to the shared network location.To generate a key and enable IMA encryption on the first server in a farm Before enabling IMA encryption on the first server in the XenApp farm (that is. After enabling IMA encryption on the server where you generated the key. 3. Ensure that the account you use to generate the key is the same as the account that will be used to configure all the servers in the farm. and restart the server. This is important in situations when you follow the Citrix best practice recommendation of creating a unique key for the farm. run CTXKEYTOOL with the load option on the server on which you want to add the key. run CTXKEYTOOL with the generate option. IMA Encryption is enabled for this farm” appears. 2. the message “Key successfully generated" appears. To obtain the key from the file and put it in the correct location on the server. On the server where you created the XenApp farm. the server on which you created the farm). Storing the Key File on a Shared Network Location If you choose to store the key on a shared network location.ctx. Citrix also suggests saving the key to a folder that uses the name of your farm. 3. specifying the full UNC or absolute path (including the file name of the key you want to generate) to the location where you want to store the file key. When you generate the key file. 334 . q 1. You must use the same account for both tasks. Farm A Key. install and configure XenApp. Citrix recommends the following: q Give the folder a meaningful name that specifies the name of the farm for which the key was created. farmakey. If the key file generates successfully. the message “The key for this farm has been replaced. 1. Grant Read/Execute access to the key file for each server that will be joining the farm. 2. Citrix suggests naming the key after the farm on which it will be used. for example. Run CTXKEYTOOL with the newkey option to use the currently loaded key and enable the key. the message “Key successfully loaded” appears.

To load a key on servers that join the farm Before enabling IMA encryption on servers you are joining to a XenApp farm. because you already enabled it on the first server in the farm 3. the message “Key successfully loaded” appears. install and configure XenApp. load the key file to the server. If you move a server that has IMA encryption enabled to a farm that does not have IMA encryption enabled. but do not restart the server. specifying the full UNC or absolute path (including the key file name) to the location where you stored the key file. Restart the server. run CTXKEYTOOL with the load option (specifying the key that was generated for the new farm) on that server is configured but before it is restarted. Repeat this procedure on all servers you configure to join the farm. 335 . If the key loaded successfully. To obtain the key from the file and put it in the correct location on the server. IMA encryption is disabled automatically on the server being moved. 2. You do not need to enable IMA encryption on this server. If you do not have the key file on a shared network location. Changing Farms If you move a server that has IMA encryption to a farm that has IMA encryption enabled. 1. run CTXKEYTOOL with the load option.

Citrix recommends that you run CTXKEYTOOL with the query option to verify that IMA encryption is enabled. secondary location. lost. After enabling IMA encryption. or you can back up the farm key by running CTXKEYTOOL with the backup option.Managing IMA Encryption IMA encryption includes other features that you can use as needed: q Citrix strongly recommends backing up the farm key to a safe. You can recreate a key file that you accidentally deleted. to access the Configuration Logging database. see the XenApp Command Reference documentation. no configuration information is logged until you reenter your database credentials. run CTXKEYTOOL with the enable option. q q For more information about CTXKEYTOOL. such as a CD. immediately after you generate a key. 336 . however. you must reenter the password for the Configuration Logging database. If you disable IMA encryption. or overwrote. Because IMA encryption is a farm-wide feature. disabling it on one server disables the feature on all servers. All servers in the same farm use the same key. XenApp does not allow you to access keys. In addition. You must recreate the entire key file by running CTXKEYTOOL with the backup option on any server in the farm that has the key and is functioning properly. To reenable IMA encryption after you disabled it. You can create a copy of the key file when you create it. so you can obtain a key from another server on the farm. You can disable IMA encryption by running CTXKEYTOOL with the disable option.

Installed only on servers that have multiple CPUs. Workstation None Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) ctxcpubal. which is the name that appears in the Services panel. might also appear if the license server is installed on the same server as XenApp. Licensing services. The Dependencies column lists the system components. Display Name (Service Name) Citrix 64-bit Virtual Memory Optimization Executable ctxsfosvc64.exe Local System/ Automatic Client Drive Mapping (CDM). which are not listed here. such as Windows services.\ctx_cpuuser/Manual nhances E resource management across multiple CPUs. and privileges. Dependencies None Citrix Client Network (CdmService) cdmsvc. their accounts. associated permissions. Windows Management Instrumentation Driver Extensions. Maps client drives and peripherals for access in sessions. Citrix services. on which the service depends.XenApp Service Account Privileges These tables provide information about the services installed by default with XenApp. XenApp Services Overview This table lists the display name for the service. When the display name and the service name differ.exe Logon Account / Startup Type Local System/ Manual Description Dynamically optimizes 64-bit applications running on a XenApp server. the table provides service name in (parentheses).exe . The Dependencies column also includes subdependencies that might not appear on the Dependencies tab for the service. 337 . or drivers.

exe NT AUTHORITY\ NetworkService/ Automatic 338 . Remote Procedure Call (RPC) CdfSvc. Workstation Citrix Independent Management Architecture (IMAService) ImaSrv. Enables secure communication with RC5 128-bit encryption between Citrix Receiver and XenApp. Collects and collates end-user experience measurements.exe Local System/ Manual Manages resource consumption to enforce entitlement policies. IPsec Policy Agent. Remote Procedure Call (RPC).exe Monitoring and Recovery (CitrixHealthMon) NT AUTHORITY\ Local Service/ Automatic Citrix Independent Management Architecture service Citrix Services Manager service. Provides management services in the XenApp farm. Manages and controls diagnostic trace sessions. Provides health monitoring and recovery services in the event problems occur. TCP/IP Protocol Driver.exe Local Service/ Manual Citrix SMC Support Driver Citrix Health HCAService. which diagnose problems on a XenApp server. Server.XenApp Service Account Privileges Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) Citrix Diagnostic Facility COM Server (CdfSvc) ctxcpusched.exe NT AUTHORITY\ Local Service/ Automatic Windows Management Instrumentation Driver Extensions Citrix End User Experience Monitoring (Citrix EUEM) SemsService.exe NT AUTHORITY\ Network Service/Automatic Remote Procedure Call (RPC) Citrix Encryption Service encsvc. Windows Management Instrumentation Driver Extensions.

Supports the Citrix Universal Printing features.XenApp Service Account Privileges Citrix MFCOM Service (MFCom) mfcom. Citrix Services Manager service Print Spooler. Remote Procedure Call (RPC) CTXSFOSvc.exe . Remote Procedure Call (RPC) Citrix Print Manager Service (cpsvc) CpSvc. Proxy to the Citrix Secure Gateway server.exe NT AUTHORITY\ Network Service/ Automatic None Citrix Services IMAAdvanceSrv.exe NT AUTHORITY\ NetworkService/ Automatic Provides COM services that allow remote connections from the management tools. Local System /Manual Dynamically optimizes applications running on a XenApp server to free up server memory.exe Local Service/Automatic Manages the creation of printers and driver usage within XenApp sessions. Remote Procedure Call (RPC). Other services use this services for elevated operations.exe None 339 .exeLocal System Manager /Automatic (IMAAdvanceSrv) None Citrix Streaming Service (RadeSvc) Citrix Virtual Memory Optimization RadeSvc. Provides XenApp with an interface to the operating system. Citrix Independent Management Architecture service. Citrix Secure Gateway Proxy (CtxSecGwy) CtxSGSvc.\Ctx_StreamingSvc Manages the /Automatic Citrix Offline Plug-in when streaming applications.

exe Network Service /Automatic Services XML data requests sent by XenApp components Services network requests for session reliability and SSL from XenApp components. Windows Management Instrumentation Driver Extensions. Workstation None Citrix XML Service (CtxHttp) ctxxmlss. Citrix XTE XTE. Server. Account Name Local Service Network Service Local System Permissions Limited Limited. IPsec Policy Agent.exe Server (CitrixXTEServer) NT AUTHORITY\ NetworkService /Manual None Caution: Citrix does not recommend altering account permissions and privileges. Citrix Independent Management Architecture service .exe Service (CitrixWMIservice) NT AUTHORITY\ Local Service/Manual Provides the Citrix WMI classes for information and management purposes. XenApp might not function correctly.XenApp Service Account Privileges Citrix WMI ctxwmisvc. Citrix Services Manager service. network resources Administrator Notes NT AUTHORITY\LocalService NT AUTHORITY\NetworkService NT AUTHORITY\System 340 . TCP/IP Protocol Driver. Permissions for Service User Accounts This table lists the permissions associated with accounts XenApp services use. Remote Procedure Call (RPC). If you delete the accounts or alter their permissions incorrectly.

341 . Privileges Change the system time Generate security audits Increase quotas Log on as a batch job Log on as a service Replace a process level token Debug programs Local Service x x x x x x Network Service x x x x x x Ctx_ConfigMgr       x x   Ctx_CpuUser       x x         x Increase       x scheduling priority Citrix does not support changing the account for the Citrix Streaming Service (Ctx_StreamingSvc). you can create domain accounts to replace the Ctx_ConfigMgr and Ctx_CpuUser accounts before installing XenApp. restore files and directories. deny log on locally. Ensure the new account has the same privileges as the default account. which has the privileges: log on as a batch job. and take ownership of files or other objects.XenApp Service Account Privileges Ctx_StreamingSvc Ctx_ConfigMgr Ctx_CpuUser Domain or local user Domain or local user Domain or local user Acts as a User Acts as a Power User Acts as a User Privileges for Service User Accounts If your organization requires that service accounts run as domain accounts and not as local accounts. deny remote log on. backup files and directories. log on as a service.

Use these settings to maintain the farm. 342 . select All Programs > Citrix > Management Consoles and choose Citrix AppCenter. Folders are also useful for Object Based Delegated Administration. You can customize your view and group applications or servers in folders to make navigating through their AppCenter listings easier.Maintaining Server Farms A server farm is a group of servers running Citrix XenApp and managed as a single entity. From the Start menu. assuming no applications are published on the data collector. In addition. Grouping servers into folders can facilitate the process of delegating administrative tasks to Citrix administrators. For more information. see the Policy Settings Reference. optimizing and monitoring server performance. configure Citrix policy settings in the AppCenter or the Local Group Policy Editor. depending on whether or not you use Active Directory in your XenApp environment. Performing farm maintenance tasks from a server hosting published applications can slow down users trying to connect to published applications and take longer to update in the data store. Citrix recommends performing farm maintenance tasks from the data collector. The servers in the server farm share a single IMA-based data store. because this updates farm data faster. including scheduling restarts. the Actions pane provides quick access to related options for the selected item. When you select an item in the navigation pane. The Citrix AppCenter provides a wide variety of summary information about the farm and each server in the farm. and setting the port for the Citrix XML Service and License Server.

Lets you search for all of the servers missing a specific hotfix. Lists the sessions to which a specific user is connected. This feature is useful if you want to check that you applied a hotfix to all servers in your farm. in the navigation pane. and servers that do not have a specific hotfix applied to them. select one of the following: q Discovered items. Type a hotfix number in the Name box. q 343 . 2. Type a user name in the Name box. Applications By User. From the Citrix AppCenter. Type a user name in the Name box. 3. Use the Browse button to select one of the Citrix Resources locations to search in. 1. select Search for items. in the Find box. q q Servers without hotfix. Sessions By User.To search for objects in your farm XenApp provides an advanced search feature so that you can search for the objects in your farm such as discovered items. sessions or applications by user. select Search. and in the Actions pane. In the Advanced Search dialog box. Searches discovered items. Lists the applications that the specified user is using.

The selections you make here become the new default settings. Select the color depth for the application. From the Citrix AppCenter. choose from the following selections. 1. In the Actions pane. this feature fails. or Better Appearance (32-bit). 56-Bit (RC5) encrypts the connection with RC5 56-bit encryption. In the Launch ICA Desktop Session dialog box. q q q Basic encrypts the connection using a non-RC5 algorithm (default setting). 128-Bit (RC5) encrypts the connection with RC5 128-bit encryption. Encryption. Colors (Better Speed by default). 3.To change a server's desktop settings To perform administrator tasks on a server's desktop. If it is set to Prohibited. you can access a server’s desktop only if the desktop of the selected server is published. select a server. q q q q 344 . Better Speed (16-bit). The available options are 256 colors (8-bit). Configure the Citrix policies setting for Desktop launches to Allowed. and choose one of the following settings: q Connect to server’s published desktop Connect directly to server's desktop 4. Configure connection settings to your servers through the Microsoft Management Console (MMC) using Remote Desktop Session Host Configuration. select Other Tasks > Connect to server. Select one of the following options from the list. 128-Bit Login Only (RC5) encrypts the logon data with RC5 128-bit encryption and the ICA connection with basic encryption. Basic encryption protects the data stream from being read directly but can be decrypted. q q Accept the Width and Height values (800 x 600 by default) or specify a different resolution. 2. 40-Bit (RC5) encrypts the connection with RC5 40-bit encryption.

If the user then starts another published application without logging off from the first application. you can limit the number of concurrent connections that users can make. Specify the maximum number of concurrent connections a user can make to any single server at the same time (value range 0 .8192). Enable or disable the logging of events (to the server log) about connection attempts that are denied because they exceed logon limits. Enable or disable connection limit enforcement for Citrix administrators. Limits on administrator sessions. 345 . the client establishes a connection to a server in the farm and initiates a client session.To limit the number of server connections per user When a user starts a published application. the user has two concurrent connections to the server farm. Configure the Citrix Computer policy for Server Settings > Connection Limits by setting the following options: q Limit user sessions. To conserve resources. q q Logging of logon limit events. Important: Limiting connections for Citrix administrators can adversely affect their ability to shadow other users.

use these options to reroute logons to other servers. Citrix recommends that you drain the server slowly by denying new logons (rerouting them to other servers). Enable all logons. Important: Citrix strongly recommends that you use these Logon control options (instead of the Windows Remote Desktop Services options) to control logons to XenApp servers. but allowing users to reconnect to disconnected sessions. thus preventing loss of user data. and session sharing to other servers. Reroute new connections and session sharing. and session sharing. From the Actions menu. After resetting logon control. 1. and session sharing (default setting). as above. but allowing users to reconnect to disconnected sessions and close applications cleanly. reconnections. Reroute new connections and session sharing. select the server. Before taking a server offline. such as for maintenance. This state persists until you change it manually. Prohibit logons only. 2. Prohibit logons and reconnections. the selected option does not appear in the list. but after restarting the server. reconnections. select Other Tasks > Logon control and one of the following: q Allow logons and reconnections. q q Prohibit logons until server restart. logons are enabled for each server in a farm. the setting automatically changes back to Allow logons and reconnections.To enable or deny logons to servers By default. allowing connections. Reroute all logons. reconnections. q 346 . From the Citrix AppCenter.

Citrix recommends maintaining restart groups of no more than 100 servers. the servers can be restarted between 10:45 PM and 11:15 PM. start date and time. In large server farms with hundreds of servers. or when the database hardware is not sufficient. if the reboot schedule time is 11:00 PM and the randomization interval is 15 minutes. each server is restarted at the selected time in its own time zone. When added to a policy. the restarts do not happen simultaneously. depending on the size and configuration of the server farm. this setting distributes server restarts in a uniform manner within the interval specified. When the Citrix Independent Management Architecture (IMA) service starts after a restart. This means that if you apply a schedule to servers that are located in more than one time zone. To reduce the load on the data store and to reduce the IMA service start time. Restart schedules are based on the local time for each server to which they apply. Additionally. The interval value represents the number of minutes before or after the scheduled restart time at which the servers can be restarted. with at least 10 minute intervals between groups. For example.Restarting Servers at Scheduled Times To optimize performance. you can restart servers automatically at specified intervals by creating a restart schedule. and warnings to users. enable the Scheduled reboots setting and configure related policy settings for frequency. it establishes a connection to the data store and updates the local host cache. This update can vary from a few hundred kilobytes of data to several megabytes of data. restart servers in groups of approximately 50. configure the Reboot schedule randomization interval setting which prevents servers in the same local time zone from restarting at the same time. To create a server restart schedule. 347 .

do so in the following order: q Citrix Management (such as Citrix AppCenter) XenApp Advanced Configuration utility or Presentation Server Console. if installed Citrix XenApp Citrix Web Interface Citrix Licensing q q q q 348 .Removing and Reinstalling XenApp Tasks you might need to perform to remove servers from your farm or remove XenApp software from a server include: q Moving a server to another farm Renaming a server Removing a server from your farm Removing XenApp from a computer in your farm or forcing its removal Removing a server from your farm if the hardware hosting XenApp fails q q q q To accomplish these tasks. including moving or removing a server from the farm and renaming a XenApp server. To remove XenApp remotely. After the program is finished. see the procedures in this section for related tasks. If you want to remove only specific components of XenApp. or repair the installation. you can do so from within a Remote Desktop Connection (RDC) session or using tools such as Microsoft Configuration Manager 2007 (formerly Systems Management Server (SMS)). you might need to remove XenApp from its host computer. click Uninstall. In addition. This method removes the host information from the farm data store and removes the server from the farm properties displayed in the management tools. restart the server. Removing XenApp Citrix recommends that you remove XenApp by using Control Panel > Programs and Features while the server is still connected to the farm and the network. remove it from the farm or from the list of farm servers in the Citrix AppCenter. Select Citrix XenApp <version>.

The following sample command line enables logging of the uninstallation operation and forces the removal of XenApp: msiexec /x mps. XenApp overwrites all files and settings with those from the original installation. If you customized any of the files or features in your XenApp installation. Set its value to Yes. The records in the data store for the old server apply to its replacement of the same name. Reinstalling XenApp Due to Hardware Failure If the hardware for a server fails and needs to be replaced.msi is the name and location of the msi package. log off from all sessions and exit any applications running on the server. running the repair utility replaces your customizations with the original files and settings. you can use msiexec on a command line to add the property: CTX_MF_FORCE_SUBSYSTEM_UNINSTALL.msi /L*v c:\output.Removing and Reinstalling XenApp Forcing the Removal of XenApp To force the removal of XenApp from a computer. including: q Server name Operating system Settings for applications made during installation or when the application was published User accounts q q q Backing Up and Restoring the XenApp Data Store Many data store maintenance tasks are performed using the DSMAINT and DSCHECK commands. Ensure that the replacement server settings are identical to the failed server.log CTX_MF_FORCE_SUBSYSTEM_UNINSTALL=Yes where mps. see the Command Reference and Data Store Database Reference documentation. After you finish. restart the server when prompted. change its name to the same name as the failed server before you connect its replacement server to your network. Assigning the replacement server the failed server’s name lets the replacement have the same properties and functionality as the failed XenApp server. Repairing a XenApp Installation Before you start. When you run the repair utility from Control Panel > Programs and Features. 349 . For more information.

1. Add the new server name to the list of configured servers for published applications.To rename a XenApp server Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. 7. set the HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Citrix\IMA\RUNTIME\PSRequired registry value to 1. stop the Citrix Independent Management Architecture service. load evaluators. Change the name of the server in the server operating system and restart the server. run chglogon /disable to prevent users from logging on to the server. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Caution: Not changing the PSRequired registry value to 1 can result in incomplete records in the data store. change all objects that reference the old name to the new server name. This might require logging on to the XenApp Advanced Configuration tool or Presentation Server Console as well. Changing this value to 1 forces the Citrix Independent Management Architecture service to communicate with the data store and create a record for the newly named server. 10. Use Registry Editor at your own risk. 8. 2. On the server you want to rename. In the Registry. published application references. Important: Before removing the old server name. and remove the server to be renamed from published applications assigned to that server. The value for PSRequired reverts to 0 the next time the Citrix Independent Management Architecture service restarts. 6. Open the Citrix Management. on a different server. 3. and zone settings. Update all references to the old server to the new server name. Make sure you back up the registry before you edit it. 5. including data collector ranking. 32-bit Edition. On the server you want to rename. This value is HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA \RUNTIME\PSRequired on XenApp. 9. such as Citrix AppCenter. Log on to the console using the local administrator account you created. Expand the Servers folder and remove the old server name from the list of servers. 4. 350 . Create a Citrix local administrator account on the server you want to rename.

In the left pane. disconnect the server from the network. b. 4. Both methods remove the server from the farm data store and from the lists of servers displayed in the AppCenter. Citrix recommends that you use the Citrix AppCenter to remove a server from the farm only in cases where the server cannot be started to run the Windows uninstall program. If it reconnects to the network. and check that the server was removed from the farm successfully. open the AppCenter. Caution: Do not reconnect the server to the network until you re-image it or remove its XenApp software. 351 . run or rerun Discovery.exe. From the Action menu. use XenApp Server Configuration Tool accessed through the Server Role Manager. a “clean” installation and not an upgrade) and XenApp (if you want to reuse the hardware for that server). If the hardware for a server fails or it cannot be started to run the uninstall program. Caution: If you remove all servers belonging to a single domain and have Citrix administrators in the domain. it can corrupt your farm. select the server. 3. remove the server. 2. their user accounts cannot be enumerated by the AppCenter and appear as a question mark (?) in the list of Citrix administrators. With the server connected to the network and online in the farm. After you ensure the server no longer appears in the farm.To move or remove a server To move a XenApp server from the farm or join the server to another farm. 5. remove XenApp from the server from Control Panel > Programs and Features by selecting Citrix XenApp <version> and selecting Uninstall. Run the dscheck command on the data store to repair any consistency errors. Alternatively. select Other Tasks > Remove from farm. On a different server in the farm. Perform a new installation of operating system (that is. If the server from which you removed XenApp still appears in the AppCenter: a. use the command-line through XenAppConfig. To remove a server from a farm 1.

the data collector is not used for serving applications. Use the load balancing feature of XenApp with Health Monitoring and Recovery to ensure that if a server in the farm experiences a problem (for example the Citrix IMA Service is down). including the data collector. Health monitoring tests. For descriptions of recovery actions. By default. particularly in a large farm. 352 . Citrix provides a standard set of tests. q q For information about draining a server before taking it offline. Use this setting to specify the percentage of servers that can be offline and excluded from load balancing. see Modifying Health Monitoring and Recovery Actions. If you do not want Health Monitoring & Recovery to run on the data collector. Typically. see the Load Management section in eDocs. including custom tests that you develop. the state of that server does not interfere with the user’s ability to access the application because the user’s connection to that application is redirected through another server. Citrix IMA Service. The Citrix tests included with XenApp allow you to monitor several services and activities including Remote Desktop Services. and the tests that are included run on all servers. For more information about load balancing and using Load Manager. Maximum percent of servers with logon control (10 percent by default). and logon/logoff cycles. see To enable or deny logons to servers. Configure the Citrix Computer policy for Server Settings > Health Monitoring and Recovery by setting the following options: q Health monitoring (enabled by default). you have the option of importing additional tests. XML Service. Store all custom tests in the following location: %Program Files%\Citrix\HealthMon\Tests\Custom\ where %Program Files% is the location in which you installed XenApp. you do not need to run these tests on the data collector because. you must disable it manually.Monitoring Server Performance with Health Monitoring & Recovery You can use Health Monitoring and Recovery to run tests on the servers in a server farm to monitor their state and discover any health risks. Use this setting to specify which tests to run. do not include spaces in the file names. Use this setting to allow or prevent the Health Monitoring and Recovery feature. Select from a standard set of Citrix tests (described below) or add your own customized tests. When saving custom tests. Health Monitoring and Recovery is enabled on all of the servers in your farm.

use a 24-hour test interval (86. interval. This test ensures the data stored in the XenApp server’s local host cache is not corrupted and that there are no duplicate entries. Because this test can be CPU-intensive. and threshold can be configured by modifying the parameters in the Test file field. Logon monitor test This test monitors session logon/logoff cycles to determine whether or not there is a problem with session initialization or possibly an application failure. Recovery Citrix Tests Citrix IMA Service test This test queries the service to ensure that it is running by enumerating the applications available on the server. Remote Desktop Services test This test enumerates the list of sessions running on the server and the session user information. Default is 50 cycles. such as user name. If there are numerous logon/logoff cycles within a short time period. The time period designated to monitor logon/logoff cycles. 353 . The session time. A failure occurs if the returned IP address does not match the IP address that is registered locally. To perform reverse DNS lookups in addition to forward DNS lookups.Monitoring Server Performance with Health Monitoring &amp. These parameters are listed and described in the following table.400 seconds) and keep the default test threshold and time-out values. Logon monitor test parameter SessionTime SessionInterval SessionThreshold Description Defines the maximum session time for a short logon/logoff cycle. Check Local Host Cache test Citrix does not recommend running this test unless you have problems with corrupted local host caches. the threshold for the session is exceeded and a failure occurs. Check DNS test This test performs a forward DNS lookup using the local host name to query the local DNS server in the computer’s environment for the computer’s IP address. Default is five seconds. XML Service test This test requests a ticket from the XML service running on the server and prints the ticket. use the flag /rl when running this test. The number of logon/logoff cycles that must occur within the session interval for the test to fail. Default is 600 seconds.

printer processors. Check XML Threads test This test inspects the threshold of the current number of worker threads running in the Citrix XML Service. Citrix Print Manager Service test This test enumerates session printers to determine the health of the Citrix Print Manager service. A failure occurs if the current value is greater than the input value. A failure occurs if the test cannot enumerate session printers. The test detects the default ICA port of the server. ensure the permissions of the files and registry keys that the test accesses are set properly. run the LHCTestACLsUtil. When running this test. 354 .exe file located in C:\Program Files (x86)\Citrix\System32 of the XenApp server. To do this. and sends test data in anticipation of a response. Microsoft Print Spooler Service test This test enumerates printer drivers. The test is successful when the server responds to the test with the correct data.Monitoring Server Performance with Health Monitoring &amp. To run this utility. use a single integer parameter to set the maximum allowable threshold value. connects to the port. you must have local administrator privileges. and printers to determine whether or not the Print Spooler Service in Windows Server 2008 is healthy and ready for use ICA Listener test This test determines whether or not the XenApp server is able to accept ICA connections. The test compares the current value on the XenApp server with the input value. Recovery Before running this test.

the instance list contains all active ICA sessions. click the plus sign next to ICA Session and select the individual counters to be added. open the Server Manager console. 5. An active session is one that is logged on to successfully and is in use. which is part of the Windows operating system. 2. select ICA Session. selection Action > Properties. Click Add. By using Performance Monitor. although you can select ICA counters to monitor. Select All instances to enable all instances of the selected ICA counters. select the Data tab. 4. To add one or more ICA counters. 8. 6. from the Select counters from computer drop-down list. 355 . you see no performance data for that session until shadowing is terminated. 9. or Select instances from list and highlight only the instances you need. select Diagnostics > Performance > Monitoring Tools > Performance Monitor. Note: In a shadowing session. To add all ICA counters. In the Available counters list. which includes any session (shadower) that is shadowing an active ICA session (shadowee). In the Add Counters dialog box. In the Performance Monitors dialog box. In Performance Monitor. No instance. in the Available counters list. a shadowing session is one that initiated shadowing of another ICA session. Performance monitoring provides valuable information about utilization of network bandwidth and helps determine if a bottleneck exists. From the menu bar. On the server where XenApp is installed. 3. 10. ensure Local computer is selected. you can monitor the following counters: q Bandwidth and compression counters for ICA sessions and computers running XenApp Bandwidth counters for individual virtual channels within an ICA session Latency counters for ICA sessions q q 1. Click Add and then click Close. 7.Using Citrix Performance Monitoring Counters Performance monitoring counters for ICA data are installed with XenApp and can be accessed from Performance Monitor. select ICA Session. In the Tree view.

see your Windows documentation.Using Citrix Performance Monitoring Counters You can now use Performance Monitor to view and analyze performance data for the ICA counters you added. 356 . For more information about using Performance Monitor.

If your environment includes Active Directory. When adding servers to worker groups for application publishing. consider the following: q A farm server can belong to multiple worker groups A worker group can include any number of XenApp servers or none at all Only servers that belong to the same XenApp farm are included in a worker group q q Publishing Applications When publishing an application. To increase capacity for the application. Load Balancing Access to Published Resources To ensure an optimal experience for users accessing published resources. all XenApp servers in the worker group must have the application installed. you can create the worker group based on the Organizational Unit (OU) that includes the servers hosting the application.Using Worker Groups for Enhanced Resource Access Worker groups are collections of XenApp servers. you can: q Streamline application publishing to multiple farm servers Load balance access to published resources Filter policies so that settings are applied only to sessions hosted on a specific set of farm servers Assign load evaluators to multiple farm servers q q q When using worker groups. XenApp checks to ensure the application is installed on the farm servers in the worker group. New servers that you add to the OU are automatically included in the worker group. residing in the same farm. Using worker groups. You can use load balancing policies to: 357 . To increase capacity for the application. that are managed as a single unit. XenApp provides load balancing policies to direct users to the least-loaded XenApp server hosting the resource. you add servers to the OU. If the application is not installed. the application does not launch and an error is logged to the Application event log on the data collector. you can add more servers to the worker group rather than modify the application properties. you can use worker groups to specify the servers hosting the application. When a user attempts to launch an application.

XenApp uses the worker group preference list from the highest priority policy to direct the user. Using Worker Groups to Filter Policies You can use the Worker Group filter in Citrix policies to apply policy settings to connections. Instead. Web Interface provides the correct client name. If multiple load balancing policies apply to a single user. click the Browse button on the Add Filter Element dialog box. If a user attempts to launch an application that is not installed on any servers in any of the listed worker groups. create a worker group preference list to prioritize the servers that users can access. client name. To ensure the worker groups specified are correctly entered. A priority of 1 is considered the highest priority. the launch attempt fails and an error is logged to the Application event log on the data collector. When adding the filter. After you create load balancing policies. you prioritize them just as you would any other Citrix policy. When a user launches a published application. configure a filter so that the load balancing policy can be applied to users when they access published resources. you can filter based on access control. you can specify worker groups by entering the name or by selecting worker groups from a list. When entering worker groups by name. Additionally. regardless of priority. When the session launches. Users are not directed to servers in worker groups that are not included in the worker group preference list. or if the worker group is renamed or deleted. the policy engine does not recognize the filter and the policy filter is not applied. Users are directed to servers in lower priority worker groups if servers in the higher priority worker groups are offline or have reached maximum capacity. If you do not configure a filter. Important: Load balancing policies that are filtered based on client name have no effect on sessions created through Web Interface. As with other Citrix policies. be aware that the policy engine does not check to ensure the accuracy of the entry.Using Worker Groups for Enhanced Resource Access q Reduce WAN traffic by directing users to the closest regional server Direct users to a backup server in the event of an outage Direct a specific group of users to a group of dedicated servers q q Load balancing policies consist of the following elements: q A filter to determine when the policy is applied A worker group preference list to determine the servers to which users are directed when logging on q When you create a load balancing policy. This enables XenApp to assemble a current list of 358 . This is because Web Interface does not provide the actual client name during load balancing. client IP address. and users. prior to session launch. If the worker group name is entered incorrectly. the load balancing policy directs the user to servers in the highest priority worker groups first. Preference lists from lower priority load balancing policies are not considered. to ensure users are directed to the appropriate servers. the load balancing policy will have no effect when users log on. Web Interface overrides the client name when load balancing policies are evaluated.

you add the Load Evaluator Name policy setting to a new or existing Citrix policy and select the load evaluator you want to assign. When assigning a load evaluator to farm servers. Although you can add multiple worker groups to the filter. Note: When adding worker groups to the filter for the first time.Using Worker Groups for Enhanced Resource Access worker groups in the farm. However. the list of available worker groups appears after a delay of several seconds. each XenApp server must have a load evaluator assigned to it. To specify the XenApp servers to be managed. Using Worker Groups to Assign Load Evaluators To participate in load management. this delay is reduced when adding subsequent worker groups to the filter. you add the Worker Group filter to the policy and specify the worker group by name. 359 . you can select only one worker group from the list at a time.

In the Create Worker Group dialog box.To create a worker group 1. 4. q 6. select the Worker Groups node in the left pane. those servers are not considered part of the worker group. Select Active Directory Server Groups to add servers based on membership in a specific group. For example. select one of the following options: q Select Active Directory Containers to add servers based on organizational unit membership. select the organizational units that contain the servers you want to add to the worker group. 3. Use this option if you do not use Active Directory in your environment. type a name for the worker group. In Select source. click Create Worker Group. q Select Farm Servers to add individual XenApp servers to the worker group. 5. Select the groups of servers you want to add to the worker group. 2. 360 . From the Citrix AppCenter. If an organizational unit contains XenApp servers that reside in other farms. Click Add. Note: Only XenApp servers that reside in the same farm are included in the worker group. if you selected Active Directory Containers in the previous step. From the Actions pane.

To adjust the priority of the worker groups in the list. select the Load Balancing Policies node in the left pane. 2. select a load balancing policy. select Worker Group Preference and then select Configure application connection preference based on worker group. select the Load Balancing Policies node in the left pane. From the Actions pane. 3. 5. 4. From the Actions pane. From the Citrix AppCenter. Click Increase Priority or Decrease Priority to adjust incrementally the priority of the worker group. from highest (1) to lowest. Under Filters. q 361 . 2. select the filter to use to determine when the load balancing policy is applied. Click Add to add the worker group to the list. select a worker group and then perform one of the following actions: q Click Set priority and enter the priority level you want for the worker group. Multiple worker groups can share the same priority. 7.Creating and Prioritizing Load Balancing Policies 1. Click Increase priority or Decrease priority as appropriate to adjust incrementally the priority of the policy. 3. From the middle pane. Entering a priority for a worker group does not affect the priority of any other worker group in the list. Click Add and select the worker group you want to include. Under Load Balancing Policies. perform one of the following actions: q Click Set priority and enter the priority level you want for the policy. Each worker group you add is automatically assigned a priority. q To adjust the priority of a load balancing policy 1. 6. From the AppCenter. click Create load balancing policy.

to keep ICA traffic from going over the WAN. q For more information about worker groups. Create a policy that applies to connections from a worker group. you configure it in the Citrix AppCenter through the Load Balancing Policies. you can specify that if all servers in a worker group go offline. see Creating Worker Groups.Enhancing the Performance of a Remote Group of Servers For business continuity. Then. This makes XenApp route incoming connection requests from users to that worker group first. you should: q Direct requests for applications by specifying a Worker Group connection order in the Load Balancing Policies. As a best practice. This feature is known as Worker Group Preference and Failover. specify that worker group as the Primary Group in the policy. XenApp redirects user connections to a backup worker group. 362 .

Sessions with higher importance levels are directed to servers with lower resource allotments. Normal. Preferential Load Balancing calculates importance levels based on the Resource Allotment for each session. By default. doctors and nurses in a hospital are specified as important users and MRI scans and X-rays are specified as important applications. Continue by configuring the Citrix User policy setting for Server Session Settings > Session importance by setting the Value (High. The Resource Allotment is determined by the importance levels of both the session and the published application that the session is running.Using Preferential Load Balancing Preferential Load Balancing assigns importance levels (Low. a Normal level of service is assigned to all users and applications. Normal. configure the Citrix Computer policy setting for Server Settings > Memory/CPU > CPU management server level and select Preferential Load Balancing. You can modify an application's importance level in the Limits section of the application properties. set the application importance level when publishing the application. or High) to specific users and applications. Low). To enable Preferential Load Balancing. Finally. These important users and applications with higher levels of service connect to their sessions more quickly and have more computing resources available to them. For example. 363 .

The higher a session’s Resource Allotment. The policy engine bases the session result on the session importance policy setting. 364 .Resource Allotment Resource Allotment is calculated based on the published application importance level and the result of the XenApp policy engine for that session. As a result Session 1 gets the highest percentage of CPU cycles (90%) of any session running in the farm. as opposed to three). and at the same time has to compete with fewer sessions on that server (there are only two sessions on Server 2. Any new session would be assigned to Server 1 because it has the lowest Resource Allotment of the three servers. the higher service it receives compared with those other sessions. It illustrates how a session’s Resource Allotment affects its competition with other sessions on the same server and on different servers. Session 1 on Server 2 has a relatively high Resource Allotment compared with all other sessions in the farm. as well as sessions on other XenApp servers. The figure illustrates a XenApp farm running sessions with different Resource Allotments. The session with the highest Resource Allotment gets the highest percentage of CPU cycles of any sessions running in the farm. A session’s Resource Allotment determines the level of service it experiences in comparison with other sessions on the same XenApp server.

Use this table to help determine how to set your importance levels for applications and sessions. The most powerful session is one with a high importance policy setting (3) running a high importance application (3). the least powerful session is one with a low importance policy setting (1) running a low importance application (1). with a total Resource Allotment of 9 (3x3).Resource Allotment The three application importance settings have Resource Allotment values associated with them. To determine the effective Resource Allotment associated with a session running the published application. with a total Resource Allotment of 1 (1x1). as do the three session importance policy settings. Resource Allotments based on importance levels Application Importance Low (1) Low (1) Low (1) Normal (2) Session Importance (from policy) Low (1) Normal (2) High (3) Low (1) Session Resource Allotment 1 2 3 2 365 . Conversely. multiply the application importance value by the session importance policy value.

Resource Allotment Normal (2) Normal (2) High (3) High (3) High (3) Normal (2) High (3) Low (1) Normal (2) High (3) 4 6 3 6 9 366 .

if the maximum importance level of the remaining applications is lower. 367 .Multiple Published Applications in the Same Session Session sharing allows multiple published applications to run in the same session. the Resource Allotment is calculated based on the maximum application importance level setting of all the published applications running in the session multiplied by the session importance policy setting. the importance level of the new application is compared with the maximum of all current application importance levels. Similarly. the session’s Resource Allotment is recalculated and the session’s CPU entitlement adjusted upwards. the session’s Resource Allotment is recalculated and the session’s CPU entitlement adjusted downward. If the importance level of the new application is greater. when an application is closed. When an application is launched in an existing session. During session sharing.

You can exclude specified users from CPU restrictions. This feature allows you to control the share. Do not enable CPU utilization management on farms or servers that host: q CPU-intensive applications that may require a user to have a share of the CPU greater than that allocated to fellow users. CPU utilization management allocates four shares for each user. which represents the entire CPU resource on the computer. Important: The Dynamic Fair Share Scheduling (DFSS) aspect of the Windows Remote Desktop Services role is incompatible with CPU utilization management. If there are four users. the total cannot be more than 99%. By default. When you enable CPU utilization management. each user receives 50% of the CPU time. For CPU reservation. each user receives 25% of the CPU time. other users or processes can use the available resource.Managing CPU Usage The CPU utilization management feature can be used to improve the ability of a farm to manage resources and normalize CPU peaks when the farm’s performance becomes limited by CPU-intensive operations. This feature is not enabled by default. The CPU utilization management feature ensures that CPU resources are equitably shared among users by having the server allocate an equal share of the CPU to each user. you must disable the Microsoft Dynamic Fair Share Scheduling (DFSS). This is accomplished by providing CPU reservation and CPU shares. Up to 20% of the work capability of a single CPU on a server is always set aside for the local system account and is not available to users. CPU shares are percentages of the CPU time. q To enable CPU utilization management You can enable CPU utilization management using Citrix policy settings. If all of a reserved allocation is not being used. If two users are logged on to a server and the local system account does not need any of the resources on the system. this is an equal share. By default. the server manages the share of the CPU allocated to each user. Ensure that DFSS is disabled on each server where CPU Utilization Management is enabled. Special users who require higher priority access to servers. 368 . If you enable CPU utilization management. as needed. q CPU reservation is a percentage of your server’s CPU resource that is available to a user. q Important: The range for CPU share is 1 through 64 percent. This prevents one user from impacting the productivity of other users and allows more users to connect to a server.

Managing CPU Usage 1. Continue by applying one or more filters to the policy based on worker groups or organizational units. Choose one of the following settings: q Select Fair sharing of CPU between sessions to allocate an equal share of the CPU to each user. Select Preferential Load Balancing to allocate shares based on importance levels. 2. q 369 . Configure the Citrix Computer policy settings for Memory/CPU > CPU management server level.

The memory optimization feature includes the ability to set the schedule for DLL rebasing and to exclude specific applications from DLL rebasing. After memory optimization completes. If you enable memory optimization. 3. performance. Memory optimization is especially useful when user demand exceeds available RAM and causes farm performance to degrade. not all applications can be successfully optimized. an exclusion list of applications that cannot be optimized. if needed. and scalability by improving virtual memory utilization for a server using the Citrix memory optimization service. To create the list. Performance degradation can occur during peak times when users run memory-intensive applications in multiple sessions. The process is called rebasing. You do not want to enable memory utilization management on farms or servers that exclusively host signed or certified applications because these cannot be optimized. Using a test server hosting your published applications. XenApp can detect only some published applications that are signed or certified. You can add those applications that cannot be optimized to an exclusion list to bypass optimization.Deploying virtual memory optimization You can enhance system speed. run all published applications. Schedule memory optimization. enable memory optimization. 4. test the feature on a test server. The service changes the location that individual DLLs are loaded in memory to increase the amount of possible sharing. the scanning component runs regularly on the server. To test memory optimization before deployment 1. 370 . However. The service improves how DLLs are shared among applications running on the server. Add to the exclusion list those applications that fail. Rebasing is composed of two parts: A scanning component that locates modules that are candidates to be rebased. To enable memory optimization Configure the Citrix Computer policy setting for Memory/CPU > Memory optimization to enable the feature. and a rewriting component that performs the optimization. Continue by creating a memory optimization schedule for when a server rebases DLLs and. 2. For a variety of reasons. saving virtual and real memory. the rewriting component runs only when scheduled.

As a best practice. schedule virtual memory optimization at a time when your servers have their lightest loads. If you choose to run the program weekly or monthly. to exclude additional applications. With memory optimization enabled. but it stops working after you enable this feature. q q q q In general. Note that if the specified day does not occur in a given month. configure these Citrix Computer policy settings for Memory/CPU: q Memory optimization interval. monthly. specify the day of the week or month. such as day "31" in June. configure the Citrix policy settings for Memory/CPU > Memory optimization application exclusion list by adding the full path and executable name for the application. Applications whose DLLs are protected by Windows Rights Management. Enter the day of the month using values 1-31. Applications whose executable programmatically checks the DLL after it is loaded.exe where %Program Files% is the full path to the application. applications such as Office 2003 do not benefit from this feature. if an application was working. add the application to the exclusion list and see if the problem is resolved. Some types of application that cannot be optimized include: q Applications that reside on network shares (automatically excluded). Set the frequency internal to daily (default). For example. exclude those applications from memory optimization by adding them to the exclusion list. Applications that require a fixed DLL address. When the service rebases. The process automatically excludes some applications. However. if published applications fail after enabling and running memory optimization. memory optimization does not run in that month. This setting is used only if you set the interval to Monthly. Memory optimization schedule: day of month (1 by default). To create a memory optimization schedule After you enable virtual memory optimization. for example: C:\\%Program Files%\ProgramName. Applications that have digitally signed components.Deploying virtual memory optimization To create an exclusion list of applications Not all applications can be optimized successfully. or only when you restart your server. it changes the location that individual DLLs are loaded in memory to increase the amount of possible sharing. With memory optimization enabled. the server rebases DLLs automatically at server start-up. You can create an additional virtual memory optimization schedule that identifies other times when a server rebases DLLs for greater operating efficiency. weekly. q 371 .

This setting is used only if you set the interval to Weekly. Weekly. Select the day of the week that memory optimization runs. q 372 . Memory optimization schedule: time (3:00 AM by default). This setting is used only if you set the interval to Daily.Deploying virtual memory optimization q Memory optimization schedule: day of week (Sunday by default). or Monthly.

known as the local host cache. 373 . If the data store fails. which contains information about other servers in the farm. Farms comprise at least one zone or grouping of servers. Within the zone. Multiple zones are sometimes used to improve the performance on geographically segmented farms. each server on the farm also contains a backup of all data store information. and servers designated as backup data collectors. Whether you configure these functions on shared or stand-alone servers depends on your farm’s size and requirements. there is a data collector.Managing Farm Infrastructure All farms include infrastructure functions to support the servers hosting published applications.

if the Citrix Independent Management Architecture (IMA) Service is running. Member servers periodically query the data store to determine if changes were made since the server’s local host cache was last updated. If the IMA Service fails to start or you have a corrupt local host cache. it is possible that some servers will miss an update because of network problems. the local host cache. Deletes the existing local host cache (Imalhc. the server requests the changed information. When a change is made to the farm’s data store. providing each member server with quick access to data store information. If changes were made. When the IMA Service starts. the IMA Service fails to start. Running this command performs three actions: q Sets the value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\IMA\ RUNTIME\PSRequired to 1. a notification to update the local host cache is sent to all the servers in the farm. The data store server must be available for dsmaint recreatelhc to work. a server in the farm loses connectivity to the data store. you may need to recreate it. If the data store is not available. This action forces the local host cache to read all changes immediately from the farm’s data store. Recreating the Local Host Cache You can manually create the local host cache from the farm’s data store. but published applications do not appear correctly when users browse for application sets. if for example. stop the IMA Service and then run the command dsmaint recreatelhc. However.mdb) q q You must restart the IMA Service after running dsmaint recreatelhc. 374 .mdb) Creates an empty local host cache (Imalhc. The local host cache also provides redundancy of the data store information. Refreshing the local host cache is useful. Refreshing the Local Host Cache You can force a manual refresh of a server’s local host cache by executing dsmaint refreshlhc from a command prompt. the local host cache is populated with fresh data from the data store.Maintaining the Local Host Cache A subset of data store information. for example. To recreate the local host cache. A discrepancy in the local host cache occurs only if the IMA Service on a server misses a change event and is not synchronized correctly with the data store. exists on each server in the farm.

increase the query interval further. You can configure the interval by creating the following registry key on each server you want to adjust. Most changes made through the Citrix AppCenter are written to the data store. If the data store is experiencing high CPU usage when few read or write operations to the data store are occurring. Use Registry Editor at your own risk. it connects to a specified server. set the interval to 60 minutes and then restart all the servers in the farm. Continue these adjustments until data store CPU usage is normal. To test the query interval. it is possible that the data store is not powerful enough to manage a query interval of 30 minutes. The default interval is 30 minutes. Be sure to back up the registry before you edit it. you can try a smaller value. Important: Do not set the data store query interval higher than necessary. If the CPU usage returns to normal after you set a large query interval. The Citrix Independent Management Architecture (IMA) Service running on this server performs all reads and write operations to the data store for the AppCenter. If the CPU usage returns to normal. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Setting the interval higher than necessary can cause delays in updating the local host cache of the farm’s member servers. with the value expressed in hexadecimal notation: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\IMA\ DCNChangePollingInterval (DWORD) Value: 0x1B7740 (default 1. the data store query interval is probably the cause of the high CPU usage. If the data store is still experiencing constant high CPU usage.800. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. this default setting is sufficient. you can set the query interval to a very large number and test CPU usage. To determine whether or not the data store query interval is causing the high CPU usage on the data store.Tuning Local Host Cache Synchronization You can adjust the interval by which member servers query the farm's data store for missed changes. This interval serves as an important safeguard against lost updates. You can adjust the query interval based on performance testing. When you open one of these tools. 375 .000 milliseconds) You must restart the IMA Service for this setting to take effect. In most cases.

a server is elected as the data collector for that zone. 1. see the topics Designing a XenApp Deployment. You can create zones during XenApp installation or after installation.To configure zones and back-up data collectors A zone is a configurable grouping of XenApp servers. Preferred. This situation may arise if XenApp is installed on Windows domain controllers. Apply this setting to servers that you do not want to become the data collector for the zone. 4. For design considerations concerning zones and data collectors. Default Preference). On the Set server's election preferences page. Zones are view-only in the AppCenter. The default setting for all servers. click New > Create a new zone to open the wizard (this option appears only if two or more servers exist in the farm). Follow the instructions to name the zone and add or remove servers. if needed. you can create new zones. select the farm. If the data collector for the zone becomes unavailable. Preferred. From the AppCenter. where. 2. 5. By default. on the Actions menu. The server is always the first choice to become the data collector. Expand the server node and select Zones to view the existing zones for the farm. This is required to update the data collector information for each zone. XenApp elects the next collector from the Preferred servers if the Most Preferred server is not available. It is recommended that only one server per zone be given this setting. named Default Zone. Citrix does not support installing XenApp on a domain controller. q 376 . q q Not Preferred. all servers in the farm belong to the same zone. a new data collector is elected for the zone based on a simple ranking of servers in the zone. under Zones. When you create a server farm and whenever a new server joins a zone. To create or modify zones. Data collectors store information about the servers and published applications in the zone. Important: A primary domain controller or backup domain controller must not become the data collector for a zone. The next collector is selected from the Default servers if neither a Most Preferred server nor a Preferred server is available. select a server and click Edit to select the ranking for the server by choosing from the following election options: q Most Preferred. This setting means that this server becomes the data collector only when no servers are available with any of the other three settings (Most Preferred. Each zone in a server farm contains one server that is designated as the data collector for the zone. When electing a new data collector. Default Preference. Restart the affected servers to apply the changes. empty zones are automatically removed. 3. They act as communication gateways between zones in server farms that have more than one zone. Each zone must have at least one server.

To configure zones and back-up data collectors Zones are listed in the middle pane according to their election preference. right-click a server in the zone and select Change server's zone membership. right-click the zone name and select Rename. from the Zones node. q q 377 . To modify an existing zone q To rename a zone. To reset the ranking. right-click a server in the zone and select Change display > Election Preference. To move the selected server to another zone.

You want to specify another license server to point to individual servers to segregate licenses. To return and reallocate your licenses. or you would like to add a second license server to the farm and point half of the connections to it. This may involve returning and reallocating the licenses. if you change the license server name. Enter the License server port number (default 27000). The license server settings include the name of the license server that your farm accesses to check out licenses and the port number the license server uses to communicate. For example. If you change the port number. however. For example. you must download a license file that is generated for the new license server. If you decide to change the license server name.com. You want to point to a second license server to relieve some of the traffic to the first license server. configure the Citrix Computer policy for Licensing by setting the following options: q Enter the License server host name of the server hosting XenApp licenses. and you must specify a static Citrix vendor daemon port number. The default port number (27000) is already in use. q Changing the settings on this page is only one part of the procedure. For additional information. 378 . you have many connections and you find that it is slowing down the network. For details about setting the license server. go to www. ensure that a license server with the new name already exists on your network. Because license files are tied to the license server’s host name. you want to host the accounting department’s licenses on a server other than the human resources department.Updating Citrix License Server Settings XenApp servers must point to the license server where license files are stored. see Technologies > Licensing Your Product. You may want to change these settings in the following instances: q You rename your license server. You can change the settings through a Citrix Computer policy by specifying the name of the license server or port number that the license server uses to communicate in the Licensing section of the policy and apply the policy through filters. You have a firewall between the license server and the computers running your Citrix products. q q q q To change the name of the license server or port number that it uses to communicate. specify the new number in all license files on the server. see the installation topic Configuring XenApp Server Role License Information.mycitrix.

Locate the Citrix Computer policies for Server Settings.To set the product edition The product editions of XenApp support different features. 2. To apply the change. 379 . Make sure the edition you set match the licenses you installed. set the product edition on each server through Citrix policies. To activate the features available with a particular edition installed on each server. you must restart each server affected by the policy. The product edition also determines which type of license a server requests from the license server. 1. 3. Create a filter to apply the policy to specific worker groups. and configure the XenApp product edition setting.

In this case. XenApp server role installation configures the Citrix XML Service and Internet Information Service (IIS) to share the same TCP/IPport (80) for communications. By default. To change the XML service port 1. Use the XML Service policy setting to change the port number. you can change the XML port number if necessary. you configured the XML Service to either share the port with your Microsoft Internet Information Server or to use a particular port. 2. you cannot change the XML Service setting. During the installation of Citrix XenApp on your server. Trust is not required for explicit authentication. 1. Note: The port option appears only if you entered a different port number than the default Share with IIS during the Web Interface installation.Configuring the Citrix XML Service Port and Trust The Citrix XML Service is used by user devices connecting over the TCP/IP+HTTP protocol and the Web Interface. If you do not trust XML requests. Trusting requests sent to the XML Service means: 380 . If you specified a custom XML Service port during installation. Citrix recommends using port 8080. To enable XenApp to trust requests sent to the XML Service The trust setting is needed only for Smooth Roaming when users authenticate using pass-through or smart-card authentication with Web Interface. For details about the XenApp and Web Server (IIS) server roles. refer to the System Requirements topic for your version of XenApp. Locate Citrix Computer policy setting for XML Service. Locate Citrix Computer policy setting for XML Service. 2. certain features of XenApp are not available. Configure the Trust XML requests setting (disabled by default). Configure the XML service port setting. or for smart-card authentication with the Citrix Receiver (formerly called the Online Plug-in).

If you do not trust requests sent to the XML Service. When Internet Information Services (IIS) and the XML Service share a port. You implemented IPSec. this additional information is ignored. q q q q 381 . The same users need to move from one client device to another and still be able to pick up where they left off in published applications. You are selecting this setting only on servers that are contacted by the Web Interface. firewalls. q XenApp can use the information passed on from Access Gateway (Version 4. you can use workspace control to assist health-care workers in a hospital using smart cards. or another technology to ensure that only trusted services communicate with the Citrix XML Service. For example. To avoid security risks. use IPSec. who need to move quickly among workstations and be able to pick up where they left off in published applications. and when connecting with the Receiver using smart card authentication or the Kerberos pass-through option. Before enabling the Citrix XML Service to trust requests it receives. firewalls. or any technology that ensures that only trusted services communicate with the XML Service. You are restricting access to the XML Service to the servers running the Web Interface.0 or later) to control application access and session policies. enable the setting only under the following conditions: q Some users connecting to their sessions using the Web Interface are also using pass-through authentication or smart cards. This information includes Access Gateway filters that can be used to control access to published applications and to set XenApp session policies.Configuring the Citrix XML Service Port and Trust q Smooth Roaming works when connecting with the Web Interface using pass-through or smart card authentication. you can use IIS to restrict port access to include the IP addresses of servers running the Web Interface only.

to unload the XML Service from memory. for example. To install the XML service. start the XML Service by typing: net start ctxhttp 382 .To manually change the XML Service port to use a port different from IIS after installation Note: This setting takes effect only after the XML Service restarts. To ensure the XML Service is stopped.dll q q q q wpnbr. restart IIS by typing: net start w3svc The XML Service no longer shares a port with IIS. At a command prompt.dll radexml. At a command prompt. type: net stop ctxhttp 5. At a command prompt. 1. The XML Service port set using a Group Policy Object takes precedence over the port you set using the command-line in this method. stop IIS by typing: net stop w3svc 2. Delete the following files from the IIS scripts directory on your Web server: q ctxadmin. ctxxmlss /r88 forces the Citrix XML Service to use TCP/IP port 88. type: ctxxmlss /rnn where nn is the number of the port you want to use.dll CtxConfProxy.dll 3. type: ctxxmlss /u 6.dll ctxsta. 4. 7. at a command prompt. At a command prompt.

dll ctxxmlss.txt radexml.exe ctxxmlss. for example.dll These files are installed in \Program Files (x86)\Citrix\System32 during XenApp installation. 5. At a command prompt. type: ctxxmlss /u 3. use Windows Explorer to view and change the permissions.dll ctxsta. At a command prompt. create a folder called ctxadmin and copy the file ctxadmin.dll from \Program Files (x86)\Citrix\System32 to \Inetpub\AdminScripts\ctxadmin. stop and restart the Web server by typing: iisreset This setting takes effect after the Web server restarts.To manually configure Citrix XML Service to share the TCP port with IIS You must have Administrator privileges to configure the Citrix XML Service. q 4. 383 . 1.config ctxsta. The default scripts directory is \Inetpub\AdminScripts. At a command prompt. 6. Ensure that you have read and write permission to the files in the IIS scripts directory. to unregister the Citrix XML Service. Copy the following files to the IIS scripts directory on your Web server: q ctxconfproxy.dll q q q q q wpnbr. stop the XML Service by typing: net stop ctxhttp 2. In the IIS scripts directory.

Usage by Server displays the load evaluators that are attached to each server in the farm. The following load evaluators are included in XenApp: q Default. and Load Throttling rules. Memory Usage. XenApp selects the server with the lowest load and returns its address to the client. Working with Load Evaluators To access the load evaluators in XenApp. Usage by Application displays the load evaluators that are attached to the farm's published applications. and monitor server and published application loads in a server farm so that users can run the published applications they need quickly and efficiently. This load evaluator contains the CPU Utilization Load. the Current Settings tab displays at-a-glance the state of all the available load evaluator rules. and Load Throttling.Manage Server and Resource Loads You can set up. The following tabs are displayed: q Load Evaluators displays all the load evaluators created for the farm in a list. When any rule for any relevant load evaluator reports full load or exceeds its threshold. XenApp assigns the Default load evaluator to each server after you add your license to the server farm. XenApp calculates a server load using the load evaluators attached to a server or published application. see List of Load Management Rules. the client on the user device contacts the server farm to locate the address of a server that hosts the published application. which reports a full load when 100 users log on to the attached server. The next request for an ICA connection to a published application is routed to the next available load-managed server in the list. manage. q q 384 . you select the Load Evaluators node in the left pane of the AppCenter. It contains two rules: Server User. which specifies the impact that logging on has on load and limits the number of concurrent connection attempts the server is expected to handle. q When a user selects a published application to run. XenApp maintains a list of available host servers within the server farm. Each rule defines an operational range for the server or published application to which its evaluator is assigned. XenApp calculates the load on a server using load evaluators and rules. Page Swaps. For detailed descriptions of these rules. Each load evaluator contains one or more rules. Beneath this list. Upon receiving the client’s request. XenApp removes the load-managed server from the internal list of available servers. The client starts a session on that server and launches the published application. Advanced.

To assign load evaluators to servers. you cannot create custom rules. After the load is reduced. users log off from the server or server processes consume less CPU time). Every XenApp server in the farm is included in the load calculation regardless of the network protocol unless the server reports full load. If a server reports full load. Servers are continuously added to and removed from the list as server load and user activity fluctuate. consider the following: q You cannot modify or delete the Default or Advanced load evaluators. You can assign load evaluators to individual applications on the server.Manage Server and Resource Loads Considerations When using load evaluators. You cannot modify or delete existing rules. the server is added automatically to the list. Each server or application participating in load management can have only one load evaluator assigned. it is no longer available for load management until its load is reduced (for example. q q q q 385 . use Group Policy. Additionally.

click Modify load evaluator properties. 386 . select the load evaluator you want to modify and then.To create a new load evaluator 1. select New > Add load evaluator. Select one or more rules from the Rules list and configure it as required. From the AppCenter. from the Actions pane. From the Actions pane. 4. 2. To change the load evaluator's rules at any time. select Load Evaluators in the left pane. type a name and description for the new load evaluator. 3. On the Add Load Evaluator dialog box.

The default no load value is 0 kilobytes per second—at that value this rule is ignored. The default no load value is 0—at that value this rule is ignored. This rule monitors the number of active ICA sessions using the published application. for a selected server. The default full load value is 32767 kilobytes per second. Disk Data I/O Defines a range of data throughput. CPU Utilization Defines a range of processor utilization. This rule uses the Processor: % Processor Time performance counter to determine load. The default value to report full load is 90 percent. in kilobytes per second. Disk Operations Defines a range of disk operation.List of Load Management Rules These load management rules are included in XenApp: Application User Load Limits the number of users allowed to connect to a selected published application. in read/write cycles per second. The default value to report no load is 900—at that value this rule is ignored. IP Range Defines a range of allowed or denied client IP addresses for a published application. then select to allow or deny access if the client IP addresses are within the defined ranges. A context switch occurs when the operating system switches from one process to another. This rule must be used in conjunction with another. This rule uses the PhysicalDisk: Disk Bytes/sec performance counter to determine load. for a selected server. Load Throttling 387 . The default value to report full load is 100. The default value to report full load is 16000. Context Switches Defines a range of context switches per second for a selected server. for a selected server. as a percentage. This rule uses the PhysicalDisk: Disk Writes/sec and Disk Reads/sec performance counters to determine load. The default full load value is 100 operations per second. It controls access to a published application based on the IP addresses of the clients. You can define ranges of IP addresses. The default value to report no load is 10 percent—at that value this rule is ignored. This rule uses the System: Context Switches/sec performance counter to determine load.

The default full load value is 2000. The default full load value is 90. 388 . Scheduling Schedules the availability of selected servers or published applications. not the main part of a session. The default no load value is 0—at that value this rule is ignored. This rule sets the weekly days and hours during which the server or published application is available to users and can be load managed. Page Swaps Defines a range of page swaps per second for a selected server. Page Fault Defines a range of page faults per second for a selected server. The default no load value is 0—at that value this rule is ignored. The Load Throttling rule can be applied only to a server. Memory Usage Defines a range of memory usage by a server. This rule uses the Memory: Pages/sec performance counter to determine load. The default setting (High impact) assumes that logons affect server load significantly. This rule affects only the initial logon period. This prevents the server from failing when many users try to connect to it simultaneously. A page swap occurs when the operating system moves data between physical memory and the swap file. A page fault occurs when the operating system tries to access data that was moved from physical memory to disk. Server User Load Limits the number of users allowed to connect to a selected server. This rule uses the Memory: Page Faults/sec performance counter to determine load. Load Manager user loads are calculated using active ICA sessions only. The default full load value is 100. This rule uses the Memory: % Committed Bytes in Use performance counter to determine load. The default full load value is 100 and represents the maximum number of users the system can support on a server.List of Load Management Rules Limits the number of concurrent connection attempts that a server handles. not to an individual application. The default no load value is 10—at that value this rule is ignored.

To ensure the policy references the correct load evaluator name. q 3. Depending on the console you use to manage Citrix policies: q From the AppCenter.Assigning Load Evaluators to Servers and Applications To participate in load management. modify the Load Evaluator Name policy setting and select the correct load evaluator name from the list of available load evaluators. Add the Worker Group filter to the policy and specify the worker group containing the servers to which you want to assign the load evaluator. select Computer Configuration > Policies > Citrix Policies.000 (full load). and filter the policy by the worker group that contains all the XenApp servers hosting the application. you can add the Load Evaluator Name setting to a policy. To assign a load evaluator to a XenApp server. Select a load evaluator from the drop-down list and then click OK. locate the Load evaluator name policy setting and click Add. You can assign load evaluators that are available in any XenApp farm. XenApp uses the Default load evaluator instead. and no other policy applied to the server specifies an alternate load evaluator. XenApp then distributes the available memory and processor demand across the load-managed servers. From the Group Policy Management Editor. If the policy containing the Load Evaluator Name setting is deleted. To assign a load evaluator to a server 1. For example. the load cannot be calculated. XenApp logs an error to the Event Log and the affected servers report a load index of 10. each server or published application must have a load evaluator assigned to it. Additionally. From the settings list. select the Policies node and then select the Computer tab. configure the Load Evaluator Name policy setting and filter the policy by worker group. the Usage by Server tab in the middle pane of the AppCenter does not indicate the load evaluator is assigned. The rules and their settings determine how the load of a particular server or published application is managed. Therefore. Instead. Create a new Computer policy or select an existing Computer policy you want to modify. if the load evaluator is later renamed or deleted. if you have a published application that uses a significant percentage of a server’s memory and processing capabilities. 2. 389 . XenApp does not validate the load evaluator name when the policy is applied to user sessions. 4. Each server or published application can have only one load evaluator attached. When you assign a load evaluator through Citrix policies. specify the Advanced load evaluator.

3. 390 .Assigning Load Evaluators to Servers and Applications To assign a load evaluator to a published application 1. 4. Select the published application to which you want to attach a load evaluator. select the Applications node in the left pane. 2. select Other Tasks > Attach application to load evaluator. select the load evaluator to attach. From the Actions pane. From the AppCenter. On the Assign Load Evaluator dialog box.

The Scheduling rule must be used with at least one other rule. From the Rules list.Scheduling Server Availability Use the Scheduling rule to determine when a server or published application is available to users and can be load managed. If this rule is included in a load evaluator and attached to a server or published application. 3. 391 . 8:00 AM to 6:00 PM. select Modify load evaluator properties. It cannot be the only rule in a load evaluator. In the AppCenter. In the middle pane. To configure the Scheduling rule 1. 4. Custom ICA connections cannot be controlled using the Scheduling rule. You cannot apply the Scheduling rule to any custom ICA connections that connect to specific servers. select Load Evaluators in the left pane. by default). 5. In the Scheduling Settings panel. select the load evaluator you want to change. the server or published application is available only during the days and times set in this rule. From the Actions pane. select the Scheduling rule. 2. use the Add and Remove buttons to select the days and times that you want the server or published application to be available (Monday through Friday.

another assumes control. Scheduling provides an automated approach. helps minimize power consumption. Power and Capacity Management respects all configured XenApp server settings. An administrator defines specific times for powering on and powering off workloads. other servers in the workload are powered up. if you have more than one. Console monitoring and report generation provide valuable information. (From a Windows installer viewpoint. from Monday through Friday. An instance of a Microsoft SQL Server database. Use Power and Capacity Management to observe and record utilization and capacity levels. using power management. It provides the common store for information such as managed server inventory. Consolidating sessions onto fewer online servers improves server utilization.) Component Concentrator Description A Windows service and the central component of the Power and Capacity Management system. For example. and helps provide sufficient capacity to handle server loads. this documentation uses the term components. System Components The Power and Capacity Management system comprises the following components. The administrator can manually override capacity and schedule settings to accommodate unexpected demand. farm settings. and configuration settings. workload assignments. load consolidation ensures sessions are not spread across online servers. This helps optimize capacity for XenApp workloads. a schedule powers on servers at 8 in the morning and powers them down at 7 in the evening. Database 392 .Power and Capacity Management Citrix XenApp Power and Capacity Management can help reduce power consumption and manage XenApp server capacity by dynamically scaling up or scaling down the number of online XenApp servers. As users log off and idle capacity increases. idle servers are powered down. schedules. and policies. As users log on to the system and reduce the idle capacity (the amount of capacity available for additional sessions). these are features. and one fails. Load consolidation and power management operate in unison. metric data. It coordinates system states and operations for the managed XenApp servers. even if you do not enable power management and load consolidation. You can have one or more concentrators. which provides a better opportunity to power off excess servers later.

capacities. Reports are hosted on Microsoft SQL Server Reporting Services. The agent reports capacity and system states.Power and Capacity Management Reporting Subfeature of the database component. and utilization summaries. The concentrator. and configure the Power and Capacity Management system. A Microsoft Managed Console (MMC) snap-in to manage. and acts on operations and commands issued by the concentrator. and management console components are the administration components. The administrator generates reports for historical system loads. database. monitor. reporting. Management console A Windows service installed on each XenApp server. Agent 393 .

You use setpoints in the schedule to control how servers are power managed and how load is consolidated within the workload. Once a server reaches its optimal load. this level is the optimal load (set in global configuration). or it may contain XenApp servers from different XenApp farms (for example. When power management is used. The Power and Capacity Management farm name is distinct from the XenApp farm name. there is greater opportunity to power down excess servers. This is known as dynamic capacity estimation. Greater consolidation of sessions equates to higher levels of utilization per server while online.) What Happens during Load Consolidation Load consolidation has the opposite effect to traditional XenApp load balancing. Because the remaining capacity can change as load on the server fluctuates. Its goal is to consolidate sessions onto fewer servers instead of spreading load evenly across many servers. this additional server will be powered on automatically if it is currently powered off. (In XenApp terms.) The workload is named when the Power and Capacity Management agent is configured. Load consolidation works by continually monitoring the number of active sessions and remaining capacity for each server. saving power and reducing operating costs. The XenApp servers being managed by Power and Capacity Management are called a farm. 394 . capacity is expressed as a number of sessions (or session count). a XenApp server's control mode (configured in server properties) affects whether the server is eligible for power management or participating in load consolidation. in a XenApp farm that covers multiple sites. The goal is to load new sessions onto small groups of servers to a level that the servers can handle well. an additional server in the workload is enabled to accept new session load. capacity levels are continually re-evaluated. In a Power and Capacity Management farm. By consolidating sessions. (You also enable power management and load consolidation for the workload. you might have a Power and Capacity Management farm for the XenApp servers in each site). For load consolidation to work effectively. this is referred to as an application silo. This farm may include some or all of the servers in a XenApp farm. A setpoint represents a target number of sessions or the number of online servers. the capacity level of each server must be measured.About Load Consolidation and Power Management Concepts and Terminology For XenApp Power and Capacity Management. A workload is a logical grouping of servers that all host the same application or set of applications.

the session is started on the server in PCM drain mode. However. When Power and Capacity Management issues a power off or power on control. 395 . therefore. To allow the dynamic capacity estimation to set capacities higher than the typical value. For a power on operation. sites are specified when configuring virtual machine managers. configure the preference of more power-efficient servers higher than older. For a power off operation. the algorithm chooses a server with a lower power controller preference before a server with a higher preference. load balancing attempts to avoid starting new sessions on that server. XenApp servers installed on virtual machines can also have a site-specific power controller preference (configured for the site). The typical session capacity and estimate session capacity limit are configured in the server profile. Sessions hosted on a server in PCM drain mode can use session sharing. The Power and Capacity Management agent regularly monitors the load and updates the estimated capacity on its server. If the operation does not complete successfully before the timer expires. In meeting capacity setpoints. a timer starts (with a value configured in the server profile). all control errors associated with that server are cleared. All valid servers in a worker group (online. you can set the estimated capacity limit to any value higher than the typical capacity. A server in drain mode powers off only when no sessions remain. The capacity of each server more accurately reflects the actual number of sessions it can handle.About Load Consolidation and Power Management Dynamic capacity estimation calculates individual server capacities based on the load on each server. If the agent loses connection to the concentrator. the selection algorithm chooses a server with a higher power controller preference before a server with a lower preference. less power-efficient servers. When a server is in PCM drain mode. A server in PCM drain mode allows reconnection of disconnected sessions. the management console displays the failure. any servers currently in drain mode revert out of drain mode. the estimation may determine that a server is capable of holding more sessions than the configured typical capacity. as well as servers currently being evaluated for draining/power off. The load on each server is determined by its assigned XenApp load evaluator. When Power and Capacity Management selects a XenApp server for power off and that server is currently hosting sessions. if no servers meet that criteria. What Happens during Power Management When Power and Capacity Management determines that a power on or power off operation is required. Power and Capacity Management ignores the load from servers that are currently draining or powering off. consider the desired load criteria when configuring the assigned evaluators. If you disable power management for a workload. it considers a server's power controller preference (configured in server properties). Depending on the load. hosting the desired application. the server is placed into PCM drain mode (which is separate from XenApp drain mode). the agent reverts drain mode on draining servers. For best practice. and with available load) that are not in PCM drain mode are used before any servers at that worker group priority level that are in PCM drain mode. When a power control operation completes successfully.

Installing Power and Capacity Management To install Power and Capacity Management components. Database 2.msi Description Installer for the agent. Combined installer for the administration components. use this MSI to install the database. Reports (Reports is a subfeature of the database feature. you can install reports only if you are also installing the database component. If you are not installing all the administration components at the same time on the same computer. Combined installer for the administration components. or you can install one or more administration components on separate computers. use this MSI to instal the database. Important: When using the wizard-based Server Role Manager.msi XenAppPCMAdmin. Install the agent on each XenApp server.msi 396 . reports. Installation Package XenAppPCMAgent64. You can install all the administration components on a single computer. q q The following MSI packages contain the Power and Capacity Management components. Concentrator 4. or if you previously installed the database component) 3. concentrator. install the Power and Capacity Management agent when you install the XenApp server role. and management console on a supported 32-bit computer. If you do not install them at the same time. install the agent using another method. and management console on a supported 64-bit computer. reports. Use the XenApp Server Role Manager. Management console XenAppPCMAdmin64. Point to the XenApp media and issue commands for a silent installation. you can: q Use the XenApp media to launch an interactive installation. therefore. install them in the following order: 1.

0 Microsoft Hyper-V 1.5 SP1 Microsoft SQL Server 2005 SP3 and SP4 or Microsoft SQL Server 2008 R2. or subsequent compatible versions: q q Citrix XenServer 4. 397 . Component Database Support and Requirements Requirements: q Microsoft . Power-on commands to virtual computers hosting XenApp servers (in one or more clusters) are supported for the following platforms.0 and ASP.NET (required only if using Reporting Services on Microsoft SQL Server 2005) q q q Use Microsoft Internet Explorer to view reports. see CTX114501 for the latest supported versions Microsoft SQL Server Reporting Services Internet Information Services (IIS) 6.0 q q q Component Requirements Unless otherwise noted.System Requirements for Power and Capacity Management Supported Platforms A Power and Capacity Management farm can comprise physical and virtual XenApp servers: q Wake-on-LAN (WoL) power control is supported for physical XenApp servers on the same subnet. 32-bit and 64-bit operating system editions are supported.0 Microsoft SCVMM 2008 VMware ESX and vCenter 4.NET Framework 3.

System Requirements for Power and Capacity Management Concentrator Supported operating systems: q Windows Server 2008 R2 (64-bit) Windows Server 2008 R2 SP1 (64-bit) q Requirement: Microsoft .5 SP1 For XenApp servers on the Microsoft SCVMM 2008 platform.com/kb/907265 (pre-installed on Windows Vista.NET Framework 3.NET Framework 3. and Windows Server 2008 R2 systems) Identify the XenApp servers you want in the Power and Capacity Management farm.NET Framework 3.0 Update: http://support. This practice prevents the possibility of session load being sent to XenApp farm servers that Power and Capacity Management is not managing or has not discovered. q The XenApp servers on which you install the Power and Capacity agent.5 SP1 XenApp 6. SP2 (64-bit) q q q q q q Requirements: q Microsoft .5 SP1 MMC 3.microsoft. and the computers on which you install the concentrator and management console must all belong to the same 398 .5 q Management console Supported operating systems: q Windows Server 2008 R2 (64-bit) Windows Server 2008 R2 SP1 (64-bit) Windows Server 2003 R2 Windows Server 2003 (32-bit) Windows 7 Enterprise SP1 Windows Vista SP2 Windows XP SP3 (32-bit). You can then change the control mode (in server properties) for servers that are not power controlled. For optimal operation. the Microsoft SCVMM 2008 console must be installed on each server hosting a concentrator (master and slaves). Agent Supported operating systems: q Windows Server 2008 R2 (64-bit) Windows Server 2008 R2 SP1 (64-bit) q Requirements: q Microsoft . Windows 7. Power and Capacity Management should register (discover) all servers in the XenApp farm.

If you run the installation of the database component from a different server than SQL Server.) 3.System Requirements for Power and Capacity Management Active Directory domain. Install the database component either in the same Active Directory domain as the other components or in a trusted domain. select the Do not grant DB access to concentrator check box. If you are running the concentrator as the default network service. navigate to the main Security . You can either run the installation process physically on the SQL Server or from any domain member machine. Installing the Concentrator When installing the concentrator. until after the XenApp Server Configuration Tool successfully configures the XenApp server role and the server restarts. Add a new login for the concentrator identity. this is domain-name\computer-name$. You do not have to run the installation of the Power and Capacity Management database component on the server where Microsoft SQL Server is installed. Note the warning not to enable the Use default value checkbox for the farm name setting. 2. When using the XenApp Server Role Manager. the installer updates the database to give the concentrator necessary permissions.) In a silent installation. do not use the Search button. (This check box appears only when you are not installing the concentrator and the database at the same time. (If you are entering a machine account. you specify the database (and the database instance. This action assumes that the user installing the concentrator has administrator privileges on the SQL Server instance to modify the permissions of the Power and Capacity Management database. By default. q Then use SQL Server Management Studio to add the necessary permissions to the database: 1. the server on which you install the database component does not need to stay powered on. see Policy Settings Reference. If the user installing the concentrator does not have administrator privileges on the SQL Server to modify the permissions of the Power and Capacity Management database: q In a wizard-based installation. For information about specifying setting values. Using SQL Server Management Studio. the Power and Capacity Management farm name and workload name are not written to local policy. Navigate to XenAppPCM database > Security > Users. if you are not using the default instance). which apply to agent configuration. Using Policies You can use Citrix group computer policy settings to specify the Power and Capacity Management farm name and workload name. 399 . type the machine account name. and the Agent service is not started. include the CTX_XAPCM_DO_NOT_ADD_ACCOUNT_TO_DB=yes property.Logins node.

and repeat as needed. In the wizard based installation.System Requirements for Power and Capacity Management 4. In a silent installation. Add a new user. If you plan to use more than one concentrator. install another on a different computer. Ensure that you install only the concentrator. after installing the first concentrator on a machine. deselect all other components. 400 . Citrix recommends the User Name be the same as the Login Name you specified in step 2. select ConcentratorRole. See Managing the Concentrator for information about manually publishing the concentrator in Active Directory. include the ADDLOCAL=Concentrator property. In the role membership list.

To interactively install components from the XenApp Server Role Manager To use the XenApp Server Role Manager. If you are installing the components on a 64-bit operating system. Follow the wizard prompts.exe. From the Autorun menu.msi. Follow the wizard prompts. 401 . go to the Power and Capacity Management folder on the XenApp media and double-click XenAppPCMAdmin64. go to the Power and Capacity Management folder on the XenApp media and double-click XenAppPCMAdmin. q q By default. launch autorun. Follow the wizard prompts. follow the guidance in Install and Configure. q To interactively install the administration components from the XenApp media Choose one of the following: q On the XenApp media. On the XenApp media. From the Autorun menu. review the silent installation properties to learn about information you specify during the interactive installation.exe. select Manually install components > Server Components > Power and Capacity Management > Power and Capacity Management Agent. launch autorun.msi. except reports. go to the Power and Capacity Management folder and double-click XenAppPCMAgent64. If you are installing the components on a 32-bit operating system.Interactively Installing Components Before interactively installing the Power and Capacity Management components. select Manually install components > Server Components > Power and Capacity Management > Power and Capacity Management Administration. To interactively install the agent from the XenApp media Choose one of the following: q On the XenApp media. all administration components are selected in an interactive installation.msi.

Interactively Installing Components q To install the agent. 402 . all administration components are selected in an interactive installation. select the Power and Capacity Management Agent check box in Optional Components. specify the PCM farm and workload names when prompted. After the Server Role Manager installs other selected roles. By default. otherwise. use another method to install the agent. Important: Install the Power and Capacity Management agent at the same time you install the XenApp server role. Follow the wizard prompts. q To install administration components. and prerequisites. except reports. click the Install link next to Power and Capacity Management. select the Power and Capacity Management Administration role. components. When you configure the XenApp role with the XenApp Server Configuration Tool.

If you omit this property. CTX_XAPCM_FARM_NAME=farm-name Farm name.Silently Installing Components To silently install the agent from the XenApp media Point to the XenApp media and enter the following command: msiexec /i XenAppPCMAgent. (You cannot enable power management or load consolation for an unassigned workload. or if the specified value is not "yes. or if the specified value is not "yes. If you omit this property.msi /qn CTX_XAPCM_ACCEPT_EULA=yes CTX_XAPCM_FARM_NAME=farm-name [CTX_XAPCM_WORKLOAD_NAME=workload-name] [CTX_XAPCM_AGENT_NOSTART=yes] [CTX_XAPCM_AGENT_NOPOLICY=yes] [CTX_XAPCM_AGENT_ACCOUNT=domain-account] [CTX_XAPCM_AGENT_PASSWORD=domain-account-password Agent Installation Properties CTX_XAPCM_ACCEPT_EULA=yes Accepts the license agreement. 403 . The name must be unique. up to 256 characters. If you omit this property. this is referred to as an application silo." the Agent service starts during installation. the installation fails. single quote ('). double-quote ("). greater than (>). and cannot contain: backslash (\). The collection of XenApp servers being managed by Power and Capacity Management is known as a farm. This farm may include some or all of the servers in a XenApp farm or may contain XenApp servers from different XenApp farms. CTX_XAPCM_WORKLOAD_NAME=workload-name Workload name. If you omit this property. forward slash (/)." the installation fails. less-than (<). In XenApp terms. To read the EULA (End User License Agreement).) CTX_XAPCM_AGENT_NOSTART=yes Prohibits the Agent service from starting during installation. pipe (|). or equal (=). "Unassigned" is used. up to 80 characters. launch the installation interactively and navigate to the license dialog. A workload is a logical grouping of servers that all host the same application or set of applications.

" the farm and workload names are written to local policy. CTX_XAPCM_AGENT_PASSWORD=domain-account-password Password for the domain account.) q If you omit this property. the following command silently installs the agent with: q A farm name of "my_farm" A workload name of "my_workload" The agent service running under the domain account "my_domain\my_user" with the password "my_password" q q msiexec /i XenAppPCMAgent.msi /qn CTX_XAPCM_ACCEPT_EULA=yes CTX_XAPCM_FARM_NAME=my_farm CTX_XAPCM_WORKLOAD_NAME=my_workload CTX_XAPCM_AGENT_ACCOUNT=my_domain\my_user CTX_XAPCM_AGENT_PASSWORD=my_password To silently install the administration components from the XenApp media Point to the XenApp media and enter the following command: 404 . This property is valid only if you specified a domain account with the CTX_XAPCM_AGENT_ACCOUNT property. or if the specified value is not "yes. For example. you must specify a domain account password with the CTX_XAPCM_AGENT_PASSWORD property. (The Concentrator service cannot use a built-in account if the Agent service uses a domain account. the Concentrator service cannot use a domain account if the Agent service uses a built-in account.Silently Installing Components CTX_XAPCM_AGENT_NOPOLICY=yes Prohibits the agent installer from writing the farm and workload names to local policy. In this case. If you omit this property. CTX_XAPCM_AGENT_ACCOUNT=domain-account Domain account with the following rights: q Citrix administrator for the XenApp instance Log on as service Shut down the system q q Query rights for Active Directory (to locate the "Citrix XenAppPCM" SCP for the farm assigned to this agent) If you specify this property. similarly. You must also supply a domain account with the CTX_XAPCM_CONCENTRATOR_ACCOUNT property when installing the concentrator. the built-in "Local System" account is used. do not specify the CTX_XAPCM_AGENT_PASSWORD property.

double-quote ("). or equal (=) . concentrator.msi /qn CTX_XAPCM_ACCEPT_EULA=yes [ADDLOCAL=components] [CTX_XAPCM_FARM_NAME=farm-name] [CTX_XAPCM_DB_INSTANCE=db-instance] [CTX_XAPCM_DB_NAME=db-name] [CTX_XAPCM_REPORT_URL=report-url] [CTX_XAPCM_DO_NOT_ADD_ACCOUNT_TO_DB=yes] [CTX_XAPCM_CONCENTRATOR_ACCOUNT=domain-account] [CTX_XAPCM_CONCENTRATOR_PASSWORD=domain-account-password Administration Component Installation Properties CTX_XAPCM_ACCEPT_EULA=yes Accepts the license agreement. and cannot contain: backslash (\). q If you omit this property. you can install reports only if you are also installing the database component. pipe (|). If you are installing the database component and omit this parameter. up to 80 characters. greater than (>). Farm name. or if the specified value is not "yes. the database. 405 . Valid values are: q DatabaseInstaller Reports Concentrator q q Console Reports is a subfeature of the database component. The collection of XenApp servers being managed by Power and Capacity Management is known as a farm. The name must be unique. therefore. or if you previously installed the database component. To read the EULA. single quote ('). and management console components are installed. This farm may include some or all of the servers in a XenApp farm. forward slash (/).Silently Installing Components msiexec /i XenAppPCMAdmin." the installation fails. reports is not installed. or it may contain XenApp servers from different XenApp farms. ADDLOCAL=components Comma-separated list of components to be installed. less-than (<). If you omit this property. CTX_XAPCM_FARM_NAME=farm-name Use this property when installing the database component. launch the installation interactively and navigate to the license dialog. the installation fails.

q 406 . ampersand (&). this property specifies the instance name of the SQL Server instance in which the schema is installed. greater-than (>). q If you are installing the database component. Report service URL. q If you are using a named SQL Server 2008 instance. backslash (\). plus (+). specify the server URL qualified with the instance name (http[s]://server_name/ReportServer_instance_name. If the default SQL instance on this computer was used. and concentrator components." (dot). If you already installed the database component and are installing the concentrator. asterisk (*).Silently Installing Components CTX_XAPCM_DB_INSTANCE=db-instance Use this property when installing the database. less-than (<). forward-slash (/). double-quote ("). reports. q If you are using the default SQL Server instance. single-quote ('). and concentrator components. back-tick (`). colon (:). reports. "http://local_machine_name/ReportServer" is used. SQLServer\instance1"). If you are using a named SQL Server 2005 instance. If you are using the default SQL instance on this computer. right square bracket (]). SQLServer\instance1). dollar ($). otherwise. equal (=). specify ". specify the server URL qualified with the instance name (http[s]://server_name/ReportServer$instance_name." is used. If you omit this property. left square bracket ([). up to 512 characters. specify the computer and instance name (for example. pipe (|). q CTX_XAPCM_DB_NAME=db-name Use this property when installing the database. ". If you omit this property. at (@). Database instance name. this property specifies the instance name of the SQL Server instance in which the Power and Capacity Management database schema is to be installed. specify the server URL http[s]://server_name/ReportServer. "XenAppPCM" is used. otherwise. specify the computer and instance name (for example.). CTX_XAPCM_REPORT_URL=report-url Use this property when installing the reports component. If you omit this property. specify ". and cannot contain: semicolon (. up to 123 characters." (dot). question mark (?). Database name.

Console.Reports CTX_XAPCM_FARM_NAME=my_farm CTX_XAPCM_DB_INSTANCE=my_db CTX_XAPCM_DB_NAME=my_dbname 407 . do not specify the CTX_XPCM_CONCENTRATOR _PASSWORD property. For example. Domain account with a userPrincipleName attribute within Active Directory with the following rights: q Log on as service Read/write rights for Active Directory (to create the "Citrix XenAppPCM" SCP for the farm this concentrator manages). In this case. or if the specified value is not "yes. CTX_XAPCM_CONCENTRATOR_ACCOUNT=domain-account Use this property when installing the concentrator. the database administrator must manually add the correct account to the database.Silently Installing Components CTX_XAPCM_DO_NOT_ADD_ACCOUNT_TO_DB=yes Use this property when the person installing the concentrator does not have administrator rights to the database. the Concentrator service cannot use a domain account if the Agent service uses a built-in account." the database is configured to accept connections from the concentrator. you must specify a password with the CTX_XAPCM_CONCENTRATOR_PASSWORD property.DatabaseInstaller. In this case. CTX_XAPCM_CONCENTRATOR_PASSWORD=domain-account-password Use this property when installing the concentrator and only if you specified a domain account with the CTX_XAPCM_CONCENTRATOR_ACCOUNT property. similarly.) q If you omit this property. the built-in "Network Service" account is used. Password for the domain account.msi /qn CTX_XAPCM_ACCEPT_EULA=yes ADDLOCAL=Concentrator. If you omit this property. You must also supply a domain account for the CTX_XAPCM_AGENT_ACCOUNT property when installing the agent. for example. (The Concentrator service cannot use a built-in account if the Agent service uses a domain account. read/write access to the Active Directory concentrator computer container (CN) If you specify this property. the following command silently installs all the administration components with: q A farm name of "my_farm" The default SQL Server instance on a server named "my_db" with a database name of "my_dbname" Reporting services on "http://my_report_server/reportserver" The concentrator running under the domain account "my_domain\my_user" with the password "my_password" q q q msiexec /i XenAppPCMAdmin.

To install the agent. specify the Power and Capacity Management farm name and workload name (using the /PcmFarmName and /PcmWorkloadName options). 408 . To install the administration components.exe command To use the XenAppSetupConsole. /install:XenApp. /install:PCMAdmin). When you configure the XenApp role.exe command. follow the guidance in Install and Configure.PCMAgentFeature). include the PCMAdmin property (for example. include the PCMAgentFeature property (for example.Silently Installing Components CTX_XAPCM_REPORT_URL=http://my_report_server/reportserver CTX_XAPCM_CONCENTRATOR_ACCOUNT=my_domain\my_user CTX_XAPCM_CONCENTRATOR_PASSWORD=my_password To silently install components using the XenAppSetupConsole.

Upgrading Administration Components
The Power and Capacity Management component packages on the XenApp 6.5 media are supported on XenApp 6.5 deployments. You can also use the administration component packages on that media (XenAppPCMAdmin.msi and XenAppPCMAdmin64.msi) to upgrade all the administration components previously installed in a XenApp 6.0 deployment. Important: You must upgrade all of the administration components (concentrator, database, reports, and management console); upgrading fewer is not supported. To upgrade the administration components in a XenApp 6.0 deployment, load the XenApp 6.5 media and use one of the following methods:
q

From the XenApp Server Role Manager, click the Upgrade link next to Power and Capacity Management. Follow the wizard prompts. From the media, follow the same procedure you used to install the Power and Capacity Management administration components in the XenApp 6.0 deployment.

q

During the upgrade, the installed components are uninstalled, and the newer version installed. Repeat as needed on all the computers hosting Power and Capacity Management administration components in the XenApp 6.0 deployment. You cannot (and do not need to) upgrade the Power and Capacity Management agents in a XenApp 6.0 deployment. Continue using the agents you originally installed on the XenApp 6.0 servers.

409

Removing Components
To remove Power and Capacity Management components, use Windows Programs & Features or Add/Remove Programs.

Removing a Concentrator
Removing an inactive non-master (slave) concentrator through Windows Programs & Features may not remove the database entry. If this occurs, the concentrator continues to appear in the Cluster Management window. To remove the database entry: 1. From the management console, click Cluster Management in the Actions pane. 2. In the Cluster Management dialog box, ensure that the Concentrator service for the concentrator you want to remove is stopped (State = Service stopped). 3. Select the concentrator and then click Remove Slave. 4. Confirm the removal. Note: You may still need to manually delete the concentrator's SCP entry from Active Directory.

410

Configuring and Using Power and Capacity Management
After installing the components, first-time use of the Power and Capacity Management system includes specifying configuration values. With a basic setup (using default setpoint values and without enabling load consolidation or power management), you can monitor the system and create reports. 1. (Required only if you have more than one Power and Capacity Management farm.) Connect to the Power and Capacity Management farm. In the Actions pane, click Connect to XenApp PCM Service, then select the Power and Capacity management farm you want to manage. 2. Complete the following initial configuration tasks:
q

Configuring a Server Profile Configuring Server Properties Setting Global Configuration Values Configuring Sites Adding Virtual Machine Managers

q

q

q

q

Managing the Concentrator 3. After the initial setup, observe management console displays and generate reports. Using the collected information, you can then:
q q

Creating Setpoints and Schedules Enabling Load Consolidation and Power Management

q

Understanding Management Console Displays
The management console connects to the master concentrator to obtain data. The menu, toolbars, and Actions pane are standard MMC 3.0 panes, some of which can be hidden if required. The workloads and tabs panes comprise the Power and Capacity Management snap-in. The workloads pane contains the following information: Workloads pane columns Workload All Workloads, plus names of individual workloads

411

Configuring and Using Power and Capacity Management Power Managed Indicates power management status for the system (All Workloads) and for each workload.
q

Checkmark = enabled ("override" indicates a manual override is in effect) x = disabled (with a notation if a workload does not have a schedule)

q

Load Consolidated Indicates load consolidation status for the system (All Workloads) and for each workload.
q

Checkmark = enabled x = disabled

q

Utilization Current utilization shown in meter form and percent text (utilization is the ratio of: total active sessions/total session capacity available from all online servers) Sessions Current number of load, unused, and offline sessions, shown graphically and in absolute counts. Servers Current number of online and offline servers in the workload, shown graphically and in absolute counts. The tabs pane contains the following information: Tabs Status Utilization, sessions, and servers information is equivalent to the information for the selected workload in the workloads pane above it. With power management enabled, the display includes current setpoint values.
q

For workloads with an empty schedule and no override, the display shows the default setpoint values. When the power controller is following the schedule for a workload, the display shows the scheduled setpoint values. When the power controller is following override setpoints for a workload, the display shows those values.

q

q

Performance Displays metric graphs collected for a specific interval. After you select an interval, the display shows values collected throughout the interval for utilization, sessions, and servers, starting with the beginning of the selected interval, and ending with the current ("Now") value. 412

Configuring and Using Power and Capacity Management Servers Lists servers in the workload selected in the workloads pane. Information for each server includes:
q

Server: DNS name and server profile information. Control mode: Power control mode, site (if there is more than one defined), and power controller preference. State: Online, Offline, Disconnected, Draining, Stopping, or Starting. In some cases, state displays vary for XenApp installations on virtual machines, depending on whether or not a Power and Capacity Management machine manager is configured and enabled. Using a machine manager results in more detailed state reporting and displays. For example, on a server without an enabled machine manager, a state display of 'Starting' indicates that Power and Capacity Management has instructed the server to power on. On a machine manager-enabled server, that state display appears as 'Starting: Powering on' or 'Starting: Waiting for connection.'

q

q

q

Utilization: Current percentage in graphic and text forms. Sessions. Current counts in graphic and text forms. Hovering over an entry displays the current session count for that server and the current load consolidation activity, if any. An icon to the left of the graph represents the current load consolidation activity (when load consolidation is enabled for the server's workload):
q

q

Green triangle = server is accepting new connections and is below optimal load Yellow triangle = server is accepting new connections but is above optimal load

q

Grey circle = server has been set as an undesirable target for new sessions The Sessions graphic fades for servers in PCM drain mode.
q q

Session Capacity. Hovering over an entry displays how the dynamic capacity estimate differs from the typical session capacity value configured in the server profile (the session capacity value indicates 'calculated').

Capacities Displays server profile information and the typical session capacity for each server profile (or Unset if the typical session capacity is not configured). To display the DNS names of servers that use a profile, select the profile and then click the entry in the Servers column. Schedule Displays the current Monday through Sunday schedule for a workload. (This tab is not displayed when All Workloads is selected in the workloads pane.) The entry for each day indicates time and setpoint values.

413

Configuring and Using Power and Capacity Management

To generate a workload or server report
Metrics collection is enabled and disabled in Setting Global Configuration Values. 1. From the management console, select the reporting object:
q

To generate a workload report, select a workload or All Workloads.

q To generate a server report, click the Servers tab and select a server. 2. In the Actions pane, click Generate Workload Report.

3. Select the report type, period of time the report covers, and the interval. 4. Click Generate Report. Important: The management console uses Microsoft Internet Explorer to display reports, overriding the user default browser setting. For optimal display, always use Microsoft Internet Explorer to view reports.

414

Configuring a Server Profile
Within a workload, servers are grouped by profiles, which contain information the agent discovers and information you configure. The agent discovers hardware information such as the CPU type and the amount of memory, and sends it to the concentrator. The concentrator creates a profile entry in the database for a new profile (or, if the profile values are the same as those in an existing profile, the existing profile is reused). If the hardware configuration changes (for example, more RAM is added to a server), Power and Capacity Management creates a new profile. The original profile is not altered, because other servers may still be using it. Also, when a hardware change occurs, server capacity can change. Information you configure includes capacity values and the power action timeout.

To configure a server profile
1. From the management console, click the Capacities tab. Select one or more profiles. 2. In the Actions pane, click Server Profile Properties. 3. In the Server Profile Properties dialog box:
q

Enter the typical session capacity value, which specifies the number of XenApp sessions (on average) that the server can host. A zero value is equivalent to not set. As new servers connect and report their profiles, they inherit any existing configured capacity value if they have the same profile as an existing configured server. Enter the power action timeout (seconds) value, which is used when a power off or power on control is issued. If the operation does not complete successfully before the timer expires, Power and Capacity Management assumes the operation failed. Enter the estimated session capacity limit in the range 0-10,000 (0 = not set). This allows the dynamic session capacity feature to estimate capacity higher than the typical session capacity value when it detects spare computing resources. This value must be greater than or equal to the typical session capacity value.

q

q

To delete a server profile, server, or workload
You can delete a server profile only if it has no associated servers. You can delete a server only if it (or the server it represents) is not online with the Power and Capacity Management agent running. You can delete a workload only if it has no servers associated with it. Deleting a workload also deletes all associated profiles and schedules.

415

Configuring a Server Profile Select the server profile (from the Capacities tab), server (from the Servers tab), or workload. In the Actions pane, click one of the following:
q

Delete server profile Delete server Delete workload

q

q

After you delete a server profile, server, or workload that is offline, if Power and Capacity Management discovers those objects, they will be re-created.

416

Configuring Server Properties
Server properties include the control mode and power controller preference.

Control Modes
The control mode affects whether the server is eligible for power management or participating in load consolidation. Control Mode Unmanaged Description The server is not controlled by the Power and Capacity Management system, and is ignored by the workload to which it belongs. It does not contribute to the capacity of the workload. Setting this mode is the easiest way to quickly remove a server from the scope of system control without affecting the rest of the workload The server contributes to the capacity of the workload and meeting its current setpoints; however, it is not controlled. The power management controller does not power this server off or on, and the load consolidation controller does not disable this server to force load onto other servers. Designate XenApp servers that provide essential services as managed (base load), as essential services such as the data collector or the data store should not be taken offline. If power management has a target of keeping a certain number of servers online, these servers contribute to meeting that target. Similarly, if load consolidation keeps two servers available, and there are two available base load servers, they can be used to meet the load consolidation need. Managed When planning:
q

Managed (base load)

The server is fully controlled by the Power and Capacity Management system.

Identify which XenApp servers host essential services and do not host XenApp sessions. Set the server control mode for these servers to unmanaged (or do not install a Power and Capacity Management agent on them). Identify which XenApp servers host essential services and host XenApp sessions. Set the server control mode for these servers to managed (base load).

q

Configure the server control mode for existing servers in server properties (see below), and for new servers in global configuration.

417

Configuring Server Properties

Power Controller Preference
When Power and Capacity Management determines a power on or power off operation is required, it considers a server's power controller preference (and site preference, for XenApp servers installed on virtual machines). For a power on operation, the selection algorithm chooses a server with a higher power controller preference before a server with a lower preference. For a power off operation, the algorithm chooses a server with a lower power controller preference before a server with a higher preference. For best practice, specify the preference of more power-efficient servers higher than older, less power-efficient servers. A typical strategy is to specify the most power-efficient servers as 1st choice. The power controller preference of a server in a Power and Capacity Management farm can also be managed by XenApp Connector for Configuration Manager. Changing the preference for those servers from the Power and Capacity Management console can have undesirable effects.

To configure server properties
1. From the management console, select a workload or All Workloads. 2. Click the Servers tab, then select one or more servers. 3. In the Actions pane, click Server Properties.
q

If you selected one server, set the desired control mode and power controller preference in the Server Properties dialog box.

If you selected more than one server, set the desired power controller preference in the Server Properties dialog box. Select the control mode from the Actions pane: Set "Managed," Set "Unmanaged," or Set "Managed (base load)." If the power controller preference of one or more selected servers is currently managed by XenApp Connector for Configuration Manager, the Server Properties dialog box indicates the names of the affected servers.
q

418

Setting Global Configuration Values
1. From the management console, click Configuration in the Actions pane. 2. In the XenApp PCM Configuration dialog box:
q

Select the control mode for new servers added to the Power and Capacity Management farm. This setting differs from the control mode for existing servers, which is set in server properties. For information about that setting and a description of all control modes, see Configuring Server Properties.

q

Select the optimal load, which specifies how close to capacity a server can get before additional load should be directed to other servers. The load consolidator uses this value. The optimal load is expressed as a percentage, with a default value of 70% (load consolidation will add sessions to a server until it reaches or exceeds 70% of full server capacity). The remaining 30% of capacity acts as a buffer to ensure existing sessions on the server have spare computing resources to work with. Tune the optimal load threshold to find the right balance between performance and utilization.

q

Enable or disable metrics data collection. Select the number of days to retain the collected metrics data. The default is 365 days (1 year).

419

Configuring Sites
When Power and Capacity Management determines a power on or power off operation is required, it considers a server's power controller preference, which is configured in server properties. If the XenApp server is installed on a virtual machine, the power controller preference for the site is also considered. To add a site, from the management console: 1. In the Actions pane, click Sites. 2. In the Server Sites dialog box, click Add. 3. Specify a site name and a power controller preference for servers that belong to this site. You can also modify or delete a site from the Server Sites dialog box.

420

Adding Virtual Machine Managers
Power and Capacity Management uses virtual machine management to automatically locate virtual machines it manages; therefore, you do not need to manually configure associations between the virtual machines and their managing hosts. Virtual machine management supports multiple concurrent resource pools. The concentrator automatically connects to the resource pool, and periodically queries the inventory of virtual machines. The management console displays the inventory poll results as a count of the number of virtual machines. The concentrator continually updates the results. If you move a virtual machine image from one resource pool to another, Power and Capacity Management discovers this during its inventory polling. Note: The list of discovered virtual machines does not necessarily match the servers being managed by Power and Capacity Management; each machine manager maintains a list of all virtual machines discovered. When the concentrator selects a server to power on, it queries all virtual machine managers for a virtual machine with that server's MAC address.
q

If a match is found, the machine manager issues the appropriate commands to the resource pool to start a virtual machine. If no virtual machine is found (because its machine manager has not been configured or connected, or because the server image is hosted on a physical machine), Power and Capacity Management broadcasts the Wake-on-LAN packet on the network. Then, the concentrator waits a prescribed interval (power control timeout) for the Power and Capacity Management agent on the appropriate XenApp server to establish connection to the concentrator.

q

Important: Assign unique MAC addresses to virtual machines, even across resource pools. This is typically done using the auto-generate MAC option when creating the virtual machine.

To add a virtual machine manager
From the management console: 1. In the Actions pane, click Machine Managers. 2. In the Machine Managers dialog box, click Add. 3. Specify the string or URL to the host, cluster, or resource pool master. 4. Select the virtual machine type (see Supported Platforms for version information).
q

Citrix XenServer.

421

Adding Virtual Machine Managers
q

Microsoft Hyper-V. Microsoft SCVMM 2008. The Microsoft SCVMM 2008 console must be installed on each server hosting a Power and Capacity Management concentrator (master and slaves); otherwise, you cannot add a virtual machine manager. VMware ESX & vCenter.

q

q

5. Specify the site where the resource pool is located. 6. If you select the Authenticate with user name and password checkbox, specify the credentials. Do not select this checkbox if you want to use the domain credentials of the Concentrator service to authenticate. 7. Leave the Enable this machine manager checkbox enabled. You can also modify or delete a virtual machine manager from the Machine Managers dialog box.

422

Managing the Concentrator
You can install a Power and Capacity Management concentrator on one or more servers. One concentrator is the master. All connections from agents on the XenApp servers go to the current master concentrator; there is no load balancing among multiple concentrators. Important: Multiple concentrators share a common database. Concentrators negotiate for mastership and monitor the health of the current master through the database. If the current master stops updating the database, another concentrator becomes the master. Failover usually occurs within 60 seconds. Each concentrator registers an Active Directory Service Connection Point (SCP) as part of the machine account where the concentrator is installed and records an entry in the database. When the agent on the XenApp server starts, it queries the SCP to discover all known concentrators. Each agent then tries to connect to each concentrator, looking for the master. The management console also performs the same discovery process and connection attempts. You can explicitly force a running concentrator to become the master concentrator. This may be necessary when a master concentrator has planned maintenance.

To explicitly designate a master concentrator
1. From the management console, click Cluster Management in the Actions pane. 2. In the Cluster Management dialog box, select a concentrator and click Set Master.

To change the port the agent uses to communicate with the concentrator
Edit the PCMConcentrator.exe.config file in the Install directory, then restart the PCM Concentrator service. (The default port is 11168.)

To manually publish the concentrator
If the account running the Concentrator service does not have sufficient access in Active Directory (AD) to automatically publish its service information, other Power and Capacity Management components will not be able locate Power and Capacity Management and the system will not operate correctly. In this case, the concentrator writes errors to the application log, and the console will not display the XenApp servers on which the agent has been installed. To avoid this issue, manually publish the concentrator within AD.

423

Managing the Concentrator 1. Log onto the computer hosting the concentrator, using an account with sufficient access in AD to publish the service information. 2. Ensure that the Concentrator service is running. 3. From a command prompt, navigate to the directory where the PCMConcentrator.exe file is located; by default this is “%SystemDrive%\Program Files\Citrix\ XenApp Power and Capacity Management\Concentrator\” 4. Run the following command: PCMConcentrator /publish. 5. Restart the Concentrator service. This creates an AD object only; no AD schema changes are required. This object is created as a child object of the computer container hosting the concentrator, called “CN=Citrix XenAppPCM SCP”. Conversely, you can manually revoke the publishing information by running PCMConcentrator /revoke. This command deletes the aforementioned object in AD.

424

Creating Setpoints and Schedules

Setpoints
A setpoint defines a target capacity level (number of sessions) or a target number of online servers. You specify setpoints for each workload in a schedule. The power controller uses four setpoints. The load consolidator uses only the minimum available servers setpoint. A new workload has default setpoint values that place the workload in the most available configuration – all managed servers are online. Thus, a newly discovered workload cannot be power controlled until you define appropriate setpoints for it (and enable power management). The setpoints are:
q

Online session reserve. Specifies the amount of online but unused capacity that must be maintained above the current load. As the load fluctuates throughout the day, the system maintains this buffer; this is known as a load following model. In practice, the Power and Capacity Management system powers on the smallest number of servers that can hold the target online capacity. Default: Infinite; all servers are kept online. The management console displays this value as an infinity symbol.

q

Minimum session capacity and maximum session capacity. These setpoints work as guards for the online session reserve. The online session reserve setpoint can raise and lower the online capacity, as long as it remains between the two guards.
q

The minimum session capacity setpoint causes servers to be powered up until the system has at least the amount of online capacity to meet or exceed the setpoint. After this setpoint is met or exceeded, the minimum session capacity has no effect; if the online session reserve setpoint drives online capacity above the minimum session capacity setpoint value, Power and Capacity Management ignores the minimum session capacity setpoint. Default: Zero, which is equivalent to not set.

q

The maximum session capacity setpoint functions similarly to minimum session capacity; however, it causes servers to be powered off until the online capacity is at or below the setpoint. Although the maximum session capacity setpoint is used less frequently, it can be helpful when preparing for system maintenance. After online capacity is below the setpoint value, this setpoint has no effect.

q

Default: Infinite, which is equivalent to not set; the management console displays this value as an infinity symbol. Minimum available servers. Works on a per-server basis (the other three setpoints are capacity based) to ensure a minimum level of service availability, in terms of servers. This can be helpful in handling redundancy; multiple servers ensure acceptance of new sessions if a server crashes. It can also help logon rates. Logging on new sessions can

425

Creating Setpoints and Schedules quickly increase server load to the point where existing sessions are degraded or new logons take significantly longer to complete. In such cases, using this setpoint can ensure you have a sufficient number of servers online to load balance the logon load. The power controller attempts to keep this many servers online, while the load consolidator attempts to keep this number of servers available to accept new sessions. You usually increase this setpoint just before and throughout the times of heaviest usage to ensure sufficient available servers for the high rate of incoming sessions. If you do not increase this setpoint for the heaviest usage, the capacity setpoints may ensure there are enough servers online to host the expected load, but the load consolidator may keep too many servers disabled. Therefore, the servers that are enabled may become overloaded while new sessions are logging on. Default: Zero, which is equivalent to not set. The system tries to meet the online session reserve setpoint first. It then bounds the output using the minimum and maximum session capacity setpoints. Finally, the system checks and ensures that the resulting number of online servers meets the minimum available servers setpoint. Therefore, setpoints have the following order of importance, from highest to lowest:
q

Minimum available servers Maximum session capacity Minimum session capacity Online session reserve

q

q

q

Schedules
A schedule usually specifies the online session reserve and the minimum available servers setpoints. For example, you have a deployment of 10 servers. Each server has a configured session capacity of 100, and peak session use occurs at 9:30 a.m.
q

To effectively handle demand, schedule the system to ramp up at 9:00 a.m. by setting the minimum available servers to 5, and the online session reserve to 300. After peak use (9:30 a.m.), schedule the setpoints to lower values at 10:30 a.m., with minimum available servers set to 2 and the online session reserve set to 100. After normal working hours, reduce these setpoint values further at 7:00 p.m., with minimum available servers set to 1 and the online session reserve set to 50.

q

q

After you initially set the online session reserve and minimum available servers setpoint values with scheduled changes throughout the day, observe server and session activity, and then fine-tune the schedule and setpoint values to optimize server capacity and use.

426

Creating Setpoints and Schedules

To create a schedule
From the management console, select a workload and click the Schedule tab.
q

To create a schedule, select the Allow Edit checkbox. Edit the schedule for one or more days of the week. To copy the schedule from the previous day, click Copy day's schedule in the day of the week area. To copy the entire workload schedule to another workload, ensure the workload being copied has focus, then click Copy Schedule To in the Actions pane. To delete a schedule, click Delete Schedule in the Actions pane. To delete an individual schedule item, select the leftmost cell in the item, then press the Delete key.

q

q

q

q

Manual Overrides
After you enable a workload for power management, you can manually override the schedule with different setpoint values. For example, a manual override can be useful when there is an unexpected surge in demand on the XenApp workload that is likely to continue for a few hours. Instead of changing the schedule, you can initiate an override. When the surge has subsided and the normal conditions have returned, you can cancel the override, and the scheduled setpoint values are reapplied. Using a manual override can also be helpful when the schedule requires attention or maintenance. Manual override differs from disabling power management. During a manual override, power management is still active, but the setpoints are controlled by the administrator instead of the schedule. Disabling power management for a workload is equivalent to turning off the Power and Capacity Management feature for that workload.

To start or stop a manual override
1. From the management console, select the workload. 2. In the Actions pane, click Power Controller Manual Override.
q

To start a manual override, click Start Override. To stop (cancel) a manual override, click Stop Override.

q

427

Enabling Load Consolidation and Power Management
You can enable or disable load consolidation and power management on a global and per-workload basis. When you enable power management and load consolidation globally (by selecting All Workloads), you can also enable or disable power management and load consolidation on a per-workload basis. To enable power management or load consolidation for one workload, power management or load consolidation must be enabled for All Workloads. 1. From the management console, select a workload or All Workloads. 2. In the Actions pane, the Action menu, or the right-click menu:
q

To enable power management, click Enable power management.

To enable load consolidation, click Enable load consolidation. To disable power management or load consolidation, click Disable power management or Disable load consolidation.
q

428

Understanding XenApp Printing
Managing printers in a XenApp environment is a multistage process. The cycle for managing printers on a farm requires that you: 1. Design your printing configuration. This includes analyzing your business needs, your existing printing infrastructure, how your users and applications interact with printing today, and what a realistic printing management model would look like for your organization (that is, assessing that the administrative overhead of printing pathway you choose is realistic in your environment). 2. Configure your printing environment, including creating the policies necessary to deploy your printing design. 3. Test a pilot printing deployment before rolling it out to users. 4. Maintain your Citrix printing environment, including updating policies when new employees or servers are added and maintaining drivers on your farm servers. 5. Troubleshoot issues that may arise in your printing environment. Before you begin planning your deployment, make sure that you understand these major concepts for printing in XenApp:
q

The concept of printer provisioning in a session and the two major types of provisioning (auto-created and self-provisioned). To understand these concepts, you need to understand, among other things, the difference between a printer, a printing device, and a printer driver. How print jobs can be routed in XenApp. The policies that you can create to manage drivers.

q

q

XenApp printing concepts build on Windows printing concepts. To configure and successfully manage printing in a Citrix environment, you must understand how Windows network and client printing works and how this translates into printing behavior in a Citrix environment.

429

Introduction to Windows Printing Concepts
This section provides a limited overview of basic printing concepts in a standard (non-Remote Desktop Services) Windows environment. However, Citrix recommends reviewing the Windows documentation about network printing, print servers, and Remote Desktop Services printing before learning about Citrix printing concepts. In a Windows environment, you can either print from your computer to a locally attached desktop printer (for example, a printer on LPT1 or COM1) or you can print to a network printer that is managed by a print server. This diagram shows how print jobs are spooled from the client device to a print server and then sent to the printing device in a Windows network.

Here are a few basic definitions: Printing Device In the context of this topic, the term printing device refers to the physical printer (that is, the hardware device to which you send print jobs). Printers The term printer refers to the software representation of a printing device. Computers must store information about printers so they can find and interact with printing devices. 430

prioritized list of the print jobs waiting to be printed. Print spooler The spooler is the Windows service that manages printer objects. The print spooler also determines if the printer prints each page as it receives it or if the printer waits until it receives all pages to print the job. determines where print jobs are processed. Print servers provide client workstations with drivers they need to print and store files. Printer driver The printer driver is the software program that lets the computer communicate with this hardware device. In this context. in a print queue until the printer can print them. By storing the job. the computer can perform other operations while the printing occurs in the background. or print jobs. 431 . It also understands the device and job settings of the printing device and presents a user interface for users to configure these. the term print server refers to dedicated computers that are running a Windows server operating system and hosting x number of shared printers. The printing device then retrieves the print jobs from the buffer when it is ready to print the job. and manages the scheduling of print jobs. Jobs are queued to the printer in a specific sequence. When this sequence appears. This program converts the information to be printed to a language that the printing device can process. the spooler loads documents into a buffer. when a print job is spooled to a printer. Typically. you are seeing the software representation of the printers.Introduction to Windows Printing Concepts When you see printer icons in the Printers panel in the Control Panel. it is known as the print queue. Network printer A shared printer object accessed through a network print server. The spooler maintains this list for each printer object in the computer. Print server A computer that manages the communications between client devices and printers.) For clarity. lets you create new printers. Print queue A sequential. printer drivers are distinct from the software representation of printers. the data sent to the printer is known as a print job. (You are not seeing the printer drivers. In Windows systems. A print server is a remote print spooler. coordinates drivers. the term printer object is sometimes used to denote the software representation of a printing device. which the print spooler controls. Print job When a user prints a document.

2. The local spooler delivers the rendered data to the printing device (for example. resource utilization. Locally Spooled Print Jobs When print jobs are spooled locally. and sends the rendered output to the printing device. Typically. when you print to a printer connected to your local computer (when print jobs are spooled locally). Processing location affects network traffic. In a Windows environment. A typical printing process for locally spooled print jobs is: 1. and has additional implications in a XenApp context. the printer drivers and settings are stored on the computer itself. processes the print job. On the local computer. Windows writes the application’s drawing commands to the local spool file. The application creates a spooled print job.Local and Remote Print Job Spooling Print job spooling is important because where print jobs are spooled to is where print jobs are processed. This process of writing commands across the network occurs 432 . and jobs sent to network printers are spooled remotely. A typical printing process for remotely spooled print jobs is 1. 4. This process of writing commands occurs repeatedly until the job is completely spooled. 3. print jobs sent to locally attached printers are spooled locally. Print jobs can be spooled either locally or remotely. a locally attached printer). 2. The application tells the remote spooler to create a print job on the print server and an associated spool file. the local print spooler. Remotely Spooled Print Jobs When print jobs are spooled remotely. Windows writes the application’s drawing commands to the remote spool file. The application tells the local spooler to create a print job and an associated spool file on the local computer. the Windows print server processes the print job. The local spooler processes the job with the printer driver in a process known as rendering. the local Windows computer processes the job. On the local computer. aided by the printer driver.

However. In remote spooling. Remote spooling requires that the local computer and the remote printer exchange many messages across the network. the print job is processed on the print server. The remote spooler processes the job with the printer driver in a process known as rendering. Key Differences Between Remote and Local Spooling Unlike remote spooling. which off-loads processing from the local computer. The print server delivers the rendered data to the printing device (typically a network printer). for example when the resources on the local computer are needed for other tasks. 433 . in some situations. Even in a non-Citrix environment. if a WAN has substantial latency. users will have a poor user experience if the print jobs are spooled remotely across the WAN.Local and Remote Print Job Spooling repeatedly until the job is completely spooled. local spooling does not use any network resources. 3. 4. remote spooling is preferable.

you can reduce the amount of latency when users print by choosing a method of provisioning that is appropriate for your network configuration.XenApp Printing Concepts In a XenApp environment. Because there is no persistent workspace for users in XenApp (when a session ends. print jobs are not always sent directly from the server to the printing device. As a result. When a user clicks Print. This is known as printer provisioning. XenApp must reprovision (recreate or restore) the printers available in a session. and driver management. understanding key printing concepts is critical when planning your printing configuration: q The difference between the client and network printing pathway and how this is not the same as local printers and network printers The term printer provisioning. However. the print jobs can be redirected through the client device. each time a user starts a new session. print job routing. As a result. Restores the user’s printing preferences. you can customize how XenApp performs these tasks by configuring options for printer provisioning. printer property retention. XenApp: q Determines what printers (that is. Instead. printer autocreation. the user’s workspace is deleted). For example. and user self-provisioning Print job routing and when changing it can improve utilization The basics of printer driver management q q q 434 . Settings for these options can affect the performance of printing in your environment and the user experience. all settings need to be rebuilt at the beginning of each session. printer objects) to provide to the user. q q However. Determines which printer is the default for the session. the types of printer provisioning (static and dynamic). all printing is initiated (by the user) on the server.

print jobs can take two different printing pathways: q Network printing pathway Client printing pathway q Network Printing Pathway The term network printing pathway refers to print jobs that are routed from the farm server hosting the user’s session to a print server and spooled remotely. Spooling affects utilization of local resources on the device that processes the job. The network print server then routes the print job to an associated network printing device. In XenApp. The application tells the remote spooler to create a print job and an associated spool file. it uses this process: 1. The term printing pathway encompasses both the path by which print jobs are routed and the location where print jobs are spooled. When a print job is spooled remotely in a Windows environment. 435 . Both aspects of this concept are important. Routing affects network traffic. This diagram shows a XenApp network printing example: Printing begins on the farm server hosting the user’s session (where the application is published and executing).Overview of Client and Network Printing Pathways An important concept in XenApp is the printing pathway. XenApp routes the print job over a network connection to the network print server.

the printer must be shared. However. The print server processes the spool file. 3. Server local printers are managed and configured in the same ways as network printers.Overview of Client and Network Printing Pathways 2. server local printers are not used widely in enterprise environments because they require installing the printer drivers on each server in the farm and require additional resources on the XenApp server. Server local printers are shared printing devices that are physically attached to a farm server. Server Local Printers The term server local printers refers to a configuration that uses the network printing pathway where printing devices are attached locally to a XenApp farm server. The print server then sends the print job to the appropriate network printer. 436 . This diagram shows a XenApp server local printing example: Printing begins on the farm server hosting the user’s session and is routed to a printing device attached locally to the server. 4. Server local printers are often a good choice for printing in small farm environments. otherwise XenApp does not recognize it. The Windows Print Provider sends the spool file to the print server. Note: To use a locally attached printer as a server local printer in a XenApp farm.

because all processing occurs on the XenApp server. Locally Attached Client Printers The simplest configuration is the one where the printer is attached directly to the client device. When using the client printing pathway. when users print a document from a published application. When a print job is spooled to a client along the client printing pathway. it uses this process: 1. XenApp sends the print job over the connection to the client device. the host server) to create a print job and an associated spool file on the host server. sends the print job to the printing device. 437 . These jobs are spooled locally on the XenApp server. The client device then routes the print job to the printer connected locally to the client device.Overview of Client and Network Printing Pathways Client Printing Pathway The term client printing pathway refers to print jobs that are routed over the ICA protocol through the client device to the printer (either a printer connected directly to the client device or connected through a print server) and spooled on the Citrix online plug-in. in turn. Importantly. This diagram shows a simplified XenApp client printing example: Printing begins on the server where the application is published. a virtual printer is constructed in the session that redirects to the printer object on the client device. There are two different configurations of the client printing pathway: one for printers attached directly to the client device and another for network printers. In this configuration. The client device then relays it to a locally attached printer. The client device. they are actually starting that print job on the XenApp server. The published application tells the local spooler on the server hosting the application (that is. the application server sends the print job back to the client/client device.

4. In this case. The client device then routes the print job over the network to the print server. This diagram shows client printing to a network printer: Printing begins on the server where the application is published. The process is the same as for printing to a local printing device through the client.Overview of Client and Network Printing Pathways 2. The rendered data is delivered to the client device through the ICA protocol. However. Client Printers on the Network While client printers are often printers physically attached to client devices. XenApp routes the print job over the connection to the client device. The client device relays the print data to the client-side printing device (a locally attached printer in this example). (This process of writing commands occurs repeatedly until the job is completely spooled. Windows writes the application’s drawing commands to the local spool file.) 3. they can also be printers on the network. the job is sent to the network print server. print jobs are routed through the client device to the print server. On the host server. The local spooler processes the job with the printer driver in a process known as rendering. which in turn routes the print job to the network printer. instead of sending the job to the client device. 5. 438 .

The client printing pathway also lets you limit traffic or restrict bandwidth allocated for print jobs. The Windows print server then sends the print job to the appropriate network printer. it uses this process: 1. The application server sends the print job to the client for processing. 439 . Configuring the client printing pathway for network printing is useful for low bandwidth connections. The client processes the spooled job and sends it to the Windows print server for processing. 2.Overview of Client and Network Printing Pathways When a print job is spooled to a network printer along the client printing pathway. 3. Configuring XenApp to use the client printing pathway for network printing devices is useful when a print server is in a domain different from the farm servers (and the client devices have access to the print server’s domain). that can benefit from the traffic compression that results from sending jobs over the ICA connection. such as WANs. Using the client printing pathway lets application servers send print jobs over the ICA connection to access the printer through the client device.

After that. as the session is built. Server local printers are provisioned only once. Rather. If users have thin clients or cannot access their client devices. it needs both the required printer object and a printer driver. Because sessions are hosted in a virtual workspace instead of locally on a hard drive. When printers are provisioned dynamically. q Because provisioning static printers is relatively simple. the printers are assembled. you can prevent printer autocreation and let users provision printers visible from their client device. Users can map client printers that are not autocreated by policy manually in a user session through the Windows Add Printer wizard on the server (in their sessions). they can change according to changes to policies. the printers that appear in a session are not predetermined and stored. Instead. they can self-provision by running the ICA Client Printer Configuration tool (PrintCfg. If you do not want to specify (and administer) user printers. Dynamic.exe). based on policies. If you choose. this topic focuses on provisioning printers dynamically. they are always created in sessions with the same properties and do not vary according to policies. There are two types of printer provisioning: q Static. The two most common methods of dynamic printer provisioning are: q User provisioning Autocreation q To control what printers users have in their sessions and ensure printers are available when users start their sessions. You can control printer provisioning and the way you configure it affects what printers users see in sessions and the speed of the printers. and changes to the network (provided they are reflected in policies).exe on your farm. The process by which XenApp makes printers available in a session is known as provisioning. you must publish PrintCfg. printers and their drivers are not stored on the local computer. when you connect them to the farm server. provision their printers through autocreation. For users to self-provision with the utility. User Provisioning You can allow users to add printers to their sessions on their own. 440 . you can let users self-provision their printers. changes in user location. As a result. The printers that are available in a session are determined as the session is built.Provisioning Printers for Sessions For a computer to process a print command. they are restored at logon or reconnect.

By default. Also. This topic comprises: q Auto-Creating Client Printers Provisioning a Citrix Universal Printing Solution Auto-Creating Network Printers Letting Users Provision Their Own Printers q q q All of these provisioning methods use the client printing pathway except for Auto-Creating Network Printers. however. which uses the network printing pathway.Provisioning Printers for Sessions Autocreation The term autocreation refers to printers XenApp creates automatically. the drivers for these printers must be added to all servers on the farm. After the user ends the session. The next time a session starts. XenApp evaluates any policies for printer creation and enumerates the appropriate printers from the client device. When you add new printers. You can change the default autocreation policy settings to limit the number or type of printers that are auto-created. including locally attached and network printers. you can specify for XenApp to do this automatically. at the beginning of each session. the printers for that session are deleted. based on what printers are configured on the client device and any policies that apply to the session. 441 . XenApp makes printers available in sessions by creating all printers configured on the client device automatically. you need to update the autocreation list. XenApp can auto-create: q Client redirected printers. including auto-created client printers and a Universal Printer Network printers q There is maintenance associated with provisioning by printers by using client and network printer autocreation.

types of printers are provisioned to users and prevent autocreation entirely. If you do not want large numbers of printers created at the beginning of each session. However. Auto-creating a smaller number of printers creates less overhead on the server and is better for CPU utilization. When the user logs in. especially large ones. You can control what. their print drivers will be installed and all printers returned in this list will be available for use. including network and locally attached printers. that represents all (or any) printers on the client device q In many environments. Citrix recommends that you auto-create only one default printer. XenApp auto-creates all printers on the client device by default. in environments where users with limited computer skills need to print to a wide variety of local printing devices. XenApp can auto-create redirected client printers in two different ways: q By creating a one-to-one match with printers on the client device By creating one generic printer. you may want to leave the default autocreation setting so that all printers are created on logon.Auto-Creating Client Printers The autocreation feature creates a list of printers that a user can use after logging on. Auto-Creating Printers from the Client Device At the start of a session. The Citrix policy setting Auto-create client printers lets you control autocreation and specify that: q All printers visible to the client device. consider specifying for XenApp to use the Citrix Universal Printer. ensure: q User accounts are not shared Users are not in the local power user or administrators group on the client devices You add Microsoft native or fully tested drivers only q q 442 . are created automatically at the start of each session All non-network printers physically attached to the client device are created automatically Only the default printer for the client device is created automatically No printers visible to the client device are created automatically q q q When configuring policies for printer autocreation. if any. the Citrix Universal Printer.

however. Auto-created device printers. A generic printer object.Auto-Creating Client Printers q Users have write access on the server to %systemroot%\system32\spool These points help ensure that printers auto-create successfully. q These printing solutions can be used in one of the following ways: q Auto-created device printer with Citrix Universal printer driver. the Citrix Universal Printer and device-specific printers are auto-created. they simplify administration by reducing the number of drivers required on farm servers or the number of printers created at the beginning of sessions. Universal printing solutions are printers and drivers not tied to any specific device. the session uses the Citrix Universal printer driver to communicate with the driver on the client device and the print job is processed on the client device. For example. at the beginning of each session. 443 . XenApp includes two types of universal printing solutions: q Citrix Universal Printer. Provisioning a Citrix Universal Printing Solution Citrix Universal printers and drivers are printing solutions that let users print regardless of whether or not they have the correct printers and drivers installed. the session uses the Citrix Universal printer driver to communicate with the driver on the client device and the print job is processed on the client device. Consequently. the speed of starting a session is increased and the complexity of printer administration is decreased. A device-specific printer gets auto-created but uses a Citrix Universal printer driver. A Citrix Universal Printer gets auto-created and it uses a Citrix Universal printer driver. That is. configured policy rules specify that the printer LaserJet5L still gets auto-created at the beginning of each session. Citrix-created Universal printer drivers consist of the Citrix XPS Universal Printer driver and the EMF-based Citrix Universal Printer driver. These drivers also work with non-Windows clients. the only printer that is auto-created is the Citrix Universal Printer. The Citrix Universal Printer and printer driver solution requires the Citrix Online Plug-in or the Citrix Offline Plug-in. auto-created Citrix Universal Printer with a Citrix Universal printer driver – At the beginning of the session. q q Whether you use a Citrix Universal printing solution depends on various factors: q The Citrix Universal Printer and printer driver might not work for all client devices or plug-ins in your environment. Because users need to access fewer printers and drivers. Citrix Universal Printer Drivers. This printer can be used with almost any printing device. Both printers use the Citrix Universal printer driver. replacing the printers that appear in the users Printers control panel during their session. Like the first example. Auto-created Citrix Universal Printer with a Citrix Universal printer driver. Windows Native Printer drivers are generic drivers that work with almost any printer.

with any client-side printer. Note: Citrix Universal Printing is available for Citrix Presentation Server Client. Changing printer names can cause problems for some applications. use one of the other universal printer drivers that are based on postscript/PCL and installed automatically with XenApp. it can greatly reduce the resource usage at the start of a session from printer autocreation. The user experience varies depending on the type of Citrix Universal Printer. Version 9.x or Version 10. This printer can print to and communicate. If you want to use a universal printing solution for non-Windows plug-ins. Note: If you want the Citrix Universal Printer to appear in sessions. you can specify that only the Universal Printer be auto-created for each printer on the client device.Auto-Creating Client Printers The Citrix Universal Printer does not work if plug-ins are not connecting through the ICA channel. This feature is available in Presentation Server 4. The Citrix Universal Printer is created on a per-session basis. Citrix XenApp Plugin for Hosted Apps 11. the printer is not enabled.x. both the EMF-based and XPS-based Citrix Universal Printers provide ways to preview and select settings: 444 . an extra printer is created in the session with the name Citrix UNIVERSAL Printer in session number of session. To use only the Citrix Universal Printer in sessions and not auto-create any printers on the client device. however. However. such as when you are using the Citrix Offline Plug-in and streaming applications to the client. When you use the Universal Printer. through the client. use both the Citrix Universal Printer and a Citrix Universal printer driver. Citrix Universal Printer The Citrix Universal Printer is a generic printer created at the beginning of sessions that can be used with almost any printing device. To get the best results when configuring your farm. Universal printer drivers are installed by default on each farm server. and the Citrix Offline Plug-in. enable the Universal Printer through the registry and configure the Citrix policy setting Auto-create client printers to Do not auto-create client printers. Because the Citrix Universal Printer is not tied to a specific printing device. You may also want to use the Citrix Universal Printer because the printer name does not change when users reconnect. When the Citrix Universal Printer is enabled. the Citrix XenApp Plug-in for Streamed Apps. q The Citrix Universal printer driver might also create smaller print jobs than older or less advanced printer drivers. make sure that the Citrix policy setting Client printer names is not set to Legacy printer names in any policies affecting those sessions. When used with a Citrix Universal Printer driver.0. the Citrix Online Plug-in. sometimes it might be better to use a device-specific driver because the driver might be able to optimize print jobs for its associated printer.0 to XenApp 6.

no preview is displayed and print job is routed directly to the default printer on the user device. the Citrix XenApp Plug-in for Hosted Apps. the Citrix XPS Universal Printer sends documents to Internet Explorer if a user selects Print Preview or modifies the print settings. XPS-based Citrix Universal Printer. q Note: The Print Previewer cannot be controlled by the administrator unless users have the Citrix Presentation Server Client.100 or later.Auto-Creating Client Printers q EMF-based Citrix Universal Printer. the user sees a preview of the print job and has the option of choosing a target printer and controlling print device setting. displaying them in Microsoft’s XPS “electronic paper” format. The EMF-based Citrix Universal Printer can display a print preview before printing. Version 10. Like Microsoft XPS Document Writer. If the Preview on client option is selected in the printer’s printing preferences. Version 11x. 445 . or the Citrix Online Plug-in. If the Preview on client option is not selected.

To specify that specific printers are created in sessions rather than auto-create all the network printing devices available from the client device.Auto-Creating Network Printers By default. Network printers created with the Session printers setting can vary according to conditions where the session was initiated. disable the Citrix policy setting Direct connections to print servers. When this setting is disabled. such as location (by filtering on objects such as subnets). if possible. configure the Citrix policy setting Session printers. However. Note: For printers in domains that do not have a trust relationship with the XenApp farm. any network printing devices on the client device are created automatically at the beginning of sessions. XenApp always tries to route jobs directly from XenApp to the print server and not through the client connection. print jobs are routed through the client using the client printing pathway. 446 .

By default.Letting Users Provision Their Own Printers If you do not want specific printers to be auto-created at the beginning of each session. When XenApp recreates a retained printer at the start of a session. If they use this tool. all users can add printing devices to be used in a session. or the client-side printer is inaccessible. The only time users cannot add printers to their sessions is when they cannot access their client device because they are using a thin client and there are no applications published that let them browse and add printers. Users might need to use the PrintCfg. provided they can access the network from their client devices. the printers are routed along the client printing pathway. the remembered printer connection is removed from the client’s properties store. it considers all Citrix policy settings except Auto-create client printers. 447 . allow users to add their own printers.exe tool to add printers if they cannot browse to the printer from within the session or cannot access their client desktop. Retained printers appear in sessions on that device until the client printer within the session is deleted manually. Printers that users create on their own during a session are known as retained printers because they are created again (or remembered) at the start of the next session.

on their local computer offline).Device or Session-Based Print Settings By default. By default. from either the printer object or the printing device. are saved and used locally and in a session. You can configure sessions to obtain print settings. 448 . Citrix policy settings let you change the way XenApp software saves and applies printer device settings and preferences. The main reason you want sessions to obtain their print settings from the printing device is if Windows users make changes to local printers outside of sessions (that is. XenApp plug-ins use the settings stored in the printer object in the session. XenApp can write printer settings to the printer object at the end of a session or to a client printing device. whether in a session or working on their local computer. specifically user printing preferences. Non-Windows plug-ins synchronize changes made out of sessions automatically. provided the user’s network account has sufficient permissions. all changes users make to the printer device settings and preferences. before looking in other locations for settings and preferences. This means that printer settings and preferences are always the same on the client device and in a session.

the plug-in gives priority to settings from the printer. If a change is made to the printer inside the session. If a change was made to the printer out of a session. Use Registry Editor at your own risk. only a subset of settings is exchanged between the real printer and the virtual printer in the session. If you do not.Device-Based Print Settings Caution: Using Registry Editor incorrectly can cause serious problems that may require you to install your operating system. Settings in the session stay synchronized with settings on the printing device. To do so. rather than retained settings. the plug-in attempts to write the change back to the printer on the client device when logging off. Some device independent settings are inherited and others are not. the change is picked up. If you have Windows users with locally attached printers who work on applications locally and on the server. you might want to retain changes to the printer settings the users make locally outside of a session. as described in To synchronize properties from the printer. 449 . create and set the Win32FavorRetainedPrinterSettings registry key to False. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. When the registry key is modified. You must have the same driver on the client device and server.

450 . From changes a user made during a session. it is important to understand that the settings preserved in any Windows-based environment vary according to where the user made the changes. that is. In word-processing and desktop-publishing programs. Inside of a document. are often stored inside documents. such as documents. when you need to change this setting) q q General Locations of Printing Preferences In Windows printing environments. For example. For example. These settings are often referred to as Document Settings. such as page orientation and the printer name. These are the default settings associated with a particular printer driver on the server. such as page orientation.Controlling Printing Settings and User Preferences To understand how printing preferences are retained and applied. the settings are stored in these locations: q On the client device itself. settings. XenApp keeps only changes to the printing settings of an auto-created printer if the change was made in the the Control Panel in the session. on the server. when you queue a document to print. The settings are set on the client device by right-clicking the printer in the Control Panel and selecting Printing Preferences. Microsoft Word typically stores the printing preferences you specified. q q q If you want to control user printing preferences. In a XenApp environment. changes made to printing preferences can be stored on the local computer or in a document. you must understand: q The locations printing settings can be stored in a XenApp environment The priority XenApp software uses to apply printing preferences from previous sessions to the printers in a newly created session Where XenApp software stores printing preferences by default and if there are factors in your environment that will prevent the software from successfully storing them in this location (that is. printing settings applied to a specific printer can change throughout a session. such as in a spreadsheet program. On the server. inside the document. if Landscape is selected as page orientation. can be different than those in others. This type of preference is known as Device Settings. As result. These settings appear by default the next time you print that document. landscape is saved as the default page orientation preference for that printer. This also means that the printing settings that appear in one place. when users modify printing settings.

Users must be running Citrix Presentation Server Client 9. q 451 . you might need to reconfigure how XenApp stores user printing preferences: q Client version. Document Settings. XenApp attempts to store printing properties. If one of the following apply. XenApp always applies any printing settings a user modified during a session. before considering any other settings. roaming. you must store the properties on the client device. Also. 3. a combination of the user’s printing preferences and printing device-specific settings. XenApp applies the default printer settings stored on the server when the user prints. If there are no retained or client printer settings. If you are using a mandatory profile and you want to retain the user’s printer properties. XenApp searches for settings in this order: 1. Generally. or mandatory profiles on your Windows network. At this point. Saving Users’ Printing Preferences By default.Controlling Printing Settings and User Preferences Hierarchy of Users’ Printing Preferences Because printing preferences can be stored in multiple places. the retained settings. it is important to note that Device Settings are treated distinctly from. If there are no retained printer settings. XenApp merges any retained settings and the settings inherited from the client device with the settings for the default printer driver on the server. XenApp checks for retained printer settings. You can use the Printer Properties Retention policy rule to force properties to be saved on either the client or on the server. Not all XenApp plug-ins allow users to store printer properties on a client device. 2. If the client does not support this operation. By default. on the client device. and usually take precedence over. if you are using local. it applies these settings when the user prints. That is. the printer settings are merged.x and higher to store user-modified printer properties on the client device. Type of Windows user profile. XenApp stores printing properties in its user profile for that user. Sessions from non-Windows XenApp plug-ins or even older Windows XenApp plug-ins use the user profiles on the server for properties retention. XenApp searches for any changes to the printer settings for the default printer for the client device. XenApp processes them according to a specific priority. that is. If XenApp finds retained settings. it applies these settings when the user prints. If XenApp finds any changes to printing preferences on the client device.

452 . you must understand how XenApp determines what print settings it applies and also what the difference is between storing print settings on the client device or with a profile.Controlling Printing Settings and User Preferences q Farm Size. If you have a large farm and you are load balancing applications. The only way you can get consistent printing behavior is to save the printer properties on the client device. before you make these decisions. Type of workers. Leaving the default setting. is the easiest way to ensure consistent printing properties. Citrix recommends you not change where the printer properties are stored. users will experience inconsistent printing behavior and properties if you use local profiles. However. which saves the printer properties on the client device. You can specify whether you want these settings stored on the client device or with the user’s profile. you must save the printer properties to the user’s profile and not the client device. If you have mobile or remote workers and you are using roaming profiles. You can also change this default behavior so settings are not stored. q If none of these factors apply to you.

453 . See To specify a default printer for a session for details. then. However.Setting Default Printers The printer that XenApp selects for a session’s default printer can be based on: q A network printer you specify as the default The default printer on the client device q If you want to base the default session printer on either of these. use the Citrix policy setting Default printer. if you specified that XenApp auto-create the default client printer. if no other printers are provisioned in sessions. you might not need to specify a default session printer.

The Proximity Printing solution is enabled through the Citrix policy setting Default printer. such as: q The name of the workstation. For example. if a user moves from one department or floor to another. you do not need to assign additional printers to that user if Proximity Printing is implemented. it has access to all network printers within that range. However. if you modify the DHCP IP address ranges for floors or departments. or employees who travel to remote business units. if the name relates to the workstation’s location 454 . Likewise. The printers assigned on the first client device are replaced on reconnection with the printers designated on the second client device. If you have mobile workers and need this type of printing functionality. and reconnect to continue that same session. use one of these features: q SmoothRoaming Proximity Printing q SmoothRoaming Also known as Workspace control. if you configure Proximity Printing. reconnecting to the same session using a smart card. you can make sure that the closest printers are presented to them wherever they try to print. Proximity Printing can make administration easier even if you do not have mobile workers. as network printers are added or removed. users are always presented with applicable printer options from wherever they connect. Proximity Printing This feature lets you control the assignment of network printers so that the most appropriate printer is presented. you must update this policy to reflect the current set of network printers. Examples of such users include hospital workers who move among workstations in different wings of a hospital. Proximity Printing requires that you can filter the policy on some type of geographic indicator. you must update this policy. move to another device. you must maintain the Session printer policy.Printing and Mobile Workers In situations where users move among different workstations or sites. As a result. based on the location of the client device. When the workstation is recognized within the new location’s IP address range. For example. this feature lets a user disconnect from one session.

if they correlate with user locations 455 .Printing and Mobile Workers q Your network’s IP addresses.

By default. Auto-created network printers. You can configure that jobs be routed to network printers: q Through the plug-in. This is accomplished by auto-creating the network printer but specifying its jobs to route through the plug-in. By default. the print job traffic from the server to the print server is not compressed and is treated as regular network traffic. and directly to the print server. print jobs relayed using the network printing pathway are not suited to WANs. disable the Citrix policy setting Direct connections to print servers. XenApp automatically routes the print job through the plug-in. q Routing jobs along the network printing pathway is ideal for fast local networks and when you want users to have the same user experience that they have on their local client device (that is. XenApp routes jobs to locally attached printers from the server.Optimizing Printing Performance by Routing In a XenApp environment. when you want the printer names to appear the same in every session). The ICA protocol compresses the print job traffic. you can use policies to control how print jobs are routed to network printers. To do so. However. you can control how print jobs destined for network printers are routed. through the client. When printing jobs across a network with limited bandwidth. However. if the application server and the print server are on different domains. This is accomplished either by leaving the default settings so that the network printer is auto-created (or configuring a policy to do this) or by provisioning the network printer through the Session printers policy rule. Jobs can take two paths to a network printing device: along the client or network printing pathway. and then to the print device. q When network printers are visible from the server. The spooling of print jobs using the network printing pathway method uses more bandwidth than using the client pathway. Over the network. Citrix recommends routing jobs through the client device so that the ICA protocol compresses the jobs. XenApp routes print jobs along the client printing pathway as follows: q Auto-created client printers. users might experience latency while the print jobs are spooling over the WAN. all print jobs destined for network printers route from the server. 456 . the jobs must be routed through the plug-in. across the network. Also. Consequently. many packets are exchanged between the host server and the print server. When a printing device is attached locally to the client device.

XenApp automatically installs a native driver if one is not found on the server hosting the published application. Because users in a XenApp environment do not have a persistent workspace. and (b) the client device.Managing Printer Drivers During printer auto-creation. As a result. printing fails. drivers cannot be stored on the client. This diagram shows client printing to a local printer: The printer driver on the server routes the job over the ICA channel to the client device. which is accessible on the client device. if XenApp detects a new local printer connected to a client device. If a third-party printer driver has multiple or inconsistent names across your farm. The printer driver on the server and the driver used by the client device must match exactly. To print to a local device. XenApp must find the correct driver on: (a) its server or in the server’s Windows operating system. which in turn routes the print job to the local printer. install them automatically. The diagram that follows shows how the printer driver is used in two places for client printing. XenApp provides features to manage drivers. The client device then routes the print job through the same printer driver. and replicate them across your farm. The printer driver on the client device relays the print job to the print spooler on the client device. By default. If not. a session might not be able 457 . it checks the server hosting the published application (from which the user is trying to print) for the required printer driver. The following problems can arise from not managing client printer drivers correctly: q Any missing drivers can prevent users from printing successfully.

For XenApp servers to print across the network printing pathway. it is difficult and time consuming to remove it from every server to prevent its use with client printers. from the print server. XenApp does not download drivers. If a defective driver is replicated throughout a server farm. including printer drivers. q Printing to a client printer with a defective driver can cause a fatal system error on a server. Two print servers are not required.Managing Printer Drivers to find it and a user’s job may fail to print. q q When planning your driver management strategy. determine if you will support device-specific or the Universal Printing driver. If you support standard drivers. the correct device-specific printer driver for the XenApp server's operating system (version and bit depth) must be installed on the XenApp server. or both. you also need to determine: q What types of drivers you want to support If you want printer drivers automatically installed when they are missing on farm servers If you want to create driver compatibility lists If you want to replicate drivers across your farm servers automatically q q q 458 .

If users need to print while away from their primary work location. However.Planning Your Printing Configuration Choosing the most appropriate printing configuration options for your needs and environment can simplify administration. users can print in most environments. q q When designing your printing configuration. workers who move between workstations or travel on business. Your existing printing implementation (user’s ability to add printers. for example. 459 . users might not get the printing experience they expect and default printing configurations might not be appropriate for your environment. Without performing any printing configurations. printers for Human Resources or payroll). which users have access to what printers. Your printing configuration depends upon: q Your business needs and your existing printing infrastructure. and so on) might be a useful guide when defining your XenApp printing configuration. If your organization has security policies that reserve printers for certain users (for example. Design your printing configuration around the needs of your organization. try to give users the same experience in a session as they have when they print when working on their local client devices.

display them by creating a new policy and setting all printing policy rules to Enabled. it will route them through the client device as a redirected client print job. If XenApp cannot route the jobs over the network. 460 . XenApp uses the Windows version of the printer driver if it is available on the server hosting the application. This behavior is equivalent to disabling the Citrix policy setting Direct connection to print servers. XenApp retains all properties and settings users configure for printers they provision themselves in sessions. q q q q Note: If you are unsure about what the shipping defaults are for printing. This behavior is equivalent to configuring the Citrix policy setting Printer properties retention with the Held in profile only if not saved on client option. XenApp stores printing properties in the user profile for that user. The option that appears is the default. If the client device does not support this operation. This behavior is equivalent to enabling the Citrix policy setting Automatic installation of in-box printer drivers and configuring the Universal printing setting with the Use universal printing only if requested driver is unavailable. it uses one of the Citrix Universal printer drivers. If the driver is not available in Windows. over the ICA channel and through the client device). XenApp stores printing properties on the client device. This behavior is equivalent to configuring the Citrix policy setting Auto-create client printers with the Auto-create all client printers option. XenApp routes all print jobs queued to printers locally attached to client devices as client print jobs (that is. XenApp printing behavior is as follows: q All printers configured on the client device are created automatically at the beginning of each session.Default Printing Behavior By default. if you do not configure any policy rules. XenApp routes all print jobs queued to network printers directly from the server hosting the published application. If the printer driver is not available. the XenApp server attempts to install the driver from the Windows operating system.

See Configuring and Maintaining XenApp Printing for configuration details.Printing Policy Configuration When users access printers from published applications. you can configure XenApp policies to specify: q How printers are provisioned (or added to sessions) How print jobs are routed How printer drivers are managed q q You can have different printing configurations for different client devices or users or any other objects on which policies are filtered. so review the information in the printing topics carefully before configuring them. 461 . You must understand the ramifications of setting the options in printing policies.

462 . let a user from one session use another user’s printer in a different session. This allows the user to identify both the printer and client it is connected to. By default. potentially. As an administrator. add the Admins Can Manage bit flag to default print flags in the system registry of your server. The local print provider maintains a single shared namespace for all local printers on a server. client printers auto-created in a XenApp session are local printers managed by the local print provider and Citrix spooler extensions.Printing Security Client printing can. you can do so through Windows Explorer. Furthermore. This prevents bypassing the spooler and communicating directly with CpSvc.exe. this prevents you from inadvertently printing to printers in another session. to increase client printing security. requests for services directed to the print manager must originate from a process in the correct session. If you need to adjust security settings of a printer in another session. Printers connected through a pass-through server use the session ID to identify the printer uniquely. In addition. access to the client printers is restricted to: q The account that the print manager service runs in Processes running in the SYSTEM account such as the spooler Processes running in the user’s session q q Windows security blocks access to the printer from all other processes on the system. Unlike network printer connections. keeping the remainder of the name the same. See the Citrix Knowledge Center for more information. Note: If administrators require frequent access to printers in other sessions. without identifying which pass-through server through which it might have connected. the XenApp printer naming convention helps combat this problem by avoiding the potential for printers and ports to be shared between sessions. you cannot access client printers from another session. This means that a user’s client printers may be visible and potentially accessible to users from other sessions on the server.

not by Citrix. such as Windows Remote Desktop Services environments and Citrix XenApp. To determine if a printer model supports XenApp.Purchasing Printing Hardware Before purchasing printers for your organization.citrix. make sure that it is PCL or PS compatible.” “HOST only. make sure the printer is not a host-based printer.” or “LIDL. 463 . they are difficult to run in a XenApp environment.” Because these printers require software on the client device to generate the print job. Whether printers work in a XenApp environment is determined by the printer manufacturer. Citrix recommends finding out if the printer models that you are considering were tested for multiuser environments. When purchasing a printer. Also. they are often labeled as “GDI. contact the manufacturer or see the Citrix Ready product guide at www. Host-based printers use the processor on the host computer to generate print jobs.com/ready.

Adding or removing printers from your network require that you update any configured Session printers policy settings. creating a new session. Filtering on Client IP address is useful when associating network printers with specific workstations. Drivers. For example. The settings in this category control driver management. Session printers. 464 . The policies are filtered on standard objects that apply to all Citrix policy settings. Printer redirection bandwidth limit. Citrix policies always take precedence over Windows policies in a XenApp environment. This setting configures how network printers are provisioned. users changing departments or workstation locations require that you update the printing policies associated with that user. Therefore. Policy maintenance Changes in your network often result in the need to update printing policy configurations. XenApp uses the default printing behavior that is described in Planning Your Printing Configuration. Filtering on Client Device Name is useful if you are trying to configure proximity printing. determine which filter objects best achieve your goals. Any new printers added to a policy or a user device during a session do not appear in the session until the user logs off and logs on. when configuring printing settings. The settings in this category affect the client redirected printers and printing using the client printing pathway. q Policy prioritization All printing policy settings follow standard XenApp prioritization. Printing settings follow standard Citrix policy behavior: q Printing settings are evaluated during initial logon and remain in force throughout the session. q q q If you do not enable any settings that affect printing.Configuring and Maintaining XenApp Printing Most XenApp printing functions are configured through the following Citrix policy categories and settings: q Client printers. This setting restricts the bandwidth allocated to printers.

465 . Only the client’s default printer attached to or mapped from the client preconfigured in the Control Panel is auto-created in the session. Auto-create local (non-network) client printers only. Auto-create the client’s default printer only. By default. Auto-create all client printers. this setting is not enabled.0 or earlier. q q q To configure legacy client printer support To auto-create client printers with legacy printer names and preserve backward compatibility for users or groups using MetaFrame 3. All network printers and any printers attached to or mapped from the user device preconfigured in the Control Panel are auto-created in the session. Any non-network printers attached to the client device preconfigured in the Control Panel are auto-created in the session. Client printers are not auto-created. To modify printer auto-creation behavior Configure one of the following in the Auto-create client printers setting: q Do not auto-create client printers. choose the Legacy printer names option from the Citrix policy Client printer names setting.Configuring Printer Autocreation Settings Configure the Citrix policy setting Auto-create client printers to control how or if printers are created automatically at the start of sessions. so XenApp creates all printers on the user device.

use the following settings: q Universal print driver usage. minimizing the occurrence of illegible output. the image compression limit is set to Best Quality (lossless compression). or remove drivers and change the order of the drivers in the list. configuring a Universal printer driver does improve printer driver performance. By default. To configure universal printing To configure universal printing. However. Defines the maximum quality and the minimum compression level available for images printed with the Universal printer driver. You can add. Auto-create generic universal printer. By default. Controls the method of processing the EMF spool file on the Windows user device. You can configure: q Citrix XPS Universal Printer driver Citrix Universal Printer driver. By default. Specifies whether to use the print preview function for auto-created or generic universal printers. Universal printing image compression limit. Enables or disables auto-creation of the generic Citrix UNIVERSAL Printer object for sessions when a user device compatible with Universal Printing is in use. Universal printing preview preference. Spooling directly to the printer allows the spooler to process the EMF records without prompting the user for additional information. Universal printing print quality limits.Configuring Citrix Universal Printing There are several different Universal Printing solutions. Universal driver preference. the generic Universal Printer object is not auto-created. Compression is not disabled for XPS printing. EMF records are spooled directly to the printer. compression is disabled for EMF printing only. beginning with the first entry in the list. Universal printing EMF processing mode. Specifies the order in which XenApp attempts to use universal printer drivers. Specifies the maximum dots per inch (dpi) available for generating printed output in the session. q q q q q q 466 . which is EMF-based Auto-created Citrix Universal Printer with a Citrix Universal printer driver q q Configuring only a Universal printer driver will not improve session start time (printers on the client device are still enumerated and auto-created at the beginning of sessions). no limit is specified. If No Compression is selected. edit. By default. Specifies when to use universal printing.

Configuring Citrix Universal Printing q Universal printing optimization defaults. see Configuring Universal Printer Drivers on Farm Servers. 467 . Allows or prevents non-administrative users from modifying any of these options through the printer driver's printing preferences. color. Standard quality is selected. q When Universal printing image compression limit and Universal printing optimization defaults are both used: q If the compression level in the Universal printing compression limit setting is lower than the level defined in Universal printing optimization defaults setting. without losing image quality. By default. only the Desired image quality option is supported. Specifies default settings for the Universal Printer when it is created for a session: q Desired image quality. You override the default settings of the Citrix Universal Printer and modify these settings by manually setting registry keys. For XPS printing. Enables or disables reducing bandwidth beyond the compression level set by Desired image quality. q q q Allow non-administrators to modify these settings. By default. Enable heavyweight compression. To change default settings on the Universal Printer You can change default settings for the Citrix Universal Printer. These options are supported for EMF printing. and the number of copies. Allow caching of embedded images. By default. Allow caching of embedded fonts. duplex. By default. users cannot modify these options. image caching is allowed. q For more information. font caching is allowed. heavyweight compression is disabled. Controls the level of image compression. Allows or prevents embedded images to be cached. Allows or prevents embedded fonts to be cached. print quality. the Universal printing optimization defaults setting's Desired image quality and Enable heavyweight compression options have no effect in the policy. see the Citrix Knowledge Center. If the Universal printing compression limit setting is set to No Compression. including settings for paper size. For a list of the specific registry values. paper width. images are compressed at the level defined in the Universal printing compression limits setting. By default.

Add printers to the XenApp server by manually installing the printers. Delete the printers. You can use the Add Printer wizard in Windows or browse to the server on which the printer is installed and double click the printer. that is. 1. 468 . which forces Windows to place the drivers in its local driver store. Deleting the printers ensures that they are created only when intended. only if the client has that network printer installed or the GPO with Session printers configured uses filtering and applies to only a subset of all users of the XenApp server. 2.Configuring Network Printers for Users If automatic printer creation fails for network printers on a client device or for session printers because the corresponding drivers are not installed automatically by Windows (because you configured a policy setting preventing auto-installation or they are third-party drivers). you must add the corresponding drivers to your farm servers manually.

Browse for printers on a specific server. Locate a printer on the network. q q Important: The server merges all enabled session printer settings for all applied policies. Enter the path using the format \\servername\printername. When a printer is configured in multiple policy objects.To add a network printer while configuring the Session printers setting In the Citrix policy setting for Session printers. Browse. Enter the server name using the format \\servername and click Browse. 469 . starting from the highest to lowest priorities. add a network printer using one of the following methods: q Printer UNC path. custom default settings are taken from only the highest priority policy object in which that printer is configured.

To specify a default printer for a session To specify a network printer. On the Default printer settings page. if there are no printers added locally to the server 3. group policies. it must already be added to the policy in which you are enabling the Citrix policy setting Default printer. q 470 . When Do not adjust the user’s default printer is selected. which is either: q The first printer added locally to the Windows server in the Control Panel The first auto-created printer. To add a network printer while configuring the Session printers setting. Set default printer to the client’s main printer. 1. You can use this option to present users with the nearest printer through profile settings (functionality known as Proximity Printing). Uses the current Remote Desktop Services or Windows user profile setting for the default printer. the default printer is not saved in the profile and it does not change according to other session or client properties. the default printer in a session will be the first printer auto-created in the session. 2. choose one of the following: q Name of the network printer you want to be default for this policy. If you choose this option. q q Do not adjust the user’s default printer. from the Choose client’s default printer drop-down list. Important: Mapping for the client’s main printer can also be disabled through other policies. Printers that were added with the Session printers policy setting are displayed in this drop-down menu and can be specified as the default printer. or Remote Desktop Services settings. Sets the default printer for the session to the client’s current default printer. Apply the policy to the group of users (or other filtered objects) you want to affect. this option has no effect. Complete the procedure. If the client's main printer is not mapped.

scale. copy count. that option has no effect. Specify the printer settings. 471 . You can set print quality. TrueType option. color. If you specify a printing option that the printer does not support. 1. Click Settings. duplex. This setting overrides retained printer settings the user set during a previous session. On the Session printers settings page. 2. 3. orientation. select the name of the printer for which you want to modify the settings.To edit the printer settings in the sessions policy Use the Citrix policy setting Session printers to override printer's default settings at the beginning of each session. and paper size.

q 472 . select these check boxes: q Share this printer Render print jobs on client computers Sharing the printer allows creation of the printer when a session on that server is launched. On the server where the printer is physically connected. In the Sharing tab. in Control Panel > Hardware > Devices and Printers. 3. right-click the printer you want to share.To configure server local printers To let users connecting to the farm print to a printer that is local to a farm server. Choose Printer Properties. physically connect the printer to a farm server and share it as follows: 1. 2.

Proximity printing enables users within a specified IP address range to automatically access the network printing devices that exist within that same range.Configuring Printers for Mobile Workers When you want to make sure that users always see the closest printer to their client device in a session. Create a separate policy for each subnet (or to correspond with printer location). In each policy. The ability to configure proximity printing assumes that your network is designed as follows: q It uses a DHCP server to assign your users’ IP addresses by their location (for example. configure the Proximity printing solution. floor of a building) All departments/floors within the company have unique designated IP address ranges Network printers are assigned IP addresses within the range of IP addresses for the department/floor in which they are located q q To configure Proximity Printing using IP addresses 1. 473 . Set the Default printer setting to Do not adjust the user's default printer. 4. 2. add the printers in that subnet’s geographic location to the Session printers setting. 3. Filter the policies by Client IP address.

474 . Citrix recommends routing jobs through the client device so that the ICA protocol compresses the jobs. Note: Print jobs sent over the network printing pathway are not compressed.Changing Network Print Job Routing By default. disable the Citrix policy setting Direct connection to print servers. To do so. XenApp routes jobs to network printers from the application server directly to the print server (along the network printing pathway). When routing printing jobs across a network with limited bandwidth.

For example. “Path of explorer. XenApp retains the printer information for the next time a user logs on from that client device. 2. This tool lets Windows CE and DOS users add printers.exe” C:\Printers. To publish the Windows Add Printer wizard This procedure assumes that you already published Windows Explorer on the server on which you want to publish the Add Printer wizard.{2227A280-3AEA-1069-A2DE-08002B30309D} where C represents a drive on the XenApp server. 1. When you press Enter. The Add Printer wizard. Client printers created using this process are considered retained printers.exe is located.{2227A280-3AEA-1069-A2DE-08002B30309D} Working directory. The path where explorer. the folder icon changes to a printer icon. Publishing this Windows wizard lets users with Windows plug-ins add printers that are on the local client device or network.Providing Tools for User Provisioning The following groups of users cannot add printers to sessions unless you publish printer provisioning tools for them: q Windows users who do not have access to the Add Printer wizard on the local client device or any applications that let them browse to printers Non-Windows plug-in users q If you want these users to add printers on their own.{2227A280-3AEA-1069-A2DE-08002B30309D} 475 . Create the following folder at the root level of one of the XenApp server’s drives: C:\Printers.exe” %*C:\Printers. Command line. Publishing this wizard is also referred to sometimes as publishing the Print Manager. modify the command line to include %*. “Path of explorer. Create a published application with the following properties: Command line. q After a user adds printers using either of these methods. If you get a path error and cannot access the published printers folder. publish either: q The ICA Client Printer Configuration Tool (PrintCfg.exe).

476 . On a 32-bit system. Follow the instructions for publishing an application in To publish a resource using the Publish Application wizard. the default location for the tool is C:\Program Files\Citrix\system32\printcfg. On the Location page.exe.Providing Tools for User Provisioning To publish the ICA Client Printer Configuration Tool 1. enter the path for the ICA Client Printer Configuration tool (printcfg. the default location for the tool is C:\Program Files (x86)\Citrix\system32\printcfg.exe) on your server. On a 64-bit system.exe. 2.

0 or earlier and MetaFrame Presentation Server Client 8. Saved on the client device only is for user devices that have a mandatory or roaming profile that is not saved. Note that this is applicable only if a Remote Desktop Services roaming profile is used.x. Use this option with MetaFrame Presentation Server 3. This option stores printer properties in the user profile on the server and prevents any properties exchange with the user device. Retained in user profile only is for user devices constrained by bandwidth (this option reduces network traffic) and logon speed or for users with legacy plug-ins.x.x. it can also slow logon time and use extra bandwidth for system-checking.x. and 12. q q 477 .x or earlier. configure the Citrix policy setting Printer properties retention by choosing from the following settings: q Held in profile only if not saved on client allows the system to determine where printer properties are stored. 10. or in the user profile.To store users’ printer properties To store user printer properties. Choose this option only if all the servers in your farm are running XenApp 5 and above and your users are using Citrix online plug-in versions 9. Although this option is the most flexible. 11. or Citrix Receiver 13.x. Printer properties are stored either on the client device. if available.

This procedure ensures that changes made offline to printers on the local computer are used next time a user starts a session. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk. 1. Be sure to back up the registry before you edit it. Open the Registry Editor and navigate to one of the following registry locations: q For 64-bit. Create the following registry key: Name:Win32FavorRetainedPrinterSettings Data Type: REG_SZ Value Data: false q 3. Restart the Citrix Print Manager Service. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Preferences 2. use the following procedure.To synchronize properties from the printer To obtain printer properties directly from the printer itself. HKLM\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Preferences For 32-bit. rather than from the properties store. 478 .

configure the Printing > Drivers > Native printer driver auto-install policy rule. or. 479 . specify to install only drivers on the compatibility list q When users log on: q XenApp checks the client printer driver compatibility list before it sets up the client printers If a printer driver is on the list of drivers that are not allowed.Controlling Printer Driver Automatic Installation Managing printer drivers is important for a successful printing experience. If a problematic printer driver is installed automatically. it determines if their corresponding drivers are missing. it can cause issues. You can either prevent printer drivers from being installed automatically. XenApp does not set up the printer unless the Universal Printing feature is enabled When the compatibility list prevents setup of a client printer. if you want to have them installed automatically. you can specify banned printer drivers in the compatibility list If you do not know what drivers cause problems or you want tighter control over the drivers on the farm. XenApp writes a message in the server’s Event log q q To prevent drivers from being installed automatically. you can control what drivers are installed on farm servers by specifying the drivers on a compatibility list: q If you know what printer drivers cause problems. XenApp installs any missing printer drivers from the Windows native printer driver set. When XenApp autocreates printers. See the section "To add or remove drivers or edit driver names in the compatibility list" in this topic to ban specific printer drivers. By default.

open All Programs > Citrix > Administration Tools and choose XenApp Advanced Configuration. choose Properties. On the Contents tab.Controlling Printer Driver Automatic Installation To specify how client printer drivers are installed on farm servers 1. choose the policy for which you want to configure printing rules. In the policy’s Properties dialog box. Enabling this rule lets you prevent the automatic installation of printer drivers. Select the Policies node. Select one of the following Compatibility list options: q Allow only drivers in the list. 6. 2. q 480 . From the ICA toolbar. 4. select Printer Management > Compatibility. 2. model-specific printer drivers. 5. 4. Choose the required platform from the drop-down list. From the Actions menu. or both. q From the ICA toolbar. Allow all drivers except those in the list. q 3. Select Printer Management > Drivers. q To add or remove drivers or edit driver names in the compatibility list 1. open the Presentation Server Console. Use the Universal driver rule to specify whether auto-created client printers use universal printer drivers. See To control the automatic installation of printer drivers. Under Drivers. you can configure the following rules: q Use the Native printer driver auto-install rule to control whether Windows native drivers are automatically installed when auto-creating either a client or network printer. 5. expand Printing. Depending on the version of XenApp you have installed: q From the Start menu. The universal drivers can enable printing even when model-specific drivers are not available. then Drivers. open All Programs > Citrix > Administration Tools and choose XenApp Advanced Configuration. See To specify the Universal Printer driver for sessions. open the Presentation Server Console. Keeps a list of incompatible drivers that are not allowed to be used by client printers and allow all others. 3. Update the list. On the Actions menu. 6. Keeps a list of compatible drivers that client printers are allowed to use and bans all others. Depending on the version of XenApp you have installed: q From the Start menu.

3.Controlling Printer Driver Automatic Installation To control the automatic installation of printer drivers 1. Use universal driver only if requested driver is unavailable. select Enabled. 2. q q 481 . If the native driver of the printer is unavailable. 3. Choose the Printing > Drivers> Universal driver policy rule. Caution: Enabling this option may result in the installation of a large number of native drivers. Select one of the following: q Install Windows native drivers as needed (selected by default). the client printer cannot be autocreated. Select one of the following: q Use universal driver only. Choose the Native printer driver auto-install policy rule. 2. select Enabled. If the driver is not available on the server. Specifies that the client printer uses only the native drivers that are autocreated at logon. q Do not automatically install drivers. On the Native printer driver auto-install properties page. Uses native drivers for client printers if they are available. Allows XenApp to install Windows native printer drivers (those present in driver. Specifies that the client printer uses the Universal printer driver only. Requires administrators to install individual native printer drivers manually. the client printer is created automatically with the appropriate Universal driver. To specify the Universal Printer driver for sessions 1. Select this option if you do not want to use native drivers. On the Universal driver properties page.cab) automatically when auto-creating either a client or network printer. Use only printer model specific drivers.

XenApp uses the XPS Universal Printer driver. the client printer is created automatically with the appropriate model-specific printer driver. The XPS Universal printer driver can be configured as the default by configuring the Citrix policy setting Universal driver preference. If the driver is not available on the server.Configuring Universal Printer Drivers on Farm Servers If you configure a Universal printer driver for sessions. by default. Use only printer model specific drivers specifies that the client printer use only the standard model-specific drivers that are auto-created at logon. XenApp always uses the Citrix Universal (EMF) Printer driver. q q q To change the default Citrix Universal Printer driver 482 . If it is not available. If the requested driver is unavailable. Use universal printing only specifies that no standard model-specific drivers are used. when it is available. Only universal print drivers are used to create printers. which is the . If the driver is not available on the server. you must install it. To specify the Universal Printer driver for sessions Configure the Citrix policy setting Universal print driver usage by choosing one of the following: q Use universal printing only if requested driver is unavailable uses standard model-specific drivers for printer creation if they are available. Provided all prerequisites for the driver were installed when you ran XenApp Setup. Use printer model specific drivers only if universal printing is unavailable uses the universal printer driver if it is available.EMF driver Citrix XPS Universal Printer HP Color LaserJet 2800 PS (Citrix PS Universal Printer Driver) q q If you need a Universal driver that does not appear in this list. the client printer cannot be auto-created. the following drivers appear: q Citrix Universal Printer. the client printer is created automatically with the appropriate universal driver. The Citrix Universal printer drivers are listed in the Print Management MMC snap-in.

483 .Configuring Universal Printer Drivers on Farm Servers To force XenApp to use the Citrix XPS Universal Printer driver before the EMF-based Citrix Universal Printer driver. configure the Citrix policy setting Universal driver preference and move XPS to the top of the list.

Windows server printer driver names are selected that correspond to the printer model names provided by the client. If you specify a printing option that the printer driver does not support. You can use wildcards in this setting. orientation. that option has no effect.Mapping Client Printer Drivers If the servers in your farm have the same drivers as the client printers but the drivers themselves are named differently (for example. To edit printing settings for mapped client printer drivers After you have added a client printer driver to the list of mapped drivers. This setting overrides retained printer settings the user set during a previous session. For example. or mapping. “HP LaserJet 4L” versus “HP LaserJet 4”). 484 . duplex. You can set print quality. the printer driver name the client provides and substituting an equivalent driver on the server. You can use the printer driver remapping feature to substitute: q Good printer drivers for outdated or corrupted drivers Specific Windows printer drivers for manufacturer’s client printer drivers A driver that is available on Windows server for a client driver name q q Each client provides information about client-side printers during logon. scale. available printer drivers to construct redirected client print queues. specify HP* in the policy setting. copy count. including the printer model name. Mapping client printer drivers gives server applications access to client printers that have the same drivers as the server but different driver names. color. and paper size. You can resolve this issue by overriding. you can modify the printing settings for the driver. XenApp may not recognize the drivers are the same and users will have difficulty printing or printer autocreation may fail. TrueType option. During client printer autocreation. To map client printer drivers to server printer drivers Configure the Citrix policy setting Printer driver mapping and compatibility by adding the client printer driver name and selecting the server driver that you want to substitute for the client printer driver from the Find printer driver menu. to force all HP printers to use a specific driver. The autocreation process then employs the identified.

485 . select the printer driver for which you want to modify the settings. Specify the printer settings.Mapping Client Printer Drivers 1. Click Settings. On the Printer driver mapping and compatibility settings page. 3. 2.

To prevent such degradation. To configure a printing bandwidth setting in an existing policy Configure one of the options in the Citrix policy Bandwidth setting. the most restrictive setting (with the lower value) is applied. You can perform this task using gpedit. q Printer redirection bandwidth limit to specify the bandwidth available for printing in kilobits per second (kbps). Printer redirection bandwidth limit percent to limit the bandwidth available for printing to a percentage of the overall bandwidth available. There are two ways you can limit printing bandwidth in client sessions using printer settings in the Bandwidth category: q Use the Citrix policy Bandwidth printer settings in the Delivery Services Console to enable and disable the printing bandwidth session limit for the farm. Important: The printer bandwidth limit is always enforced. you make more bandwidth available in the ICA data stream for transmission of video. q You can use the Citrix Session Monitoring and Control Console (included in the WFAPI SDK) to obtain real-time information about printing bandwidth.msc locally on each server to configure the Citrix policy Bandwidth printer settings. If you enter values for both settings. other virtual channels (such as video) may experience decreased performance due to competition for bandwidth especially if users are accessing servers through slower networks or dial-up connections. By limiting the data transmission rate for printing. The print spooling virtual channel control (that is. Use individual server settings to limit printing bandwidth in the server farm.Improving Session Performance by Limiting Printing Bandwidth While printing files from published applications to client printers. even when no other channels are in use. the CTXCPM Client printer mapping virtual channel control) lets you set a priority and bandwidth limit for bandwidth control of this virtual channel. q 486 . More available bandwidth can help prevent degradation of the user experience during printing. keystrokes. and mouse data. you can limit the bandwidth used by client printing.

configure one of the options in the Citrix policy Bandwidth setting.Improving Session Performance by Limiting Printing Bandwidth Note: If you want to specify bandwidth as a percentage using the Printer redirection bandwidth limit percent setting. you must enable the Overall session bandwidth limit as well. Printer redirection bandwidth limit percent to limit the bandwidth available for printing to a percentage of the overall bandwidth available. If you enter values for both settings. q 487 . q Printer redirection bandwidth limit to specify the bandwidth available for printing in kilobits per second (kbps). Note: If you want to specify bandwidth as a percentage using the Printer redirection bandwidth limit percent setting. you must enable the Overall session bandwidth limit as well. the most restrictive setting (with the lower value) is applied. To limit printer bandwidth for a server Using the Window Group Policy Editor locally on a server.

see Overview of Client and Network Printing Pathways.   Client printers (Printers attached to the client device) Printing Pathway Client printing pathway UAC Enabled? On Location Print Management snap-in in the Microsoft Management Console Control Panel Print Management snap-in in the Microsoft Management Console Control Panel Print Server > Print Management snap-in in the Microsoft Management Console Print Server > Control Panel Control Panel Control Panel Control Panel Control Panel Off Network printers (Printers on a network print server) Client printing pathway On Off Network printers (Printers on a network print server) Network printing pathway On Off Server local printers (Shared printers locally attached to a XenApp server) Local network server printers (Printers from a network print server that are added to server running XenApp) N/A On Off Network printing pathway On Off 488 .Displaying Printers The following table summarizes where you can manage and modify print queues and display printers in a XenApp environment. For definitions of the terms client printing pathway and network printing pathway. Client printing pathway is not synonymous with printers attached to client devices.

Whenever you configure a network printing pathway and the server hosting the application does not have or cannot install the driver.Managing Printers Using the Network Printing Pathway If you want to modify or manage a user’s network print queue that a user printed to across the network printing pathway. by default. XenApp sends the print job along the client printing pathway. Print queues for network printers that use the network printing pathway are private and cannot be managed through XenApp. 489 . Dell Laser Printer 1710n Ps3 on 3r41-2 (from 3R39-2) in session 2. you must manage it through Control Panel on the print server with the correct level of Windows administrator privileges. You can tell a job sent to the network printer is redirected along the client printing pathway when you see printers appearing in the Windows Server Manager Snap-in > Print and Document Services role that has the following syntax: PrinterName on PrintServer (from clientname) in session n where: PrinterName is the name of the printer being redirected PrintServer is the name of the print server with which the printer is associated clientname is the name of the client through which the print job is being rerouted n is the session ID for that ICA connection For example.

you can. the name of the printer takes the form printername (from clientname) in session x. open Control Panel > Printers. 3. In Administrative Tools. The Print Management snap-in displays the client printers redirected from all clients connected to that server. The client printers displayed on a server fluctuate based on what sessions are active on a server because XenApp creates these printers based on the printers on the connecting client devices. clientname is the unique name given to the client device or the Web Interface. To display printers that use the client printing pathway when UAC is enabled 1. By default. On the XenApp server that is hosting the session for which you want to display the printers.” Printername is the name of the printer on the client device. 2. 490 . open the Print Management stand-alone snap-in. in the Print Management tree. On the XenApp server. for example. display and manage redirected client print queues and server local printers through Control Panel > Printers of individual servers. To display client redirected printers. install the Print Services server role. To display printers that use the client printing pathway without UAC enabled 1. The Printers screen displays the local printers mapped to the ICA session. and x is the SessionID of the user’s session on the server.Displaying Printers Using the Client Printing Pathway If UAC is not enabled. You can display and manage the print queues for these printers and select Printers With Jobs in the Print Management Tree to display active jobs on redirected printers. select Print Management > Custom Filters > All Printers. “printer01 (from machine01) in session 7. You can display client printers in Control Panel > Printers. however.

491 . ICA sessions. Change IMA ports. Run application execution shell. Change the Citrix XML Service port number. Maintain the server farm’s data store. and users. processes. Enable load balancing for servers that fail health monitoring tests. Generate farm key for IMA encryption. Configure TCP/IP port number used by the ICA protocol on the server. View information about server farms. Validate the integrity of the server farm data store. Command altaddr app auditlog change client ctxkeytool ctxxmlss dscheck dsmaint enablelb icaport imaport query Description Specify server alternate IP address.XenApp Server Utilities Reference Citrix XenApp server utilities provide an alternative method to using the console for maintaining and configuring servers and farms. Change client device mapping. Citrix XenApp server utilities must be run from a command prompt on a server running Citrix XenApp. Generate server logon/logoff reports.

/set Sets alternate TCP/IP addresses.ALTADDR Use altaddr to query and set the alternate (external) IP address for a server running Citrix XenApp. adapteraddress The local IP address to which an alternate address is assigned. Syntax altaddr [/server:servername] [/set alternateaddress] [/v] altaddr [/server:servername] [/set adapteraddress alternateaddress] [/v] altaddr [/server:servername] [/delete] [/v] altaddr [/server:servername] [/delete adapteraddress] [/v] altaddr [/?] Parameters servername The name of a server. alternateaddress The alternate IP address for a server. Options /server:servername Specifies the server on which to set an alternate address. alternateaddress is assigned only to the network adapter with that IP address. If an adapteraddress is specified. The alternate address is returned to clients that request it and is used to access a server that is behind a firewall. Defaults to the current server. 492 .

1: altaddr /set 1. If altaddr is run without any parameters.1 Security Restrictions None. /? Displays the syntax for the utility and information about the utility’s options. the alternate address for that adapter is deleted.1. Examples Set the server’s alternate address to 1.2.2.2 1.1.1.ALTADDR /delete Deletes the default alternate address on the specified server.1: altaddr /set 2. you must restart the Citrix Independent Management Architecture service for the new setting to take effect.1. it displays the information for alternate addresses configured on the current server.1.2 on the network interface card whose adapter address is 1.2.1. If an adapter address is specified. Remarks The server subsystem reads the altaddr settings for server external IP addresses at startup only.2.1. If you use altaddr to change the IP address setting. /v (verbose) Displays information about the actions being performed.1 Set the server’s alternate address to 2.1. 493 .

path executablepath Executablepath is the full path of the executable to be run. Syntax app scriptfilename Parameters scriptfilename The name of a script file containing app commands (see script commands below). See the Examples section for more information. Use App to read execution scripts that copy standardized . or to perform application-related cleanup after an application terminates.ini type files to user directories before starting an application. execute Executes the program specified by the path command using the working directory specified by the workdir command. deleteall directory\filespec Deletes all files in the directory specified.?). Filespec specifies the files to copy and can include wild cards (*. deletedirectory\filespec Deletes files owned by a user in the directory specified.?).APP App is a script interpreter for secure application execution. Script Commands copy sourcedirectory\filespec targetdirectory Copies files from sourcedirectory to targetdirectory. Filespec specifies the files to delete and can include wild cards (*. 494 . The script commands are described below.

exe. Examples The following script runs the program Notepad. targetdirectory The directory and path to which files are to be copied. The Application Execution Shell reads commands from the script file and processes them in sequential order. When the program terminates.wri.exe in directory C:\Temp. the script deletes files in the Myapps\Data directory created for the user who launched the application: PATH C:\Myapps\notepad.* The following script copies all the . Remarks If no scriptfilename is specified. executes Write.APP workdir directory Sets the default working directory to the path specified by directory Script Parameters directory A directory or directory path.?).wri files from the directory C:\Write\Files. sourcedirectory The directory and path from which files are to be copied. filespec Specifies the files to copy and can include wildcards (*. app displays an error message. and then removes all files from that directory when the program terminates: 495 . executablepath The full path of the executable to be run.exeWORKDIR C:\Myapps\DataEXECUTEDELETE C:\Myapps\Data\*. The script file must reside in the %SystemRoot%\Scripts directory.

wri C:\Temp.exeWORKDIR C:\TempEXECUTEDELETEALL C:\Temp Security Restrictions None.wri\*.exe.exeWORKDIR C:\RegutilEXECUTEPATH C:\Coolstuff\Coolapp.APP PATH C:\Wtsrv\System32\Write.* The following example demonstrates using the script file to implement a front-end registration utility before executing the application Coolapp.wriCOPY C:\Write\Files\*.exeWORKDIR C:\Temp. 496 .wriEXECUTEDELETEALL C:\Temp. You can use this method to run several applications in succession: PATH C:\Regutil\Reg.

Syntax auditlog [username | session] [/eventlog:filename] [/before:mm/dd/yy] [/after:mm/dd/yy] [[/write:filename] | [/detail | /time] [/all]] auditlog [username | session] [/eventlog:filename] [/before:mm/dd/yy] [/after:mm/dd/yy] [[/write:filename] | [/detail] | [/fail ] | [ /all]] auditlog [/clear:filename] auditlog [/?] Parameters filename The name of the eventlog output file. day. session Specifies the session ID for which to produce a logon/logoff report. To use auditlog. username Specifies a user name for which to produce a logon/logoff report. Options /eventlog:filename 497 . Use this parameter to examine the logon/logoff record for a particular session. you must first enable logon/logoff accounting. and year (in two-digit format) to limit logging. Use this parameter to examine the logon/logoff record for a particular user.AUDITLOG Auditlog generates reports of logon/logoff activity for a server based on the Windows Server security event log. mm/dd/yy The month. You can direct the auditlog output to a file.

/fail Generates a report of all failed logon attempts. displaying logon/logoff times and total time logged on. such as a spreadsheet. /after:mm/dd/yy Reports on logon/logoff activity only after mm/dd/yy. /clear:filename Saves the current event log in filename and clears the Event log. /? Displays the syntax for the utility and information about the utility’s options. /all Generates a report of all logon/logoff activity. You can back up the current log from the Event Log Viewer by using auditlog /clear: filename.AUDITLOG Specifies the name of a backup event log to use as input to auditlog. If filename exists. You must enable logon/logoff accounting on the local server to collect the information used by auditlog. to produce custom reports or statistics. The information can be extracted as reports or as comma-delimited files that can be used as input to other programs. To enable logon/logoff accounting. displaying logon/logoff times and total time logged on. log on as a local administrator and enable 498 . Remarks Auditlog provides logs you can use to verify system security and correct usage. /detail Generates a detailed report of logon/logoff activity. /write:filename Specifies the name of an output file. Creates a comma-delimited file that can be imported into an application. This command does not work if filename already exists. Useful for gathering usage statistics by user. the data is appended to the file. /time Generates a report of logon/logoff activity for each user. It generates a report of logon/logoff activity for each user. /before:mm/dd/yy Reports on logon/logoff activity only before mm/dd/yy.

Security Restrictions To run auditlog. you must have Windows administrator privileges. 499 .AUDITLOG logon/logoff accounting with the Audit Policy in Microsoft Windows.

and LPT port mapping settings for a client device. /flush Flushes the client drive mapping cache. 500 . Options /view Displays a list of all available client devices. Syntax change client [/view | /flush | /current] change client [{/default | [/default_drives] | [/default_printers]} [/ascending]] [/noremap] [/persistent] [/force_prt_todef] change client [{/default | [/default_drives] | [/default_printers]} [/ascending]] [/noremap] [/persistent] [/force_prt_todef] change client [/delete host_device] [host_device client_device] [/?] Parameters host_device The name of a device on the host server to be mapped to a client device.CHANGE CLIENT Change client changes the current disk drive. client_device The name of a device on the client to be mapped to host_device. COM port. /current Displays the current client device mappings. This action forces the server and the client to resynchronize all disk data.

/default_drives. /default_drives Resets host drive mappings to defaults. This option can be used only with /default. Use change client host_device client_device to create a client drive mapping. /ascending Uses ascending. /default_printers Resets host printer mappings to defaults. The /view option displays the share name.CHANGE CLIENT /default Resets host drive and printer mappings to defaults. instead of descending. it is equivalent to typing change client /current. client drives that conflict with server drives are not mapped. for example. Sample output for change client /view follows: C:>change client /viewAvailable Shares on client connection ICA-tcp#7 501 . /force_prt_todef Sets the default printer for the client session to the default printer on the client’s Windows desktop. /persistent Saves the current client drive mappings in the client device user’s profile. search order for available drives and printers to map. change client v: c: maps client drive C to drive V on the server. /noremap If /noremap is specified. /delete host_device Deletes the client device mapping to host_device. the share type. This maps the client_device drive letter to the letter specified by host_device. and a comment describing the mapped device. or /default_printer. /? (help) Displays the syntax for the utility and information about the utility’s options. Remarks Typing change client with no parameters displays the current client device mappings.

/default_printers attempts a one-to-one mapping of all client printers. the client drives C and D are mapped to V and U respectively. If the corresponding drive letter is in use on the server. The cache time-out for diskettes is set to five seconds because diskette data is usually more volatile. Drives A and B are always mapped to drives A and B on the server. For example. for example. The /default_printers option resets printer mappings to defaults. the client’s LPT1 and LPT2 ports are mapped to the server’s LPT1 and LPT2 ports. if the first two available drive letters on the server are I and J. but the client’s drive D is not mapped. if both computers have drives C and D. For example. Flushing the cache forces the data on the server to be synchronized with the client data. The /persistent option causes the current device mappings to be saved in the user’s profile. the default action is to map the drive to the highest unused drive letter. 502 . Drive conflicts can occur if the /persistent option is in use and the user logs on from a client device that has a different disk drive configuration. the client’s drive C is mapped to D on the server. These default mappings can be modified by the /ascending and /noremap options. client drives A and B are mapped to server drives A and B. if the server has a drive C but no drive D . for example. drives C and D in the preceding example are mapped to I and J respectively. the mapping is done in ascending order. The /default_drives option resets host drive mappings to defaults.CHANGE CLIENT Sharename \\Client\A$ \\Client\C$ \\Client\D$ \\Client\LPT1: Type Disk Disk Disk Printer Comment Floppy FixedDrive CdRom Parallel Printer \\Client\COM1: Printer Serial Printer The /flush option flushes the client drive cache. This cache is used to speed access to client disk drives by retaining a local copy of the data on the server running Citrix XenApp. the client drives C and D are mapped to V and U respectively. the default action is to map the drive to the highest unused drive letter. If the /ascending option is specified. If the client device is using a multitasking operating system and files are created or modified. If the corresponding drive letter is in use on the server. For example. if both computers have drives C and D. the mapping is done in ascending order. For example. the server does not know about the changes. The /ascending option causes the mapping to occur in ascending drive letter order. The /noremap option causes the mapping to skip drive letters occupied on the server. If the /ascending option is specified. the diskette can be removed and another diskette inserted. Hard drives are mapped to their corresponding drive letters if those drive letters are available on the server. The time-out for hard drive cache entries is 60 seconds and the time-out for diskette data is two seconds. Hard drives are mapped to their corresponding drive letters if those drive letters are available on the server. that is. The /default option maps the drives and printers on the client device to mapped drives and printers on the server running Citrix XenApp. /default_drives attempts a one-to-one mapping of all client drives. or logs on to a server that has a different disk drive configuration.

CHANGE CLIENT The /force_prt_todef option sets the default printer for the ICA session to the default printer on the client’s Windows desktop. 503 . Security Restrictions None.

query 504 . enable. Syntax ctxkeytool [generate | load | newkey | backup] filepath ctxkeytool [enable | disable | query] Options generate Generates a new key and saves it to the filepath. disable. This command alone is not sufficient to enable IMA encryption. replace.CTXKEYTOOL Use ctxkeytool to enable and disable the IMA encryption feature and generate. load. enable Enables the IMA encryption feature for the farm. or back up farm key files. disable Disables the IMA encryption feature for the farm. backup Backs up the existing farm key to a file. load Can be used to load: q A new key onto a server with no preexisting key The correct key onto a server that has an existing key q A new key onto a computer and the farm newkey q Creates a new encryption key in the data store using the local farm key.

the feature is enabled for the entire farm. 505 . Security Restrictions You must be a Citrix administrator with local administrator privileges to run ctxkeytool. you just need to load the key. After using the disable option to disable the IMA encryption feature. you must reenter the configuration logging database password. you can get a duplicate key file by running the backup option on another server in the same farm that still has its key. use load to load it to the server on which it was lost. If you want to activate the IMA encryption feature again. On each subsequent server in the farm. After you activate the IMA encryption feature on one server. and newkey. run enable on any server in the farm. use the following sequence of options: generate. load. This command recreates the key file. After recreating the key file. If you lose the key file for a server.CTXKEYTOOL Can be used to check: q For a key on the local computer To see if IMA encryption is enabled for the farm If your key matches the farm key q q Remarks The first time you generate a key for the first server on the farm on which you are enabling IMA encryption.

CTXXMLSS Use ctxxmlss to change the Citrix XML Service port number. /b:l Binds the service to localhost only. /u Unloads Citrix XML Service from memory. The default is nine seconds. Syntax ctxxmlss [/rnnn] [/u] [/knnn] [/b:a] [/b:l] [/?] Options /rnnn Changes the port number for the Citrix XML Service to nnn. /knnn Keeps the connection alive for nnn seconds. 506 . Security Restrictions None. This is the default setting. /b:a Binds the service to all network interfaces. /? Displays the syntax for the utility and information about the utility’s options.

see System Requirements. 507 .CTXXMLSS Remarks For more information.

DSCHECK Use dscheck to validate the consistency of the database used to host the server farm’s data store. You can also write the output produced by dscheck to a file. 32-bit Edition. only these tests are run. or HKLM\SOFTWARE\Citrix\IMA\RUNTIME on XenApp. dscheck is often used after running dsmaint. When you run dscheck with the /clean option. you may need to run the dsmaint command with the recreatelhc parameter on each server in the farm to update the local host caches. /? Displays the syntax for the utility and information about the utility’s options. Because removing this data can affect the farm’s operation. Syntax dscheck [/clean] [/?] Options /clean Attempts to fix any consistency error that is found. be sure to back up the data store before using the /clean option. Dscheck reports the results of the tests in several ways. Remarks Dscheck performs a variety of tests to validate the integrity of a server farm’s data store. it sends any errors found as well as a summary to the Event log and to the command window. the utility runs tests and removes inconsistent data (typically servers and applications) from the data store. Run dscheck on a server in the farm that has a direct connection to the data store. You can then repair any inconsistencies found. When you run the utility with the /clean option. Running this command sets the PSRequired registry value to 1 in HKLM\SOFTWARE\Wow6432Node\Citrix\IMA\RUNTIME. When run without parameters. 508 . First.

a count of group errors. Dscheck looks primarily at three data store objects: servers. For each of these object types. and groups. For example. and an overall flag indicating that errors were detected. for each server object in the data store. dscheck returns an error code of zero for a successful scan (no errors are found) and an error code of one if any problems are encountered. dscheck verifies that there is a corresponding common server object and then further verifies that both objects have matching host IDs and host names. applications. These values include a count of server errors. dscheck performs a series of tests on each object instance. several performance monitor values are updated under the performance object for Citrix XenApp. Examples To run consistency checks only: dscheck To check consistency and fix errors: dscheck /clean 509 . Third.DSCHECK Second. a count of application errors.

dsn1 The name of the DSN file for the source data store. user names and passwords may be case-sensitive. When using this command. Not all dsmaint commands apply to all database types. migrating the data store to a new server. dsn2 510 . and compacting the XenApp data store or the Streaming Offline database. depending on the database and the operating system you are using. including backing up the data store. Do not use the same path as the original database. Syntax dsmaint config [/rade] [/user:username] [/pwd:password] [/dsn:filename] dsmaint backup destination_path dsmaint compactdb [/lhc] dsmaint migrate [{/srcdsn:dsn1 /srcuser:user1 /srcpwd:pwd1}] [{/dstdsn:dsn2 /dstuser:user2 /dstpwd:pwd2}] dsmaint publishsqlds {/user:username /pwd:password} dsmaint recover dsmaint recreatelhc dsmaint recreaterade dsmaint verifylhc [/autorepair] dsmaint [/?] Parameters destination_path Path for the backup data store.DSMAINT Run dsmaint on farm servers to perform XenApp data store maintenance tasks.

Caution: Specify a /dsn for dsmaint config or you will change the security context for access to the SQL Server or Oracle database. username The name of the user to use when connecting to the data store. 511 . password The password to connect to the data store. pwd2 The destination data store password.DSMAINT The name of the DSN file for the destination data store. /user:username The user name to connect to a data store. filename The name of the data store.dsn" Stop the Citrix Independent Management Architecture service before using config with the /pwd option. dsmaint config /user:ABCnetwork\administrator /pwd:Passw0rd101 /dsn:"C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20. /rade Compacts the offline data store. Options config Changes configuration parameters used to connect to the data store. For example. user1 The source data store user logon. Enter the full path to the DSN file in quotation marks. pwd1 The source data store password. user2 The destination data store user logon.

The compacting time can vary from a few seconds to a few minutes. Caution: When running dsmaint backup. rename a data store in the event of a server name change. Do not use this parameter to back up SQL Server or Oracle data stores. To migrate the data store to a new server: 1.DSMAINT /pwd:password The password to connect to a data store. migrate from SQL Server Express to SQL Server). 4. /dsn:filename The filename of an IMA data store. During database compaction. or migrate the data store to a different type of database (for example. Run this command on any XenApp server that has a connection to the data store. /srcuser:user1 The user name to use to connect to the data store from which the data is migrating. backup Creates a backup copy of the SQL Server Express database that is the farm’s data store. Run dsmaint migrate on any server with a connection to the data store. the database is temporarily unavailable for both reading and writing. 3. Run dsmaint /lhc after your farm has been running for a long period of time as a maintenance task. compactdb Compacts the local database file. depending on the size of the database and the usage. Run this command on the server that hosts the data store. Prepare the new database server using the steps you did before running XenApp Setup for the first time. 2. Use this command to move a data store to another server. 512 . Create a DSN file for this new database server on the server where you will be running dsmaint migrate. specifying the same path as the existing data store can damage it irreparably. /srcdsn:dsn1 The name of the data store from which to migrate data. Run dsmaint config on each server in the farm to point it to the new database. Requires a path or share point to which the backup database file will be copied. /lhc Compacts the local host cache on the server where this parameter is run. migrate Migrates data from one data store database to another.

/? Displays the syntax and options for the utility. The publication is named MFXPDS. Run as a troubleshooting step if the Citrix Independent Management Architecture service stops running and the local host cache is not corrupted. restart the IMA Service. 513 . After running dsmaint recreatelhc. recover Restores a SQL Server Express data store to its last known good state. Run if prompted after running dsmaint verifylhc. publishsqlds Publishes a SQL Server data store for replication.DSMAINT /srcpwd:pwd1 The password to use to connect to the data store from which the data is migrating. recreaterade Recreates the application streaming offline database. you can use dsmaint recreatelhc to recreate the local host cache. the local host cache is automatically recreated if it is found to be corrupted. /dstpwd:pwd2 The password that allows you to connect to the data store to which you are migrating the source data store. you are prompted with the option to recreate it. If the local host cache is corrupt. When the IMA Service starts. Run this directly on the server while the Citrix Independent Management Architecture service is not running. Alternatively. verifylhc Verifies the integrity of the local host cache. With the verifylhc /autorepair option. /dstuser:user2 The user name that allows you to connect to the data store to which you are migrating the source data store. the local host cache is populated with fresh data from the data store. Run publishsqlds only from the server that created the farm. /dstdsn:dsn2 The name of the data store to which to migrate the data. recreatelhc Recreates the local host cache database.

Security Restrictions The dsmaint config and dsmaint migrate commands can be run only by a user with the correct user name and password for the database. Citrix recommends running dscheck to check the integrity of the data on the XenApp data store.DSMAINT Remarks After using dsmaint. 514 .

Security Restrictions To use this utility you must be a Citrix administrator with edit privileges for Other Farm Settings and Other Server Settings for the server you want to restore to load balancing. Syntax enablelb servername [servername servername …] Parameters servername The name of the computer running Citrix XenApp. use enablelb to restore them to the load balance tables.ENABLELB If one or more servers is removed from load balancing because they failed a Health Monitoring test. 515 .

/port:nnn Changes the TCP/IP port number to nnn. /? Displays the syntax for the utility and information about the utility’s options. If you change the port number. which is the default. see the Receiver or plug-in documentation. For instructions for changing the port number on receivers or plug-ins. The port number must be in the range of 0–65535 and must not conflict with other well-known port numbers. restart the server for the new value to take effect.ICAPORT Use icaport to query or change the TCP/IP port number used by the ICA protocol on the server. Remarks The default port number is 1494. /reset Resets the TCP/IP port number to 1494. you must also change it on every Receiver or plug-in that will connect to that server. Syntax icaport {/query | /port:nnn | /reset} [/?] Options /query Queries the current setting. If you change the port number on the server. Examples To set the TCP/IP port number to 5000 516 .

517 .ICAPORT icaport /port:5000 To reset the port number to 1494 icaport /reset Security Restrictions Only Citrix administrators with Windows administrator privileges can run icaport.

all Resets all of the applicable ports to the defaults. /set Sets the designated TCP/IP port to a specified port number. /reset Resets the specified TCP/IP port to the default. ds:nnn Sets the data store server port to a specified port number. /? Displays the syntax for the utility and information about the utility’s options. ima Resets the IMA communication port to 2512. 518 . Syntax imaport {/query | /set {IMA:nnn | ds:nnn}* | /reset {IMA | DS | ALL} } [/?] Options /query Queries the current setting. ds Resets the data store server port to 2512.IMAPORT Use imaport to query or change the IMA port. ima:nnn Sets the IMA communication port to a specified port number.

IMAPORT 519 .

Syntax query farm [server [/addr | /app | /app appname | /load | /ltload]] query farm [ /tcp ] [ /continue ] query farm [ /app | /app appname | /disc | /load | /ltload | /lboff | /process] query farm [/online | /online zonename] query farm [/offline | /offline zonename] query farm [/zone | /zone zonename] query farm [/?] Parameters appname The name of a published application. zonename The name of a zone within the farm. server /addr 520 . Options farm Displays information about servers within an IMA-based server farm.QUERY FARM Use query to display information about server farms within the network. server The name of a server within the farm. You can use qfarm as a shortened form of query farm.

/tcp Displays TCP/IP data for the farm. /lboff Displays the names of the servers removed from load balancing by Health Monitoring & Recovery. The data collectors are represented by the notation “D. The data collectors are represented by the notation “D. /app appname Displays information for the specified application and server load information for all servers within the farm or for a specific server.” /offline Displays servers offline within the farm and all zones. /load Displays server load information for all servers within the farm or for a specific server. /online Displays servers online within the farm and all zones.QUERY FARM Displays address data for the specified server. /disc Displays disconnected session data for the farm.” 521 . /ltload Displays server load throttling information for all servers within the farm or for a specific server. The data collectors are represented by the notation “D. /continue Do not pause after each page of output.” /online zonename Displays servers online within a specified zone. /app Displays application names and server load information for all servers within the farm or for a specific server. /process Displays active processes for the farm.

QUERY FARM /offline zonename Displays servers offline within a specified zone. /? Displays the syntax for the utility and information about the utility’s options. /zone zonename Displays the data collector within a specified zone. 522 . Remarks Query farm returns information for IMA-based servers within a server farm.” /zone Displays all data collectors in all zones. Security Restrictions You must be a Citrix administrator to run query farm . The data collectors are represented by the notation “D.

or four-digit ID number of a process running within the farm. username The name of a user connected to the farm. Options process Displays information about processes running on the current server. servername The name of a server within the farm. programname The name of a program within a farm. 523 . sessionname The name of a session. Syntax query process [ * | processid | username | sessionname | /id:nn | programname ] [ /server:servername ] [ /system ] query process [/?] Parameters * Displays all visible processes. processid The three.QUERY PROCESS Use query to display information about processes within the network. such as ica-tcp#7.

process /system Displays information about system processes running on the current server.QUERY PROCESS process * Displays all visible processes on the current server. /? Displays the syntax for the utility and information about the utility’s options. process /id:nn Displays information about processes running on the current server by the specified ID number. the information returned is for the current server. process /server:servername Displays information about processes running on the specified server. process sessionname Displays processes running under the specified session name. process username Displays processes belonging to the specified user. Security Restrictions None. process programname Displays process information associated with the specified program name. process processid Displays processes for the specified processid. If no server is specified. 524 .

sessionid The two-digit ID number of a session. sessionname The name of a session. Options session sessionname Identifies the specified session. session username Identifies the session associated with the user name. Syntax query session [sessionname | username | sessionid] query session [/server:servername] [/mode] [/flow] [/connect] [/counter] query session [/?] Parameters servername The name of a server within the farm. username The name of a user connected to the farm. session sessionid 525 . such as “ica-tcp#7”.QUERY SESSION Use query to display information about sessions within the network.

session /server: servername Identifies the sessions on the specified server. 526 . session /connect Displays the current connection settings.QUERY SESSION Identifies the session associated with the session ID number. session /mode Displays the current line settings. /? Displays the syntax for the utility and information about the utility’s options. session /counter Displays the current Remote Desktop Services counter information. session /flow Displays the current flow control settings. Security Restrictions None.

QUERY TERMSERVER Use query to display information about terminal servers within the network. Syntax query termserver [servername] [/domain:domain] [/address] [/continue] query termserver [/?] Parameters servername The name of a server within the farm. domain The name of a domain to query. /? Displays the syntax for the utility and information about the utility’s options. 527 . Options termserver servername Identifies a Terminal Server. /domain: domain Displays information for the specified domain. /address Displays network and node addresses. /continue Do not pause after each page of output. Defaults to the current domain if no domain is specified.

Security Restrictions None.QUERY TERMSERVER Remarks If no parameters are specified. 528 . query termserver lists all Terminal Servers within the current domain.

such as “ica-tcp#7”. sessionid The ID number of a session. user sessionname Displays connection information for the specified session name.QUERY USER Use query to display information about users within the network. username The name of a user connected to the farm. user sessionid Displays connection information for the specified session ID. sessionname The name of a session. 529 . Syntax query user [ username | sessionname | sessionid ] [ /server:servername ] query user [/?] Parameters servername The name of a server within the farm. Options user username Displays connection information for the specified user name.

The current server is queried by default. You can use quser as a shortened form of the query user command.QUERY USER user /server: servername Defines the server to be queried. Remarks If no parameters are specified. /? Displays the syntax for the utility and information about the utility’s options. query user displays all user sessions on the current server. 530 . Security Restrictions None.

Use performance monitoring to obtain system performance data and the effects of configuration changes on system throughput. which is part of Windows operating systems. you can add and then view the following categories of XenApp-related counters. and security are installed with XenApp. You can access these counters from the Performance Monitor. networking. Using the standard Windows procedure.Performance Counters Reference Performance monitoring counters that directly relate to the performance of sessions. called performance objects in Performance Monitor: q Citrix CPU Utilization Mgmt User Citrix IMA Networking Citrix Licensing Citrix MetaFrame Presentation Server ICA Session Secure Ticket Authority q q q q q 531 .

The percentage of CPU resource consumed by a user at a given time. The proportion of CPU resource assigned to a user. The percentage of CPU resource consumed by a user. 532 . Counter CPU Entitlement CPU Reservation CPU Shares CPU Usage Long-term CPU Usage Description The percentage of CPU resource that Citrix CPU Utilization Management makes available to a user at a given time. averaged over a longer period than the CPU Usage counter. The percentage of total computer CPU resource reserved for a user. averaged over a few seconds. should that user require it.Citrix CPU Utilization Mgmt User Counters The following counters are available through the Citrix CPU Utilization Mgmt User performance object in Performance Monitor.

The number of active IMA network connections to other IMA servers. Counter Bytes Received/sec Bytes Sent/sec Network Connections Description The inbound bytes per second. 533 .Citrix IMA Networking Counters The following counters are available through the Citrix IMA Networking performance object in Performance Monitor. The outbound bytes per second.

534 . The maximum license check-in response time in milliseconds. The number of minutes that the XenApp server has been disconnected from the License Server. The average license check-out response time in milliseconds. The last recorded license check-in response time in milliseconds.Citrix Licensing Counters The following counters are available through the Citrix Licensing performance object in Performance Monitor. The last recorded license check-out response time in milliseconds. The maximum license check-out response time in milliseconds. Counter Average License Check-In Response Time (ms) Average License Check-Out Response Time (ms) Last Recorded License Check-In Response Time (ms) Last Recorded License Check-Out Response Time (ms) License Server Connection Failure Maximum License Check-In Response Time Maximum License Check-Out Response Time Description The average license check-in response time in milliseconds.

The number of minutes that the XenApp server has been disconnected from the data store. The number of bytes of dynamic store data written per second. The number of resolutions completed per second. The number of application resolutions failed per second. Bytes Sent DynamicStore Query Count DynamicStore Query Request.Citrix MetaFrame Presentation Server Counters The following counters are available through the Citrix MetaFrame Presentation Server performance object in Performance Monitor. The number of times data was read from the data store. Bytes Sent DynamicStore reads/sec Description The number of application enumerations per second. The number of bytes of data sent in response to dynamic store queries. The time in milliseconds that a resolution took to complete. Counter Application Enumeration/sec Application Resolution Time (ms) Application Resolutions Failed/sec Application Resolutions/sec DataStore Connection Failure DataStore bytes read DataStore bytes read/sec DataStore bytes written/sec DataStore reads DataStore reads/sec DataStore writes/sec DynamicStore bytes read/sec DynamicStore bytes written/sec DynamicStore Gateway Update Count DynamicStore Gateway Update. The number of bytes of data store data read per second. The number of bytes of dynamic store data read per second. 535 . The number of times data was read from the data store per second. The number of bytes of data received in dynamic store query request packets. Bytes Received DynamicStore Query Response. The number of dynamic store queries that were performed. The number of bytes of data store data written per second. The number of dynamic store update packets sent to remote data collectors. The number of bytes of data sent across gateways to remote data collectors. The number of bytes read from the data store. The number of times data was written to the data store per second. The number of times data was read from the dynamic store per second.

The number of resolution work items that are ready to be executed. The number of times data was written to the IMA local host cache per second. This value starts at zero each time the IMA Service starts and is incremented each time a zone election takes place. The number of times data was read from the IMA local host cache per second. The number of times the server won a zone election. The number of resolution work items that are currently being executed. The number of times data was written to the dynamic store per second. Zone Elections Won 536 . The number of update packets received by the dynamic store. The number of bytes of IMA local host cache data written per second. The number of bytes of IMA local host cache data read per second. The number of zone elections that occurred.Citrix MetaFrame Presentation Server Counters DynamicStore Update Bytes Received DynamicStore Update Packets Received DynamicStore Update Response Bytes Sent DynamicStore writes/sec Filtered Application Enumerations/sec LocalHostCache bytes read/sec LocalHostCache bytes written/sec LocalHostCache reads/sec LocalHostCache writes/sec Maximum number of XML threads Number of busy XML threads Number of XML threads Resolution WorkItem Queue Executing Count Resolution WorkItem Queue Ready Count WorkItem Queue Executing Count WorkItem Queue Pending Count WorkItem Queue Ready Count Zone Elections The number of bytes of data received in dynamic store update packets. The number of filtered application enumerations per second. The maximum number of threads allocated to service Web-based sessions since the server restarted. The number of bytes of data sent in response to dynamic store update packets. The number of busy threads. The number of threads allocated to service Web-based sessions. The number of work items that are not yet ready to be executed. The number of work items that are ready to be executed. The number of work items that are currently being executed.

used when initiating font changes within a SpeedScreen-enabled ICA session. Counter Input Audio Bandwidth Input Clipboard Bandwidth Description The bandwidth. measured in bps. used when sending data to the client COM port. measured in bps. The bandwidth. no data for this counter is available. as this negotiation takes place before logon. used when executing LongCommandLine parameters of a published application. used when performing clipboard operations such as cut-and-paste between the ICA session and the local window. used when playing sound in an ICA session. measured in bps. The bandwidth. measured in bps. used when performing file operations between the client and server drives during an ICA session. measured in bps. The bandwidth. This is measured in bps. used when routing a print job through an ICA session that does not support a spooler to a client printer attached to the client COM 2 port. measured in bps. The bandwidth on the virtual channel that prints to a client printer attached to the client LPT 1 port through an ICA session that does not support a spooler. The bandwidth. The bandwidth on the virtual channel that prints to a client printer attached to the client LPT 2 port through an ICA session that does not support a spooler. measured in bps. measured in bps. used when routing a print job through an ICA session that does not support a spooler to a client printer attached to the client COM 1 port. Input COM 1 Bandwidth Input COM 2 Bandwidth Input COM Bandwidth Input Control Channel Bandwidth Input Drive Bandwidth Input Font Data Bandwidth Input HDX Mediastream for Flash Data Bandwidth Input Licensing Bandwidth Input LPT 1 Bandwidth Input LPT 2 Bandwidth 537 . used when streaming Flash data in an HDX-enabled session. measured in bps. Often. The bandwidth. The bandwidth.ICA Session Counters The following counters are available through the ICA Session performance object in Performance Monitor. The bandwidth. used to negotiate licensing during the session establishment phase. The bandwidth. measured in bps. The bandwidth. This is measured in bps.

The bandwidth. measured in bps. measured in bps. used from client to server for a session.Session Deviation Output Audio Bandwidth Output Clipboard Bandwidth Output COM 1 Bandwidth Output COM 2 Bandwidth Output COM Bandwidth Output Control Channel Bandwidth Output Drive Bandwidth Output Font Data Bandwidth 538 . used for published applications that are not embedded in a session window. measured in bps. used when initiating font changes within a SpeedScreen-enabled ICA session. The line speed. measured in bps. used from client to server for a session. used from client to server for data channel traffic. The bandwidth. The bandwidth. used when routing a print job through an ICA session that does not support a spooler to a client printer attached to the client COM 1 port. measured in bps. The bandwidth. measured in bps. The bandwidth. used when executing LongCommandLine parameters of a published application. used when printing to a client printer through a client that has print spooler support enabled. used when performing file operations between the client and server drives during an ICA session. measured in bps.Session Average Latency . Input Seamless Bandwidth Input Session Bandwidth Input Session Compression Input Session Line Speed Input SpeedScreen Data Channel Bandwidth Input Text Echo Bandwidth Input ThinWire Bandwidth Latency . measured in bps. The compression ratio used from client to server for a session. The bandwidth. The bandwidth. The bandwidth. measured in bps. The bandwidth. measured in bps. measured in bps.Last Recorded Latency . used when receiving data from the client COM port.ICA Session Counters Input Printer Bandwidth The bandwidth. The last recorded latency measurement for the session. used when routing a print job through an ICA session that does not support a spooler to a client printer attached to the client COM 2 port. The bandwidth. measured in bps. The bandwidth. used for playing sound in an ICA session. used from client to server for ThinWire traffic. used for clipboard operations such as cut-and-paste between the ICA session and the local window. The difference between the minimum and maximum measured latency values for a session. measured in bps. measured in bps. used for text echoing. The average client latency over the lifetime of a session. The bandwidth. measured in bps. The bandwidth.

The bandwidth. measured in bps. measured in bps. measured in bps. used from server to client for a session. measured in bps. used when streaming Flash data in an HDX-enabled session. used when routing a print job through an ICA session that does not support a spooler to a client printer attached to the client LPT 1 port. The total number of shares used by the session. used when printing to a client printer through a client that has print spooler support enabled. used when routing a print job through an ICA session that does not support a spooler to a client printer attached to the client LPT 2 port. The bandwidth. used from server to client for ThinWire traffic. no data for this counter is available. The compression ratio used from server to client for a session. measured in bps.ICA Session Counters Output Licensing Bandwidth The bandwidth. used when performing management functions. The bandwidth. used for published applications that are not embedded in a session window. used to negotiate licensing during the session establishment phase. measured in bps. measured in bps. The bandwidth. The bandwidth. Output HDX Mediastream for Flash Data Bandwidth Output LPT 1 Bandwidth Output LPT 2 Bandwidth Output Management Bandwidth Output Printer Bandwidth Output Seamless Bandwidth Output Session Bandwidth Output Session Compression Output Session Line Speed Output SpeedScreen Data Channel Bandwidth Output Text Echo Bandwidth Output ThinWire Bandwidth Resource Shares 539 . The bandwidth. The bandwidth. used from server to client for a session. The bandwidth. used for text echoing. measured in bps. used from server to client for data channel traffic. measured in bps. as this negotiation takes place before logon. measured in bps. The bandwidth. Often. The line speed. The bandwidth. measured in bps. measured in bps.

The maximum rate of refresh requests per second during the lifetime of the STA. The maximum rate of data requests per second during the lifetime of the STA. Performance Counter STA Bad Data Request Count STA Bad Refresh Request Count STA Bad Ticket Request Count STA Count of Active Tickets STA Good Data Request Count Description The total number of unsuccessful ticket validation and data retrieval requests during the lifetime of the STA. Total count of active tickets currently held in the STA. The total number of ticket time-outs that occur during the lifetime of the STA. The total number of successful ticket generation requests received during the lifetime of the STA. STA Good Refresh Request Count STA Good Ticket Request Count STA Peak All Request Rate STA Peak Data Request Rate STA Peak Ticket Refresh Rate STA Peak Ticket Request Rate STA Ticket Timeout Count 540 . The total number of unsuccessful ticket refresh requests received during the lifetime of the STA. The total number of successful ticket validation and data retrieval requests received during the lifetime of the STA. The total number of unsuccessful ticket generation requests received during the lifetime of the STA. The maximum rate of ticket generation requests per second during the lifetime of the STA. The total number of successful ticket refresh requests received during the lifetime of the STA. The maximum rate of all monitored activities per second.Secure Ticket Authority Counters The following performance counters are available for the Secure Ticket Authority (STA).

For more information about using PowerShell scripts to manage Citrix policies.com).Policy Settings Reference Policies contain settings that are applied when the policy is enforced. Although you can continue to use your existing scripts. be aware that the names and locations of some policy settings have changed in this version of XenApp. You configure these settings using the AppCenter or the Group Policy Management Editor. if applicable. 541 . if applicable q q q Important: If you use Windows PowerShell scripts to manage Citrix policies. The descriptions for each policy setting include the following information: q The name of the policy setting The Citrix products to which the policy setting applies The additional settings. refer to the XenApp PowerShell SDK available from the Citrix Developer Network Web site (http://community.citrix. depending on whether or not you use Active Directory in your XenApp environment. required to enable a particular feature Other settings that are similar to the policy setting in question. you should verify the scripts reference the correct setting names and paths for this version of XenApp and update these references as appropriate.

Find the task you want to perform in the left column.Policy Settings: Quick Reference Table The following tables present settings you can configure within a policy. then locate its corresponding setting in the right column. Audio To perform this task: Control whether or not to allow the use of multiple audio devices Control whether or not to allow audio input from microphones on the user device Control audio quality on the user device Control audio mapping to speakers on the user device Use this policy setting: Audio Plug N Play Client microphone redirection Audio quality Client audio redirection Bandwidth for User Devices To limit bandwidth used for: Client audio mapping q Use this policy setting: Audio redirection bandwidth limit. or COM port redirection bandwidth limit percent q Cut-and-paste using local clipboard q q Devices connected to a local COM port q q 542 . or Audio redirection bandwidth limit percent Clipboard redirection bandwidth limit. or Clipboard redirection bandwidth limit percent COM port redirection bandwidth limit.

or TWAIN device redirection bandwidth limit percent Client USB device redirection bandwidth limit.Policy Settings: Quick Reference Table Access in a session to local client drives q File redirection bandwidth limit. or File redirection bandwidth limit percent HDX MediaStream Multimedia Acceleration bandwidth limit. or Client USB device redirection bandwidth limit percent q TWAIN devices (such as a camera or scanner) q q USB devices q q Redirection of Client Drives and User Devices To perform this task: Control whether or not drives on the user device are connected when users log on to the server Control cut-and-paste data transfer between the server and the local clipboard Control how drives map from the user device Use this policy setting: Auto connect client drives Client clipboard redirection Client drive redirection 543 . or Printer redirection bandwidth limit percent TWAIN device redirection bandwidth limit. or HDX MediaStream Multimedia Acceleration bandwidth limit percent LPT port redirection bandwidth limit. or LPT port redirection bandwidth limit percent q HDX MediaStream Multimedia Acceleration q q Printers connected to the client LPT port q q Client session Printing Overall session bandwidth limit q Printer redirection bandwidth limit.

and Client drive redirection Client floppy drives. and Client drive redirection Client optical drives. and Client drive redirection Client TWAIN device redirection TWAIN compression level Client USB device redirection. such as a camera or a point-of-sale device. and Client drive redirection Client network drives. such as scanners and cameras. or Blu-ray drives are available in a session q q Control whether or not users' local removable drives are available in a session q q Control whether or not users' TWAIN devices. are available in a session Improve the speed of writing and copying files to a client disk over a WAN Client USB Plug and Play device redirection Use asynchronous writes Content Redirection To perform this task: Control whether or not to use content redirection from the server to the user device Use this policy setting: Host to client redirection 544 . and Client USB device redirection rules q Control whether or not users' local floppy drives are available in a session q q Control whether or not users' network drives are available in a session q q Control whether or not users' local CD. DVD.Policy Settings: Quick Reference Table Control whether or not user devices attached to local COM ports are available in a session Control whether or not client printers attached to local LPT ports are available in a session Control whether or not users' local hard drives are available in a session Client COM port redirection Client LPT port redirection q Client fixed drives. and Client drive redirection Client removable drives. are available in a session and control compression of image data transfers Control whether or not USB devices are available in a session q q q q Control whether or not Plug-and-Play USB devices.

and Extra Color Compression Threshold Flash acceleration (legacy features with Citrix Online plug-in 12.1) Flash default behavior (second generation features with Citrix Receiver) q Control compression of images for use in sessions of limited bandwidth q q q q Control image display optimization based on whether or not users reach a specified bandwidth threshold Control whether or not Flash content is rendered in sessions q q q q Control whether or not to allow the use of legacy Flash acceleration for older versions of Citrix Receiver (fomerly Citrix Online plug-in) Control whether or not Web sites can display Flash content when accessed in sessions Flash backwards compatibility q Flash server-side content fetching URL list Flash URL compatibility list q Enable color matching of Flash instances and the Web pages on which they appear within a session Control whether some Flash content is rendered automatically on the server when client-side rendering is either unnecessary or resource-intensive Flash background color list Flash intelligent fallback 545 .Policy Settings: Quick Reference Table Graphics & Multimedia To perform this task: Control the amount of memory allocated for displaying graphics in a session Control how a user's display degrades in response to memory limits and whether or not to notify the user Use this policy setting: Display memory limit q Display mode degrade preference Notify user when display mode is degraded Lossy compression level Lossy compression level threshold value Progressive compression level Progressive compression threshold value Extra Color Compression.

and Client printer redirection q Allow use of legacy printer names and preserve backward compatibility with prior versions of the server Control the location where printer properties are stored Control whether print requests are processed by the client or the server Control whether or not users can access printers connected to their user devices Control installation of native Windows drivers when automatically creating client and network printers Control when to use the Universal Printer Driver Client printer names Printer properties retention Direct connections to print servers Client printer redirection Automatic installation of in-box printer drivers Universal print driver usage 546 .Policy Settings: Quick Reference Table Pre-launch and Lingering Sessions To perform this task: Control the length of time sessions remain active after exiting applications Use this policy setting: q Linger Disconnect Timer Interval Linger Terminate Timer Interval Pre-launch Disconnect Timer Interval Pre-launch Terminate Timer Interval q Control the length of time pre-launched sessions are inactive before disconnecting or terminating q q Prioritizing Multi-Stream Network Traffic To perform this task: Specify ports for ICA traffic across multiple connections and establish network priorities Enable support for multi-stream connections between servers and user devices Use this policy setting: Multi-Port Policy Multi-Stream (Computer and User settings) Printing To perform this task: Control creation of client printers on the user device Use this policy setting: q Auto-create client printers.

Policy Settings: Quick Reference Table Choose a printer based on a roaming user’s session information Default printer Security To perform this task: Require that connections use a specified encryption level Use this policy rule: SecureICA minimum encryption level User Connections and Shadowing To perform this task: Limit the number of sessions that a user can run at the same time Control whether or not shadowing is allowed Allow or deny permission for users to shadow connections Use this policy setting: Concurrent logon limit Shadowing q Users who can shadow other users Users who cannot shadow other users q 547 .

restart the server for the new value to take effect. clipboard redirection is allowed. After allowing this setting. If you change the port number. mapping to the Clipboard and custom channels.ICA Policy Settings The ICA section contains policy settings related to ICA listener connections. 548 . By default. ICA listener connection timeout Applicable products: XenApp. To prevent cut-and-paste data transfer between a session and the local Clipboard. Client clipboard redirection Applicable products: XenApp. you must also change it on every Receiver or plug-in that connects to the server. configure the maximum allowed bandwidth the Clipboard can consume in a client connection using the Clipboard redirection bandwidth limit or the Clipboard redirection bandwidth limit percent settings. the maximum wait time is 120000 milliseconds. ICA listener port number Applicable products: XenApp. XenDesktop This setting specifies the TCP/IP port number used by the ICA protocol on the server. If you change the port number on the server. select Prohibit. By default. or two minutes. and controlling the launch behavior of non-published programs. connecting to server desktops. XenDesktop This setting allows or prevents the Clipboard on the user device to be mapped to the Clipboard on the server. Users can still cut and paste data between applications running in sessions. The default port number is 1494. XenDesktop This setting specifies the maximum wait time for a connection using the ICA protocol to be completed. Valid port numbers must be in the range of 0–65535 and must not conflict with other well-known port numbers.

By default. By default. Launching of non-published programs during client connection Applicable products: XenApp This setting specifies whether or not to launch initial applications or published applications through ICA or RDP on the server. non-administrative users cannot connect to these sessions. only published applications are allowed to launch.ICA Policy Settings Desktop launches Applicable products: XenApp This setting allows or prevents non-administrative users to connect to a desktop session on the server. 549 .

Select High . Sounds sent to the client are compressed up to 64 Kbps. Audio Plug N Play Applicable products: XenApp This setting allows or prevents the use of multiple audio devices to record and play sound. XenDesktop 550 .high definition audio. Client audio redirection Applicable products: XenApp. This compression results in a significant decrease in the quality of the sound but allows reasonable performance for a low-bandwidth connection. choose one of the following options: q Select Low . configure the Audio redirection bandwidth limit or the Audio redirection bandwidth limit percent settings. Audio Quality Applicable products: XenApp. Select Medium .for low speed connections for low-bandwidth connections.Audio Policy Settings The Audio section contains policy settings you can configure to permit user devices to send and receive audio in sessions without reducing performance. the sound quality is set to High . Transmitting this amount of data can result in increased CPU utilization and network congestion. By default. q q Bandwidth is consumed only while audio is recording or playing. If both occur at the same time. Clients can play sound at its native rate. Sounds sent to the client are compressed up to 16 Kbps. By default. To control sound quality. Sounds can use up to 1. To specify the maximum amount of bandwidth.optimized for speech for most LAN-based connections. XenDesktop This setting specifies the quality level of sound received in user sessions.3 Mbps of bandwidth to play clearly.high definition audio for connections where bandwidth is plentiful and sound quality is important. the bandwidth consumption is doubled. this setting is allowed.

Client microphone redirection Applicable products: XenApp. For security. If the Client audio redirection setting is disabled on the user device. When enabled. Users can disable the alert on Citrix Receiver. you can limit the bandwidth consumed by playing or recording audio. By default. this rule has no effect. XenDesktop This setting enables or disables client microphone redirection.Audio Policy Settings This setting allows or prevents applications hosted on the server to play sounds through a sound device installed on the user device. redirection is allowed. 551 . To specify the maximum amount of bandwidth. This setting also allows or prevents users from recording audio input. Bandwidth is consumed only while audio is recording or playing. users can use microphones to record audio input in a session. Users can choose to accept or not accept access. users are alerted when servers that are not trusted by their devices try to access microphones. By default. After allowing this setting. the bandwidth consumption doubles. Limiting the amount of bandwidth consumed by audio can improve application performance but may also degrade audio quality. If both occur at the same time. configure the Audio redirection bandwidth limit or the Audio redirection bandwidth limit percent settings. redirection is allowed.

automatic reconnection can result in a new session being launched (instead of reconnecting to an existing session) if Receiver's cookie. is not used. Allowing automatic reconnection allows users to resume working where they were interrupted when a connection was broken. logging is disabled. or if credentials must be reentered. When logging is enabled. However. The cookie is not used if it has expired. for example. By default. the server’s System log captures information about successful and failed automatic reconnection events. Auto client reconnect is not triggered if users intentionally disconnect.Auto Client Reconnect Policy Settings The Auto Client Reconnect section contains policy settings for controlling automatic reconnection of sessions. The server farm does not provide a combined log of reconnection events for all servers. containing the key to the session ID and credentials. Auto client reconnect logging This setting enables or disables recording of auto client reconnections in the event log. Automatic reconnection detects broken connections and then reconnects the users to their sessions. because of a delay in reconnection. automatic reconnection is allowed. By default. 552 . These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Auto client reconnect This setting allows or prevents automatic reconnection by the same client after a connection has been interrupted.

By default. By default. If you configure this setting. If you use Multi-Stream settings in a policy. Important: Using these policy settings in conjunction with the Multi-Stream policy settings may produce unexpected results. Client USB device redirection bandwidth limit This settings specifies the maximum allowed bandwidth.Bandwidth Policy Settings The Bandwidth section contains policy settings you can configure to avoid performance problems related to client session bandwidth use. If you enter a value for this setting and a value for the Audio redirection bandwidth limit percent setting. no maximum percentage (zero) is specified. the most restrictive setting (with the lower value) is applied. no maximum (zero) is specified. in kilobits per second. Audio redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth limit for playing or recording audio as a percent of the total session bandwidth. the most restrictive setting (with the lower value) is applied. ensure these bandwidth limit policy settings are not included. If you enter a value for this setting and a value for the Audio redirection bandwidth limit setting. 553 . the most restrictive setting (with the lower value) is applied. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Audio redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for playing or recording audio in a user session. for the redirection of USB devices to and from the client (workstations hosts only) If you enter a value for this setting and a value for the Client USB device redirection bandwidth limit percent setting.

you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. If you configure this setting.Bandwidth Policy Settings Client USB device redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth for the redirection of USB devices to and from the client (workstations hosts only) as a percent of the total session bandwidth. no maximum (zero) is specified. COM port redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for accessing a COM port in a client connection. By default. the most restrictive setting (with the lower value) is applied. no maximum percentage (zero) is specified. no maximum (zero) is specified. If you enter a value for this setting and a value for the Clipboard redirection bandwidth limit percent setting. If you enter a value for this setting and a value for the COM port redirection bandwidth limit percent setting. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. the most restrictive setting (with the lower value) is applied. Clipboard redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth for data transfer between a session and the local Clipboard as a percent of the total session bandwidth. no maximum percentage (zero) is specified. By default. By default. the most restrictive setting (with the lower value) is applied. the most restrictive setting (with the lower value) is applied. 554 . If you enter a value for this setting and a value for the Client USB device redirection bandwidth limit setting. By default. If you enter a value for this setting and a value for the Clipboard redirection bandwidth limit setting. Clipboard redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for data transfer between a session and the local Clipboard. If you configure this setting.

File redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for accessing a client drive in a user session. no maximum percentage (zero) is specified. By default. If you enter a value for this setting and a value for the COM port redirection bandwidth limit setting. the most restrictive setting (with the lower value) is applied. By default. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. no maximum percentage (zero) is specified. If you enter a value for this setting and a value for the File redirection bandwidth limit percent setting. By default. the most restrictive setting (with the lower value) is applied. the most restrictive setting (with the lower value) takes effect. If you configure this setting.Bandwidth Policy Settings COM port redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth for accessing COM ports in a client connection as a percent of the total session bandwidth. no maximum (zero) is specified. 555 . File redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth limit for accessing client drives as a percent of the total session bandwidth. If you enter a value for this setting and a value for the HDX MediaStream Multimedia Acceleration bandwidth limit percent setting. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. By default. If you enter a value for this setting and a value for the File redirection bandwidth limit setting. no maximum (zero) is specified. If you configure this setting. HDX MediaStream Multimedia Acceleration bandwidth limit This setting specifies the maximum allowed bandwidth limit in kilobits per second for delivering streaming audio and video using HDX MediaStream Multimedia Acceleration. the most restrictive setting (with the lower value) takes effect.

Overall session bandwidth limit This setting specifies the total amount of bandwidth available in kilobits per second for user sessions. If you configure this setting. LPT port redirection bandwidth limit percent This setting specifies the bandwidth limit for print jobs using an LPT port in a single client session as a percent of the total session bandwidth. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. By default. the most restrictive setting (with the lower value) takes effect. By default. no maximum percentage (zero) is specified. the most restrictive setting (with the lower value) is applied. no limit (zero) is specified.Bandwidth Policy Settings HDX MediaStream Multimedia Acceleration bandwidth limit percent This setting specifies the maximum allowed bandwidth for delivering streaming audio and video using HDX MediaStream Multimedia Acceleration. By default. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. the most restrictive setting (with the lower value) is applied. Limiting the amount of bandwidth consumed by a client connection can improve performance when other applications outside the client connection are competing for limited bandwidth. If you enter a value for this setting and a value for the HDX MediaStream Multimedia Acceleration bandwidth limit setting. LPT port redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for print jobs using an LPT port in a single user session. no maximum (zero) is specified. If you configure this setting. If you enter a value for this setting and a value for the LPT port redirection bandwidth limit setting. If you enter a value for this setting and a value for the LPT port redirection bandwidth limit percent setting. By default. no maximum (zero) is specified. 556 .

TWAIN device redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth for controlling TWAIN imaging devices from published applications as a percent of the total session bandwidth. no maximum percentage (zero) is specified. the most restrictive setting (with the lower value) is applied. the most restrictive setting (with the lower value) is applied. If you enter a value for this setting and a value for the Printer redirection bandwidth limit percent setting. 557 . the most restrictive setting (with the lower value) is applied. TWAIN device redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for controlling TWAIN imaging devices from published applications. By default. By default.Bandwidth Policy Settings Printer redirection bandwidth limit This setting specifies the maximum allowed bandwidth in kilobits per second for accessing client printers in a user session. By default. If you configure this setting. If you configure this setting. Printer redirection bandwidth limit percent This setting specifies the maximum allowed bandwidth for accessing client printers as a percent of the total session bandwidth. If you enter a value for this setting and a value for the TWAIN device redirection bandwidth limit percent setting. By default. the most restrictive setting (with the lower value) is applied. no maximum (zero) is specified. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions. no maximum (zero) is specified. If you enter a value for this setting and a value for the TWAIN device redirection bandwidth limit setting. If you enter a value for this setting and a value for the Printer redirection bandwidth limit setting. no maximum percentage (zero) is specified. you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions.

select Prohibited when adding this setting to a policy. To turn off desktop wallpaper and reduce the bandwidth required in user sessions. When set to Prohibited. to manage the bandwidth used in client connections. Menu animation This setting allows or prevents menu animation in user sessions. The menu appears when you mouse over that arrow. By default. user sessions can show wallpaper. By default. such as desktop wallpaper. the entire window appears to move when you drag it. an arrow icon appears at the bottom of the menu. When set to Allowed. menu animation is allowed. viewing window contents is allowed. By default. 558 . Menu animation is a Microsoft personal preference setting that causes a menu to appear after a short delay.Desktop UI Policy Settings The Desktop UI section contains policy settings that control visual effects. and drag-and-drop images. View window contents while dragging This setting allows or prevents the display of window contents when dragging a window across the screen. either by scrolling or fading in. You can improve application performance on a WAN by limiting bandwidth usage. only the window outline appears to move until you drop it. When this policy setting is set to Allowed. menu animations. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Desktop wallpaper This setting allows or prevents wallpaper showing in user sessions.

By default. ICA round trip calculation interval (Seconds) This setting specifies the frequency. ICA round trip is calculated every 15 seconds. calculations are not performed for idle connections. By default. in seconds. each ICA roundtrip measurement initiation is delayed until some traffic occurs that indicates user interaction. at which ICA round trip calculations are performed. calculations for active connections are enabled. This delay can be indefinite in length and is designed to prevent the ICA roundtrip measurement being the sole reason for ICA traffic. each ICA roundtrip measurement initiation is delayed until some traffic occurs that indicates user interaction. By default. By default. By default. ICA round trip calculations for idle connections This setting determines whether or not ICA round trip calculations are performed for idle connections. This delay can be indefinite in length and is designed to prevent the ICA roundtrip measurement being the sole reason for ICA traffic. 559 . These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q ICA round trip calculation This setting determines whether or not ICA round trip calculations are performed for active connections.End User Monitoring Policy Settings The End User Monitoring section contains policy settings for measuring session traffic.

users can save files to all their client drives. make sure to enable the settings for the drive types you want automatically connected. Auto connect client drives Applicable products: XenApp. regardless of the state of the individual file redirection settings such as Client floppy drives and Client network drives. When enabled. configure this setting and the Client optical drives setting. to allow automatic connection of users' CD-ROM drives. By default. For example. automatic connection is allowed. When allowing this setting. When disabled. Related Policy Settings q Client floppy drives 560 . file redirection is enabled. By default. Related Policy Settings q Client drive redirection Client floppy drives Client optical drives Client fixed drives Client network drives Client removable drives q q q q q Client drive redirection Applicable products: XenApp. XenDesktop This setting allows or prevents automatic connection of client drives when users log on. XenDesktop This setting enables or disables drive redirection to and from the user device. all file redirection is prevented.File Redirection Policy Settings The File Redirection section contains policy settings relating to client drive mapping and client drive optimization.

If these settings are disabled. make sure the Client drive redirection setting is present and set to Allowed. Client network drives Applicable products: XenApp. regardless of the state of the Client fixed drives setting. client floppy drives are not mapped and users cannot access these drives manually. When allowing this setting. client fixed drives are not mapped and users cannot access these drives manually. XenDesktop This setting allows or prevents users from accessing and saving files to network (remote) drives through the user device. client network drives are not mapped and users cannot access these drives manually. make sure the Client drive redirection setting is present and set to Allowed. Client floppy drives Applicable products: XenApp. XenDesktop This setting allows or prevents users from accessing or saving files to floppy drives on the user device. If these settings are disabled. accessing client network drives is allowed. accessing client fixed drives is allowed. If these settings are disabled. To ensure fixed drives are automatically connected when users log on. regardless of the state of the Client floppy drives setting. When allowing this setting. regardless of the state of the Client network 561 . By default. configure the Auto connect client drives setting. XenDesktop This setting allows or prevents users from accessing or saving files to fixed drives on the user device. make sure the Client drive redirection setting is present and set to Allowed. To ensure floppy drives are automatically connected when users log on. When allowing this setting.File Redirection Policy Settings q Client optical drives Client fixed drives Client network drives Client removable drives q q q Client fixed drives Applicable products: XenApp. By default. By default. configure the Auto connect client drives setting. accessing client floppy drives is allowed.

client removable drives are not mapped and users cannot access these drives manually. accessing client removable drives is allowed. By default.File Redirection Policy Settings drives setting. XenDesktop This setting allows or prevents users from accessing or saving files to CD-ROM. client optical drives are not mapped and users cannot access these drives manually. DVD-ROM. By default. configure the Auto connect client drives setting. By default. When allowing this setting. If these settings are disabled. If these settings are disabled. regardless of the state of the Client optical drives setting. To ensure optical drives are automatically connected when users log on. These URL types are opened locally when you enable this setting: q Hypertext Transfer Protocol (HTTP) Secure Hypertext Transfer Protocol (HTTPS) q 562 . make sure the Client drive redirection setting is present and set to Allowed. configure the Auto connect client drives setting. When allowing this setting. To ensure network drives are automatically connected when users log on. configure the Auto connect client drives setting. content opens on the server. XenDesktop This setting allows or prevents users from accessing or saving files to USB drives on the user device. Client removable drives Applicable products: XenApp. regardless of the state of the Client removable drives setting. and BD-ROM drives on the user device. Host to client redirection Applicable products: XenApp This setting enables or disables file type associations for URLs and some media content to be opened on the user device. accessing client optical drives is allowed. When disabled. file type association is disabled. To ensure removable drives are automatically connected when users log on. make sure the Client drive redirection setting is present and set to Allowed. Client optical drives Applicable products: XenApp.

This setting prevents any objects filtered through a policy from having special folder redirection. XenDesktop This setting allows or prevents users and applications from creating or modifying files or folders on mapped client drives. any related settings specified for the Web Interface or Citrix Receiver are ignored. By default. When adding this setting to a policy. By default. files and folders are accessible with read-only permissions. Special folder redirection Applicable products: XenApp This setting allows or prevents Citrix Receiver and Web Interface users to see their local Documents and Desktop special folders from a session. regardless of settings that exist elsewhere. select Allowed and include this setting in a policy filtered on the users you want to have this feature. To define which users can have special folder redirection. make sure the Client drive redirection setting is present and set to Allowed. Read-only client drive access Applicable products: XenApp. client drive letters are not preserved. 563 . When you allow this setting. files and folders on mapped client drives can be modified. By default. This setting overrides all other special folder redirection settings throughout XenApp. When enabling this setting.File Redirection Policy Settings q Real Player and QuickTime (RTSP) Real Player and QuickTime (RTSPU) Legacy Real Player (PNM) Microsoft’s Media Format (MMS) q q q Preserve client drive letters Applicable to: XenDesktop This setting enables or disables mapping of client drives to the same drive letter in the session. If set to Enabled. make sure the Client drive redirection setting is present and set to Allowed. special folder redirection is allowed.

XenDesktop This setting enables or disables asynchronous disk writes.File Redirection Policy Settings Because special folder redirection must interact with the user device. if there is a connection or disk fault. special folder redirection works for Documents and Desktops folders. which are typically characterized by relatively high bandwidth and high latency. Citrix recommends enabling asynchronous disk writes only for users who need remote connectivity with good file access speed and who can easily recover files or data lost in the event of connection or disk failure. asynchronous writes will not occur. policy settings that prevent users from accessing or saving files to their local hard drives also prevent special folder redirection from working. When enabling this setting. asynchronous writes are disabled. make sure the Client fixed drives setting is enabled as well. Citrix does not recommend using special folder redirection with published Windows Explorer. Asynchronous disk writes can improve the speed of file transfers and writing to client disks over WANs. If this happens. By default. The user can then take remedial action. However. the client file or files being written may end in an undefined state. make sure that the Client drive redirection setting is present and set to Allowed. such as restarting an interrupted file transfer on reconnection or when the disk fault is corrected. If you enable the Special folder redirection setting. a pop-up window informs the user of the files affected. 564 . Use asynchronous writes Applicable products: XenApp. If this setting is disabled. For seamless applications and seamless and published desktops.

this setting reduces network and server load by rendering Flash content on the user device.com 000003 565 . the Enable HDX MediaStream for Flash on the user device setting must be enabled as well. Valid entries consist of a URL (with optional wildcards at the beginning or end) followed by a 24-bit RGB color hexadecimal code. By default. configure the Flash URL compatibility list setting. Note: This setting is used for legacy Flash redirection with Citrix online plug-in 12. Flash background color list This setting enables you to set key colors for given URLs. The key color specified should be rare. regardless of URL. visible region detection might not work properly. For example: http://citrix.1. no key colors are specified. Key colors appear behind client-rendered Flash and help provide visible region detection. otherwise. When this setting is disabled. Flash content from all Web sites. the Flash URL compatibility list setting forces Flash content from specific Web sites to be rendered on the server. By default. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Flash acceleration This setting enables or disables Flash content rendering on user devices instead of the server. On the user device. Additionally. client-side Flash content rendering is enabled. When enabled. To allow only certain Web sites to render Flash content on the user device. is rendered on the server.Flash Redirection Policy Settings The Flash Redirection section contains policy settings for handling Flash content in user sessions.

Flash Redirection Policy Settings Flash backwards compatibility This setting enables or disables the use of original. To ensure second generation Flash redirection features are used. Second generation and legacy Flash redirection is not used. q q This setting can be overridden for individual Web pages and Flash instances based on the configuration of the Flash URL compatibility list setting. the user device must have the Enable HDX MediaStream for Flash on the user device setting enabled. Flash default behavior This setting establishes the default behavior for second generation Flash acceleration. Flash event logging This setting enables or disables Flash events to be recorded in the Windows application event log. provided the Flash Player for Internet Explorer is installed on the server. If legacy redirection is enabled on either the server or the user device. By default. By default. Block Flash Player prevents users from viewing Flash content. Flash acceleration is enabled. choose one of the following options: q Enable Flash acceleration enables use of second generation features when both the server and the user device have second generation Flash redirection enabled. legacy redirection features are used. logging is enabled. On computers running Windows 7 or Windows Vista. the Enable HDX MediaStream for Flash on the user device setting must be enabled as well. Legacy features are available when the Flash backwards compatibility setting is enabled. both the server and the user device must have second generation Flash redirection enabled. By default. this setting is enabled. Additionally. Second generation Flash redirection features are enabled for use with Citrix Receiver 3. Disable Flash acceleration enables users to view Flash content rendered on the server. Second generation and legacy Flash redirection and server-side content rendering are not used.1.0. Legacy redirection features are supported for use with the Citrix online plug-in 12. To configure this setting. a Flash redirection-specific log appears in the Applications and Services Log node. legacy Flash redirection features with older versions of Citrix Receiver (formerly the Citrix online plug-in). On the user device. 566 .

the threshold is 30 milliseconds. Second generation Flash redirection includes a fallback to server-side content fetching for Flash .swf files. Use an asterisk (*) at the beginning or end of the URL as a wildcard. but are not required for valid list entries. When adding URLs to the list: q Add the URL of the Flash application instead of the top-level HTML page that initiates the Flash Player. By default. Flash server-side content fetching URL list This setting specifies Web sites whose Flash content can be downloaded to the server and then transferred to the user device for rendering. ensure the Flash backwards compatibility setting is also added to the policy and enabled.Flash Redirection Policy Settings Flash intelligent fallback This setting enables or disables automatic attempts to employ server-side rendering for Flash Player instances where client-side rendering is either unnecessary or provides a poor user experience. HDX MediaStream for Flash measures the current latency between the server and user device. legacy Flash redirection is used to render Flash content on the user device. During startup. If the latency is above the threshold. Additionally.citrix. and the Web site is specified in the Flash server-side content fetching URL list.com/*). Use a trailing wildcard to allow all child URLs (http://www. If the user device is unable to fetch Flash content from a Web site. The prefixes http:// and https:// are used when present. Flash latency threshold This setting specifies a threshold between 0-30 milliseconds to determine where Adobe Flash content is rendered. By default. This setting is used when the user device does not have direct access to the Internet. When adding this setting to a policy. If the latency is under the threshold. the user device must have the Enable server-side content fetching setting enabled. By default. This setting is used for legacy Flash redirection with Citrix online plug-in 12.1. this setting is enabled. no sites are specified. the network server renders the content if an Adobe Flash player is available there. the server provides that connection. q q q 567 . server-side content fetching occurs automatically.

com/*). When adding URLs to the list: q Prioritize the list with the most important URLs. no rules are specified. The prefixes http:// and https:// are used when present. rendered on the server. but are not required for valid list entries.Flash Redirection Policy Settings Flash URL compatibility list This setting specifies the rules which determine whether Flash content on certain Web sites are rendered on the user device. and rendering locations at the top.citrix. actions. or blocked from rendering. By default. Use an asterisk (*) at the beginning or end of the URL as a wildcard. Use a trailing wildcard to refer to all child URLs (http://www. Add to this list Web sites whose Flash content does not render correctly on the user device and select either the Render on Server or Block options. q q q q 568 .

When color depth is degraded first. Using more color depth and higher resolution for connections requires more memory. displayed images use fewer colors. color depth is degraded first.Graphics Policy Settings The Graphics section contains policy settings for controlling how images are handled in user sessions. Dynamic Windows Preview This setting enables or disables the display of seamless windows in Flip. By default. To notify users when either color depth or resolution are degraded. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Display memory limit This setting specifies the maximum video buffer size in kilobytes for the session. and Peek window preview modes. this setting is enabled. Taskbar Preview. If the memory limit is reached. the display degrades according to the Display mode degrade preference setting. displayed images use fewer pixels per inch. Specify an amount in kilobytes from 128 to 131072. By default. Flip 3D. configure the Notify user when display mode is degraded setting. Display mode degrade preference This setting specifies that color depth or resolution degrades first when the session display memory limit is reached. 569 . you can reduce the quality of displayed images by choosing whether color depth or resolution is degraded first. When resolution is degraded first. When the session memory limit is reached. By default. the display memory limit is 32768 kilobytes.

displayed images use fewer colors. To degrade color depth when the memory limit is reached. the images are retrieved in sections to make scrolling smoother. Queuing and tossing This setting discards queued images that are replaced by another image. By default. By default. When color depth is degraded. 570 . Setting a high color depth requires more memory. Maximum allowed color depth This setting specifies the maximum color depth allowed for a session. the maximum allowed color depth is 32 bits per pixel. Configuring this setting can cause animations to become choppy due to dropped frames. By default.Graphics Policy Settings Image caching This setting enables or disables caching of images in sessions. By default. configure the Display mode degrade preference setting. When needed. notifying users is disabled. queuing and tossing is enabled. image caching is enabled. Notify user when display mode is degraded This setting displays a brief explanation to the user when the color depth or resolution is degraded. This improves response when graphics are sent to the user device.

frequently-used images from previous sessions. the threshold is 3000000 kilobits per second. The threshold value represents the point below which you want the Persistent Cache feature to take effect. with regard to the default value. For example. bitmaps are cached on the hard drive of the user device when bandwidth is below 3000000 kbps.Caching Policy Settings The Caching section contains settings that enable you to cache image data on user devices when client connections are limited in bandwidth. This enables re-use of large. By default. 571 . These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Persistent Cache Threshold This setting caches bitmaps on the hard drive of the user device.

Keep Alive Policy Settings The Keep Alive section contains policy settings for managing ICA keep-alive messages. Enabling this setting prevents broken connections from being disconnected. ICA keep alives This setting enables or disables sending ICA keep-alive messages periodically. set keep-alive intervals on the Access Gateway to match the keep-alive intervals on XenApp. If XenApp detects no activity. XenApp sends keep-alive messages every few seconds to detect if the session is active. Do not configure this setting if your network monitoring software is responsible for closing inactive connections. ICA Keep-Alive does not work if you are using Session Reliability. By default. Specify an interval between 1-3600 seconds in which to send ICA keep-alive messages. If the session is no longer active. the interval between keep-alive messages is 60 seconds. By default. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q ICA keep alive timeout This setting specifies the number of seconds between successive ICA keep-alive messages. keep-alive messages are not sent. XenApp marks the session as disconnected. Configure ICA Keep-Alive only for connections that are not using Session Reliability. If using Citrix Access Gateway. this setting prevents Remote Desktop Services from disconnecting the session. Related Policy Settings Session reliability connections 572 .

573 . Flash content is optimized for low bandwidth connections only. These policy settings are applicable to XenApp. By default. Flash quality adjustment This setting adjusts the quality of Flash content rendered on session hosts to improve performance.Legacy Server Side Optimizations Policy Settings The Legacy Server side optimizations section contains policy settings for handling Flash content on session hosts.

video conferencing support is enabled. When adding this setting to a policy. and Media Foundation 574 . DirectX Media Objects (DMO). An Office Communicator server must be present in your farm environment. this setting is allowed. By default. XenApp streams multimedia to the client in the original. unless otherwise specified: q XenApp XenDesktop q Multimedia conferencing This setting allows or prevents support for video conferencing applications. make sure the following conditions are met: q Manufacturer-supplied drivers for the web cam used for multimedia conferencing must be installed. When using multimedia conferencing. make sure the Windows Media Redirection setting is present and set to Allowed. If multiple web cams are installed on the client device. XenApp attempts to use each web cam in succession until a video conferencing session is created successfully. The web cam must be connected to the client device before initiating a video conferencing session. Allowing this setting increases the quality of audio and video rendered from the server to a level that compares with audio and video played locally on a client device. The Office Communicator client software must be published on the server. XenApp uses only one installed web cam at any given time. q q q Windows Media Redirection This setting controls and optimizes the way XenApp servers deliver streaming audio and video to users. These policy settings are applicable to the following Citrix products. By default. compressed form and allows the client device to decompress and render the media.Multimedia Policy Settings The Multimedia section contains policy settings for managing streaming audio and video in user sessions. Windows Media redirection optimizes multimedia files that are encoded with codecs that adhere to Microsoft’s DirectShow.

To allow users to run multimedia applications in ICA sessions.Multimedia Policy Settings standards. Windows Media Redirection Buffer Size Use This setting enables or disables using the buffer size specified in the Windows Media Redirection Buffer Size setting. This is rare but can happen under low bandwidth conditions. By default. By default. with media in which there is a very low frequency of key frames. for example. a codec compatible with the encoding format of the multimedia file must be present on the client device. the buffer size specified is not used. To play back a given multimedia file. 575 . Windows Media Redirection Buffer Size This setting specifies a buffer size from 1 to 10 seconds for multimedia acceleration. the buffer size is 5 seconds. turn on audio or give the users permission to turn on audio themselves in their Receiver interface. audio is disabled on Citrix Receiver. the server uses the default buffer size value (5 seconds). Select Prohibited only if playing media using Windows Media redirection appears worse than when rendered using basic ICA compression and regular audio. If this setting is disabled or if the Windows Media Redirection Buffer Size setting is not configured. By default.

Each port must have a unique priority.Multi-Stream Connections Policy Settings The Multi-Stream Connections section contains policy settings for managing Quality of Service (QoS) prioritization for multiple ICA connections in a session. you cannot assign a Very High priority to both CGP port 1 and CGP port 3. By default. When configuring this setting. such as for audio and video conferencing. you do not need to configure this setting. If you use Citrix Branch Repeater with Multi-Stream support in your environment. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Multi-Port Policy This setting specifies the TCP ports to be used for ICA traffic and establishes the network priority for each port. Configure this policy setting when using third-party routers or legacy Branch Repeaters to achieve the desired Quality of Service. the primary port (2598) has a High priority. you might assign a Low priority to background processes such as printing. reboot the server. To remove a port from prioritization. 576 . When you configure additional ports. Multi-Stream (Computer Configuration) This setting enables or disables multi-stream on the XenApp server. This setting takes effect only when the Multi-Stream Computer policy setting is enabled. For example. you can assign the following priorities: q Very High High Medium Low q q q You might assign a Very High priority when real-time responsiveness is required. set the port number to 0. By default. Multi-Stream is disabled. As well. You cannot remove the primary port and you cannot modify its priority level.

Multi-Stream (User Configuration) This setting enables or disables multi-stream on the user device. 577 . ensure that bandwidth limit settings are not included. ensure that bandwidth limit settings are not included. By default. reboot the server to ensure changes take effect. This setting takes effect only on hosts where the Multi-Stream Computer policy setting is enabled.Multi-Stream Connections Policy Settings When configuring this setting. When including this setting in a policy. this setting is disabled for all users. Important: Using this policy setting in conjunction with bandwidth limit policy settings such as Overall session bandwidth limit may produce unexpected results. When including this setting in a policy. Important: Using this policy setting in conjunction with bandwidth limit policy settings such as Overall session bandwidth limit may produce unexpected results.

By default. By default. 578 . LPT port redirection is allowed. client LPT ports are connected automatically. Most applications today can send print jobs to printer objects. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Auto connect client COM ports This setting enables or disables automatic connection of COM ports on user devices when users log on to the farm. Client COM port redirection This setting allows or prevents access to COM ports on the user device. COM port redirection is allowed. By default. Auto connect client LPT ports This setting enables or disables automatic connection of LPT ports on user devices when users log on to the farm. LPT ports are used only by legacy applications that send print jobs to the LPT ports and not to the print objects on the client device. By default. client COM ports are not automatically connected. This policy setting is necessary only for servers that host legacy applications that print to LPT ports. Related Policy Settings q COM port redirection bandwidth limit COM port redirection bandwith limit percent q Client LPT port redirection This setting allows or prevents access to LPT ports on the user device.Port Redirection Policy Settings The Port Redirection section contains policy settings for client LPT and COM port mapping.

Port Redirection Policy Settings Related Policy Settings q LPT port redirection bandwidth limit LPT port redirection bandwith limit percent q 579 .

By default. Related Policy Settings Auto-create client printers Default printer This setting specifies how the default printer on the user device is established in a session. errors and warnings are logged. only errors. To use the current Remote Desktop Services or Windows user profile setting for the default printer. 580 . If you choose this option. or errors and warnings. By default. client printer mapping is allowed. the user's current printer is used as the default printer for the session. which is either: q The first printer added locally to the Windows server in Control Panel > Devices and Printers The first autocreated printer. if there are no printers added locally to the server q You can use this option to present users with the nearest printer through profile settings (known as Proximity Printing). select Do not adjust the user’s default printer. the default printer is not saved in the profile and it does not change according to other session or client properties. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Client printer redirection This setting allows or prevents client printers to be mapped to a server when a user logs on to a session. By default.Printing Policy Settings The Printing section contains policy settings for managing client printing. Printer auto-creation event log preference This setting specifies the events that are logged during the printer auto-creation process. You can choose to log no errors or warnings. The default printer in a session will be the first printer autocreated in the session.

After adding the printer. Wait for printers to be created (desktop) This setting allows or prevents a delay in connecting to a session so that desktop printers can be auto-created. To add printers. Session printers This setting specifies the network printers to be auto-created in a session.Printing Policy Settings An example of a warning is an event in which a printer’s native driver could not be installed and the universal printer driver is installed instead. 581 . configure the Universal print driver usage setting to Use universal printing only or Use universal printing only if requested driver is unavailable. To allow universal printer drivers to be used in this scenario. By default. This setting does not apply to published applications or published desktops. you can apply customized settings for the current session at every logon. a connection delay does not occur. no printers are specified. enter the UNC path of the printer you want to auto-create. By default.

COM. By default. including settings to autocreate client printers. select an option: q Auto-create all client printers automatically creates all printers on a user device. or other local port. retain printer properties. all client printers are auto-created. Auto-create the client’s default printer only automatically creates only the printer selected as the default printer on the user device. Related Policy Settings q Universal print driver usage 582 . By default. This causes the Remote Desktop Services settings for autocreating client printers to override this setting in lower priority policies. use legacy printer names. q q q Auto-create generic universal printer This setting enables or disables autocreation of the generic Citrix UNIVERSAL Printer object for sessions where a user device compatible with Universal Printing is in use. Do not auto-create client printers turns off autocreation for all client printers when users log on. Auto-create local (non-network) client printers only automatically creates only printers directly connected to the user device through an LPT. This setting takes effect only if the Client printer redirection setting is present and set to Allowed. and connect to print servers. This setting overrides default client printer auto-creation settings. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Auto-create client printers This setting specifies the client printers that are auto-created.Client Printers Policy Settings The Client Printers section contains policy settings for client printers. the generic Universal Printer object is not autocreated. When adding this setting to a policy. USB.

standard printer names are used. For most configurations. Direct communication results in faster printing if the network print server and host server are on the same LAN. Print jobs are routed through the user device where they are redirected to the network print server. Data sent to the user device is compressed.” Because this option is less secure. If two network printers have the same name.0 or earlier. You can enable direct connections if the network print server is not across a WAN from the host. This gives server applications access to client printers that have the same drivers as the server. By default. you can allow or prevent printers to be created with the specified driver. direct connections are enabled. select Standard printer names which are similar to those created by native Remote Desktop Services. substituting an equivalent driver on the server. Additionally. the printer on the same network as the user device is used.0 or earlier. so less bandwidth is consumed as the data travels across the WAN. When you define driver substitution rules. no rules are specified. By default. Printer driver mapping and compatibility This setting specifies the driver substitution rules for autocreated client printers. An example of a legacy printer name is “Client/clientname#/HPLaserJet 4.” Select Legacy printer names to use old-style client printer names and preserve backward compatibility for users or groups using MetaFrame Presentation Server 3. you can allow created printers to use only universal print drivers. such as “HPLaserJet 4 from clientname in session 3. Related Policy Settings q Auto-create client printers Direct connections to print servers This setting enables or disables direct connections from the host to a print server for client printers hosted on an accessible network share. By default. use it only to provide backward compatibility for users or groups using MetaFrame Presentation Server 3. 583 . Driver substitution overrides or maps printer driver names the user device provides. but different driver names. You can disable direct connections if the network is across a WAN or has substantial latency or limited bandwidth.Client Printers Policy Settings q Universal driver preference Client printer names This setting selects the naming convention for auto-created client printers.

and 12.0 or earlier and MetaFrame Presentation Server Client 8. 10.x. or change the order of driver entries in the list. Printer properties are stored either on the client device. Use this option with MetaFrame Presentation Server 3. 584 . This option stores printer properties in the user profile on the server and prevents any properties exchange with the user device. with a saved state that is permanently attached to a client port. if available.x or earlier. By default. or remembered. if available. 11. it can also slow logon time and use extra bandwidth for system-checking. or in the user profile. edit an existing mapping. the system determines if printer properties are to be stored on the user device. it considers all policy settings except the Auto-create client printers setting. When XenApp recreates a retained printer. Note that this is applicable only if a Remote Desktop Services roaming profile is used.x. enter the client printer driver name and then select the server driver you want to substitute. Retained in user profile only is for user devices constrained by bandwidth (this option reduces network traffic) and logon speed or for users with legacy plug-ins. override custom settings for a mapping. By default. at the start of the next session. Do not retain printer properties prevents storing printer properties. q q q Retained and restored client printers This setting enables or disables the retention and re-creation of printers on the user device. When adding this setting to a policy. Held in profile only if not saved on client allows the system to determine where printer properties are stored. Although this option is the most flexible. select an option: q Saved on the client device only is for user devices that have a mandatory or roaming profile that is not saved.x. remove a mapping. Restored printers are printers fully customized by an administrator. Choose this option only if all the servers in your farm are running XenApp 5 and above and your users are using Citrix online plug-in versions 9. Retained printers are user-created printers that are created again. When adding a mapping. Printer properties retention This setting specifies whether or not to store printer properties and where to store them. or in the user profile. or Citrix Receiver 13.Client Printers Policy Settings You can add a driver mapping.x.x. client printers are auto-retained and auto-restored.

By default. Universal print driver usage This setting specifies when to use universal printing. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Automatic installation of in-box printer drivers This setting enables or disables the automatic installation of printer drivers from the Windows in-box driver set or from driver packages staged on the host using pnputil. Universal printing employs generic printer drivers instead of standard model-specific drivers. and print server software. or remove drivers. these drivers are installed as needed. beginning with the first entry in the list. In certain configurations. the preference order is as follows: q EMF XPS PCL5c PCL4 PS q q q q You can add.exe /a. host. edit. universal printing is used only if the requested driver is unavailable. By default. potentially simplifying the burden of driver management on host computers.Drivers Policy Settings The Drivers section contains policy settings related to printer drivers. The availability of universal print drivers depends on the capabilities of the user device. and change the order of drivers in the list. Universal driver preference This setting specifies the order in which universal printer drivers are used. universal printing might not be available. By default. 585 .

Use printer model specific drivers only if universal printing is unavailable uses the universal printer driver if it is available. Only universal print drivers are used to create printers. If the driver is not available on the server. select an option: q Use only printer model specific drivers specifies that the client printer use only the standard model-specific drivers that are auto-created at logon. the client printer cannot be auto-created.Drivers Policy Settings When adding this setting to a policy. Use universal printing only if requested driver is unavailable uses standard model-specific drivers for printer creation if they are available. the client printer is created automatically with the appropriate universal driver. Use universal printing only specifies that no standard model-specific drivers are used. If the driver is not available on the server. q q q Related Policy Settings q Auto-create generic universal printer 586 . the client printer is created automatically with the appropriate model-specific printer driver. If the requested driver is unavailable.

Universal Printing Policy Settings The Universal Printing section contains policy settings for managing universal printing. By default. select an option: q Reprocess EMFs for printer forces the EMF spool file to be reprocessed and sent through the GDI subsystem on the user device. when used with the Citrix Universal Printer driver. select an option: q No compression Best quality (lossless compression) High quality Standard quality Reduced quality (maximum compression) q q q q 587 . You can use this setting for drivers that require EMF reprocessing but that might not be selected automatically in a session. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Universal printing EMF processing mode This setting controls the method of processing the EMF spool file on the Windows user device. If No Compression is selected. For printers and drivers that are compatible with the EMF format. Typically. ensures the EMF records are spooled and delivered to the user device for processing. the image compression limit is set to Best quality (lossless compression). When adding this setting to a policy. When adding this setting to a policy. EMF records are spooled directly to the printer. this is the fastest printing method. By default. Spool directly to printer. compression is disabled for EMF printing only. these EMF spool files are injected directly to the client's spool queue. q Universal printing image compression limit This setting specifies the maximum quality and the minimum compression level available for images printed with the Universal Printer driver.

By default. However. If compression is disabled. q Desired image quality specifies the default image compression limit applied to universal printing. users can only print images using standard or reduced quality compression. embedded images and fonts are cached. heavyweight compression is disabled. images are compressed at the level defined in the Universal printing image compression limits setting. ensuring each unique image or font is sent to the printer only once. meaning that users can only print images using standard or reduced quality compression. the Universal printing image compression limit setting overrides the default setting. Enable heavyweight compression enables or disables reducing bandwidth beyond the compression level set by Desired image quality. Standard Quality is enabled. print preview is not used for auto-created or generic universal printers. Universal printing preview preference This setting specifies whether or not to use the print preview function for auto-created or generic universal printers. users are not allowed to change the default print optimization settings.Universal Printing Policy Settings When adding this setting to a policy that includes the Universal printing optimization defaults setting. For example. By default. Note that these settings apply only if the user device supports this behavior. Allow non-administrators to modify these settings specifies whether or not users can change the default print optimization settings within a session. q q q Note: These options are supported for EMF printing. By default. if the default setting is set to Best Quality and the Universal printing image compression limit setting is set to Standard Quality. select an option: q Do not use print preview for auto-created or generic universal printers 588 . only the Desired image quality option is supported. q Universal printing optimization defaults This setting specifies the default values for printing optimization when the Universal Printer driver is created for a session. without losing image quality. Image and Font Caching settings specify whether or not to cache images and fonts that appear multiple times in the print stream. By default. be aware of the following items: q If the compression level in the Universal printing image compression limit setting is lower than the level defined in the Universal printing optimization defaults setting. For XPS printing. By default. the Desired image quality and Enable heavyweight compression options of the Universal printing optimization defaults setting have no effect in the policy. When adding this setting to a policy.

Universal Printing Policy Settings q Use print preview for auto-created printers only Use print preview for generic universal printers only Use print preview for both auto-created and generic universal printers q q Related Policy Settings q Universal print driver usage Universal printing print quality limit This setting specifies the maximum dots per inch (dpi) available for generating printed output in the session. it limits the maximum print quality available to users in terms of output resolution. select an option: q Draft (150 DPI) Low Resolution (300 DPI) Medium Resolution (600 DPI) High Resolution (1200 DPI) No limit q q q q 589 . If this setting is configured. No Limit is enabled. When adding this setting to a policy. By default. For example. if configured to Medium Resolution (600 DPI). users are restricted to printing output with a maximum quality of 600 DPI and the Print Quality setting on the Advanced tab of the Universal Printer dialog box shows resolution settings only up to and including Medium Quality (600 DPI). Both the print quality itself and the print quality capabilities of the printer to which the user connects are restricted to the configured setting. meaning users can select the maximum print quality allowed by the printer to which they connect.

You can raise encryption levels to further secure communications and message integrity for certain users. RC5 (40 bit) encrypts the client connection with RC5 40-bit encryption. use SecureICA with SSL/TLS encryption. SecureICA minimum encryption level This setting specifies the minimum level at which to encrypt session data sent between the server and a user device. By default. It protects the data stream from being read directly. These policy settings are applicable to XenApp only. q q q q The settings you specify for client-server encryption can interact with any other encryption settings in XenApp and your Windows operating system. Prompt for password This setting requires the user to enter a password for all server connections regardless of access scenario. RC5 (56 bit) encrypts the client connection with RC5 56-bit encryption. 590 . users are prompted for passwords only for specific types of connections.Security Policy Settings The Security section contains policy settings for configuring session encryption and password requirements. settings you specify for published resources can be overridden. select an option: q Basic encrypts the client connection using a non-RC5 algorithm. RC5 (128 bit) encrypts the client connection with RC5 128-bit encryption. By default. SecureICA does not perform authentication or check data integrity. If a higher priority encryption level is set on either a server or user device. To provide end-to-end encryption for your server farm. RC5 (128 bit) logon only encrypts the logon data with RC5 128-bit encryption and the client connection using Basic encryption. the server uses Basic encryption for client-server traffic. When adding this setting to a policy. Receivers using a lower encryption level are denied connection. If a policy requires a higher encryption level. but it can be decrypted.

If this is an issue. configure the server and Receivers to avoid using SecureICA. 591 .Security Policy Settings SecureICA does not use FIPS-compliant algorithms.

Server Limits Policy Settings The Server Limits section contains policy settings for controlling idle connections. These policy settings are applicable to XenApp only. how long an uninterrupted user session will be maintained if there is no input from the user. Server idle timer interval This setting determines. in milliseconds. By default. idle connections are not disconnected (Server idle timer interval = 0). 592 .

Session Limits Policy Settings The Session Limits section contains policy settings you can use to control the number of connections users can make and how long sessions remain connected before they are forced to log off. there is no limit on concurrent connections. Once disconnected. By default. no (zero) minutes are specified. If the user launches an application before the timer interval expires. no (zero) minutes are specified. The user’s active and disconnected sessions are counted for the user’s total number of concurrent connections. therefore. the Linger Disconnect timer resets. therefore. Linger Terminate Timer Interval This setting specifies the number of minutes after the last application exits to terminate an existing session. By default. To configure this setting. 593 . the Linger Terminate timer resets. session lingering is disabled. These settings are applicable to XenApp only. use any positive number. Related Policy Settings q Limits on administrator sessions Limit user sessions q Linger Disconnect Timer Interval This setting specifies the number of minutes after the last application exits to disconnect an existing session. By default. If the user launches an application before the timer interval expires. the XenApp license is released. Concurrent logon limit This setting specifies the maximum number of connections a user can make to the server farm at any given time. This setting reduces the number of client connection licenses in use and conserves resources. the session is not disconnected until the user logs off. To configure this setting. use any positive number.

If the user launches an application before the timer expires. By default. The application launches in the existing session. use any positive number. the session is reconnected. sessions are disconnected after 60 minutes.Session Limits Policy Settings Pre-launch Disconnect Timer Interval This setting specifies the number of minutes to disconnect an existing pre-launched session. pre-launched sessions are terminated immediately. If the user launches an application before the timer expires. the application is launched in the existing session. use any positive number. To configure this setting. Once disconnected. If the timer interval is set to zero. To configure this setting. if necessary. sessions are terminated after 60 minutes. the XenApp license is released. By default. 594 . Pre-launch Terminate Timer Interval This setting specifies the number of minutes to terminate an existing pre-launched session.

After that. Users are then prompted to reauthenticate when reconnecting to interrupted sessions. or disconnects. the user session after the amount of time you specify in the Session reliability timeout setting. session reliability is allowed. Session reliability port number This setting specifies the TCP port number for incoming session reliability connections.Session Reliability Policy Settings The Session Reliability section contains policy settings for managing session reliability connections. The user continues to access the display during the interruption and can resume interacting with the application when the network connection is restored. attempting to reconnect the user to the disconnected session. If you use both Session Reliability and Auto Client Reconnect. Session Reliability keeps sessions active when network connectivity is interrupted. the session remains active on the server. Session Reliability reconnects users without reauthentication prompts. If you do not want users to be able to reconnect to interrupted sessions without having to reauthenticate. the two features work in sequence. the settings you configure for Auto Client Reconnect take effect. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Session reliability connections This setting allows or prevents sessions to remain open during a loss of network connectivity. Session Reliability closes. configure the Auto client reconnect authentication setting to require authentication. The default port number is 2598. When connectivity is momentarily lost. 595 . By default. The user’s display freezes and the cursor changes to a spinning hourglass until connectivity resumes. Users continue to see the application they are using until network connectivity resumes.

configure the Auto client reconnect authentication setting to require authentication. If you do not want users to be able to reconnect to interrupted sessions without having to reauthenticate. After that. chances increase that a user may get distracted and walk away from the client device.Session Reliability Policy Settings Session reliability timeout This setting specifies the length of time in seconds the session reliability proxy waits for a client to reconnect before allowing the session to be disconnected. the two features work in sequence. or disconnects. potentially leaving the session accessible to unauthorized users. the user session after the amount of time you specify in the Session reliability timeout setting. this feature is designed to be convenient to the user and it does not prompt the user for reauthentication. Though you can extend the amount of time a session is kept open. If you extend the amount of time a session is kept open indiscriminately. The default length of time is 180 seconds. or three minutes. Users are then prompted to reauthenticate when reconnecting to interrupted sessions. Session Reliability closes. 596 . the settings you configure for Auto Client Reconnect take effect. If you use both Session Reliability and Auto Client Reconnect. attempting to reconnect the user to the disconnected session.

By default. By default. Shadowing This setting allows or prevents users from shadowing other users’ sessions. Input from shadow connections This setting allows or prevents shadowing users to take control of the keyboard and mouse of the user being shadowed during a shadowing session. You can also use your keyboard and mouse to remotely interact with the user session. and access to shadowing denials. When you add this setting to a policy. you can view everything that appears on the user’s session display. failure to launch shadowing. Notify user of pending shadow connections This setting allows or prevents shadowed users from receiving notification of shadowing requests from other users. Session shadowing monitors and interacts with user sessions. users are notified of shadowing requests. the person shadowing can send input to the session being shadowed. the user can accept or deny the request. By default. By default. These policy settings are applicable to XenApp only. such as when users stop shadowing. These include user shadowing requests. Several different event types are recorded in the Windows Event log. shadowing attempts are logged. When a user receives a shadowing request.Shadowing Policy Settings The Shadowing section contains policy settings related to user-to-user shadowing. administrators can shadow users’ sessions. Log shadow attempts This setting allows or prevents recording of attempted shadowing sessions in the Windows event log. When you shadow a user session. 597 . specify the users allowed to shadow by configuring the Users who can shadow other users and Users who cannot shadow other users policy settings. You can also allow help desk personnel to shadow users so they can troubleshoot user problems. Shadowing is useful for training purposes and for viewing presentations.

When the Sales Manager logs on to the XenApp farm from home. You must reinstall XenApp on the server to change shadowing restrictions. When the Sales Manager logs on to the XenApp farm and initiates a shadowing session. 598 . For example. When added to an unfiltered policy. This setting overrides the Users who can shadow other users setting under the following conditions: q Both this setting and the Users who can shadow other users setting are added to the same policy and enabled. The Sales Manager is added to the Users who cannot shadow other users setting and a User filter is applied that specifies the users in the Sales-US group. Any user policies you create to enable user-to-user shadowing are subject to the restrictions you place on shadowing during Setup. no users are specified. the Sales Manager can select only US Sales employees. Users who can shadow other users This setting specifies the users who are allowed to shadow other users. Users who cannot shadow other users This setting specifies the users who are not allowed to shadow other users. the Sales Manager is allowed to shadow users from the office. By default.169. this setting prevents the specified users from initiating shadowing sessions with all other users. When a filter is applied. Shadowing restrictions are set at install time and are permanent. no users are specified.8.Shadowing Policy Settings Shadowing is protocol-specific.* (the corporate network). However. For example. the ability to initiate shadowing sessions is not available. but not when working from home. The same user is specified in both settings. If you enable or disable shadowing. or certain shadowing features during Setup. The Sales Manager cannot initiate shadowing sessions with anyone else in the company. By default. when a filter is applied. This means you can shadow ICA sessions over ICA and Remote Desktop Protocol (RDP) sessions over RDP only. q When added to an unfiltered policy. the specified users can initiate shadowing sessions only under the conditions specified by the filter. the specified users can initiate shadowing sessions under the conditions specified by the filter. this setting enables the specified users to shadow all other users. you cannot change these restrictions later. the Sales Manager is allowed to shadow only the users in the US Sales department. The Sales Manager is added to the Users who can shadow other users setting and a Client IP Address filter is applied that allows connections from 10.

the server estimates the local time zone when necessary. the time zone of the user's session is used by default.Time Zone Control Policy Settings The Time Zone Control section contains policy settings related to using local time in sessions. When used with XenDesktop. Estimate local time for legacy clients Applicable to: XenApp This setting enables or disables estimating the local time zone of user devices that send inaccurate time zone information to the server. 599 . enable the Allow time zone redirection setting in the Remote Desktop Session Host node of the Group Policy Management Editor (Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection). Use local time of client Applicable to: XenApp. For this setting to take effect. When this setting is used with XenApp. By default. XenDesktop This setting determines the time zone setting of the user session. the server’s time zone is used for the session by default. refer to the Citrix Knowledge Center. For more information about time zone redirection.

By default. These policy settings are applicable to XenApp and XenDesktop. Related Policy Settings q TWAIN compression level TWAIN device redirection bandwidth limit TWAIN device redirection bandwidth limit percent q q TWAIN compression level This setting specifies the level of compression of image transfers from client to server. medium compression is applied. and optimizing image transfers from server to client. Medium for good image quality. Use Low for best image quality. Client TWAIN device redirection This setting allows or prevents users from accessing TWAIN devices on the user device from published image processing applications. or High for low image quality. By default. such as digital cameras or scanners.TWAIN Devices Policy Settings The TWAIN devices section contains policy settings related to mapping client TWAIN devices. 600 . TWAIN device redirection is allowed.

By default. refer to CTX119722. The following tags are supported: Tag Name VID PID REL Class SubClass Prot Description Vendor ID from the device descriptor Product ID from the device descriptor Release ID from the device descriptor Class from either the device descriptor or an interface descriptor Subclass from either the device descriptor or an interface descriptor Protocol from either the device descriptor or an interface descriptor When creating new policy rules. the device is available only to the local desktop. Client USB device redirection rules Applies to: XenApp. When a user plugs in a USB device. default rules are used. 601 .USB Devices Policy Settings The USB devices section contains policy settings for managing file redirection for USB devices. If the first match is a Deny rule. USB devices are not redirected. Client USB device redirection Applies to: XenApp. By default. XenDesktop This setting allows or prevents redirection of USB devices to and from the client (workstation hosts only). Policy rules take the format {Allow:|Deny:} followed by a set of tag= value expressions separated by whitespace. XenDesktop This setting specifies redirection rules for USB devices. be aware of the following: q Rules are case-insensitive. “Creating USB Policy Rules. The first match for any device is considered definitive. For more information about the default policy configuration for USB devices.” in the Citrix Knowledge Center. If no match is found. no rules are specified. the device is remoted to the virtual desktop. If the first match is an Allow rule. the host device checks it against each policy rule in turn until a match is found.

Inc. Refer to the USB class codes available from the USB Implementers Forum.USB Devices Policy Settings q Rules may have an optional comment at the end. use “DENY:” with no other tags. For example. all plug-and-play devices for a specific user or group are redirected. Client USB Plug and Play device redirection Applies to: XenApp This setting allows or prevents plug-and-play devices such as cameras or point-of-sale (POS) devices to be used in a client session. Each rule must start on a new line or form part of a semicolon-separated list. Web site. no devices are redirected. When set to Prohibited. Tags must use the matching operator =. When set to Allowed. introduced by #. plug-and-play device redirection is allowed. q q q q Examples of administrator-defined USB policy rules Allow: VID=1230 PID=0007 # ANOther Industries. 602 . Blank and pure comment lines are ignored. By default. ANOther Flash Drive Deny: Class=08 subclass=05 # Mass Storage To create a rule that denies all USB devices. VID=1230.

the maximum is 24 frames per second. Max frames per second Applicable products: XenApp. 603 . XenDesktop This setting specifies the maximum number of frames per second sent to the user device from the virtual desktop. 10) maximizes server scalability at the expense of user experience. 30) improves the user experience. By default. Decreasing the number of frames per second (for example. but requires more bandwidth.Visual Display Policy Settings The Visual Display section contains policy settings for controlling the quality of images sent from virtual desktops. Setting a high number of frames per second (for example.

The more detailed image. For progressive compression to be effective. Use Very High or Ultra High compression for improved viewing of bandwidth-intensive graphics such as photographs. This is applied only to client connections under this bandwidth. Related Policy Settings: q Progressive compression threshold value Lossy compression level Progressive heavyweight compression q q Progressive compression threshold value This setting represents the maximum bandwidth in kilobits per second for a connection to which progressive compression is applied. the threshold value is 2147483647 kilobits per second. Note: The increased level of compression associated with progressive compression also enhances the interactivity of dynamic images over client connections. no progressive compression is applied. defined by the normal lossy compression setting. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Progressive compression level This setting provides a less detailed but faster initial display of images. is temporarily decreased until the image stops moving. at which time the normal lossy compression setting is applied. 604 . appears when it becomes available. By default.Moving Images Policy Settings The Moving Images section contains settings that enable you to remove or alter compression for dynamic images. such as a rotating three-dimensional model. By default. its compression level must be higher than the Lossy compression level setting. The quality of a dynamic image.

heavyweight compression applies to all lossy compression settings. These policy settings are applicable to the following Citrix products: q XenApp XenDesktop q Extra Color Compression This setting enables or disables the use of extra color compression on images delivered over client connections that are limited in bandwidth. By default.Still Images Policy Settings The Image compression section contains settings that enable you to remove or alter compression. When enabled. Related Policy Settings q Progressive compression level 605 . downloading images without compression can be slow. heavyweight compression is disabled. if enabled. extra color compression. By default. If the client connection bandwidth drops below the set value. extra color compression is not applied. Extra Color Compression Threshold This setting represents the maximum bandwidth in kilobits per second for a connection below which extra color compression is applied. If enabled. graphical algorithm. this setting is disabled. the threshold value is 8192 kilobits per second. Heavyweight compression This setting enables or disables reducing bandwidth beyond progressive compression without losing image quality by using a more advanced. By default. but more CPU-intensive. extra color compression is applied only when the client connection bandwidth is below the Extra Color Compression Threshold value. improving responsiveness by reducing the quality of displayed images. When client connections are limited in bandwidth. When the client connection bandwidth is above the threshold value or Disabled is selected. is applied. It is supported on Citrix Receiver but has no effect on other plug-ins.

you may not want to use lossy compression. medium compression is selected. By default. In such cases. for example. the threshold value is 2147483647 kilobits per second. For improved responsiveness with bandwidth-intensive images. when displaying X-ray images where no loss of quality is acceptable. such as photographs.Still Images Policy Settings Lossy compression level This setting controls the degree of lossy compression used on images delivered over client connections that are limited in bandwidth. displaying images without compression can be slow. Adding the Lossy compression level setting to a policy and including no specified threshold can improve the display speed of high-detail bitmaps. Related Policy Settings q Progressive compression level Lossy compression threshold value This setting represents the maximum bandwidth in kilobits per second for a connection to which lossy compression is applied. over a LAN. By default. 606 . use high compression. Where preserving image data is vital.

ensure that a license server with the new name already exists on your network. 607 . License server port This setting specifies the port number of the server hosting XenApp licenses. port 27000 is specified. This may involve returning and reallocating the licenses. no host name is specified.Licensing Policy Settings The Licensing section contains policy settings for configuring Citrix Licensing. you must download a license file that is generated for the new license server if you decide to change the server’s name. By default. These policy settings are applicable to XenApp. By default. specify a new number in all the license files on the server. If you change the port number of the license server. License server host name This setting specifies the name of the server hosting XenApp licenses. If you decide to change the license server name. Because license files are tied to the license server’s host name.

They do not contain backslashes (\). no farm name is specified. Valid workload names can be up to 80 characters. less-than (<). or equal signs (=).Power and Capacity Management Policy Settings The Power and Capacity Management section contains policy settings for managing Power and Capacity Management agents. If this setting is added to a policy with either the Unassigned value or an invalid value. Farm name This setting specifies the name of the collection of XenApp servers managed by Power and Capacity Management. the Value box cannot be null and a valid entry cannot consist of spaces. single quotes ('). double-quotes ("). Additionally. forward slashes (/). Valid farm names are unique and may contain up to 80 characters. backticks (`). 608 . the Value box cannot be null and a valid entry cannot consist of spaces. By default. These policy settings are applicable to XenApp. Workload name This setting specifies the name of the logical grouping of XenApp servers that host the same application or set of applications. pipes (|). By default. greater than (>). neither power management nor load consolidation can be enabled. If Use default value is selected when configuring this setting. Additionally. the XenApp Power and Capacity Management Agent service does not start. the workload name is Unassigned.

When adding this setting to a policy. Then. select an option: q Any connections (selected by default) allows access to published applications through any connection. 609 . If no filter is specified. DNS address resolution works only in server farms that contain servers running MetaFrame XP Feature Release 1 or later.0 or later). icon handling. By default. q q DNS address resolution This setting enables or disables the server to return fully qualified domain names (FQDN) to clients using the Citrix XML Service. Connection access control This setting specifies the types of client connections from which users can start sessions. and clients must be using Presentation Server Client Version 6. and Web Interface connections only allows access to published applications through the listed connections.Server Policy Settings The Server Settings section contains policy settings for configuring access control. and XenApp product information for licensing. include the worker group in the filter you add to the policy. Citrix Receiver. this setting affects all farm servers. Full icon caching This setting enables or disables the caching of larger. These policy settings are applicable to XenApp. DNS address resolution.985 or later or Citrix XenApp Plugin for Hosted Apps version 11. configure a worker group that includes only the servers you specify. Citrix Access Gateway connections only allows access to published applications only through Access Gateway Advanced Edition servers (Version 4. By default.20. Citrix Access Gateway.x. high resolution published application icons on farm servers. icons are cached. This option denies access through any other connection. the server does not use the XML Service to return FQDNs. including any version of Access Gateway. To ensure only specific farm servers are affected by this setting.

no load evaluator names are specified. does attempt to locate the name in the farm data store when attempting to calculate load. By default. To retrieve a list of the load evaluators available. XenApp registers an error in the Windows Event Log and the affected servers register full loads. however. If the XenApp server is already joined to a farm. You can specify load evaluators stored on the local XenApp server or on a XenApp server in another farm. 610 . Setting the product edition activates the features available with a particular edition. XenApp uses the Default load evaluator to calculate load. By default. XenApp does not validate the name at the time the policy setting is added. If this setting is added to a policy and the policy is later renamed or deleted. If the setting is read by a server in controller mode and the specified zone name does not exist in the farm. the affected servers stop accepting new connection requests until a valid load evaluator name is specified. If the setting is read by a server in session-only mode. When a load evaluator name is specified. the setting has no effect. Load Evaluator Name This setting specifies the name of the load evaluator to be assigned to servers in a XenApp farm. By default. XenApp. However. The product edition also determines which type of license a server requests from the license server. If XenApp cannot locate the load evaluator name specified in the policy. do not disable this setting on servers acting as XML brokers for the farm. click Retrieve List and enter the computer name of the farm server you want to use. the Platinum edition is specified. Initial Zone Name This setting specifies the name of the zone assigned to the XenApp server when joining a farm. the server creates the zone. XenApp product edition This setting specifies the XenApp product edition. the Default zone is specified. Additionally. the specified zone must exist in the farm before the server attempts to join. Make sure the edition you set matches the licenses that are installed.Server Policy Settings Consider disabling this setting if caching icons impacts performance of the server.

611 . the XenApp product model is specified. By default. The product model determines the type of license the XenApp server requests from the Licensing Server. After you configure this setting. ensure the product model you select matches the licenses that are installed. restart the server so that the appropriate license is applied to the installation. When you configure this setting.Server Policy Settings XenApp product model This setting specifies the product model to be activated based on the license stored on the Citrix Licensing Server.

administrators are exempt from connection limits. These policy settings are applicable to XenApp. in the range 0-8192. a message tells the user the connection is not allowed. A value of 0 indicates no connections. When a connection request is denied. Logging of logon limit events This setting enables or disables the logging of events (to the server event log) about connection attempts that were denied because they exceeded logon limits. By default. When a user tries to establish a connection in excess of this limit. Limiting connections for Citrix administrators can adversely affect their ability to shadow other users. these events are not logged.Connection Limits Policy Settings The Connection Limits section contains policy settings for controlling user and administrator sessions and logon event logging. Related Policy Settings: Concurrent logon limit Limits on administrator sessions This setting enables or disables connection limit enforcement for Citrix administrators. By default. By default. 612 . the server records the user’s name and time in the System log. the limit is 2147483647. Limit user sessions This setting specifies the maximum number of connections that users can establish.

and then apply the policy. By default. If you use the XenApp Server Configuration tool to define the database server name. Select the Clear database location settings from this server checkbox. By default. this setting is not used. follow the procedure described in Approach 3 of the topic "Preparing for XenApp 6 Imaging and Provisioning" to capture an image after XenApp installation. and you want to use this policy setting. this setting has no effect. These policy settings are applicable to XenApp. By default. configuration. If you use the Server Configuration tool to define the database name. This setting is applicable only to farms that use Microsoft SQL Server for the data store. the value is placed in the ODBC DSN file on the XenApp server. the value is placed in the ODBC DSN file on the XenApp server. Initial Database Name This setting specifies the name of the database used when a XenApp server is joined to a farm. Initial Failover Partner This setting specifies the name of the database server to be used in the event the primary database server is unavailable. no value is specified. only the Initial Database Server Name setting value is used. When you specify a failover database server. the value is placed in the ODBC DSN file on the XenApp server. If you are using an Oracle database for the farm data store. it will look in that policy for the initial database server name. 613 . When you specify an initial database server name. When the image reboots. no database server is specified. the database name is not specified. When you specify an initial database name. and restart. this setting has no effect. After you capture an image of the server. Note: If you are using an Oracle database for the farm data store. Initial Database Server Name This setting specifies the name of the server hosting the farm database. edit the Citrix Initial Database Server name Computer policy setting with the Oracle database server name.Database Policy Settings The Database Settings section contains policy settings for specifying the database connections used when servers join a farm.

Database Policy Settings 614 .

location. the Prohibit logons and connections to the server recovery action has no effect. These policy settings are applicable to XenApp. the following Citrix tests are run: Test Name Citrix IMA Service Test Logon Monitor Test Ticketing Test Default Interval (seconds) 60 1 60 Default Threshold 5 5 5 Default Recovery Action Alert Only Alert Only Prohibit logons and connections to the server Alert Only Terminal Services Test 60 5 Maximum percent of servers with logon control This setting specifies the maximum percent of servers on which Health Monitoring and Recovery can prohibit logons. Health monitoring This setting allows or prevents running Health Monitoring and Recovery tests on the farm servers. Health monitoring tests This setting specifies which Health Monitoring tests to run. description. By default. interval. apply the same limit to all servers in the farm. logons are prohibited on ten percent of servers. threshold. You can also edit the configuration of a test (name. time-out and recovery action). Health Monitoring and Recovery tests are allowed to run. To ensure prompt recovery. 615 . By default. By default. You can add or remove tests.Health Monitoring and Recovery Policy Settings The Health Monitoring and Recovery section contains policy settings for configuring Health Monitoring and Recovery tests and server load balancing exclusions. When the specified percentage of servers are either offline or are configured to prohibit logons.

select an option: q No CPU utilization management disables CPU utilization management on the server. By default.Memory Optimization Policy Settings The Memory/CPU section contains policy settings for managing CPU utilization and memory optimization. CPU management server level This setting specifies the level of CPU utilization management on the server. Fair sharing of CPU between sessions ensures that CPU resources are equitably shared among users by having the server allocate an equal share of CPU to each user. When adding this setting to a policy. Related Policy Settings: Session importance Memory optimization This setting enables or disables memory optimization. Enabling memory optimization improves the ability to manage DLL allocation in both real and overall virtual memory by creating shared DLLs for applications that are open in multiple sessions. q q Note: To use CPU Utilization Management. Preferential Load Balancing allocates more CPU resources to one user over another based on the resource allotment for each session. Memory optimization application exclusion list This setting specifies the applications that memory optimization should ignore. CPU utilization is not managed. this setting is disabled. no applications are specified. ensure the Fair Share CPU Scheduling (DFSS) feature of Remote Desktop Services is disabled on the server. These policy settings are applicable to XenApp. 616 . By default. By default. The resource allotment is determined by the importance levels of both the published application running in the session and the session itself. Managing CPU resources can normalize CPU peaks and reduce the resources required to handle CPU spikes.

memory optimization runs daily. set to Enabled Memory optimization interval. set to Enabled Memory optimization interval. the 30th day in February. Memory optimization schedule: day of month This setting specifies the day of the month that memory optimization runs. Weekly. By default.or Monthly q Memory optimization times are scheduled in the local time zone of the server and use a 12-hour clock. The time format is H:MM TT. make sure the Memory optimization setting is present and set to Enabled. in the range 1-31. MM is the minute. the time is converted 617 . memory optimization is scheduled for the first day of each month. If you enter a time according to a 24-hour clock. or the 31st day in April or June). When adding this setting to a policy. make sure the following policy settings are present: q Memory optimization. and TT is the time of day (AM or PM). By default. When adding this setting to a policy. When adding this setting to a policy. set to Daily. memory optimization does not run in that month. make sure the following policy settings are present: q Memory optimization. memory optimization runs on Sundays. By default. memory optimization runs at 3:00 AM. When adding this setting to a policy.Memory Optimization Policy Settings Memory optimization interval This setting specifies the interval for running memory optimization. By default. set to Monthly q If the specified day does not occur in a given month (for example. make sure the following policy settings are present: q Memory optimization. set to Enabled Memory optimization interval. where H is the hour. set to Weekly q Memory optimization schedule: time This setting specifies the time at which memory optimization runs. Memory optimization schedule: day of week This setting specifies the day of the week that memory optimization runs.

618 . If you enter a time without a TT value. the time defaults to AM.Memory Optimization Policy Settings automatically to a 12-hour clock.

Offline app users This setting specifies the users who have permission to access offline applications. Licenses automatically renew at login and every day while logged in. The license period. Changes to the license period occur when the license is renewed. You must configure the applications for offline access in the application properties. You can add or delete users from this list. and logging. Offline app license period This setting specifies the number of days applications can work offline before users have to renew the license. By default. without authenticating again. 619 . administrators can use the License Administration Console or command-line tools. Offline app client trust This setting enables or disables the ability of offline application clients to recreate sessions when reconnecting. By default. They must also ensure they have a sufficient number of licenses to support the total number of users with offline access permission.Offline Applications Policy Settings The Offline Applications section contains policy settings for controlling offline application access. By default. users must authenticate when reconnecting to offline applications. 21 days by default. The total number of users with offline access permission should not exceed the total number of licenses available for offline access. Users in this group can continue using configured applications after disconnecting from the network for the number of days specified in the Offline app license period setting. To configure licenses. offline application events are not logged. licensing. can range from 2 to 365 days. These policy settings are applicable to XenApp. no users are specified. Offline app event logging This setting enables or disables logging of offline application events to the event log on the server.

Reboot Behavior Policy Settings The Reboot Behavior section contains policy settings for scheduling server restarts. Reboot custom warning This setting enables or disables sending a custom warning message (in addition to the standard restart message) to users before a scheduled server restart. By default. only the standard warning message is sent. To send a custom message. disabling logons. in minutes. These policy settings are applicable to XenApp. that scheduled server restarts occur. By default. By default. in which servers are restarted before or after the scheduled restart time. This interval prevents all servers in the farm from restarting simultaneously. the Reboot custom warning setting must be enabled. and configuring warning messages. 620 . in days. Enterprise and Platinum editions only. scheduled restarts occur every 7 days (once each week). To specify the text for this warning. Reboot logon disable time This setting specifies the number of minutes before a scheduled server restart that logons to the server are disabled. no message text is specified. By default. Reboot schedule randomization interval This setting specifies the interval. By default. Reboot schedule frequency This setting specifies the frequency. Reboot custom warning text This setting specifies the text in the custom warning message sent to users before a scheduled server restart. configure the Reboot custom warning text setting. logons are disabled 60 minutes prior to server restart. the setting is 0.

By default. Reboot warning start time This setting specifies the number of minutes before a scheduled server restart to send standard or custom warnings to users. if the Reboot schedule time setting is set to 11:00 PM and the randomization interval is 15 minutes. By default. 621 . where H is the hour. To send a custom warning message (in addition to the standard message). By default. Reboot schedule start date This setting specifies the date on which scheduled server restarts begin. MM is the minute.Reboot Behavior Policy Settings For example. Reboot warning interval This setting specifies how often standard and custom warning messages are sent to users before a scheduled restart. scheduled server restarts occur at 12:00 AM (midnight). Reboot warning to users This setting enables or disables sending a standard warning message to users before a scheduled server restart. By default. If you enter a time without a TT value. the time is converted automatically to a 12-hour clock. and TT is the time of day (AM or PM). Configure the Reboot warning interval setting to specify how often the warning is sent. messages are sent every 15 minutes. Reboot schedule time This setting specifies the time at which scheduled server restarts occur in the form H:MM TT. Configure the Reboot warning start time setting to specify when to start sending the warning messages. in the form MM/DD/YYYY. the time of day defaults to AM. messages are not sent to users prior to server restarts. the restart can occur at any time between 10:45 PM and 11:15 PM. By default. messages are sent 60 minutes prior to server restart. no start date is specified. Restart times are scheduled in the local time zone of the server and use a 12-hour clock. If you enter a time according to a 24-hour clock. enable the Reboot custom warning setting and specify the text in the Reboot custom warning text setting.

When this setting is enabled.Reboot Behavior Policy Settings Scheduled reboots This setting enables or disables scheduled server restarts. By default. server reboots are not scheduled. You can configure automatic restarts at specific times and frequencies. as well as the starting date of the schedule. the values configured for the following settings take effect when added to a policy: q Reboot schedule frequency Reboot logon disable time Reboot schedule randomization interval Reboot schedule start date Reboot schedule time q q q q 622 .

623 . Session importance This setting specifies the importance level at which a session is run. By default. These policy settings are applicable to XenApp. Policies apply only to shared folders you configure to be Single Sign-On central stores. not to central stores. the user cannot access published objects using Single Sign-On if the central store is in the failed zone. Single Sign-On central store This setting specifies the UNC path of the Single Sign-On central store to which users are allowed to connect. Server farm zone failover preferences apply only to published objects. leave this field blank.Server Session Settings The Server Session Settings section contains policy settings for configuring Single Sign-On and session importance. sessions are run at the Normal level. By default. sessions with higher importance levels are allowed to use more CPU cycles than sessions with lower importance levels. If the CPU management server level setting is configured for No CPU utilization management. no path is specified. By default. If the CPU management server level setting is configured for Preferential Load Balancing. If you want this setting to use the central store specified by the Single Sign-On plug-in. Single Sign-On This setting enables or disables the use of Single Sign-on when users connect to servers or published applications in a XenApp farm. If the user’s preferred zone is not operating and the connection fails over to a backup zone. sessions with higher importance levels are directed to servers with lower resource allotments. Single Sign-On is enabled.

configure the Virtual IP filter adapter addresses programs list to add the applications whose overhead can be reduced through adapter address filtering. make sure IP Virtualization is enabled in Remote Desktop Session Host Configuration. By default. specify only the executable name. If this setting is not configured.Virtual IP Policy Settings The Virtual IP section contains policy settings for configuring Virtual IP support for applications. When adding programs to the list. After enabling this setting. the list of adapter addresses is not filtered. Before enabling this setting. make sure IP Virtualization is enabled in Remote Desktop Session Host Configuration. By default. filtering does not occur. configure the Virtual IP enhanced compatibility programs list setting to add the applications that can use virtual IP addresses. Virtual IP enhanced compatibility This setting enables or disables additional support of Windows Remote Desktop IP virtualization. By default. Additionally. enable the Virtual IP enhanced compatibility policy setting. Virtual IP adapter address filtering This setting enables or disables filtering of the list of addresses returned by the GetAdaptersAddresses() function to only include the session virtual IP address and the loopback address. After enabling this setting. Virtual IP compatibility programs list This setting specifies the application processes that can use virtual IP addresses. Before enabling this setting. additional support does not occur. this setting is disabled. These policy settings are applicable to XenApp. It is not necessary to specify the entire path. no processes are specified. If these settings are not configured. This allows calls to the gethostbyname() function within sessions to return the assigned virtual IP address for the session. 624 .

sessions do not have virtual loopback addresses. By default. specify only the executable name. When adding programs to the list. no executables are specified.exe" is specified. When adding programs to the list. After enabling this setting. Virtual IP virtual loopback programs list This setting specifies the application executables that can use virtual loopback addresses. By default. configure the Virtual IP virtual loopback programs list to add the applications that can use virtual loopback addresses. 625 .Virtual IP Policy Settings Virtual IP filter adapter addresses programs list This setting specifies the application executables that can use filter adapter addresses. Virtual IP loopback support This setting enables or disables the use of virtual loopback addresses in sessions. It is not necessary to specify the entire path. It is not necessary to specify the entire path. the executable "outlook. specify only the executable name. By default.

the range of values you can enter is 1024-65535. the port is disabled. When specifying the XML Service port number. XML Service port This setting specifies the port number to use for the Citrix XML Service. By default. To disable the port. These policy settings are applicable to XenApp. avoid security risks by using IPSec.XML Service Policy Settings The XML Service section contains policy settings for configuring the Citrix XML Service. firewalls. Trust XML requests This setting specifies whether the Citrix XML Service should trust requests it receives. or another technology that ensures only trusted services communicate with the Citrix XML Service. Citrix recommends using port 8080. enter 0 as the port number. 626 . Before enabling this rule. the XML Service does not automatically trust requests. By default.

Publish Resources When you publish an application. and audio settings. Deploy Microsoft Windows Server Update Services (WSUS) updates to XenApp server the same way. This approach uses the publishing wizard in the AppCenter to make available hosted and streamed applications. When delivered to users. configuration information for the application is stored in the data store for the server farm. content. Publishing VM Hosted Apps Deploying and Publishing Applications with Microsoft System Center Configuration Manager 2007 627 . Consult the appropriate sections in eDocs or other documentation about the Receiver and Plug-ins for more information about the Plug-in with which your users start published applications. and desktops across the XenApp environment. Publish applications hosted on virtual or physical systems (servers or desktops) through the AppCenter. deploy applications to XenApp servers with minimal to no service interruptions. number of colors. The configuration information includes which types of files are associated with the application. Deploy and publish physical applications and App-V sequences to XenApp directly through the System Center Console. This approach uses XenDesktop technology and is ideal for applications that do not support multi-user environments or have other specific requirements that make them unsuitable to install on or stream to a XenApp server. and client-side session properties that include window size. users who can connect to the application. By using Power and Capacity Management to directing incoming user connections away from servers set to receive application. published applications appear very similar to applications running locally on the user device. importance level for Preferential Load Balancing. level of encryption. In This Section Choose from the following methods to publish your applications: Publishing Resources using the AppCenter The most commonly used method for publishing resources to users for access on any Citrix-enabled user device. Users start applications depending on the delivery options you select while publishing and the plug-in they are running on their devices.

this approach allows administrators to prepare the application environment once and deliver it on-demand to various devices.Publish Publish App-V virtual application sequences in the AppCenter for delivery to XenApp servers or Citrix-enabled user devices. Similar to Citrix Application Streaming technology. distributors.citrix. Publishing App-V Sequences 628 . and partners a programmatic interface for publishing applications using the New-XAApplication command. In addition.com/display/xa/XenApp+6+PowerShell+SDK. For information. the XenApp 6 Powershell SDK offers Citrix customers. download the Readme and SDK from the Citrix Developer Network Web site at http://community.

Data files such as Web pages. see the topics for Application Streaming. media files. The server desktops. Users access the profile and virtualize the applications on their client desktops. In XenApp. When users access them. For more guidance about planning for applications and server loads. If you have multiple applications silos. documents. and URLs. so they can be convenient targets for policies and worker groups. Citrix recommends installing applications that interact with each other on the same group of servers (called a silo). refer to information about configuring content redirection and XenApp policies. Streamed applications installed in application profiles and stored on a file server in your App Hub. see the eDocs section about designing a XenApp deployment. so users can access all of the resources available on the server. Citrix recommends using separate organizational units. To further refine how your users launch and access published resources. the combined total of data types you publish is referred to as content. 629 . Note: Citrix recommends that server desktops be locked down to prevent user access to sensitive areas of the operating system. refer to the system requirements for supported platforms and system prerequisites. q q q Publish all of these resource types using the Publish Application wizard in the Citrix AppCenter. For information about preparing and publishing applications for streaming. Important: Before you begin. the published applications appear to be running locally on client devices.Publishing Resources With XenApp. you provide users with access to information by publishing the following types of resources that can be virtualized on servers or desktops: q Applications installed on servers running XenApp. spreadsheets.

The server desktops. so users can access all of the resources available on the server. 630 . the combined total of data types you publish is referred to as content. refer to information about configuring content redirection and XenApp policies. To further refine how your users launch and access published resources.Publishing Resources With XenApp. Note: Citrix recommends that server desktops be locked down to prevent user access to sensitive areas of the operating system. refer to the system requirements for supported platforms and system prerequisites. In XenApp. For more guidance about planning for applications and server loads. For information about preparing and publishing applications for streaming. documents. so they can be convenient targets for policies and worker groups. q q q Publish all of these resource types using the Publish Application wizard in the Citrix AppCenter. media files. see the topics for Application Streaming. see the eDocs section about designing a XenApp deployment. Data files such as Web pages. and URLs. Citrix recommends installing applications that interact with each other on the same group of servers (called a silo). you provide users with access to information by publishing the following types of resources that can be virtualized on servers or desktops: q Applications installed on servers running XenApp. spreadsheets. Users access the profile and virtualize the applications on their client desktops. Streamed applications installed in application profiles and stored on a file server in your App Hub. When users access them. the published applications appear to be running locally on client devices. If you have multiple applications silos. Important: Before you begin. Citrix recommends using separate organizational units.

and accessed from the server. This delivery method supports thin clients. In addition. User devices do not require extensive resources. Users must be connected to the server or network to run the applications (no offline access). some end-users might run all applications while connected to the company network.NET framework). For example. This is the traditional XenApp application delivery model. This method is effective for applications with components that are intertwined with the operating system (such as a . For many organizations. Method/Description Installed on the server: Advantages q Considerations q Applications are installed on the server. How you choose to deliver applications depends on your organization's needs and end-users' requirements. This method provides a consistent user experience regardless of the user device. this provides the lowest cost of ownership for IT resources because it provides the greatest scalability. In other organizations. some organizations use XenApp to streamline administration. while others might work in remote locations and run applications while disconnected from the network. such as excessive memory or hard drive space. as can the types of applications to be delivered. q q q q 631 . Farm servers require sufficient resources to support the applications. the existing hardware infrastructure might affect the delivery method selected. You manage applications centrally. where the processing takes place.Evaluating Application Delivery Methods The application delivery method is a factor in determining the number of servers in a farm and their individual hardware requirements.

Evaluating Application Delivery Methods Streamed to server: Executables for applications are put in profiles and stored on a file server or Web server (the App Hub). and application processing takes place on the server. In many cases. the user devices cannot be thin clients. including a consistent user experience. q q q q Streamed to desktop: Executables for applications are put in profiles and stored on a file server or Web server (the App Hub). Some applications are not candidates for profiling. q q 632 . such as those using a . such as graphics applications. When applications are streamed to the user device. Unlike installed applications. you control the applications and users that have offline access. streaming to server lets conflicting applications. the user experience is similar to running applications locally. as well as the license period for offline use. When launched. q Farm servers require sufficient resources to support the applications. the files required to execute the application are streamed to the user device. Updating applications is simplified because you update only a single application profile. XP. run on the same server without needing to silo them. central management. Users might have a better experience when resource-intensive applications. and use of server resources instead of those of the user device. After applications are cached on the user device. users can continue running the apps after disconnecting from the network (referred to as offline access). however. Users can have the local application experience. such as multiple versions of the same application. q q q User devices must have sufficient resources to run the applications locally. streamed applications are stored in the App Hub and provide application isolation by design. including Windows 7. q This method has similar advantages as for installed applications. or Vista. are streamed to desktops. they stream to the server. Using application properties and Citrix policies and filters for Offline Applications. User devices must run Windows operating systems. and application processing takes place on the user device instead of the XenApp server. Users must be connected to the server or network (no offline access). but you manage the applications centrally. when launched.NET framework.

such as the server's Load Balancing Policies for Streamed App Delivery. q Choosing Between Published Desktops and Published Applications Before selecting the method for delivering applications. For example. q You can use policies to prevent users from accessing server drives and features with both methods of application delivery. This method provides the most versatility for application delivery. and run them as installed applications when they are accessing them from handheld mobile or kiosk-type devices. You control delivery options centrally using Citrix policies and filters. decide if you want to publish the desktop or publish applications. plus a backup delivery method for the rest.) Publishing applications . otherwise accessed from a server" (referred to as dual mode or fallback). 633 . but uses the backup access method if streaming to desktop is not supported on the user device. you can specify that some users. q For the backup method to occur. the desktop should be locked down . offering all the advantages of streaming to desktops for supported user devices. (For security. run applications streamed to desktop when they are accessing the applications from Windows devices. q Publishing the desktop . XenApp tries to stream the application to the user device first.Evaluating Application Delivery Methods Dual mode delivery: q When you select "streamed if possible. such as sales personnel.Presents users with an entire Windows Server desktop when they log onto XenApp. This option provides greater administrative control and is used most frequently. ensure that the application is either installed on the XenApp server or the streaming profile is configured for a target operating system that matches the server.Publishes specific applications and delivers only those applications to users.

documents. q q q Publish all of these resource types using the Publish Application wizard. see the eDocs section about designing a XenApp deployment. media files.Publishing Resources using the AppCenter With the AppCenter. the combined total of data types you publish is referred to as content. the published applications appear to be running locally on user devices. Note: Citrix recommends that server desktops be locked down to prevent user access to sensitive areas of the operating system. refer to the system requirements for supported platforms and system prerequisites. Citrix recommends using separate organizational units. When users access them. refer to information about configuring content redirection and XenApp policies. Server desktops so users can access all of the resources available on the server. In XenApp. so they can be convenient targets for policies and worker groups. Users access the profile and virtualize the applications on their user devices. spreadsheets. Data files such as Web pages. Citrix recommends installing applications that interact with each other on the same group of servers (called a silo). To further refine how your users launch and access published resources. For more guidance about planning for applications and server loads. you provide users with access to information by publishing the following types of resources that can be virtualized on servers or desktops: q Applications installed on servers running XenApp. 634 . Streamed applications installed in application profiles and stored on a file server in your App Hub. and URLs. Important: Before you begin. If you have multiple applications silos.

Publishing Applications for Streaming Managing Application Properties Configuring Content Redirection Making Virtual IP Addresses Available Publishing in Domains with Thousands of Objects For directory services or domain environments.000 individual user accounts requires IMA to validate 1. Allow a dynamically-assigned IP address to each session so that configured applications running within that session appear to have a unique address. duplicate. Control whether users access information with applications published on servers or with applications running locally on client devices. such as Novell Domain Services for Windows or Microsoft Active Directory Service. When adding users through the Citrix User Selector. or desktops that can be virtualized on servers or desktops. content. Citrix recommends the following: q Use groups to categorize and assign permissions to large numbers of users. if the Users container holds thousands of objects.000 objects. The same application published to 1. containing over 10.000 users requires XenApp to validate only one object for all 1. disable. move. and export published application settings. An application published to one group of 1. add a list of names.Publishing Resources using the AppCenter In This Section Publishing Hosted Resources Provide access to users for applications.000 users. q 635 . Manage properties to rename. import. and configure those applications for offline access.000 objects. Profile and publish applications for streaming to desktops or servers. and delete published applications and change.

right-click the command prompt and select Run as Administrator. after enabling Remote Desktop Services. Open a command prompt so that you are running it with Administrator privileges. use these steps before installing the application: 1. install the applications using one of the following methods: q Install applications as the Built-in Administrator Select an “install for multiple users” option in the installation wizard for the application. Run the following command at a command prompt: change user /install 3. From the command prompt. 636 . if the Setup for the application provides this option Install the application for all users from a command line q q To install an application for all users. for example.To configure servers to publish for multiple users To ensure applications are enabled for multiple users. 2. run the Setup executable for the application.

Select the Applications node and from the Actions pane choose Create folder. The name appears on user devices when users access the application and on the AppCenter for the farm applications. 4. The next few steps in the wizard differ based on which type you select. 3. specify the type of resource you want to publish and the delivery method. Three types of resources can be published (server desktop. From the AppCenter. Use the options to allow access to configured user accounts only or to anonymous users. content. expand the farm or server to which you want to publish an application. On the Servers page. In the Publish Application wizard. add the individual servers or worker groups on which the published application runs when accessed by an ICA connection. and Korean. Tip: To add a server to the list of servers for a published desktop or application (after publishing the application). under the XenApp node. 9. drag and drop the server onto the published desktop or application in the left pane of the AppCenter. On the Type page. 6. On the Shortcut presentation page. 1. on the Name page. make sure that all the servers in the worker group are running the application you are publishing. This procedure describes the basic options. Chinese. You can also drag and drop the published desktop or application onto the server. 5. Name the folder for the application you are publishing. select the icon for the application and choose how the application is enumerated on the user device. 7.To publish a resource using the Publish Application wizard Open the Citrix AppCenter from any computer that can connect to the farm. The AppCenter has a limit of 1. 2. and application). the AppCenter displays a generic 637 . Note: If you add a worker group. For more details. XenApp supports application names that use Latin-1 and Unicode character sets. Select the folder you created and from the Actions pane choose Publish application. On the Location page. provide a display name (maximum 256 characters) and application description. add the command-line and working directory (optional) to locate the application.000 unique application icons. On the Users page. When that limit is exceeded. create the Configured users list for users or groups who have access to the application. Steps and options in the wizard vary depending on the application type you select. including characters used in Japanese. see To select a resource type and delivery method and To select a streaming delivery method. 8.

q When you finish. 11. the published application is available when you click Finish. To view and select advanced options. On the Publish immediately page.To publish a resource using the Publish Application wizard icon for all new applications. check Configure advanced application settings now. published resources (unless disabled) are available for users. Alternatively. q By default. modify the advanced settings using the application properties. 10. select Disable application initially. choose whether or not to make the published application immediately available to users. To prevent users from accessing the application until you manually enable it through application properties. 638 .

Web pages. Publishes the entire Windows desktop of a server in the farm. you must then enter the location of the executable file for the application and the XenApp server on which it will run. you must specify the server that you want to publish. or documents. this setting allows the use of an ICA connection to access the application installed on or streamed from a XenApp server. Click Browse to view available content resources on your network. Publishes an application installed on one or more servers in the farm. Choose this option as the application type unless you intend to stream your applications. otherwise accessed from a server (also called dual mode streaming). the user sees a desktop interface from which any application installed on that server can be started. 1. select Application properties and then select Type. To change the resource type. for user devices that do not support streamed applications (for example. Grants users access to a profiled application that streams from the file share to their user devices and launches locally from within an isolation environment. select Other Tasks > Change application type and follow the instructions in the wizard. With this option. Select one of the following resource types: q Server desktop. Streamed to client. you cannot publish local applications. To publish a desktop. you must specify the URL (Uniform Resource Locator) or UNC (Uniform Naming Convention) path to the file you want to publish. if the Offline Plug-in is not installed). When the plug-in connects to the server. After selecting this application type. Note that if you are running the AppCenter on a computer that is not a member of the farm. If you choose this option. Streamed if possible.To select a resource type and delivery method In the Publish Application wizard. If you are running the Citrix AppCenter on a computer that is not running XenApp. After selecting this application type. you cannot publish the local desktop. from the Action menu. Grants users access to applications that run on a XenApp server and use shared server resources. q Content. from the Action menu. You need to indicate one of the following application types: q q Accessed from a server. select the resource type that you want to deliver and the delivery method. Grants users access to a profiled application that streams from the file share to their user devices and launches locally from within an isolation environment. Application (selected by default). Alternatively. the application uses client resources q q 639 . To view the setting. Publishes nonexecutable information. you must be running XenApp. such as media.

Streamed to server. These are: q Installed application. If you selected Accessed from a server or Streamed if possible. Users must have the Offline Plug-in installed and access the application using Online Plug-in or a Web Interface site. Grants users access to stream a profiled application from the file share to a XenApp server and launch it from XenApp through an ICA connection. see the information for application streaming.To select a resource type and delivery method instead of server resources. they use a non-Windows client) or do not have the Offline Plug-in installed locally cannot launch the application. user devices that do not support client-side application virtualization (such as. Enables users to launch an application installed on a XenApp server. you also need to select the Server application type. Note: For more information about client-side application virtualization through streaming. 2. otherwise accessed from a server. q 640 . If selected.

When a Plug-in makes a connection request.exe” “%*” Important: Changing the command-line text removes all file type associations from the application. To run the application from a different directory. the server replaces the symbol “%*” in the command-line with application parameters provided by the Plug-in. Append the symbols “%*” (percent and star symbols enclosed in double quotation marks) to the end of the command-line to act as a placeholder for client-supplied application parameters. If the path to the application's executable includes directory names with spaces.To configure locations of published applications To access this option in the Citrix AppCenter. Include a space between the closing quotation mark and the double quotation marks around the percent and star symbols. continue to the Location page. Alternatively. q Working directory. If you change the command-line text. this path is the same as the path in the Command line field. select a published application and under Common Tasks. modify the Content Redirection application property page to select the file types you want to associate with the application for client to server content redirection. from the Publish Application wizard. to modify a location. specify the command-line and working directory (optional) for the application: q Command-line. enclose the command line for the application in double quotation marks. An example of the format to use with a path with spaces and a placeholder is: “C:\Program Files\Windows Media Player\mplayer1. When you publish an application. add an absolute path to this field. The full path of the application's executable file. select Modify application properties > Modify all properties > Basic > Location. By default. 641 .

doc) Directory on an FTP server (ftp://ftp.com/press/pressrelease.citrix.com/code) Document file on an FTP server (ftp://ftp. specify the location using address formats such as the following types (examples shown in parentheses): q HTML Web site address (http://www.citrix.asf) or (\\myServer\myShare\myFile.txt) UNC file path (file://myServer/myShare/myFile.To configure locations of published content When you publish content.citrix.citrix.asf) UNC directory path (file://myServer/myShare) or (\\myServer\myShare) q q q q q 642 .com) Document file on a Web server (https://www.com/code/Readme.

When using command-line validation. ensure you are logged on to the XenApp server as Administrator. To ensure client-supplied parameters are passed from client to server. To ensure client-supplied parameters are passed from client to server. By default. ensure trust relationships are established between these servers and the XenApp server. the application launches without passing the parameters. q 643 .To disable command-line validation XenApp provides command-line validation for content that is redirected from the client to the server only. To disable command-line validation for selected published applications. If the parameters are invalid. When adding servers to the Trusted Sites list. add all servers that store content. append the symbols “%**” (percent and two star symbols enclosed in double quotation marks) to the command-line parameter. q If your environment includes published applications that use customized client-supplied parameters for purposes other than content redirection from client to server. these applications might not function correctly when command-line validation is enabled. If your environment includes published applications that use customized client-supplied parameters for purposes other than content redirection from client to server. disable command-line validation for these published applications. When you use the symbols "%*". these applications might not function correctly when command-line validation is enabled. disable command-line validation for these published applications. XenApp ensures the parameters are valid before the application launches. such as Word documents or PDF files. XenApp validates published application command-line parameters passed from the client to the server. XenApp records all failed validation attempts in the server's system log and in the security event log. to the Trusted Sites list on the XenApp server. from the Location page of the application properties. You can disable command-line validation for selected published applications or all published applications on a server. If the content servers reside in separate domains.

To enable the pre-launch session: 1. Starting a user application in the session also terminates the pre-launch application. When you enable this feature for an application. the session is reconnected. For example. This timer does not disconnect a session if a user launches an application. select the server. the session remains alive if the user's applications are running or if you configured session lingering. 644 . the rapid succession of logon requests can overwhelm servers and slow down application launch for all users. you can change the pre-launch configuration by modifying the registry values. q Pre-launch Disconnect Timer Interval Amount of time before the pre-launch application disconnects the session (60 minutes by default). it takes up a license immediately. or at a scheduled time if the user is already logged on. the pre-launch session is not ever disconnected. When a user launches an application. the pre-launch session created for the application is also available for all other published applications on the listed servers. from the navigation pane. even if the user does not launch an application. Once disconnected.exe runs in the session. Note: Customizing the pre-launch feature using Administrative Templates is not supported. The pre-launch feature allows a pre-launch session to be created when a user logs on. the setting applies to all users and servers configured for the application. This pre-launch session reduces the launch time of the first application. if your environment includes a large number of users who launch the same application within a ten-minute time-frame. However. Once the pre-launch application exits. the session gives up the XenApp license. In the AppCenter. Considerations: q When a pre-launch session is created. q To customize the inactivity behavior for the pre-launch application. The default application ctxprelaunch. in addition. but is not visible to the user. configure the Citrix User policy for Session Limits: q Pre-launch Terminate Timer Interval Maximum amount of time before the pre-launch application exits (60 minutes by default). If the interval is not configured. located at: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Prelaunch and HKEY_CURRENT_USER\Software\Citrix\ICA Client\Prelaunch.To pre-launch applications to user devices Use the pre-launch feature to reduce application launch time at high-traffic periods.

This task creates a copy of the application with all its properties.To pre-launch applications to user devices 2. Refer to the table below for the application properties that you can modify. 4. Modifications are applicable for a pre-launch application. display name. From the Applications list. 3. Properties and tasks for pre-launch applications The following table lists the properties and tasks that are inherited or configured for pre-launch applications. select an application. description. and PreLaunch precedes the application name. select Other Tasks > Create pre-launch application. Note: Select an application that is published for the groups of users and servers that are eligible for the pre-launch session. and servers. Not applicable for a pre-launch application. Modifications are used. From the Actions pane. users. Inherited from the original application. 645 . This "application" is not enumerated to users. and icon are visible only in the AppCenter and do not apply to the pre-launch application. The application name.

To pre-launch applications to user devices Properties: q Properties: q Enable/disable application Servers Users Location Access conditions Access gateway filters Hide disabled application: The application is always hidd q q Application type: The type is always an installed applicat q q q Working directory: The directory is always set to Systems folder in XenApp installation location. q q Client application folder: The pre-launch application is n on the user device. If you configu more than one pre-launch application of the server and u combination. q Application importance: The pre-launch application is alw first application launched. Maximum instances: Always one instance per user. q Allow only one instance of application for each user: Alw one instance of the pre-launch application. q Hide application title bar: The pre-launch application is n visible on the user device. q Session window size: The pre-launch application is not vi the user device. Add to client's start menu: The pre-launch application is visible on the user device. You can change th editing the pre-launch application properties. Tasks: q   Disable/enable application Duplication application Move to folder Delete application Refresh user data Attach application to a load evaluator q q q q q 646 . q q Session window color depth q File types: The pre-launch application does not have any associated file types. additional instances are not launched. q Maximize application at startup: The pre-launch applicat not visible on the user device. q q q Client audio requirement Connection encryption requirement Encryption level q q q Add shortcut to client's desktop: The pre-launch applicat not visible on the user device.

publish the application as Streamed to client. Install the latest version of online plug-in locally. which run in an isolation environment on their desktops and use local resources to run the applications. Configure the application streaming delivery method as you publish the application. Before publishing an application that is streamed to server. Choose delivery options based on the users who will access the applications and their environments. For users to stream applications through a Web site using an Internet Explorer or Firefox browser. otherwise accessed from a server) q 647 . users can launch the streamed applications. where it runs in the background to enable application streaming. Streaming Applications to a XenApp Server To simplify application delivery to servers in a server farm. q q After all of these tasks are complete. add the site to the Trusted sites list in Internet Explorer on the user devices. Streaming Applications to User Devices If you deliver streamed applications directly to user desktops. To stream to client devices across a network protected by a firewall.Publishing Applications for Streaming After you create profiles for applications using the Streaming Profiler. and it must be accessible by your users so they can launch the application. complete the following tasks: q Install the Offline Plug-in locally. This delivery method offers the full set of application streaming options including desktop integration and offline access. Before publishing an application to be streamed to client desktops. The Publish Application wizard in the Citrix AppCenter guides you through the process of selecting the streaming options. The profiled applications must be stored on a file share or Web server that is accessible from your XenApp server so you can publish the application. configure firewall policies to allow those applications access. ensure your Web Interface sites and Citrix XenApp sites are configured to run one of the following application types: q Remote applications only. stream applications to a XenApp server and virtualize the applications through an ICA connection to user devices. or Dual mode streaming (streamed if possible. you make them available for streaming to users by publishing the applications.

see Technologies > Web Interface. After you ensure all of these tasks are complete. publish the application as Streamed to a server. 648 .Publishing Applications for Streaming For information about managing application types on Web Interface sites.

select the option for "Legacy Offline Plug-in support" while profiling.5 release provides the following enhancements for application streaming: q Increased support for streamed apps in pooled XenDesktop environments. This feature copies the profile contents into the VHD and mounts it in the RadeCache location at application launch. For faster application launch time on user devices. The registry key for creating the AppHubWhiteList is now consistent with other Citrix registry keys on 32-bit and 64-bit operating systems. The Streaming Profiler in this release uses SHA-256 to create file hashes. Compliance with new FIPS guidelines. q q q q q 649 . General performance improvements reduce launch time for streamed applications.0. Enhancements for creating AppHubWhiteList. the 6. including Microsoft Outlook. Launch time improvements.New Features in This Release In addition to improved application compatibility on Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1. Ability to deliver AppHubWhiteList using Citrix Receiver Updater. To include SHA-1 hashes required by Offline Plug-ins 6. select the option to "Create a virtual hard disk" (VHD) while profiling. The reports of user sessions now include application names instead of just profile names. Ensure that unsigned profiles and services stream only from approved locations AppCenter session reports include the names of streamed applications.

and 64-bit editions.5 of the Citrix Offline Plug-in and Streaming Profiler are supported on the following Citrix products: Note: The list is accurate at the time of this release. Enterprise. Citrix Online Plug-in: Citrix recommends 13. 5. with Service Pack 1 Windows Vista (Home. and 6.and 64-bit editions Windows Server 2003 R2 Windows Server 2008 R2 Windows Server 2008 R2. For more information about supported versions. Ultimate) q q q q q q q Version 6. with Service Pack 2 Windows Server 2008. with Service Pack 3 Windows XP Home and Professional editions.5.x are also supported. Professional. 32-bit and 64-bit (Enterprise.0.0. and 3. 64-bit edition. Citrix XenServer: all supported versions. 32. 80386 processor or greater as required for the operating system. Citrix XenDesktop 4. but past versions 11. Administrator rights for the person installing. 32.5 of the Citrix Offline Plug-in and Streaming Profiler are supported on the following Microsoft operating systems: q Windows XP Home and Professional editions. 2. with Service Pack 1 or Service Pack 2 Windows 7. q Citrix XenApp 5. Business. q q q q The profiler workstation and user devices must meet the following requirements: q Microsoft XML 2.0 installed (use Windows Update to ensure you installed all recent Internet Explorer updates). see: http://www.com/support/product-lifecycle/product-matrix. and Ultimate editions).x.5. 6.citrix. which is installed with Citrix Receiver 3. q q 650 . Standard PC architecture. 32-bit edition. and 5.x.2 and 12. Citrix Receiver (Updater) for Windows 1.System Requirements for Application Streaming Version 6.0.

To ensure availability of the features and functionality of XenApp for Windows Server 2008 R2 to your users.5 optional). 7. You can install Citrix Receiver. Use a computer that is freshly reimaged so that there are no hidden files or registry settings for applications that you intend to profile.5 is optional). 8. q To stream applications to a server. see http://support. A supported browser: Microsoft Internet Explorer 6. install . If users launch applications from a Web Interface site.0. To stream applications to user desktops. install the Offline Plug-in and the most recent version of Citrix Receiver (Enterprise). Manually uninstall any previous version of the Streaming Client and Program Neighborhood Agent on user devices. Disable the User Account Control (UAC).0. In addition: q q q q q Citrix recommends using Citrix Receiver Updater on user devices to install (and uninstall) Citrix plug-ins. install both the Offline Plug-in and Citrix Receiver (Enterprise) on user devices. For information.NET Framework 2.0 or 3. The user devices must meet the following requirements: q A network connection to the server farm. use the following guidelines for the profiling workstation: q Choose a workstation that is a similar platform to your users' devices. To stream Microsoft Office 2007 or 2010 programs or to stream profiles enabled for inter-isolation communication. Install only the standard programs that are part of the company image.0 (3. install . or 9. The Offline Plug-in is not required.0 (3. install Citrix Receiver (Enterprise) on user devices. q q q q q Install the profiler in a path with single-byte characters only.com/kb/931534. To stream applications to user devices. To stream Microsoft Office 2007 or 2010 programs or to stream profiles enabled for inter-isolation communication. such as a network interface card (NIC). The profiler workstation must provide a run-time environment that is as close to your users' environment as possible. install the Windows Data Execution Prevention (DEP) hotfix on the server and profiling workstation.microsoft. Microsoft redistributable packages q 651 . install Citrix Receiver (the Enterprise version is not needed) and add the site to the list of trusted sites. Double-byte characters in the installation path are not supported.0.0.0 or 3. Do not install the Offline Plug-in on the profiler workstation. which includes the Online Plug-in.System Requirements for Application Streaming q To profile and stream Microsoft Office applications to Windows Server 2003 operating systems. such as an antivirus program.NET Framework 2.

see http://support. Citrix recommends installing the most current versions of the Streaming Profiler.2 through 12. Update the profiler workstation and user devices with the latest Microsoft hotfixes. q q If upgrading is not possible.50727. install hotfix KB973573.citrix. Streaming Microsoft Office 2010.0 (with this release) or past versions 11. For best practices for streaming Office 2007 applications.56336 Microsoft Visual C++ 2005 Redistributable Package 8.5 Offline Plug-in 6. Streaming Microsoft Office 2007. download the hotfix from http://support. q Profiles created in the Streaming Profiler 6.0.com/article/CTX118396 in the Citrix Knowledge Center.microsoft.0. this release provides backward compatibility for streaming profiles created with profiler 5.0. To continue using existing profiles with the plug-ins in this release. On Windows XP 32-bit platforms.exe installers include the following redistributables: q Microsoft Visual C++ 2005 Redistributable Package 8. For more information. which is included in Citrix Receiver 3.citrix. For best practices for streaming Office 2010 applications.0.42 Microsoft Visual C++ 2008 Redistributable Package 9.30729.com/kb/2359223/en-US (requires a computer restart). see http://support.30729 Microsoft Visual C++ 2008 Redistributable Package 9. Citrix Plug-ins. To take advantage of the latest updates in application streaming.5 are supported with: q Offline Plug-in 6. including: q On Streaming Profiler workstations with Windows 7 (32-bit and 64-bit) only.0.21022 Microsoft Visual C++ 2008 Redistributable Package 9.2 through 6.com/article/CTX124565 in the Citrix Knowledge Center. also install the latest profiler and update them (simply open them in the new profiler and re-save them).0.4148 q q q q Backward compatibility.x.0 (you must select the profiling option to support legacy Offline Plug-ins) Note: The Virtual Hard Disk feature is not supported for version 6. q q Online Plug-in. and Citrix Receiver. q q 652 .com/article/CTX124563 in the Citrix Knowledge Center. On all Windows XP or Windows 2003 platforms. see http://support.exe and CitrixStreamingProfiler. install hotfix KB978835.0.System Requirements for Application Streaming The CitrixOfflinePlugin.citrix.

Before an application runs. With dual mode streaming. regardless of whether the user streams to the local client or virtualizes the streamed application from a server. Administrators can install and configure an application centrally and deliver it to any desktop on demand. Updates are as simple as updating an application on a desktop using the update program supplied by the manufacturer. Application streaming augments application delivery not only to user desktops. Note that application caching is strictly for performance reasons. such as INI files and registry keys. Once there. there is no requirement to have the application cached for the application to run. The update is performed once on the profiler workstation and delivered to client devices in a manner similar to that used in the initial delivery. Application caching Application files can be cached on the client device to allow faster access the next time the application is launched. Wide range of target environments Nearly any modern Windows platform can host a streamed application. on-demand. supported operating systems include Windows XP Professional. Application streaming offers the following features: Install once. and deliver it to any desktop or server on demand. publish the application using the XenApp publishing wizard. Windows Vista. deliver anywhere Provides the ability to install an application once on a profiler workstation and have it replicated to file servers within the existing enterprise infrastructure. cached files are updated automatically if there is a newer version on the file server. as a result of end-user activity. but also to servers in your server farms. Windows Server 2003 and 2008. target environments are 653 . the applications are delivered to client devices that request access to the application. To upgrade or patch an application. and Windows 7. The specific data files of the application. are all isolated and maintained centrally for the streamed application. Use the application streaming feature to install and configure an application on one file server in your App Hub. you make the updates only in the location where you stored the application. The isolation environment is specific for the application and user session. Application isolation All streamed applications run within isolation environments that keep the applications from interfering with others running on the same client device.Application Streaming Overview Application streaming simplifies application delivery to users by virtualizing applications on client devices. Specifically. Seamless updates No need to profile applications again.

Citrix plug-ins. Easy delivery of applications to farm servers When publishing applications in a server farm. choose to virtualize applications from XenApp. applications are available to the user while disconnected from the network. Easy disaster recovery On-demand application delivery is a powerful concept for disaster recovery situations because the application and data are not lost if the profiles can be easily backed up. Update the application in the central location. 654 . Instead of installing applications on your farm servers. virtualize from a XenApp server. The user does not have to know where and how the application is executing. XenApp seamlessly streams the application to the server and virtualizes the application on the client device from XenApp.Application Streaming Overview increased to include all supported XenApp client desktops. If launching a streamed application fails on the client device. Offline access Once configured and delivered. you stream them to XenApp from a central file share in your App Hub. which can simplify application delivery. and servers and desktops can be replaced easily. otherwise. and you update the application on all the farm servers. or on the desktop. Dual mode streaming Configure XenApp to stream software to client devices. Consistent end-user experience Applications that can be accessed through the server appear next to other applications that the user is accustomed to either within the Web Interface.

and Offline Plug-in. Before you install the components for application streaming. as shown in the diagram. refer to the system requirements for application streaming. Citrix Licensing. include the XenApp server. Each of these functional areas consists of software running on one or more workstations or servers. file servers. Streaming Profiler workstation. Citrix Receiver. 655 . Web Interface. The components that support virtualization on the user device.Components for Application Streaming The components related to a server farm that make applications available for streaming can be separated into four categories.

Licensing. 2. see Application Streaming Licensing Explained (CTX112636). see the licensing section in the Technologies node of Citrix eDocs. To install Citrix Licensing. Consists of the following components: q Farm servers. q 656 . Consists of the license server and License Management Console. For more information about licensing application streaming and offline access. Use the License Management Console to manage licensing. IMA database. Administration (server farm).Components for Application Streaming 1.

and registry settings that can be streamed to user devices and servers. The profiler can also update applications in the profile and provide other resources that your users need. The Offline Plug-in support streaming applications to the user's desktop. which includes the Online Plug-in. install both the Offline Plug-in and Citrix Receiver (Enterprise). The Streaming Profiler is an independent application that enables you to profile Windows applications. The AppCenter. 4. To stream to a Web Interface site. To support streaming applications to the server. and then streams the application from the profile location to the safety of the isolation environment set up on the user device." When users run an application. 657 . These applications must be published as "stream to server. Web applications.Components for Application Streaming q The Web Interface. you must the site to the list of trusted sites. folders. q 3. on user devices. Creates and maintains streaming application profiles. it streams to the server and launches using an ICA connection on the user device. install the Citrix Receiver on user devices. This strategy creates a single profile that can accommodate a variety of user platforms. When a user runs a published application enumerated by Citrix Receiver or through a Web Interface site. the Offline Plug-in finds the correct target in the profile in the App Hub. browser plug-ins. files. Use the profiler to create one or more targets within an application profile that can match all the platforms of your users. to configure and manage the server delivery and publish applications for streaming. Citrix Streaming Profiler. Citrix Plug-ins. To provide offline access to applications and dual-mode streaming. sets up the isolation environment on the user device.

This method does not support offline access to applications. where the Offline Plug-in is installed by default. Install CitrixReceiver. Install both the CitrixReceiverEnterprise.exe and CitrixOfflinePlugin. you make available the full set of application streaming features. otherwise accessed from a server" and "Streamed to server. the entire application is fully cached on the user device. the Offline Plug-in is not required on the user device. The profile is streamed from the App Hub to the XenApp server. Citrix recommends using the Citrix Receiver Updater to deliver the packages that you want to install on user devices: Streamed to client desktops." users access the applications using the Receiver. You can publish applications as "streamed to client" or any other method for streaming." if streaming to the client desktop fails. or launch them from a Web browser using a Web Interface site you create. The application displays on the user devices using the Receiver.exe to stream applications to XenApp servers and launch them with the Receiver. q Important: For users to stream applications through a Web site using an Internet Explorer or Firefox browser. Users can disconnect from the network and continue using the application for the time specified in the offline license. When you publish applications as "Accessed from a server" and "Streamed to server. applications automatically stream to a XenApp server and launch using the Citrix Receiver (Enterprise).exe on user devices. With this method. some of the application files are cached locally and the application runs using the resources of the user device. When you select "Streamed if possible. which provides transparent integration on desktops. Provide dual-mode streaming.exe to stream applications to XenApp servers and launch them from a Web browser using a Web Interface site you create. When you stream applications directly to client desktops. Configure the application and users for offline access. q q Accessed from a server. Select the package that fits your corporate needs: q Install CitrixReceiverEnterprise. This combination enables you to: q Enumerate published applications in the desktop Start menu and create shortcuts on the desktop. add the site to the trusted sites list in Internet Explorer on the user 658 . When this configuration is completed.Deciding Which Plug-ins to Use for Application Streaming The delivery method for streaming that you select for published applications determines the Plug-ins users must install on their user devices.

659 .Deciding Which Plug-ins to Use for Application Streaming devices.

Providing Single Sign-on for Streamed Applications Citrix extends the Single Sign-on feature for streamed applications. however. the Single Sign-on feature must install a file called BHO. When Single Sign-on is installed locally. and Internet Explorer runs using the updates. and manages logons as expected. even when launched in isolation environments. which is deselected by default. To allow this. installers can run inside isolation. Local add-ons might not install correctly if you change the isolation rule for the Internet Explorer profile to Strictly Isolate.dll. The next time the user device connects to the profiled Internet Explorer on a server or file share. the application can download vendor-supplied updates over the Internet. Also with this setting. the streamed application does not overwrite the updates. select the option to Enable User Updates (formerly called Relaxed security). when creating your application profile for Internet Explorer plug-ins. These updates are stored within the user profile and are unique to that user. Local add-ons are compatible with Internet Explorer if you profile it with the default isolation rule of Isolate. 660 . For Microsoft Internet Explorer. it recognizes streamed applications. where they are able to install new add-ons or software updates to Internet Explorer. By enabling user updates for Internet Explorer.

A profile can contain a single application or suite of applications.Creating Application Profiles A profile is an application packaged for streaming using the Citrix Streaming Profiler. you might find it necessary to profile certain applications together to ensure functionality among applications or to apply a range of compatibility settings to ensure profiled applications launch and run successfully. you can profile Microsoft Word by itself or profile the entire Microsoft Office suite in a single profile. Individual targets within a profile represent one or more defined user environments. called the profiler workstation. you must install the Streaming Profiler on a clean.com/article/CTX118623 Additionally. The initial target matches the environment of the profiling workstation. To create profiles. In addition. might be capable of running only on a particular target operating system and language. For example. q q q 661 . you have the option to profile prerequisites. such as Java Runtime Environment. however. even though they are running in isolation environments. you can create multiple targets to match specific user environments. The profiling wizard records the installation of applications and the metadata needed to stream the profiled applications. In some cases. After you create a profile and save it to a file share in your App Hub. However.com/article/CTX110304 Application Streaming Delivery and Profiling Best Practices for XenApp at http://support.com/article/CTX118181 Enhancing Security in Application Streaming for Desktops at http://support. such as custom applications. When a user launches an application published to stream to the user device. Depending on the environment of your users. configure users and publish the application in the profile for streaming using the publishing wizard in the Citrix AppCenter. For example.citrix. refer to these documents on the Citrix Knowledge Center: q App