Академический Документы
Профессиональный Документы
Культура Документы
2011 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Contents
XenDesktop 5 XenDesktop 5.0 XenDesktop 5.6 XenDesktop 5.6 About Citrix XenDesktop 5.6 About Personal vDisks System Requirements Requirements for Controllers Database Requirements Separate Component Requirements Active Directory Requirements Virtual Desktop Agent Requirements Host Requirements Client Requirements Install and Set Up To configure a XenDesktop site Interoperability of XenDesktop Components Manage Monitor Troubleshoot Reference XenDesktop 5.5 XenDesktop 5.5 What's New Known Issues Install and Set Up Using the New HDX Features and Enhancements Configuring HDX MediaStream Flash Redirection
9 10 11 12 15 18 19 20 22 23 25 26 27 29 30 36 39 41 46 48 49 50 51 53 55 60 66 67
Configuring HDX MediaStream Flash Redirection on the Server Configuring HDX MediaStream Flash Redirection on the User Device Configuring Audio Avoiding Echo During Multimedia Conferences With HDX RealTime Video Conferencing with HDX RealTime Webcam Video Compression Redirecting Aero Functionality Improving Responsiveness in Low Bandwidth Conditions by Compressing Colors Assigning Priorities to Network Traffic Providing Smooth-running Videos and Slide Shows Configuring Read-Only Access to Mapped Client Drives HDX 3D Pro System Requirements Plan Install and Set Up Configuring Monitors for HDX 3D Pro Manage HDX 3D Pro User Experience New and Updated Policy Settings New Flash Redirection Policy Settings New Audio Policy Settings New Bandwidth Policy Settings New Desktop UI Policy Settings New File Redirection Policy Settings New and Updated Graphics Policy Settings New Caching Policy Settings New Multi-Stream Policy Settings New TWAIN Devices Policy Settings New Visual Display Policy Settings New Moving Images Policy Settings New HDX3DPro Policy Settings XenDesktop 5 Service Pack 1 XenDesktop 5 Service Pack 1 Installing and Upgrading to XenDesktop 5 Service Pack 1 Managing Licensing Using IntelliCache with XenDesktop
69 74 79 83 84 86 88 90 92 94 95 97 99 101 104 105 108 110 113 115 116 118 119 120 121 122 124 125 126 127 128 130 133 136 138
About This Release Key Features XenDesktop Components What's New XenDesktop Features and Editions Features in XenDesktop VDI Edition Features in XenDesktop Enterprise Edition Features in XenDesktop Platinum Edition Information for Customers of Previous Versions Known Issues System Requirements Requirements for Controllers Database Requirements Separate Component Requirements Active Directory Requirements Virtual Desktop Agent Requirements Host Requirements Requirements for Machine Creation Services Plan High Availability Planning Active Directory Considerations Web Interface Considerations Delegated Administration Security Planning for XenDesktop User Access and Experience High Availability of the Virtual Desktop Agent Quick Deploy Evaluate Installing and Configuring the Evaluation Deployment XenDesktop User Experience Install and Set Up XenDesktop Installation Media and Downloads Installing and Removing XenDesktop Server Components Installing and Removing the Virtual Desktop Agent To configure firewalls manually To use Windows XP virtual desktops with Single Sign-on Installing and Removing Wyse Xenith
139 140 143 145 147 150 152 153 154 158 163 164 166 167 170 171 172 173 175 179 182 185 186 188 191 194 196 198 201 208 212 213 215 217 219 220 221
To configure a XenDesktop site To replace the default XenServer SSL certificate Upgrade and Migrate Upgrading XenDesktop Components Data Import and Export Details Exporting Data from a XenDesktop 4 Farm Editing the Migration Tool XML File Importing Data into a XenDesktop 5 Site Post-Migration Tasks Migrating from XenDesktop 4 to XenDesktop 5: an Example Manage Creating and Provisioning Desktops Creating Machine Catalogs Choosing the Machine Type Preparing a Master VM Providing Active Directory Computer Accounts To create a new machine catalog Managing Machine Catalogs Updating User Desktops Adding More Machines to a Catalog To manage Active Directory computer accounts To delete a machine catalog Allocating and Managing Desktops About Desktop Groups Examples of Desktop Groups To create a desktop group To find desktops, sessions, and desktop groups To import and export user data To secure desktop groups To change the display properties of desktops To power manage machines To restrict access to machines To reallocate desktops To shut down and restart desktops To remove desktops from desktop groups To delete desktops from catalogs To enable or disable maintenance mode
222 224 226 228 230 238 240 244 247 248 254 255 256 257 261 263 264 269 270 273 276 277 278 279 281 282 283 284 286 287 288 290 292 293 294 295 296
To manage desktop sessions Managing Your Controller Environment About Controller Discovery To add a controller To remove a controller To move a controller to another site To configure SSL on XenDesktop controllers Configuring Hosts To create a host Editing a Host To edit a connection To put a connection into maintenance mode Managing Machines To delete a host To delete a connection Using Smart Cards with XenDesktop Smart Card Types and Readers Supported User Device Requirements for Smart Cards Secure Use of Smart Cards Configuring Smart Card Authentication Managing Smart Card Use Removing Smart Cards Working with XenDesktop Policies Navigating Citrix Policies and Settings Creating Policies Configuring Policy Settings Applying XenDesktop Policies To apply a policy Using Multiple Policies Prioritizing Policies and Creating Exceptions Determining Which Policies Apply to a Connection To simulate connection scenarios with Citrix policies Troubleshooting Policies With No Configured Settings Applying Policies to Access Gateway Connections Monitor Customize Delegating Administration Tasks
297 298 299 301 302 303 305 306 307 309 310 311 312 314 315 316 317 318 319 320 321 322 323 325 327 328 330 333 334 335 336 338 339 340 342 344 345
Printing with XenDesktop Configuring USB Support Support for USB Mass Storage Devices Optimizing the User Experience Enhancing the User Experience With HDX Configuring HDX MediaStream Flash Redirection Configuring HDX MediaStream Flash Redirection on the Server Configuring HDX MediaStream Flash Redirection on the User Device Configuring Audio Avoiding Echo During Multimedia Conferences With HDX RealTime HDX RealTime Webcam Video Compression for Video Conferencing Improving Responsiveness in Low Bandwidth Conditions by Compressing Colors Configuring Time Zone Settings Configuring Connection Timers Workspace Control in XenDesktop Removing the Shut Down Command Integrate Using Microsoft System Center Virtual Machine Manager 2008 with XenDesktop Using VMware with XenDesktop Using XenApp with XenDesktop Application Streaming Compared to Hosting Before Installing XenApp in a XenDesktop Environment Optimizing Application Delivery Installing the Online and Offline Plug-ins Setting up Pass-through Authentication Mapping Network Drives Using a Policy USB Drive Mapping Limitations Reference About the XenDesktop SDK XenDesktopServerSetup.exe XenDesktopVdaSetup.exe Policy Settings Reference Policy Settings: Quick Reference Table ICA Policy Settings
347 348 351 352 353 354 355 358 361 363 364 366 368 369 370 371 372 373 376 380 381 383 384 385 386 387 388 389 390 394 395 398 399 404
Audio Policy Settings Auto Client Reconnect Policy Settings Bandwidth Policy Settings Desktop UI Policy Settings End User Monitoring Policy Settings File Redirection Policy Settings Graphics Policy Settings Image Compression Policy Settings Keep Alive Policy Settings Multimedia Policy Settings HDX MediaStream for Flash (client side) Policy Settings HDX Multimedia for Flash (server side) Policy Settings Ports Policy Settings Printing Policy Settings Client Printers Policy Settings Drivers Policy Settings Universal Printing Policy Settings Session Limits Policy Settings Session Reliability Policy Settings USB Devices Policy Settings Server Session Settings Virtual Desktop Agent Settings CPU Usage Monitoring Settings ICA Latency Monitoring Settings Profile Load Time Monitoring Settings
405 407 408 411 412 413 417 419 422 423 425 427 428 430 432 435 436 440 442 444 446 447 448 449 450
XenDesktop 5
This section of the library provides up-to-date product information about installing, configuring, and administering a XenDesktop 5 deployment: About This Release XenDesktop 5 System Requirements Planning a XenDesktop Deployment Evaluating XenDesktop 5 Documentation is also available for:
q
Licensing Your Product XenDesktop Scalability Guidelines Known Issues in XenDesktop 5 Issues Fixed in XenDesktop 5
XenDesktop 5.6
In This Section
Full details about the new features and enhancements, and how to use them, are provided in this section. For all other XenDesktop features, continue to use the documentation provided for XenDesktop 5 or XenDesktop 5.5. Learn about the following important topics. About Citrix XenDesktop 5.6 Known Issues XenDesktop 5.6 System Requirements Installing and Upgrading to XenDesktop 5.6 Managing XenDesktop 5.6 To monitor personal vDisks
10
XenDesktop 5.6
In This Section
Full details about the new features and enhancements, and how to use them, are provided in this section. For all other XenDesktop features, continue to use the documentation provided for XenDesktop 5 or XenDesktop 5.5. Learn about the following important topics. About Citrix XenDesktop 5.6 Known Issues XenDesktop 5.6 System Requirements Installing and Upgrading to XenDesktop 5.6 Managing XenDesktop 5.6 To monitor personal vDisks
11
Personal vDisk - This feature is a personalization solution for virtual desktops. Two new types of catalog allow you to preserve the assignment of users to desktops even when the disk is cleaned at restart; the same user is assigned the same desktop for later sessions. The new catalogs are pooled with personal vDisk (for pooled-static virtual desktops) that you manage with Desktop Studio and streamed with personal vDisk that you manage with Provisioning Services. In addition, a dedicated storage disk is created, before logon, so users can store their data on the desktop, including any applications they install. For background information on this feature, see About Personal vDisks. New commands have also been added to the XenDesktop Software Development Kit (SDK) to support this feature.
System Center support - XenDesktop now supports Microsoft System Center 2012 Configuration Manager and Microsoft System Center 2012 Virtual Machine Manager. Virtual Desktop Agent - Version 5.5.100 of the Virtual Desktop Agent is included in this release and fixes issues in the version included in XenDesktop 5.5. Citrix Licensing - Citrix Licensing 11.10 lets you assign access to the License Administration Console using Active Directory Users and Groups. Desktop Director - Desktop Director 2.1 supports personal vDisks and contains fixes since the last release. For more information, see the Desktop Director documentation. Fixed issues - For information on the issues that have been fixed in this release, see CTX124164.
Known Issues
The following known issues have been observed in this version of XenDesktop:
q
If Microsoft Visual Studio is installed by an administrator on a master image, it may fail to start on virtual desktops that are created from the image. Reinstalling this application, updating the image, and restarting the desktops corrects this issue. [#0270259] Desktop-background images (wallpapers) are lost when users switch between a desktop with a personal vDisk and a desktop without one. This issue occurs with Windows
12
XenDesktop 5.6 roaming profiles when users select images for the background. The issue does not occur with background colors. The workaround is to use profile management solutions, such as Citrix Profile management. [#0272970]
q
In some deployments involving Windows 7 virtual desktops with personal vDisks, users may notice that network drives are incorrectly displayed as offline, instead of unavailable, in Windows Explorer. These are deployments in which the Enable Offline Files policy is changed to Disable Offline Files in Microsoft Group Policy. To work around this issue, ensure that Disable Offline Files policy is applied on the master image before using it to create virtual desktops. [#0277774]
Desktop-background images (wallpapers) are lost when users switch between a desktop with a personal vDisk and a desktop without one. This issue occurs with Windows roaming profiles when users select images for the background. The issue does not occur with background colors. The workaround is to modify as follows the Registry on the desktop containing the personal vDisk, and to use a profile management solution, such as Citrix Profile management, to handle profiles stored on the desktop. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. In HKLM\Software\Citrix\personal vDisk\Config, change the value of the EnableUserProfileRedirection key from 1 to 0 [#0272970]
q
Do not use Desktop Studio to administer a mixed-controller site. Desktop Studio displays misleading information in a mixed site and cannot be used to create and manage objects in it. For example, if you have two controllers but only upgrade one to XenDesktop 5.6, the Pooled with Personal vDisk catalog type appears in Desktop Studio but you cannot create virtual desktops with it. The workaround for this issue is to upgrade fully all controllers in the site before using Desktop Studio to manage it (and only to follow supported upgrade paths). [#0276786] Citrix recommends planning your hypervisor hardware requirements so the reduction in CPU performance when personal vDisks are used does not detract from the user experience. The reduction is also affected, especially in large-scale deployments, by your choice of operating system (OS). For example, in some environments Windows 7 machines with personal vDisks significantly outperform the equivalent Windows XP machines, allowing more Windows 7 machines to be hosted on each hypervisor. Choosing that OS rather than Windows XP therefore means you purchase and maintain less hardware. Citrix continues to investigate differences in operating system performance and continues to optimize XenDesktop scalability. [#0284660, #0284706] You may fail to create viable machines if a node in a Hyper-V cluster is paused or offline. In some scenarios, the Failover Cluster Manager Console shows that resources are allocated for machines but Microsoft System Center Virtual Machine Manager and XenDesktop cannot recognize them. To work around this issue, manually remove these resources using the Failover Cluster Manager Console and ensure all nodes are healthy (not paused or offline) before creating the machines again. [#285696] The error "Citrix Personal vDisk failed to start" may be displayed on a desktop with a personal vDisk. If the error includes "Status code: 7" and "Error code: 0x2000000b", this indicates that a master image has been distributed but the Virtual Hard Disk (VHD, part of the personal vDisk) is full. To work around this issue, on the image increase the
13
XenDesktop 5.6 percentage value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\personal vDisk\Config\PercentOfPvDForApps, and redistribute the image. [#287292]
14
Personal vDisk - This feature is a personalization solution for virtual desktops. Two new types of catalog allow you to preserve the assignment of users to desktops even when the disk is cleaned at restart; the same user is assigned the same desktop for later sessions. The new catalogs are pooled with personal vDisk (for pooled-static virtual desktops) that you manage with Desktop Studio and streamed with personal vDisk that you manage with Provisioning Services. In addition, a dedicated storage disk is created, before logon, so users can store their data on the desktop, including any applications they install. For background information on this feature, see About Personal vDisks. New commands have also been added to the XenDesktop Software Development Kit (SDK) to support this feature.
System Center support - XenDesktop now supports Microsoft System Center 2012 Configuration Manager and Microsoft System Center 2012 Virtual Machine Manager. Virtual Desktop Agent - Version 5.5.100 of the Virtual Desktop Agent is included in this release and fixes issues in the version included in XenDesktop 5.5. Citrix Licensing - Citrix Licensing 11.10 lets you assign access to the License Administration Console using Active Directory Users and Groups. Desktop Director - Desktop Director 2.1 supports personal vDisks and contains fixes since the last release. For more information, see the Desktop Director documentation. Fixed issues - For information on the issues that have been fixed in this release, see CTX124164.
Known Issues
The following known issues have been observed in this version of XenDesktop:
q
If Microsoft Visual Studio is installed by an administrator on a master image, it may fail to start on virtual desktops that are created from the image. Reinstalling this application, updating the image, and restarting the desktops corrects this issue. [#0270259] Desktop-background images (wallpapers) are lost when users switch between a desktop with a personal vDisk and a desktop without one. This issue occurs with Windows
15
About Citrix XenDesktop 5.6 roaming profiles when users select images for the background. The issue does not occur with background colors. The workaround is to use profile management solutions, such as Citrix Profile management. [#0272970]
q
In some deployments involving Windows 7 virtual desktops with personal vDisks, users may notice that network drives are incorrectly displayed as offline, instead of unavailable, in Windows Explorer. These are deployments in which the Enable Offline Files policy is changed to Disable Offline Files in Microsoft Group Policy. To work around this issue, ensure that Disable Offline Files policy is applied on the master image before using it to create virtual desktops. [#0277774]
Desktop-background images (wallpapers) are lost when users switch between a desktop with a personal vDisk and a desktop without one. This issue occurs with Windows roaming profiles when users select images for the background. The issue does not occur with background colors. The workaround is to modify as follows the Registry on the desktop containing the personal vDisk, and to use a profile management solution, such as Citrix Profile management, to handle profiles stored on the desktop. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. In HKLM\Software\Citrix\personal vDisk\Config, change the value of the EnableUserProfileRedirection key from 1 to 0 [#0272970]
q
Do not use Desktop Studio to administer a mixed-controller site. Desktop Studio displays misleading information in a mixed site and cannot be used to create and manage objects in it. For example, if you have two controllers but only upgrade one to XenDesktop 5.6, the Pooled with Personal vDisk catalog type appears in Desktop Studio but you cannot create virtual desktops with it. The workaround for this issue is to upgrade fully all controllers in the site before using Desktop Studio to manage it (and only to follow supported upgrade paths). [#0276786] Citrix recommends planning your hypervisor hardware requirements so the reduction in CPU performance when personal vDisks are used does not detract from the user experience. The reduction is also affected, especially in large-scale deployments, by your choice of operating system (OS). For example, in some environments Windows 7 machines with personal vDisks significantly outperform the equivalent Windows XP machines, allowing more Windows 7 machines to be hosted on each hypervisor. Choosing that OS rather than Windows XP therefore means you purchase and maintain less hardware. Citrix continues to investigate differences in operating system performance and continues to optimize XenDesktop scalability. [#0284660, #0284706] You may fail to create viable machines if a node in a Hyper-V cluster is paused or offline. In some scenarios, the Failover Cluster Manager Console shows that resources are allocated for machines but Microsoft System Center Virtual Machine Manager and XenDesktop cannot recognize them. To work around this issue, manually remove these resources using the Failover Cluster Manager Console and ensure all nodes are healthy (not paused or offline) before creating the machines again. [#285696] The error "Citrix Personal vDisk failed to start" may be displayed on a desktop with a personal vDisk. If the error includes "Status code: 7" and "Error code: 0x2000000b", this indicates that a master image has been distributed but the Virtual Hard Disk (VHD, part of the personal vDisk) is full. To work around this issue, on the image increase the
16
About Citrix XenDesktop 5.6 percentage value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\personal vDisk\Config\PercentOfPvDForApps, and redistribute the image. [#287292]
17
One part comprises C:\Users (in Windows 7) or C:\Documents and Settings (in Windows XP). This contains user data, documents, and the user profile. By default this uses drive P: but you can choose a different drive letter when you use Desktop Studio to create a catalog with personal vDisks. The other part comprises a Virtual Hard Disk file (a .vhd file). This contains all other items, for example applications installed in C:\Program Files. By default, this part uses drive V: but is hidden from users; this drive is not displayed in Windows Explorer. You can choose a different drive letter by configuring the Virtual Desktop Agent. For information on this, see CTX131432.
Personal vDisks support the provisioning of department-level applications, as well as applications downloaded and installed by users, including those that require drivers, databases, and PC management software. If a user's change conflicts with an administrator's change, a personal vDisk provides a simple and automatic way to reconcile the changes. In addition, locally administered applications (such as those provisioned and managed by local IT departments) can also be provisioned into the user's environment. The user experiences no difference in usability; personal vDisks ensure all changes made and all applications installed are stored on the vDisk. Where an application on a personal vDisk exactly matches one on a master image, the copy on the personal vDisk is discarded to save space without the user losing access to the application. Physically, a personal vDisk does not need to be stored with the dedicated pool VM. This frees up high-speed disks for VM storage; the personal vDisk can be placed on a less expensive storage solution, like a file server.
18
19
Windows Server 2008, Standard or Enterprise Edition (32- or 64-bit), with Service Pack 2
Windows Server 2008 R2, Standard or Enterprise Edition (64-bit only) Note that you can mix operating systems within a site.
q q
Microsoft .NET Framework 3.5 with Service Pack 1. If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\DotNet35SP1 folder.
Internet Information Services (IIS) and ASP.NET 2.0. IIS is required only if you are installing the Web Interface or Desktop Director:
q
For Windows Server 2008 R2, IIS Version 7.5 If you do not have these on your server, you may be prompted for the Windows Server installation media, and they are installed for you.
q q
Visual J# 2.0 Redistributable Package, Second Edition. This is required only if the Web Interface is installed on the server. If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\JSharp20SE folder.
Visual C++ 2008 with Service Pack 1 Redistributable Package. If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\vcredist\2008_SP1 folder.
Windows PowerShell version 2.0. If you are using Windows Server 2008 (not Windows Server 2008 R2), Windows Management Framework is installed automatically if it is not already present on the server; it includes Windows Powershell 2.0. Note: Windows Management Framework must be downloaded, so either ensure an Internet connection is available or pre-install Windows Management Framework.
One of the following browsers if you are running the License Administration Console on the controller:
20
100 MB for the Controller and SDKs 50 MB for Desktop Studio 50 MB for Desktop Director 40 MB for Citrix Licensing 100 MB for the Web Interface (and client software included in the installation)
21
Database Requirements
The following versions of SQL Server are supported:
q
SQL Server 2008 R2 SQL Server 2008 R2 Express Edition (installed automatically) SQL Server 2008 with Service Pack 3 SQL Server 2008 with Service Pack 2 SQL Server 2008 Express Edition with Service Pack 1
Both 32- and 64-bit versions of SQL Server 2008 are supported. Only the 64-bit version of SQL Server 2008 R2 is supported. Databases are supported in stand-alone, clustered, and mirrored mode (except for SQL Server 2008 R2 Express Edition, which is supported in stand-alone mode only). Note that you must use Windows authentication when connecting from XenDesktop to an SQL database.
22
Licensing Requirements
You must use Citrix Licensing 11.10, as supplied with XenDesktop 5.6; XenDesktop 5.6 does not work with older versions. Before installing Citrix Licensing, see Licensing Your Product for further details and possible updates to licensing requirements.
Windows XP Professional (32-bit) with Service Pack 3 Windows XP Professional (64-bit) with Service Pack 2 Windows Vista Windows 7 Windows Server 2008
Windows Server 2008 R2 Microsoft .NET Framework 3.5 with Service Pack 1
q
If you do not have this on your computer, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\DotNet35 folder.
q
Microsoft Management Console 3.0 (MMC 3.0) Windows PowerShell version 2.0. If you do not have this on your computer, it is installed automatically for you. Disk space requirements: 75 MB
23
Windows Server 2008, Standard or Enterprise Edition, with Service Pack 2 (32- or 64-bit)
q Windows Server 2008 R2, Standard or Enterprise Edition (64-bit only) Microsoft .NET Framework 3.5 with Service Pack 1
If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\DotNet35SP1 folder.
q
q For Windows Server 2008 R2, IIS Version 7.5 If you do not have these on your server, you are prompted for the Windows Server installation media, and they are installed for you.
Windows Remote Management (WinRM). WinRM is installed automatically as part of Windows Management Framework (WinRM 1.1 for Windows 2008; WinRM 2.0 for Windows 2008 R2).
Internet Explorer 8 or 9 Firefox 8.x Safari 5 Flash Player 10 must be installed to view graphs
24
25
Virtual machines without personal vDisks must run one of the following:
q
Windows XP 32-bit with Service Pack 3 Windows XP 64-bit with Service Pack 2 Windows Vista (non-Aero) with Service Pack 2 Windows 7 (non-Aero)
If you use Desktop Director in your deployment, you must install and enable Microsoft Windows Remote Management on the virtual machine before installing the Virtual Desktop Agent:
q
WinRM 1.1 for Windows XP or Windows Vista WinRM 2.0 for Windows 7
For more information on installing and enabling WinRM, see http://support.citrix.com/article/CTX125243. Support components, such as the Microsoft .NET Framework and the Visual C++ Runtime Library, are installed automatically if they are not already on the desktop.
26
Host Requirements
XenDesktop allows you to manage virtual desktops supported on all the hosts described in this topic. For further information on supported and recommended combinations, see http://support.citrix.com/article/CTX131239.
XenServer
q
XenServer 6 Standard and Enterprise Editions XenServer 5.6 with Service Pack 2 Standard and Enterprise Editions
VMware vSphere
q
VMware vSphere 5.0 (ESXi 5.0 and vCenter 5.0) VMware vSphere 4.x
No support is provided for vSphere vCenter Linked Mode operation (see http://www.vmware.com/products/vcenter-server/features.html/). For vSphere system requirements, see the VMware documentation at http://www.vmware.com/support/pubs/vs_pubs.html/.
System Center 2012 Virtual Machine Manager; Hyper-V on Windows Server 2008 R2 Service Pack 1 System Center Virtual Machine Manager 2008 R2 Service Pack 1; Hyper-V on Windows Server 2008 R2 Service Pack 1
For System Center Virtual Machine Manager system requirements, see the Microsoft documentation at http://www.microsoft.com/systemcenter/virtualmachinemanager/en/us/default.aspx/.
27
No No No
1. Available if there is only a single Hyper-V server in the hosting unit 2. Cluster Shared Volumes are required 3. No support for vMotion or dynamic placement
28
Client Requirements
The following Citrix client software is supplied as part of the installation media for XenDesktop:
q
Receiver for Windows 13.1 Offline Plug-in 6.6 Receiver for Mac 11.4.3 Receiver for Linux 11.1 Receiver for Java 10.1 Branch Repeater Plug-in 5.7.2 Single Sign-on Plug-in 5.0 Web Interface 5.4
For other client software that you can use with this version of XenDesktop, see http://www.citrix.com/downloads. For full XenDesktop functionality, use Desktop Viewer in Receiver for Windows. Other client software provides differing levels of functionality. For details of this and any user device requirements, see the appropriate Citrix documentation for details. Note: Microsoft .NET Framework requirements. To use Desktop Viewer, .NET 2.0 with Service Pack 1 or later is required. This version is required because, if Internet access is not available, certificate revocation checks slow down connection startup times. The checks can be turned off and startup times improved with this version of the Framework but not with .NET 2.0. The Desktop Viewer Embedded Edition does not require .NET Framework to be installed.
29
XenDesktop56.iso - This is the full image that consists of all XenDesktop components. In addition, the Support folder contains required, third-party software. Use this image to perform a new installation of XenDesktop. XenDesktop56_Upgrade.iso - This is the upgrade image. It is significantly smaller but still includes all XenDesktop components. Required, third-party software is not included in this image. Use this image to perform a server upgrade from XenDesktop 5, XenDesktop 5 Service Pack 1, or XenDesktop 5.5, and to perform an upgrade of the Virtual Desktop Agent.
About the Virtual Desktop Agent The Virtual Desktop Agent can be installed in one of two modes in this release. Before you install or upgrade, decide which mode you require. Both modes provide all of the new features in XenDesktop 5.6:
q
Virtual Desktop Agent - Select the standard Virtual Desktop Agent to take advantage of the features and enhancements that were first made available with XenDesktop 5.5, including HDX features such as Second Generation Flash Redirection, audio, and Windows Media Redirection. For more information on these features and enhancements, see What's New in XenDesktop 5.5.
30
Virtual Desktop Agent for HDX 3D Pro - Select the Virtual Desktop Agent for HDX 3D Pro if you intend using the HDX 3D Pro feature of XenDesktop Enterprise and Platinum editions to deliver desktops and applications that use a graphics processing unit (GPU) for hardware acceleration. To install the Virtual Desktop Agent for HDX 3D Pro, you require a key file that you obtain from the Citrix Downloads Web site. The key file is required for licensing purposes; during download of the key file, you are prompted for the number of users. Store the key file on a suitable place on the network that you can later access during installation. For more information on installing and configuring HDX 3D Pro, including installing from the command prompt, see Installing and Configuring HDX 3D Pro.
You can upgrade from a previous version of the standard Virtual Desktop Agent to the standard Virtual Desktop Agent in this release. You cannot upgrade from the standard Virtual Desktop Agent to the Virtual Desktop Agent for HDX 3D Pro. Instead, you must remove the standard Virtual Desktop Agent and then install the Virtual Desktop Agent for HDX 3D Pro. You can upgrade the Virtual Desktop Agent for HDX 3D Pro in XenDesktop 5.5 to the Virtual Desktop Agent for HDX 3D Pro in this release. However, you cannot upgrade versions of this component supplied with XenDesktop 5 Service Pack 1 or earlier. You must remove the Virtual Desktop Agent and any add-ons, and then install the Virtual Desktop Agent for HDX 3D Pro in this release.
31
Install and Set Up To upgrade Citrix Policies and Settings, locate and install CitrixGroupPolicyManagement_x86.msi or CitrixGroupPolicyManagement_x64.msi. These 32-bit and 64-bit installers are located in the x86\Citrix Policy and x64\Citrix Policy folders in the full and upgrade images. Perform the installation with local administrator rights on the controller or on the server running Desktop Studio if this is installed by itself on a remote server (that is, without the Controller component installed locally).
32
Install and Set Up 5. On the Select Components to Install page, select the components you want to install and where you want to install them. 6. On the Personal vDisk Configuration page, choose whether to enable this feature or configure it later. The part of each personal vDisk that stores applications comprises a Virtual Hard Disk file (a .vhd file) that uses the drive letter V:. This is therefore unavailable for network mapping. To choose a different drive letter, see the instructions in CTX131432. To configure this feature later, use the instructions in Managing XenDesktop 5.6 after you have installed or upgraded the Virtual Desktop Agent. 7. On the Controller Location page, specify the controllers in the XenDesktop site to which the Virtual Desktop Agent will connect, either by manually entering the locations or by selecting controllers from Active Directory. Alternatively, select Configure at a later time if you plan to specify controller locations later using Group Policy or by rerunning the Virtual Desktop Agent installer. Important: Ensure you specify the locations of all the controllers in the site, otherwise some user connections may be refused. For load balancing, the Virtual Desktop Agent automatically distributes connections evenly across the controllers. 8. On the Virtual Desktop Configuration page, specify whether or not you want to enable user-desktop shadowing and real-time monitoring. 9. Configure the agent as follows:
q
Reconfigure the firewall. If the Windows firewall is detected, the necessary ports can be opened automatically for you. If another firewall is detected, you are told which ports you need to open manually for XenDesktop to operate successfully. You can also request to have the necessary ports opened for Windows Remote Assistance and Windows Remote Management. For more information on configuring firewalls manually, see To configure firewalls manually.
If this installation is running in a VM on a hypervisor, you can select to have the VM automatically optimized for use with XenDesktop. Optimization involves actions such as disabling offline files, disabling background defragmentation, and reducing the event log size. For more information on VM optimization, see CTX125874. 10. Review the installation summary before clicking Install. When installation begins, progress is displayed on screen.
q
11. When installation is complete the default is to restart the machine; you must do this for the changes to take effect. 12. If you have enabled the personal vDisk feature, prepare your master image by following the instructions in To update master images that use personal vDisks. If you use Profile management, note that, by default, Citrix user profiles are stored on the virtual desktops' personal vDisks (typically the P: drives) not the C: drives. However, Profile management expects to find the profiles on the C: drives so you must modify the Registry on the master image to adjust the default as follows: Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. 33
In HKLM\Software\Citrix\personal vDisk\Config, change the value of the EnableUserProfileRedirection key from 1 to 0. It is also good practice to increase the default allocation of disk space in the PercentOfPvDForApps key from 50% to 80%.
You can also install the Virtual Desktop Agent through a command-line utility; see XenDesktopVdaSetup.exe. To enable personal vDisks as part of the installation, include the argument /BASEIMAGE in addition to any other required arguments. To deploy the Virtual Desktop Agent through Active Directory Group Policy, see CTX127301. Note: When you install the Virtual Desktop Agent, a new local user group for authorized RDP users is automatically created. The group is called Direct RDP Access Administrators. For more information on using protocols other than ICA, see CTX121657. XenDesktop requires desktops and controllers to have synchronized system clocks. This is required by the underlying Kerberos infrastructure that secures the communication between the machines. You can use normal Windows domain infrastructure to ensure that the system time on all machines is correctly synchronized. If you use System Center Configuration Manager to manage virtual desktops, certain firewall exceptions are required on machines running the Virtual Desktop Agent. For information on these, see Desktop Properties Available to System Center Configuration Manager. To add or remove components, select the Windows option for adding or removing programs, then select Citrix Virtual Desktop Agent. You can then select to add, remove, or reconfigure components, or remove the Virtual Desktop Agent completely. You cannot remove support for XenApp application delivery through the XenDesktop installation wizard; you must remove the plug-ins directly through the Windows removal option. The Reconfigure the VDA option enables you to update the site selection and port numbers. Launching the Virtual Desktop Agent MSI in Stand-alone Mode Citrix recommends you launch the Virtual Desktop Agent MSI (XdsAgent.msi) only through Autorun, not in stand-alone mode by double-clicking it. For example, stand-alone installations do not install the personal vDisk feature. However, if you decide to launch the MSI in stand-alone mode, you must provide the following configuration information or the Virtual Desktop Agent may not operate as expected:
q
Add controller information or site details to the Windows registry. If the VM is to be optimized for XenDesktop performance, optimization steps must be carried out manually. For more information on VM optimization, see CTX125874. If the Windows Firewall is enabled, perform the following additional steps:
q
Open firewall ports for ICA, Workstation Agent and CGP (TCP ports 1494, 80, 2598). For user-desktop shadowing configuration, enable Remote Assistance and open the firewall port (TCP port 3389).
34
For Real time monitoring, enable and secure Remote Management. For HDX RealTime for Audio, open UDP ports 1650016509. For more information on configuring firewalls manually, see To configure firewalls manually.
Caution: Not all of these port numbers are IANA registered and may be in use for other purposes. In this version of XenDesktop, launching the Virtual Desktop Agent MSI in stand-alone mode creates the entry Citrix Virtual Desktop Agent Core Services in Add/Remove Programs. Optimizing Storage on Virtual Desktops Citrix recommends that you optimize the master image's operating system for efficient storage. If you launch the Virtual Desktop Agent through Autorun (as recommended), optimization is automatically performed by the Provisioning Services Device Optimization Tool, which runs silently. If you launch the Virtual Desktop Agent in stand-alone mode, the Provisioning Services Device Optimization Tool is not run but it is installed as TargetOSOptimizer.exe in C:\Program Files\Citrix\PvsVm\TargetOSOptimizer. Run this (or your preferred optimization tool) after the Virtual Desktop Agent in installed. For more information on this tool, see CTX125874.
35
Licensing the site and specifying which edition of XenDesktop to use. Setting up the site database. Ensure that you have read the database-related information in Planning a XenDesktop Deployment before you start configuring your site. Providing information about your virtual infrastructure, in terms of the host and connection to use. A host is a representation of a XenServer pool (or ESX or SCVMM cluster), with storage and a virtual network, where you create and store virtual machines (VMs) for your user desktops. This infrastructure allows you to efficiently manage the distribution of VMs in your hypervisor infrastructure. A host connection represents the credentials and address needed to access the host; these can be used by more than one host.
You can choose between two wizards when configuring sites: the Quick Deploy wizard or the Desktop Deployment wizard. The Quick Deploy wizard is intended for setting up small production sites and proof-of-concept sites not involving personal vDisks; it is described in Evaluating XenDesktop 5 and Quick Deploy. This topic describes the Initial Configuration steps in the Desktop Deployment wizard, which is intended for more typical production deployments. To run the wizard, start Desktop Studio and select Desktop Deployment. The rest of this topic summarizes the steps the wizard takes you through and provides additional information where necessary. 1. Specify a site name. 2. Specify the license server to use. You must specify the address as name:[port], where name can be a DNS, NetBIOS, or IP address. If you do not specify a port number, the default port is assumed. If there is already a license server on the controller, you are not prompted to specify its name; instead you are prompted for a license file location and the edition is detected from the license file. If you need to point to a different license server after initially configuring the site, select Configuration in the left pane of Desktop Studio, then Edit Licensing from the list of actions. 3. Specify the database to use:
q
By default XenDesktop uses the locally installed copy of SQL Express, if it is available, to create the site database on the controller on which you are working. To use an alternative database, select Use existing database. The server location must be a DNS, NetBIOS, or IP address, without a port number. If you are using an existing database and you need to set up XenDesktop manually, for example if your database is locked down, click Generate. This generates two
36
To configure a XenDesktop site scripts for use by your database administrator: one that generates the entire database setup for XenDesktop, and one optional script for use if you are using database mirroring. These scripts must be run before you can complete XenDesktop initial configuration. Click Next. 4. Specify a connection name, the type of host you are using, and the credentials to use when accessing it. Ensure that the credentials enable you to carry out all the necessary XenDesktop tasks. If you use XenServer, note that:
q
Citrix recommends using HTTPS to secure communication between XenDesktop and XenServer. To use HTTPS you must replace the default SSL certificate installed with XenServer with one from a trusted certificate authority. For details of how to do this see To replace the default XenServer SSL certificate. If you use vSphere, Citrix recommends that you use HTTPS rather than HTTP. For more information, see Using VMware with XenDesktop. If you use Microsoft System Center Virtual Machine Manager or Hyper-V Server, communication is over Windows Communication Foundation (WCF) so it is secured by regular Windows mechanisms.
You can configure high availability if it is enabled on XenServer. Citrix recommends that you select all servers in the pool to allow communication between XenDesktop and XenServer if the pool master fails.
Note: If you are using XenDesktop to manage user desktops hosted on dedicated blade PCs in the data center, select None for host type. You do not need to provide any further configuration information and the configuration summary appears. 5. Select whether to use XenDesktop to create virtual machines, or whether to create them manually. Select the XenDesktop option to use Machine Creation Services and create catalogs of pooled or dedicated VMs. The manual creation option allows you to use XenDesktop to manage and deliver user desktops that you have already migrated to VMs in the data center. 6. If you use XenDesktop to create desktops, you are prompted for details of the host on which the virtual machines and their personal vDisks are stored:
q
Enter a name for the host and the virtual network to use. Select the storage to use for the virtual machines. If both local and shared storage are available on the host you must select a single type; you cannot mix them. Optionally, you can separate the personal vDisks, which store the user profiles and user-installed applications, from the disks used for the machines operating system. Each virtual machine must have access to a storage location for both disks. If you use local storage for both, they must be accessible from the same hypervisor. To ensure this requirement is met, Desktop Studio offers you only compatible storage locations when you create the host.
Note: If you intend to use SmartAccess endpoint analysis, pass-through authentication, or smart card authentication with XenDesktop, you must configure XenDesktop to trust XML services. To do this, run the following PowerShell SDK command: Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true
37
To configure a XenDesktop site After configuring your site, you can add more controllers to it or create a catalog.
38
Controllers
Controllers running XenDesktop 5 (including Service Pack 1) and XenDesktop 5.5 can control desktops running the Virtual Desktop Agent in XenDesktop 5.6. Controllers running XenDesktop 5.6 can control desktops running the Virtual Desktop Agent in XenDesktop 5 (including Service Pack 1) and XenDesktop 5.5.
Desktop Studio
The version of Desktop Studio in XenDesktop 5 Service Pack 1 and XenDesktop 5.5 can manage sites created with XenDesktop 5.6 unless they include desktops with personal vDisks. The version of Desktop Studio in XenDesktop 5.6 can manage sites created with either XenDesktop 5, XenDesktop 5 Service Pack 1, or XenDesktop 5.5, but not combinations of these earlier versions. Although such mixed-controller sites inevitably exist during an upgrade, managing virtual desktops and other objects in them is unsupported. Complete the upgrade as soon as possible to minimize the likelihood of having to use Desktop Studio in this unsupported scenario. 39
Desktop Director
Desktop Director 2.1 can monitor desktops created with XenDesktop 5 Service Pack 1, XenDesktop 5.5, and XenDesktop 5.6. Desktop Director 2.0 cannot monitor desktops created with XenDesktop 5.6.
XenDesktop SDK
The version of the Software Development Kit (SDK) provided with XenDesktop 5 Service Pack 1 and XenDesktop 5.5 works with XenDesktop 5.6 environments unless they include desktops with personal vDisks. In most cases, the XenDesktop 5.6 SDK works with XenDesktop 5, XenDesktop 5 Service Pack 1, and XenDesktop 5.5. Where commands are incompatible, errors indicate the nature of the incompatibility.
40
On the Machine Type page of the Create Catalog wizard in Desktop Studio, select Pooled with personal vDisk. This is a variant of the pooled-static machine type; machines are assigned to the first user who connects to them. For all subsequent sessions, that user connects to the same machine, and their user data, documents, user profile, and any user-installed applications are stored on a dedicated disk (the personal vDisk). Personal vDisks consist of two parts that separate two types of data. For more information, see About Personal vDisks.
41
Manage Note: The Streamed with personal vDisk catalog type is also available. This adds personal vDisks to streamed machines (which load the operating system over a network from Provisioning Services). If you want to use this catalog type, do so in the Provisioning Services Console, not Desktop Studio.
q
On the Number of VMs page, specify the size of the personal vDisk that is used for all desktops in the catalog, and the drive letter that users see. Ensure that the disk is big enough to store a user profile and any applications that a user installs. The minimum is 3 gigabytes (GB). Additional space may be required for user applications and data. Note: The setting for the master image's memory on this page might be overwritten by the desktops' memory settings. This is true for all virtual desktops created with XenDesktop, not just those with personal vDisks.
42
Manage
XenServer deployments require XenServerPSSnapIn. This is available in the XenServer Software Development Kit (SDK) or from http://community.citrix.com/display/xs/Download+SDKs. VMware ESX deployments require VMware vSphere PowerCLI. This is available from http://www.vmware.com/support/developer/PowerCLI. Microsoft System Center Virtual Machine Manager deployments require the Virtual Machine Manager snapin. This is installed automatically when you install that component's console.
1. Put the machines in the catalog into maintenance mode. 2. Locate the script resize-personal-vdiskpool.ps1 in the Support\Tools\Scripts folder of the full or upgrade image. 3. At a command prompt, run the script and select the catalog whose personal vDisks you want to resize. If a script error occurs, dismiss it by running Set-ExecutionPolicy RemoteSigned. Note: For 64-bit XenServer deployments, run the script from a 32-bit command prompt. 4. Accept the defaults for the storage location and, if displayed, the decision on thin-provisioning. The script displays these properties, which you should not change. 5. Enter the new size for the personal vDisks. The minimum is 3 gigabytes (GB). Additional space may be required for user applications and data. 6. When prompted, confirm the selections you made. 7. Enter the administrator's user name and password. Where possible, the personal vDisks in the catalog are resized and the machines they are attached to restart. When disk preparation is complete, the machines shut down. This process may take several minutes to complete. The script lists the machines whose vDisks cannot be resized. Check the power state of these machines, and rerun the script to complete the resizing operation on the entire catalog.
43
Manage
Depending on your deployment, you may need additional or different exceptions. For information on firewall exceptions needed with System Center 2012 Configuration Manager and using System Center in general, see your Microsoft documentation.
Using System Center Configuration Manager to Manage Virtual Desktops Created with Provisioning Services
To ensure any desktops created with Provisioning Services operate correctly with System Center 2012 Configuration Manager, you must set the write cache to the target device's hard drive. Using the Provisioning Services Console, in vDisk Properties, select Cache on device hard drive as the Cache Type. If you do not configure the cache this way, data required by System Center Configuration Manager is not persisted when the desktops are restarted, which may result in unexpected behavior.
Manage Important: An alternative scenario occurs if you enable Profile management on machines in existing catalogs with personal vDisks. Because the catalog is already in use, logons will already have taken place and profiles will be present on the P: drive (and will remain there after you modify the Registry). You must therefore adjust the default differently. For instructions on adjusting the default in this scenario, see the Profile management documentation.
45
Name - The name of the virtual machine. User - The user assigned to the machine. Service - Indicates whether the preparation service is running. Status - Indicates whether the personal vDisk workspace virtualization is Running (that is, it is active) or No (that is, it is inactive, which represents an error). VHD Size - The size of the virtual hard drive (that is, the workspace size) in gigabytes. VHD %Used - The percentage of the virtual hard drive that is used. Update - Various states of the initially provisioned disk or the updated image:
q
OK The initial provisioning or last image update was successful. Disk Init This is the first time that the personal vDisk has started or been resized. It is being initialized and partitioned by the service. Disk Format The personal vDisk is being formatted. Updating The initial provisioning or an image update is in progress. Error (Disk Discovery) An error state. An error occurred while discovering the personal vDisk. Error (Disk Init) An error state. An error occurred while partitioning or formatting the personal vDisk.
46
Monitor
q
Error (Sys Init) An error state. An error occurred while starting the Personal vDisk Service or configuring the personal vDisk. Error (Update) An error state. An error occurred during the initial provisioning or the last image update. Unknown An error state. An error occurred but the cause is unknown.
47
The personal vDisk logs from the root of the disk The operating system type, version, and bitness The list of applications installed on the base image Tip: Running appwiz.cpl is a quick way of displaying the list
The list of applications, if any, installed on the personal vDisk The type and version of the hypervisor in your deployment The type and version of the provisioning technology in the deployment (Machine Creation Services or Provisioning Services)
48
BrokerSiteName - The name of your XenDesktop site; returns the same value as HostIdentifier DesktopCatalogName - The name of the catalog associated with the desktop DesktopGroupName - The name of the desktop group associated with the desktop HostIdentifier - The name of your XenDesktop site; returns the same value as BrokerSiteName IsAssigned - False for a pooled-random desktop, otherwise true IsVirtualMachine - True for a virtual machine, false for a physical machine OSChangesPersist - False if the desktop operating system image is reset to a clean state every time it is restarted, otherwise true. PersistentDataLocation - The location where Configuration Manager stores persistent data. This is not accessible to users. PersonalvDiskDriveLetter - For a desktop with a personal vDisk, the drive letter you assign to the personal vDisk.
The properties BrokerSiteName, DesktopCatalogName, DesktopGroupName, and HostIdentifier are determined when the desktop registers with the controller, so they are null for a desktop that has not fully registered. You can display the properties using the hardware inventory in Configuration Manager or using attributes of Configuration Manager objects. When you do, the names may include spaces or vary slightly in other ways. For example, BrokerSiteName may appear as Broker Site Name. Other properties are available in CCM_DesktopMachine in the Root\ccm_vdi namespace. This is a Microsoft class. For more information on these properties, consult the Microsoft documentation. Note: When Boolean properties are displayed in System Center 2012 Configuration Manager, they may appear as 1 or 0, not true or false.
49
XenDesktop 5.5
XenDesktop 5.5 consists of:
q
HDX-related new features and enhancements, including second generation Flash Redirection, Windows Media Redirection, Multi-Stream ICA including UDP for Audio, and Windows 7 Aero Redirection. HDX Monitor 2.0. An interactive graphical dashboard that enables you to monitor and analyze HDX performance throughout your domain. When potential problems are detected, solutions are suggested. To download HDX Monitor, go to http://hdx.citrix.com/sites/default/files/hdx-monitoring-2.0/setup.exe.
Full details about the new features and enhancements, and how to use them, are provided in this section. For all other XenDesktop features, continue to use the documentation provided for XenDesktop 5. The following table provides links to the documentation for all updated components, and to the list of issues that have been fixed in this release: What's New in XenDesktop 5.5 Using the New HDX Features and Enhancements XenDesktop 5 Service Pack 1 Known Issues in XenDesktop 5.5 Installing and Upgrading to XenDesktop 5.5 New and Updated Policy Settings Citrix Receiver 3.0 Issues Fixed in XenDesktop 5.5
50
Second Generation Flash Redirection. Adobe Flash content can be redirected to the user device for local rendering in many more cases than before, resulting in even higher server scalability and a great user experience. Flash Redirection now supports WAN-connected users. Good results with video playback have been observed, even at high latency. Server-Rendered Video. For multimedia content that is rendered server-side, the need to configure complex policies for best performance under different network conditions has been eliminated. HDX MediaStream automatically adjusts to the effective network bandwidth to use the level of compression that delivers the best video experience (image quality and frame rate) while displaying non-video regions, such as text, at full clarity. Windows Media Redirection. A new end-to-end flow control and frame dropping capability has been introduced. This improves the user experience when the bandwidth available for viewing a Windows media video (WMV, MPEG, AVI, DivX, etc.) is less than what is required by the bit rate of the video, an issue increasingly experienced by customers as videos are recorded at higher resolution. This technology allows multimedia redirection to be used in more access scenarios, further reducing server CPU consumption. Priority is given to smooth audio playback and audio-video synchronization at the expense of the video, so video frames are dropped when the available bandwidth is too low. In Citrix's own comparison testing, this technology delivered a better-than-local user experience under the same bandwidth constraints. Multi-Stream ICA including UDP for Audio. XenDesktop 5.5 introduces the option of delivering ICA over multiple streams: four TCP/IP streams and one UDP/RTP stream (for audio). This gives full flexibility for QoS routing over the network and provides superior audio quality when there is packet loss or congestion. Citrix Receiver for Windows. Various enhancements in Citrix Receiver (formerly the Citrix online plug-in) offer benefits to users of softphones and unified communications clients:
q
UDP and RTP (Real-time Transport Protocol) support Improved multi-tasking with real-time applications Smoother audio when network latency fluctuates ("jitter")
Improved echo cancellation when using speakers and a microphone HDX Broadcast
q
When running a typical office user workload, as represented by the standard Login Virtual Session Indexer (VSI) "Medium" knowledge worker test, Citrix expects customers to see a 30% reduction in bandwidth consumption along with reduced CPU consumption on the
51
XenDesktop 5.5 server (leading to higher server scalability) and improved desktop image quality on low bandwidth connections. In addition, RDP protocol support in HDX Broadcast has been enhanced to support RDP 7.1 with RemoteFX. For more information, see HDX RichGraphics. HDX RichGraphics
q
Microsoft RemoteFX Support. Microsoft RemoteFX, a feature of Windows Server 2008 R2 SP1 Hyper-V, uses server-side graphics hardware acceleration to deliver the full Windows 7 Aero and multimedia experience over a LAN-like connection. XenDesktop 5.5 supports RemoteFX using enhancements to RDP protocol support in HDX Broadcast and to Citrix Receiver for Windows. This is the first phase of a vision and collaboration announced by Citrix and Microsoft in March 2010. For more information about using Microsoft RemoteFX with XenDesktop, see: http://support.citrix.com/article/ctx129509/. Windows 7 Aero Redirection. Aero Redirection leverages client-side graphics hardware acceleration to deliver the full Windows 7 Aero experience (including glass effects, Flip 3D, and Aero Peek) over a LAN-like connection. Using the DirectX 9 graphics processing capabilities of the user's rich client device (Windows XP/Vista/7 PC or higher-end thin client), Aero Redirection delivers an outstanding user experience that truly feels "like local", if not better. This is the first phase of a powerful new HDX technology based on DirectX graphics command remoting. Note: This feature is disabled by default. To use it, expand the HDX Policy node and click Users. In the ICA options select Desktop UI, and in the Settings area select Aero Redirection. If Aero Redirection has been enabled, click Edit; otherwise, click Add. From here, you can enable or disable Aero Redirection.
3D Pro Enhancements. In XenDesktop 5.5, HDX 3D Pro adds full multi-monitor support for Windows 7 desktops. This extends the best-in-class solution for remote access to professional 3D graphics applications and very large models to enable full desktop replacement. HDX 3D Pro also offers limited support for multi-monitor access to Windows XP desktops. Other enhancements include support for GPU-accelerated deep compression with NVIDIA Fermi GPUs and the addition of XenDesktop policies enabling administrator control of the end user image quality configuration tool. XenDesktop 5.5 supports the Multi-GPU Passthrough feature of XenServer 6.0, which is available on the Citrix Downloads Web site.
HDX Plug-n-Play New HDX Plug-n-Play capabilities include support for WAN-connected scanners (via the TWAIN standard) and Japanese and Korean keyboards. Usability of removable storage devices has been improved. Client Drive Mapping now supports read-only access on all Virtual Desktop Agents. Client Drive Mapping also supports Universal Naming Convention (UNC) path support on Virtual Desktop Agents with Windows 7 and Windows Vista environments. Desktop Director version 2. A new version of Desktop Director is available for use with XenDesktop. For more information, see the Desktop Director documentation.
52
Second Generation Flash Redirection. Adobe Flash content can be redirected to the user device for local rendering in many more cases than before, resulting in even higher server scalability and a great user experience. Flash Redirection now supports WAN-connected users. Good results with video playback have been observed, even at high latency. Server-Rendered Video. For multimedia content that is rendered server-side, the need to configure complex policies for best performance under different network conditions has been eliminated. HDX MediaStream automatically adjusts to the effective network bandwidth to use the level of compression that delivers the best video experience (image quality and frame rate) while displaying non-video regions, such as text, at full clarity. Windows Media Redirection. A new end-to-end flow control and frame dropping capability has been introduced. This improves the user experience when the bandwidth available for viewing a Windows media video (WMV, MPEG, AVI, DivX, etc.) is less than what is required by the bit rate of the video, an issue increasingly experienced by customers as videos are recorded at higher resolution. This technology allows multimedia redirection to be used in more access scenarios, further reducing server CPU consumption. Priority is given to smooth audio playback and audio-video synchronization at the expense of the video, so video frames are dropped when the available bandwidth is too low. In Citrix's own comparison testing, this technology delivered a better-than-local user experience under the same bandwidth constraints. Multi-Stream ICA including UDP for Audio. XenDesktop 5.5 introduces the option of delivering ICA over multiple streams: four TCP/IP streams and one UDP/RTP stream (for audio). This gives full flexibility for QoS routing over the network and provides superior audio quality when there is packet loss or congestion. Citrix Receiver for Windows. Various enhancements in Citrix Receiver (formerly the Citrix online plug-in) offer benefits to users of softphones and unified communications clients:
q
UDP and RTP (Real-time Transport Protocol) support Improved multi-tasking with real-time applications Smoother audio when network latency fluctuates ("jitter")
Improved echo cancellation when using speakers and a microphone HDX Broadcast
q
When running a typical office user workload, as represented by the standard Login Virtual Session Indexer (VSI) "Medium" knowledge worker test, Citrix expects customers to see a 30% reduction in bandwidth consumption along with reduced CPU consumption on the
53
What's New server (leading to higher server scalability) and improved desktop image quality on low bandwidth connections. In addition, RDP protocol support in HDX Broadcast has been enhanced to support RDP 7.1 with RemoteFX. For more information, see HDX RichGraphics. HDX RichGraphics
q
Microsoft RemoteFX Support. Microsoft RemoteFX, a feature of Windows Server 2008 R2 SP1 Hyper-V, uses server-side graphics hardware acceleration to deliver the full Windows 7 Aero and multimedia experience over a LAN-like connection. XenDesktop 5.5 supports RemoteFX using enhancements to RDP protocol support in HDX Broadcast and to Citrix Receiver for Windows. This is the first phase of a vision and collaboration announced by Citrix and Microsoft in March 2010. For more information about using Microsoft RemoteFX with XenDesktop, see: http://support.citrix.com/article/ctx129509/. Windows 7 Aero Redirection. Aero Redirection leverages client-side graphics hardware acceleration to deliver the full Windows 7 Aero experience (including glass effects, Flip 3D, and Aero Peek) over a LAN-like connection. Using the DirectX 9 graphics processing capabilities of the user's rich client device (Windows XP/Vista/7 PC or higher-end thin client), Aero Redirection delivers an outstanding user experience that truly feels "like local", if not better. This is the first phase of a powerful new HDX technology based on DirectX graphics command remoting. Note: This feature is disabled by default. To use it, expand the HDX Policy node and click Users. In the ICA options select Desktop UI, and in the Settings area select Aero Redirection. If Aero Redirection has been enabled, click Edit; otherwise, click Add. From here, you can enable or disable Aero Redirection.
3D Pro Enhancements. In XenDesktop 5.5, HDX 3D Pro adds full multi-monitor support for Windows 7 desktops. This extends the best-in-class solution for remote access to professional 3D graphics applications and very large models to enable full desktop replacement. HDX 3D Pro also offers limited support for multi-monitor access to Windows XP desktops. Other enhancements include support for GPU-accelerated deep compression with NVIDIA Fermi GPUs and the addition of XenDesktop policies enabling administrator control of the end user image quality configuration tool. XenDesktop 5.5 supports the Multi-GPU Passthrough feature of XenServer 6.0, which is available on the Citrix Downloads Web site.
HDX Plug-n-Play New HDX Plug-n-Play capabilities include support for WAN-connected scanners (via the TWAIN standard) and Japanese and Korean keyboards. Usability of removable storage devices has been improved. Client Drive Mapping now supports read-only access on all Virtual Desktop Agents. Client Drive Mapping also supports Universal Naming Convention (UNC) path support on Virtual Desktop Agents with Windows 7 and Windows Vista environments. Desktop Director version 2. A new version of Desktop Director is available for use with XenDesktop. For more information, see the Desktop Director documentation.
54
Installation Issues
q
During Virtual Desktop Agent installation, Microsoft Windows Update is disabled if you select Optimize XenDesktop Performance in the Virtual Desktop Configuration page. Windows Update remains disabled even after uninstalling the Virtual Desktop Agent. After upgrading the Virtual Desktop Agent through the installer user interface on desktops with the Common Gateway Protocol and Windows Firewall enabled, users may experience delays when logging on and be unable to use Multi-Stream ICA. To resolve this issue, modify the Windows Firewall rule for the Citrix CGP Server Service to apply the rule for all programs. For more information about modifying the Windows firewall rule, see: http://support.citrix.com/article/CTX130685/. [#263328] Do not upgrade to XenDesktop 5.5 from a Technical Preview or Early Release version. Uninstall any existing Technical Preview or Early Release versions before installing XenDesktop 5.5. [#262990] The installation of Citrix Desktop Lock with a Group Policy fails. To prevent this, using an MSI editor, such as Orca.exe, edit CitrixDesktopLock.msi. Copy CitrixDesktopLock.msi from \Citrix Receiver and Plug-ins\Windows\Receiver on the installation media to a local directory. Open the Summary Information and edit the Languages field. Change the numeric string 1033 to 9. (Orca.exe is available in the Windows SDK for Windows 7 and .NET Framework 3.5 SP1 at https://www.microsoft.com.) [#262364, #262509] Uninstallation of Citrix Desktop Lock may result in an error message and incomplete uninstallation. To avoid this, from the Windows Control Panel Programs and Features dialog box, select Citrix Desktop Lock and click Repair. Follow the onscreen instructions. When the repair is complete, begin the uninstallation process. [#262440] You can install Windows 7 Aero Redirection on virtual machines hosted on Hyper-V. To do this, at a command prompt, type either:
q
XenDesktopVdaSetup.exe /CITRIXWDDMONHYPERV. The XenDesktopVdaSetup.exe file is located in the folder "XenDesktop Setup", in the install media.
55
Known Issues Important. Do not run this command on a virtual machine hosted on Hyper-V with the RemoteFX driver installed; installation will fail because the RemoteFX driver is present. This feature cannot be installed on virtual desktops hosted on physical machines. [#261634]
q
When you install the license server on a Windows 2003 server and change the license server from a local license server to a remote license server using Desktop Studio, the "Sequence contains no elements" error message may appear. To resolve this issue: 1. Replace the contents of this file: C:\Program Files\Citrix\Licensing\LicensingConfig\Service\Citrix.LicensingConfig.SdkWcfEndpoint.exe.config with the contents of this file: C:\Program Files\Citrix\Licensing\LicensingConfig\Service\Citrix.LicensingConfig.SdkWcfEndpoint.config 2. Stop and restart the License Configuration Service in the services list on the Windows 2003 server. [BUG0034298]
The Citrix-Multimedia-Flash log may be missing from the Event Viewer, after upgrading the Virtual Desktop Agent from the XenDesktop 4 Virtual Desktop Agent. [#263312] Streamed Windows 7 64-bit desktops may display a black screen, instead of the Windows logon screen, in XenCenter or vCenter. To work around this issue on XenServer, use the Other install media template in XenCenter to create the target device virtual machines. On VMware vSphere, ensure that target device virtual machines are imaged, added to Active Directory, and started in private image mode before installing the Virtual Desktop Agent. [#263279]
When the Virtual Desktop Agent for HDX 3D Pro is installed on a Windows 7 computer, Windows Aero functionality is disabled over ICA to get the benefit of performance optimizations in HDX 3D Pro. However, if some applications require Aero mode over ICA, it can be enabled using the HDX 3D Pro command line tool. [#259657] Hardware acceleration may be unavailable for 3D applications when users first connect to a Windows 7 host computer. To work around this issue, users must disconnect from the session and then reconnect. [#258836] When connecting to a Windows XP host computer with the Virtual Desktop Agent for HDX 3D Pro installed, users may experience slow responses to input when CPU-based compression is used. [#260182] On a multi-monitor host computer with the Virtual Desktop Agent for HDX 3D Pro installed and where the primary monitor is attached with a DisplayPort connector, switching the primary monitor off and then on again while a user is connected causes monitor blanking to fail on the host computer. [#260099]
56
Known Issues
q
Host monitor blanking is not supported with Display Port video connectors on the host computer. At least 3 Mbps of network bandwidth are required. If the host computer has an NVIDIA card with 128 or more Compute Unified Device Architecture (CUDA) core processors, then the minimum bandwidth requirement drops to 2 Mbps.
Sluggish performance may occur on user devices using a Windows Display Driver Model (WDDM) driver with Windows Aero disabled locally, but enabled remotely. This configuration causes bitmaps to be rendered in the Graphics Processing Unit (GPU) video memory and then copied into the GDI system memory for display, consuming a great deal of resources. If this condition occurs, either enable Windows Aero on the user device, or disable Windows Aero on the remote device. [#260765] There may be a short delay after Windows Media Player begins to play a video. This delay may last up to 30 seconds while Windows Media Player adds the video to its buffer. The occurrence and length of delay is based on the available bandwidth, latency, and the bitrate of the video. [#260426] Starting a webcam on a 32-bit user device running Windows XP during a Virtual Desktop Agent session running Windows XP with Client USB device redirection enabled may cause the system to stop responding. To avoid this, use the Webcam Video Compression feature, enabled by default, for compatible video conferencing applications. [#261741] A multiple monitor session in full screen mode in a Virtual Desktop Agent session running Windows 7 Aero may not appear properly or run very slow. This is due to Windows 7 Aero not reverting to Windows 7 Basic. If this occurs, change the session to windowed mode or reduce the number of monitors. [#259513] If you are using a XenDesktop 4 controller with the Virtual Desktop Agent in this 5.5 release, it may not be possible to launch Multi-Stream ICA sessions. If this issue occurs, you must upgrade your XenDesktop server environment to XenDesktop 5.5 and use the latest Citrix Policy settings to enable Multi-Stream for both computers and users. [#262680] Audio sessions begun in a Virtual Desktop Agent on one user device and continued on another device when the user roams do not reflect the audio configuration of the Virtual Desktop Agent session. When the user logs on to the session on the new user device, that devices settings are used. Reset defaults and disabled audio devices, such as speakers or microphones, are not replicated from user device to user device. To ensure any consistency between user devices, each device must be configured as needed. [#259667] When using server-side content fetching over slow WAN connections, Adobe Flash content playback is poor, possibly resulting in: response failures for the Flash window or Web browser; and extremely long buffer times and pauses. To avoid this issue, use server-rendered Flash delivery for user devices using WAN connections. [#261879] In a Virtual Desktop Agent running Windows 7 in Aero mode, if HDX MediaStream Multimedia Acceleration is disabled, for example by setting SpeedScreenMMA=off, and a
57
Known Issues user plays a movie file in a XenDesktop session, video may not play as expected and only audio may be heard, or Windows Media Player may display an error message stating the video cannot be played. This may also occur when the video format is not recognized by the user device. [#257853]
q
In a multiple monitor environment with Windows Media Redirection either disabled or not supported, video played on a non-primary monitor may result in an error. To avoid the error, play the video on the primary monitor. USB audio/video device redirection, such as headsets and webcam, may fail during a Virtual Desktop Agent session. To ensure successful redirection of these devices, in the HKLM\SOFTWARE\Citrix\ICA Client\GenericUSB subkey in the registry of the server running XenDesktop, create the REG_DWORD EnableForceRestartForHID key and set its value to 1. [#260613] Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
If the user's webcam is not recognized by Citrix GotToMeeting with HDFaces, edit the system registry. For 32-bit devices, go to HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\Citrix HDX Web Camera. For 64-bit devices, go to HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\Citrix HDX Web Camera. Add a string value named DevicePath. Set REG_SZ as the data type and Citrix Client as the value. [#263277] Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
The screen on a secondary monitor may appear black when using Microsoft PowerPoint in a multiple monitor session. This has been observed in Virtual Desktop Agent sessions running Windows 7. To address this issue, in PowerPoint choose Slide Show and set Show On to "Primary Monitor". [260943]
Printing Issues
q
If Microsoft KB927489 (JIS2004 fonts) is installed in a Japanese Windows XP virtual desktop, but not installed in a user device or printer server, print corruption may occur with the Universal Print Driver of an autocreated printer. To avoid this issue, install KB927489 in the user device and printer server. [#254936]
Using a Remote Desktop Connection (RDP) to connect to a virtual desktop running Windows Vista or Windows 7 may cause the system to stop responding and an error
58
Known Issues message to appear on a blue screen. If this occurs, attempt to connect again. [#259314]
q
When generating a GPO report in the GPMC, the message "Error occurred while generating the report. Unable to determine file type from extension" may appear. This occurs because the GPMC extensions are not supported on Windows 2003 x64. To address this issue, install the Group Policy SDK (CitrixGroupPolicyManagement_x86.msi or CitrixGroupPolicyManagement_x64.msi) on a different machine running a supported operating system. [#260284] When starting a Virtual Desktop Agent session on a 64-bit user device running Windows 7 and using Internet Explorer 9, the user may be asked to open or save launch.ica. The user should click Open to continue. To avoid this message, add the Web Interface server to the trusted servers list in Internet Explorer. [#262150] Portions of the screen during a Virtual Desktop Agent Session running XenDesktop 5.x or XenDesktop 4.x using Citrix Receiver 3.0 (formerly Citrix Online plug-in) in multiple monitor full screen mode may blink on and off. This occurs if the display memory requested is greater than what is set in the Citrix Machine Policy setting Display memory limit and the Display mode degrade preference is set to Degrade resolution first. To avoid this behavior, increase the Display memory limit up to 131072 KB or change the Display mode degrade preference to Degrade color depth first. [#259456] When using a XenDesktop 4 Desktop Delivery Controller with XenDesktop 5 Virtual Desktop Agents, policies and farm settings should only be configured using the XenDesktop 4 Presentation Server Console and Delivery Services Console. Any policies configured using the XenDesktop 5 or 5.5 version of Citrix Group Policy SDK (for example, using Microsoft Group Policy Management Console/Windows Group Policy Editor on a server or workstation with XenDesktop 5.x version of Citrix Group Policy SDK) may not get applied correctly and are likely to give unexpected results.[#262982] The Virtual Desktop Agent, running on Windows 7 32-bit or 64-bit machines, may stop responding after Personalize is selected from the Desktop Settings menu. This occurs intermittently in multiple monitor environments where the primary monitor is located other than in the top left of the monitor layout. Microsoft is investigating the issue. [#259457] When dragging a window across screen boundaries in a Wyse Xenith multiple monitor environment, the window may not respond to mouse movements as expected and may appear to freeze for a time. To address this issue, upgrade to the 1.6 version of the Wyse Xenith client. [#262847] When copying and pasting content from Microsoft Excel 2010, Excel 2007, or Excel 2003 with Citrix Receiver 3.0 in a Citrix XenDesktop 5.5 environment, the users session may be interrupted for several seconds and then resume. The interruption occurs following the copy action. No data is lost and the session continues where it was interrupted. If this occurs, disable the Client clipboard redirection policy setting. [#262573] Auto Client Reconnect may not operate as expected following a network outage. This issue has been observed on Virtual Desktop Agents running on Windows 7 and Vista. If, after a connection has been interrupted, automatic reconnection fails, users can reconnect to applications manually. [#262575] The Virtual Desktop Agent may stop responding if a different user attempts to switch between a XenDesktop session and an RDP session [#263063]
59
The update image consists of Virtual Desktop Agent updates and the latest Citrix Policies. The full image consists of Virtual Desktop Agent updates and server component updates.
The following table explains which image to use. To perform: A new installation of XenDesktop Use this image: Full image Read these sections: Installing and Upgrading XenDesktop 5.5 Server Components; Installing and Upgrading the Virtual Desktop Agent Installing and upgrading the Virtual Desktop Agent Installing and Upgrading XenDesktop 5.5 Server Components; Installing and Upgrading the Virtual Desktop Agent
An upgrade of the Virtual Desktop Agent only An upgrade from XenDesktop 5 or XenDesktop 5 Service Pack 1, and upgrade of the Virtual Desktop Agent System Requirements
60
Install and Set Up For information about system requirements, see XenDesktop 5 System Requirements and the XenDesktop 5 Service Pack 1 documentation. Note the following updates to these requirements:
q
Virtual Desktop Agent Requirements - Virtual machines can run Windows 7 Aero 32-bit or 64-bit. Desktop Director Browser Requirements - For the latest requirements, see the Desktop Director documentation. Host Requirements XenDesktop also lets you manage virtual desktops supported on:
q
Citrix XenServer 6. However, unless you intend using the Multi-GPU Passthrough feature of HDX 3D Pro, Citrix recommends you do not upgrade to XenServer 6. For further details, see the XenServer documentation. For more information on hypervisor support in XenDesktop, see http://support.citrix.com/article/CTX131239.
VMware vSphere 5. For more information, see the VMware documentation at http://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html. For information about system requirements for HDX 3D Pro, see System Requirements for HDX 3D Pro.
q
To ensure availability of the features and functionality of XenDesktop to your users, install the most recent version of any receivers, plug-ins, and agents you use. At the time of its release, XenDesktop 5.5 was tested with Receiver for Windows 3.0 (with online plug-in 13.0). The Citrix online plug-in 12.1, the Citrix Receiver for Linux 11.1000, and the Citrix online plug-in for Macintosh 11.2 were also tested and can be used, but some XenDesktop 5.5 features will not be available. About the Virtual Desktop Agent The Virtual Desktop Agent can be installed in one of two modes in this release. Before you install or upgrade, decide which mode you require:
q
Virtual Desktop Agent. Select the standard Virtual Desktop Agent to take advantage of the new features and enhancements available with XenDesktop 5.5, including HDX features such as Second Generation Flash Redirection, audio, and Windows Media Redirection. For more information on the new features and enhancements, see What's New in XenDesktop 5.5. Virtual Desktop Agent for HDX 3D Pro. Select the Virtual Desktop Agent for HDX 3D Pro if you intend using the HDX 3D Pro feature of XenDesktop Enterprise and Platinum editions to deliver desktops and applications that use a graphics processing unit (GPU) for hardware acceleration. To install the Virtual Desktop Agent for HDX 3D Pro, you require a key file that you can obtain from the Citrix Downloads Web site. The key file is required for licensing purposes; during download of the key file, you are prompted for the number of users. Store the key file on a suitable place on the network that you can later access during installation. For more information on installing and configuring HDX 3D Pro, including installing from the command prompt, see Installing and Configuring HDX 3D Pro.
You can upgrade from a previous version of the standard Virtual Desktop Agent to the XenDesktop 5.5 standard Virtual Desktop Agent.
61
Install and Set Up You cannot upgrade from the standard Virtual Desktop Agent to the Virtual Desktop Agent for HDX 3D Pro. Instead, you must uninstall the standard Virtual Desktop Agent and then install the Virtual Desktop Agent for HDX 3D Pro. You cannot upgrade from an earlier Virtual Desktop Agent for HDX 3D Pro to the XenDesktop 5.5 Virtual Desktop Agent for HDX 3D Pro. You must uninstall the earlier Virtual Desktop Agent and any add-ons, and then install the XenDesktop 5.5 Virtual Desktop Agent for HDX 3D Pro.
62
Install and Set Up 5. On the Select Components to Install page, select the components you want to install and where you want to install them. 6. On the Controller Location page, specify the controllers in the XenDesktop site to which the Virtual Desktop Agent will connect, either by manually entering the locations or by selecting controllers from Active Directory. Alternatively, select Configure at a later time if you plan to specify controller locations later using Group Policy or by rerunning the Virtual Desktop Agent installer. Important: Ensure you specify the locations of all the controllers in the site, otherwise some user connections may be refused. For load balancing, the Virtual Desktop Agent automatically distributes connections evenly across the controllers. 7. On the Virtual Desktop Configuration page, specify whether or not you want to enable user desktop shadowing and real time monitoring. 8. Configure the agent as follows:
q
Reconfigure the firewall. If the Windows firewall is detected, the necessary ports can be opened automatically for you. If another firewall is detected, you are told which ports you need to open manually for XenDesktop to operate successfully. You can also request to have the necessary ports opened for Windows Remote Assistance and Windows Remote Management. For more information on configuring firewalls manually, see To configure firewalls manually.
If this installation is running in a VM on a hypervisor, you can select to have the VM automatically optimized for use with XenDesktop. Optimization involves actions such as disabling offline files, disabling background defragmentation, and reducing the event log size. For more information on VM optimization, see http://support.citrix.com/article/ctx125874/. 9. Review the installation summary before clicking Install. When installation begins, progress is displayed on the screen.
q
10. When installation is complete the default is to restart the machine; you must do this for the changes to take effect. You can also install the Virtual Desktop Agent through a command-line utility; see: XenDesktopVdaSetup.exe. To deploy the Virtual Desktop Agent through Active Directory Group Policy, see http://support.citrix.com/article/ctx127301/. Note: When you install the Virtual Desktop Agent, a new local user group for authorized RDP users is automatically created. The group is called Direct RDP Access Administrators. For more information on using protocols other than ICA, see http://support.citrix.com/article/ctx121657/. XenDesktop requires desktops and controllers to have synchronized system clocks. This is required by the underlying Kerberos infrastructure that secures the communication between the machines. You can use normal Windows domain infrastructure to ensure that the system time on all machines is correctly synchronized. To add or remove components, select the Windows option for adding or removing programs, then select Citrix Virtual Desktop Agent. You can then select to add, remove, or reconfigure components, or remove the Virtual Desktop Agent completely. You cannot remove support for XenApp application delivery through the XenDesktop installation wizard; you must remove the plug-ins directly through the Windows removal
63
Install and Set Up option. The Reconfigure the VDA option enables you to update the site selection and port numbers. Launching the Virtual Desktop Agent MSI in Standalone Mode Citrix recommends you launch the Virtual Desktop Agent MSI (XdsAgent.msi) only through Autorun, not in standalone mode by double-clicking it. However, if you decide to launch the MSI in standalone mode, you must provide the following configuration information or the Virtual Desktop Agent may not operate as expected:
q
Add controller information or site details to the Windows registry. If the VM is to be optimized for XenDesktop performance, optimization steps must be carried out manually. For more information on VM optimization, see http://support.citrix.com/article/ctx125874/ If the Windows Firewall is enabled, perform the following additional steps:
q
Open firewall ports for ICA, Workstation Agent and CGP (TCP ports 1494, 80, 2598). For user desktop shadowing configuration, enable Remote Assistance and open the firewall port (TCP port 3389). For Real time monitoring, enable and secure Remote Management. For HDX RealTime for Audio, open UDP ports 1650016509. For more information on configuring firewalls manually, see To configure firewalls manually.
Caution: Not all of these port numbers are IANA registered and may be in use for other purposes.
64
Install and Set Up schema; the installation process automatically detects which components require upgrade and the wizard guides you through the required steps (for example, if a database upgrade from the existing version is required, you are prompted for this). To add or remove server components, select the Windows option for adding or removing programs, then select Citrix XenDesktop. You can then select to add or remove components, or to remove XenDesktop completely. Note: Before removing the controller component from a server, you must first ensure that the controller is removed from the site using Desktop Studio. Updating Citrix Policies and Settings To upgrade to the latest Citrix Policies and Settings, locate the appropriate CitrixGroupPolicyManagement MSI in the Delivery Controller and Additional Components ISO. Install CitrixGroupPolicyManagement_x86.MSI or CitrixGroupPolicyManagement_x64.MSI, for 32-bit or 64-bit computers respectively. This upgrade allows you to configure the new HDX features included in this release.
65
Quick Links
q
Configuring HDX MediaStream Flash Redirection Configuring Audio Video Conferencing with HDX RealTime Webcam Video Compression Redirecting Aero Functionality Improving Responsiveness in Low Bandwidth Conditions by Compressing Colors Assigning Priorities to Network Traffic Providing Smooth-running Videos and Slide Shows Configuring Read-Only Access to Mapped Client Drives
66
WAN-connected user support. The second generation and legacy versions of Flash Redirection are complete and run in separate virtual channels. Intelligent Fallback, which allows Flash sessions, on a per-instance basis, to be determined to be more efficient when rendered on the server. The Flash URL Compatibility List replaces the original Flash URL Blacklist setting. Listed URLs can now be blocked or specified for rendering on the user device or the server.
67
Citrix Receiver 3.0 (formerly called the online plug-in) is required on the user device to use the second generation Flash Redirection features. Online plug-in 12.1 is supported on the user device for the original, or legacy, Flash Redirection features only. A network connection exists and is enabled. To use XenDesktop Virtual Desktop Agents, establish a network connection between the user's Windows device and the agent. Adobe Flash Player for Windows - Other Browsers is installed on the user device. The version of the Flash Player on the user device must be equal to or higher than the Flash Player for Windows Internet Explorer installed on the server running Citrix XenApp 6.5 or Citrix XenDesktop 5.5. Note: If an earlier version of the Flash Player is installed on the user device, or the Flash Player cannot be installed on the user device, Flash content is rendered on the server.
Flash Player 10.1 or above for Windows Internet Explorer is installed on the servers running XenApp and XenDesktop's Virtual Desktop Agents. Internet Explorer 9, Internet Explorer 8, or Internet Explorer 7. Second generation Flash Redirection on XenDesktop 5.5 supports Internet Explorer 9.
In order to enable support for Internet Explorer 9 on the XenApp 6.5 server, an edit to the registry of the XenApp server is required. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
q
For a 32-bit operating system: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer Add the entry named IEBrowserMaximumMajorVersion with a DWORD value = 00000009.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServ Add the entry named IEBrowserMaximumMajorVersion with a DWORD value = 00000009.
Caution: Flash Redirection requires significant interaction between the user device and server components. Therefore, this feature should be used only in environments where security separation between the user device and server is not needed. User devices should be configured to use the Flash Redirection feature only with trusted servers. Flash Redirection requires the Flash Player to be installed on the user device. Therefore, Flash Redirection should be enabled only if the Flash Player itself is secured.
68
Flash backwards compatibility Flash default behavior Flash intelligent fallback Flash latency threshold Flash server-side content fetching URL list Flash URL compatibility list Flash event logging Flash acceleration Flash background color list
Connection Second generation on a user device and second generation on a server Legacy mode on a user device and second generation on a server
Second generation on a user device Legacy mode and Legacy mode on a server The Enable HDX MediaStream Flash Redirection on the user device setting on the user device must also be enabled.
69
Configuring HDX MediaStream Flash Redirection on the Server To use the backward compatibility feature:
q
On the server running Desktop Studio or AppCenter, enable the Citrix User Policy setting Flash backwards compatibility. On the user device, enable the Enable HDX MediaStream for Flash on the user device setting, selecting the Always or Ask options. Note: Backwards compatibility is not available if the Only with Second Generation option is selected.
Behavior The user cannot view any Flash content. Second generation and Legacy mode Flash Redirection, and server-side rendering are not used. The user can view server-side rendered Flash content if Flash Player for Windows Internet Explorer compatible with the content is installed on the server. Second generation and Legacy mode Flash Redirection is not used.
Flash Redirection is used. Second Generation is available where its requirements are met. Legacy mode is available when backwards compatibility is enabled. Enable Flash acceleration is the default and will be used if no option is selected.
70
Add the URL of the Flash application; not the top-level .html page that instantiates the Flash Player to the list. Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list. Use a trailing wildcard to allow all child URLs, for example http://www.sitetoallow.com/*. The prefixes http:// or https:// are used when present, but they are not required.
Configure the Flash server-side content fetching URL list setting by clicking New to add new URLs to the list.
71
Configuring HDX MediaStream Flash Redirection on the Server Important: You must enable the Enable server-side content fetching setting on the user device for the Flash server-side content fetching URL list on the server to work.
Rendered on the user device. Rendered on the server. Blocked from rendering.
Consider the following when configuring the Flash URL compatibility list setting:
q
Prioritize the list with the most important URLs, actions, and rendering locations at the top. Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list. Use a trailing wildcard to refer to all child URLs, for example http://www.sitetoblock.com/*). The prefixes http:// or https:// are used when present, but they are not required. Add sites containing Flash content that does not render correctly on the user device to the list, using the Render on Server or Block options.
To configure the Flash URL compatibility list setting: 1. Click New to open the Add Flash URL Compatibility list entry dialog box. 2. Select an action (Render on Client, Render on Server, or Block). 3. In the URL Pattern box, type the URL of the Web site upon which you want to act. 4. Select the Flash instance you want to serve as a trigger.
q
Select Any: The action occurs any time any Flash instance connects with the listed Web site. Select Specific: Type the Flash player ID. The action occurs only when this specific Flash instance connects with the listed Web site.
Flash Redirection reports events to the Application log. The Source value is Flash. The Category value is None.
In addition to the Windows event log, on computers with Windows 7 or Windows Vista, a Flash Redirection-specific log appears in the Applications and Services Logs node. Flash Redirection-specific log is also available on Windows Server 2008 R2 computers running this Early Release version of XenApp. If Windows XP is used, Flash Redirection log information is found only in the Windows application event log. Configure the Flash event logging setting for Legacy mode by selecting Enabled, which is the default, or Disabled. Configuration is not available for Second Generation Flash Redirection.
To enable and disable the Legacy mode HDX MediaStream Flash Redirection from the server
Legacy mode Flash Redirection is enabled on the server for client-side rendering by default. You can enable and disable Legacy mode Flash Redirection from the server through the Citrix User Policy setting Flash acceleration, in the Flash Redirection category. Configure the Flash acceleration setting by selecting Enabled, which is the default, or Disabled. When Enabled is selected, all Flash content from sites not blocked by the Flash URL compatibility list is rendered on the user device using Legacy mode. If Disabled is selected, all Flash content is rendered on the server.
73
To configure HDX MediaStream Flash Redirection on the User Device with Group Policy Objects
1. Create or select an existing Group Policy Object. 2. Import and add the HDX MediaStream Flash Redirection - Client administrative template (HdxFlash-Client.adm), available in:
q
For 32-bit computers: %Program Files%\Citrix\ICA Client\Configuration\language. For 64-bit computers: %Program Files (x86)%\Citrix\ICA Client\Configuration\language.
Note: For details on creating Group Policy Objects and importing and adding templates, see the Microsoft Active Directory documentation at http://www.microsoft.com.
Desktop Lock is used: Flash Redirection is enabled by default. All other conditions: The user receives a dialog box the first time they access Flash content in each session in which the user can enable HDX MediaStream Flash Redirection.
1. In the Group Policy Object Editor, expand either the Computer Configuration or User Configuration node. 2. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream Flash Redirection - Client. 3. From the Setting list, select Enable HDX MediaStream Flash Redirection on the user device and click policy setting. 4. Select Not Configured, Enabled, or Disabled.
74
Configuring HDX MediaStream Flash Redirection on the User Device 5. If you selected Enabled, from the Use HDX MediaStream Flash Redirection list, select Always, Ask, Never, or Only with Second Generation. Note: Selecting Ask results in users receiving the Citrix Receiver - Flash dialog box the first time they access Flash content in each session in which the user can enable Flash Redirection. If the user does not enable Flash Redirection, the Flash content is played on the server. Selecting Always, Never, and Only with Second Generation does not result in this dialog box. Select Always to always use Flash Redirection to play Flash content on the user device. Select Never to never use Flash Redirection and have Flash content play on the server. Select Only with Second Generation to use the latest Flash Redirection functionality when the required configuration is present and revert to server-side rendering when the required configuration is not present. 6. For the policy to take effect:
q
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
If Citrix Receiver detects the user device does not have the required version of the Adobe Flash Player (Flash Player for Windows - Other Browsers, sometimes referred to as an NPAPI (Netscape Plugin Application Programming Interface Flash Player)), the Citrix Receiver - Flash dialog box offers the user the opportunity to obtain and install a copy of the correct player. Before downloading, an explanation of why the player is needed appears. If Enabled and Ask are selected, the Citrix Receiver - Flash dialog box appears. At this point, the user can choose whether or not to optimize Flash content for the rest of their session. Don't ask me again is not visible. The dialog box appears the first time the user encounters Flash content each session. XenApp only: If Not Configured is selected, the Citrix Receiver - Flash dialog box appears the first time the user accesses Flash content in each session. At this point, the user can choose whether or not to optimize Flash content for the rest of the session. If the user selects Don't ask me again, the optimization choice will be used in future sessions. The dialog box does not appear in the future. Changing this setting requires editing the user device registry. XenDesktop only: If the user opens the Citrix Receiver - Desktop Viewer Preferences dialog box and selects the Flash tab, a page with contents similar to the Citrix Receiver - Flash dialog box appears. The user can choose whether or not to optimize Flash content in future sessions on this page. If the user selects Ask me later, the Citrix Receiver - Flash dialog box appears the first time the user encounters Flash content each session. Don't ask me again is not visible. The user can change this setting at the
75
Configuring HDX MediaStream Flash Redirection on the User Device Citrix Receiver - Desktop Viewer Preferences dialog box.
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
The user device does not have direct access to the Internet. The user device connects to internal sites through Citrix Access Gateway.
Note: Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP). Instead, server-side rendering for such sites is used. The second generation of Flash Redirection introduces three new enabling options as described in the following table. Two of these options include the ability to cache server-side content on the user device. This improves performance because content that is 76
Configuring HDX MediaStream Flash Redirection on the User Device reused is already available on the user device for rendering. Note: The contents of this cache are stored separately from other HTTP content cached on the user device. Also introduced in the second generation is server-side content fetching fallback. When one of the three Enabled options is selected, server-side content fetching automatically begins if client-side fetching of .swf files fails.
Option Disabled
Description Disables server-side content fetching, overriding the Flash server-side content fetching URL list setting on the server. Server-side content fetching fallback is also disabled. Enables server-side content fetching for Web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Flash content is not cached. Enables server-side content fetching for Web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and stored from session to session. Enables server-side content fetching for Web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and deleted at the end of the session.
Enabled
Important: The Flash server-side content fetching URL list setting on the server must be enabled and populated with target URLs for server-side content fetching to work. 1. In the Group Policy Object Editor, expand either the Computer Configuration or User Configuration node. 2. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream Flash Redirection - Client. 3. From the Setting list, select Enable server-side content fetching and click policy setting. 4. Select Not Configured, Enabled, or Disabled. 5. If you enabled this setting, choose an option:
q
77
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
78
Configuring Audio
You can configure audio through the Policies node of Citrix Desktop Studio (Citrix XenDesktop) or Citrix AppCenter (Citrix XenApp). You control the settings for the audio features through the following Citrix User Policy settings:
q
Audio Plug-n-Play (XenApp only) Audio quality Client audio redirection Client microphone redirection Audio redirection bandwidth limit Audio redirection bandwidth limit percent Audio over UDP Real-timeTransport (XenDesktop only) Audio UDP Port Range (XenDesktop only)
Most audio features are transported using the ICA stream and are secured in the same way as other ICA traffic. User Datagram Protocol (UDP) audio uses a separate, unsecured, transport mechanism.
Low - for low-speed connections for low-bandwidth connections. Sounds sent to the client are compressed up to 16Kbps. This compression results in a significant decrease in the quality of the sound but allows reasonable performance for a low-bandwidth connection.
79
Configuring Audio Select Medium - optimized for speech for delivering Voice over IP applications. Audio sent to the client is compressed up to 64Kbps. This compression results in a moderate decrease in the quality of the audio played on the client device, but provides low latency and consumes very low bandwidth. Currently, Real-time Transport (RTP) over UDP is only supported when this audio quality is selected. Use this audio quality even for delivering media applications for the challenging network connections like very low (less than 512Kbps) lines and when there is congestion and packet loss in the network.
q
Select High - high definition audio when delivering media applications. This setting provides high fidelity stereo audio but consumes more bandwidth than the Medium quality setting. Use this setting when network bandwidth is plentiful and sound quality is important. Note: High definition increases bandwidth requirements by sending more audio data to user devices and increases server CPU utilization.
Important: You must also enable audio on Client audio settings on the user device.
80
Configuring Audio Configure the Client microphone redirection setting by choosing Allowed, the default, or Prohibited. When using XenApp, the Audio Plug-n-Play setting must be enabled to use multiple input devices. Important: You must also enable audio on Client audio settings on the user device.
81
Configuring Audio
82
83
Install Citrix Receiver 3.0 for Windows, formerly Citrix online plug-in, or Citrix Online Plug-in 12.1 for Windows on the user device. For Microsoft Office Communicator:
q
q Install Microsoft Office Communicator 2007 on the Virtual Desktop Agent. Ensure the user device has the appropriate hardware to produce sound.
Use the web camera default settings. Install drivers for web cameras on the user device. Where possible, use drivers obtained from the camera manufacturer, rather than from a third party. Note: Only one web camera is supported at a time. If a device has multiple web cameras attached, the cameras are tried in succession until a connection is made.
Enable the following Citrix Policy settings in the Citrix Desktop Studio:
q
84
85
Taskbar Preview When the user hovers over a window's taskbar icon, an image of that window appears above the taskbar.
Windows Peek When the user hovers over a taskbar preview image, a full-sized image of the window appears on the screen.
Flip When the user presses ALT+TAB, small preview icons are shown for each open window.
Flip 3D When the user presses TAB+Windows logo key, large images of the open windows cascade across the screen.
Requirements
User Device
q
Hardware
q
128MB memory 2 GHz non-mobile central processing unit (CPU). Citrix recommends 3 GHz for optimal performance.
q
Note: Dual monitor sessions are supported for user devices with a single GPU. A single GPU is defined as a single entry under Display adapters in Device Manager and not as the number of PCI cards plugged in the device. A single PCI card can have multiple GPUs on it.
q
Software
86
Note: If a user device does not meet these requirements, Windows 7 Basic is used in place of Windows Aero. Server
q
Hardware A peripheral component interconnect (PCI) display card with an interrupt request (IRQ) line Software
q q
The Available and Recommended Mbps incorporate end-to-end latency. If bandwidth is not able to sustain Windows Aero, Aero Redirection is terminated and Windows 7 Basic is delivered.
87
88
Improving Responsiveness in Low Bandwidth Conditions by Compressing Colors Set the Extra Color Compression Threshold setting by typing a kbps rate in the Value field. Alternatively, click Use default value to use 2,000 kbps.
89
Very High: for realtime activities, such as webcam conferences. High: for interactive elements, such as the screen, keyboard, and mouse. Medium: for bulk processes, such as Client Drive Mapping (CDM). Low: for background activities, such as printing.
XenDesktop supports multiple channel streaming connections only for Virtual Desktop Agents installed on Windows 7 environments. Work with your company's network administrator to ensure the Common Gateway Protocol (CGP) ports configured in the Multi-Port Policy setting are assigned correctly on the network routers. The Secure Sockets Layer (SSL) connections are only supported when the connections are traversing an Access Gateway that supports multi-stream. When running on an internal corporate network, multi-stream connections with SSL are not supported (this includes SSL Relay, on the XenApp server). Quality of service is supported only when multiple session reliability ports, or the CGP ports, are configured. Caution: Use transport security when using this feature. Citrix recommends using Internet Protocol Security (IPsec) or Secure Sockets Layer ( SSL).
Multi-Stream, a Citrix Machine Policy setting in XenDesktop and a Citrix Computer Policy setting in XenApp. Multi-Port Policy, a Citrix Machine Policy setting in XenDesktop and a Citrix Computer Policy setting in XenApp. Multi-Stream, a Citrix Users Policy setting in XenDesktop and a Citrix User Policy setting in XenApp.
90
Assigning Priorities to Network Traffic 1. In Machine settings (XenDesktop) or Computer settings (XenApp), open the Multi-Port Policy Add Setting dialog box. 2. From the CGP default port priority list, select a priority. 3. Type additional CGP ports in CGP port1, CGP port2, and CGP port3, as needed, and identify priorities for each. 4. In Machine settings (XenDesktop) or Computer settings (XenApp), open the Multi-Stream Add Setting dialog box and select Enabled or Disabled. 5. In Users settings (XenDesktop) or User settings (XenApp), open the Multi-Stream Connections Add Setting dialog box and select Enabled or Disabled. Important: Firewalls on Virtual Desktop Agents or XenApp Server must be explicitly configured to allow the additional TCP traffic as part of the Multi-Port Policy setting. For the policies to take effect, users must log off and then log on to the network.
91
Enable and disable Adaptive Display with Moving Image Compression. Moving Image Compression is enabled by default. Select the amount of lossy compression to apply to images with Lossy compression level. Higher compression increases responsiveness when available bandwidth is low. The greater the lossy compression, however, the greater the loss of detail in the image. The lossy compression level sets the starting JPEG quality. Adaptive Display adjusts the JPEG quality between the starting point to the Minimum Image Quality based on the bandwidth available to try to keep the frame rate from decreasing. You can choose from the following lossy compression levels:
q
None - No lossy compression is applied. The starting JPEG quality is 80. Low - The starting JPEG quality is 25. Medium - This is the default setting. The starting JPEG quality is 55.
High - The starting JPEG quality is 80. Select the minimum acceptable JPEG quality for Adaptive Display with Minimum Image Quality. The less compression used, the higher the frames per second rate.
q q
Selecting Ultra High results in a JPEG quality of 80. This is the lowest minimum compression, but it provides the highest image quality available for this setting. This setting also uses the most resources and bandwidth. Selecting Very High results in a JPEG quality of 55. Selecting High results in a JPEG quality of 30. Selecting Normal, which is the default, results in a JPEG quality of 20.
Selecting Low results in a JPEG quality of 15. This is the highest minimum compression and provides the lowest image quality available for this setting. Set the maximum number of frames per second used with Max Frames Per Second. The default setting is 24 frames per second. You can increase the rate to as high as 30 frames per second or decrease it to as low as 5 frames per second. As the number of frames per second increases, the amount of resources and bandwidth necessary to deliver the image increases. As the number of frames per second decreases, the amount of bandwidth necessary to deliver the image decreases.
q
92
Set the threshold below which lossy compression is applied with Lossy Compression Threshold Value. When the bandwidth rises above the threshold, lossy compression ceases. You can use lossy compression with no set threshold to apply lossy compression continuously to all images. The default setting is 2,147,483,647 kilobits per second Identify the minimum frame rate you want with Target Minimum Frame Rate. The default setting is 10 frames per second. This minimum is a target and is not guaranteed. Adaptive Display automatically adjusts to stay at or above this setting where possible.
93
94
Multi-monitor support. For Windows 7 desktops, HDX 3D Pro supports user devices with multiple monitors. Users have the freedom to arrange their monitors in any configuration they choose and can mix monitors with different resolutions and orientations. The number of monitors is limited only by the capabilities of the host computer GPU, the user device, and the available bandwidth. HDX 3D Pro also provides limited support for multi-monitor access to Windows XP desktops. Support for XenServer VMs. In addition to physical host computers, HDX 3D Pro supports XenServer VMs with Multi-GPU Passthrough. The XenServer Multi-GPU Passthrough feature enables you to create VMs with exclusive access to dedicated graphics processing hardware. You can install multiple GPUs on the hypervisor and assign VMs to each of these GPUs on a one-to-one basis. HDX 3D Pro policies. You can use policies in XenDesktop to set the range of image quality adjustment available to users in the image quality configuration tool and to specify whether users can manually enable or disable lossless compression.
95
HDX 3D Pro
Other Features
q
Lossless compression. HDX 3D Pro supports lossless compression, which enables you to deliver pixel-perfect images for applications such as medical imaging. GPU-accelerated deep compression. Where a compatible NVIDIA CUDA-enabled GPU is available, HDX 3D Pro can leverage the GPU to accelerate the encoding of images and provide a greater degree of compression. GPU-based deep compression is particularly efficient at minimizing bandwidth usage for organic images such as textured data, video, and geographical images. If a compatible GPU is not available, HDX 3D Pro falls back to CPU-based compression. High resolution monitor support. HDX 3D Pro supports all monitor resolutions and is only limited by the capabilities of the GPU on the host computer. Best user experience over any bandwidth. On LAN connections with bandwidths of 100 Mbps, HDX 3D Pro delivers a user experience equivalent to that of a local desktop. Additionally, the performance optimizations in HDX 3D Pro enable you to deliver an interactive user experience over WAN connections with bandwidths as low as 2 Mbps. Real-time image quality configuration tool. HDX 3D Pro includes an image quality configuration tool that enables users to adjust in real time the balance between image quality and responsiveness to optimize their use of the available bandwidth. Desktop or VM hosted apps. With HDX 3D Pro and XenDesktop, you can deliver graphically intensive applications as part of a complete virtual desktop or as a VM hosted app, according to the requirements of your users.
96
Host Requirements
The Virtual Desktop Agent for HDX 3D Pro is supported for installation on the following versions of Windows.
q
Windows 7 64-bit Editions with Service Pack 1 Windows 7 32-bit Editions with Service Pack 1 Windows XP Professional x64 Edition with Service Pack 2 Windows XP Professional with Service Pack 3
HDX 3D Pro can be used to deliver any application that is compatible with the supported host operating systems, but is particularly suitable for use with DirectX and OpenGL-driven applications, and with rich media such as video. The computer hosting the application can be either a physical machine or a XenServer VM with Multi-GPU Passthrough. The Multi-GPU Passthrough feature is available with Citrix XenServer 6.0 on the Citrix Downloads Web site. Citrix recommends that, at minimum, the specification of the host computer include at least 4 GB of RAM and a dual-core CPU (or two virtual CPUs) with a clock speed of 2.3 GHz or higher.
97
System Requirements
98
HDX 3D Pro supports both physical host computers, including desktop, blade, and rack workstations, and XenServer VMs with Multi-GPU Passthrough. The XenServer Multi-GPU Passthrough feature enables you to create VMs with exclusive access to dedicated graphics processing hardware. You can install multiple GPUs on the hypervisor and assign VMs to 99
Plan each of these GPUs on a one-to-one basis. To optimize the delivery of graphically intensive applications, HDX 3D Pro uses different compression technologies than the standard Virtual Desktop Agent. Where a compatible NVIDIA CUDA-enabled GPU is available on the host computer, HDX 3D Pro employs a codec that uses the GPU on the host to encode data. User devices require the decoder for the codec to receive GPU-encoded data, but they do not need a dedicated GPU. If the GPU on the host computer is not supported for GPU-based deep compression or if the user device does not have the decoder for the GPU codec, HDX 3D Pro uses CPU-based compression. The CPU codec is also used when lossless compression is required to support applications where pixel-perfect graphics are necessary, such as medical imaging. In deployments where the appropriate GPU hardware is available on the host computer, HDX 3D Pro uses GPU-based deep compression by default, although you can enable users to switch to other modes that use CPU-based compression. GPU-based deep compression makes optimum use of the available bandwidth: you can deliver complex interactive graphics over WAN connections with bandwidths as low as 2 Mbps. On LAN connections, the bandwidth consumed by graphically intensive applications can be reduced dramatically without compromising the high definition user experience. CPU-based compression requires at least 3 Mbps of network bandwidth to deliver an interactive user experience, although when lossless compression is enabled this rises to 10 Mbps.
100
101
Install and Set Up 8. Read and accept the license agreement, and click Next. 9. Select Virtual Desktop Agent for HDX 3D Pro and navigate to the location of the HDX 3D Pro key file you downloaded. Click Next. 10. On the Select Components to Install page, specify whether or not you want to install Citrix Receiver on the host computer in addition to the Virtual Desktop Agent for HDX 3D Pro. If you decide to install Citrix Receiver, you can enter the URL of your XenApp server farm to preconfigure Citrix Receiver for your users. If you plan to deliver the entire desktop of the host computer to your users, install Citrix Receiver on the host computer so that users can access XenApp applications from within the virtual desktop. You do not need to install Citrix Receiver if you plan to deliver the graphical application as a VM hosted app. 11. On the Controller Location page, specify the controllers in the XenDesktop site to which the Virtual Desktop Agent for HDX 3D Pro will connect, either by manually entering the locations or by selecting controllers from Active Directory. Alternatively, select Configure at a later time if you plan to specify controller locations later using Group Policy or by running the installer again. Important: Ensure that you specify the locations of all the controllers in the site, otherwise some user connections may be refused. For load balancing, the Virtual Desktop Agent for HDX 3D Pro automatically distributes connections evenly across the controllers. 12. On the Virtual Desktop Configuration page, specify whether or not you want to enable user desktop shadowing and real time monitoring. If the host computer is a VM, ensure that the Optimize XenDesktop Performance check box is selected. Optimizing the VM improves the performance of users' desktops by reconfiguring various Windows features that are incompatible with or unnecessary for virtual desktops, such as disabling background defragmentation and reducing the event log size. For more information about the optimizations performed by the installer, see http://support.citrix.com/article/CTX125874. 13. If you are using a firewall other than Windows Firewall on the host computer, manually enable ports 80, 1494, 2598, and 3389 to allow XenDesktop to function correctly and open ports 1650016509 to enable Real-time Transport for Audio. If Windows Firewall is running on the host computer, the installer gives you the option to open the ports automatically. Click Next. 14. On the Summary page, click Install. Before the Virtual Desktop Agent for HDX 3D Pro is installed, the following prerequisites are installed if they are not already present on the host computer.
q Microsoft Visual C++ 2008 with Service Pack 1 Redistributable Package 15. When the installation is complete, ensure that the Restart machine (required to complete install) check box is selected and click Close.
16. If you did not replicate your users' monitor setup on the host computer before installing the Virtual Desktop Agent for HDX 3D Pro, configure virtual monitors to ensure that users can view the graphical application in a maximized window and across multiple monitors. For more information, see Configuring Monitors for HDX 3D Pro. 102
Install and Set Up 17. After completing the installation of the Virtual Desktop Agent for HDX 3D Pro, log on to the computer running Desktop Studio. Create an existing (if the host computer is a VM) or physical machine catalog, as appropriate, and add the computer hosting the graphical application. For more information about creating catalogs, see To create a new machine catalog. 18. Finally, to make the virtual desktop or VM hosted app available to users, create a desktop group or an application desktop group using the catalog containing the host computer. For more information about creating desktop groups and application desktop groups, see To create a desktop group and To create an application desktop group, respectively.
You can also install the Virtual Desktop Agent for HDX 3D Pro from a command prompt. To install HDX 3D Pro, run XenDesktopVdaSetup.exe and include the following arguments in addition to any others you may need to use.
q
/ENABLE_HDX_3D_PRO /KEY_FILE <path>, where <path> specifies the location of the HDX 3D Pro key file /GPU_ON_SERVER=1 On host computers running Windows 7, include /INSTALLONWDDM=1
For more information about other arguments that can be used when installing the Virtual Desktop Agent from a command prompt, see XenDesktopVdaSetup.exe. If you want to deploy the Virtual Desktop Agent for HDX 3D Pro through Active Directory Group Policy, ensure that the transform file specifies appropriate values for the ENABLE_HDX_3D_PRO and KEY_FILE properties. For more information about deploying the Virtual Desktop Agent through group policy, see http://support.citrix.com/article/CTX127301.
103
104
105
Manage
HDX3DConfigCmdLineX[86 | 64].exe <command> <value> Valid commands and values are listed in the table below. Default values are shown in bold text.
Command DEBUG_LOGGING
Values 0|1
Description Specifies whether or not advanced logging is enabled for the Virtual Desktop Agent for HDX 3D Pro. Entering a value of 1 for this command enables advanced logging, which is disabled by default. Displays the current configuration of the Virtual Desktop Agent for HDX 3D Pro. Specifies whether or not HDX 3D Pro automatically adjusts the balance between image quality and responsiveness according to the available bandwidth. Entering a value of 1 for this command disables automatic adjustment of image quality and delivers all images at the specified quality, regardless of the available bandwidth. Users can also enable fixed quality using the image quality configuration tool. Specifies whether or not HDX 3D Pro automatically selects the 2D Drawing check box in the image quality configuration tool when selected by the user in the previous session. Entering a value of 1 for this command enables users to select the 2D Drawing check box and have this setting selected by default in their next session. By default, HDX 3D Pro automatically selects the Lossless check box when selected by the user in the previous session, but does not do so for the 2D Drawing check box. Specifies the minimum number of CUDA cores required on an NVIDIA GPU in order for it to be used by HDX 3D Pro for GPU-based deep compression. Important: Ensure that users have logged off from the desktop or VM hosted app before you change the minimum number of CUDA cores. For optimum performance, Citrix recommends using a GPU with at least 128 parallel CUDA cores for single-monitor access.
None [0 | 1]
FORCE_CODEC
[0 | 1]
GPUCODEC_MINCUDACORES
96 | 64 | 32
106
Manage MIRROR_DRIVER 1|0 Specifies whether or not Windows Aero functionality is disabled for host computers running Windows 7. Entering a value of 0 for this command enables Windows Aero functionality, which is disabled by default to improve performance for multiple monitors and VMs. Specifies a desired frame capture rate that HDX 3D Pro attempts to meet when automatically balancing image quality against responsiveness for CPU-based compression. Specifies the type of image compression that HDX 3D Pro uses on platforms where both GPU and CPU-based encoding are available.
SET_FRAMECAPTURERATE
SWITCH_CODEC
107
When viewing the graphical application, users can adjust the image quality with the slider or by using keyboard shortcuts. Users can change these keyboard shortcuts and alter the increment by which the shortcuts change the image quality. When users change the setting, the image quality value is displayed numerically in the bottom right-hand corner of the screen. The range of image quality adjustment available to users is determined by the HDX3DPro Quality Settings policy and is set to 0100 by default. Moving the slider to the right increases the quality of images from the application, but this can degrade the response to user input if bandwidth is limited. Decreasing the image quality reduces bandwidth usage and so improves responsiveness. By adjusting the image quality according to the task being performed, users can optimize their use of the available bandwidth. For example, users can temporarily increase the image quality to focus on the fine detail of an object and then reduce the quality when interacting with the object.
When the EnableLossless policy is allowed, users can enable and disable lossless compression by selecting and clearing the Lossless check box. To ensure that all frames are lossless when interacting with an image, users must also select the Fixed Quality check box. When the Fixed Quality check box is cleared and bandwidth is limited, lossy compression is used for intermediate frames to improve responsiveness, but the final frame is delivered using lossless compression when the image becomes stationary. Lossless compression is required to deliver pixel-perfect images for applications such as medical imaging. However, for cases where pixel-perfect images are not essential, users can make more efficient use of the available bandwidth, while still obtaining images that are visually lossless, by increasing the image quality and then selecting the Fixed Quality check box.
Users with low bandwidth WAN connections can improve responsiveness when interacting with two-dimensional or wireframe images by selecting the 2D Drawing check box. This option is only enabled when GPU-based deep compression is available and is not suitable for use with other types of images. Users can ensure that all images are delivered at the specified quality level, regardless of the available bandwidth, by selecting the Fixed Quality check box. However, on low
108
HDX 3D Pro User Experience bandwidth connections users may find that fixing the image quality to a high value has a negative impact on responsiveness.
To enable users to display the desktops or VM hosted apps providing their graphical applications over multiple monitors, ensure that the host computer is configured with at least as many monitors as are attached to users' devices. The monitors attached to the host computer can be either physical or virtual. Do not attach a monitor (either physical or virtual) to a host computer while a user is connected to the desktop or VM hosted app providing the graphical application as this can cause instability for the duration of the user's session. Instruct your users not to change the resolution of the desktops providing their graphical applications during a HDX 3D Pro session. To change the resolution of their desktops without logging off, users must change the resolution of the Desktop Viewer window in their Citrix Receiver preferences. For more information, see the appropriate Citrix Receiver documentation. When multiple users are sharing a connection with limited bandwidth, such as at a branch office, Citrix recommends that you use the Overall session bandwidth limit policy in Desktop Studio to limit the bandwidth available to each user. This ensures that the available bandwidth does not fluctuate widely as users log on and off. Because HDX 3D Pro automatically adjusts to make use of all the available bandwidth, large variations in the available bandwidth over the course of users' sessions can negatively impact performance. For more information, see Bandwidth Policy Settings. For example, if 20 users share a 60 Mbps connection then the bandwidth available to each user can vary between 3 Mbps and 60 Mbps depending on the number of concurrent users. To optimize the user experience in this scenario, determine the bandwidth required per user at peak periods and limit users to this amount at all times.
For users of the 3D SpaceMouse, Citrix recommends increasing the priority of the Generic USB Redirection virtual channel to 0. For more information on changing virtual channel priority, see http://support.citrix.com/article/CTX128190.
109
110
New and Updated Policy Settings ICA > TWAIN Devices Client TWAIN device redirection TWAIN compression level ICA > Visual Display ICA > Visual Display > Moving Images Max frames per second Minimum Image Quality Moving Image Compression Target Minimum Frame Rate Virtual Desktop Agent > HDX3DPro Enable lossless HDX3DPro Quality Settings
111
New and Updated Policy Settings Progressive compression level Progressive compression level threshold value Universal driver preference Universal print driver usage Visual Display Policy Settings > Moving Images Policy Settings Graphics Policy Settings > Image Compression Policy Settings
112
113
CLIENT renders Flash content from the matching URL on the user device SERVER renders Flash content from the matching URL on the server BLOCK prevents rendering of Flash content from the matching URL
The object id value represents an optional space-separated list of unique identifiers used in the <object> tags on the specified Web site. Listed URL strings do not need the http:// or https:// prefix. These prefixes are ignored if found. Wildcards (*) are valid at the beginning and end of a URL. The URL can represent either the top-level Web site address or the Flash content file address.
114
115
116
New Bandwidth Policy Settings If you enter a value for this setting and a value for the HDX MediaStream Multimedia Acceleration bandwidth limit setting, the most restrictive setting (with the lower value) takes effect. If you configure this setting, you must also configure the Overall session bandwidth limit setting which specifies the total amount of bandwidth available for client sessions.
117
118
119
120
121
Multi-Port Policy
This setting specifies the TCP ports to be used for ICA traffic and establishes the network priority for each port. By default, the primary port (2598) has a High priority. When you configure additional ports, you can assign the following priorities:
q
You might assign a Very High priority when real-time responsiveness is required, such as for audio and video conferencing. As well, you might assign a Low priority to background processes such as printing. Each port must have a unique priority. For example, you cannot assign a Very High priority to both CGP port 1 and CGP port 3. To remove a port from prioritization, set the port number to 0. You cannot remove the primary port and you cannot modify its priority level. When configuring this setting, reboot the server. This setting takes effect only when the Multi-Stream Computer policy setting is enabled.
122
123
124
125
126
Enable lossless
This setting specifies whether or not users can enable and disable lossless compression using the image quality configuration tool. By default, users are not given the option to enable lossless compression. When a user enables lossless compression, the image quality is automatically set to the maximum value available in the image configuration tool. By default, either GPU or CPU-based compression can be used, according to the capabilities of the user device and the host computer.
127
Licensing enhancements. Version 11.9 of the License Server supports user/device licensing, manages license checkout information, and provides information that enables you to check out the least number of licenses. For further details, including any changes to system requirements, see Licensing Your Product. You can use Desktop Studio to track and manage license usage and license models, and also to access the License Administration Console; for further details, see Managing Licensing. Support for:
q
XenServer 5.6 Service Pack 2. This includes support for IntelliCache. For further details, see Using IntelliCache with XenDesktop. Microsoft SCVMM R2 Service Pack 1. Microsoft Hyper-V 2008 R2 Service Pack 1. Microsoft Windows Server 2008 R2 Service Pack 1. Microsoft Windows 7 Service Pack 1.
VMware vSphere 4.1 Update 1. For more information on hypervisor support in XenDesktop, see http://support.citrix.com/article/CTX131239.
q q
Blade power management. Support is provided for third party plug-ins for blade servers. You can add machines to an Existing catalog by using the Import List option to specify a .csv file in which machines are specified by unique ID instead of by name. The set of power management options available in Desktop Studio is based on the capabilities reported by the plug-in. Fixes for the XenDesktop 5 issues listed at http://support.citrix.com/article/CTX124164.
For details of how to install this service pack, see Installing and Upgrading to XenDesktop 5 Service Pack 1. Known issues specific to this service pack are listed below. For details of known issues with XenDesktop 5, see Known Issues in XenDesktop 5.
Known Issues
q
When you install the license server using the XenDesktop installation wizard, it is installed silently. If the license server install is unsuccessful, there is no indication of this in the XenDesktop user interface. If, after installing XenDesktop, you find that the
128
XenDesktop 5 Service Pack 1 license server has not been installed, check the event log for relevant error messages. [BUG0032837]
q
XenDesktop silently installs Citrix Licensing using hardcoded port values of 27000, 7279, and 8082. If any of these ports is already in use, license server configuration fails and Desktop Studio will be unable to contact the license server. To resolve this issue, uninstall Citrix Licensing then reinstall using ctx_licensing.msi and changing the port numbers as necessary. For details of how to use ctx_licensing.msi, see Licensing Your Product. [BUG0032837] When you install the license server on a Windows 2003 server and change the license server from a local license server to a remote license server using Desktop Studio, the 'Sequence contains no elements' error message may appear. To resolve this issue: 1. Replace the contents of this file: C:\Program Files\Citrix\Licensing\LicensingConfig\Service\Citrix.LicensingConfig.SdkWcfEndpoint.exe.config with the contents of this file: C:\Program Files\Citrix\Licensing\LicensingConfig\Service\Citrix.LicensingConfig.SdkWcfEndpoint.config 2. Stop and restart the License Configuration Service in the services list on the Windows 2003 server. [BUG0034298]
129
130
XenDesktop 5 Service Pack 1 4. Mount the ISO. 5. Select Upgrade XenDesktop. 6. Follow the steps in the wizard. When the installation is complete, ensure that the Configure XenDesktop after closing check box is cleared, then click Close. 7. Restart the controller. 8. Repeat steps 3 through 7 on half of your controllers. The upgraded controllers are now incompatible with the database. The site can, however, continue to function using the non-upgraded controllers until the database is upgraded. 9. Validate the health of your site by:
q
Checking that users are able to connect to desktops by logging on to Web Interface and starting a sample desktop. Using the Desktop Director dashboard to verify that the site is operating normally. In particular, check for desktops in the Unregistered or Last connection failed states and check the Infrastructure health panel for any alerts.
Checking that there is no increase in the number of unregistered desktops in the Desktop Studio dashboard. When you do this, ensure that you are using Desktop Studio on a machine that has been upgraded to Service Pack 1. 10. Apply the database schema upgrade as follows:
q
a. Start Desktop Studio on a machine that has been upgraded to Service Pack 1 and view the dashboard for your site. You must either log on as a user with the db_owner role on the database, or you must know the credentials of an account that does have the necessary permissions. b. Click Upgrade. c. You can choose to either upgrade the database automatically, or use scripts to upgrade it manually later. If you choose to upgrade it automatically, the upgrade takes place immediately. If you choose to upgrade it manually, each script then appears in a Microsoft Notepad window that includes a header with instructions describing how to use the script. Remember that you should not upgrade the other controllers on your site until you have upgraded the database schema. The database is now incompatible with the non-upgraded controllers. The database is, however, compatible with the upgraded controllers, which should allow the site to continue to function while you upgrade the remaining controllers. 11. Validate the health of your site again as described in step 9. 12. Repeat steps 3 through 7 on your remaining controllers. 13. Upgrade any machines that are running Desktop Studio remotely. To do this, run the Service Pack 1 installation wizard as described in steps 4 to 6: Desktop Studio is automatically upgraded.
131
XenDesktop 5 Service Pack 1 14. Validate the health of your site again as described in step 9.
When you upgrade XenDesktop, the default licensing model changes to user/device. If you have only concurrent licenses installed you must reconfigure the licensing model appropriately, as described in Managing Licensing.
Note: If you have a proof-of-concept site with only one controller, upgrade the license server and the controller by following steps 1 through 7. Then upgrade the database as described in step 10. Finally, validate the health of your site as described in step 9.
132
133
Installing and Upgrading to XenDesktop 5 Service Pack 1 4. Mount the ISO. 5. Select Upgrade XenDesktop. 6. Follow the steps in the wizard. When the installation is complete, ensure that the Configure XenDesktop after closing check box is cleared, then click Close. 7. Restart the controller. 8. Repeat steps 3 through 7 on half of your controllers. The upgraded controllers are now incompatible with the database. The site can, however, continue to function using the non-upgraded controllers until the database is upgraded. 9. Validate the health of your site by:
q
Checking that users are able to connect to desktops by logging on to Web Interface and starting a sample desktop. Using the Desktop Director dashboard to verify that the site is operating normally. In particular, check for desktops in the Unregistered or Last connection failed states and check the Infrastructure health panel for any alerts.
Checking that there is no increase in the number of unregistered desktops in the Desktop Studio dashboard. When you do this, ensure that you are using Desktop Studio on a machine that has been upgraded to Service Pack 1. 10. Apply the database schema upgrade as follows:
q
a. Start Desktop Studio on a machine that has been upgraded to Service Pack 1 and view the dashboard for your site. You must either log on as a user with the db_owner role on the database, or you must know the credentials of an account that does have the necessary permissions. b. Click Upgrade. c. You can choose to either upgrade the database automatically, or use scripts to upgrade it manually later. If you choose to upgrade it automatically, the upgrade takes place immediately. If you choose to upgrade it manually, each script then appears in a Microsoft Notepad window that includes a header with instructions describing how to use the script. Remember that you should not upgrade the other controllers on your site until you have upgraded the database schema. The database is now incompatible with the non-upgraded controllers. The database is, however, compatible with the upgraded controllers, which should allow the site to continue to function while you upgrade the remaining controllers. 11. Validate the health of your site again as described in step 9. 12. Repeat steps 3 through 7 on your remaining controllers. 13. Upgrade any machines that are running Desktop Studio remotely. To do this, run the Service Pack 1 installation wizard as described in steps 4 to 6: Desktop Studio is automatically upgraded.
134
Installing and Upgrading to XenDesktop 5 Service Pack 1 14. Validate the health of your site again as described in step 9.
When you upgrade XenDesktop, the default licensing model changes to user/device. If you have only concurrent licenses installed you must reconfigure the licensing model appropriately, as described in Managing Licensing.
Note: If you have a proof-of-concept site with only one controller, upgrade the license server and the controller by following steps 1 through 7. Then upgrade the database as described in step 10. Finally, validate the health of your site as described in step 9.
135
Managing Licensing
You can use Desktop Studio to manage and track licensing as described in this topic, provided the license server is in the same domain as Desktop Studio, or in a trusted domain. For information about other licensing tasks, see Licensing Your Product. You must be a full XenDesktop administrator to carry out the tasks described below, except for viewing license information, which any type of XenDesktop administrator can do.
136
Managing Licensing If there are licenses on the server, their details are displayed and you can select one of them. Both concurrent licenses and user/device licenses are displayed. Alternatively, you can add a license file to the server and then select that one.
To add a license
1. Select the Configuration node in the left pane of Desktop Studio. 2. Select Licensing. 3. Select Add license. 4. Browse to a license file and add it to the license server.
137
138
About XenDesktop 5
Citrix XenDesktop offers a powerful and flexible desktop virtualization solution, allowing you to deliver virtual desktops to users anywhere, no matter what device they are using. So, regardless of whether your users are task workers, power users, contractors, or mobile workers, you can use XenDesktop to provide them with desktops tailored to their individual performance and personalization needs. Virtual desktops are assembled dynamically on demand, providing pristine yet personalized desktops, each time users log on. Powered by Citrix HDX technologies, XenDesktop provides a superior user experience with Flash multimedia and applications, 3D graphics, webcams, audio, and branch office delivery, while using less bandwidth than alternative solutions. Performance never degrades, and the high speed delivery protocol provides unparalleled responsiveness over any network. Although the desktops are virtual, running on remote servers, the user experience is equivalent to that of a local Windows desktop. From the user's perspective, logging on to a virtual desktop is the same as logging on to a local desktop. Users enter their credentials once and are connected to their desktops. With XenDesktop's FlexCast delivery technology, you can deliver every type of virtual desktop: hosted or local, physical or virtual. XenDesktop supports the full range of desktop virtualization technologies, such as server-based models in which up to 500 shared virtual desktops can be hosted on a single physical server, and VDI (virtual desktop infrastructure) where the desktop runs inside a virtual machine on a server in the data center. XenDesktop simplifies the task of creating, managing, and delivering virtual desktops to users. You build a master desktop image and then use XenDesktop to create user desktops from this image. Groups of virtual desktops are created and managed as a single entity, which enables you to assign, update, and extend thousands of user desktops quickly and easily. And, with the full integration of Citrix XenApp, you can deliver on-demand applications as a seamless part of your overall desktop management strategy, extending the benefits of virtualization throughout the enterprise.
139
Key Features
Citrix XenDesktop provides the following key features: Superior user experience. Users are instantly provisioned with a pristine desktop that incorporates their personal settings and applications, regardless of the user device. Users get the business and productivity applications they need delivered to their virtual desktops. Profile management ensures that personal settings are applied to their virtual desktop and applications, regardless of user device or location. Users can easily request support and the help desk can view their screen and take control of the desktop, using Microsoft Remote Assistance, to resolve issues quickly. High definition performance and multimedia support. With Citrix HDX, network and display optimizations and performance boosting technologies deliver the best performance over any network, including low-bandwidth and high-latency WAN connections. HDX in the datacenter leverages the processing power and scalability of servers to deliver advanced graphical and multimedia performance, regardless of the capabilities of the user device. HDX on the network incorporates advanced optimization and acceleration capabilities to deliver a great user experience over any network, including remote desktop access over high-latency, low-bandwidth environments. HDX at the device leverages the computing capacity of user devices to enhance and optimize the user experience. HDX MediaStream technology ensures users receive a smooth, seamless experience with multimedia content as part of their virtual desktop. HDX MediaStream Flash Redirection enables Adobe Flash content to play locally on user devices, providing users with high definition playback. And with SmoothRoaming, users can pause desktop sessions and resume working from different locations at exactly the point where they left off. Single image desktop management. Maintaining a single master desktop image in the data center provides users with an up-to-date, pristine desktop at each logon, drastically reduces patch and upgrade maintenance efforts, and cuts storage costs by up to 90 percent. Built-in virtual applications. Using XenApp with XenDesktop allows you to separate applications from the desktop, resulting in fewer, simpler desktop images. With XenApp, you can place a single copy of an application on a centralized XenApp server, rather than having multiple copies of the application running on desktops. This reduces system conflicts, application regression testing, and increases virtual desktop density. Delivering streamed and hosted applications provides greater flexibility and simpler management. Control over data. Centralized control policies ensure that authorized users connect to their desktops and that only screen updates, mouse clicks, and keystrokes (not data) transit the network. High performance, standards-based encrypted transmissions are used to deliver desktops using SSL technology to both internal and remote users. Multifactor authentication enables and enforces secure tokens and smart card authentication to virtual desktops. Desktop optimization and support. XenDesktop proactively ensures that users always benefit from optimized performance when using their virtual desktops. This provides a LAN-like experience, even for branch office workers. Using Desktop Director, IT Support staff can monitor a XenDesktop deployment and identify performance issues. This helps organizations maintain a healthy XenDesktop deployment and end-user experience, and
140
Key Features enables IT departments to meet service level targets. XenDesktop also provides fast, easy, and secure remote support services for an enhanced user support experience. Open architecture. XenDesktop integrates with Citrix XenServer, Windows Server 2008 Hyper-V, and VMware vSphere, and works out-of-the-box with thin clients. This means that there is no vendor lock-in for virtualization or user devices. For additional, dedicated computing resources for power users, you can host desktops on blade PCs or on standard PCs relocated to the data center. Users can access their virtual desktops from most common client devices, including Windows, Mac OS, and Linux. Best desktop total cost of ownership. XenDesktop centralizes and simplifies desktop lifecycle management, dramatically reducing storage and user device costs. The entire desktop lifecycle is managed in one location, simplifying desktop provisioning, patching, security, and updates. Appliance costs are reduced through minimal user device maintenance, lower power consumption, longer hardware lifecycles, and the ability to repurpose aging devices. Storing one desktop image for thousands of users reduces storage requirements, and using low power thin clients and consolidating virtual desktops on servers reduces overall energy consumption and cooling requirements. XenDesktop can automatically power down or suspend desktops that are not in active use (at the administrator's discretion), further reducing power consumption and increasing resource utilization. Smart card support. Smart card support provides user authentication to XenDesktop sessions and locally installed or virtualized applications, and allows users to digitally sign or encrypt documents. Common Access Card (CAC) and USB smart card tokens are supported. Authentication using smart cards is available for virtual desktops running Windows XP, Vista and 7. Profile management. Profile management provides an easy, reliable, and high performance method to manage user personalization settings in virtualized or physical Windows environments. It requires minimal infrastructure and administration but provides users with fast logons and logoffs. Profile management can be downloaded from the MyCitrix Web site. Local peripheral support. XenDesktop users can insert a USB device locally and use it with their virtual desktops and applications as they would on a local machine. Supported USB devices include: flash drives, smartphones, PDAs, printers, scanners, MP3 players, and tablets. With HDX Plug-n-Play USB Support, isochronous devices, such as Webcams, microphones, speakers and headsets, are also supported. Devices are supported in typical low latency/high speed LAN environments. Support for Bloomberg keyboard devices is also included. Multi-monitor support. Users' particular multiple monitor configurations are reflected in their virtual desktop. For example, users can configure their XenDesktop environment with L-shaped, T-shaped and U-shaped monitor configurations or with monitors of different sizes and resolutions. HDX Plug-n-Play Multi-Monitor Support ensures application compatibility with multi-monitor configurations. Users have greater control using the Desktop Viewer toolbar. For more information on multi-monitor support, see the administrator documentation for the Citrix online plug-in. User-driven desktop restart. You can provide users with the ability to shut down and restart their desktops, thus reducing calls to the help desk. Active Directory multi-forest support. XenDesktop supports deployment across a range of Active Directory topologies, including multiple domains and multiple forests. This enables virtual desktops to be delivered to users in different Active Directory forests from those in which the XenDesktop infrastructure servers are registered. 141
Key Features
142
XenDesktop Components
Citrix XenDesktop provides a complete virtual desktop delivery system by integrating several distributed components with advanced configuration tools that simplify the creation and real-time management of the virtual desktop infrastructure. This figure shows the key components in a typical XenDesktop deployment.
The core components of XenDesktop are: Controller. Installed on servers in the data center, the controller consists of services that authenticate users, manage the assembly of users' virtual desktop environments, and broker connections between users and their virtual desktops. It controls the state of the desktops, starting and stopping them based on demand and administrative configuration. In some editions, the controller allows you to install Profile management to manage user personalization settings in virtualized or physical Windows environments. Virtual Desktop Agent. Installed on virtual desktops, the agent enables direct ICA (Independent Computing Architecture) connections between the virtual desktop and user devices. Citrix online plug-in. Installed on user devices, the Citrix online plug-in enables direct ICA connections from user devices to virtual desktops.
143
XenDesktop Components Machine Creation Services. A collection of services that work together to create virtual desktops from a master desktop image on demand, optimizing storage utilization and providing a pristine virtual desktop to each user every time they log on. Desktop Studio. Enables you to configure and manage your XenDesktop deployment. Desktop Studio provides various wizards to guide you through the process of setting up your environment, creating your desktops, and assigning desktops to users. Desktop Director. Enables level-1 and level-2 IT Support staff to monitor a XenDesktop deployment and perform day-to-day maintenance tasks. You can also view and interact with a user's session, using Microsoft Remote Assistance, to troubleshoot problems. Citrix XenApp. You can use XenApp in a XenDesktop deployment to benefit from the efficiencies associated with application streaming and virtualization. XenApp provides a better-than-installed application experience for both users and administrators. Applications start up faster, the user experience is dramatically improved, and application management costs are significantly lowered. Citrix XenServer. XenServer is an enterprise-class virtual machine infrastructure solution that creates the foundation for delivering virtual desktops and offers advanced management features. Multiple VMs can run on XenServer, which takes advantage of the advanced virtualization features of the latest virtualization-enabled processors from Intel and AMD. For more information about XenServer, see the Citrix XenServer Administrator's Guide. Additional XenDesktop components provide the following features: Secure delivery. When users connect from outside the corporate firewall, XenDesktop can use Citrix Access Gateway technology to secure these connections with SSL. Access Gateway is a SSL VPN appliance that is deployed in the demilitarized zone (DMZ) to provide a single secure point of access through the corporate firewall. WAN optimization. In XenDesktop deployments where virtual desktops are delivered to users at remote locations such as branch offices, Citrix Branch Repeater (formerly WANScaler) technology can be employed to optimize performance. Repeaters accelerate performance across wide area networks, so with Repeaters in the network, users in the branch office will experience LAN-like performance over the WAN. Branch Repeater can prioritize different parts of the user experience so that, for example, the user experience does not degrade in the branch location when a large file or print job is sent over the network. HDX WAN Optimization with Branch Repeater provides tokenized compression and data de-duplication, dramatically reducing bandwidth requirements and improving performance. For more information, see your Citrix Branch Repeater documentation. Monitoring. Citrix EdgeSight for Virtual Desktops allows you to monitor individual virtual desktops. EdgeSight can be used not only to analyze and troubleshoot issues, but also to warn administrators in advance of problems that may arise in the future. Single Sign-on. Citrix Single sign-on provides single sign-on access regardless of how or where users connect, and it enables users to reset their own Windows password or unlock their account.
144
145
What's New repetitive prompts for the smart card PIN is particularly beneficial to users roaming between different thin clients who quickly need to reconnect to their virtual desktops. For more information about configuring smart card authentication for non domain-joined desktop appliances, see your Web Interface documentation. Video Conferencing. HDX RealTime provides users with a complete desktop video conferencing feature. Dynamic color compression. This improves the overall user experience by dynamically adjusting color compression based on network conditions. 32-bit color support. 32-bit color session support improves XenDesktop's application compatibility.
146
Platinum. A comprehensive enterprise-class desktop virtualization solution with advanced management and security, in addition to the features of Enterprise edition.
Enterprise. An enterprise-class desktop virtualization solution with on-demand applications and FlexCast delivery technology, in addition to the features of VDI edition.
VDI. For scalable Virtual Desktop Infrastructure (VDI) implementations with Citrix HDX technology.
Express. A free download to help IT professionals get started with VDI, which supports up to 10 users.
The components in each edition are listed below. Note: Key components are listed only; this list is not comprehensive.
Licensing Named User Licensing Device based licensing Concurrent User Licensing Component Controller XenServer
2
VDI Yes Yes Yes Yes Yes. XenServer, Enterprise Edition 4 Yes Yes Yes
Enterprise Yes Yes Yes Yes Yes. XenServer, Enterprise Edition 4 Yes Yes Yes
Platinum Yes Yes Yes Yes Yes. XenServer, Enterprise Edition 4 Yes Yes Yes
Yes. XenServer
Yes
Yes
Yes
147
XenDesktop Features and Editions Workflow Studio Profile management StorageLink Access Gateway
5
Provisioning services for desktops6 Provisioning services for servers XenClient and Synchronizer XenApp XenVault EdgeSight for Virtual Desktops Branch Repeater
7
Yes
Yes
Yes Yes
Single Sign-on
1. Supports up to 10 users. 2. Included free in all editions of XenDesktop. XenDesktop VDI, Enterprise and Platinum also include XenServer, Enterprise Edition. 3. The new, free version of XenServer may be used for any server or desktop workload. 4. XenServer, when acquired as part of XenDesktop, can only be used to manage hosted desktops and Citrix-provided components included with your XenDesktop license, such as the Controller, license and Web servers, and XenApp servers. You cannot use the XenServer included with XenDesktop to host other server workloads, or servers used for XenApp purchased separately from XenDesktop. These restrictions also apply to the provisioning services included with XenServer: you may use provisioning services for desktops and for server workloads that are part of Citrix-provided XenDesktop infrastructure, including XenApp, but no other server workloads. 5. Access Gateway appliances or Access Gateway VPX must be purchased separately or pre-existing on the account with valid maintenance to receive the Access Gateway Platform license. All editions of Access Gateway are compatible with the XenDesktop editions that include Access Gateway; for example, you can use Access Gateway Enterprise Edition to provide ICA-only remote access to XenDesktop VDI or Enterprise editions. 6. Streaming to VMs for VDI purposes is available in VDI, Enterprise, and Platinum; streaming to endpoints ("Streamed VHD") is available in Enterprise and Platinum only.
148
XenDesktop Features and Editions 7. Branch Repeater VPX included (throughput up to 45 Mbps per instance) for all branch offices and data centers; Branch Repeater appliances must be purchased separately. Branch Repeater VPX, when acquired as part of XenDesktop Platinum Edition, may be used only to support office locations to which XenDesktop virtual desktops and applications are being delivered.
149
Desktop Director. This Web-based tool enables level-1 and level-2 IT Support staff to monitor a XenDesktop deployment and perform day-to-day maintenance tasks. You can use the Desktop Director to monitor status, such as the health of the hypervisors and controllers in a site. You can manipulate sessions and desktops, such as restarting a desktop or logging off a session. You can also view and interact with a user's session, using Microsoft Remote Assistance, to troubleshoot problems. Smart card support. Smart card support provides user authentication to XenDesktop sessions and locally installed or virtualized applications, and allows users to digitally sign or encrypt documents. Local peripheral support. Users can insert a USB device locally and use it with their virtual desktops and applications as they would on a local machine. User-driven desktop restart. If the desktop fails to start or is taking a long time to connect, users can use the desktop restart option to shut down and restart the desktop. SmoothRoaming. With SmoothRoaming, users can pause desktop sessions and resume working from different locations at exactly the point where they left off. Multimedia support. Citrix HDX includes a broad set of technologies designed to provide users of virtual desktops with a high definition audio-visual experience, comparable to a local PC. For example, HDX MediaStream ensures a smooth, seamless experience with multimedia content, and provides support for Media Foundation used by Windows Media Player. HDX MediaStream Flash Redirection enables Adobe Flash content to play locally on user devices, providing users with a high definition playback. HDX Plug-n-Play enables simple connectivity for USB, multi-monitor, printers and other peripheral devices, as well as local machine resources. Other HDX technologies ensure that the delivery of virtual desktops is optimized for any network, whether local or remote. Instant on. XenDesktop virtual machines are kept running in idle pools so that new virtual desktops are ready for users when they log on, eliminating the lengthy startup times of physical computers and increasing productivity. Universal printer driver. XenDesktop delivers a consistent and fast printing experience for users without requiring specific local printer drivers. Users can simply plug in USB-compatible printers to their user devices. Virtual machine infrastructure. XenDesktop uses XenServer, an integrated 64-bit paravirtualization-based hypervisor, for scalable, cost-effective hosting of virtual desktops. XenServer delivers live migration and centralized multi-server management, radically reducing datacenter costs by transforming static and complex datacenter environments into dynamic, easy to manage IT service delivery centers. In addition, XenDesktop also supports Microsoft Windows Server 2008 Hyper-V and VMware vSphere, plus a wide range of hardware, applications, and user devices.
150
Desktop assignment. XenDesktop allows administrators to assign different types of virtual desktops to different users, including blade PC-based desktops, dedicated virtual machine-based desktops, and pooled desktops for groups of users. Session management. XenDesktop allows administrators to manage active and inactive virtual desktop connections. Administrators can view the servers to which users are connected and log them off if necessary. Session reliability. This feature maintains users' virtual desktops during network outages. When the network connection is re-established, users can resume their work without any interruption. High availability/failover. XenDesktop eliminates single points of failure by providing failover capability. Users can continue to access and use their virtual desktops even when individual servers fail. On-demand desktops. XenDesktop allows administrators to configure resources into pools so that common configuration settings can be applied on a pool-wide basis, greatly simplifying reconfiguration tasks. Desktop image management. XenDesktop allows administrators to manage multiple virtual desktops from a single desktop image. Administrators can easily create a new virtual desktop image, update an existing image, or roll back changes without any downtime. Workflow Studio. This provides an easy-to-use, graphical interface for workflow composition that virtually eliminates scripting. Workflow Studio acts as the glue across the IT infrastructure allowing administrators to easily tie technology components together via workflows. Profile management. XenDesktop provides an easy, reliable, and high performance method to manage user personalization settings in virtualized or physical Windows environments. StorageLink. This technology lets your virtual server infrastructures fully utilize all the resources and functionality of existing storage systems. Receiver. Citrix Receiver is a new, lightweight software client that makes it easy to access virtual applications and desktops on any device. Receiver allows IT organizations to deliver desktops and Windows, Web or SaaS applications as an on-demand service to any device in any location with a rich "high definition" experience. For users, Citrix Receiver makes it easy to work anywhere with the same, simple experience in the office, travelling, or at home; users simply connect and work. For IT administration, Receiver makes it quick and easy to deliver new client software or updates without the complexity of packaging and distribution generally associated with other solutions, while reducing the cost of desktop management.
151
XenServer. XenServer adds valuable management features, including high availability, provisioning services, and alerting. XenApp. Citrix XenApp is an application delivery system that offers client-side and server-side application virtualization for optimal application performance and flexible delivery options. This allows the delivery of secure applications as a service, while providing the flexibility to use future application architectures. XenClient and Synchronizer. XenClient allows you to extend the benefits of desktop virtualization to laptop users. XenClient is a client-side hypervisor that enables virtual desktops to run directly on client devices. By separating the operating system from the underlying hardware, desktop images can now be created, secured, deployed and moved across any supported hardware, greatly reducing the maintenance burden on IT and simplifying disaster recovery for laptop users. Synchronizer adds centralized management, secure backup and self-service restore of virtual machines running on XenClient laptops. XenVault. Citrix XenVault extends the built-in security protection provided with delivering applications in a hosted virtual environment to include XenApp data encryption on the local device. IT can centrally manage encryption with granular application and data access policies, and can easily lock and delete data in the event of loss, theft or termination. Administrators can establish time-based lockout periods and implement self-service password resets-unlocks enhancing user experience while maintaining security and control of the local device.
152
Citrix Access Gateway Enterprise Edition. Access Gateway provides secure remote access to XenDesktop. Desktop performance monitoring. This feature monitors and tracks the performance of virtual desktops, allowing administrators to proactively manage the virtual desktop experience by measuring key performance elements. This data can then be used to enhance the infrastructure before users are adversely affected. HDX WAN optimization. XenDesktop maximizes the quality of the branch and mobile user experience by using Citrix Branch Repeater to accelerate virtual desktop and application performance across wide area networks. Citrix Single Sign-on. Single Sign-on (formerly known as "Password Manager") provides single sign-on access regardless of how or where users connect, and it enables users to reset their own Windows password or unlock their account.
153
Farms are now referred to as sites. Think of a site as a deployment of XenDesktop in a single geographical location. A catalog is a collection of user desktops managed as a single entity. Catalogs specify virtual machines (VMs) or physical computers that host user desktops, the Active Directory computer accounts assigned to those VMs or computers, and, in some cases, the master VM that is copied to create the user desktops. Desktop groups and the virtual desktops they contain can be configured more flexibly. A single desktop group can contain desktops from a number of catalogs rather than being limited, as in earlier versions, to a single hypervisor pool. Also, a single desktop group can be published to users so that a single user may access multiple desktops in the group, and a single desktop may be assigned for use by multiple users. Desktops can also be assigned to client machines, rather than users, if required. A host is the infrastructure on which desktops are hosted, which comprises of hypervisors (resource pools or clusters), storage etc.
No IMA data store. XenDesktop 5 no longer uses the IMA data store as the central database in which to store configuration information. Instead, a Microsoft SQL Server database is used as the data store for both configuration and session information. This means:
154
Database requirements are different: Microsoft Access and Oracle are no longer supported databases. Terminal Services is no longer required on servers running the controller. There is no longer a dedicated zone master. In previous XenDesktop versions, there was a zone master/data collector responsible for user connection requests and communication with hypervisors. In XenDesktop 5, this function is distributed evenly across all controllers in the site. Due to reliance on Microsoft SQL Server, to ensure failover should the database become unavailable, you must use either SQL clustering or mirroring, or deploy the database as a virtual machine and use your hypervisor's high availability features instead. For more information about planning for high availability, see High Availability Planning.
Registry-based discovery. The default mechanism for desktops to find controllers is now registry-based. An Active Directory Organizational Unit is no longer required, although you can still use Active Directory-based registration. Active Directory is still needed in a XenDesktop deployment for authentication and authorization, therefore machines need to be domain-joined regardless of whether you use registry-based discovery or not. SDKs. XenDesktop 5 provides a new PowerShell SDK which allows you to perform the same tasks as you would with the Desktop Studio console. You can also perform tasks with the SDK that you cannot do with the console, such as assigning an IP address to a desktop, rather than a user name. Desktop Studio is built upon the PowerShell SDK; you can display the PowerShell in use in the console. For more information about using the SDK, see Using the XenDesktop SDK and the PowerShell cmdlets. Note that the new PowerShell SDK is not compatible with the SDK associated with previous XenDesktop releases.
DS maint. Tool used to perform data store maintenance tasks, such as backing up the data store or migrating the data store to a new server. There is no equivalent supplied for XenDesktop 5; use standard database tools instead. Active Directory Configuration wizard. Tool for configuring Active Directory. In XenDesktop 5, use the new PowerShell script Set-ADControllerDiscovery.ps1, available from the \Broker\SetupScripts directory. AutoFarmTuner. Tool to optimize IMA data collectors in large deployments. There is no equivalent supplied for XenDesktop 5; use standard database optimization tools to optimize database access.
155
DdcSdk. The XenDesktop Delivery Controller PowerShell SDK available in earlier releases. In XenDesktop 5, use the new PowerShell SDK for the controller and the other components and services. DsView and QueryDC. Tools to examine the contents of the IMA data store. XenDesktop 5 equivalent data can be seen using the SDK or by examining database tables directly using standard SQL server tools such as SQL Server Management Studio. QueryDS and QueryHR. Tools to examine the contents of the IMA dynamic store. XenDesktop 5 equivalent data can be seen using the SDK or by examining database tables directly using standard SQL server tools such as SQL Server Management Studio. Ftacln. Tool to tidy up file type associations on client machines using PNAgent. Do not use PNAgent with XenDesktop 5 except in the 'repurposed PC as dedicated thin client' case. Sslautoconfig. Tool for setting up certificates used for secure sockets, particularly the SSL relay tool for handling XML traffic in XenDesktop 4. This tool is no longer relevant in XenDesktop 5. XenDesktop Setup Wizard. Tool to automate the creation of machines with Provisioning Services. In XenDesktop 5, this functionality is available in the Provisioning Services Console. Install the latest hotfixes for Citrix Provisioning Services 5.6 Service Pack 1 to add this capability to your XenDesktop 5 deployment. For more information, see http://support.citrix.com/article/CTX128726. Alternatively, use the provisioning capabilities of Desktop Studio and Machine Creation Services. DSCheck, DSMaint, sqlfix. Tools to fix issues in IMA stores and check the consistency/validity of the IMA data store. This is not relevant to XenDesktop 5; use constraints checks in the database instead. ChFarm. Tool to move a Controller into or out of a farm. In XenDesktop 5, you can script this process using the new PowerShell SDK and SQL scripts. IMAPort. Tool to query or change the IMA port. This is no longer relevant in XenDesktop 5. AIEADF, AIEUN, AIECom, AIESetup, qaie. Tools relating to application isolation. Not relevant in XenDesktop 5. Acrcfg, altaddr, chgcdm, cltprint, cshadow, twconfig, ss3admin, softkey. Tools for XenApp-specific functions such as automatic client reconnect, IMA address settings, client-drive mapping, printer pipe handling, and session shadowing. Not relevant in XenDesktop 5. Auditlog. Tool for extracting IMA audit logging. Not relevant in XenDesktop 5. DriveRemap. Tool to remap Windows drives. Not relevant in XenDesktop 5. EnableLB. Tool for handling XenApp load balancing. Not relevant in XenDesktop 5. Mfcom, mfreg. Tools for dealing with SDK-level access to XenDesktop/XenApp. Not relevant in XenDesktop 5; use the new XenDesktop PowerShell SDK instead. Qserver, qfarm. Tools for examining the contents of the IMA dynamic/persistent store. XenDesktop 5 equivalent data can be seen using the SDK or by examining database
156
Information for Customers of Previous Versions tables directly using standard SQL server tools such as SQL Server Management Studio.
q
ProductEdition.exe. Tool for changing to a different edition of XenDesktop. In XenDesktop 5, use the new PowerShell SDK.
157
158
Known Issues
Installation Issues
q
If you are installing XenDesktop on Windows Server 2008 R2 or Windows 7, and the installation of .NET Framework requires a restart, an error message appears telling you that the installation has failed because of a problem with .NET Framework. If you then restart the machine and restart the installation, it will continue as expected. To avoid this issue, install .NET Framework before installing XenDesktop. [250439] If Desktop Studio is installed on the same machine as a hotfixed version of the XenApp 6 Delivery Services Console, any additions to the policy set provided by the XenApp hotfix will no longer be available to the Delivery Services Console. To avoid this issue, run Desktop Studio and the Delivery Services Console on separate machines. [251132] If Wyse Xenith Manager fails to install, ensure that you are logged on using either a User Account Control elevated account or the Administrator account. [250339] If you run Quick Deploy then remove XenDesktop and Microsoft SQL Server Express, ensure that you remove the CitrixXenDesktopDB database before reinstalling and running Quick Deploy again:
q
If you have removed XenDesktop, but not Microsoft SQL Server Express, you can use SQL Server to drop the database, which removes it entirely
If you have already removed Microsoft SQL Server Express, you must manually delete the files it leaves behind. These are CitrixXenDesktopDB.mdf and CitrixXenDesktopDB_log.LDF in C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQLDATA If you do not remove the database, Quick Deploy cannot recreate it and fails with the message "Exception has been thrown by the target of the invocation". [252423]
q q
If you add licenses in the last seven days of the 30 day grace period, license warning notices may continue to appear on users' screens. To resolve this issue, restart all the controllers in the site. [BUG0034107] Japanese only: the XdsAgent_(x86|x64)_ja-JP.msi files needed for remote Group Policy Object installation are not signed. If you have set the Active Directory Group Policy Object setting that prevents unsigned software from being installed, these files do not install. To avoid this issue, do either of the following:
q
Use the signed standard version of the files, but this results in some internal strings (for example service names) being in English in the Virtual Desktop Agent.
Manually install the signed standard version on the Virtual Desktop Agent. This then selects the right Japanese transform. [251727]
q
159
Known Issues
HDX
q
HDX RealTime Video Conferencing does not automatically reconnect if the session connection is interrupted mid-conference. The user should restart the video conference. [233296] HDX RealTime webcam video compression currently supports Microsoft Office Communicator 2007 only. Other third-party conferencing applications may work with HDX RealTime webcam video conferencing, but Citrix has not tested and therefore does not support these applications. [241847] HDX 3D for Professional Graphics 1.1 is not supported and does not work with XenDesktop 5. To use HDX 3D for Professional Graphics 1.1, users must have access to a XenDesktop 4.x controller that works with the XenDesktop 4.x Virtual Desktop Agent. HDX MediaStream is not supported for Media Foundation-based media types on virtual desktops running on Windows Vista x64. The media will be rendered on the server side on Windows Vista x64 virtual desktops. [218535] User devices running the Citrix online plug-in must have direct network access to Adobe Flash content to support HDX MediaStream for Flash. If you have managed, locked-down devices that cannot directly access required Flash content, contact Citrix Technical Support for the latest alternatives available. [252495]
160
Known Issues
Smart Cards
q
Smart card authentication from Linux endpoint devices to Windows 7 or Windows Vista virtual desktops may not work with most smart cards because of incompatibilities between the Linux PC/SC implementation (PCSC-Lite) and the Windows 7 and Windows Vista PC/SC implementation. A future updated version of PCSC-Lite (that is, later than 1.6.4) may resolve this issue. [239718, 217188] Smart card authentication from Linux endpoint devices to Windows XP virtual desktops may not work with some smart cards because of the limitations of the Linux PC/SC implementation (PCSC-Lite). A future updated version of PCSC-Lite (that is, later than 1.6.4) may resolve this issue. Citrix is actively working to resolve the issue on the client side: check the Citrix Web site for the latest updates. [243362] When smart card authentication is used with certain smart cards with the Citrix Receiver for Linux 11.x on Redhat Enterprise (Desktop) 5.x user devices, attempting to launch a desktop results in the error message: "Client Error: Cannot load PCSC library libpcsclite.so" appearing. The user can select OK or Quit. If OK is selected, the desktop is launched but with no smart card logon option. This occurs because the Citrix Receiver for Linux attempts to load libpcsclite.so but Redhat only installs libpcsclite.so.1 or libpcsclite.so.1.0.0. To address this error, create a symbolic link to 1.0.0. You can do this from a terminal as root by typing: ln -s /usr/lib/libpcsclite.so.1.0.0 /usr/lib/libpcsclite.so [218198] Logoff from domain-joined user devices running in full-screen-only mode may occur unexpectedly, depending on how smart card removal behavior is configured. This occurs if Microsoft Active Directory Group Policy is used to define smart card removal behavior, and the smart card removal behavior policy defined is different for the user device and the virtual desktop appliance. User devices running in window view mode are unaffected. [218532]
Printing
q
If Microsoft KB927489 (JIS2004 fonts) is installed in a Japanese Windows XP virtual desktop, but not installed in a user device or printer server, print corruption may occur with the Universal Print Driver of an autocreated printer. To avoid this issue, install KB927489 in the user device and printer server. [218285]
161
Known Issues
If there are errors or delays in starting virtual desktops or problems in managing them, this may be because the list of controllers on the virtual desktop system is invalid or incomplete. The ListOfDDCs registry key on the virtual desktop system should contain an up-to-date list of XenDesktop controller systems. Invalid entries in the list can delay the startup of the virtual desktop system software. An incomplete list can prevent the XenDesktop controllers not in the list from being able to manage the virtual desktop. To avoid these issues, ensure that the ListOfDDCs registry key is correct and complete. [248036] If you use Desktop Studio to import computer accounts that are disabled, the accounts are incorrectly marked as available. These accounts can be used to create desktops, but the desktops will not be usable because they will not join the domain and allow logon. The same issue exists with the repair operation that provides the ability to reset the computer account passwords. To avoid this issue, ensure that you import only enabled computer accounts. [250003] If you have installed the default Microsoft SQL Server Express database, you can only use Desktop Studio by default on the controller on which the database server is installed. If you want to use Desktop Studio on another machine (for example joining a second controller to an existing site by running Desktop Studio on that second controller), start the SQL Browser Service on the default controller and change the relevant firewall settings. [240888] If you log on to a controller that has not been added to a site, you must log on as the user who installed XenDesktop on that machine, otherwise when you try to open Desktop Studio the following message appears: "Value cannot be null. Parameter name: address. Reload the snap-in to retry". [250735] If you create a storage unit in XenCenter that has [square brackets] in the name, you cannot use it through Desktop Studio. [243458] XenDesktop supports only ASCII characters in site names when you are using Quick Deploy with VMware ESX, and in naming schemes when you are creating pooled catalogs on VMware ESX. If you use non-ASCII characters, the operation fails. [251999] XenDesktop supports only ASCII characters in ESX data store names when you are creating pooled or dedicated catalogs on VMware ESX. If you use non-ASCII characters, the operation fails. [BUG0033499] On virtual desktops running on 32-bit operating systems, if command-line programs that include cmd.exe are switched to full-screen mode, the session may hang. To recover the session, if you pressed Alt + ENTER to switch mode, press this key combination again. Alternatively, close the session window and restart the session. To prevent this issue occurring, avoid pressing Alt + ENTER in console applications and adjusting the window properties of full-screen applications. You should configure shortcuts to these applications to ensure that they do not automatically start in full-screen mode. You can also use Windows group policy to prevent cmd.exe from starting. [218531] By default, audio quality is set to High in XenDesktop 5. With version 9.7 of the Client for Java or versions of the Client for Linux earlier than 11.1, an error may occur resulting in audio being disabled in the session. To avoid this issue, configure a policy to set the audio quality to Medium. [218947, 219216]
162
163
Microsoft Windows Server 2008, Standard or Enterprise Edition, with Service Pack 2 installed (32- and 64-bit)
Microsoft Windows Server 2008 R2, Standard or Enterprise Edition (64-bit only) Note that you can mix operating systems within a site.
q q
Microsoft .NET Framework, Version 3.5, with Service Pack 1. If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\DotNet35 folder.
Microsoft Internet Information Services (IIS) and ASP.NET 2.0. IIS is required only if you are installing the Web Interface, the License Server, or Desktop Director:
q
For Windows Server 2008 R2, Microsoft IIS Version 7.5. If you do not have these on your server, you may be prompted for the Windows Server installation media, and they are installed for you.
q q
Microsoft Visual J# 2.0 Redistributable Package, Second Edition. This is required only if Web Interface is installed on the server. If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\JSharp20SE folder.
Microsoft Visual C++ 2008 with Service Pack 1 Redistributable Package. If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\vcredist folder.
Microsoft Windows PowerShell version 2.0. If you are using Windows Server 2008 (not Windows Server 2008 R2), Microsoft Windows Management Framework is installed automatically if not already present on the computer, and this download includes Microsoft Powershell 2.0. However, the installation needs to download Microsoft Windows Management Framework, so ensure an internet connection is available or pre-install Microsoft Windows Management Framework.
Internet Explorer 7.0 or later if you are running the license server on the controller.
164
100 MB for the Controller and SDKs 50 MB for Desktop Studio 50 MB for Desktop Director 40 MB for the licensing components 100 MB for Web Interface (and clients included in the installation)
165
Database Requirements
The Controller supports the following versions of the Microsoft SQL Server database:
q
Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 Express Edition (this is installed automatically) Microsoft SQL Server 2008 with Service Pack 1 or later
Both 32- and 64-bit versions are supported in stand-alone, clustered and mirrored mode (except for SQL Server 2008 R2 Express, which is supported in stand-alone mode only). Note that you must use Windows authentication when connecting from XenDesktop 5 to an SQL database.
166
Licensing Requirements
You must use version 11.6.1 of the license server and console supplied with XenDesktop 5; XenDesktop 5 will not work with older license servers. Before installing Citrix Licensing, see Licensing Your Product for further details and possible updates to licensing requirements.
Windows XP Professional with Service Pack 3 (32- and 64-bit versions). Windows Vista (32- and 64-bit versions). Windows 7 (32- and 64-bit versions), all editions. Microsoft Windows Server 2008 (32- and 64-bit versions).
Microsoft Windows Server 2008 R2. Microsoft .NET Framework, Version 3.5, with Service Pack 1.
q
If you do not have this on your computer, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\DotNet35 folder.
q
Microsoft Management Console 3.0 (MMC 3.0) must be installed. Disk space requirements: 75 MB. Microsoft Windows PowerShell version 2.0. If you do not have this on your computer, it is installed automatically for you.
167
Microsoft Windows Server 2008, Standard or Enterprise Edition, with Service Pack 2 installed (32- and 64-bit)
q Microsoft Windows Server 2008 R2, Standard or Enterprise Edition (64-bit only) Microsoft .NET Framework, Version 3.5, with Service Pack 1.
If you do not have this on your server, it is installed automatically for you. The XenDesktop installation media also contain this installer in the Support\DotNet35 folder.
q
q For Windows Server 2008 R2, Microsoft IIS Version 7.5. If you do not have these on your server, you are prompted for the Windows Server installation media, and they are installed for you.
Microsoft WinRM 1.1 or above. WinRM 2.0 is installed automatically by the installer as part of Microsoft Windows PowerShell version 2.0 / Windows Management Framework (WinRM 1.1 for Windows 2008 Service Pack 2; WinRM 2.0 for Windows 2008 R2).
To view the Web-based Desktop Director, you must use one of the following browsers:
q
On Windows, Microsoft Internet Explorer 7.0 and 8.0, and Mozilla Firefox 3.5. On Macintosh, Apple Safari 4 and Mozilla Firefox 3.5. Adobe Flash Player 9 must be installed to view the graphs.
Client Requirements
The following clients are supplied with XenDesktop 5:
q
168
Citrix Receiver for Linux 11.100 Citrix online plug-in for Macintosh 11.2
For full XenDesktop 5 functionality, use the Desktop Viewer in the Citrix online plug-in 12.1. Other clients provide differing levels of functionality: see the specific client documentation for details. Note: .NET Framework Requirements. To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version is required because, if Internet access is not available, certificate revocation checks slow down connection startup times. The checks can be turned off and startup times improved with this version of the Framework but not with .NET 2.0. The Desktop Viewer Embedded Edition does not require the .NET Framework to be installed.
169
170
Windows XP 32-bit with Service Pack 3 or later. Windows XP 64-bit with Service Pack 2 or later. If virtual machines are to run Windows XP and you intend using Desktop Director in your deployment, you must install Microsoft WinRM (version 1.1 or above) on the virtual machine before installing the Virtual Desktop Agent.
Windows Vista (non-Aero) 32-bit or 64-bit with Service Pack 2 or later. Windows 7 (non-Aero) 32-bit or 64-bit.
Support components, such as .NET Framework 3.5 and the Visual C++ 2005 Runtime Library, are installed automatically if they are not already on the desktop.
171
Host Requirements
XenDesktop enables you to manage virtual desktops supported on the following hosts. For more information on hypervisor support in XenDesktop, see http://support.citrix.com/article/CTX131239. Note: If you plan to use Machine Creation Services, see the Requirements for Machine Creation Services for specific requirements for host and storage technologies.
q
Citrix XenServer 5.6 Standard and Enterprise editions. For information on system requirements, see the XenServer Administrator's Guide and the XenServer Installation Guide. Note: You must use Citrix XenServer 5.6 if you intend using Machine Creation Services.
Citrix XenServer 5.5 Update 2 Standard and Enterprise editions. Note: Machine Creation Services will not work with this version of XenServer. For information on system requirements, see the XenServer Administrator's Guide and the XenServer Installation Guide.
VMware vSphere 4.1 (ESX 4.1 and vCenter 4.1, and ESXi 4.1 and vCenter 4.1). For information on system requirements, see the VMware documentation at http://www.vmware.com/support/pubs/vs_pubs.html/ VMware vSphere 4 Update 1 (ESX 4.0 and vCenter 4.0). For information on system requirements, see the VMware documentation at http://www.vmware.com/support/pubs/vs_pubs.html/ Note: No support is provided for vSphere vCenter 'Linked Mode' operation (see http://www.vmware.com/products/vcenter-server/features.html).
Microsoft System Center Virtual Machine Manager 2008 R2; Hyper-V (Windows Server 2008 R2 Enterprise and Standard Edition; Hyper-V Server 2008 R2 Enterprise Edition). For information on system requirements, see the Microsoft documentation at http://www.microsoft.com/systemcenter/virtualmachinemanager/en/us/default.aspx/
172
Citrix XenServer 5.6 Standard and Enterprise editions. Note: Machine Creation Services will not work with earlier versions of XenServer. For information on system requirements, see the XenServer Administrator's Guide and the XenServer Installation Guide.
VMware vSphere 4.1 (ESX 4.1 and vCenter 4.1, and ESXi 4.1 and vCenter 4.1) VMware vSphere 4 (with ESX 4.x). Note: No support is provided for vSphere vCenter 'Linked Mode' operation (see http://www.vmware.com/products/vcenter-server/features.html). For information on system requirements, see the VMware documentation at: http://www.vmware.com/support/pubs/vs_pubs.html/
Microsoft System Center Virtual Machine Manager 2008 R2 (with Windows Server 2008 R2 Hyper-V).
Storage Link No No No
1. Virtual Hard Disk (VHD) on Logical Volume Manager (LVM) only; this is the default for XenServer 5.5 and 5.6. VMs created in this deployment will not support XenMotion or dynamic placement. If you have multiple XenServers in a pool just using local disks, Machine Creation Services will fail. 2. Available if there is only a single Hyper-V server in the hosting unit. 3. Microsoft Cluster Shared Volumes are required. 4. No support for vMotion or Dynamic placement.
173
174
A server to host:
q
The Controller The License Server. By default, this is installed when you install XenDesktop, but you can choose to use a separate server for licensing. For further information on licensing, see: Licensing. The database. By default, a database is created locally when you install XenDesktop, but you can choose to use a database on a separate server. Important: If you intend using an external database created manually, not created using Desktop Studio, ensure your database administrator uses the following collation setting when creating the database: Latin1_General_CI_AS_KS (where Latin1_General varies depending on the country; for example Japanese_CI_AS_KS). If this collation setting is not specified during database creation, subsequent creation of the XenDesktop service schemas within the database will fail, and an error similar to "<service>: schema requires a case-insensitive database" appears (where <service> is the name of the service whose schema is being created). For further information on setting up the site database, see To configure a XenDesktop site.
Desktop Studio. The console used to configure and manage your XenDesktop deployment. By default, this is installed on servers on which you install the Controller, but you can install it on a separate computer if you want to manage your deployment remotely.
Desktop Director. The console for level-1 and level-2 IT Support staff to monitor a XenDesktop deployment and perform day-to-day maintenance tasks. By default, this is installed on servers on which you install the Controller, but you can choose to install it on a separate computer. A domain controller running Active Directory. Active Directory is required for XenDesktop. Do not install either XenDesktop or the SQL Server database on a domain controller. For more information on Active Directory, see Active Directory Considerations.
q
VMs or physical computers hosting the desktops you want to deliver to your users. You install the Virtual Desktop Agent on these machines to manage communications and broker connections. User devices running the appropriate client to enable your users to access desktops.
175
Plan
Example Deployments
This topic shows examples of typical XenDesktop deployments, from a simple default configuration to a complex one involving multiple sites. Simple Default Configuration
Figure 1. A single controller configuration of XenDesktop, typical of an initial deployment Note that this configuration forms a single point of failure for administration and session brokering. Distributed Components Configuration You can distribute the components of your deployment among a greater number of servers, or provide greater scalability and failover by increasing the number of controllers in your site. You can install the management consoles on separate computers to enable you to manage your deployment remotely. A distributed deployment is also necessary for an infrastructure based on remote access through Access Gateway.
176
Plan
Figure 2. A distributed components configuration of XenDesktop Further components available with XenDesktop to enhance your deployment include:
q
XenServer, which is a host used for scalable and cost-effective hosting of desktops. XenApp to deliver applications to your users either by streaming them to virtual desktops or hosting them on a XenApp server. For information on using XenApp with XenDesktop, see Using XenApp with XenDesktop. Profile management to ensure that your users get a consistent experience every time they log on by managing user personalization settings. For more information, see the Profile management documentation.
For more information about Citrix Access Gateway for secure remote access, Edgesight performance monitoring, Branch Repeater for WAN optimization, Workflow Studio and StorageLink, see XenDesktop Features and Editions and the product-specific documentation. Multiple Site Configuration If you have multiple regional sites, for example one in Europe and one in the US, you can use Citrix NetScaler to direct user connections to the most appropriate site and the Web Interface to deliver desktops and applications to users.
177
Plan In the following example, each site is split into two data centers, with the database mirrored or clustered between the data centers to provide a high availability configuration. Having two sites globally, rather than just one, minimizes the amount of unnecessary WAN traffic. A separate Desktop Studio console is required to manage each site; sites cannot be managed as a single entity. Desktop Director can be used to support users across sites. Citrix NetScaler accelerates application performance, load balances servers, increases security, and optimizes the user experience. In the example below, two NetScalers are used to provide a high availability configuration. The NetScalers are configured for Global Server Load Balancing and positioned in the DMZ to provide a multi-site, fault-tolerant solution.
178
Example
The following example shows a high availability configuration consisting of a primary site and a disaster-recovery site. Each site is split into two data centers, with the database mirrored to provide a fault-tolerant configuration. In the event of an outage in the primary site, NetScalers configured for Global Server Load Balancing, positioned in the DMZ in front of the Web Interface, load balance and route user connections to the disaster-recovery site. NetScalers are also positioned between the Web Interface and the XenDesktop sites to determine if a site is working properly.
180
181
Security. Active Directory's inbuilt security infrastructure is used by desktops to verify that communications from controllers come from authorized controllers in the appropriate site. Active Directory's security infrastructure also ensures that the data exchanged by desktops and controllers is confidential. XenDesktop uses Active Directory's inbuilt Kerberos infrastructure to guarantee the authenticity and confidentiality of communication. For more information about Kerberos, refer to Microsoft's product documentation. Discovery. Active Directory is optionally used by desktops to discover the controllers that constitute a site. This means you can add a new controller to a site without having to reconfigure all desktops in the site. Instead, desktops determine which controllers are available by referring to information that controllers publish in Active Directory. This feature is available only if the desktops are in the same Active Directory forest as the controllers.
Note: By default, controller discovery is registry-based, and XenDesktop requires no objects to be created in Active Directory. For more information about the registry entries used by registry-based discovery, see: http://support.citrix.com/article/ctx118976.
182
Active Directory Considerations If the XenDesktop administrator has CreateChild permissions on a parent OU, this administrator can create and populate the site OU by running a PowerShell script, called 'Set-ADControllerDiscovery.ps1'. You can use the standard Active Directory Users and Computers MMC snap-in to configure these permissions. Also, to run Set-ADControllerDiscovery.ps1, the administrator must have full administration rights on XenDesktop. A small number of objects that are essential for the operation of the farm are created in the OU. Note: Only standard Active Directory objects are created and used by XenDesktop. It is not necessary to extend the schema. The set of objects created includes:
q
A Controllers security group. The computer account of all controllers in the site must be a member of this security group. Desktops in a site accept data from controllers only if they are members of this security group. Ensure that all controllers have the 'Access this computer from the network' privilege on all virtual desktops running the Virtual Desktop Agent. You can do this by giving the Controllers security group this privilege. If controllers do not have this privilege, virtual desktops will fail to register.
A Service Connection Point (SCP) object that contains information about the site, such as the site's name. Note: If you use the Active Directory Users and Computers administrative tool to inspect a site OU, you may have to enable Advanced Features in the View menu to see SCP objects.
A container called RegistrationServices, which is created within the site's OU. This contains one SCP object for each controller in the site. The SCP is created when the Set-ADControllerDiscovery.ps1 script is run. Each time the controller starts, it validates the contents of its SCP and updates them if necessary.
If multiple administrators are likely to add and remove controllers after the initial installation is complete, they need permissions to create and delete children on the RegistrationServices container and Write properties on the Controllers security group (these permissions are granted automatically to the administrator who creates or populates the OU by running the Set-ADControllerDiscovery.ps1 script). Either the domain administrator or the original installing administrator can grant these permissions, and Citrix recommends setting up a security group to do this. The following points are important to bear in mind when you are using a site OU with XenDesktop:
q
Information is written to Active Directory only when installing or uninstalling XenDesktop, or when a controller starts and needs to update the information in its SCP (for example, because the controller was renamed or because the communication port was changed). By default, the Set-ADControllerDiscovery.ps1 script sets up permissions on the objects in the site's OU appropriately, giving controllers Write access to their SCP. The contents of the objects in the site OU are used to establish trust between desktops and controllers. You should ensure that:
183
Only authorized administrators can add or remove computers from the Controllers security group, using the security group's access control list (ACL) Only authorized administrators and the respective controller can change the information in the controller's SCP
Depending on your Active Directory infrastructure, you should be aware of replication and its impact on a XenDesktop implementation. Refer to Microsoft's documentation to understand the concepts of replication and associated delays. This is particularly important if you create the site's OU in a domain that has domain controllers located in multiple Active Directory sites. Depending on the location of desktops, controllers, and domain controllers, changes that are made to Active Directory when you are initially creating the OU for the site, installing or uninstalling controllers, or changing controller names or communication ports may not be visible to desktops until that information is replicated to the appropriate domain controller. The symptoms of such replication delay include desktops that cannot establish contact with controllers and are, therefore, not available for user connections. XenDesktop uses some of the standard computer object attributes in Active Directory to manage desktops. Depending on your setup, the machine object's fully qualified domain name, as stored in the desktop's Active Directory record, can be included as part of the connection settings that are returned to the user to make a connection. It is, therefore, important to ensure that this information is consistent with information held in your DNS environment.
184
The desktop appliance site, for XenDesktop-ready thin clients, is: \Inetpub\wwwroot\Citrix\DesktopAppliance The XenDesktop Services site, for full-screen-only use with domain-joined Windows XP and XPe appliances, is: \Inetpub\wwwroot\Citrix\PNAgent The XenDesktop Web site, for window view mode users who need to be able to access multiple desktops or to access desktops from a browser, is: \Inetpub\wwwroot\Citrix\DesktopWeb This is the default site that users are presented with if they browse just to the controller address.
To modify the desktop appliance site, you must edit the configuration files as described in the Web Interface documentation. The other default sites are standard Web Interface sites and you can modify them through the Web Interface Management Console. For remote access through Access Gateway, you need to create a new Web Interface site. For information about creating sites, and details of how to modify the site's user interface to refer to desktops rather than applications, see the Web Interface documentation.
185
Delegated Administration
This topic describes the different XenDesktop administration roles and responsibilities. Citrix administrators are not set up automatically during XenDesktop installation. After installation, only local administrators on the server running the Controller have full administrative privileges, with authority to manage and administer all areas of the XenDesktop site. Only an administrator with full rights can create additional full or delegated administrators. Note: Local administrators on the Controller always have full administrative privileges; these privileges always take precedence, regardless of delegated privileges that may later be explicitly assigned by Citrix administrators. However, Citrix recommends that for normal operation, you create Citrix administrators with the appropriate rights, rather than use the Local administrators account. Granting local administrators on the Controller full rights allows these administrators to configure the XenDesktop deployment and prevents a deployment from unintentionally being rendered unmanageable should all explicit administrators be removed.
Full administrator. This administrator has full administration rights with authority to manage and administer the entire XenDesktop site. Full administrators can perform any of the roles listed below, such as that of the machine or assignment administrator. Following XenDesktop installation, only local administrators on the server running the Controller have this role and can create further full or delegated administrators. Note that, to configure hosts, you must be a full administrator. Read-only administrator. This administrator can see all aspects of the XenDesktop site but has no authority to change any settings; any attempted edits will not be saved. Machine administrator. This administrator owns the catalogs and is responsible for building the virtual desktops. The machine administrator can specify which assignment administrators can consume the images created. This administrator can also see other aspects of the XenDesktop site. Assignment administrator. This administrator takes the virtual desktops created by the machine administrator, wraps these in one or more desktop groups and assigns them to users. The assignment administrator can specify which help desk administrators are permitted to support these users; for example, based on geographical roles. This administrator can also see other aspects of the XenDesktop site. Help desk administrator. This administrator performs day-to-day monitoring and maintenance tasks. Help desk administrators can perform the following actions on desktop groups:
q
Send messages
186
Delegated Administration
q
Session controls: Disconnect; Logoff Power controls (XenServer; this may differ on other hosts): Suspend; Restart; Force restart; Shut down; Force shutdown; Start
Note: For more information about displaying administration rights and creating additional administrators, see Delegating Administration Tasks. For more information about Desktop Director administration roles, see the Desktop Director documentation.
187
General security best practices when using XenDesktop, and any security-related differences between XenDesktop and a conventional computer environment Managing user privileges Deployment scenarios and their security implications
Your organization may need to meet specific security standards to satisfy regulatory requirements. This document does not cover this subject, because such security standards change over time. For up-to-date information on security standards and Citrix products, consult http://www.citrix.com/security/, or contact your Citrix representative.
Security Planning for XenDesktop http://www.iana.org/). All network communications should be appropriately secured and encrypted as appropriate to match your security policy. You can secure all communication between Microsoft Windows computers using IPSec; refer to your operating system documentation for details about how to do this. In addition, communication between user devices and desktops is secured through Citrix SecureICA, which is configured by default to 128-bit encryption. You can configure SecureICA when you are creating or updating an assignment; see To secure desktop groups.
By default, when non-privileged users connect to a desktop, they see the time zone of the system running the desktop instead of the time zone of their own user device. For information on how to allow users to see their local time when using desktops, see Configuring Time Zone Settings A user who is an administrator on a desktop has full control over that desktop. If a desktop is a pooled desktop rather than a dedicated desktop, the user must be trusted in respect of all other users of that desktop, including future users. All users of the desktop need to be aware of the potential permanent risk to their data security posed by this situation. This consideration does not apply to dedicated desktops, which have only a single user; that user should not be an administrator on any other desktop. Note: For information about how to use standard Windows procedures to grant users administrative privileges only over the desktop to which they are connected, see http://support.citrix.com/article/ctx116942/.
A user who is an administrator on a desktop can generally install software on that desktop, including potentially malicious software. The user can also potentially monitor or control traffic on any network connected to the desktop.
Security Planning for XenDesktop the general security best practices described above for all managed user devices. XenDesktop has the advantage that minimal software is required on a user device. A managed user device can be set up to be used in full-screen-only mode or in window mode:
q
If a user device is configured to be used in full-screen-only mode, users log on to it with the usual Log On To Windows screen. The same user credentials are then used to log on automatically to XenDesktop. If a user device is configured so that users see their desktop in a window, users first log on to the user device, then log on to XenDesktop through the XenDesktop Web site supplied with XenDesktop.
Unmanaged User Devices User devices that are not managed and administered by a trusted organization cannot be assumed to be under administrative control. For example, you might permit users to obtain and configure their own devices, but users might not follow the general security best practices described above. XenDesktop has the advantage that it is possible to deliver desktops securely to unmanaged user devices. These devices should still have basic antivirus protection that will defeat keylogger and similar input attacks. Data Storage Considerations When using XenDesktop, you can prevent users from storing data on user devices that are under their physical control. However, you must still consider the implications of users storing data on desktops. It is not good practice for users to store data on desktops; data should be held on file servers, database servers, or other repositories where it can be appropriately protected. Your desktop environment may consist of various types of desktops, such as pooled and dedicated desktops:
q
Users should never store data on desktops that are shared amongst users, such as pooled desktops. If users store data on dedicated desktops, that data should be removed if the desktop is later made available to other users.
190
Using a non-domain-joined thin client to access a single virtual desktop (Scenario A in the tables below) Using a domain-joined thin client or repurposed computer to access a single virtual desktop (Scenario B in the tables below) Using a client computer to access multiple virtual desktops (Scenario C in the tables below)
The following table shows the requirements for each scenario: Scenario A User device OS Windows XP, Windows XP Embedded Browser required Yes Web Interface site Desktop Appliance Client Desktop Appliance Lock in Citrix online plug-in 12.1 Citrix Receiver for Linux 11.100 No XenDesktop Services See manufacturer's documentation for the relevant thin client Preinstalled by administrator Client install Preinstalled by administrator
Linux
191
User Access and Experience C Windows 7, Windows Vista, Windows XP Windows CE Yes XenDesktop Web Desktop Viewer in Citrix online plug-in 12.1 Client for Windows CE 10.x Preinstalled by administrator or through auto client detection or user prompt
Citrix online plug-in for Macintosh 11.2 The table below summarizes the user experience for each scenario: Scenario A Logon XenDesktop logon page followed by automatic launch of virtual desktop Windows OS logon page followed by automatic launch of virtual desktop After users click on the URL that provides access to XenDesktop: On first use: If the Citrix online plug-in is installed, the XenDesktop logon page appears followed either by a list of available virtual desktops or automatic launch if only one is available; If the Citrix online plug-in is not installed, the user is prompted to download and install the plug-in. The XenDesktop logon page appears followed either by a list of available virtual desktops or automatic launch if only one is available. On subsequent use: The XenDesktop logon page appears followed either by a list of available virtual desktops or automatic launch if only one is available. Virtual desktop display Full screen virtual desktop. No user device OS access. Full screen virtual desktop. No user device OS access. On first use: the virtual desktop appears in window mode. On subsequent use: the virtual desktop appears in either window or full-screen mode, depending on the display mode of the user's last virtual desktop session. User device OS access available. Toolbar[1] No
Macintosh OS X
No
Yes3
192
A toolbar is available that allows users to switch between different virtual desktops and to customize desktops.
[2]
The first time users connect, a Welcome screen appears followed by the XenDesktop logon page.
[3]
You can disable the toolbar using the Web Interface.conf parameter "ShowDesktop Viewer"; for more information, see the Web Interface documentation. If window size must be constrained to a fixed size, disabling the toolbar allows Web Interface settings to take effect. For a list of the clients supplied on the XenDesktop 5 installation media, see Client Requirements. For full XenDesktop 5 functionality, use the Desktop Viewer in the Citrix online plug-in 12.1. Other clients provide differing levels of functionality: see the specific client documentation for details. Citrix also recommends that you regularly check http://www.citrix.com/English/ss/downloads/for new versions of the clients, which may offer further enhancements.
193
194
High Availability of the Virtual Desktop Agent 1. In HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ VirtualDesktopAgent, add the following registry entry (of type REG_DWORD): HighAvailability. Set this to 1 to enable high availability mode; 0 (zero) disables high availability mode. 2. To change the time period that the Virtual Desktop Agent will try registering with the controller before initiating high availability mode, also add the following registry entry (of type REG_DWORD): HaRegistrarTimeout. Specify the number of seconds. The default is 300 seconds. 3. Restart the virtual desktop. Preparing an ICA Launch File To establish a direct ICA connection to desktops, you provide users with an ICA launch file that they can use should communication with the controller fail. You must create an ICA launch file for each user who requires this feature; Citrix do not create or distribute ICA files for this purpose. For information on how to create ICA files, see http://support.citrix.com/article/CTX127392. You will need to tell users when it is appropriate to use this ICA launch file and where they can access it from. High Availability Mode Limitations High availability mode is suitable only for use with dedicated desktops; you cannot configure this for use with pooled desktops. In high availability mode, some features are unavailable. These include:
q
User roaming. If a client device is already connected to the desktop, users will be unable to connect from a different client device. Power management. When the desktop powers up, it attempts to register, fails and, after the timeout, enters high availability mode. Controller-originated policies. Policies originating on the controller, such as those governing client drive mapping and access to the clipboard, will not function as there is no connection to the controller. Policies originating from the Domain Controller and Local Group Policy are unaffected. Access Gateway and Remote Access
High availability mode persists for up to 30 days only, after which the desktop is no longer available.
195
Quick Deploy
XenDesktop 5 Quick Deploy is the fastest way to deploy a fully functional XenDesktop installation. You specify a master VM and select some users, then Quick Deploy creates virtual desktops, makes them available for the users, and shows you how to access your desktops. To achieve this in the minimum number of steps, Quick Deploy has some prerequisites and makes a number of assumptions. This topic describes what Quick Deploy does, the prerequisites for running Quick Deploy, and the assumptions that Quick Deploy makes.
Prerequisites
To run Quick Deploy you need:
q
A host with sufficient processors, memory, and storage to accommodate the number of machines for the desktops you plan to create. Access to an administrator account with permissions to create new machines on the host. A master VM running the Virtual Desktop Agent from which to create the desktops. The master VM must be available on the host where the machines will be created. Access to an Active Directory domain containing accounts for the desktop users. Access to a domain administrator account with permissions to create new Active Directory computer accounts for the machines. If you intend to create computer accounts in a different domain to that containing the user accounts, a trust relationship must be established between the two domains. A single-server installation of all the XenDesktop server-side components, including the controller, Desktop Studio, the Web Interface, the Citrix License Server, and Microsoft SQL Server 2008 R2.
196
Quick Deploy 2. Host. Establish a connection to the hypervisor cluster or resource pool that will host the machines created by Quick Deploy. 3. Resources. Specify the hypervisor storage and virtual network to be used for the machines. 4. Master Image. Specify the virtual machine or snapshot from which you want Quick Deploy to create the desktops. 5. Number of VMs. Specify the number of desktops that you want to create and a location for the Active Directory computer accounts. 6. Users. Select the Active Directory users or user groups to whom you want to assign the desktops. For more information about using Quick Deploy to set up a XenDesktop environment for evaluation purposes, see Installing and Configuring the Evaluation Deployment.
Assumptions
To streamline the deployment process, Quick Deploy automatically configures:
q
Licensing. In the absence of a valid XenDesktop license, Quick Deploy desktops are available for 30 days and usage is limited to a maximum of 10 desktops at any one time. To continue using Quick Deploy desktops after the 30 day grace period has expired or to use more that 10 desktops simultaneously, install a valid XenDesktop license on the Citrix License Server running on the server hosting the XenDesktop components. By default, Quick Deploy sets the product edition in Desktop Studio to Platinum Edition. If you install a license for a different edition, reset the product edition in Desktop Studio by selecting the Configuration node in the left pane and, in the Actions pane, clicking Edit licensing.
Virtual machines. Although XenDesktop 5 supports a number of different machine types, Quick Deploy creates pooled-random machines only. Quick Deploy machines are automatically named according to the scheme sitename**#. Here, sitename is the name you specified for your deployment on the Site page, ** is two random letters, and # is a number that increases incrementally from 1 to n, where n is the number of desktops to be created. Leading zeros are added where necessary to ensure that all machine names contain the same number of digits.
Active Directory computer accounts. Quick Deploy automatically creates Active Directory computer accounts in the organizational unit you specified on the Number of VMs page. The account names are the same as the names of the machines to which they relate. Machine catalog. In XenDesktop, collections of machines are managed as a single entity called a catalog. Quick Deploy automatically creates a catalog named QD Catalog. User assignment. In XenDesktop, user assignment to machines is managed using desktop groups. Quick Deploy automatically creates a desktop group named QD Desktop Group. By default, Quick Deploy limits user access to one desktop at a time.
197
Evaluating XenDesktop 5
These topics help you quickly to set up a basic XenDesktop deployment for evaluation purposes. With the experience gained in this deployment, you can extend your installation over multiple domains and add the additional components not included in the evaluation environment. Experience of basic Windows Server administration, familiarity with one or more of the supported hypervisors, and knowledge of Active Directory is assumed. For simplicity, all the hardware is installed in a single domain and all the server-side components of XenDesktop are installed on a single virtual machine (VM). Citrix strongly recommends that you isolate the evaluation deployment from your production environment. The figure shows the XenDesktop evaluation environment. Physical computers are denoted by the prefix 'p' and VMs by the prefix 'v'.
To simplify the evaluation deployment, this scenario specifies an isolated LAN environment with an IP addressing scheme based on the following assumptions.
A simple Ethernet switch is used to connect the hardware The physical machines and the VMs hosting the infrastructure components have manually assigned IP addresses The VMs providing the user desktops have IP addresses assigned by DHCP
198
Controller. Installed on servers in the data center, the controller consists of services that authenticate users, manage the assembly of users' virtual desktop environments, and broker connections between users and their desktops. It controls the state of the desktops, starting and stopping them based on demand and administrative configuration. For the evaluation environment, the following tools and components are installed locally with the controller.
q
Desktop Studio. Management tool that snaps into the Microsoft Management Console (MMC) and enables you to configure and manage your XenDesktop deployment. Desktop Director. Web-based tool designed to enable IT Support staff to monitor a XenDesktop deployment and perform day-to-day maintenance tasks. XenDesktop database. Microsoft SQL Server database used to store both configuration and session information. Web Access. Provides users with access to their desktops.
Citrix License Server. Validates XenDesktop licenses for the controller. For production deployments, you can install these components on separate computers and deploy multiple instances of the components to support large numbers of desktops.
q q
Virtual Desktop Agent. Installed on virtual desktops, the Virtual Desktop Agent enables direct ICA (Independent Computing Architecture) connections between the virtual desktop and user devices. Citrix client. Installed on user devices, Citrix clients enable users to access virtual desktops and applications. Citrix HDX technologies. A broad set of technologies designed to enable a high definition user experience for virtual desktops and applications over any network, regardless of the capabilities of the user device.
The evaluation environment requires the following infrastructure. Physical computers are denoted by the prefix 'p' and VMs by the prefix 'v'.
pHost. A physical server virtualized with one of the following supported hypervisors.
q
Citrix XenServer 5.6 Standard and Enterprise editions Windows Server 2008 R2 Hyper-V VMware vSphere 4.1 (ESX 4.1/ESXi 4.1 and vCenter 4.1)
VMware vSphere 4 Update 1 (ESX 4.0 and vCenter 4.0) For a XenDesktop evaluation deployment, Citrix recommends the following server specification.
q
199
Evaluate CPUs Intel VT or AMD-V processors with hardware virtualization enabled in the BIOS. 1.5 GHz minimum clock speed; 2.0 GHz or faster multicore processors recommended. Memory Storage Minimum 3 GB RAM; 12 GB recommended. Minimum 150 GB locally attached storage; 1 TB recommended. Note: The above values are based on Logical Volume Manager (LVM) storage. For the most efficient use of local storage, Citrix recommends using a file-based repository with VHD format support. 100 Mbps (megabits per second) or faster. The VMs hosted on pHost provide the infrastructure components, the master VM, and the user desktops. For Hyper-V environments only, this server also functions as the domain controller (Native or Mixed mode with Active Directory, DNS, and DHCP.)
q
vSCVMM. For Hyper-V environments only, VM hosting System Center Virtual Machine Manager 2008 R2. vDmC. For XenServer and VMware environments only, VM hosting the domain controller in Native or Mixed mode with Active Directory, DNS, and DHCP. vController. VM hosting the controller, Desktop Studio, Desktop Director, the XenDesktop database, Web Access, and the Citrix License Management Console. vMaster. VM to be used as the template for the user desktops.
q vDesktopX. VMs providing user desktops. pCenter. For XenServer and VMware environments only, physical computer running the appropriate hypervisor management tools to enable you to manage the VMs on pHost.
pUser. A Windows, Mac OS X, or Linux computer running the appropriate Citrix client for the operating system.
200
Citrix XenServer 5.6 Standard and Enterprise editions Windows Server 2008 R2 Hyper-V VMware vSphere 4.1 (ESX 4.1/ESXi 4.1)
VMware vSphere 4 Update 1 (ESX 4.0) 2. For XenServer environments, install XenCenter on the physical machine pCenter. In VMware environments, install vCenter Server and the appropriate management tools on pCenter.
q
Note: XenDesktop does not support VMware vCenter Linked Mode. For Hyper-V environments, create a VM on pHost named vSCVMM, install Windows Server 2008 R2 on vSCVMM, and then install System Center Virtual Machine Manager 2008 R2. 3. For Hyper-V environments only, create on pHost a Windows network share that is writeable by the System Center Virtual Machine Manager administrator account. This share is required to allow XenDesktop remote access to the storage on pHost. 4. In the evaluation environment, Citrix recommends configuring static IP addresses for pHost and pCenter/vSCVMM.
Installing and Configuring the Evaluation Deployment 1. For XenServer and VMware environments only, use the management tool for your hypervisor to create on pHost a VM named vDmC running a Windows Server operating system. You configure vDmC as the domain controller for the evaluation environment. Citrix recommends configuring a static IP address for vDmC in the evaluation environment. For Hyper-V environments, configure pHost as the domain controller. 2. Configure Active Directory on the domain controller using the following guidelines. a. Create an Active Directory domain for the evaluation environment with a single domain controller. XenDesktop supports both Native mode and Mixed mode. b. Configure Active Directory to include a DNS server, which must be configured to have both forward and reverse look-up zones. c. Specify a DHCP scope with an address range that excludes the static IP addresses used for the infrastructure components. This enables DHCP to dynamically assign IP addresses to the virtual desktops while protecting the static IP addresses of the infrastructure components. 3. For Hyper-V environments, add vSCVMM to the domain. For XenServer and VMware environments, optionally add pCenter to the domain.
202
Windows Vista 64-bit Editions with Service Pack 2 (non-Aero) Windows Vista 32-bit Editions with Service Pack 2 (non-Aero) Windows XP Professional x64 Edition with Service Pack 2 Windows XP Professional with Service Pack 3
3. Install on vMaster the appropriate integration tools for your hypervisor (XenServer Tools, Hyper-V Integration Services, or VMware Tools). Note: If you do not install hypervisor integration tools on the master VM, your desktops may not function correctly. On Windows XP VMs, install the Microsoft Windows Management Core, which is available from http://support.microsoft.com/?kbid=968930. This package includes Windows Remote Management 2.0, which is required to support Desktop Director. Windows Remote Management 2.0 is included by default with Windows 7 and Windows Vista. 4. Join vMaster to the evaluation environment domain that you set up in the previous task and configure a dynamic IP address so that the master VM (and therefore the desktops you will provision) receives its IP address from the DHCP server on the domain controller. 5. Insert the XenDesktop installation media into the optical drive on pHost or mount the ISO on vMaster. If autorun is not enabled, navigate to and run AutoSelect.exe on the installation media. Before starting the installer, XenDesktop installs Microsoft .NET Framework 3.5 with Service Pack 1 if it is not already present on vMaster. 6. In the XenDesktop installation wizard, click Install Virtual Desktop Agent and then click Quick Deploy. 7. On the Summary page, click Install. Before the Virtual Desktop Agent is installed, the following prerequisites are installed if they are not already present on vMaster.
q
q Microsoft Visual C++ 2005 with Service Pack 1 Redistributable Package Additionally, Citrix plug-ins are automatically installed on vMaster so that users can access XenApp virtualized applications from their desktops.
8. If you are using a firewall other than Windows Firewall on vController, manually enable ports 80, 1494, 2598, and 3389 to allow XenDesktop to function correctly. If Windows Firewall is running on vMaster, XenDesktop opens the ports automatically. When the installation is complete, ensure that the Restart machine (required to complete install) check box is selected and click Close. 9. After restarting vMaster, install any third-party applications that you want to run on users' desktops, such as antivirus software. 10. Shut down vMaster. 203
Installing and Configuring the Evaluation Deployment Citrix recommends that you create a snapshot of vMaster and name the snapshot in a way that allows you to identify vMaster in the future. If you specify the VM rather than a snapshot when creating your desktops, Desktop Studio will create a snapshot for you but you will not be able to name it. The XenDesktop database retains a historical record of the master VMs used with each catalog. Provided you do not delete, move, or rename the old master VMs, this enables you quickly to revert a catalog to use a previous version of the master VM.
Windows Server 2008 R2 Windows Server 2008 x64 Editions with Service Pack 2
Windows Server 2008 with Service Pack 2 3. Join vController to the evaluation environment domain.
q
In the evaluation environment, Citrix recommends configuring a static IP address for vController. 4. On vController, install Adobe Flash Player, which is available from http://get.adobe.com/flashplayer/. Additionally, for Hyper-V environments only, install the Virtual Machine Manager Administrator Console on vController. Verify that the console can connect to System Center Virtual Machine Manager on vSCVMM. 5. Ensure that you are logged on to vController using an account with local administrator permissions or have the credentials for such an account available. Insert the XenDesktop installation media into the optical drive on pHost or mount the ISO on vMaster. If autorun is not enabled, navigate to and run AutoSelect.exe on the installation media. 6. In the XenDesktop installation wizard, click Install XenDesktop. 7. Read and accept the license agreement, and click Next. 8. On the Select Components to Install page, ensure that all the components are selected for installation, including SQL Server Express, and click Next.
204
Installing and Configuring the Evaluation Deployment 9. If Windows Firewall is running on vController, ensure that the Enable these ports check box is selected. If you are using a firewall other than Windows Firewall on vController, manually enable ports 7279, 8082, and 27000 to allow XenDesktop to function correctly. Click Next. 10. On the Summary page, check that all five XenDesktop components are listed for installation and click Install. Before the components are installed, the following prerequisites are installed if they are not already present on vController.
q
Microsoft Windows Management Framework Core (for Windows Server 2008 with Service Pack 2 only; included by default with Windows Server 2008 R2) Note: vController must be connected to the Internet to install the Windows Management Framework.
Microsoft .NET Framework 3.5 with Service Pack 1 Microsoft SQL Server 2008 R2 Express Edition Microsoft Visual C++ 2008 with Service Pack 1 Redistributable Package Microsoft Internet Information Services Microsoft Visual J#.NET 2.0 Second Edition
q Java Runtime Environment 5.0 Update 15 11. When the installation is complete, click Close. If you are ready to start provisioning desktops, ensure that the Configure XenDesktop after closing check box is selected.
205
Installing and Configuring the Evaluation Deployment 5. Supply credentials for an administrator account with permissions to create new VMs on pHost and click Next. 6. On the Resources page, specify the type of storage to use for the VMs. Select one or more check boxes next to the storage instances you want to use. If you select multiple storage locations, machines are distributed equally rather than filling up the storage instances sequentially. The evaluation environment described here assumes that you are using local storage on pHost. However, if shared storage is also available in your deployment, you can use only local or shared storage; you cannot use a mixture of both. 7. Select the network containing the DHCP server you set up on the domain controller and click Next. 8. On the Master Image page, navigate to and select a snapshot of vMaster. Click Next. Citrix recommends that you use an appropriately named snapshot of vMaster to provision your desktops. If you specify the VM rather than a snapshot, Desktop Studio will create a snapshot for you but you will not be able to name it. 9. On the Number of VMs page, specify the number of machines you want to create and allocate virtual processors and memory to the VMs. You cannot change the size of the hard disk for the machinesthis setting is determined by the hard disk size you specified when you created vMaster. 10. Specify the organizational unit within the evaluation environment domain to which you want new Active Directory computer accounts for the machines to be added and click Next. 11. On the Users page, click Add and select the Active Directory users or user groups to whom you want to assign the desktops. Click Next. 12. On the Summary page, check that the details are correct and click Finish to start creating the machines and provisioning desktops. When the process is complete, click Close. XenDesktop creates the required number of machines on pHost, along with the corresponding Active Directory computer accounts in the evaluation environment domain. Then, XenDesktop makes a temporary copy of vMaster and, from this copy, creates desktops on the machines. The Quick deploy task creates pooled-random machines, which are kept in a pool and are temporarily and randomly assigned to users as they log on. When users log off, pooled-random machines are returned to the pool and become available for other users. For more information about the other machine types available in XenDesktop, see Choosing the Machine Type. In the absence of a valid XenDesktop license, your desktops are available for 30 days and usage is limited to a maximum of 10 desktops at any one time. To continue using your desktops after the 30 day grace period has expired or to use more that 10 desktops simultaneously, install a valid XenDesktop license on the Citrix License Server running on vController. For more information about Citrix Licensing, see Licensing Your Product.
206
Installing and Configuring the Evaluation Deployment By default, Quick Deploy sets the product edition in Desktop Studio to Platinum Edition. If you install a license for a different edition, reset the product edition in Desktop Studio by selecting the Configuration node in the left pane and, in the Actions pane, clicking Edit licensing. The topic XenDesktop User Experience guides you through the process of accessing your new desktops and testing the HDX high definition user experience.
207
Windows 7 64-bit Editions Windows 7 32-bit Editions Windows Embedded Standard 7 Windows Vista 64-bit Editions with Service Pack 2 Windows Vista 32-bit Editions with Service Pack 2 Windows XP Professional x64 Edition with Service Pack 2 Windows XP Professional with Service Pack 3 Windows XP Embedded with Service Pack 3 Mac OS X Snow Leopard Mac OS X Leopard Mac OS X Tiger Linux with kernel version 2.6.18 or above running on a WYSE, HP, or IGEL thin client
208
209
210
XenDesktop User Experience 6. On the Choose when to apply the settings using filters page, click Next. 7. Ensure that the Enable this policy check box is selected and click Create. 8. Log on to your desktop as described above in To access your virtual desktops. 9. To experience HDX Plug-n-Play, connect a USB device, such as a flash memory drive, a webcam, or an iPod, to pUser. On the Desktop Viewer toolbar, click USB and select the USB device. The USB device is seamlessly redirected to the virtual desktop. For more information about supported USB devices, see the XenDesktop USB Citrix Tested Device List.
211
Licensing the site and specifying which edition of XenDesktop to use Setting up the site database
Providing information about your virtual infrastructure After you have configured a site you can add more controllers to it if necessary; see To add a controller for information on how to do this.
q
3. To manage your deployment remotely, install Desktop Studio on appropriate computers. 4. Install the Virtual Desktop Agent on your virtual desktops or base image. When you are installing the Virtual Desktop Agent you can also install plug-ins to enable you to deliver XenApp applications to your users. Important: Citrix supports installation of XenDesktop components only through the procedures described in Citrix documentation. Command-line tools (XenDesktopServerSetup.exe and XenDesktopVdaSetup.exe) are also available for installation tasks.
212
213
XenDesktop Installation Media and Downloads Citrix XenApp for Microsoft Windows Server 2003 32-bit and 64-bit versions of: XenApp for Microsoft Windows Server 2003 English XenApp for Microsoft Windows Server 2003 Japanese The following components are available only as web downloads:
q
Profile management XenApp 5 Feature Pack 3 Access Gateway Linux Guest Support for XenServer
For information on the components that are available in each XenDesktop edition, see XenDesktop Features and Editions.
214
Controller. The SDKs are also automatically installed when you install the Controller. Web Interface. The License Server. Desktop Studio. The SDKs are also automatically installed when you install Desktop Studio. Desktop Director.
The XenDesktop installation wizard guides you through making the right deployment choices from a simple proof of concept to an enterprise-ready installation. For a first installation, Citrix recommends that you install every component onto a single server. For large scale installations, you can install each component onto a separate server, allowing your deployment to grow to match the needs of your organization. Note that the XenDesktop installation wizard does not include setting up your virtual infrastructure; you must do this before configuring your XenDesktop site, using the relevant product documentation. By default, all the components are installed, but you can choose to omit any component that you do not want or that you plan to install on a different computer. If you install Web Interface or Desktop Director on a different computer from the controllers you want these components to connect to, ensure you know the relevant controllers' details because you have to provide them during installation. For Web Interface, the controllers you specify here are the only ones Web Interface will connect to, so if you specify only one controller there will be no failover or load balancing. For Desktop Director you need to specify only one controller: any of the other controllers on the site will then be used automatically for failover. Before you install the server components, read Planning a XenDesktop Deployment, and ensure you have the prerequisites installed. Depending on which components you are installing, the following prerequisites are installed automatically if they are not already present on the computer:
q
Microsoft Windows Management Framework, if you are using Windows Server 2008 (but not Windows Server 2008 R2). This component is downloaded so if it is missing then an internet connection is required. This download includes Microsoft Powershell 2.0, which is a prerequisite for XenDesktop. Microsoft .NET Framework 3.5 Service Pack 1. Microsoft Internet Information Services (IIS). When IIS is installed, port 80 is automatically opened.
215
Microsoft SQL Express 2008. Java Runtime Environment 1.5 update 15. Microsoft Visual J# Redistributable Package version 2.0. Microsoft Visual C ++ 2008 Service Pack 1 runtime redistributables.
To install the server components, log on using an account that has local administrator permissions (or ensure you know the administrator password), then insert the XenDesktop installation media in the appropriate drive or mount the ISO in the appropriate virtual machine. The following is a summary of the steps you are prompted to complete: 1. On the Installation page, select Install XenDesktop. The wizard starts. 2. Select the components you want to install (all are selected by default) and where you want to install them. 3. Manage firewall configuration. If the Windows firewall is detected, the necessary ports can be opened automatically for you. If another firewall is detected, you are told which ports you need to open manually for XenDesktop to operate successfully. 4. A summary of what is going to be installed appears. 5. When installation begins, progress is displayed on the screen. During the Initializing install stage, some preconfiguration is carried out automatically: if you have enabled Web Interface, the default Web sites are set up, and if you have installed Desktop Studio and Desktop Director, these are set up for you. 6. Provided you have installed Desktop Studio, when installation is complete the default is to start Desktop Studio so that you can configure your XenDesktop site. Note: If you are installing XenDesktop on a non-domain-joined machine you cannot configure a site, so the Configure XenDesktop check box does not appear. To install Desktop Studio separately, on the Installation page select Extras, then select Install Desktop Studio. To add or remove components, select the Windows option for adding or removing programs, then select Citrix XenDesktop. You can then select to add or remove components, or to remove XenDesktop completely. Note: Before removing the Controller component from a server, you must first ensure that the controller is removed from the site using Desktop Studio.
216
Reconfigure the firewall. If the Windows firewall is detected, the necessary ports can be opened automatically for you. If another firewall is detected, you are told which ports you need to open manually for XenDesktop to operate successfully. You can also request to have the necessary ports opened for Windows Remote Assistance and Windows Remote Management.
217
If this installation is running in a VM on a hypervisor, you can select to have the VM automatically optimized for use with XenDesktop. Optimization involves actions such as disabling offline files, disabling background defragmentation, and reducing the event log size. For full information on the optimization tool, see http://support.citrix.com/article/ctx125874/ .
6. A summary of what is going to be installed appears. 7. When installation begins, progress is displayed on the screen. 8. When installation is complete the default is to restart the machine; you must do this for the changes to take effect. You can also install the Virtual Desktop Agent through a command-line utility: XenDesktopVdaSetup.exe. To deploy the Virtual Desktop Agent through Active Directory Group Policy, see http://support.citrix.com/article/ctx127301/. Note: When you install the Virtual Desktop Agent, a new local user group for authorized RDP users is automatically created. The group is called Direct RDP Access Administrators. For further information on using protocols other than ICA, see http://support.citrix.com/article/ctx121657/. XenDesktop requires desktops and controllers to have synchronized system clocks. This is required by the underlying Kerberos infrastructure that secures the communication between the machines. You can use normal Windows domain infrastructure to ensure that the system time on all machines is correctly synchronized. To add or remove components, select the Windows option for adding or removing progams, then select Citrix Virtual Desktop Agent. You can then select to add, remove, or reconfigure components, or to remove the Virtual Desktop Agent completely. You cannot remove support for XenApp application delivery through the XenDesktop installation wizard; you must remove the plug-ins directly through the Windows removal option. The Reconfigure Components option enables you to update the site and port numbers.
218
%Program Files%\Citrix\ICAService\picaSvc.exe requires inbound TCP on port 1494. Because this connection uses a kernel driver, you may need to configure this setting as a port exception rather than a program exception, depending on your firewall software. If you are running Windows Firewall, you must configure this setting as a port exception. %Program Files%\Citrix\ICAService\CitrixCGPServer.exe requires inbound TCP on port 2598.
Note: Citrix recommends that you do not use TCP ports 1494 and 2598 for anything other than ICA and CGP, to avoid the possibility of inadvertently leaving administrative interfaces open to attack. Ports 1494 and 2598 are correctly registered with the Internet Assigned Number Authority (see http://www.iana.org/). For communication between controllers and virtual desktops: %Program Files%\Citrix\XenDesktop\WorkstationAgent.exe requires inbound HTTP (http.sys) on the TCP/IP port you configured at installation time. The default port is 80. Because this connection uses a kernel driver, you may need to configure this setting as a port exception rather than a program exception, depending on your firewall software. If you are running Windows Firewall, you must configure this setting as a port exception. Windows Remote Assistance requires ports TCP/135, TCP/3389, and DCOM. On Windows Vista and Windows 7 desktops you can configure these exceptions by enabling the built-in Remote Assistance exception. On Windows XP you must set additional exceptions: 1. Enable the Remote Assistance exception. 2. Add and enable the TCP 135 exception. 3. Add and enable the "%systemroot%\PCHEALTH\HELPCTR\Binaries\helpsvc.exe" exception. 4. See http://support.microsoft.com/kb/555179. Windows Remote Management requires the following ports:
q
TCP/80 for Windows Remote Management 1.1 TCP/5985 for Windows Remote Management 2.0
219
q HKLM\Software\Citrix\Metaframe Password Manager\Shell\OrigGinaDLL 2. Modify the registry entries so that the GINAs are called in the correct order:
HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon\GinaDLL This should point to the XenDesktop GINA; for example, C:\Program Files\Citrix\ICAService\picaGina.dll
HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon\CtxGinaDLL This should point to the Password Manager GINA; for example, C:\Program Files\Citrix\MetaFrame Password Manager\SSOGina\SSOGina.dll
220
221
Licensing the site and specifying which edition of XenDesktop to use. Setting up the site database. Ensure that you have read the database-related information in Planning a XenDesktop Deployment before you start configuring your site. Providing information about your virtual infrastructure, in terms of the host and connection to use. A host is a representation of a XenServer pool (or ESX or SCVMM cluster), with storage and a virtual network, where you create and store virtual machines (VMs) for your user desktops. This infrastructure allows you to efficiently manage the distribution of VMs in your hypervisor infrastructure. A host connection represents the credentials and address needed to access the host; these can be used by more than one host.
You can choose between two wizards when configuring sites: the Quick Deploy wizard or the Desktop Deployment wizard. The Quick Deploy wizard is intended for setting up small production sites and proof-of-concept sites; it is described in Evaluating XenDesktop 5 and Quick Deploy. This topic describes the Initial Configuration steps in the Desktop Deployment wizard, which is intended for more typical production deployments. To start the wizard for configuring the site, start Desktop Studio, then select Desktop Deployment. The rest of this topic summarizes the steps the wizard takes you through and provides additional information where necessary. 1. Specify a site name. 2. Specify the license server to use. You must specify the address as name:[port], where name can be a DNS, NetBIOS, or IP address. If you do not specify a port number, the default port is assumed. If there is already a license server on the controller, you are not prompted to specify its name; instead you are prompted for a license file location and the edition is detected from the license file. If you need to point to a different license server after initially configuring the site, select Configuration in the left pane of Desktop Studio, then Edit Licensing from the list of actions. 3. Specify the database to use:
q
By default XenDesktop uses the locally installed copy of SQL Express, if it is available, to create the site database on the controller on which you are working. To use an alternative database, select Use existing database. The server location must be a DNS, NetBIOS, or IP address, without a port number. If you are using an existing database and you need to set up XenDesktop manually, for example if your database is locked down, click Generate. This generates two scripts for use by your database administrator: one that generates the entire
222
To configure a XenDesktop site database setup for XenDesktop, and one optional script for use if you are using database mirroring. These scripts must be run before you can complete XenDesktop initial configuration. Click Next. 4. Specify a connection name, the type of host you are using, and the credentials to use when accessing it. Ensure that the credentials enable you to carry out all the necessary XenDesktop tasks. If you use XenServer, note that:
q
Citrix recommends using HTTPS to secure communication between XenDesktop and XenServer. To use HTTPS you must replace the default SSL certificate installed with XenServer with one from a trusted certificate authority. For details of how to do this see To replace the default XenServer SSL certificate You can configure high availability if it is enabled on XenServer. Citrix recommends that you select all servers in the pool to allow communication between XenDesktop and XenServer if the pool master fails.
Note: If you are using XenDesktop to manage user desktops hosted on dedicated blade PCs in the data center, select None for host type. You do not need to provide any further configuration information and the configuration summary appears. 5. Select whether to use XenDesktop to create virtual machines, or whether to create them manually. Select the XenDesktop option to use Machine Creation Services to create catalogs of pooled or dedicated VMs. The manual creation option allows you to use XenDesktop to manage and deliver user desktops that you have already migrated to VMs in the data center. 6. If you select to use XenDesktop to create desktops, you are prompted to specify the details of the host on which they will be stored: a name for the host, and the virtual network and storage to use. If both local and shared storage are available on the host you must select a single type; you cannot mix them. Note: If you intend to use SmartAccess endpoint analysis, pass-through authentication, or smart card authentication with XenDesktop, you must configure XenDesktop to trust XML services. To do this, run the following Powershell SDK command: Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true
After configuring your site, you can add more controllers to it or create a catalog.
223
224
225
Migrating to XenDesktop 5
A migration tool is available to enable you to easily transfer data and settings from your XenDesktop 4 farm to a XenDesktop 5 site. This topic provides the information you need to take into account when planning how best to migrate your deployment. The other topics in this section describe:
q
Upgrading XenDesktop Components Data Import and Export Details Exporting Data from a XenDesktop 4 Farm Editing the Migration Tool XML File Importing Data into a XenDesktop 5 Site Post-Migration Tasks Migrating from XenDesktop 4 to XenDesktop 5: an Example
To use the migration tool successfully, both deployments must use the same hypervisor environment. The recommended steps to migrate your deployment are as follows: 1. Set up a XenDesktop 5 site and upgrade Web Interface and XenServer to the latest versions. 2. Update user devices with the latest version of Citrix Receiver. 3. Upgrade virtual desktops to the XenDesktop 5 Virtual Desktop Agent. 4. In XenDesktop 4, put the virtual desktops into maintenance mode. 5. Ensure you understand which data can be exported and imported, and how this applies to your own deployment. Information on which types of data are exported and imported is available at Data Import and Export Details. 6. Export data and settings from your XenDesktop 4 farm to an XML file. For details of using the migration tool to do this, see Exporting Data from a XenDesktop 4 Farm. 7. Edit the XML file so that it contains only the data and settings you want to import into your XenDesktop 5 site. For further details of how to edit the XML file, see Editing the Migration Tool XML File. 8. Import data and settings from the XML file to your XenDesktop 5 site. For details of using the migration tool to do this, see Importing Data into a XenDesktop 5 Site. 9. Repeat steps 6 to 8 as many times as necessary. Alternatively, if the XenDesktop 4 farm is not changing very much during this time, you can keep the original exported XML file
226
Upgrade and Migrate and just repeat steps 7 and 8 rather than repeating the export step. 10. Complete the post-migration tasks described in Post-Migration Tasks. For a worked example of migrating a deployment based on the steps listed above, see Migrating from XenDesktop 4 to XenDesktop 5: an Example.
227
To use XenDesktop 5 you must set up a new XenDesktop 5 site with its own database; XenDesktop 5 only supports Microsoft SQL Server 2008. For full details of database requirements, see Database Requirements. You cannot upgrade a XenDesktop 4 delivery controller to XenDesktop 5. XenDesktop 5 controllers cannot join a XenDesktop 4 farm, and XenDesktop 4 delivery controllers cannot join a XenDesktop 5 site. This is because XenDesktop 4 requires Microsoft Windows Server 2003, whereas XenDesktop 5 requires Microsoft Windows Server 2008.
228
Web Interface
Web Interface provides the user interface that lets the user authenticate and select which desktop they want to connect to. Web Interface can aggregate XenApp and XenDesktop, and it can also aggregate multiple farms or sites for each product. Web Interface is backwards- and forwards-compatible. Specifically for XenDesktop 5, Web Interface 5.4 has been enhanced to optimize the user experience when launching desktop connections. In particular, Web Interface 5.4 provides a better way of displaying access to multiple desktops and optimizes performance when a large number of assigned desktops are available. There is one XenDesktop 5 feature that is not available through earlier versions of Web Interface: assignment of virtual desktops to user devices where users can reset these desktops. If you need to use this feature, you must upgrade to Web Interface 5.4. In all other cases, you can continue to use an existing Web Interface deployment, although Citrix recommends upgrading to the latest version to benefit from the performance and usability enhancements. The upgrade process for Web Interface has not changed from earlier versions. For further details, see Web Interface 5.4.
User Device
Citrix recommends that you update user devices with the latest version of Citrix Receiver to benefit from hotfixes and to receive support for the latest features. For further details, see Receiver and Plug-ins.
Provisioning Services
Provisioning services continues as a supported mechanism for streaming the operating system to a virtual or physical desktop. There is support for administering Provisioning services through Desktop Studio, but this is limited to importing machines from Provisioning Services into catalogs. Citrix recommends that you use the latest version of Provisioning services.
229
Are both exported and imported. Are exported but not imported. You can extract this data from the XML file produced by the export tool and use it for other purposes. May be present in the XenDesktop 4 farm but are not exported. This list is not exhaustive: it includes the most significant relevant types of data. Exported? Imported?Notes Y Y Desktop group icons are not exported. SecureIcaRequired is set to 'true' if the DefaultEncryptionLevel in XenDesktop 4 is not 'basic'.
Desktops
If a desktop group in the XenDesktop 4 farm has the same name as a desktop group in the XenDesktop 5 site, desktops belonging to it can be added to the group of the same name in the target site. To do this, you must specify the MergeDesktops parameter when you run the import tool. Note that the settings of the XenDesktop 5 group are not overwritten with the settings of the XenDesktop 4 group. If this parameter is not specified, and there is a group with the same name as one defined in the XML file, the tool displays an error and halts before any data is imported. Note that assigned desktops cannot be added to a shared desktop group, and pooled desktops cannot be added to a private desktop group.
Machines
Machines are imported into four catalogs. These catalogs are automatically created in the XenDesktop 5 site by the import tool and are called Imported Existing Random (for pooled VMs), Imported Existing Static (for assigned VMs), Imported Physical Random (for pooled PCs or blades), and Imported Physical Static (for assigned PCs or blades). Any subsequent import of machines uses the same four catalogs.
230
Data Import and Export Details Pool management pools Y Y Includes multi-pool pools, and idle pool settings including schedule. PeakBuffersizePercent is set to 10% by default. OffPeakBufferSizePercent is set to 10% by default. Any unselected days in the Business days setting on XenDesktop 4 are imported as part of the Weekend power time scheme in XenDesktop 5. HostingXD4 Action times are rounded up to the nearest minute. Start times are rounded down to the nearest hour. End times are rounded up to the nearest hour. Farm settings Y Y The following farm settings are imported as a machine policy: IcaKeepAlive, AutoClientReconnect, and SessionReliability. Note that the setting to enable the Flash player is not imported. Some policy data is imported. Filters, settings, and printers are imported as user policies. For further details of user policy export and import, see the other table in this topic. New access policy rules are created from XenDesktop 4 group settings. When policies are imported their relative priority order is preserved. However they are always added with a higher priority than any existing policies on the XenDesktop 5 site. Policy merging is not supported. There is no option to import policies into Active Directory. They are always stored in the site. User assignments Y Y
Policies
231
Data Import and Export Details Hypervisor settings Y Y Hypervisor addresses are exported, but not the credentials required to access those hypervisors. To create hypervisor connections in the XenDesktop 5 site you must extract the addresses from the XML file and create a Powershell hash table that maps them to the relevant credential instances. You then specify this table in the import tool HypervisorConnectionCredentials parameter. For further details on how to create the table, see Importing Data into a XenDesktop 5 Site. No merging or updating of hypervisor settings for existing desktop groups and hypervisor connections is supported. Administrators Y N No administrator data is imported, including data about delegated administrators. You must create new administrators for your XenDesktop 5 site. For example, license server name and desktop edition. Note that license files are not exported. Desktop group folders Y N XenDesktop 5 does not support desktop group folders. If you have duplicate desktop group names because different folders in the XenDesktop 4 farm contained groups with the same names, edit them in the XML file. If you do not this, the import tool will halt. For information on implementing registry keys, see Post-Migration Tasks.
Licensing configuration
Registry keys Provisioning services-related data Applications List of desktop delivery controllers Web Interface configuration Active Directory Organizational Unit (OU) configuration NetScaler and Access Gateway Event log throttling settings 232
Y N
N N
N N
Any Web Interface migration is handled by the Web Interface install and upgrade mechanisms. If you plan to configure the new site to use Active Directory-based controller discovery rather than the default registry-based controller discovery, Citrix recommends that you create a new Organizational Unit to support it.
N N
Data Import and Export Details PortICAConfig XML file N If you have changed the default settings for this file you may need to configure these settings for the new site through Group Policy Objects.
Configuration N logging settings provided through XenDesktop 4 Service Pack 1 The following table shows how user policy data is exported and imported. XenDesktop 4 category and setting XML file XenDesktop 5 category and setting Not imported
Bandwidth\Visual ClientOEMVCBandwidth Effects\Session Limits OEM Virtual Channels Client DisableOEMVirtualChannels Devices\Resources\Other Turn off OEM virtual channels User DoNotUseClientLocalTime Workspace\Time Zones Do not use Client's local time Security\Encryption ClientSecurityRequirement SecureICA encryption Bandwidth\Visual LossyCompression settings Effects\SpeedScreen Image acceleration using lossy compression Bandwidth\Visual TurnOffWallpaper Effects Turn off desktop wallpaper
Not imported
Not imported
Not imported
DesktopWallpaper ICA\DesktopUI
233
Data Import and Export Details Bandwidth\Visual TurnOffMenuWindowAnimation Effects Turn off window contents while dragging Bandwidth\Visual DoNotShowWindowContentsWhileDragging WindowContentsVisibleWhileDragging Effects ICA\DesktopUI Turn off window contents while dragging Bandwidth\Visual LimitPrinterBandWidth__AllowedBandWidth PrinterBandwidthLimit Effects\Session Limits ICA\Bandwidth Printer Bandwidth\Visual ClientDriveBandwidth__AllowedBandWidth FileRedirectionBandwidthLimit Effects\Session Limits ICA\Bandwidth Drives Bandwidth\Visual ClientLptBandwidth__AllowedBandWidth Effects\Session Limits LPT Ports Bandwidth\Visual ClientComBandwidth__AllowedBandWidth ComPortBandwidthLimit Effects\Session Limits ICA\Bandwidth COM Ports Bandwidth\Visual ClientClipboardBandwidth__AllowedBandWidth ClipboardBandwidthLimit Effects\Session Limits ICA\Bandwidth Clipboard Bandwidth\Visual ClientAudioBandwidth__AllowedBandWidthAudioBandwidthLimit Effects\Session Limits ICA\Bandwidth Audio LptBandwidthLimit ICA\Bandwidth MenuAnimation ICA\DesktopUI
234
Data Import and Export Details Bandwidth\Visual OverallBandwidth__AllowedBandWidth Effects\Session Limits Overall Session Client ClientAudioMicrophone__TurnOn Devices\Resources\Audio Microphones Client ClientAudioQuality__Quality Devices\Resources\Audio Sound Quality Client DisableClientAudioMapping Devices\Resources\Audio Turn off speakers Client ConnectClientDriveAtLogon__TurnOn Devices\Resources\Drives Connection Client DisableClientDriveMapping__DisableFloppyDrive ClientFloppyDrives Devices\Resources\Drives ICA\FileRedirection Turn off Floppy disk drives Client DisableClientDriveMapping__DisableHardDrive ClientFixedDrives Devices\Resources\Drives ICA\FileRedirection Turn off Hard drives Client DisableClientDriveMapping__DisableCdrom ClientOpticalDrives Devices\Resources\Drives ICA\FileRedirection Turn off CD-ROM drives Client DisableClientDriveMapping__DisableRemoteClientNetworkDrives Devices\Resources\Drives ICA\FileRedirection Turn off Remote drives AutoConnectDrives ICA\FileRedirection ClientAudioRedirection ICA\Audio AudioQuality ICA\Audio MicrophoneRedirection ICA\Audio OverallBandwidthLimit ICA\Bandwidth
235
Data Import and Export Details Client DisableClientDriveMapping__DisableUSB Devices\Resources\Drives Turn off USB disk drives Client CDMAsyncWrites Devices\Resources\Drives\Optimize Asynchronous writes Client DisableClientClipboardMapping Devices\Resources\Other Turn off clipboard mapping Client DisableClientCOMPortMapping Devices\Resources\Ports Turn off COM ports Client DisableClientLPTPortMapping Devices\Resources\Ports Turn off LPT ports Client RemoteUSBDevices__DisableRemoteUSBDevices UsbDeviceRedirection Devices\Resources\USB ICA\USBDevices USB Printing\Client ConnectClientPrinterAtLogon__Flag Printers Auto-creation Printing\Client LegacyClientPrinters__TurnOn Printers Legacy client printers Printing\Client ModifiedPrinterProperties__WriteMethod Printers Printer properties retention Printing\Client ClientPrintingForNetworkPrinter__TurnOn DirectConnectionsToPrintServers Printers ICA\Printing\ClientPrinters Print job routing 236 PrinterPropertiesRetention ICA\Printing\ClientPrinters ClientPrinterNames ICA\Printing\ClientPrinters ClientPrinterAutoCreation ICA\Printing\ClientPrinters ClientLptPortRedirection ICA\Ports ClientComPortRedirection ICA\Ports ClipboardRedirection ICA AsynchronousWrites ICA\FileRedirection ClientRemoveableDrives ICA\FileRedirection
Data Import and Export Details Printing\Client DisableClientPrinterMapping Printers Turn off client printer mapping Printing\Drivers PrintDriverAutoInstall__TurnOn Native printer driver auto-install Printing\Drivers ClientPrintDriverToUse Universal driver Printing\ Session printers Session printers Printing\ Session printers Choose client's default printer DefaultToMainClientPrinter__NetworkDefault DefaultClientPrinter DefaultToMainClientPrinter__TurnOn ICA\Printing NetworkPrinters InboxDriverAutoInstallation ICA\Printing\Drivers ClientPrinterRedirection ICA\Printing
237
238
Exporting Data from a XenDesktop 4 Farm When you have successfully run the export tool, review and edit the XML file as described in Editing the Migration Tool XML File.
239
Editing the Migration Tool XML File . . <Desktops> <Desktop samName="DOMAIN\MACHINE2$"> . . . </Desktop> <Desktop samName="DOMAIN\MACHINE3$"> . . . </Desktop> </Desktops> . . . </DesktopGroup> </DesktopGroups> You could edit this so that the Group1 group would not be imported at all, and only the Machine3 desktop from the Group2 group would be imported: <DesktopGroups> <DesktopGroup name="Group2"> . . . <Desktops> <Desktop samName="DOMAIN\MACHINE3$"> . . . </Desktop> </Desktops> . . . </DesktopGroup> </DesktopGroups>
241
Editing the Migration Tool XML File If a desktop group in the XenDesktop 5 site has the same name as a group to be imported, and the groups are to remain separate in the XenDesktop 5 site, you must edit the XenDesktop 4 group name in the XML file to keep the name unique in the site. If the group being imported is really the same as the XenDesktop 5 group, and the machines in the XML file are to be merged into the existing group, you do not need to rename the group; instead, you specify the -MergeDesktops parameter to the import tool. For example, the XML file might contain: <DesktopGroups> <DesktopGroup name="My Desktop"> . . . <Folder>\Sales</Folder> </DesktopGroup> <DesktopGroup name="My Desktop"> . . . <Folder>\Finance</Folder> </DesktopGroup> </DesktopGroups> You could edit this to remove the duplicate names as follows: <DesktopGroups> <DesktopGroup name="Sales Desktops"> . . . <Folder>\Sales</Folder> </DesktopGroup> <DesktopGroup name="Finance Desktops"> . . . <Folder>\Finance</Folder> </DesktopGroup> </DesktopGroups>
When you import policy data, either all polices are imported successfully or, if there is a failure at any point, no policy data is imported. Importing large numbers of policies with many settings can take several hours.
242
If you decide to import policies in batches, bear in mind that their original prioritization may be affected. When you import policies, the relative priorities of the imported polices are maintained, but they are given higher priority than policies already in the site. For example, if you have four polices to import with priority numbers 1 to 4, and you decide to import them in two batches, you should import policies with priorities 3 and 4 first, because the second batch of policies will automatically be given higher priority.
To import only a subset of policies into the XenDesktop 5 site, edit the contents of the Policies element. The Policies element can hold many Policy elements. You must not delete the Policies element, although you can delete all the Policy elements and leave it empty. Delete entire Policy elements to avoid importing particular XenDesktop 4 farm policies. For example, the export tool might contain: <Policies> <Policy name="Sales Policy"> . . . </Policy> . . . </Policies> To avoid importing any XenDesktop 4 policies, perhaps because you want to avoid clashes with policies already configured in the XenDesktop 5 site, edit the file to remove the individual Policy elements as follows: <Policies> </Policies> Alternatively, you could edit the file so that the policy is imported with a different name as follows: <Policies> <Policy name="XD4 Sales Policy"> . . . </Policy> . . . </Policies>
243
244
$credential = Get-Credential $mappings = @{"http://<HypervisorIP>" =$credential} .\Import-XdSettings.ps1 -FilePath. \XdSettings.xml -HypervisorConnectionCredentials $mappings Note that the address specified in the hash table must exactly match the address in the XML file. If you had, for example, both a XenServer and a VmWare hypervisor, you could create the argument like this:
$Xencredential = Get-Credential $VMWcredential = Get-Credential $mappings = @{"http://<XenHypervisorIP>" = $Xencredential;"http://<VmWHypervisorIP>/SDK" = $VMWcredential} .\Import-XdSettings.ps1 -FilePath. \XdSettings.xml -HypervisorConnectionCredentials $mappings
245
Importing Data into a XenDesktop 5 Site -MergeDesktops If you supply this parameter, desktops defined in the XML file are added to desktop groups in the XenDesktop 5 site that have the same name as the groups described in the XML file. The associated machines and users are also added. If this parameter is not supplied, no content is added to existing desktop groups in the XenDesktop 5 site. -SkipMachinePolicy If you supply this parameter, the script does not create a machine policy to hold site level settings. If you do not supply this parameter and the machine policy already exists, the script fails. If you supply this parameter, a trial run is carried out to find what would be changed in or added to the XenDesktop 5 site. Information about this is output to the log file, but no changes are made to the site. The full path of the log file. The log file contains text describing all writes performed against the XenDesktop 5 site. Default = .\Import-XdSettings.log If you supply this parameter, the tool outputs text describing the parameters and exits without importing any data. Note that if the XML file contains policy data, either all polices are imported successfully or, if there is a failure at any point, no policy data is imported. Importing large numbers of policies with many settings can take several hours. 3. When the script completes, the message 'Done' appears. When you have successfully imported the data from the XML file you can either run further export and import iterations, or, if you have imported all the relevant data, you can carry out the post-migration tasks described in Post-Migration Tasks. -?
-WhatIf
-LogFilePath <path>
246
Post-Migration Tasks
After you have imported all the data you need from your XenDesktop 4 farm to your XenDesktop 5 site, there are certain tasks you need to carry out before using the new site for production work:
q
Create any administrators you need for the XenDesktop 5 site. Modify the imported desktops to use registry-based controller discovery and point them to the XenDesktop 5 controllers. You can do this in any of the three following ways:
q
Manually edit the registry as described in http://support.citrix.com/article/CTX118976 Set up a machine policy to distribute the list of controllers to the desktops, using the Virtual Desktop Agent settings
Use the Virtual Desktop Agent installer to reconfigure the desktops Registry-based controller discovery is the default for XenDesktop 5, but Active Directory-based discovery is still available; for further details, see Active Directory Considerations.
q q
Optionally, implement the following registry key settings as described in http://support.citrix.com/article/CTX126704: HeartbeatPeriodMS, PrepareSessionConnectionTimeoutSec, MaxWorkers, DisableActiveSessionReconnect, ControllersGroupGuid. If you do not do this, the default XenDesktop 5 settings for these keys are used. Take the imported desktops out of maintenance mode if they were in maintenance mode in XenDesktop 4 before the XML file was generated. Check the XenDesktop 5 settings to make sure that they are correct, particularly if you had changed the PortICAConfig XML file on XenDesktop 4.
247
User devices are a mix of company-owned and user-owned devices. A number of thin clients have been set up with the full-screen user experience. Three desktop groups are available:
q
Engineering: a set of preassigned desktops. Sales: a set of pooled desktops, using a shared disk image provided by Provisioning services.
Finance: a set of pooled desktops, not using Provisioning services. Note that the names used for types of desktop group change at XenDesktop 5: assigned and preassigned desktop groups become private desktop groups, and pooled desktop groups become shared desktop groups. For details of other differences between XenDesktop 5 and previous versions of the product, see Information for Customers of Previous Versions.
q q
248
Summary
Rather than upgrading the entire deployment to XenDesktop 5 in one step, the example illustrates a staged approach as follows: 1. Set up a XenDesktop 5 deployment in a test lab, and provide selected users with additional desktops. These users can continue to use their existing XenDesktop 4 desktops, but are encouraged to test the new XenDesktop 5 desktops. Use the new XenDesktop 5 single image functionality to provide a mix of private desktops and shared desktops. 2. After the first stage is successful, migrate a subset of the Engineering and Sales users to a new XenDesktop 5 deployment. It must be possible to revert these users to the XenDesktop 4 deployment in case problems occur with XenDesktop 5. 3. After an extended test period, migrate all remaining users to the new XenDesktop 5 deployment and retire the existing XenDesktop 4 deployment. In all cases, these changes are transparent to users, who do not have to reconfigure their user devices. Citrix recommends that import operations are performed during a scheduled maintenance period to minimize any impact to users and administrators using the XenDesktop 5 site. Import operations involving a large number of policies can take several hours to complete.
249
Non-trial users experience no change from before. Trial users see one or more new desktop groups in Web Interface. They can launch connections to both the old and the new desktops and report feedback on the new desktops.
250
All Sales users continue to share a single golden disk image, provided by Provisioning services: a. Upgrade this disk image to the XenDesktop 5 version of the Virtual Desktop Agent. b. Identify how many pooled desktops should be available to trial users, and migrate that number of computer accounts for that pool into a separate Organizational Unit (OU). The trial Sales users use a different disk image, provided by Provisioning services: a. Create a new golden disk image using Provisioning services and deploy the XenDesktop 5 version of the Virtual Desktop Agent.
251
Migrating from XenDesktop 4 to XenDesktop 5: an Example b. Create the desired number of VMs and configure them to use Provisioning services.
q
The trial Sales users use a different disk image, managed by Machine Creation Services: a. Upgrade XenServer to the version shipping with XenDesktop 5.
b. Create a new golden VM and deploy the XenDesktop 5 version of the Virtual Desktop Agent. 4. In XenDesktop 4, put the desktops that you are going to migrate into maintenance mode. 5. Install XenDesktop 5 on one or more controllers and create a site. 6. Use the migration tool to export data and settings from the XenDesktop 4 farm, then edit the XML file and import the relevant subset of policies, desktop group definitions, and user-to-desktop mappings for the trial users into the XenDesktop 5 site. Important: Citrix recommends that any import operations are performed during a scheduled maintenance period to minimize any impact to users and administrators using the XenDesktop 5 site. Import operations involving a large number of policies can take several hours to complete. 7. Modify the trial virtual desktops to register with the XenDesktop 5 controller instead of with the XenDesktop 4 desktop delivery controller:
q
For private desktops, modify their registry to use registry-based controller discovery and point them to the new XenDesktop 5 controllers. You can use farm OU-based discovery, but registry-based controller discovery is the default method in XenDesktop 5.
For shared desktops using the first option in step 3, configure them through group policy (using the new OU) to use registry-based controller discovery and point them to the new XenDesktop 5 controllers. Any failure in rollout of group policy to individual machines and therefore registration can be seen in Desktop Studio or in the SDK. 8. Configure Web Interface to aggregate the XenDesktop 4 farm and the XenDesktop 5 site:
q q
If partitioned user groups, as suggested in step 1, are available, then configure Web Interface to use the XenDesktop 4 farm for non-trial users, and the XenDesktop 5 site for trial users, using the Web Interface user roaming feature.
If partitioned user groups are not available, remove the trial users from the desktop groups in the XenDesktop 4 desktop delivery controller to prevent multiple resources being shown to the users. This diagram shows the resulting deployment:
q
252
If problems arise, you can rollback as follows: 1. In XenDesktop 5, put the desktops into maintenance mode. 2. For private desktops, configure them to register with the XenDesktop 4 desktop delivery controllers. 3. For shared desktops using the same golden disk image from Provisioning services, configure the GPO for the separate OU containing the computer accounts for the migrated desktops to register with the XenDesktop 4 desktop delivery controllers. 4. In XenDesktop 4, take the desktops out of maintenance mode. 5. In all cases, re-enable publishing for these users in the XenDesktop 4 desktop delivery controllers. 6. Remove the XenDesktop 5 site from the Web Interface configuration.
253
Managing XenDesktop 5
The topics in this section support the following tasks:
q
Provisioning virtual desktops through the use of catalogs Allocating desktops to users through the use of desktop groups Maintaining catalogs, desktop groups, and individual desktops Managing your controller environment Configuring hosts Using smart cards Working with policies
254
255
Choose the machine type. The type of hosting infrastructure used for user desktops (VMs and physical computers) and the level of control that users have over their desktop environment are determined by the machine type. Users often want to personalize VM-hosted desktops according to their needs, for example by setting preferences or installing particular applications, so XenDesktop provides two different approaches to managing user customizations. You can choose to keep users' customizations temporarily on a per-session basis so that when users log off, their changes are discarded and they start with a fresh desktop when they next log on. This offers the advantage that you only need to work with a single VM to apply system-wide changes to thousands of users' desktops, such as applying Windows updates or adding a new application. Alternatively, you can allow users to take ownership of their desktops and make permanent changes to them. In this scenario, you manage VM-hosted desktops individually, in the same way that you currently manage physical computers.
Prepare the infrastructure. After identifying the machine type that best suits your users' needs, ensure that you have the appropriate hardware in place. Depending on the machine type you select, this could be VM hosts and storage, preprepared VMs, physical computers, or device collections (groups of Provisioning services target devices). Prepare a master VM. Some machine types require a master VM that can be used to create user desktops. The master VM should contain those elements that will be common to all users, such as antivirus software, Citrix plug-ins, and other default programs. When a master VM is employed, all users start with desktops that are created from the master VM. Depending on the machine type you select, any user customizations and system updates made to the desktops can either be persisted or discarded when users log off. If you are using Provisioning services, you install the default programs on a master target device (either a VM or a physical computer) and image the vDisk from this target device.
Provide Active Directory accounts. As with physical computers, each machine you create needs a corresponding computer account in Active Directory. For some machine types, you can allow XenDesktop to create new accounts as required if you have access to an Active Directory domain administrator account. Otherwise, ensure that there are sufficient unused computer accounts available in Active Directory for the number of machines you require before you create the catalog. If you are using Provisioning services, you manage Active Directory computer accounts for target devices using Provisioning services and existing Active Directory tools.
Create the catalog. Once the necessary prerequisites are in place, use the Create Catalog task to combine all the elements into a catalog.
256
Pooled
Pooled machines provide desktops that are allocated to users on a per-session, first-come first-served basis. Pooled-random machines are arbitrarily assigned to users at each logon and returned to the pool when they log off. Machines returned to the pool are available for other users to connect to. Alternatively, with pooled-static machines, users are assigned a specific machine from the pool when they first log on to XenDesktop. Users are connected to the same machines for all subsequent sessions. This allows users of pooled-static machines to be associated with specific VMs, which is a licensing requirement for some applications. Pooled desktops are freshly created from the master VM when users log on, although profile management can be used to apply users' personal settings to their desktops and applications. Any changes that users make to their desktops are stored for the duration of the session, but are discarded when users log off. Maintaining a single master VM in the data center dramatically reduces the time and effort required to update and upgrade users' desktops. Your users:
q
Are task workers who require standardized desktops, such as call center operators and retail workers Use shared workstations, for example students and faculty in educational institutions Do not need to or are not permitted to install applications on their desktops
Optimize hardware usage by providing only the number of desktops that are required at any one time rather than assigning each user a specific desktop Maintain control over desktops and increase security by preventing users from making permanent changes Minimize desktop management costs by providing a locked-down standardized environment for your users
257
Dedicated
Dedicated machines provide desktops that are assigned to individual users. Machines can be assigned manually or automatically assigned to the first user to connect to them. Whenever users request a desktop, they are always connected to the same machine, so you can allow users to personalize their desktops to suit their needs. Dedicated desktops are created from the master VM the first time that users log on, but all subsequent changes made to the desktops are persisted. As with traditional local desktops, changes and updates are permanent and must be managed on an individual basis or collectively using third-party electronic software distribution (ESD) tools. Changes made to desktops are stored in difference disks that expand as required, so storage space is used only as it is needed. Your users:
q
Are task or knowledge workers who require personalized desktops of which they can take ownership Are mobile workers who want to access the same desktop from a variety of devices over different networks Need to install their own applications on their desktops
Standardize certain aspects of users' desktops through the use of a common template Deliver users' desktops to any device regardless of hardware capability Reduce desktop management costs while still providing your users with a personalized desktop experience
Existing
The existing machine type enables you to use XenDesktop to manage and deliver user desktops that you have already migrated to VMs in the data center. As with traditional local desktops, changes and updates are permanent and must be managed on an individual basis or collectively using third-party electronic software distribution (ESD) tools. Managing your existing VM-based desktops through XenDesktop affords you greater control over their power states; for example, you can configure XenDesktop to shut down VMs when users log off to minimize unnecessary power consumption in the data center. Your users:
q
Already have VM-hosted desktops Have a large number of different and conflicting requirements for their desktops such that it is more efficient for you to prepare a bespoke desktop for each user than to create a common template that meets the needs of all users Need to install their own applications on their desktops
258
Use XenDesktop to manage and deliver existing desktops hosted on VMs in the data center Deliver individually tailored desktops to a small but heterogenous group of users Reduce support costs by centralizing user desktops in the data center without moving to a virtual desktop solution
Physical
The physical machine type enables you to use XenDesktop to manage user desktops hosted on dedicated blade PCs in the data center. As with traditional local desktops, changes and updates are permanent and must be managed on an individual basis or collectively using third-party ESD tools. Using blade PCs enables you to support small numbers of users who have particularly demanding performance requirements. This approach offers all the benefits of centralization, but ensures dedicated processing power for each user by hosting only one desktop per server. Your users:
q
Are technical workers or power users Use processor-intensive applications, such as financial modeling software Have high performance level expectations for line of business applications
Use XenDesktop to manage and deliver user environments that require dedicated specialist hardware Deploy dedicated hardware for power users so that they do not have to share server resources with other users Reduce support costs by centralizing complicated specialist systems in the data center
Streamed
The streamed machine type enables you to deliver desktops to VMs and blade PCs that have been configured to load the operating system over the network from Provisioning services. Target devices are managed in Provisioning services as a device collection and the desktops are delivered from a Provisioning services vDisk imaged from a master target device. Using Provisioning services to deliver desktops enables you to leverage the processing power of existing hardware, while realizing all the benefits of centralized desktop management. This approach offers an entry point to desktop virtualization using existing resources and reducing the need for additional storage capacity in the data center. Your users:
q
Are task or knowledge workers who require either standardized desktops or individual desktops of which they can take ownership
259
Use shared workstations, for example students and faculty in educational institutions Use locked-down workstations to access secure data, for example government employees
Deliver desktops to device collections containing mixtures of different types of PC hardware Maximize data security by delivering desktops to diskless target devices Virtualize desktops using existing hardware and without adding more storage in the data center
260
Preparing a Master VM
To deliver desktops from pooled or dedicated machines, you must prepare the master VM that is used to create user desktops. In the case of streamed machines, you prepare a master target device from which to image the vDisk in Provisioning services. 1. If you plan to create pooled or dedicated machines, use the management tool for your hypervisor to create a new VM and install the operating system (including all service packs and updates). Provided they are sufficient to allow the VM to run, the number of vCPUs and the amount of memory you assign to the master VM are not critical at this stage because you can change these settings when you create the catalog. However, you should ensure that you set up the master VM with the same amount of hard disk space that is required for users' desktops because this value cannot be changed subsequently. Ensure that the hard disk for the master VM is attached at device location 0. Most standard VM templates configure this location by default, but some custom templates may not do so. In the case of streamed machines, you can use either a VM or a physical computer as your master target device. For more information about preparing a master target device, see the Provisioning Services Installation and Configuration Guide. 2. Install on the VM the appropriate integration tools for your hypervisor (XenServer Tools, Hyper-V Integration Services, or VMware Tools). Note: If you do not install hypervisor integration tools on the master VM, your desktops may not function correctly. On Windows XP VMs, install the Microsoft Windows Management Core. This package includes Windows Remote Management 2.0, which is required to support Desktop Director. Windows Remote Management 2.0 is included by default with Windows 7 and Windows Vista. 3. Install the Virtual Desktop Agent from the XenDesktop installation media. When installing the Virtual Desktop Agent, select the option to optimize the desktop. This improves the performance of users' desktops by reconfiguring various Windows features that are incompatible with or unnecessary for virtual desktops. Optionally, select the option to install Citrix plug-ins so that users can access XenApp virtualized applications from their desktops. 4. Install any third-party tools that you want to run on users' desktops, such as antivirus software or electronic software distribution agents, and configure services such as Windows Update, as required for your deployment. Ensure that you use settings appropriate for your users and the machine type you intend to use, as these configurations will be propagated to users' desktops from the master VM. 5. Install and configure any third-party applications that you do not want to virtualize. 261
Preparing a Master VM Citrix recommends virtualizing applications and delivering them to users' desktops with XenApp. This approach significantly reduces desktop management costs by removing the need to update the master VM whenever you want to add or reconfigure an application on users' desktops. In addition, with less applications installed on each desktop, you can reduce the size of the VM hard disks to save on storage costs. 6. If you plan to deliver desktops from pooled and dedicated machines, join the VM to the domain of which you want users' desktops to be members and ensure that the master VM is available on the host where you want to create the machines. In the case of streamed machines, image a vDisk from your master target device before you join the master target device to a domain. For more information about imaging a vDisk, see the Provisioning Services Installation and Configuration Guide. If you plan to deliver desktops from pooled and dedicated machines, Citrix recommends that you create a snapshot of your master VM and name the snapshot in a way that allows you to identify the master VM in the future. If you specify a VM rather than a snapshot when creating a pooled or dedicated machine catalog, Desktop Studio will create a snapshot for you but you will not be able to name it.
262
263
A host with sufficient processors, memory, and storage to accommodate the number of machines you plan to create. A master VM from which to create the desktops. The master VM must be available on the host where the machines will be created. Either a sufficient number of unused Active Directory computer accounts for the machines you plan to create or access to an Active Directory domain administrator account for the domain of which you want the desktops to be members.
1. Log on to the computer running Desktop Studio. If you plan to use XenDesktop to create new Active Directory computer accounts for the machines, log on using a domain administrator account for the domain to which you plan to add the desktops. 2. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 3. Select the Machines node in the left pane of Desktop Studio and click Create Catalog. If this is the first catalog you have created, note that the Machines node is not visible until you have completed one of the initial configuration tasks presented when you first start Desktop Studio. 4. On the Machine Type page, select Pooled or Dedicated, as required. 5. For the pooled machine type only, select Random - users are randomly assigned a machine at logon if you want to maintain a pool of machines that are arbitrarily allocated to users when they log on and returned to the pool when they log off. Alternatively, if you want machines to be assigned to individual users, select Static users are assigned the same machine at logon. Click Next. Pooled-random machines are kept in a pool and are temporarily and randomly assigned to users as they log on. When users log off, pooled-random machines are returned to the pool and become available for other users. Pooled-static machines are assigned to the first user to connect to them. Users are then connected to the same machine for all subsequent sessions. In the case of the dedicated machine type, all machines are individually assigned to users. 6. On the Master Image page, select the host and master VM that you want to use to provision your desktops and click Next. 264
To create a new machine catalog Citrix recommends that you create an appropriately named snapshot of your master VM and use this to provision your desktops. If you specify a VM rather than a snapshot, Desktop Studio will create a snapshot for you but you will not be able to name it. The machines are created on the virtualization infrastructure hosting the master VM, so ensure that this host has sufficient processors, memory, and storage to accommodate the number of machines you plan to create. 7. On the Number of VMs page, specify the number of machines you want to create and allocate virtual processors and memory to the VMs. By default, machines are created with the same number of virtual processors and amount of memory as specified for the master VM. However, you cannot change the size of the hard diskthis setting is determined by the hard disk size of the master VM. Ensure that the host has sufficient processors and memory for the specifications of your machines. For more information about the efficient use of hosts with XenDesktop, see the XenDesktop Scalability Guidelines. Note: The setting for the master VM's memory on this page might be overwritten by individual machines' memory settings. 8. If you want XenDesktop to create new Active Directory computer accounts for the machines, select Create new accounts. If the Active Directory administrator has already created some computer accounts for you to use, select Use existing accounts. Click Next. To create new computer accounts, you must be logged on using an Active Directory domain administrator account. If you are using existing computer accounts, note that the number of machines you can create is limited by the number of accounts that are available. 9. On the Create accounts or Import accounts page, provide the required information and click Next. To create new computer accounts, specify the Active Directory domain and organizational unit to which the accounts will be added. In addition, specify a naming scheme to be used to name the new accounts. To use existing accounts, click Browse and select computer accounts in Active Directory or click Import and specify a .csv file containing a list of account names. As XenDesktop will manage these accounts, either allow XenDesktop to reset the passwords for all the accounts or supply the account password (which must be the same for all accounts). Ensure that you import enough accounts for the number of machines you want to create. 10. On the Administrators page, select the assignment administrators who have permissions to use the catalog when allocating desktops to users and, optionally, include a description of the catalog. Click Next. The catalog description is seen only by the administrators that you assign to the catalog and not by users of desktops allocated from the catalog. 11. On the Summary page, check that the details are correct and specify a name for the new catalog. The catalog name is seen by users of desktops allocated from the catalog. Click Finish to start creating the machines.
265
To create a new machine catalog To enable you to continue working with Desktop Studio, machine creation is carried out as a background process. This is because XenDesktop creates VMs sequentially, which can be a lengthy process for catalogs containing a large number of machines. Machine creation will continue to completion even if you close Desktop Studio. You have now created a catalog of machines. To deliver desktops from the machines in your catalog to users, the assignment administrator must allocate the machines to users by creating desktop groups. For more information, see To create a desktop group.
VMs or dedicated blade PCs hosting user desktops that you have already migrated to the data center. Active Directory user and computer accounts to assign to the VMs or blade PCs.
1. Log on to the computer running Desktop Studio. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 2. Select the Machines node in the left pane of Desktop Studio and click Create Catalog. If this is the first catalog you have created, note that the Machines node is not visible until you have completed one of the initial configuration tasks presented when you first start Desktop Studio. 3. On the Machine Type page, select Existing or Physical, as required, and click Next. 4. On the VMs & users or Machines & users page, assign Active Directory computer and user accounts to VMs or assign users to computer accounts that you have already paired with blade PCs, respectively. Click Next. For the existing machine type, click Add VMs and select VMs from one of the configured hosts. Alternatively, click Import list and specify a .csv file containing a list of VM names and host locations plus, optionally, the computer and user accounts assigned to the VMs. For each VM that you add or import, select in Active Directory a computer account and one or more user accounts. For the physical machine type, click Add Computers and select in Active Directory existing computer accounts that you have already assigned to a blade PC. Alternatively, click Import list and specify a .csv file containing a list of computer accounts and, optionally, the user accounts assigned to those computer accounts. For each computer account that you add or import, select in Active Directory one or more user accounts. 5. On the Administrators page, select the assignment administrators who have permissions to use the catalog when allocating desktops to users and, optionally, include a description of the catalog. Click Next. The catalog description is seen only by the administrators that you assign to the catalog and not by users of desktops allocated from the catalog. 6. On the Summary page, check that the details are correct and specify a name for the new catalog. The catalog name is seen by users of desktops allocated from the catalog.
266
To create a new machine catalog Click Finish. You have now created a catalog of machines. To deliver desktops from the machines in your catalog to users, the assignment administrator must allocate the machines to users by creating desktop groups. For more information, see To create a desktop group.
A Provisioning services deployment with a vDisk that you have imaged from the master target device. Device collections configured to load the vDisk over the network. Active Directory computer accounts managed by Provisioning services for each target device in the device collections.
Note: In XenDesktop 4, the separate XenDesktop Setup Wizard automated the creation of streamed machines. For XenDesktop 5, this functionality is available in the Provisioning Services Console. Install the latest hotfixes for Citrix Provisioning Services 5.6 Service Pack 1 to add this capability to your XenDesktop 5 deployment. For more information, see http://support.citrix.com/article/CTX128726. 1. Log on to the computer running Desktop Studio using a Provisioning services administrator account. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 2. Select the Machines node in the left pane of Desktop Studio and click Create Catalog. If this is the first catalog you have created, note that the Machines node is not visible until you have completed one of the initial configuration tasks presented when you first start Desktop Studio. 3. On the Machine Type page, select Streamed, specify the IP address of the Provisioning services server providing the vDisk, the Active Directory domain containing the device collections, and indicate whether the target devices are VMs or physical computers. Click Next. Note: To use the fully qualified domain name of the Provisioning services server, run the Stream Service under a domain administrator account for the domain of which the Provisioning services server is a member. 4. On the Device collection page, specify the device collections to include in the catalog and click Next. 5. On the Administrators page, select the assignment administrators who have permissions to use the catalog when allocating desktops to users and, optionally, include a description of the catalog. Click Next. The catalog description is seen only by the administrators that you assign to the catalog and not by users of desktops allocated from the catalog.
267
To create a new machine catalog 6. On the Summary page, check that the details are correct and specify a name for the new catalog. The catalog name is seen by users of desktops allocated from the catalog. Click Finish. You have now created a catalog of machines. To deliver desktops from the machines in your catalog to users, the assignment administrator must allocate the machines to users by creating desktop groups. For more information, see To create a desktop group.
268
Update user desktops. For pooled machine catalogs, you maintain users' desktops by applying global updates, such as Windows updates, antivirus software updates, or configuration changes, to the master VM. Then, you modify the catalog to use the updated master VM so that users receive the updated desktop the next time they log on. This approach enables you to make significant changes to users' desktops, including upgrading to a new operating system, for large numbers of users in a matter of minutes. Citrix recommends that you save copies or snapshots of master VMs before you make any updates. The XenDesktop database retains a historical record of the master VMs used with each catalog. Provided you do not delete, move, or rename the old master VMs, you can quickly revert a catalog to use the previous version of the master VM should users encounter problems with updates that you have deployed to their desktops, thereby minimizing user downtime. For dedicated, existing, and physical machine catalogs, updates to users' desktops must be managed outside of XenDesktop, either on an individual basis or collectively using third-party electronic software distribution tools. In the case of streamed machine catalogs, updates to users' desktops are propagated through the vDisk, which is managed in Provisioning services.
Add more machines. You can deploy additional machines for new users from an existing catalog. For pooled and dedicated machine catalogs, this involves creating more machines and, if required, more Active Directory computer accounts using XenDesktop. In the case of existing and physical machine catalogs, you must set up additional VMs or blade PCs, respectively, plus any computer accounts that are required, outside of XenDesktop. You can then add these machines and/or accounts to the catalog. For streamed machine catalogs, you can add more machines by joining more target devices to an existing device collection using Provisioning services. Alternatively, create additional device collections in Provisioning services and then add the new collections to the existing catalog. Modify the catalog. You can rename existing catalogs, add or remove administrators from the list of assignment administrators permitted to use the catalog, edit the catalog description, and quickly view the details and status of all the machines included in the catalog. In addition, for pooled and dedicated machine catalogs, you can add or remove Active Directory computer accounts from the catalog. This allows you to free up unused accounts for use in other catalogs or to attach additional accounts to a catalog for use when more machines are added. Delete the catalog. When you delete a catalog, the machines and the associated Active Directory computer accounts are removed from management by XenDesktop. For pooled and dedicated machine catalogs, you can optionally delete the machines and computer accounts from the host and from Active Directory, respectively.
269
If you are deploying a non-urgent update and you want to minimize disruption to users, select None. The update is applied only when users next log off. If you are deploying a non-urgent update and you want to inform users, select Send message and enter a message. Users see the specified message and the update is
270
Updating User Desktops applied only when they next log off.
q
If you are deploying a critical update and you want to apply it to all users' desktops urgently, select Restart immediately. All users are automatically logged off and their desktops restarted. If you are deploying an urgent update and you want to allow users some time to save their work before upgrading their desktops, select Send message then restart after delay. Enter a message and specify the time delay before applying the update. The timer starts only when Desktop Studio finishes making a temporary copy of the new or updated master VM in the appropriate location. Users see the specified message and the update is applied when they next log off or, if the specified time limit is reached, users are automatically logged off and their desktops restarted.
6. On the Summary page, check that the details are correct and click Finish.
If reverting users' desktops is not urgent and you want to minimize disruption to users, select None. Users' desktops are reverted only when they next log off. If reverting users' desktops is not urgent and you want to inform users, select Send message and enter a message. Users see the specified message and their desktops are reverted only when they next log off. If reverting users' desktops is critical and you want to revert all users' desktops urgently, select Restart immediately. All users are automatically logged off and their desktops restarted. If reverting users' desktops is urgent and you want to allow users some time to save their work before reverting their desktops, select Send message then restart after delay. Enter a message and specify the time delay before reverting the desktops.
271
Updating User Desktops The timer starts only when Desktop Studio finishes making a temporary copy of the reverted master VM in the appropriate location. Users see the specified message and their desktops are reverted when they next log off or, if the specified time limit is reached, users are automatically logged off and their desktops restarted. The rollback strategy is only applied to desktops that need to be reverted. Users of desktops that have not been updated with the problematic master VM that prompted the rollback, for example because the user has not logged off, do not receive any messages and are not forced to log off. 5. On the Summary page, check that the details are correct and click Finish.
272
To ensure that the virtualization infrastructure hosting the master VM specified for the catalog has sufficient processors, memory, and storage to accommodate the additional machines you plan to create Either a sufficient number of unused Active Directory computer accounts for the additional machines you plan to create or access to an Active Directory domain administrator account for the domain of which the desktops will be members
1. Log on to the computer running Desktop Studio. If you plan to use XenDesktop to create Active Directory computer accounts for the additional machines, log on using a domain administrator account for the domain of which the desktops will be members. 2. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 3. In the left pane of Desktop Studio, click Machines, select your catalog in the results pane, and click Add machines. 4. On the Add VMs page, specify the number of additional machines you want to create. If more Active Directory computer accounts are required and you want XenDesktop to create new accounts for the machines, select Create new accounts. If the Active Directory administrator has already created some computer accounts for you to use, select Import accounts. Click Next. To create new computer accounts, you must be logged on using an Active Directory domain administrator account. If you are using existing computer accounts, note that the number of machines you can create is limited by the number of accounts that are available. 5. On the Create accounts or Import accounts page, provide the required information and click Next. To create new computer accounts, specify the Active Directory domain and organizational unit to which the accounts will be added. In addition, specify a naming scheme to be used to name the new accounts. To use existing accounts, click Browse and select computer accounts in Active Directory or click Import and specify a .csv file containing a list of account names. As XenDesktop will manage these accounts, either allow XenDesktop to reset the passwords for all the accounts or supply the account password (which must be the same for all accounts). 273
Adding More Machines to a Catalog Ensure that you import enough accounts for the additional machines you want to create. 6. On the Summary page, check that the details are correct and click Finish to start creating the additional machines. To enable you to continue working with Desktop Studio, machine creation is carried out as a background process. This is because XenDesktop creates VMs sequentially, which can be a lengthy process when you add a large number of machines to a catalog. Machine creation will continue to completion even if you close Desktop Studio.
Additional VMs or dedicated blade PCs hosting user desktops Active Directory user and computer accounts to assign to the additional VMs or blade PCs
1. Log on to the computer running Desktop Studio. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 2. In the left pane of Desktop Studio, click Machines, select your catalog in the results pane, and click Add machines. 3. On the VMs & users or Machines & users page, assign Active Directory computer and user accounts to VMs or assign users to computer accounts that you have already paired with VMs or blade PCs, respectively. Click Next. For the existing machine type, click Add VMs and select VMs from the host associated with the catalog. Alternatively, click Import list and specify a .csv file containing a list of VM names and host locations plus, optionally, the computer and user accounts assigned to the VMs. For each VM that you add or import, select in Active Directory a computer account and one or more user accounts. For the physical machine type, click Add Computers and select in Active Directory existing computer accounts that you have already assigned to a blade PC. Alternatively, click Import list and specify a .csv file containing a list of computer accounts and, optionally, the user accounts assigned to those computer accounts. For each computer account that you add or import, select in Active Directory one or more user accounts. 4. On the Summary page, check that the details are correct and click Finish.
Additional device collections configured to use the same vDisk as the existing device collections in the catalog
274
Active Directory computer accounts managed by Provisioning services for each target device in the additional device collections
Note: In XenDesktop 4, the separate XenDesktop Setup Wizard automated the creation of streamed machines. For XenDesktop 5, this functionality is available in the Provisioning Services Console. Install the latest hotfixes for Citrix Provisioning Services 5.6 Service Pack 1 to add this capability to your XenDesktop 5 deployment. For more information, see http://support.citrix.com/article/CTX128726. 1. Log on to the computer running Desktop Studio using a Provisioning services administrator account. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 2. In the left pane of Desktop Studio, click Machines, select your catalog in the results pane, and click Add machines. 3. On the Device collection page, specify the additional device collections to add to the catalog and click Next. 4. On the Summary page, check that the details are correct and click Finish.
275
276
All users have logged off from the machines in the catalog No disconnected user sessions are still running For pooled and dedicated machine catalogs, all machines are in maintenance mode For existing machine catalogs, all machines are powered off
1. Log on to the computer running Desktop Studio. On the Windows Start menu, click All Programs > Citrix > Desktop Studio. 2. In the left pane of Desktop Studio, click Machines, select your catalog in the results pane, and click Delete Catalog. 3. For pooled and dedicated machine catalogs only, specify whether or not the machines hosting users' desktops should be deleted. If you decide to delete the machines, the associated Active Directory computer accounts are removed from management by XenDesktop. Optionally, you can the choose to disable or delete these accounts in Active Directory. Click Next. 4. On the Summary page, check that the details are correct and click Finish.
277
278
You can use multiple catalogs You can allocate a user to multiple machines You can allocate multiple users to one machine You can, using the XenDesktop SDK, allocate a machine to a device instead of a user or group
You create desktop groups from catalogs. As part of the creation process, you specify the following desktop group properties:
q
Users and groups allocated to desktop groups Desktop settings to match users' needs Desktop power management options
For a set of typical business scenarios in which desktop groups are created, see Examples of Desktop Groups. You can power manage the machines in a desktop group so they suspend, disconnect, or shutdown automatically when they are not in use. Depending on the machine type in the catalog, you create the following desktop group types:
q
Shared groups are created from pooled-random and streamed machines. Private groups are created from other machines.
Note: Using the XenDesktop Software Development Kit (SDK), you can create shared groups from other machine types. For example, existing and physical machines can be used for this purpose. 279
About Desktop Groups In addition, application desktop groups, which can be shared or private, allow you to publish applications on machines using Citrix XenApp. For information on this, see VM Hosted Apps. The desktop group type is a summary of the underlying machine type used by the catalog or catalogs in the group. It describes the most important characteristic of the catalog; whether the machines in it are available to multiple users or devices (shared desktop groups) or whether they are tied to one user or device (private desktop groups). When creating desktop groups, you can nominate specific help desk administrators to support the users of the desktops you create. For example, you might delegate support to different help desk staff based on geographical location. When planning your desktop groups, you must identify the correct catalog to use. This may be created specifically for you by a machine administrator or you may choose an appropriate catalog from those available to you. In either case, confirm that the catalog contains enough machines for the number of desktops you want to create.
280
Alternatively, instead of these three role-based desktop groups, you might want to base the groups on how desktops are used and supported; sales and marketing staff need the same standard desktop and are supported by a large IT support team. However, executives need desktops they can each customize individually and they have their own, small set of IT support personnel. So you create two desktop groups:
q
One based on a catalog of 180 pooled machines for sales and marketing staff. In this desktop group, you specify the large IT team to act as help desk administrators. One based on a catalog of 20 dedicated machines for executives. In this desktop group, you specify the small set of IT personnel to act as help desk administrators.
281
You can only create a desktop group if at least one machine remains unused in the catalog you select You cannot use a machine in more than one desktop group You can create desktop groups from multiple catalogs with the same machine type You cannot create mixed desktop groups from catalogs with multiple machine types
1. In Desktop Studio, select the Assignments node in the left pane and click Create desktop group. 2. On the Catalog page, select a catalog for this desktop group, and enter the number of machines the group will consume from the catalog. Tip: If machine administrators include the total number of machines in a catalog's description, this appears on the Catalog page. Assignment administrators can use the number in conjunction with their selections in the wizard to ensure sufficient machines are available for the desktop group. 3. On the Users page, add the users or user groups that can access the desktops, and enter the number of desktops available to each user. You can select user groups by browsing or entering a list of Active Directory users and groups each separated by a semicolon. For private desktop groups, you can import user data from a file after you create the group. This page is displayed only if the group is based on pooled - static, existing, or physical machines and they have not already been allocated accounts. 4. On the Machine allocation page, confirm the mapping of machines to users for any machines that were allocated when the catalog was created. 5. On the Delegation page, select the XenDesktop administrators who will manage this desktop group. All XenDesktop administrators, including help desk administrators, are displayed. 6. On the Summary page, check all details, and enter a name that users see and a name that administrators see.
282
To locate a user device connected to a virtual desktop, use Endpoint and Is, and enter the device's name, or use Endpoint (IP) and Is, and enter the device's IP address. To locate active sessions, use Session State, Is, and Connected To list all of the machines in a desktop group, select the group (from the Search or Assignments node) and click View machines To display other details in search results, right-click a column heading and select Select columns
283
They must be .csv files. The first line in the file must contain the column headings, which can be: [ADComputerAccount],[AssignedUser],[VirtualMachine],[HostId] for a XenDesktop file or [WorkstationName],[IsWorkstationEnabled],[Pre-AllocatedUser] for a file exported from Desktop Server 1.0 The column headings can be in any order, but they must be comma-separated.
The ADComputerAccount entries (or workstation names, for Desktop Server 1.0) can be any of the following:
q
Common names (for example computer01) IP addresses (for example 10.50.10.80) Distinguished names (for example computer01.mydomain.com)
Domain and computer name pairs (for example mydomain\computer01) The contents of the IsWorkStationEnabled column are ignored. This column contains data if the file is created by exporting data from Desktop Server 1.0, but this data is not used by XenDesktop.
q
The AssignedUser column entries (or Pre-AllocatedUser column, for Desktop Server 1.0) can be any of the following:
q
Common names (for example user01) Distinguished names (for example user01.mydomain.com) Domain and user name pair (for example mydomain\user01)
284
The VirtualMachine and HostId columns are required for all desktop groups except those based on physical machines.
You can find sample files on the XenDesktop installation media in \support\ImportExport.
285
286
287
In private or shared desktop groups: unallocated (and therefore unconnected) In private desktop groups:
q
Permanently allocated and in use In shared desktop groups: randomly allocated and in use
q
At any given time, private desktop groups typically contain both permanently allocated and unallocated machines. Initially, all the machines are unallocated (apart from any manually allocated to individuals when the desktop group was created). As users connect, some get permanently allocated. So, when you fully power manage groups of this type, you are in fact only fully managing the unallocated machines in it. The permanently allocated machines are partially managed. Pools and Buffers For shared desktop groups and unallocated machines in private desktop groups , a pool is a set of unallocated (or temporarily allocated) machines in the desktop group that are kept in a powered-on state, ready for users to connect. When a user logs on, they are immediately presented with a desktop. The pool size (the number of machines kept powered on ) is configurable; you'll probably want a bigger pool during office hours. For private desktop groups, there is no pool in Desktop Studio but you can use the XenDesktop SDK to configure one. A buffer is an extra, standby set of unallocated machines that are turned on, ready for users to connect. For shared desktop groups and unallocated machines in private desktop groups , desktops in the buffer are turned on when the number of machines in the pool drops below the threshold set by the buffer size. This is a percentage of the desktop group size (default 10%). For large desktop groups, a significant number of machines may therefore be turned on when the threshold is exceeded, so plan your desktop group sizes accordingly or adjust the default buffer size using the SDK. Power State Timers You can suspend desktops after users have disconnected for a defined time using power state timers. For example, desktops can be made to suspend automatically outside office hours if users have been disconnected for at least 10 minutes. Unless you have configured the ShutdownDesktopsAfterUse property of a desktop group using the SDK, pooled or
288
To power manage machines streamed machines are always automatically shut down when users log off. You can configure the timers separately for weekdays (by default, Monday to Friday) and weekends, and for peak and off-peak periods. The peak period covers the time at which most users log on to their desktops, and starts at the beginning of your business day. Use the SDK if you want to shut down, rather than suspend, desktops in response to power state timers, or if you want the timers to be based on logoffs, rather than disconnections. Also, note that the Weekdays and Weekend selections in this procedure are defaults that can be configured using the SDK. Partial Power Management of Permanently Allocated Machines With machines permanently allocated to individuals or user devices, you can set power state timers but not pools or buffers. XenDesktop turns on the machines at the start of each peak period, and turns them off at the start of each off-peak period, so you have no fine control (as you do with unallocated machines) over the number of machines that become available to compensate for desktops that are consumed. 1. In Desktop Studio , select the Assignments node in the left pane, and select the desktop group whose power management settings you want to control. 2. Click Edit desktop group. 3. On the Power management page, select Weekdays. 4. For shared desktop groups, click Edit and specify the pool size during weekdays. 5. In Peak hours, set your organization's peak and off-peak hours during weekdays. 6. Set power state timers for peak and non-peak hours during weekdays:
q
In When disconnected, specify the delay (in minutes) before suspending any disconnected machine in the desktop group, and select Suspend.
In When logged off, specify the delay before turning off any logged-off machine in the desktop group, and select Shutdown. This timer is not available for groups based on pooled machines. 7. Select Weekend.
q
8. Configure, as above, the pool size, peak hours, and power state timers for weekends.
289
Use SmartAccess strings to filter connections made through Citrix Access Gateway. Your XenDesktop policy administrator can also perform this task in the HDX Policies node in Desktop Studio. For more information about this, see Working with XenDesktop Policies. Use exclusion filters on access policies that you set with the XenDesktop Software Development Kit (SDK).
Access policies achieve similar results to, but are are different from, XenDesktop policies. Access policies are applied to desktop groups to refine certain aspects of virtual desktop connections. For example, you can restrict desktop access to a subset of the users listed on the desktop group's Users page, and you can specify the allowed user devices that can form desktop connections. Further refinement is possible using exclusion filters that you apply to access policies. For example, for business or security reasons you can deny access to a subset of users or devices. Exclusion filters are set in the SDK and are disabled by default. For more information about access policies and exclusion filters, see the SDK help.
290
1. In Desktop Studio, use Search to locate the machines you want to exclude, or select a desktop group and machines. 2. Select the machines and click Add tag. 3. Enter test-machine-sales. 4. Run this SDK command to apply the filter:
About Tags
Tags are strings that identify desktops. You can use them to search for and limit access to desktops. You can add any number of tags of any length separated by semicolons. In this example, one tag (test-machine-sales) is used. Tip: Use the asterisk as a wildcard to match all tags that start with the same string. For example, if you add the tag test-machine-sales to one machine and test-machine-accounts to another, setting the tag in the Set-BrokerAccessPolicy script to test-machine* applies the filter to both machines.
291
To reallocate desktops
This topic explains how you change the users or devices allocated to the machines in a desktop group or to individual virtual desktops. Important: Desktops may contain personal data, which you need to manage appropriately. For example, you may need to reimage the virtual machine.
292
Shut down. Requests the desktops operating system to shut down. Note: If the desktop does not shut down within 10 minutes, it is powered off. If Windows attempts to install updates during shutdown, there is a risk that the desktop will be powered off before the updates are complete.
Force shut down. Forcibly powers off the desktop and refreshes the list of desktops. Restart. Requests the desktop's operating system to shut down and then start the desktop again. If the operating system is unable to do this, the desktop remains in its current state. Suspend. Pauses the desktop without shutting it down and refreshes the list of desktops.
293
294
295
To locate individual desktops, use Search, or select a desktop group and click View machines
To locate a desktop group, select the Assignments node 2. Select the desktop or desktop group and click Enable maintenance mode or Disable maintenance mode.
q
296
You can use Search to locate sessions (as well as users and desktops). For information on this, see To find desktops, sessions, and desktop groups.
297
Adding controllers to sites Removing controllers from sites Moving controllers between sites Configuring Secure Sockets Layer (SSL) on controllers
Permissions
To add, move, or remove controllers, you need the following roles or permissions:
q
The sysadmin or dbcreator database server role. If you don't have either of these roles, you need CreateAnyDatabase and AlterAnyDatabase server permissions. The db_owner or db_datawriter database user role. If you don't have either of these roles, you need Insert, Delete, and Update user permissions.
Other Components
XenDesktop administrators may use components other than the controller to administer virtual desktops. Those components include:
q
Web Interface to configure Remote Desktop Protocol (RDP) connections and workspace control. Access Gateway to secure connections. The XenDesktop SDK to perform certain advanced desktop configuration tasks (for example, using the RDP, rather than the ICA, protocol for connections in a desktop group). In addition, you can use the SDK to disable parts of Desktop Studio. Although that use is not one you need to employ widely, it can be valuable in restricting administrator access to some Desktop Studio tasks and options, particularly brokering ones. For example, you can prevent assignment administrators from editing access policies when they create desktop groups.
298
299
About Controller Discovery This key lists all of the controllers in the site (and is the equivalent of Active Directory's XenDesktop site OU). For multiple controllers, the key's value is a space-delimited list of FQDNs. If both ListOfDDCs and FarmGUID (HKEY_LOCAL_MACHINE\Citrix\VirtualDesktopAgent\FarmGUID) are present in the registry, the ListOfDDCs value is used for controller discovery. (FarmGUID will be present if a site OU was specified when the Virtual Desktop Agent was installed.) Additionally, be aware of the ListOfSIDs registry key. Use this to avoid possible security threats from a compromised Domain Name System (DNS) server. The ListOfSIDs registry key is: HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfSIDs (REG_SZ) For more information, see http://support.citrix.com/article/ctx118976/.
300
To add a controller
As a prerequisite, familiarize yourself with how registry keys on virtual desktops affect controller discovery. To use the Join existing site task, you must have the correct database roles and permissions. You cannot add servers installed with earlier versions of XenDesktop, Desktop Delivery Controller, or Desktop Server to a site that uses this version of XenDesktop. If your deployment uses database mirroring, before carrying out this procedure ensure that the principal and mirrored databases are both running. In addition, if you are executing the scripts using SQL Server Management Studio, enable SQLCMD mode. For more information on mirroring XenDesktop sites, see http://support.citrix.com/article/CTX127359/. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. 1. On the server you want to add, run the XenDesktop installer to install the controller and any other desired components. Desktop Studio is installed by default with the controller. For more information about this, see Installing and Removing XenDesktop Server Components. 2. In Desktop Studio, click the Join existing deployment task and enter the address of the site. 3. If you are using registry-based discovery, register all brokered virtual desktops in the site (or images on which the desktops are based) with the new controller by setting the value of the ListOfDDCs registry key on each desktop or image to the FQDN of the controller.
301
To remove a controller
Removing a controller does not uninstall XenDesktop or any other component. Instead, it removes the controller from the site's database so that it can no longer be used to broker connections and perform other tasks. If you remove a controller, you can later add it back into the same site or another one. A site requires at least one controller, so you cannot remove the last one listed in Desktop Studio. If your deployment uses database mirroring, before carrying out this procedure ensure that the principal and mirrored databases are both running. In addition, if you are executing the scripts using SQL Server Management Studio, enable SQLCMD mode. For more information on mirroring XenDesktop sites, see http://support.citrix.com/article/CTX127359/. 1. In Desktop Studio > Configuration > Controllers, select the controller you want to remove. 2. Click Remove Controller. If you dont have the correct database roles and permissions, you are given the option of generating a script that allows your database administrator to remove the controller for you. 3. You may need to remove the controller's machine account from the database server. Before doing so, check that the account is not used by another service.
302
Registry-Based Discovery
As a prerequisite, familiarize yourself with how registry keys on virtual desktops affect controller discovery. To use the Join existing site task, you must have the correct database roles and permissions. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. 1. On the old site, in Desktop Studio > Configuration > Controllers select the controller you want to move and click Remove Controller. If you dont have the correct database roles and permissions, you are given the option of generating a script that allows your database administrator to remove the controller for you. A site requires at least one controller, so you cannot remove the last one listed in Desktop Studio. 2. On each virtual desktop or image no longer managed by the controller in the old site, remove the controller from the values in the ListOfDDCs registry key. 3. On the controller you are moving, open Desktop Studio, reset the XenDesktop services when prompted, click Join existing site, and enter the address of the new site. 4. On each virtual desktop or image that will be managed by the controller in the new site, add the FQDN of the controller to the values in the ListOfDDCs registry key.
303
To move a controller to another site roles and permissions, you are given the option of generating a script that allows your database administrator to remove the controller for you. A site requires at least one controller, so you cannot remove the last one listed in Desktop Studio. 2. On a controller in the old site, run the following script: Set-ADControllerDiscovery -sync You must be a full administrator of the controller and have the appropriate permissions to make changes in the relevant OU in AD. The script synchronizes the OU with the current set of controllers. For information about this script, see Active Directory Considerations. 3. On the controller you are moving, open Desktop Studio, reset the XenDesktop services when prompted, click Join existing site, and enter the address of the new site. 4. On any controller in the new site, run the Set-ADControllerDiscovery -sync script.
304
<http port> is the port number for HTTP traffic and <https port> is the port number for HTTPS tr
2. If you want the XML Service to ignore HTTP or HTTPS traffic on the default ports, set the following Regis on the controller and restart the Broker Service. Both values are located in the DesktopServer keyname i HKLM/Software/Citrix:
q
q To ignore HTTPS traffic, set XmlServicesEnableSsl to 0. 3. Ensure a server certificate is properly configured on the controller. You must obtain and install a certific register it for HTTPS. If the controller has IIS installed, use the steps described in http://support.microsoft.com/kb/299875. If the controller does not have IIS installed, one method of ac is as follows:
a. Obtain an SSL server certificate and install it on the controller as described in http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-ma For more information on the certreq tool, see http://technet.microsoft.com/en-us/library/cc736326(WS.10).aspx. b. Register the certificate for HTTPS following the Registering SSL Certificates section of http://msdn.microsoft.com/en-us/library/ms186362.aspx.
305
Configuring Hosts
These topics tell you how to:
q
Create a host Add storage to a host Rename a host Update connection details Configure high availability on XenServer Configure hypervisor throttling Rename a connection Enable and disable maintenance mode for a connection View the details of VMs accessed through a connection Manage the VMs accessed through a connection Delete a host Delete a connection
You need to be a full administrator to carry out the tasks described in these topics. Read-only administrators, however, can view host, connection, and machine details.
306
To create a host
1. In Desktop Studio, select Configuration > Hosts. 2. Click Add Host. 3. Select Connect to a new Host. 4. Specify the type of host, and the address and credentials to use when connecting. Ensure that the credentials enable you to carry out all the necessary XenDesktop tasks. If you use XenServer, note that:
q
Citrix recommends using HTTPS to secure communication between XenDesktop and XenServer. To use HTTPS you must replace the default SSL certificate installed with XenServer with one from a trusted certificate authority. For details of how to do this see To replace the default XenServer SSL certificate You can configure high availability if it is enabled on XenServer. Citrix recommends that you select all servers in the pool to allow communication between XenDesktop and XenServer if the pool master fails.
Note: If you are using XenDesktop to manage user desktops hosted on dedicated blade PCs in the data center, select None for host type. 5. Type a name for the connection. 6. Select whether to use XenDesktop to create virtual machines or whether to create them manually. Select the XenDesktop option to use Machine Creation Services to create catalogs of pooled or dedicated VMs. The manual creation option allows you to use XenDesktop to manage and deliver user desktops that you have already migrated to VMs in the data center. 7. Click Next. 8. If you selected to use XenDesktop to create desktops, you are prompted to enter details of the storage and virtual network to use. The wizard then finishes. If you selected manual desktop creation, no further details are needed and the wizard finishes.
307
To create a host
308
Editing a Host
You can add storage to an existing host, and you can also rename it.
To rename a host
1. In Desktop Studio, select Configuration > Hosts. 2. Select the host you want to rename, then click Rename Host. 3. Type the new name for the host, then click OK.
309
To edit a connection
1. In Desktop Studio, select Configuration > Hosts. 2. Select the connection you want to edit, then click Change details. 3. You can edit the connection as follows:
q
To update the connection's address and credentials, type the new details in the relevant fields, then click OK. Do not use this as a way of entering the details of a new connection; to add a new connection, see To create a host. Note: To rename the connection, select the connection then click Rename.
To configure high availability, if it has been enabled on XenServer, click Edit. Citrix recommends that you select all servers in the pool to allow communication between XenDesktop and XenServer if the pool master fails. Select the servers to be used, then click OK. To configure hypervisor throttling, click Advanced. If your power management settings allow too many or too few machines to start at the same time, you can adjust the throttling limit as follows:
q
To prevent more than a certain number of operations or actions running at any one time, enter a number in Max active actions.
To limit the number of concurrent actions to a percentage of the total number of VMs configured for this connection, enter a number in Max power actions as a percentage of desktops. The actual limit applied is the lower number of the above two possibilities. For example, if the maximum active number of actions is 10, the maximum number of actions as a percentage of desktops is 10, and the number of machines is 34, the limit is 3 (that is, 10% of 34 rounded to the nearest whole number).
q
You can also limit the number of new actions that can be started per minute by entering a number in Max actions per minute. Note: Use Connection options only under the guidance of a Citrix Support representative.
310
311
Managing Machines
You can view the details of all machines accessed through a particular connection, and you can also manage these machines.
312
Managing Machines
To manage machines
1. Display the machines as described above. 2. Select the relevant machines. 3. Select one of the following actions:
q
Start. Starts the machine if it is powered-off or suspended. If the host type does not support the power-on function, the Start action is not available. Suspend. Pauses the desktop without shutting it down and refreshes the list of desktops. Shut down. Requests the desktops operating system to shut down. Note: If the desktop does not shut down within 10 minutes, it is powered off. If Windows attempts to install updates during shutdown, there is a risk that the desktop will be powered off before the updates are complete.
Force shut down. Forcibly powers off the desktop and refreshes the list of desktops. Restart. Requests the desktop's operating system to shut down and then start the desktop again. If the operating system is unable to do this, the desktop remains in its current state. Enable maintenance mode. To temporarily stop connections to a machine so that maintenance tasks can be carried out, put it into maintenance mode. No user can connect to a machine in this state. If a user is already connected, maintenance mode takes effect as soon as they log off. Note: To put all the machines accessed through a connection into maintenance mode, select the connection and click Enable Maintenance Mode, as described in To put a connection into maintenance mode.
Remove from Desktop Group. Removing a machine deletes it from a desktop group, which prevents users from connecting to it, but does not delete it from the catalog that the group is based on. You can remove a machine only while no user is connected to it. To temporarily stop users from connecting to a machine while you are removing it, put the machine into maintenance mode first. Delete. When you delete a machine, users no longer have access to it and the machine is deleted from the catalog. Before deleting a machine, ensure all user data is backed up or no longer required. You can delete a machine only while no user is connected to it. To temporarily stop users from connecting to a machine while you are deleting it, put the machine into maintenance mode first.
313
To delete a host
Before you delete a host, ensure that:
q
All users have logged off from the machines stored on the host No disconnected user sessions are still running For pooled and dedicated machines, all machines are in maintenance mode For existing machine catalogs, all machines are powered off
Caution: Deleting a host can result in the deletion of large numbers of machines and in loss of data. Ensure you read this topic carefully and that any user data on affected machines is backed up or no longer required. 1. In Desktop Studio, select Configuration > Hosts. 2. Select the host you want to delete, then click Delete Host. 3. If this host still has machines stored on it, you are prompted to specify whether or not the machines should be deleted and, if they are to be deleted, what should be done with the AD computer accounts associated with them. A catalog becomes unusable when you delete a host that is referenced by that catalog. If this host is referenced by a catalog you are therefore given the opportunity to delete the catalog at this point. Before you delete a catalog, ensure that it is not supported by other hosts.
314
To delete a connection
Before you delete a connection, ensure that:
q
All users have logged off from the machines stored on the hosts accessed through this connection No disconnected user sessions are still running For pooled and dedicated machines, all machines are in maintenance mode For existing machine catalogs, all machines are powered off
Caution: Deleting a connection can result in the deletion of large numbers of machines and in loss of data. Ensure you read this topic carefully and that any user data on affected machines is backed up or no longer required. 1. In Desktop Studio, select Configuration > Hosts. 2. Select the connection you want to delete, then click Delete Connection. 3. If any host using this connection still has machines stored on it, you are prompted to specify whether the machines should be deleted and, if they are to be deleted, what should be done with the AD computer accounts associated with them. A catalog becomes unusable when you delete a connection associated with a host that is referenced by that catalog. If any host using this connection is referenced by a catalog you are therefore given the opportunity to delete the catalog at this point. Before you delete a catalog, ensure that it is not supported by other hosts.
315
Authenticating to XenDesktop sessions Digitally signing or encrypting documents Authenticating to locally installed or virtualized applications
316
Smart cards, including Common Access Card (CAC) USB smart card tokens
All the above must be Microsoft-compatible. Multiple smart cards and multiple readers can be used on the same user device. Users can move between user devices with different smart card readers by reconnecting to the session after authentication to XenDesktop. You must obtain a device driver for the smart card reader and install it on the user device. Many smart card readers comply with the Chip/Smart Card Interface Devices (CCID) standard and can use the CCID device driver supplied by Microsoft. You must also obtain a device driver (a Cryptographic Service Provider in the case of Windows) for the smart card and install it on both the user device and the virtual desktop. Citrix recommends that you:
q
Install drivers and CSPs on the virtual desktop before installing any Citrix software on it Install and test the drivers on a physical computer before installing Citrix software
Note: Smart card drivers should automatically be downloaded on detection for virtual desktops running Windows 7. If you need to install drivers, you can obtain them from http://catalog.update.microsoft.com or from the smart card vendor. Smart card support also involves components available from Citrix partners. These will be updated independently by the partners, and are not described in these topics. Refer to the Citrix Ready program at http://www.citrix.com/ready/ for more information.
317
Domain-joined and non-domain joined thin clients. Thin clients are devices that can connect only to virtual desktops; all other services are obtained through the virtual desktop. They can support only one connection at a time. Domain-joined computers. These computers can connect directly to virtual desktops, applications, and other services. They can run local applications and support simultaneous connections.
Microsoft Windows XP or XP Embedded (depending on device type) with Service Pack 3 or later Microsoft Vista with Service Pack 1 or later Microsoft Windows 7 (non-Aero)
Linux, for non-domain-joined thin clients The Citrix online plug-in 12.0 or later or, for Linux appliances, the Citrix Receiver for Linux 11.1 or later
q
Microsoft Internet Explorer 7 or later, if users need to access desktops from a browser Appropriate device drivers for the smart cards and readers
XenDesktop-ready desktop appliances may also support smart card authentication: consult your supplier for further details about this.
318
Tasks performed by smart card administrators (for example smart card issuance) may be inappropriate for carrying out through XenDesktop. Usually these functions are performed at a dedicated smart card station, and may require two smart card readers. Infrequent and sensitive tasks, such as unblocking a smart card, may also be inappropriate for carrying out through XenDesktop. Security policies often forbid users to perform these functions; they are carried out by the smart card administrator. Note: Citrix recommends that you carry out these tasks locally on the user device if possible, rather than using XenDesktop.
Highly sensitive applications that require strict separation of duties or tamper-resistant audit trails may entail additional special-purpose security control measures. These measures are outside the scope of XenDesktop.
You can reset PINs from the desktop using Microsoft Identity Lifecycle Manager (ILM) and Certificate Lifecycle Manager (CLM) smart card management systems, or using any smart card vendor's reset utilities that use the Windows smart card PC/SC (WinSCard) API.
319
320
After the Virtual Desktop Agent has been installed on a computer, you can no longer use locally connected smart cards for any purpose, including logon. Multiple smart cards and multiple readers can be used on the same user device, but if pass-through authentication is in use only one smart card must be inserted when the user starts a virtual desktop. When a smart card is used within an application (for example, for digital signing or encryption functions), there may be additional prompts to insert a smart card or enter a PIN. This can occur if more than one smart card has been inserted at the same time. If users are prompted to insert a smart card when the smart card is already in the reader, they should select Cancel. If they are prompted for the PIN, they should enter the PIN again. If you are using XenDesktop with XenApp-hosted applications running on Windows Server 2008 or 2008 R2 and with smart cards requiring the Microsoft Base Smart Card Cryptographic Service Provider, you may find that if a user runs a smart card transaction, all other users who use a smart card in the logon process are blocked. For further details and a hotfix for this issue, see http://support.microsoft.com/kb/949538.
321
Windows Server 2003 and 2008 policy setting No action Lock workstation Force logoff
XenDesktop behavior No action. The XenDesktop session is disconnected and the virtual desktop is locked. The user is forced to log off. If the network connection is lost and this setting is enabled, the session may be logged off and the user may lose data.
Disconnect if a remote Terminal Services The XenDesktop session is disconnected session and the virtual desktop is locked. There may also be a user device smart card removal behavior policy if the user device is domain-joined. In this case the user device has the default Windows behavior. If a user device is installed for full-screen-only use, XenDesktop enforces consistent smart card removal policy. For example, if the Windows smart card removal policy is set to Force logoff for the desktop, XenDesktop also forces logoff on the user device, regardless of the Windows smart card removal policy set at the device. This ensures that the user device is not left in an inconsistent state. This behavior applies only to full-screen-only user devices.
322
Control sound quality for user devices Allow users to access the Documents folder on their local user device Allow or prevent remote users from being able to save to their hard drives from a session Allow or prevent users from accessing the Windows clipboard Monitor CPU usage, ICA Latency, and Profile Load Time
You can work with policies through Desktop Studio in XenDesktop or the Group Policy Editor in Windows. The console or tool you use to do this depends on whether or not your network environment includes Microsoft Active Directory and whether or not you have the appropriate permissions to manage Group Policy Objects (GPOs).
323
Administrative Roles
There are two types of XenDesktop policy administrator:
q
Full Admin. This administrator has full administrative rights with authority to manage all aspects of policy administration, including policy creation, management, editing, and policy modelling. Read-only. This administrator can see all aspects of policy administration, but has no authority to change any policy settings. A read-only administrator can, however, run the Policy Modeling wizard to check which policy settings are being applied to a user's sessions.
Note: These roles also apply to administrators using Powershell to configure XenDesktop policies. For more information, see Delegated Administration.
324
Summary displays the settings currently configured for the selected policy Settings displays by category the available and configured settings for the selected policy Filters displays the available and configured filters for the selected policy
For searching policies, use the search tool near the list of Citrix policies For searching settings, use the search tool on the Settings tab For searching filters, use the search tool on the Filters tab
325
Navigating Citrix Policies and Settings You can refine your search by:
q
On the Settings or Filters tabs, selecting Active Settings or Active Filters, respectively, to search only the settings or filters that have been added to the selected policy. On the Settings tab, selecting a category such as Auto Client Reconnect or Bandwidth to search only the settings in that category.
To search the entire catalog of settings or filters, select All Settings or All Filters.
326
Creating Policies
Before you create a policy, decide which group of users or devices you want it to affect. You may want to create a policy based on user job function, connection type, user device, or geographic location. Alternatively, you can use the same criteria that you use for Windows Active Directory group policies. If you already created a policy that applies to a group, consider editing the policy and configuring the appropriate settings instead of creating another policy. Avoid creating a new policy solely to enable a specific setting or to exclude the policy from applying to certain users.
To create a policy
1. Depending on the console you use to manage Citrix policies:
q
From Desktop Studio, select the HDX Policy node in the left pane and then select the Machines or Users tab.
From the Group Policy Editor, select the Citrix Policies node in the left pane. 2. Click New. The New Policy wizard appears.
q
3. Enter the policy name and, optionally, a description. Consider naming the policy according to who or what it affects; for example, Accounting Department or Remote Users. 4. Choose the policy settings you want to configure. 5. Choose the filters you want to apply to the policy. 6. Elect to leave the policy enabled or clear the Enable this policy checkbox to disable the policy. Enabling the policy allows it to be applied immediately to users logging on to virtual desktops in a site. Disabling the policy prevents it from being applied. If you need to prioritize the policy or add settings at a later time, consider disabling the policy until you are ready to apply it to users.
327
Allowed or Prohibited allows or prevents the action controlled by the setting. Enabled or Disabled turns the setting on or off. If you disable a setting, it is not enabled in lower-ranked policies.
For settings that are Allowed or Prohibited, the action controlled by the setting is either allowed or prevented. In some cases, users are allowed or prevented from managing the setting's action in the session. For example, if the Menu animation setting is set to Allowed, users can control menu animations in their client environment. In addition, some settings control the effectiveness of dependent settings. For example, the Client drive redirection setting controls whether or not users are allowed to access the drives on their devices. To allow users to access their network drives, both this setting and the Client network drives setting must be added to the policy. If the Client drive redirection setting is disabled, users cannot access their network drives even if the Client network drives setting is enabled. In general, Machine policy setting changes go into effect either when the virtual desktop restarts or when a user logs on. User policy setting changes go into effect the next time the relevant users log on. If you are using Active Directory, policy settings are updated when Active Directory re-evaluates policies at regular 90 minute intervals and applied either when the virtual desktop restarts or when a user logs on.
328
Assign policies to groups rather than individual users. If you assign policies to groups, assignments are updated automatically when you add or remove users from the group. Do not enable conflicting or overlapping settings in Remote Desktop Session Host Configuration. In some cases, Remote Desktop Session Host Configuration provides similar functionality to Citrix policy settings. When possible, keep all settings consistent (enabled or disabled) for ease of troubleshooting. Disable unused policies. Policies with no settings added create unnecessary processing.
329
Filter Description Applies a policy based on the access control conditions through which a client is connecting. Applies a policy based on the Assignment of the desktop running the session. Applies a policy based on the IP address (IPv4 or IPv6) of the user device used to connect to the session. Applies a policy based on the name of the user device from which the session is connected. Applies a policy based on the type of machine running the session.
Assignment
Client IP Address
Client Name
Machine Type
330
Applying XenDesktop Policies Organizational Unit Applies a policy based on the organizational unit (OU) of the desktop running the session. Applies a policy based on any tags applying to the desktop running the session.
q
Tag
User
Applies a policy User policies only based on the user or group membership of the user connecting to the session. When a user logs on, XenDesktop identifies the policies that match the filters for the connection. XenDesktop sorts the identified policies into priority order, compares multiple instances of any policy setting, and applies the policy setting according to the priority ranking of the policy. If you are using Active Directory, policy settings are updated when Active Directory re-evaluates policies at regular 90 minute intervals and applied when a user logs on. Any policy setting that is disabled takes precedence over a lower-ranked setting that is enabled. Policy settings that are not configured are ignored. Important: When configuring both Active Directory and Citrix policies using the Group Policy Management Console, filters and settings may not be applied as expected. For more information, see http://support.citrix.com/article/CTX127461
Unfiltered Policies
By default, XenDesktop provides an "Unfiltered" policy for both Machine and User policy settings. The settings added to this policy apply to all connections. If you use Desktop Studio to manage Citrix policies, settings you add to the Unfiltered policy are applied to all virtual desktops and connections in a site. If you have Active Directory in your environment and use the Group Policy Editor to manage Citrix policies, settings you add to the Unfiltered policy are applied to all sites and connections that are within the scope of the Group Policy Objects (GPOs) that contain the policy. For example, the Sales OU contains a GPO called Sales-US that includes all members of the US sales team. The Sales-US GPO is configured with an Unfiltered policy that includes several user policy settings. When the US Sales manager logs on to the site, the settings in the Unfiltered policy are automatically applied to the session because the user is a member of the Sales-US GPO.
331
Filter Modes
A filter's mode determines whether or not the policy is applied only to connections that match all the filter criteria. If the mode is set to Allow (the default), the policy is applied only to connections that match the filter criteria. If the mode is set to Deny, the policy is applied if the connection does not match the filter criteria. The following examples illustrate how filter modes affect Citrix policies when multiple filters are present.
Filter A is a User filter that specifies the Sales group and the mode is set to Allow Filter B is a User filter that specifies the Sales manager's account and the mode is set to Deny
Because the mode for Filter B is set to Deny, the policy is not applied when the Sales manager logs on to the site, even though the user is a member of the Sales group.
Filter C is a User filter that specifies the Sales group and the mode is set to Allow Filter D is a Client IP Address filter that specifies 10.8.169.* (the corporate network) and the mode is set to Allow
When the Sales manager logs on to the site from the office, the policy is applied because the connection satisfies both filters. Policy 3 includes the following filters:
q
Filter E is a User filter that specifies the Sales group and the mode is set to Allow Filter F is an Access Control filter that specifies Access Gateway connection conditions and the mode is set to Allow
When the Sales manager logs on to the site from the office, the policy is not applied because the connection does not satisfy Filter F.
332
To apply a policy
You must add at least one filter to a policy for that policy to be applied correctly. If you do not add any filters, policy settings are applied to all user sessions, unless those policy settings are overidden by settings in a policy with a higher priority. 1. From the policy wizard, select the filter you want to apply and click Add. 2. From the New Filter dialog box, click Add to configure filter elements. 3. Select the mode for the filter.
The policy is applied the next time the relevant users establish a connection.
333
334
Creating a policy only for those group members who need the exceptions and then ranking the policy higher than the policy for the entire group Using the Deny mode of a filter added to the policy
A filter with the mode set to Deny tells XenDesktop to apply the policy to connections that do not match the filter criteria. For example, a policy contains the following filters:
q
Filter A is a Client IP address filter that specifies the range 208.77.88.* and the mode is set to Allow Filter B is a User filter that specifies a particular user account and the mode is set to Deny
The policy is applied to all users who log on to the farm with IP addresses in the range specified in Filter A. However, the policy is not applied to the user logging on to the farm with the user account specified in Filter B, even though the user's computer is assigned an IP address in the range specified in Filter A.
335
Use the Citrix Group Policy Modeling Wizard to simulate a connection scenario and discern how Citrix policies might be applied Use Group Policy Results to produce a report describing the Citrix policies in effect for a given user and controller
You can launch the Citrix Group Policy Modeling Wizard from the Action pane in Desktop Studio. If your XenDesktop environment includes Active Directory, you can launch both tools from the Group Policy Management console in Windows.
336
337
From Desktop Studio, click the HDX Policy node in the console tree and then click the Modeling node. From the Actions pane, select Launch Modeling Wizard.
From the Group Policy Management console, right-click the Citrix Group Policy Modeling node in the console tree and then select Citrix Group Policy Modeling Wizard. 2. Follow the wizard to select the domain controller, users, computers, environment settings, and Citrix filter criteria you want to use in the simulation.
q
When you click Finish, the wizard produces a report of the modeling results. In Desktop Studio, the report appears as a node in the console tree, underneath the Policies node. The Modeling Results tab in the middle pane displays the report, grouping effective Citrix policy settings under User Configuration and Computer Configuration headings.
338
No policies have filters that match the policy evaluation criteria Policies that match the filter do not have any settings configured Policies that match the filter are disabled
If you want to apply policy settings to the connections that meet the specified criteria:
q
Make sure the policies that you want to apply to those connections are enabled Make sure the policies that you want to apply have the appropriate settings configured
339
Create one or more Connection policy filters to define specified requirements for user logon. Note: You must be using Access Gateway Advanced Edition (Version 4.0 or later) or Access Gateway Enterprise Edition (Version 9.1 or later) to create filters that work with XenDesktop.
Specify At Access Gateway as the point of authentication for your XenApp Web site. Ensure that controllers for a site are configured to trust requests sent to the Citrix XML service.
For XenDesktop:
q
Ensure that any access policy configured on controllers for a site allows connections to virtual desktops through Access Gateway. Create a User policy that includes a filter referencing Access Gateway filters.
340
If using Access Gateway Advanced Edition, enter the name of the Access Gateway farm.
If using Access Gateway Enterprise Edition, enter the virtual server name of the Access Gateway appliance. b. In Access condition, enter one of the following items:
q q
If using Access Gateway Advanced Edition, enter the name of the Access Gateway filter for XenDesktop to use. If using Access Gateway Enterprise Edition, enter the name of the endpoint session policy for XenDesktop to use.
Important: XenDesktop does not validate Access Gateway farm, server, and filter names, so always verify this information with the Access Gateway administrator. 9. To apply the policy to every connection except those made through Access Gateway, in the Mode list box, select Deny. The filter's mode tells XenDesktop whether or not to apply the policy to connections that match the filter criteria. Selecting Deny tells XenDesktop to apply the policy to connections that do not match the filter criteria.
341
Monitoring XenDesktop 5
Use the Desktop Studio dashboard to monitor your deployment. To display the dashboard, select Desktop Studio at the top of the tree in the left-hand pane of the console then, if necessary, select the Dashboard tab .
Machines
This panel displays a high level view of all the machines in your deployment, categorized as follows:
q
All: All machines that are members of desktop groups. Unregistered: Machines that are running but are not registered with a controller. High CPU: Machines with a high CPU usage metric, as measured against the policy rule CPU Usage Monitoring Threshold. High Latency: Machines with a high ICA latency metric, as measured against the policy rule ICA Latency Monitoring Threshold. High Profile Load Time: Machines with a high Profile Management logon time metric, as measured against the policy rule Profile Management Logon Time Monitoring Threshold. This information appears only if you have Citrix Profile management installed. Failed Connection : Machines to which a user was brokered but did not successfully connect or log on. Pending Update: Machines provisioned by Machine Creation Services that are not using the latest disk version.
To display on the bar charts how the number of machines in a category are distributed across servers, catalogs, and desktop groups, select the relevant category row.
Usage
This panel provides information about machine states for each desktop group and for all the machines in the site:
q
Total: The total number of machines. % Usage: The percentage of machines on which user sessions (both connected and disconnected) are running. The number of machines that are in each of the following states:
q
342
Monitor
q
Disconnected. Machines that have sessions running but are disconnected. Ready. Machines that are ready for brokering. Unregistered. Machines that are running but not registered with a controller. Off. Machines that are not running.
The graph shows the percentage of machines that are in use for each desktop group, based on snapshots taken once an hour on the hour. The local time zone of the machine running Desktop Studio is used. To highlight the graph line for a desktop group, select the row for that group in the table.
Infrastructure
This panel displays health status icons for a site's hosts and controllers. For hosts, the connection status and the health of the CPU, memory, bandwidth (network usage), and storage (disk usage) are monitored using information from XenServer or VMware. To see alert details provided by the host system, mouse over the icon. If no icon appears for a particular metric, this indicates that this metric is not supported by the type of host you are using. No health information is available for SCVMM hosts. For controllers, the icons indicate whether or not servers are online, all services are running, and all services are connected to a database.
343
Create additional administrators for the site, if necessary. Set up any general Citrix policies that you require, including policies for printing. See Working with XenDesktop Policies for details of configuring policies. Configure USB support. Optimize the user experience by ensuring that settings for desktops and users are appropriate.
344
345
Delegating Administration Tasks 2. Choose Configuration > Administrators. 3. Select the administrator you want to delete and choose Action > Delete Administrator. 4. Click Yes to confirm deletion.
346
347
Note: Specialist keyboards and mice (for example, Bloomberg keyboards, and 3D mice) can be configured to use USB support. For more information about configuring Bloomberg keyboards, see http://support.citrix.com/article/ctx122615. By default, certain types of USB device are not supported for remoting through XenDesktop. For example, a user may have a network interface card attached to the system board by internal USB. Remoting this would not be appropriate. The following types of USB device are not supported by default for use in a XenDesktop session:
q
Bluetooth dongles Integrated network interface cards USB hubs USB graphics adaptors
USB devices connected to a hub can be remoted, however the hub itself cannot be remoted. USB support allows virtual desktops access to USB devices that are connected to the user device. In environments where security separation between client and server is needed, users should connect only appropriate USB devices. You can also set policies at the virtual desktop and user device that restrict the types of USB devices that will be made available to the virtual desktop. For information on all USB devices tested with XenDesktop, see http://support.citrix.com/article/ctx123569. For further general information on setting up Citrix policies, see Working with XenDesktop Policies.
348
Configuring USB Support If you are using XenApp, see USB Drive Mapping Limitations. If you are using thin clients, please consult the manufacturer for details of USB support and any configuration you may need to carry out.
Enable the USB policy rule, which is in the USB Devices Policy Settings section of the ICA Policy Settings. Enable USB support when you install the client on user devices.
Edit the client registry (or the .ini files in the case of the Receiver for Linux). For information about how to do this, see the relevant client documentation. An ADM file is included on the installation media to allow you to make changes to the client through Active Directory Group Policy: dvd root \os\lang\Support\Configuration\icaclient_usb.adm. Edit the administrator override rules in the Virtual Desktop Agent registry on the computer(s) hosting the desktops. Information about how to do this is included in the rest of this section.
Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it. Device rules are enforced on both the client and the Virtual Desktop Agent, so you must make changes on both sides otherwise devices may not be allowed through. An ADM file is included on the installation media to allow you to make changes to the Virtual Desktop Agent through Active Directory Group Policy: dvd root \os\lang\Support\Configuration\vda_usb.adm. The product default rules are stored in HKLM\SOFTWARE\Citrix\PortICA\GenericUSB Type=String Name="DeviceRules" The default policy configuration is as follows:
class=02 # Communications and CDC-Control class=09 # Hub devices class=0a # CDC-Data class=0b # Smartcard class=e0 # Wireless controller
Configuring USB Support ALLOW: # Otherwise allow everything else Do not edit the product default rules. The recommended way to change them is to use the GPO overrides described below, because these are evaluated before the default rules. The administrator override rules are stored in: HKLM\SOFTWARE\Policies\Citrix\PortICA\GenericUSB Type=String Name="DeviceRules" When you are creating new policy rules, refer to the USB Class Codes, available from the USB Web site at http://www.usb.org/. Policy rules take the format {Allow:|Deny:} followed by a set of tag=value expressions separated by white space. The following tags are supported:
Description Vendor ID from the device descriptor Product ID from the device descriptor Release ID from the device descriptor Class from either the device descriptor or an interface descriptor Subclass from either the device descriptor or an interface descriptor
Protocol from either the device descriptor or an interface descriptor When creating new policy rules, be aware of the following:
q
Rules are case-insensitive. Rules may have an optional comment at the end, introduced by #. A delimiter is not required and the comment is ignored for matching purposes. Blank and pure comment lines are ignored. White space is used as a separator, but cannot appear in the middle of a number or identifier. For example, Deny: Class = 08 SubClass=05 is a valid rule; Deny: Class=0 Sub Class=05 is not. Tags must use the matching operator =. For example, VID=1230. Each rule must start on a new line or form part of a semicolon-separated list. Important: If you are using the Administrative (ADM) template, you must create rules on a single line, as a semicolon-separated list.
Allow: VID=1230 PID=0007 # ANOther Industries, ANOther Flash Drive Deny: Class=08 SubClass=05 # Mass Storage
350
Feature Enabled by default Read-only access configurable Safe to remove device during a session
USB rule No No
Yes, provided users follow operating system recommendations for safe removal If both client drive mapping and the USB rule are enabled, then if a mass storage device is inserted before a session starts, it will be redirected using client drive mapping first, before being considered for redirection through USB support. If it is inserted after a session has started, it will be considered for redirection using USB support before client drive mapping. Automatic support of devices upon insertion, however, depends on the client being used and the individual user preferences; for further information, see the relevant client documentation.
351
HDX technologies to optimize users' audio and multimedia experience. Time zone settings to allow users to see their local time when using desktops. Connection timers to provide appropriate durations for uninterrupted connections, idle sessions, and disconnected sessions. Workspace control to enable users to roam between different user devices. Removing the Shut Down command to prevent users from powering off their desktops, which would then require a manual restart by an administrator. This is not necessary for VM-based desktop groups.
For the best user experience, consider preinstalling frequently used software, such as a Flash player or other browser plug-ins in your desktops. Also consider enabling Microsoft ClearType or other font-smoothing technologies by default in users' profiles.
352
Quick Links
q
Configuring HDX MediaStream Flash Redirection Configuring Audio HDX RealTime Webcam Video Compression for Video Conferencing Improving Responsiveness in Low Bandwidth Conditions by Compressing Colors
353
Any operating system supported by Citrix XenApp 6 for Windows Server 2008 R2 and Citrix XenDesktop 5. Citrix online plug-in 12.1, 12.0.3, or 11.2 is installed on the user device. Low latency LAN-type network connection between the user's Windows device and the XenDesktop Virtual Desktop Agent platform Adobe Flash Player 10 or 10.1 is installed on the user device and on the servers running XenApp. Note: If an earlier version of the Flash Player is installed on the user device, or the Flash Player is not installed on the user device, Flash content is rendered on the server.
Windows Internet Explorer 7 or 8 with Active X capabilities. The browser must be available to the user device from the server.
Caution: Flash Redirection requires significant interaction between the user device and server components. Therefore, this feature should be used only in environments where security separation between the user device and server is not needed. User devices should be configured to use the Flash Redirection feature only with trusted servers. Flash Redirection requires the Flash Player to be installed on the user device. Therefore, Flash Redirection should be enabled only if the Flash Player itself is secured.
354
Flash acceleration Flash event logging Flash latency threshold Flash server-side content fetching whitelist Flash URL blacklist
To enable and disable HDX MediaStream Flash Redirection from the server
Flash Redirection is enabled on the server for client-side rendering by default. You can enable and disable Flash Redirection from the server through the Citrix User Policy setting Flash acceleration, in the HDX MediaStream for Flash (client side) category. Configure the Flash acceleration setting by selecting Enabled, which is the default, or Disabled. When Enabled is selected, all Flash content from sites not blocked by the Flash URL blacklist is rendered on the user device. If Disabled is selected, all Flash content is rendered on the server.
Flash Redirection reports events to the Application log The Source value is Flash The Category value is None
In addition to the Windows event log, on computers with Windows 7 or Windows Vista, a Flash Redirection-specific log appears in the Applications and Services Logs node. If 355
Configuring HDX MediaStream Flash Redirection on the Server Windows XP is used, Flash Redirection log information is found only in the Windows event log. Configure the Flash event logging setting by selecting Enabled, which is the default, or Disabled.
Add the URL of the Flash application; not the top-level .html page that instantiates the Flash Player to the whitelist. Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list. Use a trailing wildcard to allow all child URLs, for example http://www.sitetoallow.com/*. The prefixes http:// or https:// are used when present, but they are not required.
Configure the Flash server-side content fetching whitelist setting by clicking New to add new URLs to the whitelist. Important: The Enable server-side content fetching setting on the user device must also be enabled for the Flash server-side content fetching whitelist on the server to work.
356
To block Web sites from working with HDX MediaStream Flash Redirection
Block specified Web sites from playing on user devices with Flash Redirection by adding the sites' URLs to a blacklist. Instead, the blocked Flash content plays on the server. Consider the following when configuring the Flash URL blacklist setting:
q
Add the top-level .html page that instantiates the Flash Player to the blacklist; not the URL of the Flash application. Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list. Use a trailing wildcard to block all child URLs, for example http://www.sitetoblock.com/*). The prefixes http:// or https:// are used when present, but they are not required. Add sites containing Flash content that does not render correctly on the user device to the blacklist.
Configure the Flash URL blacklist setting by clicking New to add new URLs to the blacklist.
357
To configure HDX MediaStream Flash Redirection on the User Device with Group Policy Objects
1. Create or select an existing Group Policy Object. 2. Import and add the HDX MediaStream for Flash - Client administrative template (HdxFlash-Client.adm), available in:
q
For 32-bit computers: %Program Files%\Citrix\ICA Client\Configuration\language. For 64-bit computers: %Program Files (x86)%\Citrix\ICA Client\Configuration\language.
Note: For details on creating Group Policy Objects and importing and adding templates, see the Microsoft Active Directory documentation at http://www.microsoft.com.
XenDesktop Viewer is used: Flash Redirection is disabled by default. XenDesktop Viewer is not used: The user receives a dialog box the first time they access Flash content in each session in which the user can enable HDX MediaStream Flash Redirection. Locked Desktop Appliance is used: Flash Redirection is enabled by default.
1. In the Group Policy Object Editor, expand either the Computer Configuration or User Configuration node. 2. Expand the Administrative Templates and Classic Administrative Templates (ADM) nodes and select HDX MediaStream for Flash - Client. 358
Configuring HDX MediaStream Flash Redirection on the User Device 3. From the Setting list, select Enable HDX MediaStream for Flash on the user device and click policy setting. 4. Select Not Configured, Enabled, or Disabled. 5. If you selected Enabled, from the Use HDX MediaStream for Flash list, select Always, Ask, or Never. Note: Selecting Ask results in users receiving a dialog box the first time they access Flash content in each session in which the user can enable HDX MediaStream Flash Redirection. If the user does not enable HDX MediaStream Flash Redirection, the Flash content is played on the server. Selecting Always and Never do not result in this dialog box. Select Always to always use HDX MediaStream Flash Redirection to play Flash content on the user device. Select Never to never use HDX MediaStream Flash Redirection and have Flash content play on the server. 6. For the policy to take effect:
q
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
359
Computer Configuration: Changes take effect as computers in the organizational unit restart. User Configuration: Users in the organizational unit must log off and then log on to the network.
360
Configuring Audio
You can configure audio through the Policies node of the Citrix Desktop Studio. You control the settings for the audio features through the following Citrix User Policy settings:
q
Audio quality Client audio redirection Client microphone redirection Audio redirection bandwidth limit Audio redirection bandwidth limit percent
Low - for low speed connections. Audio playback consumes a maximum of 11 kbps of bandwidth. With both audio playback and recording total bandwidth consumption is 22 kbps at maximum. Ideal for multimedia conferences when using low speed connections. Medium - optimized for speech. Audio playback consumes a maximum of 16.8 kbps of bandwidth. With both audio playback and recording total bandwidth consumption is 33.6 kbps at maximum. Ideal for multimedia conferences. High - high definition audio. Audio playback consumes a maximum of 96 kbps of bandwidth. With both audio playback and recording total bandwidth consumption is 166 kbps at maximum. Ideal for music and video playback. Note: High definition increases bandwidth requirements by sending more audio data to user devices and increases server CPU utilization.
361
Configuring Audio
To disable speakers
You can allow users to receive audio from an application on a server through speakers or other sound devices, such as headphones, on their client devices. Client audio mapping can cause excessive load on the servers and the network. Configure the Client audio redirection setting by choosing Allowed, the default, or Prohibited. Important: When Client audio redirection is disabled, all audio functionality is disabled.
362
363
Install Citrix online plug-in 12.1 or 12.0.3 for Windows on the user device. Install Microsoft Office Communications Server 2007 on the XenDesktop site. Install Microsoft Office Communicator 2007 on the Virtual Desktop Agent. Ensure the user device has the appropriate hardware to produce sound. Use the web camera default settings. Install drivers for web cameras on the user device. Where possible, use drivers obtained from the camera manufacturer, rather than from a third party. Note: Only one web camera is supported at a time. If a device has multiple web cameras attached, the cameras are tried in succession until a connection is made.
Enable the following Citrix Policy settings in the Citrix Desktop Studio:
q
364
365
367
Change the time on the system on which the desktop is running. To do this, set up a Group Policy with rights given to non-privileged users to change system time settings. For further information about how to do this, see http://msdn2.microsoft.com/en-us/library/ms813808.aspx. Change the time zone registry area. For information about how to do this, see http://support.microsoft.com/kb/300022/.
After you do this, users who connect to Windows XP desktops see their local time zone reflected in the desktop. When they log off or disconnect, the time zone of the desktop is reset to what it was before they logged on. You can configure time zone settings through Citrix policies. Use the Use local time of client policy setting in the Time Zone Control section of the ICA Policy Settings folder.
368
A maximum connection timer. This setting determines the maximum duration of an uninterrupted connection between a user device and a virtual desktop. Use the Session connection timer and Session connection timer interval policy settings to configure this. A connection idle timer. This setting determines how long an uninterrupted user device connection to a virtual desktop will be maintained if there is no input from the user. Use the Session idle timer and and Session idle timer interval policy settings to configure this. A disconnect timer. This setting determines how long a disconnected, locked virtual desktop can remain locked before the session is logged off. Use the Disconnected session timer and Disconnected session timer interval policy settings to configure this.
If you need to update any of these settings, ensure that settings are consistent across your deployment.
369
In XenDesktop sessions, workspace control is disabled by default. For instructions on enabling it, see the Web Interface documentation. In XenApp sessions within XenDesktop sessions, workspace control is enabled by default. For information on this scenario, see VM Hosted Apps.
370
371
372
Using Microsoft System Center Virtual Machine Manager 2008 with XenDesktop
If you are planning on using Hyper-V with Microsoft System Center Virtual Machine Manager 2008 to provide virtual machines in your XenDesktop environment, you must ensure you configure your system as described in this topic.
System Requirements
Before you create your VMs, check your environment meets the minimum requirements listed in Requirements for Machine Creation Services.
373
Using Microsoft System Center Virtual Machine Manager 2008 with XenDesktop
Install Windows Server 2008 R2 Hyper-V and System Center Virtual Machine Manager 2008 R2 on your servers. Note that all controllers in your environment must be in the same forest as the System Center Virtual Machine Manager servers. Install the System Center Virtual Machine Manager Console on all controllers in your environment. If you are using XenDesktop to create your VMs, rather than selecting an existing catalog, configure your Hyper-V deployment as follows:
q
For a single Hyper-V host deployment, create a Windows network share that is writeable by the System Center Virtual Machine Manager administrator account on the Hyper-V server. For a multiple Hyper-V host deployment, ensure your Hyper-V hosts are set up in a Hyper-V Failover Cluster with Cluster Shared Volume storage. On one of your Hyper-V servers, create a Windows network share, that is writeable by the System Center Virtual Machine Manager administrator account for the Cluster Shared Volume mount point, typically C:\ClusterStorage. For more information about setting up a Hyper-V Failover Cluster with Cluster Shared Volume storage, see your Microsoft documentation.
Note: In both deployments, the Windows Network share is required to allow XenDesktop remote access to storage on the host server, where VMs you create are stored.
q
The account you intend to use to create hosts in XenDesktop must be a member of the relevant Hyper V machines' local administrators group; if this account has only the delegated administrator role in SCVMM, the storage data is not listed in Desktop Studio during the host creation process. You must install the XenDesktop Controller on a virtual machine running Hyper-V, not on the server running Hyper-V. For further details, see your Microsoft documentation.
Creating a Master VM
Create a master VM to be copied to provide user desktops. Install the Virtual Desktop Agent on the master VM, ensuring you select the option to optimize the desktop. This improves the performance of users' desktops by reconfiguring various Windows features that are incompatible with or unnecessary for virtual desktops. Take a snapshot of the master VM to use as a back-up. For more information, see Preparing a Master VM.
374
Using Microsoft System Center Virtual Machine Manager 2008 with XenDesktop
q
On the Host page, select Microsoft virtualization as the host type and enter the service address as the fully qualified domain name of the host server. Enter the credentials for the administrator account you set up earlier that has permissions to create new VMs. In the Host Details dialog box, select the cluster or standalone host to use when creating your new VMs. Note: You must browse for and select a cluster or standalone host even if you are using a single Hyper-V host deployment.
375
System Requirements
Before you create your VMs, check your environment meets the minimum requirements listed in Requirements for Machine Creation Services.
376
Install vCenter Server and the appropriate management tools required. Note: XenDesktop does not support VMware vCenter Linked Mode.
Create a VMware user account with the following permissions, at the DataCenter level, at a minimum: Note: This account has permissions to create new VMs and is used by XenDesktop to communicate with vCenter. SDK Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement Network.Assign Resource.AssignVMToPool System.Anonymous System.Read System.View Task.Create VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.RemoveDisk VirtualMachine.Config.Resource VirtualMachine.Interact.PowerOff VirtualMachine.Interact.PowerOn VirtualMachine.Interact.Reset VirtualMachine.Interact.Suspend VirtualMachine.Inventory.Create VirtualMachine.Inventory.CreateFromExisting User Interface Datastore > Allocate space Datastore > Browse datastore Datastore > Low level file operations Network > Assign network Resource > Assign virtual machine to resource pool Added automatically. Added automatically. Added automatically. Tasks > Create task Virtual machine > Configuration > Add existing disk Virtual machine > Configuration > Add new disk Virtual machine > Configuration > Remove disk Virtual machine > Configuration > Change resource Virtual machine > Interaction > Power Off Virtual machine > Interaction > Power On Virtual machine > Interaction > Reset Virtual machine > Interaction > Suspend Virtual machine > Inventory > Create new Virtual machine > Inventory > Create from existing
377
Using VMware with XenDesktop VirtualMachine.Inventory.Delete VirtualMachine.Inventory.Register VirtualMachine.Provisioning.Clone VirtualMachine.Provisioning.DiskRandomAccess VirtualMachine.Provisioning.GetVmFiles VirtualMachine.Provisioning.PutVmFiles Virtual machine > Inventory > Remove Virtual machine > Inventory > Register Virtual machine > Provisioning > Clone virtual machine Virtual machine > Provisioning > Allow disk access Virtual machine > Provisioning > Allow virtual machine download Virtual machine > Provisioning > Allow virtual machine files upload Virtual machine > State > Create snapshot Virtual machine > State > Remove snapshot
Virtual machine > State > Revert to snapshot If you want XenDesktop to tag VMs you create, the user account must also have the following permissions: SDK Global.ManageCustomFields User Interface Global > Manage custom attributes
Global.SetCustomField Global > Set custom attribute Tagging excludes any VMs you create using Machine Creation Services from the list of VMs you can use as the base image for creating or updating a catalog, ensuring you use a clean base image for creating new VMs.
q
To protect vSphere communications, Citrix recommends that you use HTTPS rather than HTTP. HTTPS requires digital certificates. Citrix recommends you use a digital certificate issued from a certificate authority in accordance with your organization's security policy. If you are unable to use a digital certificate issued from a certificate authority, and your organization's security policy permits it, you can use the VMware-installed self-signed certificate, with vSphere 4 or 4.1. To do this: 1. Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. Note that this step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system. 2. Open Internet Explorer and enter the address of the computer running vCenter Server as https://FQDN. 3. Accept the security warnings. 4. Click the Certificate Error in the Security Status bar and select View certificates. 5. Click Install certificate, and then click Next.
378
Using VMware with XenDesktop 6. Select Place all certificates in the following store, and then click Browse. 7. Select the Show physical stores check box. 8. Expand Trusted People and select Local Computer. 9. Click OK, and then click Finish.
Creating a Master VM
Create a master VM to be copied to provide user desktops. Install the Virtual Desktop Agent on the master VM, ensuring you select the option to optimize the desktop. This improves the performance of users' desktops by reconfiguring various Windows features that are incompatible with or unnecessary for virtual desktops. Take a snapshot of the master VM to use as a back-up. For more information, see Preparing a Master VM.
On the Host page, select VMWare virtualization as the host type and enter the address of the access point for the vCenter SDK. Enter the credentials for the user account you set up earlier that has permissions to create new VMs. In the Host Details dialog box, select the cluster to use to store the virtual disks for your new VMs.
379
380
381
Application Streaming Compared to Hosting When deciding whether to stream or host applications using XenApp in a XenDesktop environment, there are particular considerations to be aware of. Network connectivity may factor in your decision whether to stream or host applications. If the XenDesktop controllers are near the XenApp server or file share from where applications are streamed, the resulting good connectivity makes application streaming an ideal option because of the amount of data that must be streamed to the virtual desktop. Streamed applications also tend to behave in a familiar way, similar to applications that run locally. However, it may be more cost-effective and efficient, in terms of computing resources, to host an application on a XenApp server, rather than having multiple virtual desktops run the same application. With XenApp, computing resources are shared more efficiently and a higher density of running applications can be achieved. The type of application may also be a factor. For example, you may want to install a browser on the master image so that the browser runs natively and interacts seamlessly with other local applications, but host a CPU-intensive application on XenApp to avoid stressing the virtual desktops. If users access any USB drives plugged into their user devices, see USB Drive Mapping Limitations for other considerations to be aware of.
382
383
Install the online plug-in and configure applications to appear in the Start menu Install the offline plug-in Set up pass-through authentication Configure a policy to map network drives
384
385
386
387
Some USB devices inserted before the connection to the virtual desktop is established are mapped into applications hosted on XenApp. These devices include printers, PDAs, and scanners. Devices inserted after the hosted application has been launched from within the virtual desktop are not visible to hosted applications.
To address this limitation, stream the application from XenApp, rather than host it, so that users can access any USB drives plugged into their user devices.
388
389
Terminology
The terminology used throughout the XenDesktop SDK differs in places from that in the Desktop Studio and Desktop Director consoles. The following table explains some of the key terminology differences. SDK term Administrators provisioning admin machine administrator The administrator who owns the images and catalogs and is responsible for provisioning the virtual desktops. The administrator who takes the virtual desktops provisioned by the machine administrator and allocates them to users, using one or more desktop groups. Console term Description
broker admin
assignment administrator
Desktop groups permanent allocation type private desktop group A desktop group in which desktops are assigned to individual users. Users return to the same virtual machine even after a restart. A desktop group in which desktops are allocated to users on a per session first-come-first-served basis.
Catalogs
390
About the XenDesktop SDK single image pooled This catalog type uses the same disk image for all desktops and does not allow the user to maintain any customization of that image after logging off. Any customization must be maintained in the user profile. This catalog type uses Machine Creation Services. This catalog type is created with a single image but will maintain any user customization of a machine. This catalog uses Machine Creation Services as a simple way to create a large number of desktops. This catalog type enables you to use XenDesktop to manage user desktops that you may have already migrated to VMs in the data center. This catalog type enables you to use XenDesktop to manage user desktops hosted on dedicated physical machines (for example PC blades) or a mixture of physical and virtual machines in the data center.
thin clone
dedicated
power-managed
existing
unmanaged
physical
391
About the XenDesktop SDK pvs (provisioning server) streamed This catalog type enables you to integrate Provisioning services with XenDesktop 5 and benefit from the single image management provided by Provisioning services. This is the catalog type created by the XenDesktop 5 Setup Wizard, which is now part of the Provisioning Services Console. This is effectively a read-only catalog because all the management of the images and machines is completed in the Provisioning Services Console. The assignment/broker administrator will create desktop groups from this catalog type to provide users with desktops.
392
About the XenDesktop SDK 2. To use XenDesktop SDK cmdlets within scripts, set the execution policy in PowerShell. For more information about PowerShell execution policy, see your Microsoft documentation. 3. Add the snap-ins you require into the PowerShell environment using the Add -PSSnapin command in the Windows PowerShell console. For example, type: Add-PSSnapin Citrix.ADIdentity.Admin.V1 To import all the XenDesktop cmdlets, type: Add-PSSnapin Citrix.*.Admin.V1 After importing, you have access to the XenDesktop cmdlets and their associated help. Note: For a complete listing of all help text for the XenDesktop cmdlets, see http://support.citrix.com/article/ctx127254/
393
XenDesktopServerSetup.exe
The XenDesktopServerSetup.exe file supports the following command-line options for managing the installation and removal of XenDesktop server components.
Description Suppresses restart after installation. The restart occurs only if it is necessary, for example for Microsoft .NET Framework. No user interface appears. This is intended to support unattended installs. When you are using the /quiet option, the only evidence that the product is being installed is that the installation process can be seen running if you look in Windows Task Manager.
/configure_firewall
Opens all the appropriate ports in the Windows firewall ready for use of the selected components. If the user interface is used this option is ignored, because the default action for the user interface is to open the relevant ports, which you can change later on the appropriate page. If you are using a third-party firewall, you must manually open port 80 for Controller services and Web Access, and ports 27000, 7279 and 8082 for the License Server.
Removes the XenDesktop components specified in /components from the computer. Removes all XenDesktop components from the computer. The components to install. If /remove is specfied, then the listed components are removed. <component_list> must be a comma-separated list of one or more of the following: CONTROLLER,DESKTOPSTUDIO,DESKTOPDIRECTOR,LICENSESERVER,WEBACCESS If you are doing a user interface installation with specified component groups, the component selection list preselects these components, but you can select other component groups manually.
Installs the components in the specified location, which should be an existing empty directory. The folder used to hold any temporary files used during installation. Prevents the installation of SQL Server Express 2008.
394
XenDesktopVdaSetup.exe
The XenDesktopVdaSetup.exe file supports the following command-line options for managing the installation and removal of Virtual Desktop Agent components.
Option /noreboot
Description Suppresses restart after installation. The restart occurs only if it is necessary, for example for Microsoft .NET Framework. No user interface appears. This is intended to support unattended installations. When you are using the /quiet option, the only evidence that the product is being installed is that the installation process can be seen running if you look in Windows Task Manager.
/quiet
/remove
Removes the Virtual Desktop Agent components specified in /components from the computer. Removes all Virtual Desktop Agent components from the computer. The components to install. If /remove is specfied, then the listed components are removed. <component_list> must be a comma-separated list of one or more of the following: VDA,PLUGINS
Installs the components in the specified location, which should be an existing empty directory. The folder used to hold any temporary files used during installation.
/tempdir <location>
395
XenDesktopVdaSetup.exe /site_guid <guid> The Globally Unique Identifier (GUID) of the site Active Directory OU. This is used to associate a virtual desktop with a site if you are using Active Directory based registration. The site GUID is one of the site properties displayed in Desktop Studio. Do not specify both /site_guid and /controllers. /controllers <controller url> A space-separated list of controller names to which the virtual desktop can connect. The list must be enclosed within quotation marks. Do not specify both /site_guid and /controllers. /xa_server_location <xa server url> /reconfigure The URL for the XenApp server from which applications are delivered. Reconfigure the virtual desktop. If you specify this option without /quiet, the user interface for reconfiguring the virtual desktop appears. If you specify it with /quiet, you must also use /portnumber. /portnumber <port number> The port number to enable if you want to move applications to a different port. The previous port is disabled unless it is port 80. Use this option only in combination with /reconfigure. /enable_remote_assistance Enables Windows Remote Assistance for shadowing and adds Remote Assistance to the firewall exceptions if the Windows firewall is enabled. If you are using a different firewall you must use /reconfigure to update the firewall exceptions. Enables and configures Windows Remote Management for reporting metrics to Desktop Studio. The relevant port (port 5985 for Windows Remote Management 2.0, or port 80 for Windows Remote Management 1.1) is also added to the firewall exceptions if the Windows firewall is enabled. If you are using a different firewall you must use /reconfigure to update the firewall exceptions.
/enable_remote_management
396
XenDesktopVdaSetup.exe /forcewddmremove Downgrades the WDDM driver, if present. If you have not specified this option and the WDDM driver is detected, a warning dialog appears and prompts the user to continue or quit the installation. If this is a silent installation, the installation process stops and an error message appears. /nowinrm Prevents installation of Windows Remote Management. If Windows Remote Management is not already installed and you have not specified this option, a warning dialog appears during installation and the user is prompted to continue or quit. If this is a silent installation, the installation process stops and an error message appears. /enable_hdx_ports Opens HDX ports in the Windows firewall. If you are using a third-party firewall, you must manually reconfigure the firewall as described in To configure firewalls manually, using /reconfigure. /optimize Turns on virtual machine optimization during installation.
397
The name of the policy setting The Citrix products to which the policy setting applies The additional settings, if applicable, required to enable a particular feature Other settings that are similar to the policy setting in question, if applicable
398
Graphics & Multimedia Task: Control the amount of memory allocated for displaying graphics in a session Control how a user's display degrades in response to memory limits and whether or not to notify the user Control compression of images for use in sessions of limited bandwidth Use this policy setting: Display memory limit
Display mode degrade preference Notify user when display mode is degraded
Lossy compression level Lossy compression level threshold value Progressive compression level Progressive compression threshold value
Control whether or not Flash content is rendered in sessions Control whether or not Web sites can display Flash content when accessed in sessions Desktop UI Task:
Flash acceleration
399
Policy Settings: Quick Reference Table Control whether or not Desktop wallpaper is used in users' sessions View window contents while a window is dragged User Devices To limit bandwidth used for: Client audio mapping Use this policy setting: Desktop wallpaper View window contents while dragging
Audio redirection bandwidth limit, or Audio redirection bandwidth limit percent Clipboard redirection bandwidth limit, or Clipboard redirection bandwidth limit percent COM port redirection bandwidth limit, or COM port redirection bandwidth limit percent File redirection bandwidth limit, or File redirection bandwidth limit percent LPT port redirection bandwidth limit, or LPT port redirection bandwidth limit percent
Cut-and-paste using local clipboard Devices connected to a local COM port Access in a session to local client drives Printers connected to the client LPT port Client session Printing
Audio Task: Control whether or not to allow audio input from microphones on the user device Control audio quality on the user device Control audio mapping to speakers on the user device User drives and devices Task: Use this policy setting: Use this policy setting: Client microphone redirection Audio quality Client audio redirection
400
Policy Settings: Quick Reference Table Control whether or not drives on the user device are connected when users log on to the server Control how drives map from the user device Improve the speed of writing and copying files to a client disk over a WAN Control whether or not user devices attached to local COM ports are available in a session Control whether or not client printers attached to local LPT ports are available in a session Control whether or not users' local hard drives are available in a session Control whether or not users' local floppy drives are available in a session Control whether or not users' network drives are available in a session Control whether or not users' local CD, DVD, or Blu-ray drives are available in a session Auto connect client drives
401
Policy Settings: Quick Reference Table Control whether or not users' local removable drives are available in a session Control cut-and-paste data transfer between the server and the local clipboard Printing Task: Control creation of client printers on the user device Allow use of legacy printer names and preserve backward compatibility with prior versions of the server Control the location where printer properties are stored Control whether print requests are processed by the client or the server Control whether or not users can access printers connected to their user devices Control installation of native Windows drivers when automatically creating client and network printers Control when to use the Universal Printer Driver Use this policy setting:
q
Universal printing
402
Policy Settings: Quick Reference Table Choose a printer based on a roaming users session information Single Sign-On Task: Identify which credential repository to use when using Single Sign-On Allow or prevent use of Single Sign-On Use this policy setting: Single Sign-On central store Single Sign-On Default printer
403
404
Audio Quality
Use the projected figures for each level of sound quality to calculate the bandwidth potentially consumed in connections to specific servers. For example, if 25 users record at Medium on one server, the bandwidth used in the connections to that server is over 52,500 bytes per second. Bandwidth is consumed only while audio is recording or playing. If both occur at the same time, the bandwidth consumption is doubled. To control sound quality, choose one of the following options:
q
Select Low - for low speed connections for low-bandwidth connections. Sounds sent to the client are compressed up to 16 Kbps. This compression results in a significant decrease in the quality of the sound but allows reasonable performance for a low-bandwidth connection. With both audio playback and recording total bandwidth consumption is 22 Kbps at maximum. Select Medium - optimized for speech for most LAN-based connections. Sounds sent to the client are compressed up to 64 Kbps. With both audio playback and recording total bandwidth consumption is 33.6 Kbps at maximum. Select High - high definition audio for connections where bandwidth is plentiful and sound quality is important. Clients can play sound at its native rate. Sounds can use up to 1.3 Mbps of bandwidth to play clearly. Transmitting this amount of data can result in increased CPU utilization and network congestion.
405
Audio Policy Settings performance but may also degrade audio quality. Bandwidth is consumed only while audio is recording or playing. If both occur at the same time, the bandwidth consumption doubles. To specify the maximum amount of bandwidth, configure the Audio redirection bandwidth limit or the Audio redirection bandwidth limit percent settings. Related Policy Settings
Audio redirection bandwidth limit Audio redirection bandwidth limit percent Client microphone redirection
Client audio redirection Audio redirection bandwidth limit Audio redirection bandwidth limit percent
406
407
408
409
410
Desktop wallpaper
This setting allows or prevents wallpaper showing in user sessions. By default, user sessions can show wallpaper. To turn off desktop wallpaper and reduce the bandwidth required in user sessions, select Prohibited when adding this setting to a policy.
Menu animation
This setting allows or prevents menu animation in user sessions. By default, menu animation is allowed. Menu animation is a Microsoft personal preference setting that causes a menu to appear after a short delay, either by scrolling or fading in. When this policy setting is set to Allowed, an arrow icon appears at the bottom of the menu. The menu appears when you mouse over that arrow.
411
412
Client drive redirection Client floppy drives Client optical drives Client fixed drives Client network drives Client removable drives
Client floppy drives Client optical drives Client fixed drives Client network drives Client removable drives
413
415
416
Image caching
This setting enables or disables caching of images in sessions. When needed, the images are retrieved in sections to make scrolling smoother. By default, image caching is enabled.
417
418
419
Progressive compression threshold value Lossy compression level Progressive heavyweight compression
421
422
423
424
Flash acceleration
This setting enables or disables Flash content rendering on user devices instead of the server. By default, client-side Flash content rendering is enabled. When enabled, this setting reduces network and server load by rendering Flash content on the user device. Additionally, the Flash URL blacklist setting forces Flash content from specific Web sites to be rendered on the server. When this setting is disabled, Flash content from all Web sites, regardless of URL, is rendered on the server. To allow only certain Web sites to render Flash content on the user device, configure the Flash server-side content fetching whitelist setting.
425
HDX MediaStream for Flash (client side) Policy Settings When adding this setting to a policy, make sure the Flash acceleration setting is present and set to Enabled. Otherwise, Web sites listed in the whitelist are ignored. Listed URL strings do not need the http:// or https:// prefix. These prefixes are ignored if found. Wildcards (*) are valid at the beginning and end of a URL.
426
427
Auto connect client COM ports COM port redirection bandwidth limit COM port redirection bandwith limit percent
428
Ports Policy Settings LPT ports are used only by legacy applications that send print jobs to the LPT ports and not to the print objects on the client device. Most applications today can send print jobs to printer objects. This policy setting is necessary only for servers that host legacy applications that print to LPT ports. Related Policy Settings
Auto connect client LPT ports LPT port redirection bandwidth limit LPT port redirection bandwith limit percent
429
Default printer
This setting specifies how the default printer on the user device is established in a session. By default, the user's current printer is used as the default printer for the session. To use the current Remote Desktop Services or Windows user profile setting for the default printer, select Do not adjust the users default printer. If you choose this option, the default printer is not saved in the profile and it does not change according to other session or client properties. The default printer in a session will be the first printer autocreated in the session, which is either:
q
The first printer added locally to the Windows server in Control Panel > Printers The first autocreated printer, if there are no printers added locally to the server
You can use this option to present users with the nearest printer through profile settings (known as Proximity Printing).
430
Printing Policy Settings An example of a warning is an event in which a printers native driver could not be installed and the universal printer driver is installed instead. To allow universal printer drivers to be used in this scenario, configure the Universal printing setting to Use universal printing only or Use universal printing only if requested driver is unavailable. Related Policy Settings Universal printing
Session printers
This setting specifies the network printers to be auto-created in a session. By default, no printers are specified. To add printers, enter the UNC path of the printer you want to auto-create. After adding the printer, you can apply customized settings for the current session at every logon.
431
Auto-create all client printers automatically creates all printers on a user device. Auto-create the clients default printer only automatically creates only the printer selected as the default printer on the user device. Auto-create local (non-network) client printers only automatically creates only printers directly connected to the user device through an LPT, COM, USB, or other local port. Do not auto-create client printers turns off autocreate for all client printers when users log on. This causes the Remote Desktop Services settings for autocreating client printers to override this setting in lower priority policies.
432
Held in profile only if not saved on client allows the system to determine where printer properties are stored. Printer properties are stored either on the client device, if available, or in the user profile. Although this option is the most flexible, it can also slow logon time and use extra bandwidth for system-checking. Saved on the client device only is for user devices that have a mandatory or roaming profile that is not saved. Choose this option only if all the servers in your farm are running XenApp 5 and above and your users are using Citrix XenApp online plug-in versions 9.x and above. Retained in user profile only is for user devices constrained by bandwidth (this option reduces network traffic) and logon speed or for users with legacy plug-ins. This option stores printer properties in the user profile on the server and prevents any properties exchange with the client device. Use this option with MetaFrame Presentation Server 3.0 or earlier and MetaFrame Presentation Server Client 8.x or earlier. Note that this is applicable only if a Remote Desktop Services roaming profile is used.
Client Printers Policy Settings Retained printers are user-created printers that are created again, or remembered, at the start of the next session. When XenApp recreates a retained printer, it considers all policy settings except the Auto-create client printers setting. Restored printers are printers fully customized by an administrator, with a saved state that is permanently attached to a client port.
434
435
Universal printing
This setting specifies when to use universal printing. Universal printing consists of a generic printer object (Citrix Universal Printer) and universal printer drivers that work with both Windows and non-Windows clients. By default, universal printing is used only if the requested driver is unavailable. When adding this setting to a policy, select an option:
q
Use universal printing only if requested driver is unavailable uses native drivers for client printers if they are available. If the driver is not available on the server, the client printer is created automatically with the appropriate universal driver. Use only printer model specific drivers specifies that the client printer use only the native drivers that are auto-created at logon. If the native driver of the printer is unavailable, the client printer cannot be auto-created. Use universal printing only specifies that no native drivers are used. Use printer model specific drivers only if universal printing is unavailable uses the universal printer driver if it is available. If the driver is not available on the server, the client printer is created automatically with the appropriate native printer driver.
436
No compression Best Quality (Lossless) High Quality Standard Quality Reduced Quality
437
Universal Printing Policy Settings The Enable heavyweight compression setting enables or disables reducing bandwidth beyond the compression level set by Desired image quality, without losing image quality. By default, heavyweight compression is disabled. Image and Font Caching The Image and Font Caching settings specify whether or not to cache images and fonts that appear multiple times in the print stream, ensuring each unique image or font is only sent to the printer once. Note that these settings apply only if the user device supports this behavior. Allow non-administrators to modify these settings This setting specifies whether or not users can change the default print optimization settings within a session. Related Policy Settings Universal printing image compression limit Universal printing print quality limit
Draft (150 DPI) Low Resolution (300 DPI) Medium Resolution (600 DPI) High Resolution (1200 DPI) No limit
438
439
440
Session Limits Policy Settings Related Policy Settings Session connection timer
441
442
443
444
USB Devices Policy Settings Protocol from either the device descriptor or an interface descriptor When creating new policy rules, be aware of the following:
q
Rules are case-insensitive. Rules may have an optional comment at the end, introduced by #. Blank and pure comment lines are ignored. Tags must use the matching operator =. For example, VID=1230. Each rule must start on a new line or form part of a semicolon-separated list. Refer to the USB class codes available from the USB Implementers Forum, Inc. Web site.
Examples of administrator-defined USB policy rules Allow: VID=1230 PID=0007 # ANOther Industries, ANOther Flash Drive Deny: Class=08 subclass=05 # Mass Storage To create a rule that denies all USB devices, use DENY: with no other tags.
445
Single Sign-On
This setting enables or disables the use of Single Sign-on when users connect to servers or published applications in a XenApp farm. By default, Single Sign-On is enabled.
446
Site GUID
This setting specifies the Globally Unique Identifier (GUID) of the XenDesktop site the Virtual Desktop Agent uses to register with a controller, when using Active Directory-based registration. By default, this setting is blank.
Controllers
This setting specifies a space-separated list of controller Fully Qualified Domain Names (FQDNs) the Virtual Desktop Agent uses to register with a controller, when using registry-based registration. This is an optional setting, that may be used in conjunction with the Controller SIDs setting. By default, this setting is blank.
Controller SIDs
This setting specifies a space-separated list of controller Security Identifiers (SIDs) the Virtual Desktop Agent uses to register with a controller, when using registry-based registration. This is an optional setting, that may be used in conjunction with the Controllers setting, to restrict the list of controllers used for registration. By default this setting is blank.
447
Enable Monitoring
This setting enables or disables CPU usage monitoring for virtual desktops in a site.
Monitoring Period
This setting specifies the period of time, in seconds, during which the moving average for CPU usage is calculated. By default, this is set to 60 seconds.
Threshold
This setting specifies the threshold, as a percentage, that triggers a High CPU condition, displayed in Desktop Studio and Desktop Director. By default, this is set to 95%.
448
Enable Monitoring
This setting enables or disables ICA Latency monitoring for virtual desktops in a site.
Monitoring Period
This setting specifies the period of time, in seconds, during which the moving average for ICA Latency is calculated. By default, this is set to 30 seconds.
Threshold
This setting specifies the threshold, in milliseconds, that triggers a High Latency condition, displayed in Desktop Studio and Desktop Director. By default, this is set to 200 milliseconds.
449
Enable Monitoring
This setting enables or disables profile load time monitoring for virtual desktops in a site.
Threshold
This setting specifies the threshold, in seconds, that triggers a High Profile Load Time condition, displayed in Desktop Studio and Desktop Director. By default, this is set to 60 seconds.
450