What is Citrix ? How to use it ?

In a Citrix application, applications and resources are hosted on a central servers. XenApp isolated these applications on the target device where they are being executed. That means, absolutely no local installation is needed except Citrix Receiver. The browser such as Internet explorer will be used to call the URL from Citrix. As XenApp provides access to hosted resources from a Windows server, users share the server’s physical resources.

In comparison to Citrix XenApp, Citrix also provides another solution called Citrix XenDesktop. XenDesktop is used to publish complete virtual desktops from a hypervisor to remote client devices. That means every user gets their own OS & Desktop session.

Citrix somehow tries to combine both XenDesktop and XenApp in a single package. But it was not the right move and later in version 7.6, both were again separated. These products enable users to access applications from anywhere, no matter what hardware they are using, including tablets. The other good working field of Citrix can be in the medical field. Fields such as medicine, which have strict compliance rules like HIPAA, can increase security by storing confidential data on the server instead of a laptop that can be lost or stolen.

In this article, I will explain the basic installation of Citrix and minimum configuration to bring it up. Following is my scenario:

Citrix-Architecture-with-AD
Citrix-Architecture-with-AD

This is completely based on windows environment. I have a domain called test.local and all clients, as well as servers, are in the same domain. I am using here the concept of the domain because Citrix gives the possibility to publish applications and desktop based on the AD Group. For example, if we have a CAD group in the AD, we can publish CAD applications only to this group. It is a highly practical method used in real-life scenario.

So looks like my final configuration :

Citrix-Environment
Citrix-Environment

Let’s start with License server installation.

Download Citrix_Virtual_Apps_and_Desktops iso image from Citrix website. You need to create a user account before downloading this product.

Browse to https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/

Download Citrix Virtual Apps and Desktops 7 1811.

You can also browse to https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/product-software/citrix-virtual-apps-and-desktops-1811.html for the direct download.

Citrix Studio Slow on Start Up
# Citrix Studio Slow on Start Up with Error: This snap-in is not responding

Source: https://support.citrix.com/article/CTX139325

Since I am using VMWare environment, I will first map this iso image as a CD drive on my SRV-AD ( license server ).

Citrix-Virtual-Apps-License-Server
Citrix-Virtual-Apps-License-Server

As you noticed in the previous image, you can’t install the delivery controller on a domain controller machine. Here, we will install the license server.

For the license server to work properly, be sure that TCP ports 7279,27000,8083 and 8082 are opened in the network.

Time to configure the license server. You can download an evaluation license (90 days valid ) from Citrix and play with it.

Use https://srv-ad.hydro.local:8083/ & https://srv-ad.hydro.local:8082/# to access the license configuration manager. If you want to reset the default password, you can follow this link: https://support.citrix.com/article/CTX200163

For the 90 days trial license, please refer to this link: https://www.citrix.com/lp/try/citrix-virtual-desktops.html

Once the license server is installed, we can move to Citrix Studio.

Citrix Studio is the management console that allows to administrate, configure & manage the XenDesktop as well as XenApps from a single frame.

From the Citrix Studio, we can have full control over the entire site. This may include Machine Catalogs, Delivery Groups, Delivery Controllers and many more.

After you have set up a primary site (first thing to do always after license server ), you would continue with a Machine Catalog followed by Delivery Group and publishing the apps & Desktop.

I will use directly Delivery Controller. This will give the option to install various applications in a single shot.

Delivery-controller
Delivery-controller

Accept the License Agreement and click Next.

Since I have already installed the license server on another machine (SRV-AD), I will deselect the option for License Server. I am also using dedicated Storefront ( Web Application Server ), I will deselect this option too. Storefront will be installed later.

Core-components-delivery-controller
Core-components-delivery-controller
From Director, use the shadow user feature to view or work directly on a user’s virtual machine or session. You can shadow both Windows or and Linux VDAs. The user must be connected to the machine that you want to shadow. Verify this by checking the machine name listed in the user title bar.
Director launches shadowing in a new tab, update your browser settings to allow pop-ups from the Director URL.
Access the shadowing feature from the User Details view. Select the user session, and click Shadow in the Activity Manager view or the Session Details panel.

If you want to enable windows remote assistance, leave the option checked.

Next option is regarding the Firewall.

If you have hardware or any software firewall inside your network, these five ports must be explicitly given allow permission.

Selecting here “Automatically” will configure firewall rules in the Windows Firewall configuration.

Windows-Firewall-Automatically
Windows-Firewall-Automatically
Installing-delivery-controller-final
Installing-delivery-controller-final
Delivery-controller-installation-finished
Delivery-controller-installation-finished

Time for the post configuration. Start Citrix Studio now.

Since we don’t have any previous site, we will choose the first option.

Citrix-Studio-Initial
Citrix-Studio-Initial
PreConfigured-Site
PreConfigured-Site
Citrix_Studio_Databases
Citrix_Studio_Databases
Licensing
Licensing
Machine-Management
Machine-Management
Additional-Features
Additional-Features
Summary-Citrix-Site
Summary-Citrix-Site

Once the installation is done, time for creating Machine Catalog.

Before continuing to this step, it is better to setup Store frontend and a virtual delivery agent. I have a dedicated storefront end and another dedicated virtual delivery agent. Storefront acts as a gateway between End users and Delivery controller. It is actually an IIS server which connects to the Delivery Controller. On another hand, the Virtual delivery agent is installed on the client, where the applications are located. For example, if you want to share excel applicarion from Citrix, you will install it in a remote computer, virtual agent will be installed there too and thats all. All other configuartion will be done from Citrix Studio.

I will be using SRV-XAS-04 as my Citrix Storefront. It is a windows 2012 Server. Start the Citrix setup using same source as mentioned above.

Citrix-StoreFront
Citrix-StoreFront

Accept the license agreement.

Click Next –> Next and configure firewall rules for 80 and 443 TCP Ports on your network. For Windows Firewall configuration, you can select automatically to create rules by Citrix Automatically.

Citrix-StoreFront-Firewall
Citrix-StoreFront-Firewall

Click Next and Install the Citrix StoreFront. After the successful installation, you can open the storefront Management Console for further configuration.

Citrix-Create-Store
Citrix-Create-Store
Citrix-StoreFront-Overview
Citrix-StoreFront-Overview

Change the store name to anything meaningful; let’s say …TESTENV. You can also set this site as default for IIS. However, it is optional. As we will be sharing applications only to target AD group, we will not allow unauthenticated users to access this store.

Citrix-StoreName-Access
Citrix-StoreName-Access

Next step is to add Delivery Controllers. You can add more than one delivery controller here. Our delivery controller is SRV-XAS-01…..local.

Click add and you will be promoted to add the required information for the delivery controller.

Citrix-StoreFront-Delivery-Controller
Citrix-StoreFront-Delivery-Controller

We will not be using the Remote access feature. Leave “Enable Remote Access” unchecked. If you want to enable this feature, you need NetScaler Gateway.

We will be using AD Username & Password for authentication. Leave default value “User name and password” in the configure Authentication Methods windows.

Configure additional XenApp Services URL.

Citrix-StoreFront-Configure-XenApp-URL
Citrix-StoreFront-Configure-XenApp-URL
Citrix-StoreFront-Final
Citrix-StoreFront-Final

If you want to test the Site, you can click Test Site. However, you will not see any applications since the delivery controller is not yet configured.

If you want to change anything in Citrix StoreFront, you can use Citrix StoreFront console anytime.

Citrix-StoreFront-Windows
Citrix-StoreFront-Windows
As you notice that my site is not using HTTPS. This is not so critical inside the company network. But as a good practice, you can implement StoreFront for HTTPS connections. For more details, please refer https://support.citrix.com/article/CTX200292 .

Before moving Back to the delivery controller, we need to setup Machines where our applications are installed. For example: In this environment, I will show you, how you can share Grepwin & 7-ZIP software using Citrix. I have chosen SRV-XAS-03 as target machine for this configuration.

Citrix-Virtual-Delivery-Agent
Citrix-Virtual-Delivery-Agent
Citrix-VDA-Environment
Citrix-VDA-Environment
Citrix-VDA-Core-Components
Citrix-VDA-Core-Components
Citrix-VDA-Additional-Components
Citrix-VDA-Additional-Components

Time to add the Delivery Controller. Please test the connection and be sure that your delivery controller is reachable from VDA Server.

Citrix-VDA-Delivery-Controller
Citrix-VDA-Delivery-Controller
Citrix-VDA-Delivery-Controller-Add
Citrix-VDA-Delivery-Controller-Add
Citrix-VDA-Features
Citrix-VDA-Features

Configure Firewall Rules if needed.

Citrix-VDA-Firewall
Citrix-VDA-Firewall
Citrix-VDA-Finish-Installation
Citrix-VDA-Finish-Installation

Once the Virtual Delivery Agent (VDA) is installed successfully, you can install applications like Grepwin, 7-Zip or any other applications, which you want to share in this server using Citrix environment.

In this example, we are creating Machine Catalog based on Server OS. But if your applications are running in a Client OS, you can install VDA in client OS like WIN10 also.

Now Back to Delivery Controller (SRV-XAS-01).

Citrix-Studio-Create-Machine-Catalogs
Citrix-Studio-Create-Machine-Catalogs
Citrix-Studio-Create-Machine-Catalogs-OS
Citrix-Studio-Create-Machine-Catalogs-OS
Citrix-Studio-Create-Machine-Catalogs-Machine-Management
Citrix-Studio-Create-Machine-Catalogs-Machine-Management
Citrix-Studio-Create-Machine-Catalogs-Machines
Citrix-Studio-Create-Machine-Catalogs-Machines
Citrix-Studio-Create-Machine-Catalogs-Summary
Citrix-Studio-Create-Machine-Catalogs-Summary

Now create Delivery group based on this Machine Catalog.

Citrix-Delivery-Groups
Citrix-Delivery-Groups

Since we have only one Machine Catalog (SRV-XAS-03), there will be only one option to select.

Citrix-Delivery-Group-Machines
Citrix-Delivery-Group-Machines

We will restrict use of this delivery group to only certain AD groups. For example, if we allow the AD group “IT” to access this delivery group, only the domain members from IT group can access these applications.

Citrix-Delivery-Group-Users-Control
Citrix-Delivery-Group-Users-Control

Time to add applications now. In this step, we tell the delivery controller to contact the application machine (SRV-XAS-03) using VDA agent.

Citrix-Delivery-Group-Add-Application-7Z
Citrix-Delivery-Group-Add-Application-7Z

Citrix-Delivery-Group-Add-Application-with-command-line-argument

You can also choose “From start menu” option to locate the remote applications. This option will scan all the applications registered to the start menu on Server SRV-XAS-03.

Click Next and time to configure Desktop. Citrix allows you to connect to the remote desktop ( VDA Desktop) also. If you want any users/groups to have access on the VDA desktop, you can configure here. For example, I will enable Marketing AD group to have desktop access on the VDA Server. All the users belonging to the group “Marketing” can have desktop access to this delivery group.

Citrix-Delivery-Groups-Desktop
Citrix-Delivery-Groups-Desktop
Citrix-Delivery-Groups-Summary
Citrix-Delivery-Groups-Summary

Now it is almost ready to go. Before checking the Citrix connection, first, let’s create some AD users and place them in their respective groups. I have two users, one is user01 and other being user02. User01 is a part of the IT group and user02 is a part of the Marketing group.

AD-Users-Groups
AD-Users-Groups

Now lets login using the Citrix Receiver. YOu can use any browser and call the storefront URL.

In our case, it is http://SRV-XAS-04/Citrix/…TESTENVWeb/

If this is the fist time, you have to install Citrix Receiver before using it.

Citrix-Receiver
Citrix-Receiver

After the successful installation, you will be prompted with the login screen. First, we will log in with user01 and after that with user02. In the delivery group, we have configured, that user01 will be able to applications, whereas user02 will be able to run desktop sessions. Lets verify it by logging with two different users.

Citrix-User01-Session
Citrix-User01-Session

Now you can click and launch the applications. If you have noticed it in the pic above, you will see only APPS ( Desktop is missing). Because user01 can only access applications. Now lets move with user02.

UPDATE: With USER02, I couldn’t see the Desktop as well as Application. It was completely blank. Therefore, I have edited Delivery group & added Marketing group also. After that, user02 was able to launch the application as well as Desktop also.

Citrix-Edit-Delivery-Group
Citrix-Edit-Delivery-Group
Citrix-Client-User02
Citrix-Client-User02

That was all for understanding basic Citrix functions. For more details, please refer to the official Citrix guide.

Good Luck Everyone !!!!!

mm

Anup Chhetri

IT system administrator

You may also like...

error: Content is protected !!