Citrix Access Gateway VPX Essentials. Copyright your book. Did you know that Packt offers eBook versions of every book published, with PDF and ePub. [PDF] Citrix Access Gateway VPX Essentials (Paperback). Citrix Access Gateway VPX Essentials (Paperback). Book Review. A must download book if you . To get Citrix Access Gateway VPX Essentials (Paperback) PDF, make sure you follow the hyperlink below and download the document or get access to.
|Language:||English, Spanish, Hindi|
|Genre:||Science & Research|
|Distribution:||Free* [*Register to download]|
Citrix Access Gateway Vpx Citrix Access Gateway VPX Essentials takes you through the complete process of configuring the appliance. Providing. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www. You may be about alleviated this download Citrix Access Gateway VPX Essentials: A practical step by step guide to. Please do Ok if you would represent to.
Binding a VPN virtual server across multiple node group is not supported. The strict node group is not being backed up and the virtual server only binds to one mode. Users can log on from a web browser and then select Network Access, which starts the upgrade to the latest version of the NetScaler Gateway Plug-in and the Endpoint Analysis Plug-in.
In addition to the logon page with the user name and password fields, the NetScaler ADC now offers an advanced logon page with support for dynamic form providers for interactive authentication. The dynamic form providers on the advanced logon page can be invoked if you use the Citrix default syntax to configure authentication policies. If you enable the Green Bubble theme and then clear the entire NetScaler configuration, the Green Bubble theme remains instead of reverting back to the Default theme.
By changing the name with the correct prefix, you can see the virtual server in the wizard. Documentation includes the config changes related to the DNS refactoring changes as part of Tagma release. After an upgrade from NetScaler If manual customizations are made using the older build's, GUI files might lead to the absence of the password field on the NetScaler Gateway logon page.
The "kevent: The failure is due to the system limit is reached with respect to timers. When there is a multiplexing proxy in the path between the client and Gateway, users will see errors while accessing the Gateway login page.
If FIPS mode is enabled and a SAML operation involving certificate-key structure is performed, the NetScaler appliance dumps core memory and restarts because it references inaccessible memory in the certificate-key structure. If you assign read-only permission to a NetScaler appliance when you add it to NetScaler Insight Center, the AppFlow configuration on that appliance cannot be changed.
The hop diagram for current session applications does not show the link between the CloudBridge device and the server. If you have configured the ICA session timeout value to a high value, say 10 minutes or more, and there is no traffic flow from the NetScaler appliances, neither the timeline chart nor the tabular chart displays any data.
Instead, it reports the destination IP addresses on that page. The default setting for auto-negotiation is OFF, which causes an error if you configure the interface from the Management Service. In rare cases, the link aggregation LA channels might flap if both of the following conditions are met:. If such flapping occurs, the appliance disables the interface and renegotiates LACP with the peer device.
This might result in the LA channel being disabled. In an HA setup, this could cause a failover if the channel is connected to a critical interface and the node is primary.
If the issue still persists, restart the appliance. The newly created VPX instance MUST be configured with a minimum of 2GB memory and with 2 vcpus; setting the vcpus is done by changing the virtual machine settings after the instance is created, but before booting.
If a NetScaler appliance on which the cache redirection feature is enabled supports jumbo frames on the client-side connection but not supported on the server-side connection, the client-side connection behaves as a regular connection. When the NetScaler appliance forwards packets that are larger than the interface's MTU value, the appliance fragments the packets into byte packets, regardless of the MTU value configured.
For example, if the appliance forwards a byte packet on an interface that you have configured with an MTU of , the appliance fragments the byte packets into byte packets. As a result, the optimal interface MTU is not set for the connection. High availability HA synchronization does not work properly after you upgrade an HA setup from a release Disable HA propagation and HA synchronization before upgrading the HA setup, and enable them after the upgrade process is complete.
Configuring a Link Load Balancing virtual server as backup to a Load Balancing virtual server is not supported. If you add an NTP time server by specifying the server name host name , and the ns. This results in setting an offset time for an hour. For example, the default expression! In a cluster setup, if you include the "cipherdetails" option in the "show ssl service" or "show ssl vserver" command, an incorrect message appears.
This is only a display issue. If you try to add a certificate bundle with the complete path to a certificate-bundle file, an error message appears. For example,. A "certificate mismatch" error message appears if the order of certificates in the.
Deprecated commands might be lost from the configuration ns. If you use the add crl command in release 9. Unlike 9. Use the NetScaler command line. At the NetScaler command prompt, type:. These protocols are not supported on a backend SSL service or profile. The output of the "show SSLlogProfile" command does not display the entities to which the log profile is bound. Client authentication is enabled, root CA certificate is not bound to the SSL virtual server, and a request with a valid client certificate is sent to the virtual server.
Client authentication is enabled, root CA certificate is bound to the SSL virtual server, and a request with a wrong certificate is sent to the virtual server.
The error message that appears is "Handshake failure-Internal Error" instead of "No client certificate received. In a cluster setup, if a client certificate is bound to a back-end SSL service or service group, it appears as a "Server Certificate" instead of a "Client Certificate" when you run the "show ssl service" or the "show ssl servicegroup" command on the CLIP address.
The SSL entities to which a policy is bound do not appear in the output of the "show ssl policy" command if it is run on the cluster IP address. A few extra messages appear in the output if you run the show command for the back-end SSL service, service groups, or internal services on a cluster IP address.
The description string of a cipher in the output of the "show ssl service" command differs if the command is run on the NetScaler IP address and on the cluster IP address. When you log web transactions on a web server and on a NSWL server, the cs user name is properly logged in the web server while the user name is logged as a hypen - instead of a user name. Virtual servers to which a listen policy is bound accept connections from the first subflow only.
For NetScaler Therefore, auditlog servers that are deployed on FreeBSD 6. The NetScaler appliance may display messages that are a result of file system compatibility checks that are performed when booting up.
These messages are informational only, and do not have any adverse impact on the functioning of the NetScaler. When configuring Web Interface sites through the wizard, when the "Trust ssl certificate" option is checked, certificates bound to the VPN virtual server are not imported to the JVM. You must import the certificates manually by executing the following command from the shell prompt:. The "unset authentication localPolicy" command is removed from this version onwards.
A NetScaler appliance might not honor persistence for a load balancing virtual server with a wildcard configuration if information about the back-end server is not available. The updated host name for a NetScaler appliance does not appear on the LCD panel until after the appliance is restarted.
If, when you reboot a NetScaler appliance, the SNMP agent starts before the system monitoring application, the agent reads the Voltage and Fan Speed counter values as zero and sends low-threshold traps. Then, when the system monitoring application starts and updates the counter values, if the values are still less than the threshold values, the SMNP agent does not send traps to clear the low-threshold traps. Set the alarm threshold value as described at https: If you use an unsupported expression as a filter, the NetScaler GUI does not display a warning message, and using the unsupported expression leads to an appliance failure.
You can type the show connectiontable command to view the list of supportable expressions. When you run the set command on a NetScaler appliance, the ns. Random packets on loopback interface are found missing if you capture nstrace on a NetScaler appliance. The request body is truncated only if the appliance receives an HTTP request after an incomplete header assembly request header spanning more than one packet and the request body is received when the appliance awaits a TCP acknowledgment for the request header sent to the server.
The truncation results in TCP retransmission and latency issues. Connections might hang if the size of processing data is more than the configured default TCP buffer size. Set the TCP buffer size to maximum size of data that needs to be processed.
When you upgrade the NetScaler firmware by using the NetScaler GUI, the appliance restarts in the background as soon as the upgrade is complete, but the GUI does not show that the upgrade has been completed. Log off and log back on to the NetScaler appliance to check the firmware version. The names of GSLB entities are case sensitive. If you have entities with the same name in different cases uppercase or lowercase on different nodes in your GSLB deployment, GSLB synchronization fails.
Change the entity names so that the same name is always in same case either uppercase or lowercase. If the NetScaler appliance is upgraded from version The enhancements and changes that were available in NetScaler The build number provided below the issue description indicates the build in which this enhancement or change was provided. With previous versions of the NetScaler ADC, OWA connections did not timeout because OWA sends repeated keepalive requests to the server to prevent timeouts, which interfered with single sign-n and posed a security risk.
AAA-tm now supports forced timeouts that ensure that OWA sessions timeout after the specified period of inactivity. Previously, users could not bookmark the authentication sign-on page. This limitation no longer exists. If a great many users attempt to authenticate simultaneously, the DNS lookups might slow the authentication process. To configure authentication by using a server's FQDN instead of IP, follow the normal configuration process except when creating the authentication action, where you substitute the serverName parameter for the serverIP parameter, as shown below:.
When a primary server is unavailable, this feature prevents delays while the ADC waits for the first server to time out before resending the request to the second server. For example, assume that you have AAA configured on your ADC with three authentication policies--authpol1, authpol2, and authpolwith priorities set to 10, 20, and 30 respectively. A user requests authentication, and the ADC discovers that the authentication server behind authpol1 does not respond to authentication requests.
The ADC then tries authpol2, which responds. When other users attempt to authenticate after this situation occurs, the ADC skips authpol1 and proceeds directly to authpol2.
The AAA Negotiate Action command can now extract user information from a keytab file instead of requiring you to enter that information manually. You can configure this feature at the NetScaler command line, or by using the configuration utility. To configure AAA to extract user information from a keytab file at the command line, type the appropriate command:. To configure AAA to extract user information from a keytab file by using the configuration utility, do the following steps:. If you are modifying an existing Negotiate action, skip this step.
The name is read-only; you cannot change it. After the user authenticates, the ADC generates a SAML assertion that grants access to the protected resource and redirects the user to it. When the user logs out or is logged out by any SP, the ADC sends logout requests to all other SPs that the user accessed during the current session and terminates the session.
You can use default syntax expressions as Authentication policy rules. The default syntax expression editor now appears in the configuration utility when you create or configure an authentication policy, From the command line, you can simply use default syntax to create the rule for your policy and AAA-TM will recognize and implement it.
Authentication policies, when bound, can each be associated with the "nextFactor" policyset. The nextFactor policyset is evaluated if the policy to which it is associated succeeds. There is no upper limit to the number of policies that can be chained in this manner. All policies bound to a single authentication server must be either NetScaler default syntax policies or NetScaler classic syntax policies. You cannot mix both types of policy on a single authentication server.
AAA-TM now prompts for the client certificate only when it requires the certificate to authenticate a user, not every time that a protected application requests authentication. It retrieves the certificate if two factor authentication is not enabled, or if it is configured to extract the user name from the certificate. If the system administrator had restricted use of weak encryption algorithms on the Kerberos server, the Kerberos server would respond with an error instead of the requested ticket, causing KCD to fail.
AAA now uses aessha1 to encrypt timestamps for delegated user credentials. AAA-TM is now able to authenticate a user to a web server, providing the credentials that the web server requires in an HTTP request and analyzing the web server response to determine that user authentication was successful. To set up web-based authentication with a specific web server, first you create a web authentication action.
Since authentication to web servers does not use a rigid format, you must specify exactly which information the web server requires and in which format when creating the action. To do this, you create an expression in NetScaler default syntax. Next you create a policy associated with that action. You can now unlock a user account that was locked out after too many failed logon attempts or after repeated violations of logon attempt time slice limits. In the data pane, select the user account to unlock, and then in the Actions drop-down list, choose Unlock.
To unlock a locked-out user account from the command line, type the following command:. The NetScaler implementation of SAML allows signing certificates of less than bits, but displays a warning message. It also supports the SHA hash algorithm for signatures and digests.
Citrix recommends that all signing certificates be of at least bits, and that you use SHA as SHA-1 is no longer considered secure. When sending SAML Authentication request to external identity provider, the NetScaler ADC now offers an option to send the thumbprint of the certificate that was used to sign the message instead of sending the complete certificate.
The "sendThumbprint" option is off by default. The Responder feature is flexible; you can create as many error responses as you wish, and respond to as many different error conditions. For example, if your users log on to different authentication servers in different geographic areas, you can customize responses to each region.
A user in the United States can receive an error message that is appropriate to his or her authentication server, and be directed to a customer service telephone number in the United States. A user in Japan can receive the same for his or her different authentication server and customer service telephone number.
Briefly, to create a Responder configuration for this scenario, first create each error message and place that error message on a web server. The web server should not be located on the same physical server as the authentication server, and preferably not on the same subnet.
If you have multiple regional data centers that host separate authentication servers, it is advisable to locate each error response in a different data center than hosts the authentication server that it is used for, so that local power outages or Internet connectivity problems do not affect the web server that hosts the error messages. Then, on the ADC, do the following steps:. You must craft a rule for the responder policy that selects connections that meet the appropriate criteria.
For example, if you want connections that originate in the USA and that fail authentication to receive this error message, the rule could identify the region by source IP, and the authentication failure by error message.
For detailed instructions on how to set up a responder configuration of this type by using the command line, see the following article on the Citrix Customer Support web site:. A transaction flag now indicates, to external collectors, whether the transaction was successfully completed or was aborted. This feature keeps sessions active even if network connectivity is interrupted, and to indicate that connectivity is lost, the user's device display freezes and the cursor changes to a spinning hourglass until connectivity resumes.
The user can resume interacting with the application once the network connection is restored. The process of collecting the load time and render time of web pages has been simplified by including the clientSideMeasurements parameter as part of the add appflow action command. For details about configuring an AppFlow action, see http: This combination offers layered network services, including robust application delivery capabilities that accelerate application performance for all users.
With a RISE based implementation, the NetScaler functionality is available as a centralized resource that can be leveraged across the application infrastructure supported by the Cisco Nexus series switch.
The key functionalities of the RISE architecture include:. RISE provides a plug and play auto-provisioning feature. The NetScaler ADC uses its health monitoring feature to track and support server health by sending health probes to verify server responses.
The automatic policy based routes are defined on the Cisco Nexus series switch. When the return traffic from the server reaches the Cisco Nexus series switch, the APBR policies defined on the switch route the traffic to the NetScaler ADC, which in turn routes the traffic to the client. Global server load balancing can now be configured on a NetScaler cluster. To do this, you must log on to the cluster IP address to define the GSLB entities and then bind these entities to a a single member cluster node group.
For detailed information, see http: To do this, while creating a cluster instance, you must set the "quorumType" parameter to none as shown here:. For more information, see http: Net profiles are now supported on a NetScaler cluster.
You can bind spotted IP addresses to a net profile which can then be bound to spotted load balancing virtual server or service defined using a node group with the following recommendations:. You must make sure that the cluster LA channel has a local interface as a member interface. You can now use the Layer2 mode in a NetScaler cluster.
From NetScaler In earlier releases, the cluster feature was licensed by a separate cluster license file. No changes are required. When using HTTP compression, you can explicitly specify a "vary" header value for compressed responses. Prior to this enhancement, the vary header was implied to be "Accept-Encoding, User-Agent". The NetScaler graphical user interface GUI has been enhanced to provide a better user interaction experience. It now provides you with a workflow-based experience, which guides you through the entire configuration.
The configuration settings have been classified as basic and advanced for some features. The NetScaler now keeps track of the interfaces through which operations are executed. This saves bandwidth and provides faster response times, because the NetScaler does not have to connect to the server for repeated requests of the same data. This feature is especially useful if you want to base a content switching decision on a part of the URL and other L7 parameters.
As a result, the configuration size is also reduced. A number of expressions have been added, and you can use them to examine the header and the attribute-value pairs AVPs in a Diameter packet. On the basis of that information, you can forward the request to the selected load balancing virtual server.
The behavior has been enhanced with current release. NetScaler will respond with the AA bit for negative cached responses just as it does for positive cache responses. The option by default has a value of NO. When you use the load balancing virtual server to load balance recursive resolvers, you can turn this option to YES.
This will cause NetScaler to respond with RA bit set on all responses. They therefore enable clients to discover which server the request should go to for a particular service and which protocol to use to connect to the server. ADNS mode and proxy mode.
NetScaler ADC when deployed in a proxy mode does not always send the query for an address record to the back-end server. This happens when for an answer to a query for an address record, a partial CNAME chain is present in the cache. You can now configure the NetScaler ADC to operate transparently between MySQL clients and servers, and to only log or analyze details of all client-server transactions.
Transparent mode is designed so that the ADC only forwards MySQL requests to the server, and then relays the server's responses to the clients.
As the requests and responses pass through the ADC, the ADC logs information gathered from them, as specified by the audit logging or AppFlow configuration, or collects statistics, as specified by the Action Analytics configuration.
You do not have to add database users to the ADC. Database specific load balancing is now supported for MySQL databases. If a database is available on multiple servers but is online on only some of these servers, the client request is forwarded to the server on which the database is online. When autosync is triggered on the master site, first the static proximity database is synchronized followed by the synchronization of configuration.
For more information see, http: You can now view the configuration details of the entities bound to a GSLB domain. The details include the configuration of the virtual servers, services, and the monitors bound to the GSLB domain. To view the details, you can use either the command line or the configuration utility. When integrated caching is used in a high availability setup, in addition to storing the cached objects on the primary appliance, the objects are also stored on the secondary appliance.
This reduces bandwidth usage as cached objects are not lost during failover and the request can then be served directly from the cache of the secondary appliance. You can now configure rate limiting for diameter messages. The citrix-xdm monitor is used to monitor the XDM server while the citrix-xnc-ecv monitor is used to monitor the XNC server.
You can add these monitors by using the add lb monitor command from the command-line interface or by using the GUI. You can now configure up to 8K service groups on a NetScaler appliance. The earlier limit was 4K service groups. For more information on jumbo frames, see http: You can now view the statistics of services and service groups that are bound to a load balancing virtual server by using the following URL:.
You cannot view these details by using the "http: NetScaler operations such as configuring SSL certificates requires the input files to be available locally on the NetScaler appliance. NITRO allows you to perform file operations such as uploading file to the NetScaler, retrieving a list of files and the file content from the NetScaler, and also delete files from the NetScaler. These operations can be performed for files of type: The SDKs can be downloaded from the Downloads page of the appliance's configuration utility.
Additionally, the expression editor for advanced endpoint analysis has been implemented in HTML within the configuration utility. If you configure a SmartAccess virtual server, when users log on from multiple devices, you can transfer the ICA Proxy session to another device and restrict users to one Universal license.
For example, if users log on by using Citrix Receiver on their computer and then log on again from a mobile device, this consumes two NetScaler Gateway Universal licenses and creates two sessions for one user. When you enable this setting, the user session transfers to the new device and uses one Universal license.
In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway and then click Virtual Servers. NetScaler Gateway supports network traffic through a forward proxy between the appliance and servers in the internal network when users log on by using clientless access and when Secure Browse is enabled on the Security tab in a session profile.
The Endpoint Analysis feature enables administrators to analyze and make client connection choices based on client endpoint settings for plug-in sessions connecting through the NetScaler Gateway. This task required administrators to manually extract the file on the NetScaler and then copy the extracted files to appropriate directories. NetScaler Gateway NetScaler Gateway does not support single sign-on SSO to public servers unless single sign-on is enabled in a traffic profile or if split tunneling is enabled.
You can also schedule the export of the reports to specified email addresses at various intervals. The NetScaler Insight Center geo maps feature displays the usage of web applications across different geographical locations on a map.
Administrators can use this. NetScaler Insight Center adaptive threshold functionality dynamically sets the threshold value for the maximum number of hits on each URL.
HDX Insight reports now include details about session reconnects, client-side retransmissions, and server-side retransmissions.
NetScaler Insight Center now saves the following data for a specific time period before it is purged:. NetScaler Insight Center now analyzes the traffic flowing through NetScaler ADC to cache servers and origin servers, and provides useful information about the cache performance, such as:.
For details on Cache Redirection Insight, see http: Authentication with the NetScaler Insight Center virtual appliance can be local or external.
With external authentication, NetScaler Insight Center grants user access on the basis of the response from an external server. It supports the following external authentication protocols:. Authorization through the NetScaler Insight Center virtual appliance is local. The virtual appliance supports two levels of authorization.
Users with superuser privileges are allowed to perform any action. Users with readonly privileges are allowed to perform only read operations. The authorization of SSH users requires superuser privileges. Users with readonly privileges cannot log on through SSH. On the dashboard, if you move the columns in a table and refresh the page, the column ordering is sometimes reset to default. The top-right corner of the page now displays a percentile icon, which you can click to display percentile values and the highest and lowest values for a selected metric.
In the dashboard, you can now select and rearrange the columns displayed in the tables. These changes persist across user sessions. This counter indicates how many times the client advertised a zero TCP window. This counter indicates how many times the server advertised a zero TCP window. This counter indicates how many times the retransmit timeout was invoked on the client-side connection.
This counter indicates how many times the retransmit timeout was invoked on the server-side connection. You can now customize NetScaler Insight Center reports to display the metrics that you want, and you can specify bar graphs or line graphs.
To make these changes, open the drop-down list next to the percentage icon in the top-right corner of the dashboard. NetScaler Insight Center now supports monitoring of CloudBridge , , , and appliances.
For details, see http: You can now configure the timeout period for how long a user or a group can remain in an idle state before being terminated. For more details on configuring a user account or a group account, see http: The database cache functionality of NetScaler Insight Center stores database content locally in the cache and serves the content to users without accessing the database server.
For details about configuring this functionality, see http: For debugging an issue, the technical support bundle that you generate to send to the technical support team now automatically includes NetScaler ADC data along with the NetScaler Insight Center data. All statistics that are maintained and reported for single-stream ICA connections are also displayed for multi-stream ICA connections.
For details on enabling this functionality, see http: You can now enable NetScaler Insight Center to periodically remove the out-of-date content from its database. The dashboard now displays the following user access types, depending on the NetScaler deployment:. User connected to XenApp or XenDesktop server directly, with no intervening virtual server.
These values are displayed only if the session reliability feature is enabled on XenApp or XenDesktop. You can now limit the number of days for which the generated reports can persist in the database, after which the reports are permanently deleted. To change the value, on the Configuration tab, click System and in the right-pane from the System Settings group, click Limit Data Duration Persistency.
This is particularly helpful in debugging and troubleshooting the instances hosted on the NetScaler SDX appliance when the instance is not reachable over the network. The Events feature to monitor and manage the events generated on the NetScaler instances. The Management Service identifies events in real time, thereby helping you address issues immediately and keep the NetScaler instances running effectively.
You can also configure event rules to filter the events generated and get notified to take actions on the filtered list of events. You can monitor values, such as the health of a virtual server and the time elapsed since the last state change of a service or service group. This gives you visibility into the real-time status of the entities and makes management of these entities easy when you have a large number of entities configured on your NetScaler devices.
You can now use the command line interface to perform operations on the Management Service. Add, Set, Delete, Do and Save commands are supported through command-line interface. NetScaler SDX appliance now supports a configuring a password policy and a user-lockout policy to provide security against hackers and password-cracking software. The password policy enforces a user-specified minimum length and a minimum level of complexity.
The password must have at least one uppercase, one lowercase, one numeric, and one special character. The user-lockout policy disables a user-account if an incorrect password is entered a specified number of times.
You can specify the time period user lockout interval for how long the user account remains disabled, after which the user account is enabled automatically. The total number of instances that you can provision on an SDX appliance depends on the license installed on the appliance.
You can use the Setup Wizard to complete all the first time configurations in a single flow. The wizard helps you in configuring network configuration details, system settings, changing the default administrative password, and manage and update licenses. New inline wizard for provisioning NetScaler instances with simplified networking configuration steps. You can now use the new inline wizard to provision NetScaler instances from the Management Service.
The networking configuration portion of the provisioning workflow has been simplified and streamlined for ease of use. With this release, the following authentication and authorization capabilities are supported for the Management Service on NetScaler SDX appliance:.
You can now schedule Management Service to run NeSclaer configuration difference against a template and show appropriate reporting. Further, you can use the report on the Change Management page of Management Service to view whether there is any difference between the saved configuration and the running configuration of any instance. You can click on the chart to further drill down and view the list of instances, their running configuration, saved configuration, history of configuration changes, any difference between the configurations before and after an upgrade, and any difference between the running configurations and the configuration of the associated audit templates.
Enhanced usability achieved by providing separate view for SSL certificates and keys for NetScaler instances. Now you can use the network configuration utility to assign both the Management Service IP address as well as the XenServer IP address on a new appliance.
If any of the NetScaler VPX instances are in shutdown state, and an appliance reboot is carried out then the instances which were in the shut down state continue to be in the same state through the reboot process. When deployments are being set up, usually the interfaces are not connected. Provide a comprehensive solution to secure remote access by implementing Appliance Failover, taking care of your high availability needs. Install and configure the Citrix License Server Import the VPX edition of the Citrix Access Gateway and complete the initial configuration from the command line express setup.
Investigate different mechanisms for deploying the Access Gateway plugins to you user devices including the Citrix Merchandising Server. Build up the elements to create full VPN access to your internal network whilst maintaining adequate protection from rogue devices using end point analysis implemented using device profiles referenced in SmartGroups.
Publish network resources to be made available to the VPN clients based upon the results of their end point analysis. Use SmartAccess login points to access the VPN and view remediation messages should we not meet the security requirements of the network. Now it's time to put aside this class of elements for a while and concentrate our activities on desktop client components.
End users will interact only with Windows desktop machines and not with the architectural components shown earlier. So, you have to be careful about the configuration process for virtual desktops in terms of building a desktop image, optimization, and tuning. Most of your activities on clients will be based on policy usage and optimization in order to obtain high-level user experience without compromising on agility, performance, and security.
Master Image Configuration and Tuning Configuring and optimizing a desktop OS master image The first important task will be the configuration and the optimization of the Windows desktop OS operating systems, which will be used as a master image, in order to deploy the desktop instances. The latest version of the Microsoft operating systems offer a lot of graphical enhancements useful to better appreciate their potential and usability.
In a complex VDI architecture, we need to be careful about both of these aspects as shown in the previous recipe. Consider that this customization process can vary depending on the configured environment. Anyway, the steps implemented in this section can be generally applied without specific issues.
Getting ready This recipe involves only the Windows client machine. In order to be able to carry out all modifications to the services, the graphical appearance, and the system configuration, you need to use domain or local administrative credentials for Windows 7 and Windows 8 OS versions. An installed virtual machine with a Windows 7 or Windows 8 operating system is required in order to apply the described settings. The modification activities of the desktop optimization policies involve only the Windows client machine and the domain to which it has been joined.
So, you will need domain administrative credentials in order to be able to modify the necessary policies and to force their application on the involved clients. The following are the optimization processes for Windows 7 and Windows 8. For the Windows 7 master image configuration, the process is as follows: Log in to your Windows 7 base image template with administrative credentials. Click on Start and type the services. The Windows Services snap- in will be opened, as shown in the following screenshot: From the services list, search for this service: Background Intelligent Transfer Service.
Right-click on the name of the service, and select Properties from the menu that comes up. From the Startup type drop-down list, select Disabled as the default state as shown in the following screenshot. Click on Stop if the service is running and then click on OK to exit from this area: Repeat steps 4 and 5 to disable the following services: Click on Start and run the cmd command to open a prompt shell.
Then, run the following command—required to disable Windows's animation at boot time—in order to achieve faster machine startup: Navigate to Start Control Panel and click on the System icon. Then, select Advanced system settings from the left-hand side menu.
Select the Advanced tab and click on the Settings button in the Performance area. Select the Advanced tab and click on Change in the Virtual memory area, as shown in the following screenshot: Uncheck the Automatically manage paging file size for all drives option.
Then, select the Custom size radio button and enter the same value in both textboxes. After entering the values, click on Set and then on OK, as shown in the following screenshot: It's common to assign a value twice that of the machine memory to the swap memory area for example, for 1 GB of RAM you'd assign a 2 GB swap size. After the amount of swap has been modified, you need to restart your machine for the changes to come into effect.
For the Windows 8 master image configuration, the process is as follows: Log in to your Windows 8 master image with administrative credentials. Then click on OK, as shown in the following screenshot: In the Windows Services snap-in, search, and disable the following services: At the shell prompt, run the commands indicated in the following lines; these will be used to customize the Windows 8 boot experience, in order to disable the Windows 8 boot screen, the Windows 8 boot logo, and the Windows 8 boot messages, respectively: To apply the boot configuration changes, you have to restart your Windows 8 machine.
Then click on the Advanced system settings link on the right-hand side of the System screen.
On the System Properties screen, click on the Settings button; in the Performance subsection, click on the Advanced tab, as shown in the following screenshot: On the Performance Options screen, select the Advanced tab and click on the Change button in the Virtual Memory subsection.
As seen earlier for Windows 7, we have to fix the minimum and maximum quantity of swap with a fixed and equal value here as well. To do this, uncheck the Automatically manage paging file size option for all drives, select the Custom size radio button, and enter the desired swap value Initial size and Maximum size. After that, click on Set as shown in the following screenshot, and then on the OK button: In order to apply the modified swap parameters, you need to reboot the master image.
Even though we have discussed the Windows 7 configuration, we will only generate catalogs with the Windows 8 version of the operating system in this book. To reduce the usual overtime needed by Windows 7 and Windows 8 machines to boot and start up all services, we've disabled some of them that are not necessary for regular operating system usage in a VDI configuration.
In order to optimize the operating system, we have performed the following configurations: Disabling the Windows Search service could have an impact on specific indexing functions, for instance, in the case of the Microsoft Outlook e-mail client. For both the operating systems, you could consider disabling the operating system's long-term performance optimizer the Superfetch service discussed earlier, in the case of nonpersistent machine deployments.
Disabling this service is particularly useful in the case of SSD disks in terms of disk space and faster boot time no more prefetch files will load during the startup phase. Disable the Windows Search Indexing service only in the case of nonpersistent Virtual Desktops; in any other case, you should keep it active to avoid general content search issues. To improve the responsiveness of your Windows machines, you could also apply the following operating system configurations: In this chapter, we will discuss the best practices to apply to obtain better user experience.
Getting ready In order to complete all the required steps for this recipe, you need to connect to the Windows Server machine with administrative credentials to be able to install and configure all the necessary features.
In the following steps, we will describe how to improve the graphical and user experience for a Windows Server operating system in order to deploy desktops of server operating systems later in this book: Connect to the selected Windows Server machine with domain administrative credentials. Start the Server Manager utility if it has not automatically been started. In the Configure this local server section, click on the Add roles and features link as shown in the following screenshot: On the Installation Type menu, select the Role-based or feature-based installation option and click on Next to continue.
In the Server Selection menu, check the Select a server from the server pool radio button, select the machine on which you're configuring the user experience, and then click on Next to proceed. On the Server Roles screen, click on the Next button without selecting any option to skip role configuration. When prompted for additional required components, click on the Add Features button and then click on Next.
In the Confirmation box, click on the Install button to complete the activation procedure as shown in the following screenshot: After that, click on the Close button and reboot the Windows Server machine. Reconnect with the same domain administrative credentials. You will know that the features have been enabled when you see a Windows 8-like start menu as the first screen.
From the Start menu, click on the Desktop icon. Once you have been moved to the desktop view, right-click on it, and select the Personalize option, as shown in the following screenshot: On the Personalization menu, click on the Change desktop icons link on the left- hand side menu. On the Desktop Icon Settings screen, enable the desired icons and uncheck the Allow themes to change desktop icons checkbox. Then, click on the Apply button first and click on OK, as shown in the following screenshot: You should avoid using desktop background images for a server operating system.
The purpose of this recipe is to create the right balance between the graphical experience and desktop performance. On the Desktop view, right-click on the Windows Taskbar and select the Toolbars option.
Click on one or more options that you want to enable on the bar. The Touch Keyboard option could be particularly useful when using the Windows Server desktop on a tablet or a smartphone. The configuration of a Windows Server operating system version for VDI purposes is slightly different than normal Windows Desktop platforms. In fact, the most important thing to understand is that a system administrator has to maintain the right balance between the graphical experience for end users and the performance required by the operating system to perform its normal activities.
Starting with this point of view, the use case to which we apply the deployment of a server operating system should include one or all of the following points: This means that users can't install applications but have to use only the proposed environment.
This hint can be also applied to the previously discussed desktop OS environments. As a result, it's now possible to use features which you could find, by default, in desktop operating systems versions, such as the Windows bar seen in one of the previous screenshots or system tools such as Windows Media Player, desktop themes which should be used with care to avoid performance issues arising from high-resolution graphics , video for Windows, or Sound Recorder.
In this recipe, we will explain how to configure an operating system target device, which will be used later in this book to deploy machine catalogs for the Provisioning Services offer. Getting ready The main required step for this recipe is installing a Windows 8 virtual machine, which will be used as the master image for the deployment of the virtual desktop instances within a XenDesktop PVS configuration.
You can refer at the following Microsoft link for the Windows 8 installation procedure: In the following steps, we will describe how to configure a Windows 8 machine as a target device for the PVS architecture: Perform this task on the machine that will be used as the target device. Connect to the Windows virtual machine by using domain administrative credentials. Browse the mounted PVS 7. On the new selection menu, click again on the Target Device Installation link. On the Welcome screen, click on Next to continue.
In the license agreement section, accept the terms and click on the Next button. Populate the Customer Information section with the required information. After that, click on Next to proceed, as follows: On the Destination Folder screen, select a valid path on which you will be installing the agent and then click on the Next button.
In the Ready to Install the Program section, click on Install to start with the installation process. After the installation has been completed, leave the Launch Imaging Wizard checkbox enabled and click on the Finish button.
After clicking on Next on the Welcome screen, populate the required fields to connect your target machine to the PVS server. After that, click on Next to continue. On the New vDisk screen, assign a name to the vDisk, associate it with a configured store, and select vDisk type Fixed or Dynamic. In the case of a dynamic disk, you can also choose the correct vDisk block size as per your needs 2 MB or 16 MB.
After that, click on Next. In the Configure Image Volumes section, you have to configure the dimension of the disk image size, which must be at least the minimum original disk dimension. After completing this step, click on Next, as shown in the following screenshot: In the Add Target Device section, configure the following fields: After that, click on Next, as shown in the following screenshot: Refer to the Installing and configuring Provisioning Services 7 recipe in Chapter 1, XenDesktop 7 — Upgrading, Installing, and Configuring, for more information about the Provisioning Services platform installation.
On the Summary of Farm Changes screen, if all the information is correct, click on the Finish button to complete device configuration. After clicking on the Optimize for Provisioning Services button, you can enable or disable with a checkbox the following features, used to optimize the PVS device: At the end of the operation of vDisk creation, reboot the Windows target machine and configure its BIOS to boot from the network.
During the network boot process, the virtual machine will connect to the PVS server. So, the XenConvert utility will be able to make a virtual machine copy and transfer it to the PVS server. After the machine has been properly booted from the network—after the logon phase—you will find the Citrix XenConvert screen as shown in the following screenshot: To check that all the target device configurations have been executed properly, connect to the PVS farm and check the existence of the earlier created vDisk in the vDisk Pool section.
The available Mode for vDisks are Standard vDisk shared among all the involved target devices and Private vDisk assigned and dedicated to a single specific target device. After the conversion has been completed, the target device will be available for use to deploy desktop instances by the PVS server and the desktop studio.
It's always possible to revert the virtual machine BIOS to boot from disk and not from the Provisioning Services vDisk over the network. The procedure seen and explained in this recipe is about the generation of the master target device; this is the device that points to the master image template operating systems in our case, Windows 8 from which the vDisk has been built. This component is the data container, which will be streamed to the configured target devices within a configure PVS farm.
The device needs to be associated with a predefined PVS store and collection, and it is necessary to specify the MAC address for network identification and the kind of vDisk that has to be deployed fixed or dynamic, which will be explained in the next section.
The BIOS of the configured device must support network boot. As discussed earlier in this recipe, when creating a vDisk, we have the ability to choose between two kinds of disk formats: The first type pre-allocates all the assigned disk space, while dynamic allocation populates disk files during data writing activities if you're familiar with virtualization concepts, it's the same as thick and thin disk allocation.
The following may help you to understand how to choose between fixed and dynamic disk: For this reason, dynamic allocation should be the right choice because of the huge reduction in storage reading activities. The only interfacing with disk components is given by writing operations.
Also, in this case, after configuring the PVS vDisk image in read- only mode, we'll have almost no more storage activities, except for the write-cache operations. The write cache is a cache area on which the already written data is stored instead of being rewritten on the base vDisk. More information can be found at http: Using a fixed disk is a standard way to operate, which at the moment won't offer the advantages that a memory cache along with dynamic disk mode could give IT departments in terms of performance and cost saving.
You have to create a specific OU containing the involved VDI resources and apply this custom configuration only to the OU containing these machines. The following steps help us to configure the policies at the domain level: Log in to your domain controller server s , and in order to find and use the template containing the Citrix policies to import, mount the Citrix XenDesktop 7 ISO image by right-clicking on it and selecting the Mount option. As an alternative, you can install the Group Policy Management console on any Windows Server domain machine to manage the domain policies.
Right-click on the created organizational unit, select Create a GPO in this domain, and link it here. In this way, we have started linking the Citrix policies to Active Directory. After creating the GPO, right-click on it and select the Edit option from the menu, as shown in the following screenshot: On the newly opened screen, navigate to Computer Configuration Policies, and right-click on Administrative Templates.
Select the template based on your OS installation language, searching for the. Once done, click on the Close button. Within this level, you can find all the configurable options for the imported Citrix policies.
In the next chapter, we will configure these imported policies in the Citrix Profile Management section. Come back to the higher level of the VDI-created domain policy and configure the listed domain policies as follows: After this, click on OK. After this, click on OK to continue.
These configurations have been applied in order to standardize the master images used to deploy desktop instances. After completing the configuration, log on to your Windows desktop master image and run the following command on a shell prompt in order to force the policy update application: Policies loaded in this recipe work as normal Active Directory policies. For this reason, you have to configure them by modifying their default configuration the default state is not configured to the enabled or disabled states.
These are the Citrix Profile Management policies. In this section, we have performed only the installation process; the configuration will be executed in the next chapter when we discuss the configuration process of the profile management policies in detail. The second step of the configuration process has been about the Windows Active Directory policies due to the necessity to standardize, as much as possible, the Windows image template to deploy to end users.
For this reason, we've disabled Windows Update on the first applied policy; the required updates will be propagated only once to the base image, and the entire set of assigned desktops will be updated every time they are generated from the source machine.
This is the only point of contact to the public network, which covers the update propagation tasks in your Local Area Network LAN. Moreover, we've also blocked screensaver customization and system restore points; the user will be subjected to a predefined configuration, in most cases optimized as per the company's requirements.
Now it's time to configure the components that are nearest to the user's perspective, such as advanced profile techniques, plugin installations, and appearance configuration settings.
These configurations will be more oriented towards tuning and optimizing user experience instead of the operations oriented to the installation and configuration of the desktop template as explained in the previous chapter. This was formerly known as user experience, the way in which an end user notices no difference between the use of a standard physical desktop and a virtual desktop deployed by the Virtual Desktop Infrastructure VDI architecture.
User Experience — Planning and Configuring Implementing a profile architecture When you've decided to implement the VDI architecture for your company, you need to take care of the location where you will be storing all the users' data, such as documents, projects, and mailbox file data. So, an important step is deciding what kind of profile architecture you will be implementing for your organization.
With XenDesktop 7, you have the capability to choose from among three kinds of profiles: Getting ready To properly implement any kind of profile architecture, you need to have domain administrative credentials to be able to operate on the AD user objects. In the following steps we will explain the ways to implement and configure the earlier described profile management technologies.
Using Citrix Profile Management 5. On the Welcome screen, click on the Next button to proceed with the installation. Accept the end-user license agreement by flagging the agreement option, and then click on Next. In the Destination Folder section, select a valid path on which you will be installing Citrix Profile Management, and then click on the Next button.
On the Ready to install screen, click on the Install button to complete the setup. Click on the Finish button when the setup has been completed. In the list of running Windows services, check whether Citrix Profile Management is running or not.
Expand the Forest and Domain trees; then search for the VDI group policy created in the previous chapter; right-click on it; and select the Edit option from the menu, as shown in the following screenshot: Log settings Using roaming profiles The following steps help us to implement the profile architecture by using roaming profiles: Right-click on the created or already existing user profile, and then select the Properties option.
Select the Profile tab, and insert a valid network path for example, a network share governed by a file server on which both the user profile and the user home folder are stored.
Click on the Apply button, and then click on OK to complete the procedure, as shown in the following screenshot: Consider using the Microsoft Windows file server role for these purposes. In the Citrix Virtual Desktop Agent installation, when you arrive at step number five, you have to enable the Personal vDisk option in order to be able to deploy the desired number of Virtual Desktop instances with the additional feature of having a virtual disk assigned to every user.
The user profile is the location where all the user data is usually stored. The first and most common profile is the local profile. With this option, you will have a copy of your user profile for every device from which you will start a user session. This technique is usable only when you have deployed static and persistent virtual desktops this will be explained in detail later in this book. In this case, you will not lose your profile data when executing a logoff persistent deployment session, and with the static machine assignment, you can also avoid the profile's duplication on different devices because you will have a one-to-one association between the user and the assigned machine.
In this recipe we have configured enabled a set of domain policies, which will be applied to the deployed desktop instances with the profile management on board in the following ways: By enabling this policy, you have to specify the right network path.
After being enabled, you can reuse this parameter. Define a preferred value in bytes after which the current log will be rotated in a. Depending on your requirements, you can specify a set of registry keys to exclude during synchronization activities.
So, any change made to these values will be discarded and not sent to the user profile store. If you specify keys in this policy, they will be synchronized during the logoff phase. The latest release of the Citrix Profile Management has been improved with the help of the following features: As an alternative, we have the Windows roaming profile; this solution is similar to the Citrix User Profile Manager seen earlier, but with fewer features because of the fact that the Microsoft solution has been developed in the past.
So we can consider the Citrix product an evolution of this technique. It's based on a centralized store on a network share on which you archive all the user data. This is a way to solve the problem of duplicated information caused by a local profile. Finally, we have the Citrix Personal vDisk. This is a secondary virtual disk created by the Hypervisor chosen for your infrastructure and assigned to every deployed desktop machine instance associated to only one user.
So, in this case we'll have a one-to-one association between the user and its Personal vDisk. Citrix PvD is made up of two components—a hidden volume identified with the V: The last solution permits you to have a huge reduction of storage occupation, giving more flexibility to the users about the applications' installations and data modifications without impacting the operating system volume. Citrix Profile Centralized profile An alternative to the Persistent virtual Management location, no duplicated Roaming Profiles only desktops and data, efficient solution in the case of a low physical desktops.
Roaming profile Centralized profile Slower than local Nonpersistent location, no duplicated profiles. Last write pooled virtual data. Personal vDisk Virtualization of the Backup and restore Nonpersistent user profile space, are a little bit more pooled virtual no reason to use difficult than in other desktops.
Hypervisor level. The Personal vDisk drive letters can be modified, but they follow two different procedures: The only operation to perform is to edit the value of the registry voice, specifying the drive letter that you want to assign.
Remember that you must perform the V: You can accomplish this task by installing Virtual Desktop Agent. In this latest release of the Citrix platform, VDA has been redeployed in three different versions: Getting ready You need to install and configure the described software with domain administrative credentials within both the desktop and server operating systems. In the following section, we are going to explain the way to install and configure the three different types of Citrix Virtual Desktop Agents.
Connect to the server OS master image with domain administrative credentials. Mount the Citrix XenDesktop 7.
Browse the mounted Citrix XenDesktop 7. On the Welcome screen, click on the Start button to continue. On the XenDesktop 7. Or enable a direct connection to a physical or virtual server. After completing this step, click on Next.
In the Core Components section, select a valid location to install the agent; then flag the Citrix Receiver component; and click on the Next button. In the Delivery Controller section, select Do it manually from the drop-down list in order to manually configure Delivery Controller; type a valid controller FQDN; and click on the Add button, as shown in the following screenshot.
To continue with the installation, click on Next. To verify that you have entered a valid address, click on the Test connection In the Features section flag, choose the optimization options that you want to enable, and then click on Next to continue, as shown in the following screenshot: In the Firewall section, select the correct radio button to open the required firewall ports automatically if you're using the Windows Firewall, or manually if you've got a firewall other than that on board.
After completing this action, click on the Next button as shown in the following screenshot: If the options in the Summary screen are correct, click on the Install button to complete the installation procedure. In order to complete the procedure, you'll need to restart the server OS machine several times.
Connect to the desktop OS master image with domain administrative credentials. Mount or burn the Citrix XenDesktop 7. After completing this action, click on Next. In the next recipe, Installing and configuring HDX Monitor, we will obtain some more information about the user experience analysis. In the Core Components section, select a valid location to install the agent; flag the Citrix Receiver component; and click on the Next button.
In the Delivery Controller section, select Do it manually from the drop-down list in order to manually configure the delivery controller; type a valid controller FQDN; then click on the Add button; and click on Next to continue. In the Features section, select the options you want to be enabled during the VDA installation. Take particular care about the Citrix Personal vDisk component activation based on your profile management policies.
In the Firewall section, select the correct radio button to open the required firewall ports, automatically, in case you're using the Windows Firewall, or manually if you've got a firewall other than that on board.
After completing this action, click on the Next button. The Virtual Desktop Agent is the client software that connects your client machine to the XenDesktop infrastructural servers. In the case of the Windows Display Driver Model WDDM system driver, the agent setup will try to uninstall it in order to avoid graphical problems with your desktop instances.
In the case of a configured server OS remote machine, IT professionals have got a different way to deploy desktops and applications. In fact, on the server OS machine, Remote Desktop licensing will be activated, enabling the administrator to publish resources in a XenApp style using the new version of this Citrix software integrated in the XenDesktop architecture. After this section the installation procedure continues with the selection of the most important components for the VDA client: Virtual Desktop Agent, and Citrix Receiver.
An alternative way to install Citrix Receiver is using the Merchandising Server, which will be discussed in the next chapter. This is not mandatory in this section you can also configure it later , but in order to complete all the required steps, you should insert this information now.
The last configuration step is about the firewall. You have to open the required ports for the VDA architecture in the case of a firewall different from the Windows Firewall platform. In the case of this last technology the XenDesktop VDA setup will be able to automatically open the following required ports: TCP ff Real-time audio: Users have also got the ability to run setup steps from the command line and not only from the graphical interface. Citrix offers an executable file that can substitute the previously seen installation procedure.
This file is named XenDesktopVdaSetup. Run it from the command line to perform the required installation. To view the complete options list for this executable file, run the following command: You will receive a pop-up screen with the entire list as shown in the following screenshot: So, for example, to install Virtual Desktop Agent with the Personal vDisk enabled, with both the VDA and receiver components and with the specified delivery controller address, you have to run the following instructions from the Windows command line: HDX is a set of features oriented to high performances without losing the resolution quality for both audio and video reproduction.
HDX Monitor is a powerful tool, which permits system administrator verification and configuration of the parameters for high-level user experience.
To install it, you have to connect to the related machine with domain administrative credentials, having already installed the. You could have issues during the. It's not compatible with any previous version. Connect to the Desktop OS master image with domain administrative credentials. Locate the folder on which you've downloaded HDX Monitor software, and then double-click on the hdx-monitor. On the Welcome screen, click on the Next button to continue. In the Select Installation folder screen, choose a valid path on which you will install the software, and click on Next to continue.
After completing this action, click on the Next button on the Confirm Installation screen to complete the software setup. After completing the installation, click on the Close button to end the setup procedure. On the main menu, insert a valid machine address for which you want to check the configuration. In this case, insert the local IP address, and click on the Open button. After connecting to the target device, you will be prompted for a summary screen with the current status of the configured components as shown in the following screenshot: Click on one of the HDX settings icons to obtain further details about the selected component.
On the right-hand side corner of the component section users can find the HDX score assigned to the component configuration. To change the component configuration view, click on one of the sections on the left- hand side menu.
To see the full list of alerts presented by HDX Monitor, click on the Alerts link on the top of the Monitor menu section. To come back to the main menu, click on the Home link. The first option tab is the Performance Counter Update section. Here, you can configure the time interval in seconds on which you will be updating the system counters as shown in the following screenshot: On the second tab, HDX Components, you have the updating time parameters on the system metrics for which you are collecting statistics.
You can also configure the kind of components that are to be shown within the monitor. Moreover, you can decide if it automatically reconnects the last analyzed system at startup as shown in the following screenshot: In the Logging tab, you can specify a valid path and file name on which you will be logging all the monitor activities.
In the last section, Alerts, you can enable a long list of available preconfigured alerts for your monitored machines. Some of the preconfigured alerts contains link to a related Citrix or Microsoft support page in order to make problem analysis easier. After completing all the configurations, click on the Save settings button to make all the changes permanent, and then restart HDX Monitor to apply them.
HDX Monitor permits you to export the report generated on the collected data. To perform this, you have to use the Generate report link in the components menu. The report will be generated in the HTML format. How it works… HDX Monitor is a powerful tool developed by Citrix to check the status of a configured master image in depth. The release associated with XenDesktop 7 is the 3. The tool is in the form of an MSI package, installable on a Windows compatible machine.
The tool is able to remotely connect to a target machine a desktop master image configured to be used to deploy machine instances on which the Monitor is collecting real-time data to give the status of the most important user experience components.
The Monitor collects data for the following objects: From the collected data, it is possible to generate reports that could be used to trace the evolution or the degradation of the general system performance. There's more… HDX Monitor permits you to export and reimport the saved configurations and the collected data by exporting them in the XML format. To accomplish this task, you have to go to the component view, click on the Export link, and assign a name to the XML parameters file.
This plugin is the connector used by any device laptops, smart phones, tablets to connect to the server's sites, in order to receive the assigned desktops or the published applications. Getting ready No preliminary operations are required to perform the configurations for Citrix Receiver.