XenApp 6.5 for Windows Server 2008R2

2011 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement

Contents

XenApp 6.5 for Windows Server 2008 R2 23XenApp 6.5 for Windows Server 2008 R2 24

About This Release 27

Known Issues 30System Requirements 35Plan 40

Design and Plan 44

Farm Terminology and Concepts 48Planning a Successful User Experience 52

Farm Hardware Considerations 54

Planning for Applications and Server Loads 55

Assessing Applications for XenApp Compatibility 56Evaluating Application Delivery Methods 57

Planning for Application Streaming 60Placing Applications on Servers 61

Determining the Number of XenApp Servers to Deploy 65Deciding How Many Farms to Deploy 66Planning Server Functions 68

Planning the XenApp Data Store 69Database Server Hardware Performance Considerations 71

Replication Considerations 73Planning for Configuration Logging and IMA Encryption 74

Planning for Data Collectors 75

Designing Zones for a XenApp Deployment 76Planning for Application Access 79

Planning for Accounts and Trust Relationships 81Recommendations for Active Directory Environments 83Planning for System Monitoring and Maintenance 86Planning for UAC 87

2

Planning for Shadowing 88Securing Delivery and Access 89Planning for Supported Languages and Windows MUI Support 90Planning for Passthrough Client Authentication 91

Install and Configure 92Install and Configure 94

Preparing to Install and Configure XenApp 95Before Installing XenApp 96Before Configuring XenApp 98

Installing XenApp Using the Wizard-Based Server Role Manager 100Installing XenApp from the Command Line 102Configuring XenApp Server Role License Information 105Configuring XenApp Using the Wizard-based Server Configuration Tool 107Configuring XenApp from the Command Line 111

Configuration Command Syntax 113Preparing for XenApp Imaging and Provisioning 119Removing Roles and Components 124

Data Store Database Reference 127

Microsoft SQL Server Database 128Oracle Database 131

Migrate 134XenApp Migration Center 136

Migration Center Interfaces 138Objects You Can Migrate 140Requirements and Installation 142

Migrating XenApp Using the Graphical Interface 145

Migrating XenApp Using the Command Line Interface 147

Cmdlet Reference 149Post-migration Tasks 155

Indirect Migrations and Advanced Cmdlets 156Manage 159

XenApp 6 for Windows 2008 R2 161Management Consoles and Other Tools 163

To start the AppCenter and discover servers 165To view zones 166To refresh user data automatically 167

Managing Citrix Administrators 168

3

Delegating Tasks to Custom Administrators 170Delivering XenApp to Software Services Subscribers 173

To enable Windows 7 look and feel and control desktopcustomization 176

Working with Citrix Policies 178Navigating Citrix Policies and Settings 180Creating Citrix Policies 182Working with Citrix Policy Templates 184

Creating Policy Templates 186Importing and Exporting Policy Templates 188Comparing Policies and Templates 190

Configuring Policy Settings 191To add settings to a policy 193

Applying Citrix Policies 194To add filters to a policy 197

Managing Multiple Policies 198Prioritizing Policies and Creating Exceptions 199

Determining Which Policies Apply to a Connection 201To simulate connection scenarios with Citrix policies 203

Applying Policies to Access Gateway Connections 204Enabling Scanners and Other TWAIN Devices 206

Managing Session Environments and Connections 208Defining User Environments in XenApp 210

Controlling the Appearance of User Logons 211

Controlling Access to Devices and Ports 212

To enable user execute permissions on mapped drives 213Displaying Local Special Folders in Sessions 214

Configuring Audio for User Sessions 217

To enable or disable audio for published applications 218To configure bandwidth limits for audio 219To configure audio compression and output quality 220To enable support for microphones and speakers 221

To use and set sound quality for digital dictation devices 222

Ensuring Session Continuity for Mobile Workers 223Maintaining Session Activity 225

Configuring Session Reliability 226Configuring Automatic Client Reconnection 227

Configuring ICA Keep-Alive 229

4

Session Linger 230Managing and Monitoring XenApp Sessions 231

Monitoring Session Information 234Viewing User Sessions 235

Viewing User Sessions with the Shadow Taskbar 236Enabling Logging for Shadowing 238Enabling User-to-User Shadowing with Policies 239

Controlling Client Connections in XenApp 241

Preventing Specific Client Connection Types 242

Specifying Connection Limits 243Limiting Connections to a Server Farm 244

Sharing Sessions and Connections 245

Limiting Application Instances 247

Logging Connection Denial Events 248Configuring the ICA Listener 249Preventing User Connections During Farm Maintenance 250

Optimizing User Sessions for XenApp 251

Optimizing Audio and Video Playback 252

Configuring Windows Media Redirection 254

Optimizing Flash Content 255

Optimizing Throughput of Image Files 256Optimizing Display of Image Files 257

Optimizing Keyboard and Mouse Responsiveness 258Configuring SpeedScreen Latency Reduction 259Adjusting SpeedScreen Latency Reduction for anApplication 260

To configure latency reduction settings for input fieldsin an application 263

To create exception entries for non-standard inputfields in an application 265

Configuring HDX Broadcast Display Settings 267Enhancing the User Experience With HDX 268

Configuring HDX MediaStream Flash Redirection 269Configuring HDX MediaStream Flash Redirection on theServer 271

Configuring HDX MediaStream Flash Redirection on the UserDevice 276

Configuring Audio 281Avoiding Echo During Multimedia Conferences With HDXRealTime 285

5

Video Conferencing with HDX RealTime Webcam VideoCompression 286

Increasing 2D and 3D Application Scalability and Performance 288Assigning Priorities to Network Traffic 289Adding Dynamic Windows Preview Support 291Configuring Read-Only Access to Mapped Client Drives 292

Securing Server Farms 293Securing Access to Your Servers 294Securing the Data Store 295Securing Client-Server Communications 297

Using SecureICA 298Enabling SSL/TLS Protocols 299To configure session data encryption 300To set a policy for ICA encryption 301

Configuring SSL/TLS Between Servers and Clients 302Obtaining and Installing Server and Root SSL Certificates 304Choosing an SSL Certificate Authority 305Acquiring a Signed SSL Certificate and Password 306To enable the SSL Relay and select the relay credentials 307Using the SSL Relay with the Microsoft Internet InformationService (IIS) 308

Configuring the Relay Port and Server Connection Settings 309To run the SSL Relay on port 443 without using HTTPS 311Configuring the Ciphersuites Allowed by the SSL Relay 312

Using the Secure Gateway 313Using the Secure Ticket Authority 314Securing Network Communications 316

Configuring TCP Ports 317Using Proxy Servers 318Configuring Authentication for Workspace Control 319

Using Smart Cards with XenApp 320Configuring Kerberos Logon 322Logging Administrative Changes to a XenApp Farm 324

Setting up the Configuration Logging Database 326Defining Database Permissions for Configuration Logging 328To configure the connection to the Configuration Loggingdatabase 330

To set Configuration Logging properties 331Clearing Entries from the Configuration Logging Database 332

6

Encrypting Configuration Logging Data 333To generate a key and enable IMA encryption on thefirst server in a farm 335

To load a key on servers that join the farm 336Managing IMA Encryption 337

XenApp Service Account Privileges 338Maintaining Server Farms 343

To search for objects in your farm 344To change a server's desktop settings 345To limit the number of server connections per user 346To enable or deny logons to servers 347Restarting Servers at Scheduled Times 348Removing and Reinstalling XenApp 349

To rename a XenApp server 351To move or remove a server 352

Monitoring Server Performance with Health Monitoring &Recovery 353

Using Citrix Performance Monitoring Counters 356Using Worker Groups for Enhanced Resource Access 358

To create a worker group 361Creating and Prioritizing Load Balancing Policies 362Enhancing the Performance of a Remote Group of Servers 363

Using Preferential Load Balancing 364Resource Allotment 365Multiple Published Applications in the Same Session 368

Managing CPU Usage 369Deploying virtual memory optimization 371Managing Farm Infrastructure 374

Maintaining the Local Host Cache 375Tuning Local Host Cache Synchronization 376To configure zones and back-up data collectors 377

Updating Citrix License Server Settings 379To set the product edition 380Configuring the Citrix XML Service Port and Trust 381

To manually change the XML Service port to use a portdifferent from IIS after installation 383

To manually configure Citrix XML Service to share the TCPport with IIS 384

Manage Server and Resource Loads 385

7

To create a new load evaluator 387List of Load Management Rules 388

Assigning Load Evaluators to Servers and Applications 390Scheduling Server Availability 392

Power and Capacity Management 393About Load Consolidation and Power Management 395Installing Power and Capacity Management 397

System Requirements for Power and Capacity Management 398Interactively Installing Components 402Silently Installing Components 404Upgrading Administration Components 410Removing Components 411

Configuring and Using Power and Capacity Management 412

Configuring a Server Profile 416Configuring Server Properties 418Setting Global Configuration Values 420Configuring Sites 421

Adding Virtual Machine Managers 422

Managing the Concentrator 424

Creating Setpoints and Schedules 426Enabling Load Consolidation and Power Management 429

Understanding XenApp Printing 430Introduction to Windows Printing Concepts 431

Local and Remote Print Job Spooling 433XenApp Printing Concepts 435

Overview of Client and Network Printing Pathways 436Provisioning Printers for Sessions 441

Auto-Creating Client Printers 443Auto-Creating Network Printers 447

Letting Users Provision Their Own Printers 448Device or Session-Based Print Settings 449

Device-Based Print Settings 450Controlling Printing Settings and User Preferences 451

Setting Default Printers 454

Printing and Mobile Workers 455

Optimizing Printing Performance by Routing 457

Managing Printer Drivers 458

8

Planning Your Printing Configuration 460Default Printing Behavior 461Printing Policy Configuration 462Printing Security 463Purchasing Printing Hardware 464

Configuring and Maintaining XenApp Printing 465Configuring Printer Autocreation Settings 466Configuring Citrix Universal Printing 467Configuring Network Printers for Users 469

To add a network printer while configuring the Sessionprinters setting 470

To specify a default printer for a session 471

To edit the printer settings in the sessions policy 472

To configure server local printers 473Configuring Printers for Mobile Workers 474

Changing Network Print Job Routing 475

Providing Tools for User Provisioning 476To store users printer properties 478To synchronize properties from the printer 479Controlling Printer Driver Automatic Installation 480Configuring Universal Printer Drivers on Farm Servers 483Mapping Client Printer Drivers 485Improving Session Performance by Limiting Printing Bandwidth 487Displaying Printers 489

Managing Printers Using the Network Printing Pathway 490Displaying Printers Using the Client Printing Pathway 491

XenApp Server Utilities Reference 492ALTADDR 493APP 495AUDITLOG 498CTXKEYTOOL 501CTXXMLSS 503DSCHECK 505DSMAINT 507ICAPORT 512

IMAPORT 514

QUERY FARM 516QUERY PROCESS 519

9

QUERY SESSION 521

QUERY TERMSERVER 523QUERY USER 525

Performance Counters Reference 527

Citrix CPU Utilization Mgmt User Counters 528Citrix IMA Networking Counters 529Citrix Licensing Counters 530Citrix MetaFrame Presentation Server Counters 531ICA Session Counters 533Secure Ticket Authority Counters 536

Policy Settings Reference 537Policy Settings: Quick Reference Table 538ICA Policy Settings 544

Audio Policy Settings 546Auto Client Reconnect Policy Settings 548Bandwidth Policy Settings 549Client Sensors Policy Settings 554

Desktop UI Policy Settings 556End User Monitoring Policy Settings 557

File Redirection Policy Settings 558Flash Redirection Policy Settings 563Graphics Policy Settings 567

Caching Policy Settings 569Keep Alive Policy Settings 570Legacy Server Side Optimizations Policy Settings 571

Mobile Experience Policy Settings 572

Multimedia Policy Settings 574

Multi-Stream Connections Policy Settings 576Port Redirection Policy Settings 578Printing Policy Settings 580

Client Printers Policy Settings 582Drivers Policy Settings 585Universal Printing Policy Settings 587

Security Policy Settings 590Server Limits Policy Settings 592Session Limits Policy Settings 593Session Reliability Policy Settings 595

10

Shadowing Policy Settings 597Time Zone Control Policy Settings 599TWAIN Devices Policy Settings 600USB Devices Policy Settings 601Visual Display Policy Settings 603

Moving Images Policy Settings 604Still Images Policy Settings 605

Licensing Policy Settings 607Power and Capacity Management Policy Settings 608Server Policy Settings 609

Connection Limits Policy Settings 612Database Policy Settings 613Health Monitoring and Recovery Policy Settings 615Memory Optimization Policy Settings 616Offline Applications Policy Settings 619Reboot Behavior Policy Settings 620

Server Session Settings 623Virtual IP Policy Settings 624XML Service Policy Settings 626

Publish 627Publish 629

Publishing in XenApp 630Evaluating Application Delivery Methods 631Publishing Resources using the AppCenter 634

To configure servers to publish for multiple users 636To publish a resource using the Publish Application wizard 637To select a resource type and delivery method 639To configure locations of published applications 641To configure locations of published content 642To disable command-line validation 643To pre-launch applications to user devices 644

Publishing Applications for Streaming 647New Features in This Release 649System Requirements for Application Streaming 650Application Streaming Overview 653Components for Application Streaming 655Deciding Which Receiver or Plug-in to Use for ApplicationStreaming 658

11

Providing Single Sign-on for Streamed Applications 660Creating Application Profiles 661

Targets Overview 663Service Pack Level 665System Drive Letter 666Operating System Language 667Inter-Isolation Communication Overview 668

Isolating Services 669Specifying Trusted Servers for Streamed Services andProfiles 670

Managing Isolation Environment Rules 673Types of Isolation Environment Rules 674Restrictions and Limitations for Rules 676Creating Isolation Environment Rules for a Target 677To create an isolation environment rule 678To modify a rule 679Using Environment Variables to Construct Rules 680

Preparing a Workstation for Profiling Applications 682Known Limitations for Profiling 684To install the profiler 685To disable and enable profile signing 686To start the profiler 687

Creating a Profile and Its Initial Target 688To create a profile and target 689To allow users to update applications 692To set up inter-isolation communication 693To select an install option 695To install multiple applications through AdvancedInstall 696

To choose an installation program for theapplication 697

To create a virtual hard disk 699To support legacy plug-ins 701To install Internet Explorer plug-ins 702To include files and folders in a target 703To include registry settings 704To install an application in the profile 705To run an application in the profiler 706To select applications for listing in the profile 707

12

To sign a profile 708Editing Profiles 709

To view profile information 710To edit the profile name, description, or location 711

To view details about applications in a profile 712

To view File Type Associations set in a profile 713To check for launch prerequisites 714

To check for prerequisite registry entries 715

To check for prerequisite applications and files 717

To specify pre-launch and post-exit scripts 718To add a target to a profile 719To resolve target conflicts 720To resolve invalid shortcuts 722

To delete a target from a profile 723To delete a folder from a profile 724

To remove a profile from a linked profile 725

Editing Targets 726To edit the target name and description 727

To modify the application properties in the target 728To modify the operating system and languageproperties of a target 730

To update a target 731To remove an old version of an updated target 732

Profile Contents on the Server 733Manifest File 734Targets 735Digital Signature 736Icons 737Scripts 738

Publishing Streamed Applications 739To select a streaming delivery method 740To force a delivery method for streamed applications 742

To provide HTTP or HTTPS delivery method 744

Configuring Offline Access 747

Offline Plug-in 6.5 for Windows 750New Features in This Release 751

System Requirements for Application Streaming 752

Citrix Offline Plug-in Overview 755

13

Deciding Which Receiver or Plug-in to Use forApplication Streaming 756

Specifying Trusted Servers for Streamed Services andProfiles 758

Using the Merchandising Server and Citrix ReceiverUpdater to Deploy the Plug-ins 761

To install the Offline Plug-in 762To deliver the AppHubWhiteList to user devices 764To configure the cache size of the Offline Plug-in 765To deploy the Offline Plug-in using the command-line 766To configure an .MSI package for the Offline Plug-inusing transforms 768

To deploy the Offline Plug-in to user devices throughActive Directory 769

To deploy applications to user devices 770To clear the streamed application cache on user devices 772

To clear merged rules for linked profiles on user devices 774

Configuring Content Redirection 775

To enable content redirection from server to client 776To configure content redirection from client to server 778

Managing Application Properties 779To rename a published application 780To configure locations of servers for published resources 781To specify locations of applications for streaming 782To enable an application for offline access 783To configure user access to applications 784Granting Access to Explicit or Anonymous Users 786To configure shortcuts for user devices 787To configure access controlled by the Access Gateway 788To associate published applications with file types 789To update file type associations 791To configure alternate profiles 793To pass parameters to published applications 794To reduce user privileges for a streamed application 795To configure application limits and importance 796To configure audio and encryption options for publishedapplications 797

To configure application appearance 799To disable or enable a published application 800To delete a published application 801

14

To move a published application to another folder 802To duplicate published application settings 803To export published application settings to a file 804To import published application settings from a file 805

Making Virtual IP Addresses Available to Applications 806How Virtual IP Addressing Works 807Binding Applications 808To determine whether an application needs to use virtual IPaddresses 809

To make virtual IP addresses available to applicationsrunning in sessions 810

To make a virtual loopback address available to applicationsrunning in sessions 811

To supply client IP addresses to published applications on aserver 812

VM Hosted Apps 814System Requirements 817Plan 818Install and Set Up 821

Installing and Removing Server Components for VM HostedApps 822

To configure a VM hosted apps site 824To replace the default XenServer SSL certificate 827

Installing and Removing the Virtual Desktop Agent 829To configure firewalls manually 831To deploy the Virtual Desktop Agent using ActiveDirectory Group Policy Objects 832

To use Windows XP virtual desktops with Single Sign-on 833Manage 834

Working With Machine Catalogs and Desktop Groups 835To create an application desktop group 837Managing Application Desktop Groups 838Working With Applications 839To create an application 841To modify applications 843To manage applications sessions 845Organizing Applications with Folders and Tags 847

Customize 848Configuring USB Support for VM Hosted Apps 849

Publishing App-V Sequences in XenApp 853

15

XenApp Connector for Configuration Manager 2007 857System Requirements for XenApp Connector for ConfigurationManager 2007 858

Install and Set Up XenApp Connector 860Uninstalling XenApp Connector 864Enabling Power and Capacity Management for XenApp Connector 865Deploying Applications to XenApp Servers and PublishingApplications with XenApp Connector 867

To publish applications with XenApp Connector for ConfigurationManager 2007 870

Deploying WSUS Updates to XenApp Servers with XenAppConnector 872

Viewing and Maintaining Log Files 873Enterprise Management 875

Enterprise Management 876Management Pack for System Center Operations Manager 2007 878

System Requirements for the Management Pack 880To install the Management Pack 881Management Pack Post-Installation Tasks 882Uninstalling the Management Pack 883Security Considerations for the Management Pack 884

Troubleshooting Query Errors in Operations Manager 885Citrix Managed Objects Included in the Management Pack 886Citrix Views Included in the Management Pack 887

To view state monitors and processing rules 888Viewing XenApp Alert and Event Information 889Viewing XenApp Deployment State Information 890Viewing Citrix Presentation Server Topology Diagrams 891

To reconfigure security settings on zone data collectors 895Viewing XenApp Performance Information 896Viewing License Server Information 897

Configuring and Enabling Site-specific Monitors 898To open the AppCenter from the Operations Manager Console 900

Installation Manager 901Requirements and Installation 903Using the Installation Manager Console 906Using Installation Manager PowerShell Cmdlets 910Installation Manager Messages Reference 916

Managing Providers and WMI 922

16

XenApp Provider Overview 923Licensing Provider Overview 924Installing the XenApp Provider 925Installing the Licensing Provider 926Starting the Provider Services 927Security Considerations 928Uninstalling the Providers 929WMI Schema 930

XenApp Provider WMI Schema (Part 1 of 3) 931XenApp Provider WMI Schema (Part 2 of 3) 932XenApp Provider WMI Schema (Part 3 of 3) 933Citrix Licensing Provider WMI Schema 934

Optimize WAN Access 935Provision 936Secure Enterprise Network 937

Secure Gateway 938Citrix XenApp Components That Work with Secure Gateway 939

Secure Gateway Features 940System Requirements for Secure Gateway 944Certificate Requirements 946Planning a Secure Gateway Deployment 948

Deploying the Secure Gateway in a Single-Hop DMZ 949Running the Web Interface behind the Secure Gateway in theDemilitarized Zone 951

Locking Down Internet Information Services 953Running the Web Interface Parallel with the Secure Gateway 954Setting Up the Web Interface and the Secure Gateway in aSingle-Hop Demilitarized Zone 955

Deploying the Secure Gateway in a Double-Hop DMZ 956Setting Up the Secure Gateway and the Secure GatewayProxy in a Double-Hop DMZ 959

Publishing the Web Address for the Secure Gateway in aDouble-Hop Demilitarized Zone 960

Setting Up and Testing a Server Farm 961Installing the Secure Ticket Authority 962Testing Your Deployment 963

Installing and Configuring the Secure Gateway and Secure GatewayProxy 964

Upgrading Secure Gateway or Secure Gateway Proxy 965

17

Using Firewall Software with the Secure Gateway or SecureGateway Proxy 966

Installing the Secure Gateway or Secure Gateway Proxy 967To install the Secure Gateway or Secure Gateway Proxy 968

Configuring the Secure Gateway or Secure Gateway Proxy 969To start the configuration wizard manually 970To select a configuration level (Secure Gateway) 971To select a configuration level (Secure Gateway Proxy) 972Task Summary for Secure Gateway, Advanced or StandardConfiguration 973

Task Summary for Secure Gateway Proxy, Advanced orStandard Configuration 974

To select a server certificate 975To configure secure protocol settings 976To configure inbound client connections 977To configure outbound connections 978

To configure an access control list for outboundconnections 979

To configure servers running the Secure Gateway Proxy 981To add the Secure Ticket Authority details 982To configure connection parameters 983To configure logging exclusions 984To add the Web Interface server details 985To configure the logging parameters 986To complete the configuration 987

To stop the Secure Gateway/Secure Gateway Proxyservice 988

To uninstall the Secure Gateway 989Managing the Secure Gateway 990

Viewing Session and Connection Information with the SecureGateway Console 991

Viewing Secure Gateway Performance Statistics 993To view the Secure Gateway performance statistics 994Performance Counters Available for the Secure Gateway 995

Generating the Secure Gateway Diagnostics Report 999Viewing the Secure Gateway Events 1000Viewing the Secure Gateway Access Logs 1002Secure Gateway Configuration Wizard 1003

Secure Gateway Optimization and Security Guidelines 1004Configuring Firewalls for the Secure Gateway 1005

18

Ensuring High Availability of the Secure Gateway 1006Load Balancing Multiple Secure Gateway Servers 1008Load Balancing an Array of the Secure Gateway Proxy 1009Certificate Requirements for Load Balancing Secure GatewayServers 1010

Using Load Balancers and SSL Accelerator Cards with SecureGateway Servers 1011

Coordinating Keep-Alive Values Between the Secure Gateway andCitrix XenApp 1012

Setting Connection Keep-Alive Values and the SecureGateway 1013

Improving Security (Recommendations) 1014Preventing Indexing by Search Engines 1018

Troubleshooting the Secure Gateway 1019To check your certificates 1020Client Connections Launched from IP Addresses in the LoggingExclusions List Fail 1021

Load Balancers Do Not Report Active Client Sessions ifConnections Are Idle 1022

Performance Issues with Transferring Files Between a UserDevice and a Citrix XenApp Server 1023

Gateway Client Connections Fail When Using Windows XP ServicePack 2 1024

Failed Client Connections to the Secure Gateway Result inDuplicate Entries in the Secure Gateway Log 1025

Placing the Secure Gateway Behind a Reverse Web Proxy Causesan SSL Error 4 1026

Run the Secure Gateway Parallel to the Reverse Web Proxy 1027Use a Network Address Translator Instead of a Reverse WebProxy 1028

Digital Certificates and the Secure Gateway 1029Understanding Cryptography 1030

Types of Cryptography 1031Combining Public Key and Secret Key Cryptography 1032

Understanding Digital Certificates and Certificate Authorities 1033Certificate Chains 1035Certificate Revocation Lists 1037

Deciding Where to Obtain Certificates 1038Obtaining and Installing Server Certificates 1040Obtaining and Installing Root Certificates 1042Support for Wildcard Certificates with the Secure Gateway 1043

Secure Application Access 1044Monitor 1045

19

Record 1046Record 1047

System Requirements for SmartAuditor 1050Example Usage Scenarios 1053Getting Started with SmartAuditor 1054

Planning Your Deployment 1056Security Recommendations 1059

Installing Certificates 1060Scalability Considerations 1061Important Deployment Notes 1064Pre-Installation Checklist 1065To install SmartAuditor 1066Automating Installations 1068To configure SmartAuditor to play and record sessions 1069

Granting Access Rights to Users 1071Creating and Activating Recording Policies 1072

Using System Policies 1073Creating Custom Recording Policies 1074

To create a new policy 1076To modify a policy 1077To delete a policy 1078

To activate a policy 1079Understanding Rollover Behavior 1080

To disable or enable recording 1081To configure the connection to the SmartAuditor Server 1082Creating Notification Messages 1083Enabling Custom Event Recording 1084To enable or disable live session playback 1085To enable or disable playback protection 1086To enable and disable digital signing 1087To specify where recordings are stored 1088Specifying File Size for Recordings 1090Viewing Recordings 1091

To launch the SmartAuditor Player 1092To open and play recordings 1093To search for recorded sessions 1095To play recorded sessions 1097

20

To use events and bookmarks 1100To change the playback display 1103To display or hide window elements 1105To cache recorded session files 1106To change SmartAuditor Servers 1108

Troubleshooting SmartAuditor 1109Verifying Component Connections 1110

Testing IIS Connectivity 1112

Troubleshooting Certificate Issues 1114

SmartAuditor Agent Cannot Connect 1115SmartAuditor Server Cannot Connect to the SmartAuditorDatabase 1116

Sessions are not Recording 1117

Searching for Recordings in the Player Fails 1118Troubleshooting MSMQ 1119

Unable to View Live Session Playback 1120To change your communication protocol 1121

Reference: Managing Your Database Records 1123Single Sign-on 1125

Automate 1126Citrix App Studio 1.0 1127

Citrix App Studio 1128About This Release 1131System Requirements 1134

PowerShell Execution Policy and Remoting Requirements 1137Install and Configure 1140

Installing and Configuring Citrix App Studio 1142

To configure App Studio global settings 1145

Creating and Modifying Farm Catalogs 1148To add farms to a farm catalog 1151

Creating and Modifying Workload Catalogs 1154

Adding and Removing Session Hosts 1157

Adding and Removing Web Interface Servers 1160Manage 1163

Working with the App Studio Console 1164Understanding Workflows 1166To adjust workload capacity 1169To create a new version of a workload catalog 1170

21

Advertising Services to Tenants 1172

Managing Tenants 1179Subscribing Tenant Users to Services 1184Managing Administrators 1187Providing Applications and Desktops to Customers with CitrixCloudPortal Services Manager 1189

XenApp 6.5 Mobility Pack 1.0 1191XenApp 6.5 Mobility Pack Technical Preview 1193

About This Release 1195System Requirements 1197Installing XenApp 6.5 Mobility Pack 1198Configuring Policies for Mobility Pack 1200Mobile Application SDK 1202

22

23

XenApp 6.5 for Windows Server 2008 R2

About This Release Publishing Resources

Known Issues for XenApp 6.5 Enhancing the User Experience With HDX

System Requirements for XenApp 6.5 Delivering XenApp to Software ServicesSubscribers (Windows Desktop ExperienceIntegration)

Issues Fixed for XenApp 6.5 Power and Capacity Management

Installing and Configuring XenApp 6.5 Profile Management

XenApp Migration Center Licensing Your Product

Designing a XenApp Deployment Web Interface

Receiver For Windows Receiver (Updater) for Windows

Self-service Plug-in Receiver (Updater) for Macintosh

Other XenApp FeaturesCitrix XenApp includes additional features in each edition to help enhance the userapplication virtualization experience. This table includes links to the productdocumentation located in Citrix eDocs or in the Citrix Knowledge Center describing thesefeatures.

Desktop Director VM Hosted Apps

Provisioning Services XenApp Connector for Configuration Manager2007 R2

Service Monitoring (EdgeSight) Smart Auditor

Single Sign-on Load testing services

Branch optimization powered by CitrixBranch Repeater

Secure Gateway

SmartAccess powered by Citrix AccessGateway

XenVault

XenApp 6.5 Mobility Pack 1.0 Workflow Studio orchestration

Doc Finder Citrix App Studio 1.0

24

About Citrix XenApp 6.5 for WindowsServer 2008 R2

This release includes several new features and enhancements to Citrix XenApp.

What's Newl Server Platform Support

The XenApp software can be installed on the following platforms. For all systemrequirements, see System Requirements.

l Microsoft Windows Server 2008 R2

l Microsoft Windows Server 2008 R2 Service Pack 1l Windows Desktop Experience Integration

Installed by default when installing the XenApp server role, this feature provides aWindows 7 look and feel including desktop customization. PowerShell script optionsenable administrators to control desktop and environment defaults while allowing endusers to customize their desktops.

When installed and enabled, this feature also removes the Windows Server ManagerConsole from the XenApp server's toolbar and relocates the Citrix XenAppadministrative tools such as the AppCenter to the Start menu's AdministrativeTools\Citrix folder. See Delivering XenApp to Software Services Subscribers for moreinformation.

l Citrix AppCenter

The AppCenter provides a streamlined interface for performing management functions.From the AppCenter, you can manage components administered through other Citrixproducts, such as Citrix Secure Access and Citrix Single Sign-On. For Citrix XenApp, youcan configure and monitor servers, server farms, published resources, and sessions.

l Session Pre-launch, Session Linger, and Fast Reconnect

This collection of features improves the user experience by eliminating delays whenlaunching and maintaining sessions. By using configurable Session Pre-launch policysettings, a session is started automatically when a user logs on to the farm. Byimplementing Session Linger policy settings, sessions remain alive for a configurableperiod before termination, rather than terminating when users close applications.

Fast Reconnect, built into XenApp and requiring no configuration, helps minimize delayswhen users reconnect to existing sessions.

l Citrix HDX Enhancements

XenApp includes the latest HDX enhancements:

l HDX MediaStream Flash Redirection

l Audio Settings

l Multimedia Conferencing with HDX RealTime

l Increased 2D and 3D Application Scalability and Performance

l Assigning Priorities to Network Traffic

XenApp 6.5 for Windows Server 2008 R2

25

l Dynamic Windows Preview Support

l Migration Center with Graphical User Interface

With the choice of using a PowerShell cmdlet command line or graphical user interface,XenApp administrators can import application, folder, server configuration, and otherXenApp object types from farms running previous versions of XenApp into XenApp 6.5farms. See XenApp Migration Center for requirement and installation information.

l Improved Performance for Pooled Desktops

Application launch time in pooled desktop environments is improved through the use ofvirtual hard disks. Using the Streaming Profiler, virtual hard disks can be created whenprofiling an application. When the application is launched for the first time, the virtualhard disk is mounted and all the profile contents are copied to the virtual hard disk. Forall subsequent launches, the application is launched from the virtual hard disk,resulting in a speedier launch.

l Printing Optimization

XenApp printing features include improved print session performance, lower bandwidthrequired for printing, and improved user experience when printing to redirected clientprinters. Universal Printing policy settings enable the administrator to control printquality, spooling, and optimization defaults. See the printing topics in the Manage nodeof this documentation for more information.

l Receiver Storefront

Receiver Storefront authenticates users to XenDesktop sites and XenApp farms,enumerating and aggregating available desktops and applications into stores that usersaccess through Citrix Receiver or a Web page.

If your XenApp installation media or download package contains the Citrix ReceiverStorefront folder, you can install the Receiver Storefront through the XenApp ServerRole Manager provided in that media/package. If your installation media or downloadpackage does not contain the Citrix Receiver Storefront folder, you can download anupdated XenApp package from My Citrix.

XenApp 6.5 for Windows Server 2008 R2

26

27

About Citrix XenApp 6.5 for WindowsServer 2008 R2

This release includes several new features and enhancements to Citrix XenApp.

What's Newl Server Platform Support

The XenApp software can be installed on the following platforms. For all systemrequirements, see System Requirements.

l Microsoft Windows Server 2008 R2

l Microsoft Windows Server 2008 R2 Service Pack 1l Windows Desktop Experience Integration

Installed by default when installing the XenApp server role, this feature provides aWindows 7 look and feel including desktop customization. PowerShell script optionsenable administrators to control desktop and environment defaults while allowing endusers to customize their desktops.

When installed and enabled, this feature also removes the Windows Server ManagerConsole from the XenApp server's toolbar and relocates the Citrix XenAppadministrative tools such as the AppCenter to the Start menu's AdministrativeTools\Citrix folder. See Delivering XenApp to Software Services Subscribers for moreinformation.

l Citrix AppCenter

The AppCenter provides a streamlined interface for performing management functions.From the AppCenter, you can manage components administered through other Citrixproducts, such as Citrix Secure Access and Citrix Single Sign-On. For Citrix XenApp, youcan configure and monitor servers, server farms, published resources, and sessions.

l Session Pre-launch, Session Linger, and Fast Reconnect

This collection of features improves the user experience by eliminating delays whenlaunching and maintaining sessions. By using configurable Session Pre-launch policysettings, a session is started automatically when a user logs on to the farm. Byimplementing Session Linger policy settings, sessions remain alive for a configurableperiod before termination, rather than terminating when users close applications.

Fast Reconnect, built into XenApp and requiring no configuration, helps minimize delayswhen users reconnect to existing sessions.

l Citrix HDX Enhancements

XenApp includes the latest HDX enhancements:

l HDX MediaStream Flash Redirection

l Audio Settings

l Multimedia Conferencing with HDX RealTime

l Increased 2D and 3D Application Scalability and Performance

l Assigning Priorities to Network Traffic

About This Release

28

l Dynamic Windows Preview Support

l Migration Center with Graphical User Interface

With the choice of using a PowerShell cmdlet command line or graphical user interface,XenApp administrators can import application, folder, server configuration, and otherXenApp object types from farms running previous versions of XenApp into XenApp 6.5farms. See XenApp Migration Center for requirement and installation information.

l Improved Performance for Pooled Desktops

Application launch time in pooled desktop environments is improved through the use ofvirtual hard disks. Using the Streaming Profiler, virtual hard disks can be created whenprofiling an application. When the application is launched for the first time, the virtualhard disk is mounted and all the profile contents are copied to the virtual hard disk. Forall subsequent launches, the application is launched from the virtual hard disk,resulting in a speedier launch.

l Printing Optimization

XenApp printing features include improved print session performance, lower bandwidthrequired for printing, and improved user experience when printing to redirected clientprinters. Universal Printing policy settings enable the administrator to control printquality, spooling, and optimization defaults. See the printing topics in the Manage nodeof this documentation for more information.

l Receiver Storefront

Receiver Storefront authenticates users to XenDesktop sites and XenApp farms,enumerating and aggregating available desktops and applications into stores that usersaccess through Citrix Receiver or a Web page.

If your XenApp installation media or download package contains the Citrix ReceiverStorefront folder, you can install the Receiver Storefront through the XenApp ServerRole Manager provided in that media/package. If your installation media or downloadpackage does not contain the Citrix Receiver Storefront folder, you can download anupdated XenApp package from My Citrix.

About This Release

29

30

Known Issues for XenApp 6.5 forWindows Server 2008 R2

Readme Version: 2

Contentsl Installation Issues

l SmartAuditor Issues

l Application Streaming Issues

l Single Sign-on Issues

l Other Known Issues

Installation Issuesl The Provisioning Services Target Device software resets your network connection during

install. As a result, you may see user interface crashes or other failures if you selectthis component to install from a network location. Citrix recommends that you installthe Provisioning Services Target Device software using one of the following methods[#229881]:

l Install from a local DVD image or ISO

l Copy the installation media locally before performing the installation

l Select Manually Install Components from the Autorun menu

l Install with a command-line installationl If you are installing the Configuration Manager Console Extension component of the

XenApp Connector for Configuration Manager 2007 on a computer that has a remoteConfiguration Manager console installed, this warning might display: ConfigurationManager Console Extension is selected, but ConfigMgr 2007 R2 or higher is not installed.Install will continue, but the console extension feature will not be operable withoutConfigMgr. If the installed Configuration Manager console is from Microsoft SystemCenter Configuration Manager 2007 R2 or R3, ignore this warning and continue installingthe Configuration Manager Console Extension. The Configuration Manager ConsoleExtension operates normally after installation. [#0034277]

l After installing the Windows Desktop Experience Integration role through the XenAppServer Role Manager on a computer running a non-English operating system andconfiguring the CtxStartMenuTaskbarUser Group Policy Object (GPO), the PowerShelland Server Manager icons are not removed from the Taskbar as expected. Additionally,the Internet Explorer and Windows Media Player icons are not added to the Taskbar.This occurs because the script Enable-CtxDesktopExperienceUser.ps1 does not runcorrectly on non-English operating systems. To resolve this issue, download the updatedEnable-CtxDesktopExperienceUser.ps1 script from CTX130208 in the Citrix KnowledgeCenter and replace the script on the XenApp server. [#261892]

SmartAuditor Issuesl The SmartAuditor Player might fail to correctly display sessions launched with Citrix

Receiver for Windows 3.0, instead showing a black screen in the Player window. Toprevent this, disable the gradient fill feature on the XenApp server hosting the sessionsby creating this DWORD registry on the server and setting its value to 1:HKLM\SOFTWARE\Citrix\Ica\Thinwire\DisableGdiPlusSupport.

Caution: Editing the Registry incorrectly can cause serious problems that may requireyou to reinstall your operating system. Citrix cannot guarantee that problemsresulting from the incorrect use of Registry Editor can be solved. Use Registry Editorat your own risk. Be sure to back up the registry before you edit it.

Sessions recorded after this change is made display correctly. [#254644]

Known Issues

31

l The SmartAuditor Player might fail to play sessions launched with the Citrix OnlinePlug-in for Windows 12.1 or Citrix Receiver for Windows 3.0. To play these sessions,edit this text in the SmAudPlayer.exe.config file: . To view sessions launched with Online Plug-in for Windows12.1, change 12.00.9999 to 12.99.9999. To view sessions launched withReceiver for Windows 3.0, change 12.00.9999 to 13.00.9999. [#254795,#255780]

l If SmartAuditor Administration components are installed on a XenApp server, the CitrixAppCenter console might not be able to complete discovery on the server. To resolvethis issue, run: %SystemDrive%\Program Files(x86)\Citrix\System32\mfreg.exe /regserver.[#260133]

Application Streaming IssuesIssues for streaming Microsoft Office applications:

l Profiling Microsoft Office 2010 SP1 is not supported in this release.

For best practices for streaming Office 2010 applications, seehttp://support.citrix.com/article/CTX124565 in the Citrix Knowledge Center.

l Although the fonts for Office 2010 applications do not load during profiling, the fontsload correctly when the applications are launched on the user device. [#262124]

l While profiling Microsoft Office 2010 applications, the option to Enable User Updatesfails if the applications are published to stream to client desktops. To prevent thisissue, do not use that profiling option for Office 2010 applications. [#259362]

l When using the RadeCache flushall command, you might receive an Access Denied errorfor Microsoft Office applications that are streamed to server.

If this occurs, restart the server and run the flushall command again. [#262465]

l When profiling Office 2010 on Windows 7 using the streaming profiler, if the operatingsystem fails with a blue screen, the profiling workstation is probably missing Windowsupdates and a Microsoft Hotfix. To fix the issue, update the profiling workstation withthe latest Windows updates and install the Microsoft Hotfix located athttp://support.microsoft.com/kb/2359223/en-US. [#248727]

l Streamed Office Project 2007 has the following known issues:

l Creating Visual Reports in Project 2007 is not supported when users stream Projectto their desktops, even when Excel 2007 is also streamed. [#223304]

l Running Office Web Components in Project 2007 is not supported on Windows 7operating systems. [#223553]

There are no workarounds for these issues.

Third-party known issues for application streaming:

l This release does not support streaming IBM Personal Communications 4.2 or IBMClearQuest. [#259830]

Known Issues

32

l This release does not support streaming to clients through Web Interface on thefollowing browsers: [#262650, 257135]

l Microsoft Internet Explorer 9

l Mozilla Firefox 4.0Other known issues for application streaming:

l Launching the streamed application SAP 7.20 or earlier versions on a non-Englishplatform displays the user interface in English. In addition, the language drop-downlocated at File > Options > General > Language is blank.

As a workaround, install the SAP application in the profile, and after installation, openthe command prompt inside the Profiler. Navigate to the Lang folder (C:\ProgramFiles\SAP\FrontEnd\SAPgui\Lang\) and copy all the files to location C:\Lang\.[#260029]

l After creating the first target, you cannot modify the "Enable User Updates" setting forthe profile. The setting that you select for the first target applies to all other targetsthat you add to this profile, even if you manually select a different setting forsubsequent targets. [#252225]

l The Load Balancing policy fails to prevent a fallback option for delivery of anapplication published for dual-mode streaming (streamed if possible, otherwise streamaccessed from a server).

The Load Balancing policy is supposed to be able to override the dual mode and forceone or the other delivery method, disallowing the other, for the specified groups ofusers. In this release, the policy fails to prevent the fallback option, and the applicationwill be delivered as specified in the publishing process. There is no workaround for thisissue. [#258537]

l An application that is streamed to the server cannot support more than one extraparameter when there is a space character in one of the parameters. While profiling, ifyou add an extra parameter that has spaces, only one parameter is supported. If thereare no spaces in the parameter, multiple parameters are supported. [#262752]

l The AppHubWhiteList is sometimes deleted when you update the Offline Plug-in. Afterupdating the plug-in, verify that the AppHubWhiteList is still included with the plug-in,and if missing, add it manually. [#262709]

Single Sign-on Issuesl Features that require the Single Sign-on Service might fail if the Single Sign-on Plug-in

5.0 is installed on user devices that do not have the Visual C++ 8.0 runtime libraryinstalled. To prevent this, ensure that the Visual C++ 8.0 runtime library is installed onthe user device before installing the Single Sign-on Plug-in. [#261051]

l On user devices that are running double-byte character language operating systems andhave the Single Sign-on Plug-in 5.0 installed, Input Method Editor (IME) might failagainst the question-based authentication dialog boxes for self-service password resetand self-service account unlock. To allow users to use account self-service from theseuser devices, ensure that their answers to security questions are in languages that donot require IME. [#262856]

Known Issues

33

Other Known Issuesl XenApp servers might stop responding when multiple users are making frequent

connections to the servers. Installing Service Pack 1 for Windows Server 2008 R2 orMicrosoft Hotfix Windows.1-KB2383928-x64 on the server prevents this from occurring.See Microsoft Knowledge Base article #2383928 for more information. [#254069]

l Adobe Flash content playback is poor when using server-side content fetching over aslow WAN connection. This may result in response failures for the Flash window or Webbrowser and extremely long buffer times and pauses. To avoid this issue, useserver-rendered Flash delivery for user devices using WAN connections. [#261879]

l When using Secure Gateway in an environment where data is encrypted using SSLprotocol, SSL-secured sessions might disconnect unexpectedly, reporting an SSL LibraryError 45. [#259611]

l When publishing content to a XenApp server, the access control settings appeardifferently depending on whether you view them with the AppCenter console or withthe XenApp command Get-XAApplication. For example, while the AppCenter mightcorrectly display default settings, the XenApp command Get-XAApplication mightdisplay that no Access Gateway connections are allowed. This issue affects only thedisplay of these settings; users can access the published content normally.

To ensure a consistent display of access control settings, use the XenApp SDK toconfigure and publish content applications. [#261283]

l Published applications might fail to launch, displaying a black window in place of theapplication window, if system memory is low. This condition is indicated by this systemevent log message, with picadd as its source: "The Citrix Thinwire driver stoppedbecause it cannot allocate the required memory. You may need to manually disconnectand restart any existing sessions." [#261647]

l During session printer enumeration, Adobe Reader 10.1 may fail. As a workaround, edityour Adobe Reader preferences and uncheck the Enabled Protected Mode at startupcheckbox. [#285090]

Known Issues

34

35

System Requirements for XenApp 6.5

System requirements for the XenApp server role and the Citrix AppCenter are describedbelow. System requirements for other XenApp features, components, and relatedtechnologies are described in their respective system requirements documentation; thatincludes receivers, plug-ins and agents, Web Interface, Single Sign-on, Service Monitoring,EdgeSight, SmartAuditor, Application Session Recording, Provisioning Services, and Powerand Capacity Management.

To ensure the availability of XenApp 6.5 features and correct operation:

l Use the Citrix License Server Version 11.9 (minimum).

l Install the most recent version of any receivers, plug-ins, and agents you use. At thetime of its release, XenApp 6.5 was tested with Receiver for Windows 3.0 (with plug-in13.0). The Citrix Online Plug-in (Web and Full) 12.1 was also tested and can be used,but some XenApp 6.5 features will not be available.

You must be in the Administrators group to install and configure the XenApp server role.Elevating your privilege to local administrator through User Account Control is not asubstitute for Administrators group membership.

Important:

l Do not install XenApp on a domain controller. Citrix does not support installing XenAppon a domain controller.

l Do not join servers running this XenApp version to a deployment with servers runningprevious XenApp versions (including early release and Technical Preview versions).

l You must use the AppCenter from the 6.5 media to manage the XenApp 6.5 farm. Citrixdoes not support using a console from a previous XenApp release to manage XenApp 6.5farms. (However, you can use the AppCenter from the XenApp 6.5 media to manage aXenApp 6.0 farm.)

l See Installing and Configuring XenApp for additional guidance, including tasks tocomplete before installing and configuring XenApp.

Deploying PrerequisitesDuring a wizard-based installation, the XenApp Server Role Manager (using the Server RoleInstaller) automatically installs XenApp prerequisites, as noted below.

For command-line installations, you must install the prerequisite software and Windowsroles before installing XenApp (except as noted). You can deploy prerequisites withPowerShell cmdlets, the Microsoft ServerManagerCmd.exe command, or the MicrosoftDeployment Image Servicing and Management (DISM) tool.

If installation of a required Windows role or other software requires a restart (reboot),restart the server before starting the XenApp server role installation.

XenApp Server RoleSupported operating systems: Windows Server 2008 R2 and Windows Server 2008 R2 SP1(Enterprise, Standard, Datacenter, and Foundation).

Most servers running the supported operating systems meet the hardware requirements forXenApp with ample processing power to host user sessions accessing the publishedresources. However, additional research may be needed to determine if current hardwaremeets the requirements.

l CPU:

l 64-bit architecture with Intel Pentium

l Xeon family with Intel Extended Memory 64 Technology

l AMD Opteron family

l AMD Athlon 64 family

l Compatible processorl Memory: 512MB RAM (minimum)

l Disk space: up to 3.2GB

The XenApp Server Role Manager deploys the following software (except as noted), if it isnot already installed:

l .NET Framework 3.5 SP1 (this is a prerequisite for the XenApp Server Role Manager; it isdeployed automatically when you choose to add the XenApp server role from theAutorun menu)

l Windows Server Remote Desktop Services role (if you do not have this prerequisiteinstalled, the Server Role Manager installs it and enables the RDP client connectionoption; you will be asked to restart the server and resume the installation when you logon again)

l Windows Application Server role

l Microsoft Visual C++ 2005 SP1 Redistributable (x64)

l Microsoft Visual C++ 2008 SP1 Redistributable (x64)

When you install the XenApp server role, XML and Internet Integration Service (IIS)integration is an optional component. When this component is installed, the Citrix XMLService and IIS share a port (default = 80). When this component is not installed, the CitrixXML Service defaults to standalone mode with its own port settings. You can change theport during or after XenApp configuration. The Server Role Installer checks for installed IISrole services and whether the component is selected or specified. For completeinformation, see Before Installing XenApp. The IIS role services are listed below.

System Requirements

36

l Web Server (IIS) > Common HTTP Features > Default Document (selecting thisautomatically selects Web Server (IIS) > Management Tools > Management Console,which is not required or checked for XenApp installation)

l Web Server (IIS) > Application Development > ASP.NET (selecting this automaticallyselects Web Server (IIS) > Application Development > .NET Extensibility; although notchecked for XenApp installation, ASP.NET requires .NET Extensibility)

l Web Server (IIS) > Application Development > ISAPI Extensions

l Web Server (IIS) > Application Development > ISAPI Filters

l Web Server (IIS) > Security > Windows Authentication

l Web Server (IIS) > Security > Request Filtering

l Web Server (IIS) > Management Tools > IIS 6 Management Compatibility (includes IIS 6Metabase Compatibility, IIS 6 WMI Compatibility, IIS 6 Scripting Tools, and IIS 6Management Console)

If you plan to use Philips SpeechMike devices with XenApp, you may need to install driverson the servers hosting sessions that record audio before installing XenApp. For moreinformation, see Citrix information on the Philips web site.

AppCenterXenApp Management includes the AppCenter. By default, the AppCenter is installed on thesame server where you install the XenApp server role; however, you can install and run theAppCenter on a separate computer. To install the AppCenter on a workstation, from theXenApp Autorun menu, select Manually Install Components > Common Components >Management Consoles.

Supported operating systems:

l Windows Server 2008 R2, 64-bit edition, SP1

l Windows Server 2008 R2, 64-bit edition

l Windows Server 2008 Enterprise, 32-bit edition, SP2

l Windows Server 2003 R2, 32-bit and 64-bit editions

l Windows Server 2003, 32-bit and 64-bit editions, SP2

l Windows 7 Enterprise, 32-bit and 64-bit editions, SP1

l Windows Vista Enterprise, 32-bit and 64-bit editions, SP2

l Windows XP Professional, 32-bit edition, SP3

l Windows XP Professional, 64-bit edition, SP2

Requirements:

System Requirements

37

l Disk space: 25MB

l Microsoft Management Console (MMC):

l For Windows Vista, Windows 7, Windows Server 2008 R2, and Windows Server 2008R2 SP1: MMC 3.0 (installed by default)

l For other supported Windows operating systems: MMC 2.0 or 3.0The XenApp Server Role Manager deploys the following software, if it is not alreadyinstalled:

l Microsoft .NET Framework 3.5 SP1

l Microsoft Windows Installer (MSI) 3.0

l Microsoft Windows Group Policy Management Console

l Microsoft Visual C++ 2005 SP1 Redistributable (x64)

l Microsoft Visual C++ 2008 SP1 Redistributable (x64)

l Microsoft Visual C++ 2008 SP1 Redistributable

l Microsoft Visual C++ 2005 SP1 Redistributable

l Microsoft Primary Interoperability Assemblies 2005

If you install the AppCenter on a computer that previously contained the Microsoft GroupPolicy Management Console (GPMC) and a Citrix Delivery Services Console earlier than theversion delivered with XenApp 6.0, you may also need to uninstall and reinstall the CitrixXenApp Group Policy Management Experience (x64) program in order to use the GPMC toconfigure Citrix policies.

Data Store DatabaseThe following databases are supported for the XenApp data store:

l Microsoft SQL Server 2008 Express R2

l Microsoft SQL Server 2008 Express SP3

l Microsoft SQL Server 2008 R2

l Microsoft SQL Server 2008 SP2

l Microsoft SQL Server 2005 SP4

l Oracle 11g R2 32-bit Enterprise Edition

Microsoft SQL Server 2008 Express can be deployed for you by the XenApp ServerConfiguration Tool when creating a XenApp farm.

System Requirements

38

For information about the latest supported database versions, see CTX114501. Forinformation about requirements, see Data Store Database Reference.

System Requirements

39

40

Design and Plan

XenApp is the central software component of the Citrix Windows Application DeliveryInfrastructure. The goals of XenApp and the Citrix Windows Application DeliveryInfrastructure are to deliver on-demand applications to both physical and virtual desktops,and to determine and provide the best method of delivery. XenApp offers three methods fordelivering applications to user devices, servers, and virtual desktops:

l Server-side application virtualization: applications run inside the Data Center. XenApppresents each application interface on the user device, and relays user actions from thedevice, such as keystrokes and mouse actions, back to the application.

l Client-side application virtualization: XenApp streams applications on demand to theuser device from the Data Center and runs the application on the user device.

l VM hosted application virtualization: problematic applications or those requiringspecific operating systems run inside a desktop on the Data Center. XenApp presentseach application interface on the user device and relays user actions from the device,such as keystrokes and mouse actions, back to the application.

To provide these types of application delivery, you have many choices of deploymentdesigns and XenApp features, which you can tailor for your users' needs. A typical processfor planning a XenApp farm includes:

1. Becoming familiar with XenApp and XenApp Setup by creating a small, one-server ortwo-server test farm.

2. Deciding which applications to deliver to users.

3. Determining how you want to deliver applications - this includes testing and evaluatingthe applications and peripheral requirements.

4. Determining application to application communication, where to install the applicationson XenApp servers, and which applications can be collocated.

5. Determining the number of servers you need for applications.

6. Determining the total number of servers you need for your farm and evaluatinghardware requirements.

7. Creating the network infrastructure design.

8. Defining the installation processes.

9. Creating and testing a pre-production pilot farm based on your farm design.

10. Releasing the farm into production.

To help you understand how a XenApp deployment delivers applications so you cancomplete planning tasks, consider the following diagram.

A XenApp deployment consists of three deployment groups: user device (represented in thisdiagram by Citrix Receiver), Access Infrastructure, and Virtualization Infrastructure.

l On the left of this diagram is Citrix Receiver, which represents the set of devices onwhich you can install client software. Citrix Receiver manages the client software thatenables your users to interact with virtualized applications. When designing a XenAppdeployment, you consider how your users work, their devices, and their locations.

l Access Infrastructure represents secure entry points deployed within your DMZ andprovide access to resources published on XenApp servers. When designing a XenAppdeployment, you provide secure access points for the different types of users in yourorganization.

l Virtualization Infrastructure represents a series of servers that control and monitorapplication environments. When designing a XenApp deployment, you consider howapplications are deployed based on your user types and their devices, the number ofservers you need, and which features you want to enable in order to provide thesupport, monitoring, and management your organization requires.

The following diagram shows the access infrastructure in greater detail.

Plan

41

In this access infrastructure diagram:

l Citrix Receiver runs the applications.

l Onsite users within your corporate firewall interact directly with the XenApp Web andServices Site.

l Remote-site users access applications through sites replicated by Citrix BranchRepeater.

l Off-site users access applications though secure access, such as Access Gateway.

l The Merchandising Server makes available self-service applications to your usersthrough Citrix Dazzle.

l The XML Service relays requests and information between the Access Infrastructure andthe Virtualization Infrastructure.

The following diagram shows the virtualization infrastructure in greater detail.

In this virtualization infrastructure diagram:

l The XML service relays information and requests.

l Based on Active Directory profiles and policies, the XenApp servers invoke the correctapplication delivery type for the user. The XenApp servers provide server-sideapplication virtualization and session management. Session and deploymentconfiguration information are stored in data collectors and a central data storerepresented by the deployment data store.

l The App Hub provides Streamed Application Profiles, which are client-side virtualizationapplications housed in your enterprise storage.

l The VM Hosted Apps server isolates problematic applications inside a seamless desktop,which, depending on the user profile, can be virtualized on the user device or on theserver. The desktop images are provisioned through Provisioning Server. Session and

Plan

42

server configuration information are stored in the enterprise database.

l Provisioning Services delivers desktops to servers, which are stored as desktop images inyour enterprise database.

l SmartAuditor provides session monitoring. Recorded sessions are stored in yourenterprise storage and configuration information is stored in the deployment datastore.

l Service Monitoring enables you to test server loads so you can estimate how manyservers you need for your deployment and to monitor those servers once they aredeployed.

l Power and Capacity Management enables you to reduce power consumption andmanage server capacity by dynamically scaling the number of online servers.

l Single Sign-on provides password management for virtualized applications. Passwordsare stored in the account authority.

Plan

43

44

Farm Terminology and Concepts

TerminologyThe XenApp planning documentation uses the following terminology:

Multi-user environment

An environment where applications are published on servers for use by multiple userssimultaneously.

Production farm

A farm that is in regular use and accessed by users.

Design validation farm

A farm that is set up in a laboratory environment, typically as the design or blueprint forthe production farm.

Pilot farm

A preproduction pilot farm used to test a farm design before deploying the farm acrossthe organization. A true pilot is based on access by select users, and then adding usersuntil all users access the farm for their everyday needs.

About InfrastructuresXenApp farms have two types of infrastructures:

l The virtualization infrastructure consists of the XenApp servers that deliver virtualizedapplications and VM hosted Applications, and XenApp servers that support sessions andadministration, such as the data store, data collector, Citrix XML Broker, Citrix LicenseServer, Configuration Logging database (optional), Load Testing Services database(optional), and Service Monitoring components.

l Access infrastructure consists of server roles such as the Receiver Storefront, WebInterface, Secure Gateway (optional), and Access Gateway (optional) that provideaccess administration.

In small deployments, you can group one or more server functions together. In largedeployments, you provide services on one or more dedicated servers.

Factors other than size can affect how you group server functions. Security concerns,virtualized servers, and user load play a part in determining which functions can becollocated.

Typically, in larger farms, you segregate session and administrative functions onto distinctservers. For small farms, you might have one server hosting infrastructure functions andmultiple servers hosting published applications.

Small farms that require redundancy might have one or two servers hosting session andadministrative functions. For example, in a small farm, the data store might be configuredon the same server as the data collector and the XML Broker and, perhaps also the CitrixLicense Server.

Medium and large farms might group similar functions. For example, the XML Broker mightbe grouped with the data collector. In some larger deployments, each infrastructure servicewould likely have one or more dedicated servers.

About Virtualization InfrastructureThe virtualization infrastructure, which is the center of a XenApp deployment, concerns thefollowing concepts:

Application enumeration

Application enumeration is when Citrix client software lists virtualized applicationsavailable on the XenApp servers. The client software transmits data to locate servers onthe network and retrieves information about the published applications. For example,during enumeration, Citrix Receiver communicates through the Citrix XML Service withthe XenApp server to determine applications available for that user.

Application publishing

To deliver an application to your users, whether virtualized on the desktop or the server,use the AppCenter to publish the application.

Citrix Licensing

A Citrix License Server is required for all XenApp deployments. Install the license serveron either a shared or stand-alone server, depending on your farms size. After you installthe license server, download the appropriate license files and add these to the licenseserver.

Data Store

The data store is the database where servers store farm static information, such asconfiguration information about published applications, users, printers, and servers. Eachserver farm has a single data store.

Data Collector

A data collector is a server that hosts an in-memory database that maintains dynamicinformation about the servers in the zone, such as server loads, session status, publishedapplications, users connected, and license usage. Data collectors receive incrementaldata updates and queries from servers within the zone. Data collectors relay informationto all other data collectors in the farm.

Design and Plan

45

By default, the data collector is configured on the first server when you create the farm,and all other servers configured with the controller server mode have equal rights tobecome the data collector if the data collector fails. When the zones data collectorfails, a data collector election occurs and another server takes over the data collectorfunctionality. Farms determine the data collector based on the election preferences setfor a server.

Applications are typically not published on the data collector.

Zones

A zone is a grouping of XenApp servers that communicate with a common data collector.In large farms with multiple zones, each zone has a server designated as its datacollector. Data collectors in farms with more than one zone function as communicationgateways with the other zone data collectors.

The data collector maintains all load and session information for the servers in its zone.All farms have at least one zone, even small ones. The fewest number of zones should beimplemented, with one being optimal. Multiple zones are necessary only in large farmsthat span WANs.

Streaming Profiles

You can deliver applications to users by either virtualizing them on the desktop(streaming) or by virtualizing them on the server (hosting). If you are virtualizingapplications on the desktop, either streaming to the client or server, create a streamingprofile server in your environment. To virtualize applications on the desktop, you createprofiles of the application and then store the profile on a file or Web server. The profileconsists of the manifest file (.profile), which is an XML file that defines the profile, aswell as the target files, a hash key file, the icons repository (Icondata.bin), and a scriptsfolder for pre-launch and post-exit scripts.

Receiver Storefront

Receiver Storefront authenticates users to XenDesktop sites and XenApp farms,enumerating and aggregating available desktops and applications into stores that usersaccess through Citrix Receiver or a Web page. The Receiver Storefront database recordsdetails of resource subscriptions and shortcuts to enable synchronization of users'desktops and applications across their devices.

Web Interface

You can use the Web Interface in any environment where users access their applicationsusing either Receiver or a Web browser. Install the Web Interface on a stand-alonecomputer; however, where resources are limited, the Web Interface can be collocatedwith other functions.

XenApp Web and XenApp Services Sites

XenApp Web and XenApp Services sites (formerly known as Access Platform and ProgramNeighborhood Agent Services sites, respectively) provide an interface to the server farmfrom the client device. When a user authenticates to a XenApp Web or XenApp Servicessite, either directly or through Receiver or the Access Gateway, the site:

l Forwards the users credentials to the Citrix XML Service

Design and Plan

46

l Receives the set of applications available to that user by means of the XML Service

l Displays the available applications to the user either through a Web page or byplacing shortcuts directly on the users computer

Citrix XML Broker and the Web Interface

The Citrix XML Broker functions as an intermediary between the other servers in the farmand the Web Interface. When a user authenticates to the Web Interface, the XML Broker:

l Receives the users credentials from the Web Interface and queries the server farmfor a list of published applications that the user has permission to access. The XMLBroker retrieves this application set from the Independent Management Architecture(IMA) system and returns it to the Web Interface.

l Upon receiving the users request to launch an application, the broker locates theservers in the farm that host this application and identifies which of these is theoptimal server to service this connection based on several factors. The XML Brokerreturns the address of this server to the Web Interface.

The XML Broker is a function of the Citrix XML Service. By default, the XML Service isinstalled on every server during XenApp installation. However, only the XML Service onthe server specified in the Web Interface functions as the broker. (The XML Service onother farm servers is still running but is not used for servicing end-user connections.) In asmall farm, the XML Broker is typically designated on a server dedicated to severalinfrastructure functions. In a large farm, the XML Broker might be configured on one ormore dedicated servers.

The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service.For clarity, the term XML Broker is used to refer to when the XML Service functions asthe intermediary between the Web Interface and the IMA service, regardless of whetherit is hosted on a dedicated server or collocated with other functions.

Design and Plan

47

48

Farm Terminology and Concepts

TerminologyThe XenApp planning documentation uses the following terminology:

Multi-user environment

An environment where applications are published on servers for use by multiple userssimultaneously.

Production farm

A farm that is in regular use and accessed by users.

Design validation farm

A farm that is set up in a laboratory environment, typically as the design or blueprint forthe production farm.

Pilot farm

A preproduction pilot farm used to test a farm design before deploying the farm acrossthe organization. A true pilot is based on access by select users, and then adding usersuntil all users access the farm for their everyday needs.

About InfrastructuresXenApp farms have two types of infrastructures:

l The virtualization infrastructure consists of the XenApp servers that deliver virtualizedapplications and VM hosted Applications, and XenApp servers that support sessions andadministration, such as the data store, data collector, Citrix XML Broker, Citrix LicenseServer, Configuration Logging database (optional), Load Testing Services database(optional), and Service Monitoring components.

l Access infrastructure consists of server roles such as the Receiver Storefront, WebInterface, Secure Gateway (optional), and Access Gateway (optional) that provideaccess administration.

In small deployments, you can group one or more server functions together. In largedeployments, you provide services on one or more dedicated servers.

Factors other than size can affect how you group server functions. Security concerns,virtualized servers, and user load play a part in determining which functions can becollocated.

Typically, in larger farms, you segregate session and administrative functions onto distinctservers. For small farms, you might have one server hosting infrastructure functions andmultiple servers hosting published applications.

Small farms that require redundancy might have one or two servers hosting session andadministrative functions. For example, in a small farm, the data store might be configuredon the same server as the data collector and the XML Broker and, perhaps also the CitrixLicense Server.

Medium and large farms might group similar functions. For example, the XML Broker mightbe grouped with the data collector. In some larger deployments, each infrastructure servicewould likely have one or more dedicated servers.

About Virtualization InfrastructureThe virtualization infrastructure, which is the center of a XenApp deployment, concerns thefollowing concepts:

Application enumeration

Application enumeration is when Citrix client software lists virtualized applicationsavailable on the XenApp servers. The client software transmits data to locate servers onthe network and retrieves information about the published applications. For example,during enumeration, Citrix Receiver communicates through the Citrix XML Service withthe XenApp server to determine applications available for that user.

Application publishing

To deliver an application to your users, whether virtualized on the desktop or the server,use the AppCenter to publish the application.

Citrix Licensing

A Citrix License Server is required for all XenApp deployments. Install the license serveron either a shared or stand-alone server, depending on your farms size. After you installthe license server, download the appropriate license files and add these to the licenseserver.

Data Store

The data store is the database where servers store farm static information, such asconfiguration information about published applications, users, printers, and servers. Eachserver farm has a single data store.

Data Collector

A data collector is a server that hosts an in-memory database that maintains dynamicinformation about the servers in the zone, such as server loads, session status, publishedapplications, users connected, and license usage. Data collectors receive incrementaldata updates and queries from servers within the zone. Data collectors relay informationto all other data collectors in the farm.

Farm Terminology and Concepts

49

By default, the data collector is configured on the first server when you create the farm,and all other servers configured with the controller server mode have equal rights tobecome the data collector if the data collector fails. When the zones data collectorfails, a data collector election occurs and another server takes over the data collectorfunctionality. Farms determine the data collector based on the election preferences setfor a server.

Applications are typically not published on the data collector.

Zones

A zone is a grouping of XenApp servers that communicate with a common data collector.In large farms with multiple zones, each zone has a server designated as its datacollector. Data collectors in farms with more than one zone function as communicationgateways with the other zone data collectors.

The data collector maintains all load and session information for the servers in its zone.All farms have at least one zone, even small ones. The fewest number of zones should beimplemented, with one being optimal. Multiple zones are necessary only in large farmsthat span WANs.

Streaming Profiles

You can deliver applications to users by either virtualizing them on the desktop(streaming) or by virtualizing them on the server (hosting). If you are virtualizingapplications on the desktop, either streaming to the client or server, create a streamingprofile server in your environment. To virtualize applications on the desktop, you createprofiles of the application and then store the profile on a file or Web server. The profileconsists of the manifest file (.profile), which is an XML file that defines the profile, aswell as the target files, a hash key file, the icons repository (Icondata.bin), and a scriptsfolder for pre-launch and post-exit scripts.

Receiver Storefront

Receiver Storefront authenticates users to XenDesktop sites and XenApp farms,enumerating and aggregating available desktops and applications into stores that usersaccess through Citrix Receiver or a Web page. The Receiver Storefront database recordsdetails of resource subscriptions and shortcuts to enable synchronization of users'desktops and applications across their devices.

Web Interface

You can use the Web Interface in any environment where users access their applicationsusing either Receiver or a Web browser. Install the Web Interface on a stand-alonecomputer; however, where resources are limited, the Web Interface can be collocatedwith other functions.

XenApp Web and XenApp Services Sites

XenApp Web and XenApp Services sites (formerly known as Access Platform and ProgramNeighborhood Agent Services sites, respectively) provide an interface to the server farmfrom the client device. When a user authenticates to a XenApp Web or XenApp Servicessite, either directly or through Receiver or the Access Gateway, the site:

l Forwards the users credentials to the Citrix XML Service

Farm Terminology and Concepts

50

l Receives the set of applications available to that user by means of the XML Service

l Displays the available applications to the user either through a Web page or byplacing shortcuts directly on the users computer

Citrix XML Broker and the Web Interface

The Citrix XML Broker functions as an intermediary between the other servers in the farmand the Web Interface. When a user authenticates to the Web Interface, the XML Broker:

l Receives the users credentials from the Web Interface and queries the server farmfor a list of published applications that the user has permission to access. The XMLBroker retrieves this application set from the Independent Management Architecture(IMA) system and returns it to the Web Interface.

l Upon receiving the users request to launch an application, the broker locates theservers in the farm that host this application and identifies which of these is theoptimal server to service this connection based on several factors. The XML Brokerreturns the address of this server to the Web Interface.

The XML Broker is a function of the Citrix XML Service. By default, the XML Service isinstalled on every server during XenApp installation. However, only the XML Service onthe server specified in the Web Interface functions as the broker. (The XML Service onother farm servers is still running but is not used for servicing end-user connections.) In asmall farm, the XML Broker is typically designated on a server dedicated to severalinfrastructure functions. In a large farm, the XML Broker might be configured on one ormore dedicated servers.

The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service.For clarity, the term XML Broker is used to refer to when the XML Service functions asthe intermediary between the Web Interface and the IMA service, regardless of whetherit is hosted on a dedicated server or collocated with other functions.

Farm Terminology and Concepts

51

52

Planning a Successful User Experience

Two key factors impact your users' satisfaction when working in a multi-user environment:how quickly sessions start, and how easily users can print.

Session Start-up TimesCertain factors can cause sessions to start slower than necessary.

l Printer autocreation policy settings - Consider limiting the number of printers that areautocreated if session start time is a factor.

l Network activities occurring independently of sessions - Operations such as logging onto Active Directory, querying Lightweight Directory Access Protocol (LDAP) directoryservers, loading user profiles, executing logon scripts, mapping network drives, andwriting environment variables to the registry, can affect session start times. Also,connection speed and programs in the Startup items within the session, such as virusscanners, can affect start times.

l Roaming profile size and location - When a user logs onto a session where Microsoftroaming profiles and home folders are enabled, the roaming profile contents and accessto that folder are mapped during logon, which uses additional resources. In some cases,this can consume significant amounts of the CPU usage. Consider using home folderswith redirected personal folders to mitigate this problem.

l Whether the data collector has sufficient resources to make load balancing decisionsefficiently - In environments with collocated infrastructure servers, Citrix suggestshosting the Citrix XML Broker on the data collector to avoid delays.

l License server location - For WANs with multiple zones, where the license server is inrelation to the zone.

Printing ConfigurationYour printing configuration directly affects how long sessions take to start and the traffic onyour network. Planning your printing configuration includes determining the printingpathway to use, how to provision printers in sessions, and how to maintain printer drivers.

Consider these recommendations:

l Use Citrix Universal printer drivers and the Universal Printer whenever possible. Thisresults in fewer drivers and less troubleshooting.

l Disable the automatic installation of printer drivers, which is the default setting.

l Adjust printer bandwidth using XenApp policy rules, if appropriate.

l If printing across a WAN, use the XenApp Print job routing policy rule to route print jobsthrough the client device.

l Test new printers with the Stress Printers utility, which is described in the CitrixKnowledge Center.

Choose printers that are tested with multiuser environments. Printers must be PCL or PScompatible and not host-based. The printing manufacturer determines whether printerswork in a XenApp environment, not Citrix.

Planning a Successful User Experience