white paper - citrix xendesktop 7 – blueprint

8/13/2019 White Paper - Citrix XenDesktop 7 Blueprint

1/20

Citrix XenDesktop 7Blueprint


2/20

Citrix XenDesktop 7 Blueprint

TABLE OF CONTENTSOverview ..................................................................................................................... 2Conceptual Architecture ............................................................................................ 3Detailed Architecture ................................................................................................. 4Next Steps ................................................................................................................. 12Glossary .................................................................................................................... 13Appendix: Remote PC .............................................................................................. 14Appendix: XenClient ................................................................................................ 15Appendix: Profile Policy Details ............................................................................. 16Appendix: Session Policy Details ........................................................................... 18


3/20


OverviewCreating a virtual desktop design is often considered to be a complex activity where hundreds ofdecisions must be made that directly and indirectly impact other decisions leading to confusion. However,when focusing on the common use cases, which typically accounts for the largest percentage of users,many of the decisions simply follow best practices, which are based on years of real-world

implementations.The Citrix XenDesktop 7 Blueprint provides a unified framework for developing a virtual desktop andapplication solution. The framework provides a foundation to understand the technical architecture for themost common virtual desktop/application deployment scenarios.

At a high-level, a virtual desktop solution is based on a unified and standardized 5-layer model.

1. User LayerDefines the unique user groups and overallrequirements

2. Access LayerDefines how a user group will gainaccess to their resources. Focuses on secure accesspolicies and desktop/application stores.

3. Resource LayerDefines the virtual desktops and

applications assigned to each user group

4. Control LayerDefines the underlying infrastructurerequired to support the users accessing their resources

5. Hardware LayerDefines the physical implementationof the overall solution

The XenDesktop 7 blueprint details the recommended architecture for the three most common scenarios:

1. A standardized desktop environment

2. A fully customizable desktop environment

3. Applications

Even though the blueprint focuses on these three common scenarios, XenDesktop 7 supports additionalmodels, including:

1. Remote access to a users physical desktop, explained inAppendix: Remote PC

2. Improved management of traditional desktops, explained inAppendix: XenClient

User Layer

Hardware Layer

Resource Layer

Control Layer

Access Layer

User Layer

Resource Layer

Access Layer

User Layer

Resource Layer

Access Layer


4/20


Conceptual ArchitectureWhen put into practice, the 5-layer virtual desktop model results in a conceptual architecture like thefollowing:

Based on the conceptual architecture, the following can be discerned:

Factory Line users utilize thin clients and directly access the desktop and app store where theyreceive a shared desktop based on Windows 2012, delivered with Machine Creation Serviceshaving a set of pre-installed applications appropriate for their role.

Engineers, using corporate owned devices, directly access a Windows 7 personal desktop with a

standard set of applications and the ability to install their own applications. Executives use multi-form factor devices (smartphones, tablets, etc) to access the environment

remotely through NetScaler Gateway, which delivers their resources via the store, which are on-demand apps.

As can be seen, each user group has a specific set of requirements that XenDesktop 7 delivers, somethat goes beyond the traditional VDI solution, but all integrated into a single architecture.

Note: The three virtual desktop models identified within the conceptual architecture do not constitute thecomplete scope of XenDesktop. Additional virtual desktop models are defined within the Appendix.

User Layer Access Layer Resource Layer Hardware Layer

Local

Thin Client

Factory Line

Local

Corporate Device

Engineers

Remote

Personal Device

Executives

Image

OS: Windows 7

Delivery: MCS

Applications Personalization

Installed App Inventory:

Office, CAD, User-installed

Personal vDisk: Yes

User Profile: Citrix PM

FlexCast:

Personal

Image

OS: Windows 2012

Delivery: MCS



Office, Plant Automation

Personal vDisk: No


FlexCast:

Shared

Factory Line

Physical Servers:

Virtual Machines:

Pools:

Storage Type:

Storage Space:

Storage IOPS:

Server-Based OS Pool

Physical Servers:

Virtual Machines:

Pools:

Storage Type:

Storage Space:

Infrastructure Server Pool

Desktop-Based OS Pool

Physical Servers:

Virtual Machines:

Pools:

Storage Type:

Storage Space:

Storage IOPS:

Remote Access

Image

OS: Windows 2012

Delivery: MCS



Office, FinApp, InvestTrack

Personal vDisk: No


Engineers

Desktop & App Store

FlexCast:

On-Demand AppsExecutives

Control Layer

Database Servers: 2

License Servers: 1

Infrastructure Controllers

XenDesktop: 2

Delivery Controllers

StoreFront: 2

NetScaler Gateway: 2

Access Controllers

Load Balancer

Enumeration

Traffic

HDX

Traffic

SSL

HDX

XML

HDX

SSL

SSL


5/20


Detailed ArchitectureThe high-level design for a standard virtual desktop solution is fairly straightforward by following the 5-layer model, which guides an organization to define the user groups before determining how they willaccess their resources. Once these aspects are defined, the design is finalized by detailing how thesolution is controlled and managed and how the hardware will support the defined solution.

User Layer

Aligning the user requirements with an appropriate virtual desktop is the initial step in creating a virtualdesktop solution.

Most environments typically have more than one type of user group with different requirements thatmust be met. However, even though there are many user groups within an organization, a largemajority often fit into one of the three distinct scenarios, which are identified in the following table:

Users needaccess to

Users include Endpoints include Commonlocation(s)include

IT Delivers

A standardizeddesktopenvironment

Factory line workers

Retail clerksBank tellers

Nurses station users

Call centers

Thin clients

PCs (new and old)Kiosks

Local, trustednetwork

Hosted Shareddesktops

A fullycustomizabledesktopenvironment

Office Workers

Consultants

Engineers

Thin clients

PCs (new and old)

Laptops

Local, trustednetwork or

Remote, untrustednetwork

Personal VDIdesktop

Applications Road Warriors

Executives

Tablets

Smartphones

Laptops

Local, trustednetwork or

Remote, untrustednetwork

On Demand Apps

Access Layer

Providing access to the environment includes more than simply making a connection to a resource.Providing the proper level of access is based on where the user is located as well as the securitypolicies defined by the organization.

In most environments, tougher security policies are put into place when users access the environmentfrom a remote, untrusted network as compared to a local, trusted network. This often includes tougherauthentication policies (like multi-factor authentication) and greater protocol protection with encryptionand encapsulation.

It is important to note that users might access the environment from different locations, requiringpolicies to be intelligent enough to detect and respond appropriately.

Based on the locations defined for each user group, the following are the most common access layerrecommendations.


6/20


Users connecting from Local, trusted network Remote, untrusted network

Authentication Point StoreFront NetScaler Gateway

Authentication Policy Simple authentication(username and password)

Multi-factor authentication(username, password and token)

Session Policy Not applicable Mobile and Non-Mobile

Session Protocol (Profile) ICA ICA Proxy

Note: For Remote, untrusted network two different session policies are used to provide the correctuser experience based on being on a mobile device (smartphone or tablet) versus a non-mobiledevice (laptop or desktop). The details for the session policies are detailed inAppendix: SessionPolicy Details.

Resource Layer

Users need access to their resources, whether those resources are desktops or applications. Theconfiguration of the resources must align with the overall needs of the user groups. In order to aligneach resource with each user group, the resource is defined across three separate but integrated

layers:

Image

The first part of the image definition is selecting the right operating system, which is based on thetype of desktop IT delivers to the user as well as the standards for the organization.

Shared Remote Desktop Services: Windows 2012 or Windows 2008R2

Virtual Desktop Infrastructure: Windows 8 or Windows 7

Apps on Demand: Windows 2012 or Windows 2008R2

The second aspect of the image definition is the delivery fabric, which is independent of theselected operating system. XenDesktop 7 includes two integrated solutions focused on providingdifferent benefits to an organization. These options are:

Machine Creation Services (MCS): Utilizes the hypervisor and storage infrastructure (localor shared storage) to create unique, thin provisioned clones of a master image, which caneither be a desktop-based OS or a server-based OS. Due to the focus on simplicity, MCSrequires no extra hardware and utilizes functions within the hypervisor. Due to thesimplicity of MCS, it is the recommended option for deployments that do not requiredesktop delivery to physical targets.

Provisioning Services (PVS): Utilizes the network infrastructure to deliver required portionsof an image, just-in-time, to a physical or virtual machine with either a desktop-based OSor a server-based OS. Although PVS does require additional virtual servers to host thePVS technology, it can save on storage costs reducing read IOPS across any hypervisor.

Applications

The most important aspect of the resource layer is the applications, which is what the users aretrying to access. In order to have a successful application delivery solution, the appropriateapplications must be

Installed: The applications are installed in the master image. Even though this option canresult in a greater number of master images if the application sets between user groupsgreatly differ, it is the recommended approach due to its simplicity and familiarity.

Streamed: The applications are dynamically delivered to the virtual/physical desktop/serverwhen requested, with a solution like Microsoft App-V. This solution requires new


7/20


technology and additional infrastructure, but is the most dynamic option resulting in thefewest number of master images.

User-based: Many applications are not managed or maintained by IT, and are considereduser-based applications. Due to the small percentage of users who use these applications,it is not justified to make these applications IT-managed applications. Users who requireuser-based applications can either

o Receive a personal desktop where they can install and maintain their own set ofapplications through XenDesktop Personal vDisk technology.

o Seamlessly access applications installed on their physical endpoint within theirvirtualized desktop session with the use of Local App Accesspolicy.

Personalization

The first part for defining the levels of personalization allowed for each user group is to define theneed for Personal vDisk, which should only be used for those users who have the requirements ofinstalling and managing their own set of applications.

Users who are granted use of the Personal vDisk still rely on a standard master image except alluser changes are stored in a dedicated, persistent virtual disk. This technique allows an

administrator to update and maintain the master image while user-level changes persist.The second part of the personalization definition is deciding on the profile policy for each usergroup. Ideally, each user group should have the same policy in order to make management andtroubleshooting easier, but different policies can be used if required. The recommended baseprofile policy is as follows:

Profile Management Policy Setting

Basic Settings: Enable Profile Management Enabled

Basic Settings: Path to User Store Select path (organization specific)

Basic Settings: Process logons of local administrators Enabled

File System: Exclusion listdirectories SeeAppendix: Profile Policy Details

File System: Directories to Synchronize SeeAppendix: Profile Policy Details

File System: Files to Synchronize SeeAppendix: Profile Policy Details

File System: Folders to Mirror SeeAppendix: Profile Policy Details

Profile Handling: Local profile conflict handling Delete local profile

Streamed User Profiles: Profile streaming Enabled

Folder Redirection: AppData(Roaming)

Folder Redirection: Contacts

Folder Redirection: Desktop

Folder Redirection: Documents

Folder Redirection: Downloads

Folder Redirection: Favorites

Folder Redirection: Music

Folder Redirection: Pictures

Folder Redirection: Videos

Path

The final portion of the personalization definition is the assignment of user/computer policies. Theuser/computer policy helps define how the session is configured based on the users end pointdevice, location or accessed resource. Recommended policies are as follows:


8/20


Unfiltered: The unfiltered policy is the system-created default policy providing a baselineconfiguration for an optimal experience. Each user group receives this policy withadditional policies incorporated to customize the experience based on use case or accessscenario.

Remote access policy - Optimized for WAN: The remote access policy includes settings tobetter protect the resources as they will be accessed from remote and potentially unsecure

locations. Applied to all sessions coming through NetScaler Gateway.

Local access policy - High Definition User Experience: The local access policy focuses ona high quality user experience at the expense of bandwidth, which should be plentiful on alocal connection scenario.

Mobile device policy: The mobile device policy helps improve the user experience for anyuser who utilizes a tablet, smartphone or other small form factor device.

Once defined, each policy must be properly applied to the right set of objects and scenarios.These policies are applied as follows:

Policy Name Settings or Template Assigned to

Unfiltered Not applicable Not applicable

Remote accesspolicy

Template:

Optimized for WAN

Access ControlWith NetScalerGateway

Local accesspolicy

Template:

High Definition User Experience

Access ControlWithout NetScalerGateway

Mobile devicepolicy

Mobile Experience

Automatic keyboard display: Allowed

Launch touch-optimized desktop: Allowed

Remote the combo box: Allowed

User group name

Control Layer

Every major design decision made for all user groups in the User, Access and Resource layers areused as a whole to help design the control components of the overall solution.

The design decisions for each user group are met by incorporating the correct control layercomponents, which includes access controllers, delivery controllers and infrastructure controllers.

Access Controllers

Access controllers are responsible for providing the connectivity to the resources as defined by theAccess Layer. In order to provide access to the environment for users who are internal andexternal, two components are required:

StoreFront: Internal users access a StoreFront store either directly through CitrixReceiver or via the StoreFront web page. StoreFront not only provides a complete list of

available resources for each user, but it also allows users to favorite certainapplications, which makes them appear prominently. The subscriptions aresynchronized to the other StoreFront servers automatically. Upon successfulauthentication, StoreFront contacts the Delivery Controller to receive a list of availableresources (desktops and/or applications) for the user to select. Redundant StoreFrontservers should be deployed to provide N+1 redundancy where in the event of a failure,the remaining servers have enough spare capacity to fulfill any user access requests.

NetScaler Gateway: Remote users access and authenticate to the NetScaler Gateway,which is located within the networks DMZ. Upon successful validation against ActiveDirectory, NetScaler Gateway forwards the user request onto StoreFront, which


9/20


generates a list of available resources. This information is passed back to the userthrough NetScaler Gateway. When a user launches a resource, all traffic between theuser and NetScaler Gateway is encapsulated within SSL en-route to the virtual resource.Redundant NetScaler Gateway devices should be deployed to provide N+1 redundancy.

Load Balancers: Based on the N+1 recommendations for many of the control laye rcomponents, it is advisable to have an intelligent load balancing solution in place, which

is capable of not only identifying if the server is available, but also that the respectiveservices and functioning and responding correctly. Implementing an internal pair ofNetScaler VPX virtual servers can easily accommodate the load balancing requirementsfor the solution.


The delivery controllers manage and maintain the virtualized resources for the environment. Thedelivery controllers receive the authentication information from the access controllers andenumerate a list of resources granted to the user. As users make requests to a resource, thedelivery controller brokers the connection between the user and resource. The authentication,enumeration and launching process is as follows:

The process functions as follows:

Step Local Users Remote Users

1. A user initiates a connection to the StoreFrontURL (443), which can be a virtual address hostedby a load balancer, and provides logoncredentials. This can either be done by using a

browser or Citrix Receiver.

A user initiates a connection to the NetScalerGateway URL (443) and provides logoncredentials. This can either be done by using abrowser or Citrix Receiver.

2. The credentials are validated against ActiveDirectory (389).

3. NetScaler Gateway forwards the validated usercredentials to StoreFront, which can be a virtualaddress hosted by a load balancer (443).

4. StoreFront authenticates the user to Active Directory domain (389) it is a member of. Upon successfulauthentication, StoreFront checks the data store for existing user subscriptions and stores them inmemory.

Access LayerUser Layer Resource Layer Hardware Layer

Local

Thin Client

Factory Line

Local

Corporate Device

Engineers

Remote

Personal Device

Executives

Image Applications Personalization

FlexCast:Personal


FlexCast:

SharedFactory Line

Physical Servers:Virtual Machines:

Pools:

Storage Type:

Storage Space:Storage IOPS:

Server-Based OS Pool

Physical Servers:

Virtual Machines:

Pools:Storage Type:

Storage Space:


Desktop-Based OS Pool

Physical Servers:Virtual Machines:

Pools:

Storage Type:

Storage Space:Storage IOPS:

Remote Access


Engineers

Desktop & App Store

FlexCast:

On-Demand AppsExecutives

Control Layer

Database Servers: 2

License Servers: 1


XenDesktop: 2


StoreFront: 2


Access Controllers

Load Balancer

1, 9,

14

1, 9

2

3, 9

4

5, 10

6

7, 11

8, 12

13

14

14

16

15


10/20


5. StoreFront forwards the user credentials to the Delivery Controllers (80 or 443), which could be a virtualaddress hosted by a load balancer.

6. The Delivery Controller validates the credentials against Active Directory (389).

7. Once validated, the XenDesktop Delivery Controller identifies a list of available resources by queryingthe SQL Database (1433).

8. The list of available resources is sent toStoreFront (443), which populates the users CitrixReceiver or browser (80 or 443).

The list of available resources is sent toStoreFront (443), which populates the users CitrixReceiver or browser after passing throughNetScaler Gateway (80 or 443).

9. A resource is selected from the available listwithin Citrix Receiver or browser. The request issent to StoreFront (443).

A resource is selected from the available listwithin Citrix Receiver or browser. The request issent to StoreFront through NetScaler Gateway(443).

10. StoreFront forwards the resource request to the Delivery Controller (80 or 443).

11. The Delivery Controller queries the SQL Database to determine an appropriate host to fulfill the request(1433).

12. The Delivery controller sends the host and connection information to StoreFront (443).

13. StoreFront creates a launch file, which is sent tothe user (443).

StoreFront requests a ticket by contacting theSecure Ticket Authority (80 or 443), which ishosted on the Delivery Controller. The STAgenerates a unique ticket for the user, which isonly valid for 100 seconds. The ticket identifiesthe requested resource, server address and portnumber thereby preventing this sensitiveinformation from crossing public network links.

StoreFront generates a launch file, including theticket information, which is sent to the userthrough NetScaler Gateway (443).

14. Citrix Receiver uses the launch file and makes aconnection to the resource (1494 or 2598).

Citrix Receiver uses the launch file and makes aconnection to the NetScaler Gateway (443).

15. NetScaler Gateway validates the ticket with theSTA (80 or 443)

16. NetScaler Gateway initiates a connection to theresource (1494 or 2598) on the users behalf.

In addition to the authentication, enumeration and launching process, the delivery controllersmanage and maintain the state of the XenDesktop site to help control desktop startups, shutdownsand registrations. The controllers constantly query and update the Microsoft SQL Server databasewith site status, allowing controllers to go offline without impacting user activities.

Redundant delivery controllers should be configured to ensure availability of the site should asingle controller fail.


In order to have a fully functioning virtual desktop environment, a set of standard infrastructurecomponents are required. These components include:

Network Services, like DNS and DHCP, for name resolution and IP address assignment.

Active Directory for user authentication


11/20


SQL Server databases for storing all configurations, desktop and current utilizationinformation. The SQL Server instance should be highly available to ensure continuousoperation.

Citrix licensing server to provide rights to access the environment. A license server isrequired for all components within the XenDesktop architecture, except for NetScalerGateway, which is manually configured with a local license file. Because of a 30-day grace

period built into the licensing model, a single license server can be implemented as a VMor virtual appliance configured for VM-level high availability. A failed license server caneasily be rebuilt and restored from backup within the allotted 30-days without impactingoperations of the overall environment.

Hardware Layer

The hardware layer is the physical implementation of the virtual desktop solution. It includes decisionson the storage fabric and server footprint, which are often decisions made based on relationshipsorganizations have with different vendors.

The selection of a type of storage directly impacts the recommend type of server just like the type ofserver selected directly impacts the recommended storage.

Storage Fabric

Storage is often considered one of the most important and complex decisions in a virtual desktopsolution. In addition to impacting the cost of the solution, the selected storage fabric also impactsthe available options for physical server footprint, which is why selecting a storage solution is thefirst step in the hardware layer design.

Storage Type Benefits Concerns Appropriate for

Local Storage Inexpensive

Simple to deploy

Virtual machines are inaccessibleif physical server is offline

Limited number of disk spindles(based on server design)

Longer operational processes aseach local store must be updated

Rack servers

DirectAttachedStorage

Moderate expense

Virtual machine migration whenphysical server is offline

Failure on DAS array can impactmultiple physical servers

DAS interconnects consumevaluable space in a blade chassis

Limited number of connections toa DAS array

Rack servers

CentralizedStorage

Shared master image acrossphysical servers

Virtual machine migration whenphysical server is offline

Simple expansion

Advanced features to help offset

costs

Expensive

Complex

Often requires storage tiers tocontrol costs

Blade servers

Regardless of the storage fabric selected, an appropriate amount of storage resources (space andIOPS) must be available in order to provide an acceptable user experience.

Server Footprint

At the hardware layer of the virtual desktop design, organizations must decide on the hardwarefootprint, which generally is a decision between blade servers and rack servers.


12/20


Server Type Benefits Concerns Appropriate for

Blade Servers Higher density within sameamount of rack space

Consolidated network cablingrequiring fewer core switch ports

Upfront costs are generally higher

Limited amount of internalstorage

Largedeployments withshared storage

Rack Servers Large amount of local storageAdding network capacity simplyrequires new network card

Greater power requirementsUses more switch ports

Less density within a rack

Large or smalldeployments withlocal storage


13/20


Next StepsThe XenDesktop 7 blueprint is the first step towards delivering a virtual desktop solution within anorganization. Based on the unified infrastructure of XenDesktop 7, there are few decisions thatfundamentally impact the overall architecture. In fact, the two decisions that are unique for eachorganization are contained within the Hardware layer and are based solely on the organizations

anticipated deployment size and existing relationships with storage and server vendors.To learn more about the potential a solution like XenDesktop 7 can provide, it is recommended to followthe prescribed roadmap in order to gain knowledge and firsthand experience.

XenDesktop 7 Blueprint: A layered solution for all successful designs & deployments, focusing onthe common technology framework and core decisions.

Getting Started Guide:Prescriptive guide for getting 5-10 users deployed quickly and easily in anon-production environment.

Key Project Design Guides:Recommended designs, with hardware layer planning numbers, forcommonly used implementations, which can be combined together to form a more completesolution.
http://www.citrix.com/wsdm/restServe/skb/attachments/RDY8316/XenDesktop%207%20Reviewer%20Guide.pdfhttp://www.citrix.com/wsdm/restServe/skb/attachments/RDY8316/XenDesktop%207%20Reviewer%20Guide.pdfhttp://www.citrix.com/products/xendesktop/overview.htmlhttp://www.citrix.com/products/xendesktop/overview.htmlhttp://www.citrix.com/products/xendesktop/overview.htmlhttp://www.citrix.com/wsdm/restServe/skb/attachments/RDY8316/XenDesktop%207%20Reviewer%20Guide.pdf


14/20


GlossaryHosted Shared Desktop: A type of virtual desktop based on a Windows server operating system. Thistype of virtual desktop is sometimes referred to as Remote Desktop Services (RDS) or Hosted ServerVirtual Desktops (HSVD). With Hosted Shared Desktop, multiple users share the same desktop but theirsessions are separated through session virtualization.

Machine Creation Services:An image delivery technology, integrated within XenDesktop that utilizeshypervisor APIs to create unique, read-only and thin provisioned clone of a master image where all writesare stored within a differencing disk.

On Demand Apps:A type of virtual desktop based on Windows server operating system. This type ofvirtual desktop is sometimes referred to as virtual applications, published applications or seamlessapplications. On Demand Apps are similar in approach to Hosted Shared Desktops, except that thephysical desktop interface is hidden from the user. When a user uses an On Demand App, they only seethe application and not the underlying operating system, making On Demand Apps a powerful solution formobile devices.

Personal VDI: A type of virtual desktop based on a Windows desktop operating system. This type ofvirtual desktop provides a unique Windows desktop to each user either for the duration of the session orindefinitely.

Personal vDisk:A technologyused on conjunction with Personal VDI desktops allowing for completepersonalization while still utilizing a single, read-only master image. Any changes made the masterimage are captured and stored within a virtual hard disk attached to the virtual machine. Changes arecataloged in order to allow an administrator to update the master image without impacting user-levelchanges.

Provisioning Services:An image delivery technology, integrated within XenDesktop, which utilizes PXEbooting and network streaming. A target device requests and receives appropriate portions of the masterimage from the provisioning server when needed. Any changes made during the duration of the sessionare stored in a temporary write cache.

Profile Management:A user profile solution, integrated with XenDesktop, that overcomes many of thechallenges associated with Windows local, mandatory and roaming profiles through proper policyconfiguration. Profile Management improves the user experience by capturing user-based changes to theenvironment and by improving user logon/logoff speed.


15/20


16/20


Appendix: XenClientCitrix XenClient extends the benefits of desktop virtualization to corporate laptops so users can work fromanywhere and at any time, whether they have slow, intermittent or no network access. In addition, withCitrix XenClient, IT is better able to manage and secure the distributed desktop environment whilecontinuing to use a traditional endpoint device, like corporate laptops or desktops.

As XenClient requires a minimal infrastructure, the costs associated with a XenClient solution aresignificantly lower than traditional VDI solutions.

XenClient provides a solution for IT to better manage desktops that cannot be centralized due toconnectivity limitations or datacenter server and storage costs. Based on the user requirements andconfiguration, a user can either receive a standard desktop with limited personalization or a completelypersonal desktop experience utilizing Personal vDisk technology.

Users need accessto

Users include Endpoints include Commonlocation(s)include

IT Delivers

A personalized localdesktop

Road Warriors Laptops Remote locationswith limitedconnectivity

XenClient

A standard localdesktop

Retail clerks

Bank Tellers

Lab students

Desktops Training centers

Distributed offices

XenClient

XenClient utilizes the following components:

NetScaler Gateway to provide secure, remote access to Synchronizer

Synchronizer to deliver and manage the distributed local virtual machines

Database server to store the configuration and delivery information for the user and desktop

License server to provide the necessary license to the users desktop

User Layer Access Layer Resource Layer Hardware Layer

Remote

User

Image

OS: Windows 7 or 8

Delivery: Synchronizer



N/A

Personal vDisk: Yes


FlexCast:

XenClient

Physical Servers:

Virtual Machines:

Pools:

Storage Type:

Storage Space:


Remote Access

Control Layer

Database Servers: 2

License Servers: 1


Synchronizer: 2



Access Controllers

Synchronizer

Synchronization

Traffic

SSL

User

Corporate Device


17/20


Appendix: Profile Policy DetailsThe following outlines the initial inclusion/exclusion configurations recommended for an optimized userprofile policy.

Policy Setting(s)

List of excluded files AppData\Local

AppData\LocalLow

AppData\Roaming\Citrix\PNAgent\AppCache

AppData\Roaming\Citrix\PNAgent\Icon Cache

AppData\Roaming\Citrix\PNAgent\ResourceCache

AppData\Roaming\ICAClient\Cache

AppData\Roaming\Microsoft\Windows\Start Menu

AppData\Roaming\Sun\Java\Deployment\cache

AppData\Roaming\Sun\Java\Deployment\log

AppData\Roaming\Sun\Java\Deployment\tmp

Application Data

CitrixContacts

Desktop

Documents

Favorites

Java

Links

Local Settings

Music

My Documents

My Pictures

My Videos

Pictures

UserData

Videos

AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

AppData\Roaming\Macromedia\Flash Player\#SharedObject

AppData\Roaming

Downloads

Saved Games

Searches

SynchronizedDirectories

AppData\Roaming\Microsoft\Credentials

AppData\Roaming\Microsoft\Crypto

AppData\Roaming\Microsoft\Protect

AppData\Roaming\Microsoft\SystemCertificates

AppData\Local\Microsoft\Credential

Synchronized Files Microsoft Outlook

AppData\Local\Microsoft\Office\*.qat

AppData\Local\Microsoft\Office\*.officeUI

Google Earth

AppData\LocalLow\Google\GoogleEarth\*.kml


18/20


Mirrored Folders AppData\Roaming\Microsoft\Windows\Cookies


19/20


Appendix: Session Policy DetailsDevices are commonly grouped as either non-mobile (such as Windows desktop OS based), or mobile(such as iOS or Android). Therefore, a decision whether to provide support for mobile devices, non-mobile devices, or both should be made based on user group requirements.

To identify mobile and non-mobile devices, session policies defined on NetScaler Gateway should includeexpressions such as:

Mobile Devices:The expression is set to REQ.HTTP.HEADER User-Agent CONTAINSCitrixReceiver which is given a higher priority than the non-Mobile device policy to ensure mobiledevices are matched while non-Mobile devices are not.

Non-Mobile Devices:The expression is set to ns_true which signifies that it should apply to alltraffic that is sent to it.


20/20