Whether we like it or not, change is upon us. The evolution in technology has changed the way we work, learn, and live. In fact, the world has become so data driven that we can subscribe to any type of data we want and receive it through our laptop or mobile device at any given location and time. In order to make all of this possible, something else had to be transformed—information technology. Nothing amazes me more than the change we've experienced in IT over the past 15 years. With the advancement of wireless communications, virtualization, cloud computing, and software-defined networking, IT organizations have had to adapt faster than ever to new demands from end users and management teams alike, while getting accustomed to a permanently steep learning curve. Amidst all these changes experienced in the technology sector, a company called Citrix (formerly known as Xitrix in the early 90s) took a simple and very intuitive concept and transformed it into an industry standard—and this is the mobile workstyle. Enabling companies to allow their employees to work from anywhere (and eventually on any device they want), while saving big on hardware and without compromising security—sounds too good to be true? Well, it's here to stay. The big question is how you transform your existing IT infrastructure that has no Citrix software installed on it into a complete and production-ready Citrix solution that will boost the productivity of your users, save unnecessary expense for your management team, and minimize administration efforts for the IT department. Hopefully, you will find the answer you are looking for in this book, and you will enjoy the journey in the meantime.
In this chapter, you will learn about the following topics related to Citrix virtualization:
Hardware and application virtualization
Introduction to Microsoft Remote Desktop Services and Citrix XenApp
Design changes and feature enhancements in XenApp 7.x
Application delivery methodologies in XenApp 7.x
Microsoft and Citrix licensing models
Citrix components used for networking and web access
The XenApp supportability matrix and important product lifecycle dates
Citrix certifications needed to advance your career
Before we dive into application virtualization with Citrix XenApp, it is important to make sure we have a fundamental understanding of virtualization. This is not meant to be a by-the-book definition, and generally, most definitions in this book will target your common sense and intuition rather than your ability to memorize dry material. If you are an experienced virtualization engineer, feel free to skip this section.
So, what is hardware virtualization? In a broader sense, it is the unlocking of the OS layer from the underlying physical hardware, making it possible to run multiple OSes (also referred as guest OSes) on top of a single hardware entity. Let's take, for example, a rack server. In a traditional IT infrastructure, we would ship the rack to our data center (or server room), install Windows 2012 R2 on it, and enable Internet Information Services (IIS) to run a web server. In this one-on-one relationship, we run a single instance of an OS and a single server role on a physical machine. So, if we require twenty web servers to manage our website, in a traditional environment, we would need to purchase twenty physical servers. Instead, if we decide to virtualize our workloads, we can install a piece of software, known as a hypervisor, onto our rack server that can run multiple guest OSes or VMs. We can now scale up and build many web servers on this single hypervisor, provided that it has sufficient processors and RAM. Since we have installed this software into bare metal and not on top of another OS, this is known as a Type-1 hypervisor. Citrix XenServer and VMware ESX are examples of Type-1 hypervisors. However, our options do not end here. If we decide to install a traditional OS, such as Windows 2012 R2 or Linux RedHat, onto our rack, we can then place a hypervisor on top of the OS and run multiple VMs. This is defined as a Type-2 hypervisor. Sun VirtualBox and VMware Workstation are examples of Type-2 hypervisors.
Most hypervisor platforms have a Graphical User Interface (GUI), which makes administration of guest OSes extremely efficient as you have your entire environment in the palm of your hand. Examples of management consoles are XenCenter (for Citrix XenServer), vSphere (for VMware ESX), and SCVMM (for Microsoft Hyper-V). Hypervisor installation and configuration is beyond the scope of this book. VM configurations, however, will be covered in Chapter 2, Designing a Citrix® Solution to Fit Your Needs, to the extent that they are relevant to the Citrix XenApp design. The following diagram illustrates the layout of Type-1 and Type-2 hypervisors:
Now that we have a better understanding of hardware virtualization, we can focus on application virtualization. App virtualization is similar to hardware virtualization in the sense that the upper layer is separated from its underlying components. The former, however, entails the isolation of an application from its original OS and the application itself is presented to the end user as if it were native to their device regardless of the OS in use. For instance, Betty can launch a Windows-based accounting app from her Linux home computer, but this app actually runs on a server in the data center and not locally on her machine. This way, she can use any device she wants in order to fill out her spreadsheets and this application never gets exposed to any potential security threats from her device because it never actually executes on her machine. This is the key concept behind application virtualization that is addressed by the Citrix XenApp solution in an enterprise environment. One of many other use cases is running 32-bit apps on a 64-bit endpoint OS. This comes in very handy for financial services companies and healthcare institutions that rely heavily on legacy applications that are not being updated on a regular basis. However, what if Betty wants the full desktop experience instead of individual application instances? In this case, IT can assign a Windows 2012 R2 desktop to her that multiple other users share at the same time. Technically, this is referred to as desktop virtualization; however, in the context of Citrix and Microsoft, it is accomplished by the same product suite—Citrix XenApp in conjunction with Microsoft Remote Desktop Services (formerly known as Terminal Services).
Remote Desktop Services (RDS) from Microsoft is an essential platform and a requirement for app virtualization via Citrix XenApp. It is a role in Windows 2012 Server that enables users to share a physical or virtual desktop located in the data center over the network via the Microsoft proprietary RDP protocol. Every user in an RDS environment needs an RDS license in order to use a remote desktop or application. RDS licensing can be per user or per device. These are also known as Client Access Licenses (CALs). Commonly, organizations employ a per user license, which allows one user to have access to all the instances of a particular product (for example, RD hosts), while device licenses make sense in an environment where multiple users connect to a single RD Host from the same computer (for example, shift workers using kiosks, and so on). So, you may find yourself wondering why you need Citrix in the first place when you can deliver remote apps and desktops to your users by simply configuring RDS on a Windows 2012 server. A lot has been said about the two products and the main arguments in favor of Citrix XenApp are the level of granularity involved in configuring and administering the environment, the security of the Citrix proprietary Independent Computing Architecture (ICA) protocol, and the endpoint device support. Currently, 95% of Fortune 500 companies use XenApp to deliver applications and desktops to their end users, and Citrix has been focused on developing its virtualization portfolio for well over a decade with cloud networking and mobility products recently acquired to complete the circle of workspace transformation.
XenApp 7.6 (formerly known as Presentation Server, MetaFrame, and WinFrame) is an application virtualization software built to deliver a secure and highly-customizable set of applications and desktops to end users regardless of their location or endpoint device type. XenApp's Virtual Delivery Agent (VDA) is installed on an RDS-enabled Windows Server OS, while the XenApp environment (also known as a farm or site) is managed by a Delivery Controller installed on a separate non-RDS Windows server. The applications can be installed on the XenApp VDA server, and a client software called Citrix Receiver needs to be deployed on the user's endpoint device to enable application launching. We will explore the XenApp architecture in further detail in Chapter 2, Designing a Citrix® Solution to Fit Your Needs, but, for now, it is important to remember (much like other enterprise software) that there is a management component (also known as a controller or broker) and a delivery agent. The communication between the two is vital for an operational environment. The following diagram illustrates the conceptual architecture of XenApp:
XenApp 7.6 uses a proprietary Citrix communication protocol called ICA. ICA transmits data intercepted by XenApp from an application running on the server to the Citrix Receiver on the client device over standard network protocols, such as TCP/IP and, formerly, IPX/SPX. From the client side, when a user interacts with the application (for example, a mouse movement or keyboard input), the Receiver software on the client device circulates the traffic back to the application running on the XenApp server. Multiple virtual channels exist within the ICA protocol, such as multimedia, printing, USBs, smart cards, and others. These virtual channels define various functions within the ICA stream and different settings can be applied to control their impact based on the requirements of the environment. In Chapter 11, Administering a XenApp® Environment – Server Management, we will go into further details regarding Citrix group policies that can be implemented to manage application security and user experience. The following diagram illustrates the ICA protocol and virtual channels:
Citrix XenApp 7.6 uses the FlexCast Management Architecture (FMA), which is conceptually the same model used by Citrix XenDesktop. In fact, in 2013, Citrix merged the XenApp and XenDesktop technologies into a single delivery platform under the umbrella of XenDesktop 7.0. Starting with XenDesktop 7.0, you could deliver both applications and Virtual Desktop Infrastructure (VDI) from a single pane of glass. However, less than a year later, Citrix reintroduced XenApp as a standalone licensed product, which once again used the same integrated management model as XenDesktop FMA. You do not have to purchase XenDesktop licenses in order to use XenApp. The latter can also be deployed on both virtual machines and physical servers depending on the nature of the existing infrastructure.
Older versions of XenApp, such as 6.5, have a completely different design than 7.x releases. Pre-7.x XenApp uses Independent Management Architecture (IMA) as its operational platform. Citrix has since moved away from IMA and onto FMA, which is a more service-oriented multiproduct platform. If you've had previous experience with XenApp, you will find that 7.5 and 7.6 have a completely different look and feel than older versions. There have been significant changes in administration as well. Here are some examples of architectural modifications in 7.x:
Server management: Application delivery and farm administration is no longer managed from the XenApp server itself but rather from the Citrix Delivery Controller. Application and desktop configuration can also be configured by a server with the Citrix Studio console installed. The Delivery Controller's only unique roles are user access and optimization of connections.
Graphical User Interface (GUI): Citrix Studio (formerly known as Desktop Studio) has replaced the AppCenter and Delivery Services Console.
Database: XenApp no longer uses a local host cache, mirroring the data from the primary SQL data store to a local access database. FMA relies on the high-availability features set in the SQL server instead.
Provisioning methods: Machine Creation Services (MCS) can now be leveraged to provision XenApp servers from a single master image. Previously, they could only be deployed as standalone machines on a hypervisor or via Citrix Provisioning Services (PVS).
Session PreLaunch (available in 6.5): This refers to sessions that are launched before users request them
Session Lingering (available in 6.5): This refers to sessions that are not terminated when a user disconnects from an application
Anonymous logon: This refers to credentials not being required in Citrix Receiver or StoreFront, and users can authenticate directly at the application level
Connection leasing: This refers to session information that is cached locally on the Delivery Controller so that if a SQL server outage occurs and the Delivery Controller loses connectivity to the site database, users who request new sessions can be connected to their applications and desktops
Citrix enables you to deliver resources to end users in a variety of ways. Which model fits your environment best will depend on the business purpose of your solution. There are three methods for application delivery via XenApp—hosted apps, streamed apps, and hosted shared desktops. Let's have a look at them:
Hosted apps: With this model, the application is installed on the XenApp server and will execute there as users launch instances of it on their client devices. The application will consume CPU and RAM on the server and multiple instances of the same process will appear in Task Manager.
Application streaming: In this delivery model, apps are packaged and streamed to the endpoint device via Microsoft App-V as part of the XenApp store. With this method, apps will execute and consume the compute resources of the endpoint device instead of the XenApp server.
Hosted shared desktops (HSD): This model is the right approach if the requirement of the environment is to present a full desktop to users instead of individual apps. With the hosted shared model, the XenApp server itself is presented to the end user as a full desktop launched from their Citrix Receiver and it can be shared among multiple users at the same time. The number of users that can utilize the desktop simultaneously is determined by the compute resources allocated to the server and the nature of the applications being run within this desktop. In Chapter 9, Administering a XenApp® Environment – Application Management, you will learn how to deploy the different models of application delivery with Citrix XenApp.
The XenDesktop model allows a user to have a dedicated OS and not share resources with other users by delivering a desktop to the user. The desktop can be pooled or private. Pooled desktops are nonpersistent and any changes made by the user outside of their profile are not retained upon reboot. Dedicated desktops are also assigned to a single user. All changes made by the user to the underlying system are retained after a reboot much like a physical computer when a personal vDisk is configured for users. Bear in mind that this approach is only available if you have a XenDesktop concurrent or user/device license.
In this section, we will explore the user logon process in XenApp in a hosted app scenario. As explained earlier, the true power of XenApp is that a user can launch a variety of remote applications running in a server environment at any time on any device. This is a brief overview of how the traditional logon process in XenApp 7.6 works:
A user launches Citrix Receiver on a client device or opens a web browser and navigates to a web portal supplied by an IT administrator.
The user types in their credentials in Citrix Receiver or StoreFront.
Upon successful authentication, the user is presented with an app store showing the applications and desktops assigned to them by the administrator.
The user clicks on one of the applications or desktops available in the store.
Within a few seconds, the application runs on their workstations and they are able to use their business application as if it were local to their device. For customers who cannot have the Receiver client installed on user devices, Citrix has included the Receiver for HTML5, which is configured on the StoreFront server and runs a virtual session inside the web browser.
Now, let's take a look at how the Citrix infrastructure makes the aforementioned transaction possible on the backend:
Upon user login, either Citrix StoreFront or NetScaler Gateway (depending on the frontend solution used) passes the credentials to Active Directory (AD), which validates them and passes the information over to the Delivery Controller.
Delivery Controller polls back AD and checks in the SQL database to determine what resources are assigned to the user.
Hosted applications and desktops are enumerated in the user's Receiver store.
When the user clicks on an app, StoreFront transmits an ICA file to Citrix Receiver on the client device. Receiver then uses the file to establish an ICA session.
When a session is granted by the Delivery Controller and the application is launched, a Receiver progress bar is displayed on the endpoint and during this phase, the user profile is loaded and group policies and any logon scripts are applied for this particular session.
With XenApp 7.6, the session prelaunch and lingering features can be leveraged to reduce wait times for the application to start by shifting profile load, GPO processing, and logon scripts to an earlier time. The benefits and functionality of these features are demonstrated in Chapter 10, Administering a XenApp® Environment – Application Management.
An entire book can be written on licensing a Citrix environment, its underlying components, and how to make the best decision on what license to purchase. To sum up, three product editions are available for XenApp—Advanced, Enterprise, and Platinum. Advanced offers a basic set of features required to build an application virtualization solution, such as the ability to publish apps and desktops. Enterprise and Platinum provide a rich set of functionalities, such as image management via PVS and comprehensive monitoring tools that are needed to operate a large environment with business-critical applications and no fault tolerance.
Visit http://www.citrix.com/go/products/xendesktop/feature-matrix.html for the most up-to-date Citrix product matrix.
It is important to note that the XenDesktop Enterprise and Platinum editions include XenApp, so if you were to purchase XenDesktop, you would have the flexibility to publish applications and shared desktops as well as dedicated end-user OSes. XenApp licensing is based on a session concurrency model where each user needs to be granted a license when a session (running application) is initiated. This license is returned to the license pool when a session terminates. The next time the same user launches an application, they are granted a new license. In other words, a license is not permanently tied to a user or a device, but is rather granted for the current session only.
After purchasing Citrix licenses, license files need to be installed on a Citrix license server version 11.12, which can reside on a Windows 2008 or 2012 OS, and it is also available as a Linux-based VPX (virtual appliance) imported directly to the hypervisor. The license service software can be downloaded from http://www.citrix.com/. During the first deployment presented by this book, you will learn how to work with Citrix license files and troubleshoot a Citrix licensing component.
Most big vendors have a licensing structure that is often times a bit more complicated and cumbersome than we would like it to be. Furthermore, it can lead to unnecessary costs if not carefully analyzed upfront. Microsoft is no exception and the combination with Citrix can sometimes cause confusion as to what type of licenses are needed to build a new XenApp environment or expand existing systems. For Citrix to work on Windows, you will need to license two components—the operating system and Remote Desktop Services (RDS). Here is a list of licensing options from Microsoft that support virtualization at the time of writing this book:
Virtual servers: The following virtual servers are supported:
Windows Server Standard Edition: One license is required for every two virtual machines (guest OSes).
Windows Server Datacenter Edition: One license is required per hypervisor host, granting unlimited VMs (guest OSes) running Windows within a particular host.
Physical servers: The following physical servers are supported:
Windows Server Standard Edition: One license is required for every single-processor server, and two licenses are required for every four-processor server.
Windows Server Datacenter Edition: One license is required for every single-processor server, and two licenses are required for every four-processor server (same as Standard).
Remote Desktop Services: A license is given per user or device (also known as CAL), and in the context of Citrix, one license is required for each user to connect to a XenApp server; the license will be tied to this user.
With regard to an OS, today, many companies use a Key Management Service (KMS) server to manage the volume licensing of their enterprises. KMS is supported by Citrix as a central licensing authority for Windows and Office and is by far the most popular method for license activation. It is always beneficial to have a conversation with your Microsoft sales representative or a Microsoft reseller to ensure that you get the best licensing mix for your budget.
The purpose of this book is to build and showcase an enterprise-ready Citrix solution. As such, other Citrix products and components will also be involved in the implementation. For example, Citrix StoreFront is a component of XenApp and XenDesktop that presents users with the Receiver store or website where they can subscribe to their applications. StoreFront, which is a required component, is part of the XenApp installation media and needs to be installed on an IIS-enabled server.
In Chapter 6, Installing and Configuring NetScaler Gateway™, and Chapter 7, Load Balancing XenApp® with Citrix® NetScaler®, you will learn how to implement load balancing with Citrix NetScaler VPX, and how to frontend your XenApp environment with NetScaler Gateway. NetScaler is a multipurpose appliance developed by Citrix and is widely used for load balancing backend server connections on a variety of communication protocols, such as HTTP, SSL, and FTP and other functions, such as network security and traffic optimization. In fact, NetScaler is such an enormous platform that a dozen books have been written about it. If you would like to dive deeper into full-blown enterprise implementations of NetScaler, I personally recommend you to go through Implementing NetScaler VPXTM, Marius Sandbu, Packt Publishing. My book only focuses on what is necessary to build a basic load balancer and gateway and no advanced configurations are covered. NetScaler is not required for XenApp to function properly. However, load balancing your StoreFront (Web) servers is highly recommended in a production environment, which is why it is included in this book.
In Chapter 9, Building Your First XenApp® Farm – Provisioning Services™, you will learn about Citrix Provisioning Services (PVS). PVS is an enterprise-ready UDP-based streaming technology that is designed to deliver an OS over a network to the Preboot eXecution Environment (PXE)-enabled physical or virtual clients. At this time, PVS is included with XenApp Enterprise and Platinum editions and it can be leveraged for the provisioning of XenApp servers from a single virtual disk providing tremendous scalability over traditional standalone machine deployment.
In Chapter 4, Installing and Configuring Citrix XenApp®, you will learn about Citrix Universal Profile Management. UPM is another add-on product for XenApp and XenDesktop that Citrix offers in order to facilitate integration of user profiles. UPM can be used instead of Microsoft roaming or mandatory profiles and a rich set of group policies is available through an Administrative (ADM) template to enforce granular profile settings. UPM also works in conjunction with Microsoft Folder Redirection, which can come in handy if your environment requires user files to be stored in a separate location from the profile.
Most paid software nowadays have some type of support agreement to provide technical resources to customers in case issues are experienced with the product itself or as a result of its operations. Vendors generally offer phone support, e-mail, newsletters, whitepapers, and even on-site assistance for critical issues. Typically, Enterprise Technical Support is subscription-based and there is an annual fee associated with the contract. Citrix provides different levels of support agreements. At the time of writing this book, Premier Support has gained a lot of popularity due to their 24x7 phone assistance and unlimited tickets. It is recommended that you engage your Citrix sales representative or an authorized reseller to get the most up-to-date information on technical support.
Each Citrix product version has an end-of-life (EOL) and end-of-maintenance (EOM) date. EOM is when a product is no longer maintained by developers, but you can still get assistance from a technician. EOL is when technical support is no longer offered for a particular version, and you are strongly encouraged to upgrade your software to the next supported version. Some product editions have end-of-extended-support (EOES) dates after the EOL, so if you have an extended support contract with Citrix, you will continue to receive assistance until EOES is met. Currently, XenApp 7.x (all subversions of 7) is maintained and supported until June 30, 2018. The following screenshot illustrates the XenApp product supportability matrix:
IT certifications have become an important part of the career development of IT professionals. A recent study conducted by InformationWeek showed that IT managers listed certifications as two and a half times more valuable than an MBA degree. Recent evidence shows that a certified professional can make up to a 40% higher salary than their noncertified counterpart. Many administrators, engineers, and consultants seek to obtain a Citrix certification as proof of technical proficiency in the Citrix stack. At the time of writing this book, Citrix has recently completed an overhaul of their previous exam structure.
Currently, three certification paths are available to customers—Apps and desktops (virtualization), networking, and mobility. The virtualization suite includes three certification exams—Citrix Certified Associate (CCA-V), Citrix Certified Professional (CCP-V), and Citrix Certified Expert (CCE-V). The CCE-V certification is an architect-level certification that validates the ability to design and implement enterprise systems based on XenApp and XenDesktop 7.x. Obtaining a Citrix certification can greatly increase job security and influence career advancement.
In this chapter, you learned the fundamentals of virtualization from both the hardware and application perspective. With regard to hardware, we took a hypothetical example to demonstrate the benefits of virtualization and learned how to differentiate between Type-1 and Type-2 hypervisors. From an application and desktop standpoint, we introduced two major platforms that work together—Microsoft RDS and Citrix XenApp. The latter was classified into three categories—hosted applications, streamed applications, and hosted shared desktops followed by a brief summary of desktop OS virtualization with Citrix XenDesktop. We also explored a user logon process in XenApp as seen by the user and as executed on the server. On the vast topic of licensing, we explained current offerings from Microsoft and Citrix in terms of OSes, RDS, and XenApp as well as benefits derived from various product editions. Required components, such as StoreFront for web access, and recommended options for load balancing and external authentication, such as NetScaler and NetScaler Gateway, were reviewed and more content will follow as they become more relevant in later chapters. From the supportability point of view, we looked at the lifespan of XenApp and the maintenance duration and current vendor support offered by Citrix. Last but not least, we provided insight on Citrix certifications paths to help you solidify your Citrix skillset and advance your career.
To sum up, we briefly touched on the high-level aspects of the XenApp software, its requirements, and its use cases.
In the next chapter, we will analyze some use cases from real-world field implementations. As we enter the design phase, we will start laying the foundation of our XenApp solution. Stay tuned...