Documente Academic
Documente Profesional
Documente Cultură
Contents
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
How to Use This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Getting Support and Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Installing XenDesktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
XenDesktop Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Whats on the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Creating the Farm Data Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Installing Desktop Delivery Controller on a Single Server . . . . . . . . . . . . . . . . . . . . . . . . . .47
To install Desktop Delivery Controller and create a farm . . . . . . . . . . . . . . . . . . . . . . . .48
Configuring Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Using a Separate Database Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Adding Controllers to Your Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
To add a controller to a farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Installing the Management Consoles Separately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
To install the management consoles on a separate computer . . . . . . . . . . . . . . . . . . . . . .52
Starting the Access Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
To configure and run discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Installing VM Infrastructure Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
To install XenServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Replacing the Default XenServer SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Installing Citrix Provisioning Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Installing the XenDesktop Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Installing the Virtual Desktop Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
To install the Virtual Desktop Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
To configure firewalls manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Installing the Citrix Desktop Receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Upgrading to XenDesktop 3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
To upgrade Desktop Delivery Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
To upgrade the Virtual Desktop Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Upgrading to a Different Edition of XenDesktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Removing XenDesktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
To remove the Virtual Desktop Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Removing Desktop Delivery Controller Components . . . . . . . . . . . . . . . . . . . . . . . . . . .64
To remove the XenDesktop Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Contents
Contents
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Introduction
This section describes how to use this document and provides details of the other
sources of information about Citrix XenDesktop.
10
For information about installing and using the Citrix Desktop Receiver (the
Windows 32 client software supplied with XenDesktop), see the Citrix
Desktop Receiver Administrators Guide.
For information about installing and using Citrix User Profile Manager, see
Using Citrix User Profile Manager with XenDesktop.
Before you install the various components of XenDesktop you need to plan your
deployment to ensure that it meets all your organizations needs. This section
provides information about:
New features in this release and where to find information about how to
configure them
Security planning
Described in......
USB support
12
The essential elements you need to have in place for a working XenDesktop farm
are:
A server to host:
Endpoint devices running the Citrix Desktop Receiver to enable your users
to access desktops.
13
14
15
You can use XenApp for Virtual Desktops to deliver applications to your
users either by streaming them to virtual desktops or hosting them on a
XenApp server. For information on using XenApp for Virtual Desktops,
see Using XenApp for Virtual Desktops on page 111.
Ensure that your users get a consistent experience every time they log on by
managing user personalization settings with Citrix User Profile Manager.
For information on using Citrix User Profile Manager with XenDesktop,
see Using Citrix User Profile Manager with XenDesktop.
16
17
time the controller starts, it validates the contents of its SCP and updates
them if necessary.
If multiple administrators are likely to add and remove controllers after the initial
installation is complete, they need permissions to create and delete children on
the RegistrationServices container and Write properties on the Controllers
security group. (These permissions are granted automatically to the administrator
who installs the farm.) Either the domain administrator or the original installing
administrator can grant these permissions, and Citrix recommends setting up a
security group to do this.
The following points are important to bear in mind when you are using Desktop
Delivery Controller:
18
settings that are returned to the user to make a connection. It is, therefore,
important to ensure that this information is consistent with information held
in your DNS environment.
The XenDesktop Web site, for window view mode users who need to be
able to access multiple desktops or to access desktops from a browser, is:
\Inetpub\wwwroot\Citrix\DesktopWeb
This is the default site that users are presented with if they browse just to
the controller address.
To modify the desktop appliance connector site, you must edit the configuration
files as described in the Web Interface Administrators Guide.
The other default sites are standard Web Interface sites and you can modify them
through the Access Management Console Web Interface extension. This
extension is not installed as part of a XenDesktop installation. It is provided on
the Desktop Delivery Controller installation media for you to install manually if
necessary.
If you do not want to install the Web Interface and the default sites when you
install XenDesktop, perhaps because you already have Web Interface set up in
your environment, you must carry out the installation through the command line,
using Setup.exe with the -nosites option, as described in Installing and
Removing Controllers Using Setup.exe on page 119.
19
For remote access through Access Gateway, you need to create a new Web
Interface site. To do this, you must install the Web Interface and the Access
Management Console Web Interface extension. Both are available on the Desktop
Delivery Controller installation media:
For information about installing the Web Interface and creating sites, see the Web
Interface Administrators Guide. To modify the user interface of the site to refer
to desktops rather than applications, edit the configuration files as described in
the Web Interface Administrators Guide.
Security Planning
This topic describes:
General security best practices when using XenDesktop, and any securityrelated differences between XenDesktop and a conventional computer
environment
20
21
22
Deployment Scenarios
Your user environment can consist of either endpoint devices that are unmanaged
by your organization and completely under the control of the user, or of endpoints
that are managed and administered by your organization. The security
considerations for these two environments are generally different.
23
24
This section describes how users experience connecting to virtual desktops and
the factors that can affect this experience. Administrators should examine each
factor while planning their deployment.
Read this section in conjunction with the Citrix Desktop Receiver Administrators
Guide, which contains full instructions for installing, configuring, and using the
Desktop Receiver to connect to virtual desktops.
This section includes information about:
Your Environment
This topic describes the user types supported by XenDesktop deployments and
aspects of your network that you should consider while planning. Both sets of
characteristics directly affect your configuration decisions and the user
experience when connecting to virtual desktops.
User Types
How users need to access and interact with virtual desktops is an important
consideration. For the purposes of desktop access and interaction, there are two
key user types:
26
Task workers require a user experience that mimics as closely as possible the
familiar interaction with a local desktop and a minimum of new concepts that
they must learn before they access their resources. Virtual desktops presented in
full-screen-only mode are ideal for task workers. In full-screen-only-mode, the
virtual desktop effectively replaces the local desktop, allowing the user to interact
with the virtual desktop as if it is their local desktop.
Full-screen-only mode is also useful for knowledge workers who need access to
just one virtual desktop. If knowledge workers require access to more than one
virtual desktop, or need to be able to switch between their virtual and local
desktops, presenting those desktops in separate windows is a better alternative.
Network Environment
The endpoint features available across all supported environments are broadly
similar. For example, full-screen-only desktops are available from endpoints
running Windows or Linux; virtual desktops running in separate windows can be
used through a local area network (LAN) or remotely; and these features can be
used on a variety of hardware. However, your hardware and software
environment affects the details of how users connect to desktops created with
Desktop Delivery Controller. Factors that you may want to consider include:
Endpoint
Location
Recommended
User Experience
Recommended Use if
Access Point
Full-screen-only
mode
Desktop
appliance
connector
Your existing
hardware does not
support Windows
operating systems or
you have existing
endpoint devices
which you do not
want to include in
your domain.
Domain-joined Windows
XP Embedded or
repurposed Windows XP
Professional endpoints
On a LAN
Full-screen-only
mode
XenDesktop
Services site
On a LAN
Citrix Desktop
Receiver window
and toolbar
XenDesktop
Web site
Users in your
environment require
access to more than
one virtual desktop.
Remote
through
Access
Gateway
Citrix Desktop
Receiver window
and toolbar
XenDesktop
Web site
Users in your
environment require
access to more than
one virtual desktop.
27
Note that the Citrix Desktop Receiver window and toolbar are not available on
endpoints running Mac OS X. Users connecting to multiple virtual desktops from
endpoints running Mac OS X can use Spaces to display those desktops. Each
virtual desktop is displayed in a separate space and users switch between those
desktops using the Dock. Users can also use Spaces to switch between a virtual
desktop and the local desktop.
28
Note that the scenarios do not contain information about logging on using smart
cards. For more details, see Using Smart Cards with XenDesktop on page 37.
2.
3.
29
This figure shows the logon screen for a full-screen-only desktop accessed from a
XenDesktop-ready desktop appliance running Windows.
4.
The user enters their credentials and logs on. Any errors (for example, if an
incorrect password is entered) appear at the bottom of the logon screen.
5.
A Please Wait screen appears while the virtual desktop starts and a
connection to it is established.
The system keeps the user informed of connection progress at each stage.
6.
If the desktop is taking a long time to appear, the user can restart it by
clicking the Restart button on the Please Wait screen. The desktop restarts
automatically. Note that the Restart button is available only if the
administrator has enabled user-driven desktop restart when creating the
desktop group.
7.
30
interface. For more details, see Configuring USB Support on page 95 and
the Citrix Desktop Receiver Administrators Guide.
The user is in full control of the virtual desktop, just as if they were using it
locally. The only exceptions that the user may notice are:
8.
9.
When the user completes their work, they log off in the standard way (for
example, from the Start menu on Windows). The shell automatically logs
the user off from the local computer as well as the virtual desktop. This
leaves their monitor displaying the logon screen. In this way, the user
experiences the logoff as a local operation.
The user turns on their local computer and after the startup sequence on the
computer is complete, the Log On to Windows dialog box appears.
31
2.
The user enters their domain credentials and logs on. They should not log
on as a local administrator.
3.
4.
A Please Wait screen appears while the virtual desktop starts and a
connection to it is established.
The system keeps the user informed of connection progress at each stage.
5.
If the desktop is taking a long time to appear, the user can restart the
desktop by clicking the Restart button on the Please Wait screen. The
desktop restarts automatically. Note that the Restart button is available
only if the administrator has enabled user-driven desktop restart when
creating the desktop group.
6.
7.
If the desktop becomes unresponsive, the user can restart the desktop. To
do so, the user logs off in the standard way. When the Log On to Windows
dialog box appears, the user enters their domain credentials and logs back
on. When the Please Wait screen appears, the user clicks the Restart
button to restart the desktop. Any unsaved data is lost during the restart
operation. Note that the Restart button is available only if the administrator
has enabled user-driven desktop restart when creating the desktop group.
8.
When the user completes their work, they log off in the standard way (for
example, using the Start menu on Windows). The shell automatically logs
the user off from the local computer as well as the virtual desktop. This
leaves their monitor displaying the Log On to Windows dialog box.
32
Unlike Scenario B, the Citrix Desktop Receiver Embedded Edition does not need
to be installed on the endpoint as a prerequisite. Instead, users can be prompted to
download it when they need it.
The user experience in this scenario is as follows:
1.
The user is already logged on to Windows from their local computer. They
decide to connect to one of their virtual desktops.
2.
The user opens a browser window, and browses (for the first time) to a
XenDesktop Web site (or a load-balanced address) on a server running
Desktop Delivery Controller. For convenience, they bookmarked the site
address that you sent them when they were set up as a XenDesktop user.
3.
4.
This figure shows the Web-based logon screen for desktops accessed through a
XenDesktop Web site. Depending on your configuration settings, the user may also have
to select an authentication method on this screen.
5.
Because this is the first time the user is logging on to the site, it
automatically detects that the required client is not present on the endpoint
and prompts the user to download and install the required software.
6.
After the install is complete, the user is presented with a site which contains
a Desktops tab showing the set of desktops to which they have access.
The user can also access virtual applications from this site if any were
published with Citrix XenApp.
33
This figure shows the set of desktops available to the user on the XenDesktop Web site.
7.
With the software installed, the user accesses a virtual desktop by clicking
the appropriate icon on the page.
8.
If the desktop is taking a long time to appear, the user can restart it by
clicking the Restart button for that desktop, on the Desktops tab. The
desktop restarts automatically. Note that the Restart button is available
only if the administrator has enabled user-driven desktop restart when
creating the desktop group.
9.
34
The user interacts with the desktop in the usual way and can control its size,
position, and other settings, using the controls on the toolbar. For
instructions about using the controls, see the Citrix Desktop Receiver
Administrators Guide.
This figure shows the controls on the toolbar. Users can customize the desktop using the
buttons or a drop-down menu located next to the Citrix logo on the left.
11.
12.
If the desktop becomes unresponsive, the user can restart it by clicking the
Restart button for that desktop, on the Desktops tab in the browser
window.The desktop restarts automatically and appears in a separate
window. Any unsaved data is lost during the restart operation. Note that the
Restart button is available only if the administrator has enabled userdriven desktop restart when creating the desktop group.
13.
When the user completes their work, they can click the Close button on the
toolbar, which, after prompting the user to confirm, disconnects the virtual
desktop session and returns them to their local desktop. The user can
resume the session later when they want to work on the virtual desktop
35
again. Alternatively, if they want to log off, they can do so from the virtual
desktops Start menu.
Note: Users working with fat client devices may find they can access the
toolbar in other ways depending on how you installed the client: from the
Desktops folder (available by right-clicking the Citrix XenApp icon in the
notification area), or from shortcuts on their local desktop.
The user browses to the external XenDesktop Web site that was secured
using Access Gateway.
This figure shows the Web-based logon screen created for remote access. Depending on
your configuration settings, the user may also have to select an authentication method on
this screen.
36
2.
3.
The remaining steps are identical to Scenario C. The user selects a desktop
from the Desktops tab on the site and the desktop appears in a new
window.
4.
When the user completes their work, they can click the Close button on the
toolbar, which, after prompting the user to confirm, disconnects the virtual
desktop session and returns them to their local desktop. The user can
resume the session later when they want to work on the virtual desktop
again. Alternatively, if they want to log off, they can do so from the virtual
desktops Start menu.
Overview
XenDesktop users can use smart cards for:
Install drivers and CSPs on the virtual desktop before installing any Citrix
software on it
38
Install and test the drivers on a physical computer before installing Citrix
software
After the Virtual Desktop Agent has been installed on a computer, you can no
longer use locally connected smart cards for any purpose, including logon.
Smart card support also involves components available from Citrix partners.
These will be updated independently by the partners, and are not described in this
document. Refer to the Citrix Ready program at http://www.citrix.com/ready/ for
more information.
Domain-joined fat client computers. These are computers that can connect
directly to virtual desktops, applications, and other services. They can run
local applications and support simultaneous connections.
Citrix Desktop Receiver 11.1. For further details about installing the
Desktop Receiver, see the Citrix Desktop Receiver Administrators Guide.
39
You can reconfigure the following default Web sites to incorporate a smart
card authentication method:
The XenDesktop Web site, which is for users of fat client devices,
who need to be able to access desktops from a browser.
If you need to support more than one authentication method, Citrix recommends
that you maintain a separate Web site for each method to ensure the best user
authentication experience.
Pass-through authentication with smart cards is supported for domain-joined
computers. For further details, see http://support.citrix.com/article/CTX119227/.
40
For details of where on the installation media to find the Web Interface and the
Web Interface Access Management Console extension, and the locations of the
default Web sites, see Using the Web Interface with Desktop Delivery
Controller on page 18. For information on how to create and configure Web
sites, see the Web Interface Administrators Guide.
XenDesktop behavior
No action
No action.
Lock workstation
Force logoff
XenDesktop behavior
Disconnect if a remote
Terminal Services session
41
There may also be an endpoint smart card removal behavior policy if the endpoint
is domain-joined. In this case the endpoint has the default Windows behavior.
42
Installing XenDesktop
Overview
This section describes how to install the components of XenDesktop, and how the
XenDesktop installation media are structured and organized. It also provides
details of how to upgrade from earlier versions of XenDesktop, how to move to a
different edition, and how to remove XenDesktop.
For a new installation of XenDesktop, Citrix recommends that you carry out the
following tasks in the order shown below. Each task is described in more detail in
subsequent topics.
1.
Licensing.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
For installation instructions for User Profile Manager, see Using Citrix User
Profile Manager with XenDesktop.
44
For installation instructions for XenApp for Virtual Desktops, see Before
Installing XenApp in a XenDesktop Environment on page 113, and the Citrix
XenApp Installation Guide, which you can download from
http://support.citrix.com/pages/docs/.
Command-line tools are also available for Desktop Delivery Controller and
Virtual Desktop Agent installation tasks and for configuring Active Directory.
For information on these tools, see Command-Line Tools on page 119.
Important: Citrix supports installation of XenDesktop components only
through the procedures described in Citrix documentation.
When you have installed the necessary components, you can prepare and
provision desktops, create desktop groups, and customize aspects of your
deployment. For more information, see Preparing and Provisioning Desktops
on page 67, Creating and Updating Desktop Groups on page 75, and
Customizing Your Desktop Delivery Controller Environment on page 93.
Editions
Medium
Label
Exp/Std Adv
Ent
Plat
DVD
CD
CD
Download
CD
CD
Installing XenDesktop
Editions
Medium
Label
Exp/Std Adv
CD
45
Ent
Plat
CD
Subscriptio
n service
GoToAssist
Download
WANScaler Client
Download
EasyCall Agent
Download
46
Licensing
After purchasing XenDesktop, you receive two emails with instructions specific
to your license(s).
The following components require the use of a Citrix License Server:
Access Gateway
EdgeSight
EasyCall
XenApp
WANScaler is delivered fully licensed for immediate use. This includes the
appliance server license and an unlimited client license.
For details of User Profile Manager licensing, see Using Citrix User Profile
Manager with XenDesktop.
Installing XenDesktop
47
You can either run Citrix Licensing on the server on which you install Desktop
Delivery Controller, or you can run it on a separate server. If your organization
uses other Citrix products, for example, it may be more convenient for you to
download your XenDesktop licenses to the license server that you are already
using. You must configure the license server and install valid licenses before
using XenDesktop. After you point the product to a valid license server, you have
a 96-hour out-of-box grace period to ensure that a valid license is present on the
license server. This grace period allows two concurrent connections.
For details of the editions and licensing options available for XenDesktop, see the
Citrix XenDesktop Overview. For details of how to install and run Citrix
Licensing, see the Getting Started with Citrix Licensing Guide, which you can
download from http://support.citrix.com/pages/licensing/.
If you need to update your license server settings at any stage, see Updating
License Server Settings on page 108.
48
Citrix recommends that you do not install Desktop Delivery Controller through
RDP. If you have to use RDP, use a console session to avoid reconnection issues
if your session becomes disconnected.
If you have created the farm data store on a separate database server, ensure that
you know:
The server name and database name for the data store, because you have to
specify these during the installation process
2.
3.
4.
5.
6.
Installing XenDesktop
7.
On the Specify Farm Edition page, select the XenDesktop edition for
which you have licenses, then click Next.
8.
49
If you have selected to use a separate database server, you are then
prompted for the details. For more information, see Using a Separate
Database Server on page 50.
If you have selected to use a separate license server, you are then prompted
for the license servers name or IP address and port number.
If you have selected to use both a separate database server and a separate
license server, you are first prompted for the database server details, then
for the license server details.
Click Next.
9.
10.
50
On the first page of the Active Directory Configuration Wizard, click Next.
2.
To select an existing OU for this farm, browse to the relevant OU, select it,
then click Next.
To create a new OU for the farm, browse to the OU that you want to be its
parent, select it, then select the Create the farm OU within the OU
selected above check box. You must have CreateChild permissions on the
parent OU to do this. You can create the OU in any domain in the forest
that contains your computers.Type a name for the new OU, then click Next.
3.
The final page of the wizard provides a summary of the configuration you
set up. To change it, click Back. To apply the configuration, click Finish.
The progress and outcome of the configuration is then displayed.
4.
Click Close.
After you install Desktop Delivery Controller, you can also run the wizard from
the Windows Start menu by selecting All Programs > Citrix > Administration
Tools > Active Directory Configuration Wizard.
Alternatively, you can use the command-line tool that corresponds to this wizard.
The tool is described in Configuring Active Directory Using ADSetup on page
122.
2.
On the Database Configuration page, select the database server type, then
click Configure.
3.
The dialog boxes that follow are the standard Microsoft user interface for
configuring ODBC settings. Refer to Microsoft documentation for details
about these. When you complete them, you are returned to the Database
Installing XenDesktop
51
Configuration page, which displays the name of the database you have
selected for the farm data store.
4.
Click Next.
5.
6.
If, on the Optional Server Configuration page, you also chose to use a
separate license server, you are now prompted for the license server details.
Otherwise, the Start Installation page appears, as in Step 9 on page 49, and
the installation continues as normal.
2.
3.
4.
On the Select Components page, clear the check boxes for any
components you do not want to install on this server. As a guideline, if
52
licensing and the management consoles are already installed on at least one
other controller in the farm, you do not need to install them again.
5.
6.
Type the name of any controller that is already in the farm. This must be the
NetBIOS name, not the DNS name; for example, serversc, rather than
serversc.eng.glarox.net.
Click Next.
7.
On the Optional Server Configuration page, you must specify where the
farm data store is.
If the farm data store is on a controller in the farm, leave the check box
cleared.
If the farm data store is on a separate database server, select the check box.
You are prompted for the servers details; make sure you specify the same
database server for all controllers in the farm.
Click Next.
8.
9.
Installing XenDesktop
53
If the Welcome page does not appear automatically, use Windows Explorer
to open Autorun.exe.
2.
3.
4.
5.
6.
7.
On the Setup Complete page, if you do not want to start the Access
Management Console, clear the check box.
8.
Click Finish. If you chose to start the Access Management Console, the
console appears and the discovery process starts. For further details about
this, see Starting the Access Management Console on page 53.
You can use the Access Management Console to manage both XenApp and
XenDesktop farms. However, XenDesktop and XenApp cannot use the same
Presentation Server Console (renamed Advanced Configuration in XenApp); you
must use separate consoles for XenApp and for XenDesktop and you must install
these on separate machines. For further information, see Using XenApp for
Virtual Desktops on page 111.
2.
54
3.
On the Select Controllers page, add the name of one of the controllers in
the farm or click Add Local Computer. Click Next.
4.
5.
To install XenServer
Ensure that you have the XenServer Installation Guide and the XenServer
Administrators Guide available. You can download them from http://
support.citrix.com/pages/docs/.
1.
Install and configure the XenServer host on the dedicated server(s) that will
host the VMs.
2.
3.
4.
Create a new resource pool and add the XenServer hosts to that resource
pool.
Installing XenDesktop
55
B.
2.
3.
4.
After the new certificate has been signed, move the existing certificate:
mv /etc /xensource/ xapi -ssl.pem /etc/xensource/xapi -ssl.pem_orig
5.
Add the new signed certificate to the XenServer host and tighten the access
rights:
cat [servername].public [servername].private > [servername].pem
install -m 0400 [servername].pem /etc/xensource/xapi-ssl.pem
6.
7.
If you are using a private certificate authority you may need to install your root
certificate on the delivery controller.
56
2.
Right-click the root certificate file and select Install Certificate. The
Certificate Manager Install Wizard appears.
3.
4.
5.
Click Browse.
6.
7.
8.
Click OK.
9.
Installing XenDesktop
57
Although Provisioning Server does not require that you restart the server
after installing the product software, in some instances, a Microsoft
message may appear requesting a restart. If this message appears, complete
the Configuration wizard before restarting the server.
58
For the Virtual Desktop Agent to operate correctly, desktops need to determine
which farm they belong to. You can provide this information in either of the
following ways:
By default, when you are installing the Virtual Desktop Agent, the Farm
Selection page appears. Provided you are a domain user and have local
administration rights, you can select the farm here.
You can manage desktops farm membership through Group Policy. The
Desktop Delivery Controller Farm Globally Unique Identifier (GUID)
policy enables you to use a generic desktop image with multiple
XenDesktop deployments. The administrative template (ADM) file is
supplied on the Desktop Delivery Controller installation media:
platform\lang\support\configuration\FarmGUID.adm
If this policy is applied before the Virtual Desktop Agent is installed, the
Farm Selection page does not appear during installation.
For information about how to use ADM files, consult your Active Directory
documentation.
The farm GUID is one of the farm properties displayed in the Access
Management Console.
You can install the Virtual Desktop Agent manually, using the installation
procedure below. Alternatively, you can perform an unattended install, for
example using Active Directory Group Policy or a third party software
deployment tool. See Installing and Removing the Virtual Desktop Agent Using
XdsAgent.msi on page 122 for details on the MSI properties of the Virtual
Desktop Agent package.
If you are using Provisioning Server and the XenDesktop Setup Wizard to create
your desktops, you need to install the Virtual Desktop Agent on the base desktop
image. For further information, see To create a base desktop VM on page 68.
You must create a farm by installing Desktop Delivery Controller on at least one
server before installing the Virtual Desktop Agent on any computer.
Installing XenDesktop
59
2.
3.
4.
5.
When the End User License Agreement appears, select I accept the license
agreement, then click Next.
6.
On the Port Number page, type a valid TCP/IP port number in the range 1
to 65535 if you do not want to use the default number, which is 8080. This
port number is used by the delivery controllers to communicate with the
desktop.
Important: To change the port number after installation, you must
uninstall then reinstall the Virtual Desktop Agent.
Note: The standard session reliability and ICA ports are used by the
endpoint device to connect to the desktop; you cannot configure these ports
as part of the installation process.
Click Next.
7.
If the computer has a standard Windows firewall set up, the Windows
Firewall Configuration page appears:
60
If the computer does not have a standard Windows firewall set up, this page
does not appear. If another firewall is enabled, you must configure this
appropriately.
For information about configuring firewalls manually, see To configure
firewalls manually on page 60.
8.
9.
10.
When the installation is complete, click Finish. You are prompted to restart
the computer for the configuration changes to take effect.
Installing XenDesktop
61
Note: Citrix recommends that you do not use TCP ports 1494 and 2598 for
anything other than ICA and CGP, to avoid the possibility of inadvertently
leaving administrative interfaces open to attack. Ports 1494 and 2598 are
correctly registered with the Internet Assigned Number Authority (see http://
www.iana.org/.
For communication between controllers and desktops:
%Program Files%\Citrix\XenDesktop\WorkstationAgent.exe requires inbound
HTTP (http.sys) on the TCP/IP port you configured at installation time. The
default port is 8080. Because this connection uses a kernel driver, you may need
to configure this setting as a port exception rather than a program exception,
depending on your firewall software. If you are running Windows Firewall, you
must configure this setting as a port exception.
2.
3.
4.
5.
62
2.
3.
4.
5.
On the Start Installation page, click Next. A progress indicator page then
appears showing you the installation progress for each component.
When installation is complete, click Next.
6.
2.
3.
4.
5.
When the End User License Agreement appears, select I accept the license
agreement, then click Next.
6.
7.
When the installation is complete, click Finish. You are prompted to restart
the computer for the configuration changes to take effect.
Installing XenDesktop
63
Removing XenDesktop
This topic describes how to remove Desktop Delivery Controller, the Virtual
Desktop Agent, and the XenDesktop Setup Wizard. For advice on how to remove
other XenDesktop components, see the relevant product documentation.
Citrix recommends that you remove XenDesktop components in the following
order:
1.
2.
3.
Provisioning Server.
4.
XenServer.
2.
64
3.
On the Welcome page of the Citrix Virtual Desktop Agent Setup Wizard,
click Next.
4.
5.
6.
Remove the controller entry from the farm OU. To do this, use the
ADSetup command-line tool as described in Configuring Active Directory
Using ADSetup on page 122.
2.
3.
4.
On the Remove Options page, select to remove all components, then click
Next.
5.
6.
During the removal process you are prompted to restart the computer.
7.
After all components are removed, the Setup Complete page appears. A
list of prerequisite items that were not removed appears. Note any items
that you want to remove manually, then click Finish.
Installing XenDesktop
65
Note: To remove a controller that is not available (for example, one that
experienced a hardware fault), run ADSetup on another controller to remove the
unavailable controller from the farm, then remove the controller using the Access
Management Console.
2.
3.
4.
5.
6.
During the removal process you are prompted to restart the computer.
7.
After all components are removed, the Setup Complete page appears. A
list of prerequisite items that were not removed is displayed. Note any items
that you want to remove manually, then click Finish.
2.
Confirm that you want to remove the wizard by clicking Yes. A progress
indicator appears.
3.
66
Overview
This section is intended for administrators who are delivering desktops through
virtual machines (VMs). It describes how to use XenServer and Provisioning
Server to build a base desktop VM, a vDisk, and a template, which can then be
used by the XenDesktop Setup Wizard to create and populate pooled desktop
groups.
This section assumes that you are using XenServer as your hosting infrastructure.
XenServer is provided on the XenDesktop installation media. XenDesktop also
supports Microsoft SCVMM 2008 and VMware Infrastructure 3. You can
download documents describing how to use third-party hosting infrastructures
with XenDesktop from
http://support.citrix.com/product/xd/v3.0/#tab-doc/. When you use a third-party
hosting infrastructure, Provisioning Server, Desktop Delivery Controller, and the
virtual desktops you create all work in the same way as they would on XenServer.
Certain features, such as XenMotion (dynamic swapping of VMs between
servers), are not available without XenServer.
To use Provisioning Server, you must have licenses for the Advanced, Enterprise,
or Platinum editions of XenDesktop.
This section is not intended to replace the core documentation provided with
XenServer and Provisioning Server. You should have this documentation
available while you are carrying out the tasks described in this section. You can
download the documentation from http://support.citrix.com/pages/docs/.
Note: XenDesktop does not support the use of Provisioning Server Difference
Disk Mode.
68
To enable you to use the XenDesktop Setup Wizard to create desktop groups and
populate them with desktops, as described in To create a VM-based pooled
desktop group using the XenDesktop Setup Wizard on page 76, carry out the
following tasks in the order shown below. Details of the tasks are provided in the
subsequent topics.
1.
Create the base desktop image, using XenCenter. To simplify and reduce
the number of unique desktops, the base image should contain only a
minimal set of options.
2.
3.
Add the VM containing the base desktop image to the Provisioning Server
database.
4.
5.
6.
Set the vDisk access mode to Standard. When you create desktop groups
using the XenDesktop Setup Wizard, only Standard vDisks are listed in the
wizard, so you must ensure that this access mode is selected.
7.
Note: If you are using WANScaler (available only with XenDesktop Platinum
edition), you must install the Provisioning Server target device on the base
desktop VM before creating the vDisk.
If you encounter any issues when using Provisioning Server, refer to the
following logs that are on the machine running Provisioning Server:
%ALLUSERSPROFILE%\Citrix\Provisioning Server\mcli.log
%ALLUSERSPROFILE%\Citrix\Provisioning Server\soapserver.log
2.
When the VM starts, use your operating system installation media to install
either Windows XP or Vista.
69
3.
4.
Install XenServer Tools into the image to provide optimal performance and
functionality. To install XenServer Tools, select VM > Install XenServer
Tools.
5.
6.
7.
Log on to the VM and add it to the Active Directory domain. For more
information about this procedure, see the relevant Microsoft
documentation.
8.
B.
Type the DNS suffix for the domain and click OK.
C.
9.
10.
11.
Note: On the Storage tab in XenCenter, ensure that the optical drive setting for
the VM is set to <empty>. You cannot physically eject a disc from the XenServer
host if the drive is mounted on any VM running on XenServer. If the disc does not
eject, select the XenServer host that contains the disc, click the Console tab and
type eject cd or eject dvd, as necessary.
70
To create a vDisk
1.
In the Provisioning Server Console, right-click the Stores folder and select
Create store.
2.
Select the General tab and specify a name and, optionally, a description for
the new store.
3.
Select the Paths tab and specify the path for the new store. This can be a
local drive on the machine running Provisioning Server or a network share.
4.
Click the Servers tab and select a site from the list. Select the relevant
server under Servers that provide this store and click OK.
5.
In the left pane of the console, right-click the new store you just created and
select Create vDisk.
6.
In the Create vDisk dialog box, specify the requested values and click
Create vDisk.
If you intend to use the XenDesktop Setup Wizard, your vDisk name and
description must contain only standard, printable ANSI characters.
The Vdisk size should match the VM disk size.
7.
8.
9.
In the details pane of the console, right-click the new disk you created and
select Mount vDisk.
A.
B.
C.
10.
In the details pane of the Provisioning Server Console, right-click your new
vDisk and select Unmount vDisk.
71
2.
Select the Startup Options tab, move Network to the top of the Boot
Order list, and click OK.
3.
Select the Network tab and make a note of the MAC address for the base
desktop VM.
4.
5.
6.
Type the MAC address of the base desktop VM and click Add device.
7.
In the left pane of the console, right-click the new device and select
Properties.
8.
9.
Select the vDisk tab, click Add, and select the vDisk you created. Click
OK and then click OK again.
2.
Insert the Provisioning Server installation media into the optical drive. If
the installation window does not appear, run PVSSRV_Device.exe.
3.
On the product installation window, click Install Target Device for 32 bit
Platform, and follow the instructions provided in the wizard.
When you have completed the wizard, the vDisk is mapped to the base
desktop VM and a vDisk icon appears in the Windows notification area
4.
Double-click the vDisk icon and confirm that the vDisk status is Active.
Note: If the vDisk status is Not Active, it is likely that the target device
cannot resolve the name of the machine running Provisioning Server. To
resolve this issue, check the network settings of the base desktop VM and
the machine running Provisioning Server, then check the DNS server to
ensure that both have been correctly registered.
72
5.
In My Computer, check the label assigned to the new drive (typically, this
is E) and make a note of it.
Note: If you are using WANScaler (available only with XenDesktop Platinum
edition), you must install the Provisioning Server target device on the base
desktop VM before you install the WANScaler client. If you install the
WANScaler client first, the Provisioning Server target device cannot connect to
the vDisk.
On the base desktop VM, click Start > All Programs > Citrix >
Provisioning Server > Provisioning Server Image Builder.
2.
3.
4.
In the Device Image Builder dialog box, ensure that the destination drive is
set to the letter denoting the new drive (typically E:) and click OK.
The destination drive maps to the vDisk you created.
Note: In the My Computer folder (the Computer folder on Windows
Vista) on BaseDesktop1, the vDisk appears as a disk under Hard Disk
Drives in My Computer, and as a device under Devices with Removable
Storage.
5.
Ensure that the Delete all files and folders in destination path before
building image check box is selected and click Build.
6.
7.
8.
Click Close.
9.
73
2.
In the vDisk File Properties dialog box, select the Mode tab and, under
Access Mode, select Standard Image. Click OK and then click OK again.
Tip: If the disk is locked, right-click it in the details pane of the console,
select Manage Locks, click Remove Locks, and then click Close.
2.
3.
On the Finish page, clear the Start VM automatically check box and click
Finish.
4.
74
Overview
This section describes how to create and update the desktop groups that you want
to deliver to your users. Desktop groups consist of desktops that are pooled, preassigned, or assigned on first use. Each group can contain only one type of
desktop.
Desktops in pooled groups are allocated to users on a per-session, first-comefirst-served basis. You can configure pools of VMs so that any change that the
user makes to the desktop during a session is lost when the user logs off from the
desktop; for information about how to do this, see the documentation for the
relevant VM plug-in.
Desktops in pre-assigned groups are permanently assigned to an individual user
as soon as the group is created. Whenever a user requests a desktop, they are
always connected to the same one. As a result, the user can safely customize the
desktop to suit his or her own needs.
Desktops in assigned-on-first-use groups are permanently assigned to the first
user to connect to them. As with pre-assigned desktops, the user can then safely
customize the desktop.
Desktops can run on PCs, blades, or virtual machines (VMs) provided through a
virtualization infrastructure. The process of creating desktop groups is very
similar in all cases, but for VM-based groups, the following steps and features are
added to the process:
You have to specify the details of the server that hosts the VMs and the
credentials to use when connecting to it.
76
can carry out maintenance tasks on it. See Putting Desktops into
Maintenance Mode on page 104 for further information.
You can configure what happens to VMs when a user logs off. Depending
on the type of desktop, VMs can be made available immediately to other
users, restarted, shut down, or suspended. You can also configure what
happens if an assigned VM is disconnected.
You can enable users to restart their desktops themselves. They may need to
do this if a desktop fails to connect or becomes unresponsive. This feature
is disabled by default. To enable it, see To configure user-driven desktop
restart on page 92. For details of how users restart their desktops, see the
scenarios described in Planning the User Experience on page 25.
The quickest way to create VM-based pooled desktop groups and populate them
with desktops is to use Provisioning Server in combination with the XenDesktop
Setup Wizard. These components are available in the Advanced, Enterprise, and
Platinum editions of XenDesktop. Alternatively, you can create all types of
desktop group using the Access Management Console. Both methods are
described in this section.
All tasks described in this section are available only to full administrators. For
information about the differences between full and delegated Desktop Delivery
Controller administrators, and how to create administrators, see Delegating
Desktop Delivery Controller Administration Tasks on page 94.
If you are logged on to an account that does not have full domain
administrator access rights, ensure that you meet the following
requirements:
77
2.
3.
On the machine on which you are running Provisioning Server and the
Setup Wizard, select Start > All Programs > Citrix > Administration
Tools > XenDesktop Setup Wizard.
4.
5.
On the Farm page, select the relevant farm name from the list, then click
Next.
6.
7.
Specify the user credentials for the hosting infrastructure, then click OK.
8.
On the Virtual Machine Template page, select the VM that you want to
use as a template for the desktops you are going to create.
If your hosting infrastructure is XenServer and you are using multiple
pools, only templates that have the same name in every pool are listed. For
more details of using multiple pools, see Using More than One XenServer
Pool on page 81.
If your hosting infrastructure is Microsoft SCVMM 2008, running and
stopped VMs are listed, not templates.
Click Next.
9.
On the Virtual Disk (vDisk) page, select the vDisk from which to create
your desktops. Only Standard mode vDisks are listed.
If you select to specify a target device collection, you are given the option
of creating a new collection and specifying a name for it. This name can be
up to 50 characters in length. If you choose not to specify a name, the
desktop group name you specify on the Desktop Group page will be used
for the collection name. If, however, the desktop group name is more than
50 characters, the collection will be named XenDesktop.
The list of existing device collections contains only the device collections
that belong to the same site as the vDisk you selected.
Click Next.
10.
78
B.
Type the common name to use for all the desktops. This must be less
than 16 characters long, including the index digits. It must be a valid
Active Directory name and a valid Provisioning Server device name.
C.
Type the start number for the identifying numbers for the desktops.
D.
Click Next.
11.
12.
On the Desktop Group page, specify the group to which to add the
desktops. You can either create a new group or select an existing one.
If you select to use an existing desktop group, only pooled desktop groups
for the hosting infrastructure and connection address you specified on the
Hosting Infrastructure page are listed. For example, if you created a
desktop group in the Access Management Console using an IP address, but
in the Setup Wizard you specify the connection using an FQDN, that group
is not listed.
New groups are enabled by default, so that users have immediate access to
them. To create a disabled group, clear the Allow immediate access
(enable desktop group) check box. You can enable the group later by
updating its properties using the Access Management Console, as described
in To update a desktop group on page 90.
Click Next.
13.
On the Desktop Group Creation page, ensure that the details for your
desktops are correct, then click Next to create the desktops.
14.
When the Summary page appears, check the results, then click Finish.
During the desktop creation process, if some desktops fail to be created, all the
other desktops are created successfully; the overall process does not fail. If no
desktops are created, the desktop group is not created.
If the desktop group was created, the desktops are added to the domain; they
appear under the Computers container in the relevant Active Directory OU and
are visible in both the hosting infrastructure console and as devices in the
Provisioning Server Console. The desktop group appears in the Access
Management Console.
The idle pool settings are automatically optimized for the number of desktops you
created. To modify the settings, use the Modify desktop group properties task.
79
2.
In the AppSettings section, uncomment the following line and add suitable
values:
<add key=logFileName value=c:\logs\log.txt/>
where c:\logs\log.txt is the name and location of the log file.
2.
3.
4.
Ensure that you are logged on to an account with full Desktop Delivery
Controller administrator permissions.
2.
3.
4.
5.
On the Assignment Type page, select the type of desktops this group will
consist of: pooled or assigned. If you select assigned, you must then select
80
7.
On the Logon Information page, specify the address and user credentials
for logging on to the server in your hosting infrastructure. Click Next.
8.
The page that appears depends on the desktop groups assignment type.
For pooled or assign-on-first-use desktop groups, the Virtual Desktops
page appears, prompting you to select the VMs whose desktops will be
delivered to your users. For pre-assigned groups, the Virtual Desktops and
Users page appears, prompting you to both select VMs and assign users to
them.
You can add information by:
Importing data from a file. For further details of importing data, see
To import data from a file on page 88.
If you do not select any VMs or users, the desktop group is disabled.
9.
For pooled and assign-on-first-use desktop groups, the Users page then
appears. Add the user groups that will have access to this desktop group,
then click Next. If you do not select any user groups, the desktop group is
disabled.
For pre-assigned desktop groups, the wizard continues at the next step.
10.
On the Desktop Group Name page, type the name and, optionally, a
description that you want to be displayed to users of this group. Click Next.
81
11.
On the Icon page, the current icon for this desktop group appears. If you
want users to see a different icon, click Change Icon and select a new icon.
Click Next.
12.
On the Publishing Options page, if you do not want the desktop group to
be available to users immediately, select the Disable desktop group
initially check box. You can enable it later by updating the desktop groups
property page; the relevant check box is on the Desktop Group Name
page.
13.
Run XenMultiPool.exe.
2.
3.
4.
Add the address of the new XenServer host and click Add host.
82
5.
Repeat Steps 3 and 4 until all the required XenServer hosts have been
added.
6.
Click Update.
2.
3.
4.
5.
On the Assignment Type page, select the type of desktops this group will
consist of: pooled or assigned. If you select assigned, you must then select
whether the desktops will be assigned on first use or pre-assigned to a
specific user. Click Next.
Note: You cannot change the assignment type of a group after you create
it.
6.
7.
The page that appears depends on the desktop groups assignment type.
For pooled or assign-on-first-use desktop groups, the Virtual Desktops
page appears. You can select the computers that will provide the desktops
for the group either by clicking Add and using the Active Directory object
picker, or by importing data from a file. For further details of importing
data, see To import data from a file on page 88.
For pre-assigned desktop groups, the Virtual Desktops and Users page
appears. You can select both computers and the users to assign to them
either through the Active Directory object picker or by importing data from
a file as above.
If you do not select any computers or users, the desktop group is disabled.
8.
For pooled and assign-on-first-use desktop groups, the Users page appears.
Add the users that will have access to this desktop group, then click Next. If
you do not select any users, the desktop group is disabled.
For pre-assigned desktop groups, the wizard continues at the next step.
83
9.
On the Desktop Group Name page, type the name and, optionally, a
description that you want to be displayed to users of this group. Click Next.
10.
On the Icon page, the current icon for this desktop group appears. If you
want users to see a different icon, click Change Icon and select a new icon.
Click Next.
11.
On the Publishing Options page, if you do not want the desktop group to
be available to users immediately, select the Disable desktop group
initially check box. You can enable it later by updating the desktop groups
property page; the relevant check box is on the Desktop Group Name
page.
12.
2.
3.
84
2.
3.
Enter a start and end time for your normal business hours in the Start time
and End time boxes.
4.
Enter a time period to cover the peak period for users logging on, in hours,
in the Peak period box. This peak period starts at the time you specify in
the Start time box.
5.
Enter the number of idle desktops you want available during business
hours, in the Business hours box.
6.
Enter the number of idle desktops you want available during your peak
period, in the Peak time box.
7.
85
Enter the number of idle desktops you want available out of business hours,
in the Out of hours box.
To keep the same number of desktops in the pool at all times, enter the same time
in both the Start time and End time boxes or an identical value for the number of
desktops to keep in the idle pool in the Business hours, Peak time, and Out of
hours boxes.
If you want to stop and restart the desktop before making it available to
other users, select Restart the virtual desktop.
2.
If you want to make the desktop available to other users immediately, select
Do nothing.
If you want to leave the desktop powered on and ready for the user to
reconnect, select Leave powered on.
2.
If you want to suspend the desktop until the next time the user connects,
select Suspend.
86
3.
If you want to shutdown the desktop and restart it the next time the user
connects. select Shut down.
4.
If you selected Suspend or Shut down as the logoff behavior and you want
to suspend the desktop when a session disconnects, select the Suspend
virtual desktop when session disconnects check box.
Note: There is a five minute grace period following user logoff before the
desktop goes into suspended mode or shuts down.
Set the color depth for desktops in the group. Choose from 16 colors, 256
colors, High Color (16-bit), or True Color (24- bit). True color (24-bit) is
the default and maximum supported color depth.
2.
Set the encryption level for client connections. Choose from the following,
but note that the first four options have been deprecated and Citrix
recommends that you do not use them:
128-Bit Login Only (RC5). Encrypts the logon data with RC5 128bit encryption and the ICA connection using basic encryption.
87
The first line in the file must contain the column headings, which can be:
[ADComputerAccount],[AssignedUser],[VirtualMachine],[HostId] for a
XenDesktop file
or
[WorkstationName],[IsWorkstationEnabled],[Pre-AllocatedUser] for a file
exported from Desktop Server 1.0
The column headings can be in any order, but they must be commaseparated.
88
The VirtualMachine and HostId columns are required only for data
about VM-based groups.
2.
Expand the Desktop Groups node in the console tree and select the
relevant desktop.
3.
From Common Tasks, select Modify desktop group properties > Modify
all properties.
The Properties page for the desktop group appears. From the list of
properties in the details pane, select Virtual Desktops for a pooled or
assign-on-first-use desktop, or Virtual Desktops and Users for a preassigned desktop.
4.
5.
Specify the path to which you want to save the file, then click Save.
2.
Expand the Desktop Groups node in the console tree and select the
relevant desktop.
3.
From Common Tasks, select Modify desktop group properties > Modify
all properties.
The Properties page for the desktop group appears. From the list of
properties in the details pane, select Virtual Desktops for a pooled or
89
5.
6.
Disable or enable the desktop group, and hide disabled desktop groups from
users
Update the icon for the desktop group that is displayed to the user
Color depth
Additionally, for VM-based groups, you can update the hosting server connection
details, the idle pool settings, and the logoff behavior.
You cannot update:
90
2.
Expand the Desktop Groups node in the console tree and select the
relevant group.
3.
From Common Tasks, select Modify desktop group properties > Modify
all properties.
The Properties page for the desktop appears. From the list of properties in
the details pane, select as follows.
Update
Property to select
Add/remove desktops
Update
Property to select
Users
91
Access Control
Color depth
Client Options
Client Options
Connection Settings
Logoff Behavior
92
In the Access Management Console tree, select the group for which you
want to configure user-driven desktop restart. This option is available only
for VM-based desktop groups.
2.
From Common Tasks, select Enable user-driven desktop restart. If userdriven desktop restart is currently enabled, the Disable user-driven
desktop restart task appears instead.
2.
When you delete a desktop group, all the desktops are removed from the group.
The desktops themselves are not deleted, and no data stored on them is deleted
automatically: ensure that you manage this data appropriately before making the
desktops available to other users. If users were assigned to the desktops, the links
between the users and the desktops are deleted.
Overview
After completing the initial setup tasks, you can customize and optimize your
Desktop Delivery Controller deployment:
Set up any general Citrix policies that you require, using the Presentation
Server Console. See the Citrix Presentation Server Administrators Guide
for details of configuring policies. Note the following points in relation to
XenDesktop:
You can set up policies that filter on desktop group name. If you
rename the desktop group, you must update the policy with the new
name.
Optimize the user experience by ensuring that settings for desktops and
users are appropriate. See Optimizing the User Experience on page 98.
Set up printers, using the Presentation Server Console. See the Citrix
Presentation Server Administrators Guide for details of setting up and
managing printers. In XenDesktop, the following XenApp printer
management features are not available:
94
Note: Citrix policy rules and features that are specific to XenDesktop are
documented in this document. They are not documented in the Help system for
the Presentation Server Console.
Creating Administrators
To manage your Desktop Delivery Controller environment efficiently, you may
need to create additional administrators. You may also need to delegate Active
Directory permissions to these administrators.
Disconnect users
Put desktops into maintenance mode and remove them from maintenance
mode
95
Administrators who will run the Access Management Console remotely must
have DCOM remote launch permissions. For information about this, see
http://support.citrix.com/article/CTX109977/.
In the left pane of the Access Management Console, under the farm, select
the Administrators node.
2.
3.
4.
You can only browse account authorities and select users and groups
that are accessible from the computer running the Access
Management Console.
You should not select users and groups outside the trust intersection
of the farm. If you do this, errors will occur.
5.
Continue selecting the administrators you want to add, then click OK.
6.
Click Next.
7.
8.
Click Finish.
Keyboards
96
Mice
Bluetooth dongles
Smart cards
USB hubs
For more detailed information about the devices included in each class or type of
device and whether or not USB support is provided for them, see the relevant
client documentation.
Note: Isochronous features in USB devices are not supported.
Enable the USB policy rule, which is located in the USB subfolder of the
Client Devices Resources folder in the Presentation Server Console.
Enable USB support when you install the client on endpoint devices. For
information about how to do this, see the Citrix Desktop Receiver
Administrators Guide or the Client for Linux Administrators Guide.
Edit the Desktop Receiver registry (or the .ini files in the case of the
Client for Linux). For information about how to do this, see the Citrix
Desktop Receiver Administrators Guide or the Client for Linux
Administrators Guide.
97
Mappings rule
USB rule
Rule enabled by
default
Yes
No
Read-only access
configurable
Yes
No
Safe to remove
device during a
session
No
If both rules are enabled, then if a mass storage device is inserted before a session
starts, it will be redirected using client drive mapping first, before being
considered for redirection through USB support. If it is inserted after a session
has started, it will be considered for redirection using USB support before client
drive mapping. Automatic support of devices upon insertion, however, depends
on the type of client being used and the individual user preferences; for further
information, see the relevant client documentation.
98
Configure time zone settings to allow users to see their local time when
using desktops.
Disable RDP, because the use of RDP can interfere with the operation of
ICA.
Remove the Shut Down command to prevent users from powering off their
desktops, which would then require a manual restart by an administrator.
This is not necessary for VM-based desktop groups.
For the best user experience, consider preinstalling frequently used software, such
as a Flash player or other browser plug-ins in your desktops. Also consider
enabling Microsoft ClearType or other font-smoothing technologies by default in
users profiles.
Change the time on the system on which the desktop is running. To do this,
set up a Group Policy with rights given to non-privileged users to change
system time settings. For further information about how to do this, see
http://msdn2.microsoft.com/en-us/library/ms813808.aspx.
Change the time zone registry area. For information about how to do this,
see http://support.microsoft.com/kb/300022/.
After you do this, users who connect to Windows XP desktops see their local time
zone reflected in the desktop. When they log off or disconnect, the time zone of
the desktop is reset to what it was before they logged on.
Note: Users who want to see their local time when using Windows Vista
desktops must have the Change the time zone privilege. This privilege is granted
by default.
99
You can configure time zone settings through Citrix policies. If you want
endpoint devices to use the time zone of the virtual desktop to which they are
connected, enable the rule Do not use Clients local time, which is in the Time
Zones subfolder of the User Workspace folder in the Presentation Server
Console.
If you need to update any of these settings, ensure that settings are consistent
across your deployment.
Caution: These settings are configurable only through registry keys on the
computer hosting the desktop. Using Registry Editor incorrectly can cause
serious problems that can require you to reinstall the operating system. Citrix
cannot guarantee that problems resulting from incorrect use of Registry Editor
can be solved. Use Registry Editor at your own risk. Make sure you back up the
registry before you edit it.
After you update any of these settings, you must restart the computer hosting the
desktop for the new setting to take effect.
To enable the maximum connection timer, create the following registry key
(DWORD):
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\Session\
ConnectionTimer\enabled
and set the key to 1. To disable the timer, set the key to 0.
To update the maximum connection timer, create the following registry key
(DWORD):
100
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\Session\
ConnectionTimer\MaxConnectionTime
and set the maximum connection time in minutes.
To enable the connection idle timer, create the following registry key
(DWORD):
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\Session\IdleTimer\
\enabled
and set the key to 1. To disable the timer, set the key to 0.
To update the connection idle timer, create the following registry key
(DWORD):
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\Session\IdleTimer\
\MaxIdleTime
and set the maximum idle time in minutes.
To enable the disconnect timer, create the following registry key (DWORD):
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\Session\
DisconnectTimer\enabled
and set the key to 1. To disable the timer, set the key to 0.
To update the disconnect timer, create the following registry key (DWORD):
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\Session
DisconnectTimer\MaxDisconnectTime
and set the maximum time in minutes to wait before logging off a disconnected
session.
Disabling RDP
If a user makes an RDP connection to a desktop, an ICA connection is not
possible until either a user logs on interactively on the console of the computer
hosting the desktop or the computer is restarted. Disconnecting the RDP session
or logging off from RDP is not sufficient. To avoid this issue, consider disabling
RDP as described in
http://technet.microsoft.com/en-us/library/bb457106.aspx.
101
102
Overview
This section describes how to carry out the following tasks:
Managing sessions. You can view, disconnect, and log off sessions. You can
also send messages to users.
The details of all these tasks are described in the following topics.
Other general management tasks, such as configuring connections and securing
farms, are described in detail in the Citrix Presentation Server Administrators
Guide.
Note: To be able to interpret security identifiers (SIDs) for either machines or
users, you need the appropriate rights to read this information in Active Directory.
If you run the Access Management Console as a user without these rights, only
SIDs appear in the console, not machine or user names. You are not prompted to
enter alternative credentials.
104
2.
Select the Virtual Desktops view so that all the desktops for that group are
listed.
3.
4.
No user can now log on to that desktop. If a user is logged on when you select
maintenance mode, maintenance mode takes effect as soon as that user logs off. If
a user tries to connect to an assigned desktop while it is in maintenance mode, a
message appears telling them that the desktop is currently unavailable and to try
reconnecting.
When a desktop is in maintenance mode, the Disable maintenance mode task
becomes available. To take a desktop out of maintenance mode, select the
desktop, then select Disable maintenance mode.
Managing Sessions
To view sessions for a desktop group
1.
2.
From the Search options in the tasks pane, select Advanced search.
The Advanced Search dialog box appears.
2.
3.
4.
Select the relevant node of the console tree (for example, Desktop
Groups).
5.
Click Search.
105
2.
If you log off a session, it closes and the desktop becomes available to other users,
unless it is assigned to a specific user.
If you disconnect a session, the users applications continue to run and the
desktop remains assigned to that user. If the user reconnects, the same desktop is
assigned. You can configure a time-out to ensure that disconnected sessions are
logged off automatically after a certain number of minutes; for further
information about this, see Configuring Connection Timers on page 99.
2.
In the dialog box that appears, type your message, then click OK to send
the message to all selected users.
2.
3.
To start powered-off or suspended VMs, from the Tasks list, select Start.
The VMs are powered-on or resumed and the list of desktops is refreshed to
show the new state.
Note: If the hosting infrastructure does not support the power-on
function, the Start task is not available.
106
2.
3.
4.
Select from the following options. Depending on the state of the machine,
some of these options may not be available:
Power off. Forcibly powers off the VM and refreshes the list of
desktops.
107
Remove the controller from the old farm OU. To do this, use the ADSetup
tool with the REMOVECONTROLLER parameter, as described in
Configuring Active Directory Using ADSetup on page 122.
2.
Use the chfarm utility to either create a new farm (if this is the first
controller in the farm) or move the controller to the new farm (if this is the
second or subsequent controller in the farm). For further information on
chfarm, see the Citrix Presentation Server Administrators Guide.
When using chfarm to move a controller to a new farm, make sure you
configure the zone name, zone preference, and license server details
correctly, because you cannot easily change these later.
3.
Add the controller to the new farm OU. To do this, use the ADSetup tool
with the ADDCONTROLLER parameter, as described in Configuring
Active Directory Using ADSetup on page 122.
4.
Restart the controller to make the new farm settings take effect.
Remove the desktops from the desktop group in the old farm. For details of
how to do this, see To update a desktop group on page 90.
2.
Note the farm GUID of the new farm. This is one of the read-only farm
properties in the Access Management Console.
3.
In the new farm, add the desktops to an existing or new desktop group.
There are various ways in which you can do this; for details, see Creating
and Updating Desktop Groups on page 75.
4.
Apply the new farms GUID to the desktops. To do this, use Group Policy.
The Desktop Delivery Controller Farm GUID policy enables you to use a
generic desktop image with multiple XenDesktop deployments. The
administrative template (ADM) file is supplied on the Desktop Delivery
Controller installation media:
platform\lang\support\configuration\FarmGUID.adm
For information about how to use ADM files, consult your Active Directory
documentation.
5.
Check the registry to ensure that the group policy has propagated to the
desktop computer, then restart the computer. This registers the desktop with
a controller in the new farm. Until you do this, the desktop is not available
to users.
108
You have a firewall between the license server and the computers running
your Citrix products, and you must specify an alternative Citrix vendor
daemon port number
Use the License Server page of the farms properties to change the name of the
license server or port number that the license server uses to communicate. You
can apply the changes to either an individual server or an entire farm. You must
also take the following actions:
If you decide to change the license server name, first ensure that a license
server with the new name already exists on your network. Because license
files are tied to the license servers host name, if you change the license
server name, you must download a license file that is generated for the new
license server. This may involve returning and reallocating the licenses. To
return and reallocate your licenses, go to www.mycitrix.com. For
additional information, see Licensing: Migrating, Upgrading, and
Renaming, which you can download from
http://support.citrix.com/pages/licensing/.
If you change a port number, you must specify the new number in all
license files on the server. For additional information, see Licensing:
Firewalls and Security Considerations, which you can download from
http://support.citrix.com/pages/licensing/.
In the left pane of the Access Management Console, select the farm.
2.
From the Action menu, select Modify farm properties > Modify all
properties.
3.
4.
Enter the name or IP address of the license server in the Name box.
5.
Enter the license server port number in the Port number (default 27000)
box.
6.
109
In the left pane of the Access Management Console, select the controller.
2.
From the Action menu, select Modify controller properties > Modify
license server properties.
3.
4.
Enter the name or IP address of the license server in the Name box.
5.
Enter the license server port number in the Port number (default 27000)
box.
110
10
This section explains how to use Citrix XenApp for Virtual Desktops in a
XenDesktop deployment to deliver applications to end users. It outlines the
benefits of using XenApp and factors to consider when deciding between
application streaming and hosting. It also explains how to configure your
deployment to provide the optimum end-user experience.
This section covers the use of XenApp for Virtual Desktops in a XenDesktop
environment. For information about using Citrix XenDesktop alongside an
existing Citrix XenApp deployment, in which XenApp is licensed separately,
refer to the Citrix Knowledge Center at http://support.citrix.com/.
112
10
113
Server Considerations
Do not install XenApp and XenDesktop on the same server. The Desktop
Delivery Controller cannot co-exist on the same computer as XenApp.
Use separate databases. XenDesktop and XenApp cannot share the same
database for the farm data store. You must use a separate database for XenApp
and for XenDesktop; however, these databases can reside on the same database
server. For more information about setting up a farm data store, see the Citrix
XenApp Administrators Guide.
114
Note: You must install the XenDesktop Presentation Server Console on the
same computer as the XenDesktop Access Management Console.
Licensing Considerations
A XenApp license is included with the XenDesktop Enterprise Edition and
Platinum Edition. You can install the XenApp license on the same license server
as your XenDesktop licenses or you can use a different license server. For details
of how to install and run Citrix Licensing, see the Getting Started with Citrix
Licensing Guide, which you can download from http://support.citrix.com/pages/
licensing/.
Important: When using XenApp as a component of XenDesktop Enterprise
Edition or Platinum Edition, you may use XenApp only to provide presentation
services to physical or virtual machines running in the XenDesktop environment.
Citrix XenApp, as so provided, may not be used to publish desktops or
applications directly to client devices.
Install the XenApp Plugin for Hosted Apps and configure applications to
appear in the Start menu
10
115
116
To ensure your users local drives are mapped, configure a policy on the XenApp
server.
On the XenApp server, launch Advanced Configuration (the new name for
the Presentation Server Console), then from Policies either create a new
policy or amend an existing policy.
2.
Select the policy and choose Properties > Client Devices > Resources >
Drives > Mappings.
3.
4.
5.
Click OK.
To apply the policy, you must create a filter for it so the server can apply it to
matching connections. For more information about how to create and apply
policies, see the Citrix XenApp Administrator's Guide.
Other USB devices, as well as devices inserted after the hosted application
has been launched from within the virtual desktop, will not be visible to
hosted applications.
To address this limitation, stream the application from XenApp, rather than host
it, so that users can access any USB drives plugged into their endpoint devices.
10
117
Important: Ensure the vDisk access is set to Private, rather than Standard,
before pre-caching streamed applications. Only when vDisk access is Private will
the application be written and saved; in Standard mode, any changes will be lost.
For more information about pre-caching applications at logon, see the Citrix
Application Streaming Guide.
118
11
Command-Line Tools
Tools are provided to enable you to install and remove controllers and the Virtual
Desktop Agent using the command line. You can also use a command-line tool to
configure Active Directory.
Description
-quiet
-showui
-passive
-createfarm <farm_name>
120
Option
Description
-edition <edition_name>
-components <component_list>
-joinfarm <controller>
-licenseserver <server>
-dsnfilepath <path>
-dbusername <user>
-dbpassword <password>
-nosites
-remove
11
121
Examples
The -passive option is an efficient way to install a large number of controllers
compared with using the Installation wizard on individual controllers.
122
Description
CONFIGURE_WINDOWS_FIREWALL Values:
0 = Do not adjust Windows firewall
1 = Adjust Windows firewall (default)
WCF_PORT
SHOW_FARM_PAGE
FARM_GUID
You must ensure that Microsoft .NET Framework 3.5 has already been installed
before you install the Virtual Desktop Agent.
11
123
Description
RUNGUI
RUNGUI [SETOU]
INITIALIZEOU
OU=<OUDistinguishedName>
[NEWOU=<OUName>]
ADDCONTROLLER
CONTROLLERLIST=
<ControllersList>
[OU=<OUName>]
REMOVECONTROLLER
CONTROLLERLIST=
<ControllersList>
[OU=<OUName>]
124
Index
Index
A
access control
configuring 83
Access Gateway
creating Web sites for remote access 19
Access Management Console 12
starting 53
access mode
setting for vDisk 73
Active Directory
configuring 50
configuring using ADSetup 122
containers 16
delegating access control 94
Organizational Units 16
replication 17
security groups 16
Service Connection Points 16
using with Desktop Delivery Controller 15
administrator permissions
configuring 94
administrators
creating 95
ADSetup command-line tool 122
advanced settings
configuring for desktop groups 83
appliances
connecting from 28
assigned-on-first-use desktops
definition 75
B
base desktop VM
adding to Provisioning Server database 71
creating 68
imaging to Provisioning Server vDisk 72
installing target device 71
C
Citrix Desktop Receiver
installing 61
Citrix Desktop Service 57
Citrix ICA Service 58
Citrix policies
creating 93
Citrix products
licensing 46
Citrix XenApp 111
client drive mapping 97
client options
configuring 86
command-line parameters for Setup.exe 119
connection timers
configuring 99
connections to desktops
preventing temporarily 104
controllers
adding to farms 51
migrating to other farms 106
D
default Web sites
modifying 18
delegated administration
configuring 94
Desktop Delivery Controller
removing 64
upgrading 62
desktop group types
overview 75
125
126
desktop groups
creating 75
creating using XenDesktop Setup Wizard 76
deleting 92
updating 89
desktop privileges
planning 21
desktops
migrating to other farms 107
user-driven restart 92
discovery
running 53
documentation 9
domain-joined computers
connecting from 30
downloads 44
E
editions 44
edition, upgrading 63
endpoint devices
security planning 22
exporting desktop and user data 87
F
farm
creating 47
planning 11
farm data store
creating 47
hosting on separate server 50
fat client devices
connecting from 31
firewalls
configuring manually 60
planning 20
I
idle pool
configuring 84
importing desktop and user data 87
installation command-line parameters 119
installation media 44
installing Desktop Delivery Controller on a single server
47
IPSec 20
L
license server settings
updating 108
licensing 4647
updating license server settings 108
logoff behavior
assigned desktops 85
configuring 85
pooled desktops 85
logs
Pool Management 79
Provisioning Server 68
XenDesktop Setup Wizard 79
M
maintenance mode
desktops 104
management consoles 12
installing separately 52
messages
sending to users 105
mixed farm support 23
multiple pools
creating 81
O
Oracle database
using 50
Organizational Unit
creating 50
P
PC-based desktop groups
creating 82
permissions
configuring 94
planning
network environment 26
user types 25
policies
creating 93
Pool Management logging
enabling 79
pooled desktops
definition 75
pre-assigned desktops
definition 75
Presentation Server Console 12
Index
ProductEdition.exe 63
Provisioning Server
installing 56
logs 68
Provisioning Server database
adding base desktop VM 71
Provisioning Server template
creating 73
R
RDP
disabling 100
remote computers
connecting from 35
replication, effects of 17
repurposed computers
connecting from 30
restarting desktops 92
S
Secure Gateway 19
SecureICA 20
security planning 19
sessions
disconnecting 105
logging off 105
viewing for desktop groups 104
viewing for user 104
Setup.exe command-line parameters 119
Shut Down command
removing 100
smart cards 37
configuring authentication methods 39
endpoint requirements 38
readers supported 37
removing 40
types supported 37
SQL Server
using 50
support and training 10
T
target device
installing on base desktop VM 71
template
creating 73
time zone settings
configuring 98
training and support 10
127
U
unattended install 119
updating
license server settings 108
upgrading 23, 61
to different edition 63
USB policy rule 96
USB support
configuring 95
user privileges
planning 21
user-driven desktop restart 92
users
planning user experience 25
V
vDisk
creating 70
imaging 72
setting access mode 73
Virtual Desktop Agent
installing 57
installing using XdsAgent.msi 122
removing 63
upgrading 62
virtual machines
creating using XenCenter 68
installing target device 71
restarting 106
shutting down 106
starting 105
VM-based desktop groups
creating using Access Management Console 79
creating using Setup Wizard 76
W
Web Interface
using with Desktop Delivery Controller 18
Web sites
modifying 18
X
XdsAgent.msi
properties 122
XenApp 111
128