Citrix Virtual Apps and Desktops

Citrix Virtual Apps and Desktops 7 2407

August 12, 2024

Contributed by:

C C

About the release

This Citrix Virtual Apps and Desktops release includes new versions of the Windows Virtual Delivery Agents (VDAs) and new versions of several core components. You can:

Install or upgrade a site: Use the ISO for this release to install or upgrade core components and VDAs. Installing or upgrading to the latest version allows you to use the latest features.
Install or upgrade VDAs in an existing site: If you already have a deployment and aren’t ready to upgrade your core components, you can still use several of the latest HDX features by installing (or upgrading to) a new VDA. Upgrading only the VDAs can be helpful when you want to test enhancements in a non-production environment.

After upgrading your VDAs to this version (from version 7.9 or later), you do not need to update the machine catalog’s functional level. The 7.9 (or later) value remains the default functional level, and is valid for this release. For more information, see VDA versions and functional levels.

For installation and upgrade instructions:

If you are building a new site, follow the sequence in Install and configure.
If you are upgrading a site, see Upgrade a deployment.

Citrix Virtual Apps and Desktops 7 2407

Secure Default Settings

The VDA installer has a new option that changes the default setting for various features from enabled to disabled for a more secure out-of-box configuration. For more information, see Install VDAs.

Enhancement to the usage telemetry reporting

The usage telemetry reporting feature is now enhanced to collect and process data on how licenses are utilised for Citrix products, components, and features that are deployed in customer-managed environments. This enhancement ensures compliance with licensing for Citrix on-premises products.

To leverage this enhancement, update to the latest version of the license server. For more information, see:

For the list of Licensing Telemetry data elements, see Citrix Licensing Telemetry data elements.

Virtual loopback port exclusions

You now have the option to exclude specific ports from virtual loopback so that calls made by applications to the loopback address on any ports specified are not changed to the session-specific loopback address. For more information, see Virtual loopback.

Improved LogonUI window scaling for seamless apps

The LogonUI windows scaling is now improved for scenarios where authentication pass through does not occur. The LogonUI window is scaled based on the monitor resolution and DPI settings used which ensures that the complete LogonUI windows is visible without any clipping. For more information, see How to modify LogonUI to view Windows disclaimer message in full size when opening published applications.

Sign out checker enhancements for published applications

With this new feature, you now have the option to automatically detect the startup apps configured in the system, and automatically add them to the list of system processes so that these applications don’t block sign-out when the last published application window is closed. For more information, see Troubleshooting session sign-out issues with Published Applications.

Virtual channel allow list for DVC

You can now use the Virtual channel allow list for DVC to control which custom dynamic virtual channels are allowed in your environment. For more information, see Virtual channel allow list for DVC.

Virtual Delivery Agents (VDAs) 2407

Doc restructure for third-party VDA deployment methods

The third-party VDA deployments page is restructured to contain additional detailed instructions. For more information, see Third-party VDA deployments.

Token-based VDA enrollment for non-MCS provisioned VDAs (Preview)

With this feature, you can now generate and manage enrollment tokens for non-MCS-provisioned VDAs. This implementation allows VDA registration over WebSocket without provisioning the VDAs with MCS. This feature also supports Linux Virtual Delivery Agent, Citrix Virtual Delivery Agent for macOS, and non-domain joined VDAs with Citrix Virtual Apps and Desktops. For more information, see Enroll non-MCS provisioned VDAs using tokens.

Web Studio

Contextual App Protection

With this feature, the administrators can apply App Protection Anti-Screen Capture and Anti-keylogging control on devices and users contextually instead of having the controls always enabled or always disabled. This implementation helps you to enforce App Protection Anti-Screen Capture and Anti-keylogging only when required. For more information, see Manage App Protection.

Smart card authentication support

Web Studio now supports smart card authentication, enabling administrators to access Web Studio using PIV and CAC cards. For more information, see Set up smart card authentication for Web Studio and Enable smart card authentication.

Tenant management

With tenant management, you can now set up management partitions within a single Citrix Virtual Apps and Desktops site. This feature is ideal for organizations that operate with different business silos, such as independent divisions or separate IT management teams.

To set up tenant management, follow these steps:

Create tenants. Go to Administrators > Scopes, create tenant scopes, and associate those scopes with related resources and configurations, such as machine catalogs and delivery groups.
Add administrators for tenants. Go to Administrators > Administrators, and assign user accounts with roles and tenants as necessary.

As an administrator with appropriate access to a tenant, you can view and select its name in the All Tenants dropdown list in the top right corner of Web Studio. Then, manage resources and configurations associated only with that tenant. For more information, see Set up tenant management.

Tenant feature

Enable Local Host Cache (LHC) for power-managed single-session pooled VDAs

By default, single-session pooled VDAs provisioned using MCS or Citrix Provisioning are unavailable when in LHC mode. With Web Studio, you can now override this default behavior on a per-delivery group basis, making those VDAs available for new connections during LHC. For more information, see Create delivery groups and Manage delivery groups.

Generate and manage VDA enrollment tokens

Token-based VDA enrollment reduces the load on Cloud Connectors and lowers potential failure points. With Web Studio, you can now generate and manage enrollment tokens for non-MCS-provisioned VDAs, streamlining enrollment token-based deployments. For more information, see Generate and manage enrollment tokens.

Create persistent multi-session VMs

When creating a catalog of multi-session machines, you can now specify whether to make them persistent. For persistent multi-session machines, keep in mind that changes users make to the desktops are saved and accessible to all authorized users. For more information, see Create machine catalogs.

Peak Autoscale Assigned PowerOn

When persistent desktops are powered on but remain unused or if no user logs on, the administrators can define the wait time to take actions like, no action, suspend, or shutdown.

For assigned machines, where it is powered on but a session has not been connected to it within the set time after the start of peak time, then you can add a policy to the delivery group level to turn off the machine.
For assigned machines, where it is in resumed state but a session has not been connected to it within the set time after the start of peak time, then you can add a policy to the delivery group level to suspend the machine.

This feature is helpful if there is an end user who is on PTO, or has not logged on, or if a company has a long weekend, then you can set the wait time and machine disconnection actions to take to help reduce the Azure consumption cost. For more information, see Single-session OS random delivery groups and Single-session OS static delivery group.

Deliver packaged applications to single-session static desktops and office PCs

With this enhancement, you can now deliver packaged applications to all types of desktops. To deliver packaged applications to desktops, add those applications to the delivery groups using these ways:

Add applications during delivery group creation.
Add applications to an existing delivery group using one of these entries: Delivery Groups > Add Applications > Applications, Applications > Properties > Groups, or App Packages > Packages > Add Delivery Groups.

For more information, see Create delivery groups, Manage delivery groups, and Add applications to delivery groups.

Modify desktop display names

We’ve enhanced the Machine Allocation page for single-session OS static delivery groups by introducing a new column, Display name. With this addition, you can now modify desktop display names for machines assigned to users. For more information, see Manage user assignments.

Restart and shut down single-session machines from the Search node’s Sessions tab

On the Sessions tab of the Search node, you can now search for user sessions in an unhealthy state and seamlessly restart or shut down the associated single-session machines within the same tab. This feature enhances efficiency, enabling prompt action on identified session issues within a single interface.

Assign drive letters to write-back cache disks

Previously, you could assign a specific drive letter to the write-back cache disk only by using a PowerShell cmdlet. You can now accomplish the same task using Web Studio. For more information, see Create Microsoft catalogs.

Retry creating catalog after failure

When catalog creation fails, you can now retry creating the catalog. To ensure successful creation, check the troubleshooting information and resolve the issues. The information describes the issues found and provides recommendations for resolving them. Failed catalogs are marked with an error icon. To see the details, go to the Troubleshoot tab of each catalog. For more information, see Manage machine catalogs.

Display client IPs in configuration logs

In Logging > Events, you can now view IP address details in logs, facilitating tracking of action origins. To show the IP address column in the main view, click the Columns to Display icon in the top right of the logs, and then select Client IP.

Enhancements to contextual help

We’ve redesigned the help panel to provide a more informative experience, offering targeted information for each node within Web Studio. By clicking the Help icon on any node, you can now access a comprehensive set of resources aimed at providing a one-stop learning experience, helping you better understand related features:

Access key documents specifically related to the selected node.
Stay informed about service updates including Citrix Roadmap, Known issues, Limits, System requirements, and What’s new features.
Access expanded resources such as Citrix Blogs, Citrix Community, Citrix Feature Explained, Citrix Product Documentation, Citrix Support, and Developer Documentation.

Enhanced search

We’ve enhanced the Search node by introducing the following new features:

Two new filters, Zone and Provisioning Type, for enhanced precision and improved usability.
Two new columns:
- User Display Name column on the Sessions tab. With this column, you can quickly identify sessions associated with a specific user.
- Desktop Display Name column on both the Single-session OS Machines tab and the Sessions tab. With this column, you can quickly identify the machine associated with a specific desktop.
New filters for efficient searching. For more information about these two columns, see Machine actions and columns and Session actions and columns.
Filter pins on the search panel of the Search and Machine Catalogs nodes, allowing you to keep the frequently used search filters accessible on the pages.

Enhancements to the Applications node

We’ve implemented the following enhancements in the Applications node:

Extended the functionality of Columns to Display and Export to both Applications and Application Groups tabs. With the newly introduced icons at the top right corner, you can now customize the main views for applications and application groups, and export records from those views to CSV files.
Added the Zones field in the Details pane of applications, enabling you to view the zones where an application resides. This information is helpful when distinguishing between applications sharing identical names but originating from different zones. For more information, Zones.

Data caching for the Machine Catalogs and Hosting nodes

We’ve introduced data caching for the Citrix DaaS Machine Catalogs node. This enhancement significantly reduces the page load times when you navigate to the Machine Catalogs node, improving the overall user experience.

Redesigned Access Policy UI for more flexible resource access control

We’ve redesigned the Edit Delivery group > Access Policy UI to give you more flexibility in managing resource access for delivery groups. The following are the key features available with the new design:

Support for adding policies. You can now add access policies to restrict resource access based on attributes of user connections. A policy can consist of two types of criteria:
- Inclusion criteria. Let you specify user connections that are allowed to access the delivery group.
- Exclusion criteria. Let you specify user connections that are prohibited from accessing the delivery group.
Expanded filter support. You can now define inclusion and exclusion criteria using a range of SmartAccess filters. Those filters include Workspace filters such as Citrix.Workspace.UsingDomain and Citrix-Via-Workspace, as well as filters for network location-based adaptive access.
Match All logic support for included criteria. The new logic enables you to achieve a high level of precision and control when specifying allowed user connections for delivery groups.

For more information, see Restrict access to resources in a delivery group.

Advanced image filtering for AWS catalog creation

When selecting machine templates during AWS catalog creation, you can now filter the AWS AMI inventory for a target template using these search criteria:

Image name
Image ID
Image tags

The machine template list loads dynamically as you scroll down the list - 25 items are initially loaded and more loaded as you scroll.

Support for creating VMs that support hibernation on AWS

You can now create machine catalogs that support VM hibernation in your AWS environments, enhancing the overall cost-effectiveness of your deployment. Note that you can also edit a catalog to include hibernation-capable VMs if the associated machine profile supports this capability. For more information, see Hibernation.

New policy validations

Additional policy validations are added. As a result, enabling policies or doing an in-place upgrade might lead to loss of policy data if invalid policy settings are present. If you create or edit the policies using a method other than Web Studio, Citrix recommends you use the latest version of the SDK and snap-in. For more information, see CTX676686.

Policy sets

In Web Studio > Policies, you can now group policies together for simplified role-based access using policy sets. You can then assign scopes and delivery groups to your policy sets so that only authorized administrators can manage the policies that apply to their relevant users and machines. For more information, see Policy sets.

Multi-select policies

You can now select multiple policies and checkout the following enhancements:

Click a policy row: If you click a policy row, the actions bar at the top shows actions of a single policy. The details pane at the bottom provides information about the policy.
Select the check boxes of multiple policies: If you select the check boxes of multiple policies whose statuses are either enabled or disabled, then the actions bar at the top shows actions of multiple policies. The details pane at the bottom displays the number of policies selected.

Note:

After you select multiple policies, you can view the details of another single policy by clicking the row of that policy. This action does not clear the previously selected policies. However, the right-click action does not display the actions for that policy row.

Clarity on dependent policies

Some settings are dependent on other settings. Previously, policy settings were dependent on each other but the relationship among the settings lacked clarity. For example, a child setting might be configured, but if its parent setting is not enabled, the child setting configured does not take effect. The dependencies were not clear before. Starting with this release, clarity is provided on which are the parent policies that must be configured first before you can configure the child policies. For more information, see Policy settings.

Simplified subnet updates for machine catalogs

Previously, to change the subnet settings of a machine catalog, you had to delete and recreate it. With this feature, you can now achieve the same functionality by editing the catalog. Note that only new virtual machines created under the catalog will be on the newly associated subnets. This enhancement reduces the need for catalog deletion and associated tasks. For more information, see Edit a catalog.

New policy setting - Session metric collection

This setting allows Citrix to collect user and machine session metrics between the VDA and Workspace to improve the user experience.

Citrix collects data such as operating system, uptime, computer system information, video controller details, VDA version, deployment type, and domain joined status. Additionally, you can gather some session configurations, along with performance and reliability data, are gathered to aid product improvement efforts. By default, this setting is enabled. For more information, see Session metric collection.

Integration of Secure Private Access with Web Studio

Starting from 2407, the Secure Private Access integration with Web Studio is enhanced such that the admins can access the SPA console within the Web Studio console. For more information, see Integration of Secure Private Access with Web Studio.

Citrix Director

Application usage monitoring charts on Dashboard

Now, Citrix Director helps you to monitor the usage of published applications. This feature is present on the Dashboard and contains curated charts to help the IT admins or application admins to gain insight into which applications are heavily used and the extent of their usage.

These charts comprise of the following data points for the last 24 hours:

Total number of applications in use
Most used applications (limit 10) by total number of distinct users
Most used applications (limit 10) by total number of application launches
Top peak concurrent application instances

Through this visualization, customers can get visibility into the popular published applications to perform a Consumption versus Entitlement analysis to optimize on cost incurred on purchasing software licenses.

Note:

This feature is available only for the platinum-licensed sites.

Application monitoring

For more information, see Application usage monitoring charts on Dashboard.

Unified search for cloud and on-premises users

Previously, during triage when you search for a user in Director, you get the user details only if the user is from an on-premises site. If the user is from a cloud site, you had to go to Monitor and search again. With this enhanced search functionality, you can search for users from cloud sites or on-premises sites using the Search option in Director. This feature reduces the mean time to resolve issues and provides a seamless experience with a single console without any rapid growth in the size of the database.

For more information, see Unified search for cloud and on-premises users.

Improved Session Logon view

The new Machine Start-up option with the following sub-sections on the Session Logon tab on the Filters -> User Details page provides the breakdown of the time taken to start a virtual machine during different phases:

Power on - Displays the time taken to power on a virtual machine
Boot-up and registration - Displays the time taken to boot up and register a virtual machine

The newly introduced collapsible button on the Session Logon page helps to collapse or expand the options on the Machine Start-up and the Interactive Session.

Along with the default Logon Duration Phases table options, which are Session Logon Phase and Duration, you can also choose the following columns on the Session Logon page:

Start time
End time
Delivery Group’s 7 Day Avg (sec)
User’s 7 Day Avg (sec)

You can also export the preceding data to a .CSV file.

The newly added columns Power on and Boot up and registration can be added to the Logon Duration by User Session table in the Trends -> Logon Performance > Choose Columns. You can also export the reports on the Logon Performance screen.

This enhancement helps to understand and easily troubleshoot issues related to logon duration. For more information, see Diagnose user logon issues.

Options to troubleshoot when ICA RTT or Session Logon Duration data fails to populate

Previously, when EUEM service or Profile Management service failed to run, the reason for failure in getting the data related to ICA RTT or Session Logon Duration wasn’t displayed. With this new feature, you can get the reason for the failure and the corresponding solution for the failure.

For more information, see Options to troubleshoot when ICA RTT or Session Logon Duration data fails to populate.

Published desktop name

Citrix Director now displays the published desktop name in the UI. This new field allows you differentiate among user groups within the same delivery group. You can also generate custom reports for these user groups. This new field is added to Filters, Custom Reports, or to Machine Details sections of Citrix Director UI.

Advanced alert policies

The Proactive Notification and Alerting feature of the Director is enhanced to include a new alerting framework named Advanced Alert Policies. With this feature, you can create alerts by including granular details for each element or condition, thereby enhancing the control over the alerts scope. Currently, these policies include alerts for cost savings and infrastructure.

This feature helps you to reduce excessive alerts which might lead to reduced responsiveness or effectiveness in addressing important issues. This policy helps to measure effectiveness of alert policies and engagement from admins.

Director Advanced alert Policies

For more information, see Advanced alert policies.

Enhancements on alert content

The alerting feature of the Director is enhanced to include a CSV attachment and a JSON payload. With this enhancement, you can get alert details in a CSV attachment over email or as a JSON payload in case of a webhook. Using this CSV attachment and JSON payload, you can receive enriched content at a detailed level, aiding in the quick identification and resolution of issues.

Currently, this enhancement is available only on the following alerts:

Machine uptime
Failed power on actions
Failed power of actions
Unregistered machines (%)

For more information, see Enhancements on alert content.

Option to view and filter session type and last boot time

Citrix Director now offers an option to add Session Type as a new column. The different session types available are desktop and application. You can also add Session Type as a new column by adding it at Filters > Sessions > Choose Columns. This is also added at Trends > Sessions.

Similarly, a new option to find out the Last Boot Time is added on the Filters > Machines section. You can also add Last Boot Time as a new column by adding it at Filters > Machines > Choose Columns.

Option to filter data by time period in Sessions and Application instances

Citrix Director now includes the time period filter in the Sessions and Application instances of the Filters tab. You can now filter the sessions and application instances for:

Last 60 minutes
Last 24 hours
Last 7 days

Also, the custom time period option is added in the Sessions, Connections, and Application instances of the Filters tab.

For more information, see Filter data to troubleshoot failures.

Enhanced Performance Metrics panel

The Performance Metrics panel has an enhanced visualization of the historical data metrics. When you click the Session Performance tab, along with the last 15-minutes data, you can view the last 24 hours data for ICARTT and ICA Latency. This enhancement helps to reduce mean time for resolution by enabling admins to triage issues even though the session was terminated in the last 24 hours.

For more information, see Performance Metrics.

Enhancement to Session Performance tab

The Session Topology section of the Session Performance tab is enhanced to include the following:

Additional details on Connector and Citrix Gateway in the Session Topology view such as endpoint IP, endpoint OS, and Citrix Workspace app version in the endpoint hop
Pop ID, location and country of gateway service, connector IP, connector name, and resource location
Details on the missing data elements of Connector and Citrix Gateway and links to download the latest version
Hypervisor details such as the hypervisor type, host connection name, and host name
Name of the HDX protocol in the session details section and in the session topology view
The following endpoint metrics which exist in the Citrix Workspace app for Windows:
- Wi-Fi signal strength
- Throughput incoming and outgoing
- Network interface type
- Link speed

This enhancement helps to troubleshoot issues regarding sessions quickly.

Enhancement on triaging user profile load issues

Citrix Director now supports the Profile Load duration and container metrics collection from Citrix Profile Management container and FSLogix container. This enhancement assists the admins to receive comprehensive profile usage and performance data in user session reports. With this data you can identify and resolve issues with greater efficiency.

For more information, see Profile load.

Cost optimization

Citrix Director now introduces a new feature called Cost Optimization, which helps you to analyze the usage of virtual machines and sessions effectively. This feature provides insightful visual representations on how to optimize the cost. It also helps you to eliminate unnecessary machines and thereby reducing costs.

The Cost Optimization page includes the following features:

Cost savings [Preview]

The Cost savings page provides a visual representation of infrastructure savings accrued over a selected period and forecasts expected savings for the remaining days. By analyzing machine usage and sessions, this page helps you to identify achieved savings and opportunities for cost reduction. This page offers:

Insight into the optimization of infrastructure costs
The amount saved
Information on a range of scenarios that might result in exceeding projected costs
Potential opportunities for identification and strategic planning to realize infrastructure cost savings

The Cost Optimization > Cost savings page includes Estimated savings and Autoscale savings report.

The Estimated savings helps to evaluate the efficient utilization of infrastructure resources. The Estimated savings help to evaluate the efficient utilization of infrastructure resources. The cost savings are displayed in the currency of the hypervisor or as a percentage of the cost incurred. You can view the results for the last:

Seven days
Thirty days
Three months
Six months
Twelve months

The Estimated savings graph displays the following:

Estimated savings - Displays the amount of savings achieved in infrastructure for the selected duration
Power managed machines - Displays the total number of power-managed machines.
Projected savings - Displays how much infrastructure savings can be done for the remaining duration

The Autoscale savings report displays information about the delivery group for which the autoscale is configured and enabled. This report is applicable only for power-managed machines.

For more information, see Cost savings.

Infrastructure rightsizing

The Infrastructure Rightsizing page helps you to analyze the provisioning and sizing aspects of your delivery group based on the resources utilization. Based on this analysis, you can optimize the machine provisioning and sizing to match the utilization pattern. You can optimize your infrastructure costs by reducing spending on the unused resources. You can also choose to opt for lower CPU and memory specifications machines if the resource utilization is consistently lower than provisioned. You can optimize for performance by opting for a higher CPU and memory specifications machines if the resource utilization is consistently higher and see evidence of it impacting the session experience such as Logon and ICARTT metrics.

You can filter the Infrastructure rightsizing using the following:

Delivery Group - You can filter for single-session OS or multi-session OS delivery groups
Tags - Tags are the tag names applied to the machine. So, you can filter machines with the same tags. You can select multiple tags up to five tags. When you select multiple tags, you can filter for all the machines which have at least one of those selected machine tags applied.
Time period - You can filter the data for the last 24 hours, 7 days, and 30 days.

The Infrastructure rightsizing page offers:

Insight in to the utilization details
Summary of the resource utilization
Trends on the resource utilization

Click the Cost Optimization tab from the left menu on the Home page. And then, click the Infrastructure rightsizing tab to access the Infrastructure rightsizing page.

You can also click the Rightsize this delivery group link from the Infrastructure details section in the Cost Optimization tab > Cost savings to access the Infrastructure rightsizing page.

For more information, see Infrastructure rightsizing.

Inspect machines with recent power actions

You can now inspect machines with the status of the success and failed power actions. This feature helps you to analyze the following:

Power on failure which causes user issues
Power off failure which increases cost

Note:

Data is available only for the power-managed machine. Data is not available for the power actions taken before the feature was supported.

You can view the power action status of the machines using the following ways:

From Filters -> Machines tab. In this case, by default the Power Action Time and the Power Action Result columns are visible. You can also select the columns that you want to visible.
From Cost Optimization tab. In this case, the default filter is Power Action Triggered By is set to Autoscale and the Power Action Result is set to Failed.

With this feature, you can view the details of the power action controls. For example, you can view who triggered the action, which action changed the power state, the reason for failure, and the time when the action is completed. You can also export these details.

For more information, see Inspect machines with recent power action.

Failed power on action and Failed Power off action alert

The Proactive Notification and Alerting feature of the Director is enhanced to include two new alerts, Failed power on action and Failed Power off action alerts based on the number of power-managed machines failed to power on or off in a delivery group. The new alert condition allows you to configure alert thresholds as the number of power-managed machines failed to power on or off in a delivery group.

For more information, see Failed power on action and Failed Power off action.

Machine uptime alert

The Proactive Notification and Alerting feature of the Director is enhanced to include a new alert, Machine uptime alert based on the uptime of a power managed machine in a delivery group. For every delivery group for which the machines crossed the threshold, you get an attachment or webhook alert for that delivery group alone.

The new alert condition allows you to configure alert thresholds as the number of hours per day, hours per week, or hours per month for a machine is turned on in a delivery group.

For more information, see Machine uptime alert.

Unregistered machines alert

The Proactive Notification and Alerting feature of the Director is enhanced to include a new alert, Unregistered Machines (in %) based on the percentage of unregistered machines in a delivery group. The new alert condition allows you to configure warning and critical threshold values as a percentage of unregistered machines in a delivery group.

For more information, see Unregistered machines.

Integrations and data exports

Citrix Director now provides a new UI for integrations and data exports. This feature helps to improve the awareness of the various interfaces and third-party integrations available in Citrix Director. The newly introduced Integrations and Data exports page lists the following:

Available integrations
Supported developer tools

This page also describes the REST API set up for data exports and provides reference links to the guides and documents to get started with the integrations and developer tools.

Currently, Citrix Director is integrated with the Power BI observability. You can use this feature to export performance data and events from Citrix Director to Power BI using the REST APIs.

Click Integrations and Data exports from the left navigation menu. The Integrations and Data exports page appears.

Integrations and data exports

For more information, see Integrations and data exports.

Diagnose historical user sessions [Preview]

Citrix Director now displays the details of sessions in active, disconnected, or in terminated state. Previously, you could see the details of active sessions only. With this feature, help desk admins can troubleshoot issues with a session that was ended or in a terminated state. The session details are available for the last 24 hours and last 2 days. You can view the following details of an ended or terminated session:

Machine Details panel - Displays the available details of the machine where the selected session was launched.
Session Details panel - Displays the available details of the selected session.
Session logon duration - Displays the information on the logon duration taken for the selected session. You can view the chart on time taken for brokering, machine start-up, HDX connection, authentication, GPOs, logon scripts, profile load on disk, and interactive session.

For more information, see Diagnose historical user sessions.

Activity Manager for Secure Private Access session [Preview]

Citrix Director offers the Activity Manager view for Secure Private Access sessions which gives you an overall view of the session activities. The Activity Manager provides a comprehensive view of all apps and desktops that are successfully opened, failed to open, and the outcome of the policies set in the Secure Private Access app.

The Activity Manager is displayed with the Available Apps and Launched Apps details. You can find the following session details:

Launch time
Resource name
Resource type
Accessed resource
Status
Transaction ID

You can also filter the preceding details with the application status such as Allow, Deny, and Error. You also sort the details with the up and down arrows.

Activity Manager

For more information, see View the Activity Manager for Secure Private Access session.

Session topology view for Secure Private Access apps [Preview]

You can view the session topology for the apps opened using Secure Private Access. Click the required app from the Activity Manager to view the Session Topology of the selected app.

Activity Manager

From the Session Topology view, you can view the app that is opened using Secure Private Access, the status of policy evaluation, and the status of app launch. You can also find the details of the app, policy evaluation, and the session details.

For more information, see the Session topology view for Secure Private Access apps.

Infrastructure monitoring [Preview]

Citrix Director now offers visibility into the operational health of Citrix Virtual Apps and Desktops components. This feature helps you to easily identify, troubleshoot, and resolve issues related to your infrastructure. Currently, the health of the Citrix Provisioning (PVS) and StoreFront components are monitored.

To support this feature, a new Windows executable named Citrix Infra Monitor is introduced. This helps with the collection and transmission of relevant health metrics from PVS or StoreFront servers to Director.

This feature helps you to get critical monitoring data sets and proactive alerts with respect to PVS and StoreFront servers system metrics on a single console in Director. Data is collected every five minutes from the monitoring components to ensure the latest information.

This feature aims to enhance operational efficiency by offering proactive monitoring, detailed metrics, and automated alerts, ensuring your Citrix infrastructure runs smoothly and efficiently.

Key features

Real-time monitoring:

Continuous monitoring of Citrix infrastructure components such as Citrix Provisioning (PVS) servers and StoreFront.
Dashboard views presenting system health, resource utilization, and relevant performance metrics.

Detailed analysis:

Provides detailed analysis on the system health metrics such as connectivity status, and service or process status for each component.
Details on the resource utilization metrics such as CPU, memory, and disk utilization.

Automated alerts and notifications:

Customizable alert thresholds for various metrics and states with granular scopes.
Real-time notifications through email and webhooks.

Use-cases

Operational efficiency:

Ensures that Citrix admin teams can maintain high availability and performance of their Citrix servers and services. This feature also helps in minimizing downtime by proactively identifying and alerting admins on issues before they impact significant user groups.

Faster ticket resolution:

Monitors key metrics on server health and performance to evaluate the optimal delivery of virtual applications and desktops to users. Use these metrics to diagnose and resolve user complaints related to performance by analyzing associated components.

For more information, see Infrastructure monitoring [Preview] section.

Infrastructure policy [Preview]

This policy is introduced to create alerts related to the health of supported Citrix Virtual Apps and Desktops components.

Once the Infrastructure monitoring setup is completed, you can use the health data available in Director to configure alerts for any required component. Admins can set conditions, scopes, and notification mediums to receive important alerts through emails or a json payload through webhooks. The alerts raised are also available in the Citrix Alerts section for analysis and management.

As part of this policy, the following four new categories are introduced:

Reachability
Dependent services
Impact
Resource utilization

You can set different conditions and can modify the severity of the preceding categories as required in the Critical and Warning section. You can also schedule re-alert intervals for these alerts.

Conditions within each category can be set with the severity of Critical and Warning based on your organizational priorities. You can also schedule re-alert intervals for these alerts.

For more information, see Infrastructure policies (Preview) section.

Citrix Scout

Enhancement to Trace and Reproduce procedure

Previously, you could use UI to import the saved CDF traces in the Trace and Reproduce procedure.

Starting with the 2407 release, this UI option is removed. When you enable additional log collection, Scout automatically detects the CDC-related tools installed on your machine and auto collects the CDC tool-related trace logs in the zip package. You can customize these zip file and attach it to Scout. With this automation, you can use Citrix Scout more effectively and diagnose the issues quickly.

For more information, see Enable additional log collection.

Machine Creation Services (MCS)

Increased limit of replicas per image version in Azure

Azure has increased the maximum count of replicas for a gallery image single version to 100. With the increase in limit, you can now set the property SharedImageGalleryReplicaMaximum to a maximum value of 100 while creating an MCS machine catalog using the Azure Compute Gallery image. For more information, see Configure Azure Compute Gallery.

Support for Azure’s nested virtualization

With this feature, if you configure the master VM with nested virtualization enabled, then all VMs in the MCS machine catalog created using that master VM have nested virtualization enabled. This feature is applicable to both persistent and non-persistent VMs. You can update an existing MCS machine catalog and existing VMs to have nested virtualization through image update.

Currently, only Dv3 and Ev3 VM sizes support nested virtualization.

For information on nested virtualization, see the Microsoft blog Nested Virtualization in Azure.

Get warnings messages for hibernation failure

You can now get warning messages using a PowerShell command Get-ProvOperationEvent in case of hibernation failure of MCS-provisioned and existing hibernation-capable VMs. For more information, see Get warnings messages for hibernation failure.

Validate permissions on host connection in Azure

Previously, in Azure environments, you could validate only the host connection credentials (client id or application id) used to create a connection to Azure.

With this feature, you can:

Get the list of permissions assigned to your host connection credential
Get the list of operations that can be performed with the permissions assigned
Information on the permissions required
Information on how to add the desired permissions

This helps you to troubleshoot and get necessary permissions ahead of time so that you can perform the tasks without being blocked. For more information, see Validate permissions on host connection.

Change disk encryption in Azure

With this feature, you can now change the disk encryption in Azure virtualization environments. You can do the following:

Create an MCS machine catalog with a disk encryption set (DES) that is different from the master image DES.
Change the disk encryption type from one DES key to another DES key of an existing MCS machine catalog and existing VMs.
Update an MCS machine catalog and VM that was not previously CMEK enabled to have customer-managed encryption key (CMEK) encryption (DES), disk encryption at host, or double encryption.
Update an existing MCS machine catalog and VM to be non-encrypted that was previously encrypted.
Enable disk encryption with private endpoint (an MCS machine catalog that used a host connection enabled with ProxyHypervisorTrafficThroughConnector).

For more information, see Change disk encryption.

Support for modifying the page file settings

With this feature, you can modify the page file settings of the newly added VMs to an existing catalog without updating the master image. Currently, this feature is applicable to only Azure environments.

To modify the page file settings, you need VDA version 2311 or later. You can modify the page file settings using the PowerShell commands. For more information on modifying the page file settings, see Modify page file settings.

MCS creates ID Disks with GP3 volume type in AWS environment

Previously, in AWS environments, the Identity disks (ID) of VMs were of GP2 volume type. With this feature, MCS can now provision VMs with Identity disks of GP3 volume type. As GP3 volume type is the cheapest option offered by AWS, this feature minimizes cost.

The feature is applicable only to the VMs added to a new catalog and new VMs added to an existing catalog. Existing VMs created before this feature continues to have ID disks with GP2 volume type, unless the ID disk is reset.

Support for capturing additional properties using machine profile source in AWS

In AWS environments, with this enhancement, you can now create or update a machine profile-based catalog to include the following:

Capture CPU options, tenancy type, and hibernation capability from the machine profile source while creating an MCS machine catalog.
Change the tenancy type of the machine profile source while editing an MCS machine catalog. This functionality is applicable to the new VMs added to the catalog.
Change the hibernation capability of the machine profile source while editing an MCS machine catalog. This functionality is applicable to the new VMs added to the catalog.

The machine profile source can be a VM or launch template version. This feature is applicable to both persistent and non-persistent catalogs.

For more information, see Create a catalog using a machine profile.

Support for encrypting ID disk of an MCS machine catalog VMs in AWS

Previously, in AWS environments, MCS allowed the encryption of only the OS disk of the provisioned VMs. With this feature, you can now encrypt the ID disk in addition to the OS disk. This functionality allows you to use AWS KMS keys (Customer managed key and AWS managed key) to perform cryptographic operations on the disks attached to a VM.

For encryption of OS and ID disks, configure one of the following:

Use a master image that is encrypted (for example, an AMI created from an instance or snapshot that contains a root volume encrypted with KMS key)
Use a machine profile source (VM or launch template) that contains an encrypted root volume.

For more information, see Encrypt OS and ID disks.

Validate permissions on host connection in AWS

In AWS environments, you can now validate permissions on a host connection to do tasks related to creating and managing MCS machine catalogs. This implementation helps you to find out the missing permissions required for different scenarios such as creating, deleting, and updating VMs, power management of VMs, and EBS encryption, ahead of time so that you can avoid being blocked at critical times. For more information, see Validate permissions on host connection.

Support for inheriting labels from a machine profile source to the VMs and disks in GCP

With this feature, MCS machine catalog VMs and disks (Identity Disk, Write-cache Back Disk, and OS disk) can now inherit the labels of a machine profile source (GCP VM instance or instance template). You can use the labels to distinguish instances owned by different teams (for example, team:research and team:analytics), and further use it for cost accounting or budgeting. For more information on labels, see the GCP document Organize resources using labels.

This feature is applicable to persistent and non-persistent MCS machine catalogs.

You can create a new MCS machine catalog, update an existing catalog, and update existing VMs to inherit the labels from a machine profile source.

For information, see VMs and disks with inherited labels.

Create Citrix Provisioning catalogs using MCS PowerShell commands in XenServer

You can now create Citrix Provisioning catalogs using MCS PowerShell commands in XenServer environments. You can create both machine-profile based and non-machine profile based Citrix Provisioning catalogs. For more information, see Create Citrix Provisioning catalogs in Citrix Studio.

Support for inheriting custom tags from machine profile to the provisioned VMs

You can now add the custom tags of an SCVMM VM to the MCS provisioned VMs along with the default CitrixProvisioningSchemeId tag. To add the custom tags to the provisioned VMs, you must use the SCVMM VM as a machine profile while creating or updating an MCS machine catalog. If you remove a VM from a catalog, then only the CitrixProvisioningSchemeId is removed from the tag. The custom tags are not deleted from the VM. This feature applies to a new MCS machine catalog and new VMs added to an existing catalog. For more information, see Create a catalog with a machine profile.

Validate configuration before creating an MCS machine catalog

With this feature, you can now validate configuration settings before creating an MCS machine catalog using the parameter -validate in New-ProvScheme command. After you run this PowerShell command with the parameter, you get an appropriate error message if there is an incorrect parameter used or a parameter has conflict with another parameter. You can then use the error message to resolve the issue and successfully create an MCS machine catalog using PowerShell.

Currently, this feature is applicable to Azure, GCP, and VMware virtualization environments. For more information, see Validate configuration before creating an MCS machine catalog.

Repair the identity information of active computer accounts in AWS, GCP, and XenServer

In AWS, GCP, and XenServer environments, you can now reset the identity information of active computer accounts that have identity-related problems. You can choose to reset only the machine password and trust keys, or reset all configuration of the identity disk. This implementation is applicable to both persistent and non-persistent MCS machine catalogs. Currently, the feature is supported only for AWS, Azure, GCP, VMware, and XenServer virtualization environments. For more information, see Repair the identity information of active computer accounts.

Support for assigning a specific drive letter to MCS I/O write-back cache disk

Previously, the Windows operating system automatically assigned a drive letter to MCS I/O write-back cache disk. With this feature, you can now assign a specific drive letter to an MCS I/O write-back cache disk. This implementation helps you to avoid conflicts between the drive letter of any applications that you use and the drive letter of MCS I/O write-back cache disk. This feature is applicable to only Windows operating system. For more information, see Assign a specific drive letter to MCS I/O write-back cache disk.