HDX Adaptive transport with EDT support for Citrix Gateway service - Tech Preview
EDT transport mechanism for Citrix Virtual Apps and Desktops is faster, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections. EDT delivers a superior user experience by dynamically responding to changing network conditions while maintaining high server scalability and efficient use of bandwidth.
Compared to TCP ICA, EDT delivers a superior user experience. When EDT is not available, EDT intelligently switches to TCP ICA to deliver the best performance.
EDT through Gateway Service is supported only for VDA versions 1912 and later, so any machines running VDA versions older than 1912 will only be able to establish sessions over TCP
Create a Delivery Group to facilitate isolating the configuration to the desired machines and VDA version 1912 and later.
Requirements for HDX Adaptive transport with EDT support
- Virtual Delivery Agent (VDA) 1912 or later.
- Adaptive Transport must be enabled in Citrix policy. See the Adaptive Transport setting documentation for details.
- Rendezvous protocol must be enabled for EDT. See the Rendezvous Protocol documentation for details.
- Firewall rules must be configured to allow EDT (UDP) traffic. See the Network Ports documentation for details.
- All prerequisites for rendezvous must be met. See the Rendezvous Protocol documentation for details.
- Create a Delivery Group to facilitate isolating the configuration to the desired machines and required version. For details see Create Delivery Groups and Manage Delivery Groups.
- Enable MTU discovery for use with Windows devices. Refer to the EDT MTU Discovery documentation for more details.
- Reorder the cipher suites on the VDA machines as outlined in the Rendezvous protocol documentation.
If EDT negotiation fails for any reason, the session falls back to TCP with Rendezvous. And if that fails, then the session falls back to proxying through the Cloud Connectors.
Customers entitled for EDT
Customers who are entitled for Gateway Service for HDX Proxy get EDT at no additional cost. Customers using Gateway Service for site aggregation cannot use EDT yet.
Check your connection type
To know if your sessions are using EDT, look at the following:
- Connection protocol in Citrix Director: https://support.citrix.com/article/CTX220730.
- After you launch an app or a desktop, go to Citrix Workspace app > Connection Center > Properties tab > Transport encryption (DTLS/TLS) to know if the connection is going to TCP or EDT.
- If you launched a desktop, then you can run
“ctxsession -v”on the command prompt within the session and check the Transport Protocols to determine how the session is established:
- EDT Rendezvous shows “UDP > DTLS > CGP > ICA”
- TCP Rendezvous shows “TCP > SSL > CGP > ICA”
- Non-Rendezvous shows “TCP > CGP > ICA”
There can be multiple reasons for the connection not going over EDT, such as;
- Open your ICA file and it must have “HDXOverUDP=Preferred”.
- UDP service is not allowed in client firewall or client subnet for Citrix Gateway service. Enable the firewall rule (Port 443, Protocol: UDP, Target: *.g.nssvc.net) to allow UDP service.
- VDA version is 1912 or later and UDP service is allowed in the firewall and subnet for Citrix Gateway service. See the Network Ports documentation for details.
- Check for the cipher settings in VDA. See Rendezvous protocol for details.
It is possible that the user might be trying to connect via a network that requires a Maximum Transmission Unit (MTU) lower than 1380, which is mostly seen in some mobile networks (3G, 4G) or VPN connections. This can result in heavy fragmentation of EDT packets, which can cause issues in session establishment over EDT.
- If you are having issues establishing sessions with EDT enabled and your users are using Windows devices, we suggest you enable EDT MTU Discovery. For details see EDT MTU Discovery.
- If your users are using devices that do not support EDT MTU Discovery, then consider disabling Adaptive Transport. If the session launch continues to fail with Adaptive Transport disabled, contact Citrix Technical Support.
Why are HDX sessions being established over TCP even though EDT is enabled?
One of the following reasons might be causing EDT failures.
- VDA version might be lower than the version (V1912) that supports EDT.
- Firewall rules might be blocking UDP traffic from client or VDA to Citrix Gateway service.
- Cipher suites not configured correctly on the VDA.
- Required encryption protocol is disabled (DTLS 1.0).
- Connector might be on a lower version than that of the version in which EDT is supported.
- Citrix policy in Studio might be disabling Adaptive Transport.
- Rendezvous protocol is either not enabled in Citrix policy or not working in your environment.
Why is my session launch taking longer time than expected?
If EDT fails and an application falls back to TCP, the fallback sequence adds more time to the launch process.
- To continue with EDT, check for the causes listed in the previous question. If you are still facing the EDT failure issues, contact Citrix Technical Support.
- To continue without EDT, disable EDT in broker policy to avoid fallback delay.
Can I enable EDT MTU Discovery if I have users that use non-Windows devices?
Yes. Enabling EDT MTU Discovery does not affect clients that do not support the feature. These clients simply continue to use a static MTU.
Why am I facing longer than usual launch duration of Virtual App and Desktop?
The issue might be with the registry key setting in your client setting. For more information, see https://support.citrix.com/article/CTX272399.
Is there a particular CWA version user need to run?
Any currently supported version of the Workspace app works. However, if using EDT MTU Discovery with Windows endpoints, users must use the Workspace app for Windows 1912 or newer.
Do we support all Windows platforms that support VDA 1912?
Although EDT is supported on all currently supported Windows versions, Citrix recommends using EDT through Gateway Service only with VDAs running on Windows 10 and Windows Server 2019. There are limitations on Windows Server 2012 R2 and 2016 that affect the performance of ICA sessions over EDT when using the gateway service. If you have multiple versions of Windows in your environment, consider enabling Adaptive Transport in Delivery Groups that contain machines running Windows 10 and Windows Server 2019, and disabling Adaptive Transport for the others.