Citrix Managed Desktops
Citrix Managed Desktops is the simplest, fastest way to deliver Windows apps and desktops from Microsoft Azure. Citrix Managed Desktops offers cloud-based management, provisioning, and managed capacity for delivering virtual apps and desktops to any device.
This solution includes:
- Cloud-based management and provisioning for delivering Citrix-hosted Windows Virtual Desktops, and apps from multi-session Windows machines.
- A high-definition user experience from a broad range of devices, using the Citrix Workspace app.
- Simplified image creation and management workflows, along with Citrix-managed single-session and multi-session images that have the latest Virtual Delivery Agent (VDA) installed.
- Secure remote access from any device using global points of presence of the Citrix Gateway service.
- Advanced monitoring and help desk management capabilities.
- Managed Azure IaaS, including Azure compute, storage, and networking for delivering virtual desktops.
If you’re familiar with Citrix Virtual Apps and Desktops, Citrix Managed Desktops significantly simplifies the deployment of virtual apps and desktops, as Citrix can manage the infrastructure for hosting those workloads.
Citrix Managed Desktops is a Citrix Cloud service. Citrix Cloud is the platform that hosts and administers Citrix services. Learn more about Citrix Cloud.
To learn more about Citrix Managed Desktops components, data flow, and security considerations, see Technical security overview.
How users access desktops and apps
Users (sometimes called subscribers) access their desktops and apps directly through their browser, using the Citrix HTML5 client. Users browse to a Citrix Workspace URL that is provided by you, their administrator. The Citrix Workspace platform enumerates and delivers the digital resources to users. Users start a desktop or an application from their workspace.
After you set up a catalog of machines that deliver desktops and apps, the service displays the Citrix Workspace URL. You then notify your users to go to that URL to start their desktop and apps.
As an alternative to navigating to Citrix Workspace to access their desktops and apps, users can install a Citrix Workspace app on their device. Download the app that’s right for the endpoint device’s operating system: https://www.citrix.com/downloads/workspace-app/.
The desktops and apps that Citrix Managed Desktops delivers to your users reside on virtual machines. Those virtual machines are created in a catalog.
- Learn about catalogs.
- Learn about master images, which are the templates used to create the machines in a catalog. Catalogs and images can be created in either a Citrix-managed Azure subscription or in your own Azure subscription.
Learn about Azure subscription selection. Your catalogs use either the Citrix-managed subscription or one of your own Azure subscriptions.
- Learn about deployment scenarios when using the Citrix-managed Azure subscription.
- Learn about deployment when using your own Azure subscription.
A catalog is a group of identical virtual machines. When you deploy desktops, the machines in the catalog are shared with selected users. When you publish applications, multi-session machines host applications that are shared with selected users. When you create a catalog, a master image is used (with other settings) as a template for creating the machines.
If you’re familiar with Citrix Virtual Apps and Desktops products, a catalog in this service is similar to combining a machine catalog and a delivery group. (The catalog and delivery group creation workflows in other services are not available in this service.)
A catalog can contain one of the following types of machines:
- Static: The catalog contains single-session static machines (also known as personal, dedicated, or persistent desktops). Static means that when a user starts a desktop, that desktop “belongs” to that user. Any changes that that user makes to the desktop are retained at logoff. Later, when that user returns to Citrix Workspace and starts a desktop, it is the same desktop.
- Random: The catalog contains single-session random machines (also known as non-persistent desktops). Random means that when a user starts a desktop, any changes that that user makes to that desktop are discarded after logoff. Later, when that user returns to Citrix Workspace and starts a desktop, it might or might not be the same desktop.
Multi-session: The catalog contains machines with apps and desktops. Each of those machines can be accessed by more than one user simultaneously. Users can launch a desktop or apps from their workspace. App sessions can be shared. Session sharing is not permitted between an app and a desktop.
- When you create a multi-session catalog, you select the work load: light (such as data entry), medium (such as office apps), heavy (such as engineering), or custom. Each option represents a number of machines and sessions per machine. This yields the total number of sessions that the catalog supports.
- If you select the custom work load, you then select from available combination of CPUs, RAM, and storage. Type the number of machines and sessions per machine, which yields the total number of sessions that the catalog supports.
The static and random types are sometimes called “desktop types.”
To learn about catalog information that’s displayed from the Manage dashboard, see Catalog tabs on the Manage dashboard.
Ways to create a catalog
There are two ways to create and configure a catalog:
- Quick create is the fastest way to get started. You provide minimal information, and the service takes care of the rest. A quick create catalog is great for a test environment or proof of concept.
- Custom create allows more configuration choices than quick create. It’s more suited to a production environment than a quick create catalog.
Here’s a comparison:
|Quick create||Custom create|
|Less information to provide.||More information to provide.|
|Fewer choices for some features.||More choices for some features.|
|Citrix-managed Azure Active Directory user authentication.||Choice of: Citrix-managed Azure Active Directory, or your Active Directory/Azure Active Directory.|
|No connection to your on-premises network.||Choice of: No connection to your on-premises network or Azure VNet peering.|
|Uses a Citrix-managed Windows 10 master image. That image contains a current desktop VDA.||Choice of: Citrix-provided images, a version of a Citrix image that you’ve customized, or an image you imported from Azure.|
|Each desktop has Azure standard disk (HDD) storage.||Several storage options are available.|
|Static desktops only.||Static, random, or multi-session desktops.|
|A power management schedule cannot be configured during creation. The machine hosting the desktop powers off when the session ends. (You can change this later.)||A power management schedule can be configured during creation.|
|Must use the Citrix-managed subscription.||Can use the Citrix-managed or your own Azure subscription.|
For more information, see:
About master images
A master image functions as a template for creating virtual machines in a catalog. Citrix Managed Desktops provides several Citrix-managed master images:
- Windows 10 Enterprise (single-session)
- Windows 10 Enterprise Virtual Desktop (multi-session)
- Windows Server 2012 R2
- Windows Server 2016
The Citrix-managed master images already have a Citrix Virtual Delivery Agent (VDA) and troubleshooting tools installed. The VDA is the communication mechanism between your users’ machines and the Citrix Cloud infrastructure that manages the service. You can:
- Use a Citrix-provided image when creating a catalog. This is recommended only for proof of concept deployments.
- Use a Citrix-provided image to create another image. After the new image created, you customize it by adding applications and other software that your users need. Then, you use that customized image when creating a catalog.
- Import an image from Azure. After you import an image from Azure, you can then use that image when creating a catalog. Or, you can use that image to create a new image, and then customize it by adding apps. Then, you use that customized image when creating a catalog.
When you create a catalog, Citrix Managed Desktops verifies that the master image uses a valid operating system and has a valid VDA and troubleshooting tools installed (along with other checks).
For more information, see Master images.
About Azure subscriptions
You can create catalogs and build/import master images in either in the Citrix-managed Azure subscription or in your own Azure subscription. To use your own Azure subscription, the machines must be domain-joined.
To use your own Azure subscriptions, you first add one or more of your Azure subscriptions to Citrix Managed Desktops. That action enables Citrix Managed Desktops to access the subscription.
Then, when you create a catalog or build/import a master image, choose the subscription you want to use. You can choose one of the subscriptions you added or the Citrix-managed subscription.
Using the Citrix-managed subscription requires no subscription configuration. The Citrix-managed subscription is always available for catalog creation. If you haven’t added any of your own Azure subscriptions to Citrix Managed Desktops, the Citrix-managed subscription is used automatically. (In other words, you don’t have to select a subscription.)
If you’ve added your own Azure subscriptions to Citrix Managed Desktops, the Citrix-managed subscription is always a choice.
Some Citrix Managed Desktops features differ, depending on whether the machines are in the Citrix-managed subscription or in your own Azure subscription.
|Citrix-managed subscription||Your own Azure subscription|
|Supports domain-joined or non-domain-joined machines.||Supports only domain-joined machines.|
|Supports quick create and custom create catalogs.||Supports only custom create catalogs.|
|Always available (and is the default subscription selection) when creating catalogs and master images.||Must add the Azure subscription to Citrix Managed Desktops before creating a catalog.|
|For user authentication, supports Citrix Managed Azure Active Directory or your own Active Directory.||Can connect your own Active Directory and Azure Active Directory.|
|Network connection options include No connectivity.||Network connection options include only your own VNets.|
|When using Azure VNet peering to connect to your resources, you must create a VNet peer connection in Citrix Managed Desktops.||Select an existing VNet.|
|When importing an image from Azure, you specify the image’s URI.||When importing an image, you can select a VHD or browse storage in the Azure subscription.|
|Can create a bastion machine in customer Azure subscription to troubleshoot machines.||No need to create bastion machine because you can already access machines in your subscription.|
For more information, see Azure subscriptions.
Deployment scenarios differ, depending on whether you’re using the Citrix-managed subscription or your own customer-managed subscription.
There are differences in responsibility with Citrix-managed subscriptions and customer-managed subscriptions. For details, see Technical security overview.
Deploying in the Citrix-managed subscription
Citrix Managed Desktops supports several deployment scenarios for connection and user authentication.
Managed Azure AD: This is the simplest deployment, with non-domain-joined VDAs. It’s recommended for proofs of concept. You use the Managed Azure AD to manage users. (This is a Citrix-managed Azure AD.) Your users don’t need to access resources on your on-premises network.
Customer’s Azure Active Directory: This deployment also contains non-domain-joined VDAs. You use your own Active Directory or Azure Active Directory (AAD) for end user authentication. In this scenario, your users don’t need to access resources on your on-premises network.
Customer’s Azure Active Directory with on-premises access: This deployment also contains non-domain-joined VDAs. You use your own AD or AAD for end user authentication. In this scenario, installing Citrix Cloud Connectors in your on-premises network enables access to resources in that network.
Customer’s Azure Active Directory Domain Services and VNet peering: If your AD or AAD resides in your own Azure VNet and subscription, you can use the Microsoft Azure VNet peering feature for a network connection, and Azure Active Directory Domain Services (AADDS) for end user authentication. The VDAs are joined to your domain.
To enable your users to access data stored in your on-premises network, you can use your VPN connection from your Azure subscription to the on-premises location. Azure VNet peering is still used for network connectivity. Active Directory Domain Services in the on-premises location is used for end user authentication.
Customer’s Active Directory and SD-WAN: You can provide Citrix Managed Desktops users with access to files and other items from your on-premises or cloud SD-WAN networks.
Citrix SD-WAN optimizes all of the network connections needed by Citrix Managed Desktops. Working in concert with the HDX technologies, Citrix SD-WAN provides quality-of-service and connection reliability for ICA and out-of-band Citrix Managed Desktops traffic.
This connection type is in preview. It might not be available to all. If it is available, the preview might not support certain features (such as high availability).
Deploying in a customer-managed subscription
The graphic above illustrates using a customer-managed Azure subscription. However, the Citrix-managed subscription remains an option for other catalogs and images, as indicated by the dotted outline.
Most of the administrator activities for this service are managed through the Manage and Monitor dashboards. After you create your first catalog, the Manage dashboard launches automatically after you sign in to Citrix Cloud and select the Managed Desktops service.
You can access the dashboards after your request for a trial or purchase is approved and completed.
To access the dashboards:
- Sign in to Citrix Cloud.
- In the upper left menu, select My Services > Managed Desktops. (Alternatively, you can click Manage on the Managed Desktops tile in the main portion of the display.)
- If a catalog has not been created yet, click Get Started on the Welcome page. You’re taken to the Manage dashboard.
- If a catalog has already been created, you’re taken automatically to the Manage dashboard.
- To access the Monitor dashboard, click the Monitor tab.
For in-product guidance from the dashboard, click the icon in the lower right corner.
- Add support for custom routes in VNet peering connections.
- Updates to security article to enhance port and rules information.
Preview support for SD-WAN connections.
In Supported operating systems, added entries for:
- Windows 7 (supports only VDA 7.15 with the latest Cumulative Update).
- Windows Server 2019.
Added Windows Server 2012 R2 to the Citrix-managed master image list.
Added resource location settings information. For details, see Resource location actions from the Manage dashboard and Resource location settings when creating a catalog.
By default, machines are created in the Citrix-managed Azure subscription. Now you can also create catalogs and images in your own customer-managed Azure subscription.
We recommend that you review the product documentation and other information sources before starting any procedure.
For all deployments:
- Citrix Cloud: The Citrix Managed Desktops service is delivered through the Citrix Cloud and requires a Citrix Cloud account to complete the onboarding process. For details, see Get a Citrix Cloud account and sign up for the service. You’ll also learn what you can do if you already subscribe to a Citrix Virtual Apps and Desktops service.
- Windows licensing: Ensure that you are properly licensed for Remote Desktop Services to run either Windows Server workloads or Windows Virtual Desktop Licensing for Windows 10.
If you’re using the Citrix-managed subscription:
- Azure subscriptions when using Azure VNet peering (optional): If you plan to access resources (such as Active Directory and other file shares) in your own Azure network using Azure VNet peer connections, you must have an Azure Resource Manager subscription. Those connection types have additional requirements. For details, see VNet peering requirements.
- Joining VDAs to Azure Active Directory (optional): To join VDAs to a domain using Active Directory Group Policy, you must be an administrator with permission to perform that action in Active Directory. For details, see Customer responsibility.
If you’re using your own customer-managed Azure subscription:
- You must have an Azure Resource Manager subscription.
Supported operating systems
When using the Citrix-managed Azure subscription:
- Windows 7 (VDA must be 7.15 LTSR with latest Cumulative Update)
- Windows 10 single-session
- Windows 10 multi-session
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
When using a customer-managed Azure subscription:
- Windows 7 (VDA must be 7.15 LTSR with latest Cumulative Update)
- Windows 10 Enterprise single-session
- Windows 10 Enterprise Virtual Desktop multi-session
- Windows Server 2008 R2
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Review the introductory concept information about catalogs, master images, and Azure subscriptions.
- Review the security article to learn about what you and Citrix are responsible for.
- Get a Citrix Cloud account and sign up for the Citrix Managed Desktops service.
- Review the Setup summary. Follow the guidance for a quick proof of concept or a production environment.
Get a Citrix Cloud account and sign up for the service
When you evaluate or purchase the Citrix Managed Desktops service, the Citrix Service Operations team provides ongoing onboarding help. That team also communicates with you to ensure that the service is running and configured correctly.
- To sign up for a Citrix account and request a trial, go to https://onboarding.cloud.com. For details about that process, see Sign up for Citrix Cloud.
After you sign in to Citrix Cloud, click Request Trial on the Citrix Managed Desktops service tile. The text changes to Trial Requested.
If you already subscribe to one of the Citrix Virtual Apps and Desktops services, the Citrix Managed Desktops tile indicates How to Buy. Either use a different OrgID for the Citrix Managed Desktops subscription, or decommission the Virtual Apps and Desktops service.
- You’ll receive an email when the service is available for you. Sign in to Citrix Cloud.
- On the Managed Desktops tile, click Manage. The first time you access the service, you’re taken to the service’s Welcome page.
What to do next: Complete the setup tasks.
Other service tiles
When you receive an entitlement (as a trial or purchase) to Citrix Managed Desktops, several tiles appear on the Citrix Cloud landing page:
- Managed Desktops
- Virtual Apps and Desktops
- Smart Tools
Managed Desktops is the only service that is activated for your use.
If you currently subscribe to a different Citrix Virtual Apps and Desktops service
Your Citrix Cloud account allows you to subscribe to only one of the Citrix Virtual Apps and Desktops services at a time. For example, you can subscribe to Citrix Virtual Apps and Desktops OR Citrix Managed Desktops, but not both. If you currently subscribe to a service, and want to subscribe to this service, you must either:
- Subscribe to this service using a different Citrix Cloud account.
- Decommission the service you already have.
For guidance, see CTX239027.