Citrix Virtual Apps and Desktops service
Citrix Virtual Apps and Desktops provides virtualization solutions that give IT control of virtual machines, applications, and security while providing anywhere access for any device. End users can use applications and desktops independently of the device’s operating system and interface.
Using the Citrix Virtual Apps and Desktops service, you can deliver secure virtual apps and desktops to any device, and leave most of the product installation, setup, configuration, upgrades, and monitoring to Citrix. You maintain complete control over applications, policies, and users while delivering the best user experience on any device.
You connect your resources to the service through Citrix Cloud Connector, which serves as a channel for communication between Citrix Cloud and your resource locations. Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels. Resource locations contain the machines and other resources that deliver applications and desktops to your subscribers.
Who manages what
The following graphic shows the core components in a Citrix Virtual Apps and Desktops service deployment.
As shown in the graphic, Citrix manages the core components in Citrix Cloud. Citrix also takes care of installing and upgrading those components. (This differs from an on-premises Citrix Virtual Apps and Desktops deployment, where you are responsible for installing, managing, and upgrading the core components.)
Your applications and desktops reside in one or more resource locations. You install and manage most components in each resource location. The exceptions are the Citrix Cloud Connectors. You install the Cloud Connectors; Citrix manages them.
The following graphic shows a layer view of the Citrix Virtual Apps and Desktops service components.
Citrix Workspace app is installed on user devices and other endpoints, such as virtual desktops. Citrix Workspace app provides users with secure, self-service access to documents, applications, and desktops from any device, including smartphones, tablets, and PCs. Citrix Workspace app provides on-demand access to Windows, web, and Software as a Service (SaaS) applications. For devices that cannot install Citrix Workspace app software, Citrix Workspace app for HTML5 provides a connection through a HTML5-compatible web browser.
Citrix Cloud components
Citrix installs and manages the following components in Citrix Cloud.
The Delivery Controller is the central control layer component in a deployment. The Controller’s services communicate through the Cloud Connectors in each resource location to:
- Distribute applications and desktops.
- Authenticate and manage user access.
- Broker connections between users and their virtual desktops and applications.
- Optimize use connections, and load-balance these connections.
- Track which users are logged on and where, which session resources the users have, and if users need to reconnect to existing applications. This includes managing the state of desktops, starting and stopping them based on demand and administrative configuration.
Data from the Controller services is stored in a Microsoft SQL Server site database. A deployment also uses a Configuration Logging database, plus a monitoring database used by Director.
When the Citrix Cloud is hosted on Microsoft Azure, SQL Server on Azure VMs (IaaS) is supported. Azure SQL (PaaS) Database is not supported.
Citrix license management
License management functionality communicates with the Controller to manage licensing for each user’s session and allocate license files. The customer administrator does not need to configure or manage anything with licensing. All of that work is done automatically in Citrix Cloud.
Studio is the management console you use to configure and manage connections, machine catalogs, and Delivery Groups. Studio launches when you select Manage in the Citrix Cloud console.
Director enables IT support and help desk teams to monitor an environment, troubleshoot issues before they become system-critical, and perform support tasks for end users. Displays include:
- Real-time session data from the Broker Service in the Controller, which includes data from the broker agent in the VDA.
- Historical data from the Monitor Service in the Controller.
- Data about HDX traffic (also known as ICA traffic).
Director provides the data when you select Monitor in the Citrix Cloud console.
From Workspace configuration in Citrix Cloud, you can:
- Specify which services are integrated with Citrix Workspace.
- Customize the URL that your subscribers use to access their workspace.
- Customize the appearance of subscribers’ workspaces, such as logos, color, and preferences.
- Specify how subscribers authenticate to their workspace, such as using Active Directory or Azure Active Directory.
- Specify external connectivity for resource locations used by your subscribers.
Citrix StoreFront is the predecessor to Citrix Workspace, and is used in on-premises deployments. It offers several similar features to Citrix Workspace, including subscriber access to apps and desktops, authentication, and other subscriber data that ensures consistent experience across devices.
In a service deployment, you can optionally install StoreFront servers in resource locations. Having local stores can help deliver apps and desktops during network outages.
When users connect from outside the corporate firewall, Citrix Virtual Apps and Desktops can use Citrix Gateway technology to secure these connections with TLS. The Citrix Gateway or VPX virtual appliance is an SSL VPN appliance deployed in the DMZ. It provides a single secure point of access through the corporate firewall.
Although Citrix installs and manages Citrix Gateway in Citrix Cloud, you can also optionally install Citrix Gateway in resource locations.
Components in resource locations
A resource location contains resources required to deliver services to your subscribers (users). You manage these resources from Citrix Cloud. Resource locations contain different resources depending on which Citrix Cloud services you’re using and the services you want to provide to your users.
To interact with Citrix Cloud, each resource location needs Cloud Connectors and access to a Microsoft Active Directory domain.
In a Citrix Virtual Apps and Desktops service deployment, a resource location contains items from the access layer and resource layer:
- Cloud Connectors
- Active Directory domain controller
- Virtual Delivery Agents (VDAs)
- Hypervisors that provision VDAs and store their data, if used
- Citrix Gateway (optional)
- StoreFront servers (optional)
Every resource location contains at least one Cloud Connector (two or more are recommended for redundancy). A Cloud Connector is the communications channel between the components in the Citrix Cloud and components in the resource location. In the resource location, the Cloud Connector acts as a proxy for the Delivery Controller in Citrix Cloud.
You install Cloud Connectors from the Citrix Cloud console. Citrix then manages and updates the Cloud Connectors automatically.
Virtual Delivery Agents (VDAs)
Each physical or virtual machine that delivers applications and desktops must have a VDA. The VDA registers with a Cloud Connector. After registration, connections are brokered from those resources to users. VDAs establish and manage the connection between the machine and the user device, and apply policies that are configured for the session.
The VDA communicates session information to the Cloud Connector through a broker agent in the VDA. The broker agent hosts multiple plugins and collects real-time data.
VDAs are available for Windows server and desktop operating systems. VDAs for Windows server operating systems allow multiple users to connect to the server at one time. VDAs for Windows desktop operating systems allow only one user to connect to the desktop at a time. Linux VDAs are also available.
Throughout this documentation, “VDA” refers to the agent and the machine on which it is installed.
Hypervisors and cloud services
A hypervisor or cloud service contains the VDAs that host applications and desktops.
To provision virtual machines that deliver applications and desktops, you can use:
- Machine Creation Services: The MCS technology is built into Studio and is accessed automatically through the Citrix Cloud Console. MCS creates copies of a master image to create and provision VMs.
- Citrix Provisioning (formerly Provisioning Services): The Citrix Provisioning technology streams a master image to user devices. Citrix Provisioning doesn’t require a hypervisor, so you can provision physical machines.
- Another provisioning tool of your choice.
Although many deployments use hypervisors, you don’t need one if:
- Your applications and desktops are hosted on physical machines.
- You use Citrix Provisioning to provision VMs.
- You want to deploy Remote PC Access, which enables employees to remotely access their physical PCs.
Although not a Citrix component, Microsoft Active Directory is required for authentication and authorization in any deployment. The Kerberos infrastructure in Active Directory is used to guarantee the authenticity and confidentiality of communications with Citrix Cloud.
Items that help deliver desktops and applications
As part of delivering applications and desktops to users in a production environment, you configure the following items.
A host connection enables communication between components in the control plane (Citrix Cloud) and VDAs in a hypervisor or cloud service. Connection specifications include:
- The address and credentials to access the host
- Which tool you use to create VMs
- The storage method to use, and the machines to use for storage
- Which network the VMs will use
A machine catalog is a collection of virtual or physical machines that have the same operating system type: server or desktop.
If you use VMs, you can create a master image (also known as template) on the hypervisor or cloud service, and install a VDA on the master image. You can also install applications on the master image, if you want them to appear on all machines created from that image and don’t want to virtualize them. Then, you create a catalog using a Citrix tool (MCS or Citrix Provisioning) or your own tools. With Citrix tools, the catalog creation process provisions identical VMs from that image.
If you use your own tools to provision VMs, or if you use physical machines, the catalog creation process adds those machines to the catalog.
A Delivery Group specifies:
- One or more machines from a machine catalog.
- Optionally, users who are allowed to access those machines. Alternatively, you can specify users through the Citrix Cloud console.
- Optionally, which applications and desktops users can access. Alternatively, you can specify applications through the Citrix Cloud console.
Delivering applications and desktops
Delivery methods describes the choices available to deliver applications and desktops to users.
Service Level Agreement
The Citrix Virtual Apps and Desktops service (the Service) is designed using industry best practices to achieve cloud scale and a high degree of service availability.
For complete details about Citrix’s commitment for availability of Citrix Cloud services, see the Service Level Agreement.
Performance against this goal can be monitored on an ongoing basis at https://status.cloud.com.
The calculation of this Service Level Goal will not include loss of availability from the following causes:
- Customer failure to follow configuration requirements for the Service documented on https://docs.citrix.com.
- Caused by any component not managed by Citrix including, but not limited to, customer controlled physical and virtual machines, customer installed and maintained operating systems, customer installed and controlled networking equipment or other hardware; customer defined and controlled security settings, group policies and other configuration policies; public cloud provider failures, Internet Service Provider failures or other external to Citrix control.
- Service disruption due to reasons beyond Citrix control, including natural disaster, war or acts of terrorism, government action.
- Technical security overview
- How typical deployments work
- Network ports
- Third-party notices
- System requirements
- HDX technologies
- Remote PC Access: Enable users to log on remotely from anywhere to a physical PC in the office.
- Publish content: Publish an application that is simply a URL or UNC path to a resource
- Server VDI: Deliver a desktop from a server operating system for a single user
To learn how to set up your deployment, see Install and configure. That summary guides you through the major steps in the process, and provides links to detailed descriptions.