Citrix Virtual Apps and Desktops service

Citrix Virtual Apps and Desktops service

Citrix Virtual Apps and Desktops provides virtualization solutions that give IT control of virtual machines, applications, and security while providing anywhere access for any device. End users can use applications and desktops independently of the device’s operating system and interface.

Using the Citrix Virtual Apps and Desktops service, you can deliver secure virtual apps and desktops to any device, leaving most of the installation, setup, upgrades, and monitoring to Citrix. You maintain complete control over applications, policies, and users while delivering the best user experience on any device.

You connect your resources to the service through a Citrix Cloud Connector, which serves as a channel for communication between Citrix Cloud and your resource locations. The Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels. Resource locations contain the Cloud Connectors, plus the machines and other resources that deliver applications and desktops to your subscribers.

Citrix Virtual Apps and Desktops offers several methods for delivering applications and desktops. For details, see Delivery methods.

Citrix Managed Azure is an option available in several Citrix Virtual Apps and Desktops service editions and Workspace Premium Plus. Using Citrix Managed Azure simplifies the deployment of virtual apps and desktops. Citrix manages the infrastructure for hosting Azure workloads. For more information, see Citrix Managed Azure.

Components overview

The following graphic shows the core components in a Citrix Virtual Apps and Desktops service deployment.

Cloud components image

As shown in the graphic, Citrix manages the core components in Citrix Cloud. Citrix takes care of installing and upgrading those components. (This differs from an on-premises Citrix Virtual Apps and Desktops deployment, where you are responsible for installing, managing, and upgrading the core components.)

Your applications and desktops reside on machines in one or more resource locations.

For layer views of the service’s components, see Diagrams.

Components in Citrix Cloud

Citrix installs and manages the following components in Citrix Cloud for the Citrix Virtual Apps and Desktops service.

  • Delivery Controllers: The Citrix Delivery Controller is the central control layer component in a deployment. The Controller’s services communicate through the Cloud Connectors in each resource location to:

    • Distribute applications and desktops.
    • Authenticate and manage user access.
    • Broker connections between users and their virtual desktops and applications.
    • Optimize and load balance user connections.
    • Track which users are logged on and where, which session resources the users have, and if users must reconnect to existing applications. This includes managing the state of desktops, and starting or stopping them, based on demand and administrative configuration.
  • Databases: Data from the Controller services is stored in a Microsoft SQL Server site database. A deployment also uses a configuration logging database, plus a monitoring database used by the Monitor console.

  • Citrix licensing: License management functionality communicates with the Controller to manage licensing for each user’s session and allocate license files. Citrix installs the License Server. For more information, see Licensing.

    You can view Citrix license and active usage.

  • Management consoles: From a Manage console (formerly named Studio), you can configure and manage connections to hosts, machine catalogs, and delivery groups.

    • From one of the full management interfaces (Manage > Web Studio or Manage > Full Configuration), you can create, configure, and manage connections, catalogs, and groups. Web Studio is a new, web-based interface. Full Configuration is an MMC-based interface.
    • From the Manage > Quick Deploy interface, you can easily deploy and manage Azure workloads that use either a Citrix Managed Azure subscription or your own Azure subscription. For more information, see Differences between console interfaces.
    • From the Manage > Environment Management interface, you can deliver the best possible performance, desktop logon, and application response times. For more information, see Workspace Environment Management.
  • Monitor console: The Monitor console (formerly named Director) enables IT support and help desk teams to monitor an environment, troubleshoot issues before they become critical, and perform support tasks for end users. Displays include:

    • Real-time session data from the Broker Service in the Controller, which includes data from the broker agent in the Virtual Deliver Agent (VDA).
    • Historical data from the Monitor Service in the Controller.
    • Data about HDX traffic (also known as ICA traffic).
  • Citrix Gateway: When users connect from outside the corporate firewall, Citrix Virtual Apps and Desktops can use Citrix Gateway technology to secure these connections with TLS. The Citrix Gateway or VPX virtual appliance is an SSL VPN appliance deployed in the DMZ. It provides a single secure point of access through the corporate firewall.

    Citrix installs and manages the Citrix Gateway service in Citrix Cloud. You can also optionally install Citrix Gateway in resource locations.

Components in resource locations

A resource location contains components required to deliver services to your subscribers (users). Components in resource locations differ, depending on which Citrix Cloud services you’re using and the resources you want to provide to your users.

In a Citrix Virtual Apps and Desktops service deployment, a resource location contains components from the access layer and resource layers. In the service environment, each resource location is considered a zone.

  • Cloud Connectors: Every resource location contains at least one Cloud Connector. Two or more Cloud Connectors are recommended for redundancy. A Cloud Connector is the communications channel between the components in the Citrix Cloud and components in the resource location. In the resource location, the Cloud Connector acts as a proxy for the Delivery Controller in Citrix Cloud.

    • If you plan to use the Web Studio or Full Configuration interface to provision and manage machines, you first install Cloud Connectors from the Citrix Cloud console. For details, see Cloud Connectors.
    • If you plan to use the Quick Deploy interface to provision Azure machines, Citrix creates the resource location and Cloud Connectors for you when you create a catalog.

    After Cloud Connectors are installed, Citrix manages and updates them.

  • Virtual Delivery Agents (VDAs): Each physical or virtual machine that delivers resources (applications and desktops) must have a Citrix VDA installed on it. The VDA registers with a Delivery Controller, using a Cloud Connector in the resource location as a proxy. After registration, connections are brokered from those resources to users.

    VDAs establish and manage the connection between the machine and the user device, and apply policies that are configured for the session.

    The VDA communicates session information to the Delivery Controller (via the Cloud Connector) through a broker agent in the VDA. The broker agent hosts multiple plug-ins and collects real-time data.

    Several VDA types are available:

    • VDAs for Windows multi-session operating systems allow multiple users to connect to the machine at one time. This VDA type is usually installed on Windows servers.
    • VDAs for Windows single-session operating systems allow one user to connect to a machine at a time. This VDA type is usually used for VDI.

      A core version of this VDA type is available for use with the Remote PC Access feature. It contains a subset of the features in the full single-session VDA.

    • Linux VDAs support virtual apps and desktops based on an RHEL, CentOS, SUSE, or Ubuntu distribution.

    Throughout this service’s documentation, “VDA” often refers to the agent and the machine on which it is installed.

  • Hypervisors and cloud services: Before provisioning virtual machines (VMs), you usually create a connection to a host type. That host type is a supported hypervisor or cloud service, such as Citrix Hypervisor, Microsoft Azure, Amazon Web Services, Google Cloud Platform, Nutanix, or VMware. (If you’re using the Quick Deploy management console to provision Azure VMs, the connection to Azure is created automatically for you.)

    The selected hypervisor or cloud service “hosts” the VMs you create in a catalog. When you create a catalog, you select a previously created connection. The information required to create the catalog differs for each host type.

    Usually, the Remote PC Access feature is used with physical machines. Therefore, it does not use hypervisors or cloud services for machine provisioning.

  • Active Directory: Microsoft Active Directory is required for authentication and authorization in any deployment. The Kerberos infrastructure in Active Directory is used to guarantee the authenticity and confidentiality of communications with Citrix Cloud.

    For more information about user authentication, see Identity and access management.

  • Citrix StoreFront: Citrix StoreFront is the predecessor to Citrix Workspace, and is used in on-premises deployments. It offers several similar features to Citrix Workspace, including subscriber access to apps and desktops, authentication, and other subscriber data that ensures consistent experience across devices.

    In a service deployment, you can optionally install StoreFront servers in resource locations. Having local stores can help deliver apps and desktops during network outages. The Local Host Cache feature requires a customer-managed StoreFront in each resource location.

Objects you configure that help deliver desktops and applications

As part of delivering applications and desktops to users in a production environment, you configure the following items.

  • Host connection: A host connection (mentioned earlier) helps enable communication between components in the control plane (Citrix Cloud) and VDAs in a resource location. Connection specifications include:

    • The address and credentials to access the host
    • The storage method to use, and the machines to use for storage
    • Which network the VMs can use
  • Catalog: In the Manage and Monitor interfaces, catalogs are sometimes called “machine catalogs.”

    A catalog is a collection of virtual or physical machines that have the same operating system type (for example, Windows multi-session or Windows single-session).

    When creating a catalog, you usually use an image, which is also known as a template. (Remote PC Access catalogs usually contain existing physical machines, so no image is needed.)

    • If you’re creating Azure VMs using Quick Deploy (or the Standard for Azure service edition), Citrix provides several Citrix-managed images you can use to create your own customized images. Or, you can import images from your own Azure subscription.
    • If you’re creating VMs using another supported host type, the image usually must be created and reside on the host. When creating the catalog, you provide the path to that image.

    Regardless of where the image resides, you can install applications on the image, if you want those apps on all machines created from that image (and don’t want to virtualize those apps).

    After the image is ready, you create the catalog. Catalog creation uses the Citrix Machine Creation Services (MCS) tool.

    • For VMs, MCS creates the machines and the catalog.
    • For Remote PC Access, MCS simply creates the catalog, because the physical machines already exist.

    For more information about MCS, see Image management.

  • Delivery group: A delivery group specifies:

    • One or more machines from a catalog.
    • Users who are allowed to access those machines. Alternatively, you can specify users through the Citrix Cloud Library.
    • The applications and desktops that users can access through Workspace.

    Alternatively, you can specify applications and users through the Citrix Cloud Library.

  • Application group: Application groups let you manage collections of applications. You can create application groups for applications shared across different delivery groups or used by a subset of users within delivery groups. Application groups are optional.

Citrix Managed Azure

Citrix Managed Azure is an option available in several Citrix Virtual Apps and Desktops service editions. Using Citrix Managed Azure simplifies the deployment of virtual apps and desktops from Azure. Citrix manages the infrastructure for hosting Azure workloads.

With Citrix Managed Azure, you get a dedicated Citrix-managed Azure subscription and resource location. In that Azure subscription, you create a catalog of VMs. You can:

  • Deploy single-session and multi-session Windows OS machines or Linux OS machines, from various supported versions.
  • Choose from a curated list of compute types and storage options in select regions.
  • Provision persistent or non-persistent workloads on those machines.
  • Choose from several Citrix-managed images that have the latest VDA installed. Then, from the Citrix interface, you build your own image from that template, and customize it. You can also import and use images from your own Azure subscriptions.

Even though Citrix manages Azure capacity, if you want to communicate with existing resources on your own Azure subscription, you can use Azure VNet peering to connect resources. You can also use Citrix SD-WAN to connect to your on-premises resources directly.

Ordering Citrix Managed Azure

To get a Citrix Managed Azure subscription, you must subscribe to a supported Citrix service offering, and then order Citrix Managed Azure Consumption Funds. You can order the service and consumption funds through Citrix or from Azure Marketplace. Citrix Managed Azure is supported on the following service offerings:

  • Citrix Workspace Premium Plus
  • Citrix Virtual Apps and Desktops service, Advanced and Premium editions
  • Citrix Virtual Apps and Desktops Standard for Azure edition

You can purchase the Citrix Managed Azure Consumption Funds in advance, or sign up for monthly billing based on usage. If you’re already using the Citrix Virtual Apps and Desktops service with an on-premises workload deployment, you can add consumption-based Citrix Managed Azure funds to your account.

Citrix Managed Azure benefits summary

Using Citrix Managed Azure offers several benefits:

  • Fastest path to hybrid-cloud benefits.
  • Offloads IT management of infrastructure. Provides an administration experience that puts IT in control without the management and maintenance challenges.
  • Enables you to rapidly scale work solutions.
  • Provides a separate Azure subscription that is managed and maintained by Citrix. This Isolates activity from your other Azure subscriptions.
  • You retain the flexibility to create and manage workloads using your own Azure subscriptions. Your deployment can include workloads that use the Citrix Managed Azure subscription, and workloads that use your own (customer-managed) Azure subscriptions. See subscription differences.
  • Uses a true consumption-based Infrastructure as a Service (IaaS) model. You can order the service on a monthly or multi-year (annual) basis.
  • Several technologies are available to create connections to your own on-premises networks (such as Azure VNet peering and SD-WAN). This allows your users to access your network’s resources, such as file servers.

For more information, contact your Citrix representative.

Learn more about Citrix Managed Azure


When a link in this section goes to a Citrix Virtual Apps and Desktops Standard for Azure article, the procedure is essentially the same for this edition.

Deploying and managing Citrix Managed Azure from this service’s Premium, Advanced, and Workspace Premium Plus editions uses the Quick Deploy interface. The Quick Deploy interface is based on the interface offered by the service’s Standard for Azure edition.

Delivering applications and desktops to users

Citrix Workspace

Subscribers (users) access their desktops and apps through Citrix Workspace.

After installing and configuring the service, you’re provided with a workspace URL link. The workspace URL is posted in two places:

  • From the Citrix Cloud console, select Workspace Configuration from the menu in the upper left corner. The Access tab contains the Workspace URL.
  • From the Citrix Virtual Apps and Desktops service Welcome page, the workspace URL appears at the bottom of the page.

Test and then share the workspace URL link with your subscribers (users) to give them access to their apps and desktops. Your subscribers can access the workspace URL without any additional configuration.

You configure workspaces from Citrix Cloud.

  • Specify which services are integrated with Citrix Workspace.
  • Customize the URL that your subscribers use to access their workspace.
  • Customize the appearance of subscribers’ workspaces, such as logos, color, and preferences.
  • Specify how subscribers authenticate to their workspace, such as using Active Directory or Azure Active Directory.
  • Specify external connectivity for resource locations used by your subscribers.
  • Automate workspace actions with Microapps and optimize workflows.

For more information, see Citrix Workspace.

Citrix Workspace app

From the user side, Citrix Workspace app is installed on user devices and other endpoints, such as virtual desktops. Citrix Workspace app provides users with secure, self-service access to documents, applications, and desktops from any device, including smartphones, tablets, and PCs. Citrix Workspace app provides on-demand access to Windows, web, and Software as a Service (SaaS) applications.

For devices that cannot install Citrix Workspace app software, Citrix Workspace app for HTML5 provides a connection through a HTML5-compatible web browser.

Citrix Workspace app is available for various operating systems. For details, see Citrix Workspace app.

Service Level Agreement

The Citrix Virtual Apps and Desktops service (the Service) is designed using industry best practices to achieve cloud scale and a high degree of service availability.

For complete details about Citrix’s commitment for availability of Citrix Cloud services, see the Service Level Agreement.

Performance against this goal can be monitored on an ongoing basis at


The calculation of this Service Level Goal will not include loss of availability from the following causes:

  • Customer failure to follow configuration requirements for the Service documented in the product documentation on
  • Caused by any component not managed by Citrix including, but not limited to, customer controlled physical and virtual machines, customer installed and maintained operating systems, customer installed and controlled networking equipment or other hardware; customer defined and controlled security settings, group policies and other configuration policies; public cloud provider failures, Internet Service Provider failures or other external to Citrix control.
  • Service disruption due to reasons beyond Citrix control, including natural disaster, war or acts of terrorism, government action.

More information


For the Citrix Virtual Apps and Desktops Standard for Azure service, see its dedicated product documentation.

To learn about feature availability in various Citrix Virtual Apps and Desktops offerings, see the Citrix Virtual Apps and Desktops feature matrix. This information can be helpful in hybrid deployments.

Get started

To learn how to set up your deployment, start with Install and configure. That summary guides you through the major steps in the process, and provides links to detailed descriptions.