Citrix Virtual Apps and Desktops

Adaptive transport

Introduction

Adaptive transport is a data transport mechanism for Citrix Virtual Apps and Desktops. It is faster, can scale, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections. Adaptive transport maintains high server scalability and efficient use of bandwidth. By using adaptive transport, ICA virtual channels automatically respond to changing network conditions. They intelligently switch the underlying protocol between the Citrix protocol called Enlightened Data Transport (EDT) and TCP to deliver the best performance. It improves data throughput for all ICA virtual channels including Thinwire display remoting, file transfer (Client Drive Mapping), printing, and multimedia redirection. The same setting is applicable for both LAN and WAN conditions.

Network stack

When set to Preferred, data transport over EDT is used as primary and fallback to TCP. With the Citrix Workspace app for Windows minimum version 1808 or Citrix Receiver for Windows minimum version 4.10 and session reliability enabled, EDT and TCP are attempted in parallel during the initial connection, session reliability reconnection, and auto client reconnect. Doing so reduces connection time if EDT is Preferred, but the required underlying UDP transport is unavailable and TCP must be used. By default, after fallback to TCP, adaptive transport continues to seek EDT every five minutes.

Important

EDT and TCP in parallel require:

  • Citrix Workspace app for Windows minimum version 1808 and session reliability.
  • Citrix Receiver for Windows minimum version 4.10 and session reliability.
  • Citrix Workspace app for Mac minimum version 1808 and session reliability.
  • Citrix Receiver for Mac minimum version 12.8 and session reliability.

By default, adaptive transport is enabled (Preferred), and EDT is used when possible, with fallback to TCP.

For testing purposes, you can set Diagnostic mode, in which case only EDT is used, and fallback to TCP is disabled.

Adaptive transport image

Interoperability with Citrix SD-WAN WAN optimization

Citrix SD-WAN WAN optimization (WANOP) offers cross-session tokenized compression (data deduplication), including URL-based video caching. WANOP provides significant bandwidth reduction. This occurs if two or more people at the office location watch the same client-fetched video, or transfer or print significant portions of the same file or document. Furthermore, by running the processes for ICA data reduction and print job compression on the branch office appliance, WANOP offers VDA server CPU offload and enables higher Citrix Virtual Apps and Desktops server scalability.

Important

When using the WANOP feature of Citrix SD-WAN, there is no need to disable Adaptive Transport. WANOP will automatically put the HDX session into TCP data transport mode, since WANOP provides equivalent flow control to EDT and adds the benefits described in the previous paragraph. Non-WANOP sessions will use EDT whenever possible. By using TCP flow control and congestion control, WANOP ensures the equivalent interactivity to EDT at high latency and moderate packet loss.

Requirements and considerations

  • Citrix Virtual Apps and Desktops: Minimum version 7 1808.
  • XenApp and XenDesktop: Minimum version 7.13.
  • VDA for Single-session OS: Minimum version 7.13.
  • VDA for Multi-session OS: Minimum version 7.13.
  • StoreFront: Minimum version 3.9.
  • Citrix Workspace app for Windows minimum version 1808
  • Citrix Receiver for Windows: Minimum version 4.7 (EDT and TCP in parallel require minimum version 4.10 and session reliability).
  • Citrix Workspace app for Mac minimum version 1808
  • Citrix Receiver for Mac: Minimum version 12.5 (EDT and TCP in parallel require minimum version 12.8 and session reliability).
  • Citrix Workspace app for iOS minimum version 1808
  • Citrix Receiver for iOS: Minimum version 7.2.
  • Citrix Workspace app for Linux minimum version 1808
  • Citrix Receiver for Linux: Minimum version 13.6 for Direct VDA Connections only and minimum version 13.7 for DTLS support using NetScaler Gateway (or DTLS for direct VDA connections).
  • Citrix Workspace app for Android minimum version 1808
  • Citrix Receiver for Android: Minimum version 3.12.3 for Direct VDA Connections only.
  • IPv4 VDAs only. IPv6 and mixed IPv6 and IPv4 configurations are not supported.
  • Citrix Gateway (Citrix ADC): Minimum versions 11.1 build 51.21, 12.0 build 35.6. We recommend minimum versions 11.1 build 55.10 or 12.0 Build 53.6 as these versions include important DTLS fragmentation fixes. For more information on configuration, see Configure Citrix Gateway to support Enlightened Data Transport and HDX Insight.

Configuration

  1. Install Citrix Virtual Apps and Desktops.
  2. Install StoreFront. If you are using Citrix Gateway, verify that session reliability is enabled. Do so in Studio > StoreFront > Manage NetScaler Gateway > Select your NetScaler > Secure Ticket Authority > Enable Session Reliability.
  3. Install the VDA (for single-session OS or multi-session OS).
  4. Install Citrix Workspace app for Windows, Citrix Workspace app for Mac, Citrix Workspace app for iOS, Citrix Workspace app for Android, or Citrix Workspace app for Linux.
  5. If you are using Citrix Gateway, enable session reliability in the Studio policy. Also, enable DTLS in the front-end VPN virtual server.
  6. In Studio, enable the policy setting, HDX Adaptive Transport (it is enabled by default).
    • To enable the policy setting, set the value to Preferred, then click OK.
      • Preferred. Adaptive transport over EDT is used when possible, with fallback to TCP.
      • Diagnostic mode. EDT is forced on and falls back to TCP is disabled. We recommend this setting only for troubleshooting.
      • Off. TCP is forced on, and EDT is disabled.
  7. Click Next, and complete the steps in the wizard.
  8. The policy takes effect when the user reconnects the ICA session. Though not required, you can run gpupdate /force to pull the policy setting to the server, but the user still has to reconnect the ICA session.
  9. Start a session from a supported Citrix Workspace app to establish a connection using adaptive transport.
  10. For secure external access, configure DTLS encryption on Citrix Gateway. For more information, see this article.

To confirm that the policy setting has taken effect:

  • Check that the ICA User Datagram Protocol (UDP) services are enabled on a VDA using netstat -a.
  • Check that the virtual channels are running over EDT using Director or the CtxSession.exe command-line utility available on the VDA.

Director example:

In Director, Session Details > Connection Type displays the policy settings. Look for Connection type HDX. If the protocol is UDP, EDT is active for the session. If the protocol is TCP, the session is in fallback or default mode. If the Connection type is RDP, ICA is not in use and the protocol is n/a. For more information, see Monitor sessions.

Director protocol image

CtxSession.exe example:

This example illustrates that EDT over UDP is active for the session. Type CtxSession.exe in the command line.

C:\Program Files (x86)\Citrix\System32>CtxSession

Session 2 Transport Protocols: UDP -> CGP -> ICA

To see verbose statistics, use the -v switch:

>CtxSession -v

Troubleshoot EDT connections

Requirements and considerations

  • Multi-session OS VDA 7.13
  • Single-session OS VDA 7.13
  • Receiver for Windows 4.7 (4.6 was Experimental)
  • Receiver for Linux:
    • 13.6 (direct connections)
    • 13.7 (DTLS supported)
  • Receiver for Mac 12.5
  • Receiver for iOS 7.2
  • Receiver for Android:
    • 3.12.3 (direct connections)
    • 3.13 (DTLS supported)
  • StoreFront 3.9
  • NSG Release 11.1–51.21 / 12.0.53.6 or later

Parallel Connections

Receiver for Windows 4.10, Mac 12.8, and iOS 7.5 include code that allows them to attempt an EDT and TCP connection in parallel. EDT is given a 500 milliseconds head-start to favor UDP. Any VDA that supports EDT also supports the parallel connection.

To troubleshoot EDT connections, refer to the following procedure:

  1. Verify the minimum product/component version requirements. See Requirements and considerations.
  2. Check if the HDX adaptive transport policy in Studio is set to Not Configured or set to Preferred.

    Note:

    In XenApp and XenDesktop 7.16, HDX adaptive transport is Preferred by default and there is no explicit requirement to configure the Studio policy.

  3. Check if the optional Receiver GPO Administrative Templates are used. If so, ensure that the Transport Protocol for Citrix Receiver value is set to Not Configured or Preferred. Receiver for Windows side configurations is optional.
  4. Ensure that the UDP sockets are listening on the VDA. Open a command prompt in the VDA and type netstat –a –p udp. For details, see How to Confirm HDX Enlightened Data Transport Protocol.
  5. Bypass the NetScaler Gateway: The best way to test EDT is to launch an app from the internal network directly to StoreFront, bypassing the NetScaler Gateway. Run ctxsession on the VDA command prompt and verify your session is using UDP. If that works, your VDA is also ready for EDT connections from the outside.
  6. Launch a session through NetScaler Gateway, but first inspect the ICA file. Ensure there is an entry that reads HDXoverUDP = Preferred. If it is set to Off, then the HDX adaptive transport in not set to Preferred in the Studio policy, or the group policy update has not been applied yet at the VDA. There should also be an entry CGPSecurityTicket=On, where CGP is a requirement for EDT to work using the NetScaler Gateway.
  7. In the NetScaler Gateway, run ctxsession on the VDA command prompt and verify that your session is using UDP. If it is set to TCP, something might be wrong between the Citrix Receiver and the NetScaler Gateway front-end virtual server, and the connection fell back to TCP.
  8. Any NetScaler Gateway before 12.0.56.20 requires DTLS to be manually enabled on the front-end VPN virtual server.
  9. If you are using a VPN like Cisco AnyConnect or any other solution that alters the MTU in the network, the EDT connections might fail. You must calculate the overhead introduced by the VPN vendor, and then modify the ICA file template in StoreFront to include two more entries. Also, add a Citrix Receiver-side change. For more details, see CTX231821.

More troubleshooting tools

  • Wireshark: To troubleshoot if you can’t identify the problem, use a Wireshark trace on NetScaler Gateway to troubleshoot. Wireshark Dissectors can misinterpret EDT as QUIC. You can use the Decode As feature in Wireshark to decode QUIC as DTLS.
  • NMAP: Use the nmap -sU -p 443 <IP Address of your NSG> to test if UDP packets are reaching the virtual server. See a working versus non-working trace: NMAP image
  • Director: In addition, you can check Citrix Director > Session Details > Protocol > UDP.
  • CDF Traces: You might need to check the EDT logic on XenApp and XenDesktop components, and generate CDF traces while reproducing the issue. CDF traces image

Loss tolerant mode

Important:

  • The feature requires a minimum of Citrix Workspace app 2002 for Windows. This version of the VDA will support it when it becomes available.

  • Loss tolerant mode is not supported on Citrix Gateway or Citrix Gateway Service. This mode is available only with direct connections.

Loss tolerant mode enhances the user experience for users connecting through networks with high latency and packet loss. It accomplishes this by using the EDT Lossy transport protocol.

Initially, sessions are established using EDT. If the latency and packet loss thresholds are reached or surpassed, the applicable virtual channels switch from EDT to EDT Lossy, while leaving the other virtual channels on EDT. If the latency and packet loss decrease below the thresholds, the applicable virtual channels switch back to EDT.

The default thresholds are:

  • Packet loss: 5%
  • Latency: 300 ms (RTT)

Loss tolerant mode is enabled by default and can be disabled using the loss tolerant mode setting. Adjust the packet loss and latency thresholds using the loss tolerant mode thresholds setting.

Requirements:

  • Citrix Virtual Delivery Agent (VDA) 2003.
  • Citrix Workspace app 2002 for Windows.
  • Session reliability enabled. For more information about session reliability, see Session reliability policy settings.

EDT MTU Discovery

EDT automatically determines the Maximum Transmission Unit (MTU) when establishing a session. Doing so prevents EDT packet fragmentation that might result in performance degradation or failure to establish a session.

Minimum requirements:

  • VDA minimum version 1912
  • Citrix Workspace app 1911 for Windows
  • Citrix ADC:
    • 13.0.52.24
    • 12.1.56.22
  • Session Reliability must be enabled

If using client platforms or versions that do not support this feature, see the Knowledge Center article CTX231821 for details about how to configure a custom EDT MTU that is appropriate for your environment.

Warning:

Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

To enable or disable EDT MTU Discovery on the VDA

  1. Set this registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\icawd

    Name: MtuDiscovery

    Type: DWORD

    Data: 00000001

  2. Restart the VDA and wait for the VDA to register.

To disable EDT MTU Discovery, delete this registry value and restart the VDA.

This setting is machine-wide and affects all sessions connecting from a supported client.

To control EDT MTU Discovery on the client

You can control EDT MTU Discovery selectively on the client by adding the MtuDiscovery parameter in the ICA file. To disable the feature, set the following under the Application section:

MtuDiscovery=Off

To re-enable the feature, remove the MtuDiscovery parameter from the ICA file.

Important:

For this ICA file parameter to work, enable the feature on the VDA. If the feature is not enabled on the VDA, the ICA file parameter has no effect.