Create delivery groups
A delivery group is a collection of machines selected from one or more machine catalogs. The delivery group specifies which users can use those machines, plus the applications and desktops available to those users.
Creating a delivery group is the next step in configuring your deployment after creating a site and creating a machine catalog. Later, you can change the initial settings in the first delivery group and create other delivery groups. There are also features and settings you can configure only when editing a delivery group, not when creating it.
For Remote PC Access, when you create a site, a delivery group named “Remote PC Access Desktops” is automatically created.
To create a delivery group:
If you have created a site and a machine catalog, without a delivery group, Studio guides you to the correct starting place to create one. If you have already created a delivery group and want to create another, select Delivery Groups. Select Create Delivery Group in the Actions pane.
- The wizard launches with an Introduction page, which you can remove from future launches of this wizard.
- The wizard then guides you through the pages described in the following section. When you are done with each page, click Next until you reach the final page.
Step 1. Machines
On the Machines page, select a catalog and select the number of machines you want to use from that catalog.
Good to know:
- At least one machine must remain unused in a selected catalog.
- A catalog can be specified in more than one delivery group. A machine can be used in only one delivery group.
- A delivery group can use machines from more than one catalog; however, those catalogs must contain the same machine types (multi-session OS, single-session OS, or Remote PC Access). In other words, you cannot mix machine types in a delivery group. Similarly, if your deployment has catalogs of Windows machines and catalogs of Linux machines, a delivery group can contain machines from either OS type, but not both.
- Citrix recommends that you install or upgrade all machines with the most recent VDA version. Upgrade catalogs and delivery groups as needed. When creating a delivery group, if you select machines that have different VDA versions installed, the delivery group is compatible with the earliest VDA version. This is called the group’s functional level. For example, if one of the machines has VDA version 7.1 and other machines have the current version, all machines in the group can use only those features that were supported in VDA 7.1. This means that some features that require later VDA versions might not be available in that delivery group.
- Each machine in a Remote PC Access catalog is automatically associated with a delivery group. When you create a Remote PC Access site, a catalog named “Remote PC Access Machines” and a delivery group named “Remote PC Access Desktops” are created automatically.
- The following compatibility checks are performed:
- MinimumFunctionalLevel must be compatible
- SessionSupport must be compatible
- AllocationType must be compatible for SingleSession
- ProvisioningType` must be compatible
- PersistChanges must be compatible for MCS and Citrix Provisioning
- RemotePC catalog is only compatible with RemotePC catalog
- AppDisk related check
Step 2. Delivery type
This page appears only if you chose a catalog containing static (assigned) single-session OS machines.
On the Delivery Type page, choose either Applications or Desktops. You cannot enable both.
If you selected machines from a multi-session OS or single-session OS random (pooled) catalog, the delivery type is assumed to be applications and desktops: you can deliver applications, desktops, or both.
Step 3. Users
Specify the users and user groups who can use the applications and desktops in the delivery group.
Where user lists are specified
Active Directory user lists are specified when you create or edit the following:
- A site’s user access list, which is not configured through Studio. By default, the application entitlement policy rule includes everyone. See the PowerShell SDK
BrokerAppEntitlementPolicyRulecmdlets for details.
- Application groups (if configured).
- Delivery groups.
The list of users who can access an application through StoreFront is formed by the intersection of the above user lists. For example, to configure the use of application A to a particular department, without unduly restricting access to other groups:
- Use the default application entitlement policy rule that includes everyone.
- Configure the delivery group user list to allow all headquarters users to use any of the applications specified in the delivery group.
- (If application groups are configured) Configure the application group user list to allow members of the Administration and Finance business unit to access applications A through L.
- Configure application A’s properties to restrict its visibility to only Accounts Receivable staff in Administration and Finance.
Authenticated and unauthenticated users
There are two types of users: authenticated and unauthenticated (unauthenticated is also called anonymous). You can configure one or both types in a delivery group.
- Authenticated: To access applications and desktops, the users and group members you specify by name must present credentials such as smart card or user name and password to StoreFront or Citrix Workspace app. For delivery groups containing single-session OS machines, you can import user data (a list of users) later by editing the delivery group.
Unauthenticated (anonymous): For delivery groups containing multi-session OS machines, you can allow users to access applications and desktops without presenting credentials to StoreFront or Citrix Workspace app. For example, at kiosks, the application might require credentials, but the Citrix access portal and tools do not. An Anonymous Users Group is created when you install the first Delivery Controller.
To grant access to unauthenticated users, each machine in the delivery group must have a VDA for Windows Server OS (minimum version 7.6) installed. When unauthenticated users are enabled, you must have an unauthenticated StoreFront store.
Unauthenticated user accounts are created on demand when a session is launched, and are named AnonXYZ, in which XYZ is a unique three-digit value.
Unauthenticated user sessions have a default idle timeout of 10 minutes, and are logged off automatically when the client disconnects. Reconnection, roaming between clients, and Workspace Control are not supported.
The following table describes your choices on the Users page:
|Enable access for||Add/assign users and user groups?||Enable the “Give access to unauthenticated users” check box?|
|Only authenticated users||Yes||No|
|Only unauthenticated users||No||Yes|
|Both authenticated and unauthenticated users||Yes||Yes|
Step 4. Applications
Good to know:
- You cannot add applications to Remote PC Access delivery groups.
- By default, new applications you add are placed in a folder named Applications. You can specify a different folder. For details, see the Manage Applications article.
- You can change the properties for an application when you add it to a delivery group, or later. For details, see the Manage Applications article.
- If you try to add an application and one with the same name exists in that folder, you are prompted to rename the application you are adding. If you decline, the application is added with a suffix that makes it unique within that application folder.
- When you add an application to more than one delivery group, a visibility issue can occur if you do not have sufficient permission to view the application in all of those delivery groups. In such cases, either consult an administrator with greater permissions or have your scope extended to include all the delivery groups to which the application was added.
- If you publish two applications with the same name to the same users, change the Application name (for user) property in Studio; otherwise, users see duplicate names in Citrix Workspace app.
Click Add to display the application sources.
- From Start menu: Applications that are discovered on a machine created from the master image in the selected catalog. When you select this source, a new page launches with a list of discovered applications; select those you want to add and then click OK.
Manually: Applications located on a VDA in the delivery group or elsewhere in your network. Selecting this source opens a new page where you specify an application to add in the following ways:
- Type the path to the executable, working directory, optional command line arguments, and display names for administrators and users.
- Select an application from a VDA in the delivery group. To do so, click Browse, enter credentials for accessing the VDA, wait to be connected to the VDA, and then select an application from the VDA. The properties of the selected application automatically populate fields on the page.
- Existing: Applications previously added to the site, perhaps in another delivery group. When you select this source, a new page launches with a list of discovered applications. Add the applications and click OK.
- App-V: Applications in App-V packages. When you select this source, a new page launches where you select the App-V server or the Application Library. Select the applications you want to add from the resulting display and then click OK. For more information, see App-V.
If an application source or application is not available or valid, it is either not visible or cannot be selected. For example, the Existing source is not available if no applications have been added to the site. Or, an application might not be compatible with the supported session types on machines in the selected catalog.
Step 5. Desktops
The title of this page depends on the catalog you chose on the Machines page:
- If you chose a catalog containing pooled machines, this page is titled Desktops.
- If you chose a catalog containing assigned machines and specified “Desktops” on the Delivery Type page, this page is titled Desktop User Assignments.
- If you chose a catalog containing assigned machines and specified “Applications” on the Delivery Type page, this page is titled Application Machine User Assignments.
Click Add. In the dialog box:
- In the Display name and Description fields, type the information to be displayed in Citrix Workspace app.
- To add a tag restriction to a desktop, select Restrict launches to machines with this tag and then select the tag from the drop-down list. For more information, see Tags.
- Use the radio buttons to launch a desktop or to assign a machine when launching the desktop. The users can be either everyone who can access this delivery group, or specific users and user groups.
- If the group contains assigned machines, specify the maximum number of desktops per user. This must be a value of one or greater.
- Enable or disable the desktop (for pooled machines) or desktop assignment rule (for assigned machines). Disabling a desktop stops desktop delivery. Disabling a desktop assignment rule stops desktop auto-assignment to users.
- When you are finished with the dialog box, click OK.
Maximum instances of a desktop in a site (PowerShell only)
To configure the maximum instances of a desktop in the site (PowerShell only):
In PowerShell, use the appropriate BrokerEntitlementPolicyRule cmdlet with the MaxPerEntitlementInstances parameter. For example, the following cmdlet modifies the
tsvda-desktoprule to set the maximum concurrent instances of a desktop allowed in the site to two. When there are two desktop instances running, an error occurs if a third subscriber attempts to start a desktop.
Set-BrokerEntitlementPolicyRule -Name tsvda-desktop -MaxPerEntitlementInstances 2
For guidance, use the Get-Help cmdlet. For example,
Get-Help Set-BrokerEntitlementPolicyRule-Parameter MaxPerEntitlementInstances.
Step 6. Summary
Enter a name for the delivery group. You can also (optionally) enter a description, which appears in the Citrix Workspace app and in Studio.
Review the summary information and then click Finish.