Adaptive transport

Introduction

Adaptive transport is a data transport mechanism for Citrix Virtual Apps and Desktops. It is faster, can scale, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections. Adaptive transport maintains high server scalability and efficient use of bandwidth. By using adaptive transport, ICA virtual channels automatically respond to changing network conditions. They intelligently switch the underlying protocol between the Citrix protocol called Enlightened Data Transport (EDT) and TCP to deliver the best performance. It improves data throughput for all ICA virtual channels including Thinwire display remoting, file transfer (Client Drive Mapping), printing, and multimedia redirection. The same setting is applicable for both LAN and WAN conditions.

Network stack

When set to Preferred, data transport over EDT is used as primary and fallback to TCP. With the Citirx Workspace app for Windows minimum version 1808 or Citrix Receiver for Windows minimum version 4.10 and session reliability enabled, EDT and TCP are attempted in parallel during the initial connection, session reliability reconnection, and auto client reconnect. Doing so reduces connection time if EDT is Preferred, but the required underlying UDP transport is unavailable and TCP must be used. By default, after fallback to TCP, adaptive transport continues to seek EDT every five minutes.

Important

EDT and TCP in parallel require:

  • Citrix Workspace app for Windows minimum version 1808 and Session Reliability.
  • Citrix Receiver for Windows minimum version 4.10 and Session Reliability.
  • Citrix Workspace app for Mac minimum version 1808 and Session Reliability.
  • Citrix Receiver for Mac minimum version 12.8 and Session Reliability.

By default, adaptive transport is enabled (Preferred), and EDT is used when possible, with fallback to TCP.

For testing purposes, you can set Diagnostic mode, in which case only EDT is used, and fallback to TCP is disabled.

Adaptive transport image

Interoperability with Citrix SD-WAN WAN optimization

Citrix SD-WAN WAN optimization (WANOP) offers cross-session tokenized compression (data deduplication), including URL-based video caching. WANOP provides significant bandwidth reduction. This occurs if two or more people at the office location watch the same client-fetched video, or transfer or print significant portions of the same file or document. Furthermore, by running the processes for ICA data reduction and print job compression on the branch office appliance, WANOP offers VDA server CPU offload and enables higher Citrix Virtual Apps and Desktops server scalability.

Important

When TCP is used as the data transport protocol, Citrix WANOP supports the optimizations described in the previous paragraph. When using Citrix WANOP on network connections, choose TCP and disable EDT. By using TCP flow control and congestion control, WANOP ensures the equivalent interactivity to EDT at high latency and moderate packet loss.

Requirements and considerations

  • Citrix Virtual Apps and Desktops: Minimum version 7 1808.
  • XenApp and XenDesktop: Minimum version 7.13.
  • VDA for Desktop OS: Minimum version 7.13.
  • VDA for Server OS: Minimum version 7.13.
  • StoreFront: Minimum version 3.9.
  • Citrix Workspace app for Windows minimum version 1808
  • Citrix Receiver for Windows: Minimum version 4.7 (EDT and TCP in parallel require minimum version 4.10 and Session Reliability).
  • Citrix Workspace app for Mac minimum version 1808
  • Citrix Receiver for Mac: Minimum version 12.5 (EDT and TCP in parallel require minimum version 12.8 and Session Reliability).
  • Citrix Workspace app for iOS minimum version 1808
  • Citrix Receiver for iOS: Minimum version 7.2.
  • Citrix Workspace app for Linux minimum version 1808
  • Citrix Receiver for Linux: Minimum version 13.6 for Direct VDA Connections only and minimum version 13.7 for DTLS support using NetScaler Gateway (or DTLS for direct VDA connections).
  • Citrix Workspace app for Android minimum version 1808
  • Citrix Receiver for Android: Minimum version 3.12.3 for Direct VDA Connections only.
  • IPv4 VDAs only. IPv6 and mixed IPv6 and IPv4 configurations are not supported.
  • Citrix Gateway minimum version 1808
  • NetScaler: Minimum versions 11.1 build 51.21, 12.0 build 35.6. We recommend minimum versions 11.1 build 55.10 or 12.0 Build 53.6 as these versions include important DTLS fragmentation fixes. For more information on NetScaler configuration, see this article.

Configuration

  1. Install Citrix Virtual Apps and Desktops.
  2. Install StoreFront. If you are using Citrix Gateway, verify that Session Reliability is enabled. Do so in Studio > StoreFront > Manage NetScaler Gateway > Select your NetScaler > Secure Ticket Authority > Enable Session Reliability.
  3. Install the VDA (for Desktop OS or Server OS).
  4. Install Citrix Workspace app for Windows, Citrix Workspace app for Mac, Citrix Workspace app for iOS, Citrix Workspace app for Android, or Citrix Workspace app for Linux.
  5. If you are using Citrix Gateway, enable Session Reliability in the Studio policy. Also, enable DTLS in the front-end VPN virtual server.
  6. In Studio, enable the policy setting, HDX Adaptive Transport (it is enabled by default).
    • To enable the policy setting, set the value to Preferred, then click OK.
      • Preferred. Adaptive transport over EDT is used when possible, with fallback to TCP.
      • Diagnostic mode. EDT is forced on and falls back to TCP is disabled. We recommend this setting only for troubleshooting.
      • Off. TCP is forced on, and EDT is disabled.
  7. Click Next, and complete the steps in the wizard.
  8. The policy takes effect when the user reconnects the ICA session. Though not required, you can run gpupdate /force to pull the policy setting to the server, but the user still has to reconnect the ICA session.
  9. Start a session from a supported Citrix Workspace app to establish a connection using adaptive transport.
  10. For secure external access, configure DTLS encryption on Citrix Gateway. For more information, see this article.

To confirm that the policy setting has taken effect:

  • Check that the ICA User Datagram Protocol (UDP) services are enabled on a VDA using netstat -a.
  • Check that the virtual channels are running over EDT using Director or the CtxSession.exe command-line utility available on the VDA.

Director example:

In Director, Session Details > Connection Type displays the policy settings. Look for Connection type HDX. If the protocol is UDP, EDT is active for the session. If the protocol is TCP, the session is in fallback or default mode. If the Connection type is RDP, ICA is not in use and the protocol is n/a. For more information, see Monitor sessions.

Director protocol image

CtxSession.exe example:

This example illustrates that EDT over UDP is active for the session. Type CtxSession.exe in the command line.

C:\Program Files (x86)\Citrix\System32>CtxSession

Session 2 Transport Protocols: UDP -> CGP -> ICA

To see verbose statistics, use the -v switch:

>CtxSession -v

Troubleshoot EDT connections

Requirements and considerations

  • Server OS VDA 7.13
  • Desktop OS VDA 7.13
  • Receiver for Windows 4.7 (4.6 was Experimental)
  • Receiver for Linux:
    • 13.6 (direct connections)
    • 13.7 (DTLS supported)
  • Receiver for Mac 12.5
  • Receiver for iOS 7.2
  • Receiver for Android:
    • 3.12.3 (direct connections)
    • 3.13 (DTLS supported)
  • StoreFront 3.9
  • NSG Release 11.1–51.21 / 12.0.53.6 or later

Parallel Connections

Receiver for Windows 4.10, Mac 12.8, and iOS 7.5 include code that allows them to attempt an EDT and TCP connection in parallel. EDT is given a 500 milliseconds head-start to favor UDP. Any VDA that supports EDT also supports the parallel connection.

To troubleshoot EDT connections, refer to the following procedure:

  1. Verify the minimum product/component version requirements. See Requirements and considerations.
  2. Check if the HDX adaptive transport policy in Studio is set to Not Configured or set to Preferred.

    Note:

    In XenApp and XenDesktop 7.16, HDX adaptive transport is Preferred by default and there is no explicit requirement to configure the Studio policy.

  3. Check if the optional Receiver GPO Administrative Templates are used. If so, ensure that the Transport Protocol for Citrix Receiver value is set to Not Configured or Preferred. Receiver for Windows side configurations is optional.
  4. Unsure that the UDP sockets are listening on the VDA. Open a command prompt in the VDA and type netstat –a –p udp. For details, see How to Confirm HDX Enlightened Data Transport Protocol.
  5. Bypass the NetScaler Gateway: The best way to test EDT is to launch an app from the internal network directly to StoreFront, bypassing the NetScaler Gateway. Run ctxsession on the VDA command prompt and verify your session is using UDP. If that works, your VDA is also ready for EDT connections from the outside.
  6. Launch a session through NetScaler Gateway, but first inspect the ICA file. Ensure there is an entry that reads HDXoverUDP = Preferred. If it is set to Off, then the HDX adaptive transport in not set to Preferred in the Studio policy, or the group policy update has not been applied yet at the VDA. There should also be an entry CGPSecurityTicket=On, where CGP is a requirement for EDT to work using the NetScaler Gateway.
  7. In the NetScaler Gateway, run ctxsession on the VDA command prompt and verify that your session is using UDP. If it is set to TCP, something might be wrong between the Citrix Receiver and the NetScaler Gateway front-end virtual server, and the connection fell back to TCP.
  8. Any NetScaler Gateway before 12.0.56.20 requires DTLS to be manually enabled on the front-end VPN virtual server.
  9. If you are using a VPN like Cisco AnyConnect or any other solution that alter the MTU in the network, the EDT connections might fail. You must calculate the overhead introduced by the VPN vendor, and then modify the ICA file template in StoreFront to include two more entries. Also, add a Citrix Receiver-side change. For more details, see CTX231821.

More troubleshooting tools

  • Wireshark: To troubleshoot if you can’t identify the problem, use a Wireshark trace on NetScaler Gateway to troubleshoot. Wireshark Dissectors can misinterpret EDT as QUIC. You can use the Decode As feature in Wireshark to decode QUIC as DTLS.
  • NMAP: Use the nmap -sU -p 443 <IP Address of your NSG> to test if UDP packets are reaching the virtual server. See a working versus non-working trace: NMAP image
  • Director: In addition, you can check Citrix Director > Session Details > Protocol > UDP.
  • CDF Traces: You might need to check the EDT logic on XenApp and XenDesktop components, and generate CDF traces while reproducing the issue. CDF traces image