Configure

When using Citrix Workspace app for Linux, the following configuration steps allow users to access their hosted applications and desktops.

Settings

Configuration files

To change advanced or less common settings, you can modify Citrix Workspace app’s configuration files. These configuration files are read each time wfica starts. You can update various files depending on the effect you want the changes to have.

If session sharing is enabled, an existing session might be used instead of a newly reconfigured one. This setting might cause the session to ignore changes you made in a configuration file.

Default settings

If you want to change the default for all Citrix Workspace app users, modify the module.ini configuration file in the $ICAROOT/config directory.

Note:

If an entry in All\_Regions.ini is set to a specific value, the value for that entry in module.ini isn’t used. The values in All\_Regions.ini take precedence over the value in module.ini.

Template file

If the $HOME/.ICAClient/wfclient.ini file does not exist, wfica creates it by copying $ICAROOT/config/wfclient.template. When you change this template file, the changes are applied to all the Citrix Workspace app users.

User settings

To apply configuration changes for a user, modify the wfclient.ini file in the user’s $HOME/.ICAClient directory. The settings in this file apply to future connections for that user.

Validate configuration file entries

To limit the values for entries in wfclient.ini, specify the allowed options or ranges of options in All\_Regions.ini.

If you specify only one value, that value is used. The $HOME/.ICAClient/All\_Regsions.ini file can match or reduce the possible values set in the $ICAROOT/config/All\_Regions.inifile, it can’t take away restrictions.

Note:

The value set in wfclient.ini takes precedence over the value in module.ini.

Parameters

The parameters listed in each file are grouped into sections. Each section begins with a name in brackets that indicates parameters that belong together; for example, \[ClientDrive\] for parameters related to client drive mapping (CDM).

Defaults are automatically supplied for any missing parameters except where indicated. If a parameter is present but not assigned a value then the default value is automatically applied. For example, consider the InitialProgram parameter is followed by an equal sign (=) and no value is provided. In this example, the default value (not to run a program after logging in) is applied.

Precedence

The All\_Regions.ini file specifies parameters that the other files can set. It can restrict the values of parameters or set them exactly.

For any given connection, the files are checked in the following order:

  1. All\_Regions.ini - The values in this file override those values in:
    • The connections .ICA file
    • wfclient.ini
  2. module.ini - The values in this file are used if they have not been set in All\_Regions.ini, the connections .ICA file, or wfclient.ini. However, these values aren’t restricted with the entries in All\_Regions.ini.

If no value is found in any of these files, the default in the Citrix Workspace app code is used.

Note:

There are exceptions to this order of precedence. For example, the code reads some values specifically from wfclient.ini for security reasons.

Persistent login [Technical Preview]

The Persistent login feature enables you to stay logged in for up to the duration (2 to 365 days) configured by your admin. When this is enabled, you need not provide login credentials for the Citrix Workspace App during the configured period.

With this functionality, the SSO to Citrix DaaS sessions is extended up to a period of 365 days depending upon the lifetime of Long-Lived Tokens. Your credentials are cached by default for 4 days (or Lifetime whichever is lower) and then extended when you become active within these 4 days (by connecting to Citrix Workspace App).

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Configure the persistent login feature

An admin need to configure the persistent login on the Workspace environment using the following procedure:

  1. Sign in to Citrix Cloud.
  2. In the Citrix Cloud console, click the menu in the upper left corner of the screen.
  3. Select the Workspace Configuration option > Customize > Preferences.
  4. Scroll down to Reauthentication Period for Workspace App.
  5. Click Edit next to the Current Reauthentication Period field.
  6. Enter the required days in the Current Reauthentication Period field.
  7. You need to enter two days or more in the Current Reauthentication Period field.

For more information, see the instructions in the Reauthentication Period for Workspace App section in the following image:

Reauthentication Period for Workspace App

Experience with enhanced authentication

The persistent login window is embedded within the self-service window.

  1. Access the Citrix Workspace app. The authentication window appears.

    Authentication window

  2. Sign in with your credentials. You are redirected to the Permission prompt to accept.

    Permission window

  3. Click Allow.

Note:

If you select Deny for consent, you would see a second login prompt and you need to sign in to Citrix Workspace app for every 24 hours.

Disable the persistent login feature

An admin can disable the persistent login feature in the Citrix Cloud UI or in the AuthManConfig.xml file. However, the value set in the AuthManConfig.xml file overrides the value set in the Citrix Cloud UI.

Using Citrix Cloud UI

  1. Sign in to Citrix Cloud.
  2. In the Citrix Cloud console, click the menu in the upper left corner of the screen.
  3. Select the Workspace Configuration option > Customize > Preferences.
  4. Scroll down to Reauthentication Period for Workspace App.
  5. Click Edit next to the Current Reauthentication Period field.
  6. Enter one day in the Current Reauthentication Period field.

Using AuthManConfig.xml file

To disable persistent feature, do the following

  1. Navigate to <ICAROOT>/config/AuthManConfig.xml file.
  2. Set the values as follows:

    <!-- AuthManLiteEnabled - enable AML - true/false -->
    
    <key>AuthManLiteEnabled</key>
    
    <value>true</value>
    
    <AuthManLite>
    
    <primaryTokenLifeTime>1.00:00:00</primaryTokenLifeTime>
    
    <secondaryTokenLifeTime>0.01:00:00</secondaryTokenLifeTime>
    
    <longLivedTokenSupport>false</longLivedTokenSupport>
    
    <nativeLoggingEnabled>true</nativeLoggingEnabled>
    
    <platform>linux</platform>
    
    <saveTokens>true</saveTokens>
    
    </AuthManLite>
    <!--NeedCopy-->
    

Email-based auto-discovery of store

Note:

This feature is generally available for Citrix Workspace app.

You can now provide your email address in Citrix Workspace app to automatically discover the store associated with the email address. If there are multiple stores associated with a domain, by default the first store returned by the Global App Configuration Service is added as the store of choice. Users can always switch to another store if necessary.

To disable this feature, do the following:

  1. Navigate to $ICAROOT/config/AuthManConfig.xml file.
  2. Set the following entry to false.

    <key>AppConfigEnabled</key>
    <value>false</value>
    <!--NeedCopy-->
    

Creating custom user-agent strings in network request

Starting with 2109 version, Citrix Workspace app introduces an option to append the User-Agent strings in the network request and identify the source of a network request. Based on this User-Agent strings request, you can decide how to manage your network request. This feature allows you to accept network requests only from trusted devices.

Note:

  • This feature is supported on cloud deployments of Citrix Workspace app. Also, x86, x64, and ARMHF are the supported packages.

To customize the User-Agent strings, do the followings:

  1. Locate the $ICAROOT/config/AuthManConfig.xml configuration file.
  2. Add a value to the following entry:

<UserAgentSuffix> </UserAgentSuffix>

Example that includes App and Version in the customized text:

<UserAgentSuffix>App/AppVersion </UserAgentSuffix>

If you’re adding App and AppVersion, separate them by a forward slash (“/”).

  • If the network request is from the UI-based Citrix Workspace app, the following User-Agent appears in the network requests:

    CWAWEBVIEW/CWAVersion App/AppVersion

  • If the network request isn’t from the UI-based Citrix Workspace app, the following User-Agent appears in the network requests:

    CWA/CWAVersion App/AppVersion

Notes:

  • If you aren’t adding AppVersion at the end of the UserAgentSuffix string, the Citrix Workspace app version is appended in the network requests.
  • Restart AuthManagerDaemon and ServiceRecord for the changes to take effect.

Feature flag management

If an issue occurs with Citrix Workspace app in production, we can disable an affected feature dynamically in Citrix Workspace app even after the feature ships. To do so, we use feature flags and a third-party service called LaunchDarkly.

You do not need to make any configurations to enable traffic to LaunchDarkly, unless you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to LaunchDarkly via specific URLs or IP addresses, depending on your policy requirements. You can enable traffic and communication to LaunchDarkly in the following ways:

Enable traffic to the following URLs

  • events.launchdarkly.com
  • stream.launchdarkly.com
  • clientstream.launchdarkly.com
  • firehose.launchdarkly.com
  • mobile.launchdarkly.com
  • app.launchdarkly.com

List IP addresses in an allow list

If you must list IP addresses in an allow list, for a list of all current IP address ranges, see the LaunchDarkly public IP list. You can use this list to verify that your firewall configurations are updated automatically in keeping with the infrastructure updates. For details about the status of the infrastructure changes, see the LaunchDarkly Status page.

LaunchDarkly system requirements

Verify that published apps can communicate with the following services if you have split tunneling on Citrix ADC set to OFF:

  • LaunchDarkly service
  • APNs listener service

Provision to disable LaunchDarkly service

Starting with version 2205, you can disable LaunchDarkly service on Citrix Workspace app.

To disable the LaunchDarkly service, do the following:

  1. Navigate to the <ICAROOT>/config/module.ini folder and go to the LaunchDarkly section.
  2. Select the entry EnableLaunchDarkly and set it to Disable.

Service continuity

Note:

This feature is generally available for Citrix Workspace app.

Service continuity removes or minimizes the dependency on the availability of components that are involved in the connection process. Users can launch their Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) regardless of the health status of the cloud services.

For information on requirements that support service continuity on Citrix Workspace app, see System Requirements.

For information on installing service continuity with Citrix Workspace app, see Installing Service Continuity.

For more information, see the Service continuity section in the Citrix Workspace documentation.

Pinning multi-monitor screen layout

Starting with Version 2103, you can save the selection for multi-monitor screen layout. The layout is how a desktop session is displayed. Pinning helps to relaunch a session with the selected layout, resulting in an optimized user experience.

As a prerequisite, you must enable this feature in the AuthManConfig.xml file. Navigate to $ICAROOT/config/AuthManConfig.xml and add the following entries:

     <key>ScreenPinEnabled</key>
     <value> true </value>
<!--NeedCopy-->

Only after adding the preceding key, you can see the Screen Layout option in the App indicator icon. For more information about app indicator icon, see App indicator icon.

To select the screen layout, click the app indicator icon in the taskbar, and select Screen Layout. The Screen Layout dialog appears.

Alternately, you can launch the Screen Layout dialog by pressing Ctrl+m keys when on the self-service window.

Screen layout

Select a virtual desktop from the drop-down menu. The layout selection is applied only to the desktop that you select.

Select one or more tiles to form a rectangular selection for the layout. The session then appears as per the layout selection.

Limitations:

  • Enabling screen pinning disables the save layout feature in a session.
  • This feature is applicable only on desktops that are marked as favorite.

Application Categories

Application Categories allow users to manage collections of applications in Citrix Workspace app. You can create application groups for the following:

  • Applications shared across different delivery groups
  • Applications used by a subset of users within delivery groups

For more information, see Create an application group in the Citrix Virtual Apps and Desktops documentation.

App protection

DISCLAIMER

App protection policies work by filtering access to required functions of the underlying operating system. Specific API calls are required to capture screens or keyboard presses. This feature means that app protection policies can provide protection even against custom and purpose-built hacker tools. However, as operating systems evolve, new ways of capturing screens and logging keys can emerge. While we continue to identify and address them, we can’t guarantee full protection in specific configurations and deployments.

App protection is an add-on feature that provides enhanced security when you use Citrix Virtual Apps and Desktops. The feature restricts the ability of clients to be compromised with keylogging and screen-capturing malware. App protection prevents exfiltration of confidential information such as user credentials and sensitive information that are displayed on the screen. The feature prevents users and attackers from taking screenshots and from using keyloggers to glean and exploit sensitive information.

Notes:

  • This feature is supported when Citrix Workspace app is installed by using the tarball, Debian, and Red Hat Package Manager (RPM) packages. Also, x64 and ARMHF are the only supported architectures.
  • This feature is supported in on-premises deployments of Citrix Virtual Apps and Desktops. Also, in deployments using the Citrix Virtual Apps and Desktops Service with StoreFront.

App protection requires that you install an add-on license on your License Server. A Citrix Virtual Desktops license must also be present. For information on Licensing, see the Configure section in the Citrix Virtual Apps and Desktops.

Starting with Version 2108, the app protection feature is now fully functional. The app protection feature supports apps and desktop sessions and is enabled by default. However, you must configure the app protection feature in the AuthManConfig.xml file to enable it for the authentication manager and the Self-Service plug-in interfaces.

Starting with this version, you can launch protected resources from Citrix Workspace app while Mozilla Firefox is running.

Prerequisite:

App protection works best with the following operating systems along with the Gnome Display Manager:

  • 64-bit Ubuntu 18.04+, except Ubuntu 21.10.
  • 64-bit Debian 9+
  • 64-bit CentOS7.5+
  • 64-bit RHEL7.5+
  • ARMHF 32-bit Raspbian 10 (Buster)+

Note:

App protection feature does not support the operating systems that use glibc 2.34 or later.

If you install the Citrix Workspace app with app protection feature enabled on OS that uses glibc 2.34 or later, the OS boot might fail on restarting the system. To recover from the OS boot failure, do any of the following:

  • Reinstall the OS. However, we do not support the app protection feature on the OS that uses glibc 2.34 or later.
  • Go to Recovery mode of the OS and uninstall the Citrix Workspace app using terminal.
  • Boot through the live OS and remove the rm -rf /etc/ld.so.preload file from the existing OS.

Installing the app protection component:

When you install the Citrix Workspace app using the tarball package, the following message appears.

“Do you want to install the app protection component? Warning: You can’t disable this feature. To disable it, you must uninstall Citrix Workspace app. For more information, contact your system administrator. [default $INSTALLER_N]:”

Enter Y to install the app protection component.

By default, the app protection component isn’t installed.

Restart your machine for the changes to take effect. App protection work as expected only after you restart your machine.

Installing the app protection component on RPM packages:

Starting with Version 2104, app protection is supported on the RPM version of Citrix Workspace app.

To install app protection, do the following:

  1. Install Citrix Workspace app.
  2. Install the app protection ctxappprotection<version>.rpm package from the Citrix Workspace app installer.
  3. Restart the system for the changes to take effect.

Installing the app protection component on Debian packages:

Starting with Version 2101, app protection is supported on the Debian version of Citrix Workspace app.

For silent installation of the app protection component, run the following command from the terminal before installing Citrix Workspace app:

export DEBIAN_FRONTEND="noninteractive"
sudo debconf-set-selections <<< "icaclient app_protection/install_app_protection select yes"

sudo debconf-show icaclient
* app_protection/install_app_protection: yes

sudo apt install -f ./icaclient_<version>._amd64.deb
<!--NeedCopy-->

Starting with Version 2106, Citrix Workspace app introduces an option to configure the anti-keylogging and anti-screen-capturing functionalities separately for both the authentication manager and Self-Service plug-in interfaces.

Configuring app protection for authentication manager:

Navigate to $ICAROOT/config/AuthManConfig.xml and edit the file as follows:


/opt/Citrix/ICAClient/config$ cat AuthManConfig.xml | grep -i authmananti -A 1
    <key>AuthManAntiScreenCaptureEnabled</key>
    <value>true</value>
    <key>AuthManAntiKeyLoggingEnabled</key>
    <value>true </value>

<!--NeedCopy-->

Configuring app protection for the Self-Service plug-in interface:

Navigate to $ICAROOT/config/AuthManConfig.xml and edit the file as follows:


/opt/Citrix/ICAClient/config$ cat AuthManConfig.xml | grep -i protection -A 4
<!-- Selfservice app protection configuration -->
    <Selfservice>
      <AntiScreenCaptureEnabled>true</AntiScreenCaptureEnabled>
      <AntiKeyLoggingEnabled>true</AntiKeyLoggingEnabled>
    </Selfservice>

<!--NeedCopy-->

Known issues:

  • When you minimize a protected screen, app protection continues to run in the background.

Limitation:

  • Sometimes, you can’t launch protected resources when an application that is installed from the Snap Store is running. As a workaround, identify the application that causes the issue from the Citrix Workspace app log file. Also, close the application.
  • When you’re trying to take a screenshot of a protected window, the entire screen, including the non-protected apps in the background, are grayed out.

Battery status indicator

The battery status of the device now appears in the notification area of a Citrix Desktop session.

Note:

Starting with the 2111 version, the battery status indicator appears for server VDAs also.

The battery status indicator is enabled by default.

To disable the battery status indicator:

  1. Navigate to the <ICAROOT>/config/module.ini folder.
  2. Go to the ICA 3.0 section.
  3. Set the MobileReceiver= Off.

Customer Experience Improvement Program (CEIP)

Data collected Description What we use it for
Configuration and usage data The Citrix Customer Experience Improvement Program (CEIP) gathers configuration and usage data from Citrix Workspace app for Linux and automatically sends the data to Google Analytics. This data helps Citrix improve the quality, reliability, and performance of Citrix Workspace app.

Additional information

Citrix handles your data following the terms of your contract with Citrix. Also, protects it as specified in the Citrix Services Security Exhibit available on the Citrix Trust Center.

Citrix also uses Google Analytics to collect certain data from Citrix Workspace app as part of CEIP. You might review how Google handles data collected for Google Analytics.

Clear sending CEIP data to Citrix and Google Analytics (except for the data collected for Google Analytics indicated by * in the second table in the following section) by:

  1. Navigate to the <ICAROOT>/config/module.ini folder and go to the CEIP section.
  2. Select the entry EnableCeip and set it to Disable.

Note:

After you set the EnableCeip key to Disable, you can disable sending the final two CEIP data elements collected by Google Analytics. These data elements are Operating System version and Workspace app version. For this action, navigate to the following section and set the value as suggested:

Location: <ICAROOT>/config/module.ini

Section: GoogleAnalytics

Entry: DisableHeartBeat

Value: True

The specific CEIP data elements collected by Google Analytics are:

       
Operating system version* Workspace app version* App name Client ID
Session launch method Compiler version Hardware platform  

App indicator icon

The app indicator starts when you launch Citrix Workspace app. It’s an icon that is present in the notification area. With the introduction of the app indicator, the Citrix Workspace app for Linux logon performance is improved.

You can observe performance improvement when you:

  • First launch of Citrix Workspace app
  • Close and relaunch the app
  • Quit and relaunch the app

Note:

The libappindicator package is required for the app indicator to appear. Install the libappindicator package suitable for your Linux distribution from the web.

ICA-to-X proxy

You can use a workstation running Citrix Workspace app as a server and redirect the output to another X11-capable device. You might want to do this task to deliver Microsoft Windows applications to X terminals or to UNIX workstations for which Citrix Workspace app isn’t available.

Note:

Citrix Workspace app software is available for many X devices, and installing the software on these devices is the preferred solution in these cases. Running Citrix Workspace app in this way, as an ICA-to-X proxy, is also referred to as server-side ICA.

When you run Citrix Workspace app, you can think of it as an ICA-to-X11 converter that directs the X11 output to your local Linux desktop. However, you can redirect the output to another X11 display. You can run extra copies of Citrix Workspace app simultaneously on one system. In this case, each Citrix Workspace app sends its output to a different device.

This graphic shows a system with Citrix Workspace app for Linux set up as an ICA-to-X proxy:

ICA-to-X proxy

To set up this type of system, you need a Linux server to act as the ICA-to-X11 proxy:

  • If you have X terminals already, you can run Citrix Workspace app on the Linux server that usually supplies the X applications to the X terminals.
  • If you want to deploy UNIX workstations for which Citrix Workspace app isn’t available, you need an extra server to act as the proxy. This server can be a PC running Linux.

Applications are supplied to the final device using X11, using the capabilities of the ICA protocol. By default, you can use drive mapping only to access the drives on the proxy. This setting isn’t a problem if you’re using X terminals (which usually do not have local drives). If you’re delivering applications to other UNIX workstations, you can either:

  • NFS mounts the local UNIX workstation on the workstation acting as the proxy, then point a client drive map at the NFS mount point on the proxy.
  • Use an NFS-to-SMB proxy such as SAMBA, or an NFS client on the server such as Microsoft Services for UNIX.

Some features aren’t passed to the final device:

  • USB redirection
  • Smart card redirection
  • COM port redirection
  • Audio isn’t delivered to the X11 device, even if the server acting as a proxy supports audio.
  • Client printers aren’t passed through to the X11 device. You access the UNIX printer from the server manually using LPD printing, or use a network printer.
  • Redirection of multimedia input isn’t supported because it requires a webcam on the machine that runs Citrix Workspace app, where the server acts as a proxy. However, redirection of multimedia output supports when GStreamer installed on the server acting as a proxy (untested).

To start Citrix Workspace app with server-side ICA from an X terminal or a UNIX workstation:

  1. Use ssh or telnet to connect to the device acting as the proxy.

  2. In a shell on the proxy device, set the DISPLAY environment variable to the local device. For example, in a C shell, type:

    setenv DISPLAY <local:0>

    Note:

    If you use the command ssh -X to connect to the device acting as the proxy, you do not need to set the DISPLAY environment variable.

  3. At a command prompt on the local device, type xhost <proxy server name>

  4. Verify whether Citrix Workspace app is installed in the default installation directory. If not installed, verify that the environment variable ICAROOT is set to point to the actual installation directory.

  5. Locate the directory where Citrix Workspace app is installed. At a command prompt, type selfservice &.

Server-client content redirection

Server-client content redirection enables administrators to specify that URLs in a published application are opened using a local application. For example, opening a link to a webpage while using Microsoft Outlook in a session opens the required file using the browser on the user device.

Server-client content redirection enables administrators to give Citrix resources more efficiently, by that provides better performance to the users. The following types of URL can be redirected:

  • HTTP
  • HTTPS
  • RTSP (Real Player)
  • RTSPU (Real Player)
  • PNM (Older Real Players)

The URL is opened using the server application when:

  • Citrix Workspace app does not have an appropriate application
  • Citrix Workspace app can’t directly access the content

Server-client content redirection is configured on the server. This feature is enabled by default in Citrix Workspace app if the path includes RealPlayer and one of Firefox, Mozilla, or Netscape.

To enable server-client content redirection if RealPlayer and a browser aren’t in the path:

  1. Open the configuration file wfclient.ini.

  2. In the [Browser] section, modify the following settings:

    Path=path

    Command=command

    The path is the directory where the browser executable is located. The command is the name of the executable used to handle redirected browser URLs, appended with the URL sent by the server. For example:

    $ICAROOT/nslaunch Netscape, Firefox, Mozilla

    This setting specifies the following:

    • The nslaunch utility is run to push the URL into an existing browser window
    • Each browser in the list is tried in turn until content can be displayed successfully
  3. In the [Player] section, modify the following settings:

    Path=path

    Command=command

    The path is the directory where the RealPlayer executable is located. The command is the name of the executable used to handle the redirected multimedia URLs, appended with the URL sent by the server.

  4. Save and close the file.

Note:

For both path settings, you need to specify the directory where the browser and RealPlayer executables are available. You do not need to specify the full path to the executables. For example, in the [Browser] section, the path might be set to /usr/X11R6/bin rather than /usr/X11R6/bin/netscape. Also, you can specify extra directory names as a colon-separated list. If these settings aren’t specified, the user’s current $PATH is used.

To clear server-client content redirection from Citrix Workspace:

  1. Open the module.ini configuration file.
  2. Change the CREnabled setting to Off.
  3. Save and close the file.

Connection

Configure connections

On devices with limited processing power or where limited bandwidth is available, there’s a trade-off between performance and functionality. Users and administrators can choose an acceptable mixture of rich functionality and interactive performance. Making one or more of these changes, often on the server not the user device, can reduce the bandwidth that a connection requires and can improve performance:

  • Enable SpeedScreen Latency Reduction - The SpeedScreen Latency Reduction improves performance over high latency connections. For this improvement, an instant feedback is provided to the user in response to typed data or mouse clicks. Use the SpeedScreen Latency Reduction Manager to enable this feature on the server. By default, in Citrix Workspace app, this feature is disabled for keyboard and only enabled for the mouse on high latency connections. See the Citrix Workspace app for Linux OEM’s Reference Guide.
  • Enable data compression - Data compression reduces the amount of data transferred across the connection. This configuration requires more processor resources to compress and decompress the data, but it can increase performance over low-bandwidth connections. Use the Citrix Audio Quality and Image Compression policy settings to enable this feature.
  • Reduce the window size - Change the window size to the minimum that is comfortable. On the farm set the Session Options.
  • Reduce the number of colors - Reduce the number of colors to 256. On the Citrix Virtual Apps and Desktops or Citrix DaaS site, set the Session Options.
  • Reduce sound quality - If audio mapping is enabled, reduce the sound quality to the minimum setting using the Citrix Audio quality policy setting.

For information about troubleshooting, see Connections in the troubleshooting section.

Font

ClearType font smoothing

ClearType font smoothing (also known as subpixel font rendering) improves the quality of displayed fonts beyond the available quality through traditional font smoothing or anti-aliasing. You can turn this feature on or off. Or you specify the type of smoothing by editing the following setting in the [WFClient] section of the appropriate configuration file:

FontSmoothingType = number

Where the number can take one of the following values:

Value Behavior
0 The local preference on the device is used. The FontSmoothingTypePref setting defines this value.
1 No smoothing
2 Standard smoothing
3 ClearType (horizontal subpixel) smoothing

Both standard smoothing and ClearType smoothing can increase Citrix Workspace app’s bandwidth requirements.

Important:

The server can configure FontSmoothingType through the ICA file. This value takes precedence over the value set in [WFClient].

If the server sets the value to 0, the following setting in the [WFClient] determines the local preference: FontSmoothingTypePref = number

Where a number can take one of the following values:

Value Behavior
0 No smoothing
1 No smoothing
2 Standard smoothing
3 ClearType (horizontal subpixel) smoothing (default)

Folder

Configure special folder redirection

In this context, there are only two special folders for each user:

  • The user’s Desktop folder
  • The user’s Documents folder (My Documents on Windows XP)

Special folder redirection enables you to specify the locations of a user’s special folders. As a result, these folders remain fixed across different server types and server farm configurations. It is important if, for example, a mobile user logs on to servers in different server farms. For static, desk-based workstations, where the user can log on to servers that reside in a single-server farm, special folder redirection is rarely necessary.

To configure special folder redirection:

Enable special folder redirection by making an entry in the module.ini file and specify the folder locations as follows:

  1. Add the following text to module.ini (for example, $ICAROOT/config/module.ini):

    [ClientDrive]

    SFRAllowed = True

    DocumentsFolder = documents

    DesktopFolder = desktop

    where documents and desktop are the UNIX file names, including the full path, of the directories to use as the users Documents and Desktop folders respectively. For example:

    DesktopFolder = $HOME/.ICAClient/desktop

    • You can specify any component in the path as an environment variable, for example, $HOME.
    • Specify values for both parameters.
    • The directories you specify must be available through client device mapping. That is, the directory must be in the subtree of a mapped client device.
    • Use the drive letters C or higher.

Client-drive mapping

Client drive mapping allows drive letters on the Citrix Virtual Apps and Desktops and Citrix DaaS server to be redirected to directories that exist on the local user device. For example, drive H in a Citrix user session can be mapped to a directory on the local user device running the Workspace app.

Client drive mapping can make any directory mount on the local user device. The local user device includes a CD-ROM, DVD, or a USB memory stick, that are available to the user during a session. Also, the local user has permission to access the local user device. When a server is configured to allow client drive mapping:

  • users can access their locally stored files
  • Use the files during their session
  • and then save them again either on a local drive or on a drive on the server.

Citrix Workspace app supports client device mapping for connections to Citrix Virtual Apps and Desktops and Citrix DaaS servers. This feature enables a remote application that runs on the server to access devices attached to the local user device. The applications and system resources appear to the user at the user device as if they’re running locally. Verify that client device mapping is supported on the server before using these features.

Note:

The Security-Enhanced Linux (SELinux) security model can affect the operation of the Client Drive Mapping and USB Redirection features. This model is applicable on both Citrix Virtual Apps and Desktops and Citrix DaaS. If you require either or both of these features, disable SELinux before configuring them on the server.

Two types of drive mapping are available:

  • Static client drive mapping - Enables administrators to map any part of a user device’s file system to a specified drive on the server at logon. For example, it can be used to map all or part of a user’s home directory or /tmp. Also, map the mount points of mass storage devices such as CD-ROMs, DVDs, or USB memory sticks.
  • Dynamic client drive mapping - Monitors the directories in which mass storage devices such as CD-ROMs, DVDs, and USB memory sticks are typically mounted on the user device. And any new ones that appear during a session are automatically mapped to the next available drive letter on the server.

When Citrix Workspace app connects to Citrix Virtual Apps and Desktops or Citrix DaaS, client drive mappings are reestablished unless client device mapping is disabled. You can use policies to give you more control over how client device mapping is applied. For more information, see the Citrix Virtual Apps and Desktops documentation.

Users can map drives using the Preferences dialog box.

Note:

By default, enabling static client drive mapping also enables dynamic client drive mapping. To disable the latter but enable the former, set DynamicCDM to False in wfclient.ini.

Previously, your setting for file access through CDM was applied on all configured stores.

Starting with Version 2012, Citrix Workspace app allows you to configure per-store CDM file access.

Note:

The file access setting isn’t persistent across sessions when using workspace for web. It defaults to the Ask me each time option.

File access

You can use the wfclient.ini file to configure the mapped path and file name attributes. Use the GUI to set a file access level as shown in the preceding screen capture.

In a desktop session, you can set a file access level by navigating to the Preferences > File access dialog from the Desktop Viewer.

File access from Desktop Viewer

In an app session, you can set a file access level by launching the File access dialog from Citrix Connection Center.

File access from Desktop Viewer

The File access dialog includes the mapped folder name and its path.

File access from Desktop Viewer

The access level flag isn’t supported in the wfclient.ini file anymore.

Map client-printers

Citrix Workspace app supports printing to network printers and printers that are attached locally to user devices. By default, unless you create policies to change it, Citrix Virtual Apps and Desktops and Citrix DaaS lets users:

  • Print to all printing devices accessible from the user device
  • Add printers

These settings, however, might not be perfect in all environments. For example, the default setting that allows users to print to all printers accessible from the user device is the easiest to administer initially. But the default setting might create slower logon times in some environments. In this situation, you might want to limit the list of printers configured on the user device.

Likewise, your organization’s security policies might require that you prevent users from mapping local printing ports. To do so, on the server configure the ICA policy Auto connect client COM ports setting to Disabled.

To limit the list of printers configured on the user device:

  1. Open the configuration file, wfclient.ini, in one of the following:

    • $HOME/.ICAClient directory to limit the printers for a single user
    • $ICAROOT/config directory to limit the printers for all Workspace app users. All users in this case are those users who first use the self-service program after the change.
  2. In the [WFClient] section of the file type:

    ClientPrinterList=printer1:printer2:printer3

    Where printer1, printer2, and so on, are the names of the chosen printers. Separate printer name entries by a colon (:).

  3. Save and close the file.

Map a local printer

The Citrix Workspace app for Linux supports the Citrix PS Universal Printer Driver. So, usually no local configuration is required for users to print to network printers or printers that are attached locally to user devices. You might manually map client printers on Citrix Virtual Apps and Desktops or Citrix DaaS for Windows if, for example, the user device’s printing software does not support the universal printer driver.

To map a local printer on a server:

  1. From Citrix Workspace app, start a server connection and log on to a computer running Citrix Virtual Apps and Desktops or Citrix DaaS.

  2. On the Start menu, choose Settings > Printers.

  3. On the File menu, choose Add Printer.

    The Add Printer wizard appears.

  4. Use the wizard to add a network printer from the Client Network, Client domain. Usually this value is a standard printer name, similar to values created by native Remote Desktop Services, such as “HP LaserJet 4 from client name in session 3.”

    For more information about adding printers, see your Windows operating system documentation.

Audio

Starting with Version 2112, the VdcamVersion4Support attribute in the module.ini file is renamed to AudioRedirectionV4. The default value for AudioRedirectionV4 is set to False. As a result:

  • the ALSA library is used to access the audio devices and only single device is supported.
  • default audio device with the name Citrix HDX Audio appears in the session.
  • only one app can use the Citrix HDX Audio device at a time.

You can set the value for AudioRedirectionV4 to True. As a result:

  • the PulseAudio library is used to access the audio devices and extra devices are supported.
  • more than one app can use the audio devices at a time.
  • Citrix Workspace app displays all local audio devices that are available in a session. Instead of Citrix HDX Audio, the audio devices appear with their respective device names. You can switch to any of the available devices dynamically in a session.
  • sessions update dynamically when you plug in or remove audio devices.
  • audio device redirection is supported with HDMI and Bluetooth audio devices.

To enable this feature, do the following:

  1. Navigate to the <ICAROOT>/config folder and open the module.ini file.
  2. Go to the [ClientAudio] section and add the following entry:

    AudioRedirectionV4=True

  3. Restart the session for the changes to take effect.

Notes:

  • The enhanced audio redirection feature is in Technical Preview.
  • The Mic and Webcam option in the Preferences dialog is disabled by default. For information on how to enable mic and webcam, see Preferences.

Known limitations:

By default, the AudioRedirectionV4 value is set to False. If you haven’t changed the default value, the following known limitations are present:

  • On a VDA running on Windows Server 2016, you can’t change the audio device selection in a session. The selection is set to the default audio input and output only. This limitation is resolved when you set the AudioRedirectionV4 value to True.
  • Audio device redirection isn’t supported with Bluetooth audio devices. This limitation is resolved when you set the AudioRedirectionV4 value to True.
  • You can change the default audio device only on Windows 10, Windows 7, and Windows 8 operating systems. On Windows Server operating systems, such as Windows Server 2012, 2016, and 2019, you can’t change the default audio device. This issue is because of a limitation in the Microsoft remote desktop session.
  • Audio device redirection isn’t supported with HDMI audio devices. This limitation is resolved when you set the AudioRedirectionV4 value to True. However, the Citrix Workspace app might display HDMI audio devices that aren’t connected in a session.

When the AudioRedirectionV4 value is False, the default audio device is typically the default ALSA device configured for your system. Use the following procedure to specify a different device:

  1. Choose and open a configuration file according to which users you want your changes to affect. See default settings for information about how updates to particular configuration files affect different users.
  2. Add the following option, creating the section if necessary:

    
    [ClientAudio]
    
    AudioDevice = \<device\>
    <!--NeedCopy-->
    

In this section, the device information is present in the ALSA configuration file on your operating system.

Note:

The location of this information isn’t standard across all Linux operating systems. Citrix recommends consulting your operating system documentation for more details about locating this information.

Map client audio

Client audio mapping enables applications that run on the Citrix Virtual Apps and Desktops or Citrix DaaS server to play sounds through a sound device installed on the user device. You can set audio quality on a per-connection basis on the server and users can set it on the user device. If the user device and server audio quality settings are different, the lower setting is used.

Client audio mapping can cause excessive load on servers and the network. The higher the audio quality, the more bandwidth is required to transfer the audio data. Higher-quality audio also uses more server CPU to process.

You configure client audio mapping using policies. For more information, see the Citrix Virtual Apps and Desktops documentation.

Enabling UDP audio

UDP audio can improve the quality of phone calls made over the Internet. It uses User Datagram Protocol (UDP) instead of TCP.

Starting with Version 2109, Citrix Workspace app supports Adaptive audio. With adaptive audio, you don’t need to manually configure the audio quality policies on the VDA. Adaptive audio optimizes settings for your environment and replaces obsolete audio compression formats to provide an excellent user experience. Adaptive audio is enabled by default. For more information, see Adaptive audio.

Starting with Version 2112, Citrix Workspace app supports Datagram Transport Layer Security (DTLS) protocol for UDP audio. As a result, you can access the UDP audio through Citrix Gateway. By default, this feature is disabled.

Starting with version 2202, the enhancement to support UDP audio through Citrix Gateway is generally available for Citrix Workspace app.

To enable UDP audio:

  1. Set the following options in the [ClientAudio] section of module.ini:
    • Set EnableUDPAudio to True. By default, this value is set to False, which disables UDP audio.
    • Specify the minimum and maximum port numbers for UDP audio traffic using UDPAudioPortLow and UDPAudioPortHigh respectively. By default, ports 16500–16509 are used.
  2. By default, adaptive audio is enabled on the VDA and supports UDP audio. If you have disabled adaptive audio, set client and server audio settings as follows to support UDP audio. As a result, the resultant audio is of a medium quality (that is, not high or low).
    Audio quality on client Audio quality on client Audio quality on client
    High Medium Low
Audio quality on server High High Medium Low
Audio quality on server Medium Medium Medium Low
Audio quality on server Low Low Low Low

To enable UDP audio through Citrix Gateway:

  1. Navigate to the <ICAROOT>/config folder and open the module.ini file.
  2. Go to the [WFClient] section and set the following entry:

    EnableUDPThroughGateway=True

  3. Go to the [ClientAudio] section and set the following entry:

    EnableUDPAudio=True

Note:

If you use the StoreFront default.ica configuration, the value of EnableUDPThroughGateway set in the [Application] section takes precedence over the value set in the module.ini file. However, you can set the EnableUDPAudio value in the [ClientAudio] section only using the module.ini file. Also, it does not take precedence over the value set in the StoreFront default.ica configuration.

Limitations:

  • UDP audio isn’t available in encrypted sessions (that is, those using TLS or ICA Encryption). In such sessions, audio transmission uses TCP.
  • The ICA channel priority can affect UDP audio.

UDP on the client

  1. Navigate to the $ICAROOT/config/module.ini file.
  2. Set the following under the [ClientAudio] section:

    EnableUDPAudio=True

    UDPAudioPortLow=int

    UDPAudioPortHigh=int

  3. Set the following under the [WFClient] section:

    EnableUDPThroughGateway=True

  4. Navigate to the $HOME/.ICAClient/wfclient.ini file.
  5. Set the following under the [WFClient] section:

    AllowAudioInput=True

    EnableAudioInput=true

    AudioBandWidthLimit=1

    Notes:

    • The values set for the AllowAudioInput, EnableAudioInput, and AudioBandWidthLimit attributes in the [WFClient] section are applicable to both UDP audio and TCP audio.
    • If the .ICAClient folder isn’t found (occurs only in first-time installation and launching) launch the Citrix Workspace app and close. This action creates the .ICAClient folder.
    • When the AudioBandWidthLimit is set to 1, the audio quality on the client is medium.
  6. Set the following policies on the Domain Delivery Controller (DDC):

    • Set “Windows Media redirection” to “Prohibited”.
    • Set “Audio over UDP” to “Allowed”.
    • Set “Audio over UDP real-time transport” to “Enabled.
    • Set “Audio quality” to “Medium”.

Changing how Citrix Workspace app is used

ICA technology is highly optimized and typically does not have high CPU and bandwidth requirements. However, if you’re using a very low-bandwidth connection, consider the following to preserve performance:

  • Avoid accessing large files using client drive mapping. When you access a large file with client drive mapping, the file is transferred over the server connection. On slow connections, this file transfer might take a long time.
  • Avoid printing large documents on local printers. When you print a document on a local printer, the print file is transferred over the server connection. On slow connections, this file transfer might take a long time.
  • Avoid playing multimedia content. Playing multimedia content uses many bandwidths and can cause reduced performance.

Enabling audio input

To enable input for audio:

  1. Navigate to the <ICAROOT>/config folder and open the wfclient.ini file.
  2. Go to the [WFClient] section and set the following entry:

    AllowAudioInput=True

Note:

The value set for the AllowAudioInput attribute applies to both the UDP audio and TCP audio.

USB

USB support enables users to interact with a wide range of USB devices when connected to a virtual desktop. Users can plug USB devices into their computers and the devices are redirected to their virtual desktop. USB devices available for remoting include flash drives, smartphones, PDAs, printers, scanners, MP3 players, security devices, and tablets.

USB redirection requires either Citrix Virtual Apps and Desktops 7.6 or later. Citrix Virtual Apps and Desktops and Citrix DaaS do not support USB redirection of mass storage devices and requires special configuration to support audio devices. For more information, see Citrix Virtual Apps 7.6 documentation for details.

Isochronous features in USB devices such as webcams, microphones, speakers, and headsets are supported in typical low latency or high speed LAN environments. But usually the standard audio or webcam redirection are more suitable.

The following types of device are supported directly in a virtual apps and desktops session, and so do not use USB support:

  • Keyboards
  • Mice
  • Smart cards
  • Headsets
  • Webcams

Note:

Specialist USB devices (for example, Bloomberg keyboards and 3D mice) can be configured to use USB support. For information on configuring policy rules for other specialist USB devices, see CTX119722.

By default, certain types of USB devices aren’t supported for remoting through Citrix Virtual Apps and Desktops or Citrix DaaS. For example, a user might have a NIC attached to the system board by internal USB. Remoting this NIC wouldn’t be appropriate. By default, the following types of USB device aren’t supported for use in the virtual apps and desktops:

  • Bluetooth dongles
  • Integrated NICs
  • USB hubs

To update the default list of USB devices available for remoting, edit the usb.conf file in the $ICAROOT/ folder. For more information, see the Update the list of USB devices available for remoting section.

To allow the remoting of USB devices to virtual desktops, enable the USB policy rule. For more information, see the Citrix Virtual Apps and Desktops documentation.

How USB support works

When a user plugs in a USB device, it’s checked against the USB policy, and, if allowed, redirected to the virtual desktop. If the default policy denies the device, it’s available only to the local desktop.

For desktops accessed through desktop appliance mode, when a user plugs in a USB device, that device is automatically redirected to the virtual desktop. The virtual desktop controls the USB device and displays it in the user interface.

The session window must have focus when the user plugs in the USB device for redirection to occur, unless desktop appliance mode is in use.

Mass storage devices

If a user disconnects from a virtual desktop when a USB mass storage device is still plugged in to the local desktop, that device isn’t redirected to the virtual desktop when the user reconnects. To verify that the mass storage device is redirected to the virtual desktop, the user must remove and reinsert the device after reconnecting.

Note:

If you insert a mass storage device into a Linux workstation that has been configured to deny remote support for USB mass storage devices, Citrix Workspace app does not accept the device. And a separate Linux file browser might open. So, Citrix recommends that you pre-configure user devices with the Browse removable media when inserted setting cleared by default. On Debian-based devices, do this using the Debian menu bar by selecting Desktop > Preferences > Removable Drives and Media. And on the Storage tab, under Removable Storage, clear the Browse removable media when inserted check box.

For the Client USB device redirection, note the following points.

Notes:

  • If the Client USB device redirection server policy is turned on, the mass storage devices are directed as USB devices even if client drive mapping is turned on.
  • The app does not support composite device redirection for USB devices.

USB classes

The default USB policy rules allow the following classes of USB device:

  • Audio (Class 01)

    Includes microphones, speakers, headsets, and MIDI controllers.

  • Physical Interface (Class 05)

    These devices are similar to HIDs, but generally provide real-time input or feedback and include force feedback joysticks, motion platforms, and force feedback exoskeletons.

  • Still Imaging (Class 06)

    Includes digital cameras and scanners. Digital cameras support the still imaging class that uses the Picture Transfer Protocol (PTP) or Media Transfer Protocol (MTP) to transfer images to a computer or other peripheral. Cameras might also appear as mass storage devices. And it might be possible to configure a camera to use either class, through the setup menus provided by the camera itself.

    If a camera appears as a mass storage device, client drive mapping is used, and USB support isn’t required.

  • Printers (Class 07)

    In general most printers are included in this class, although some use vendor-specific protocols (class ff). Multi-function printers might have an internal hub or be composite devices. In both cases, the printing element generally uses the Printers class and the scanning or fax element uses another class; for example, Still Imaging.

    Printers normally work appropriately without USB support.

  • Mass Storage (Class 08)

    The most common mass storage devices are USB flash drives; others include USB-attached hard drives, CD/DVD drives, and SD/MMC card readers. There’s a wide variety of devices having internal storage which also presents a mass storage interface; these include media players, digital cameras, and mobile phones. Known subclasses include:

  • 01 Limited flash devices
  • 02 Typically CD/DVD devices (ATAPI/MMC-2)
  • 03 Typically tape devices (QIC-157)
  • 04 Typically floppy disk drives (UFI)
  • 05 Typically floppy disk drives (SFF-8070i)
  • 06 Most mass storage devices use this variant of SCSI

    Mass storage devices can often be accessed through client drive mapping, and so USB support isn’t required.

    Important: Some viruses are known to propagate actively using all types of mass storage. Consider carefully whether there’s a business requirement to allow the use of mass storage devices, either through client drive mapping, or USB support. To reduce this risk, the server might be configured to prevent files being run-through client drive mapping.

  • Content Security (Class 0d)

    Content security devices enforce content protection, typically for licensing or digital rights management. This class includes dongles.

  • Personal Healthcare (Class 0f)

    These devices include personal healthcare devices such as blood pressure sensors, heart rate monitors, pedometers, pill monitors, and spirometers.

  • Application and Vendor Specific (Classes fe and ff)

    Many devices use vendor-specific protocols or protocols not standardized by the USB consortium, and these devices usually appear as vendor-specific (class ff).

USB device classes

The default USB policy rules deny the following classes of USB devices:

  • Communications and CDC Control (Classes 02 and 0a)

    Includes modems, ISDN adapters, network adapters, and some telephones and fax machines.

    The default USB policy does not allow these devices, because one of them might be providing the connection to the virtual desktop itself.

  • Human Interface Devices (Class 03)

    Includes a wide variety of both input and output devices. Typical Human Interface Devices (HIDs) are keyboards, mice, pointing devices, graphic tablets, sensors, game controllers, buttons, and control functions.

    Subclass 01 is known as the boot interface class and is used for keyboards and mice.

    The default USB policy does not allow USB keyboards (class 03, subclass 01, protocol 1), or USB mice (class 03, subclass 01, protocol 2). This setting is because most keyboards and mice are handled appropriately without USB support. And it’s normally necessary to use these devices locally as well remotely when connecting to a virtual desktop.

  • USB Hubs (Class 09)

    USB Hubs allow extra devices to be connected to the local computer. It isn’t necessary to access these devices remotely.

  • Smart card (Class 0b)

    Smart card readers include contactless and contact smart card readers, and also USB tokens with an embedded smart card equivalent chip.

    Smart card readers are accessed using smart card remoting and do not require USB support.

  • Video (Class 0e)

    The video class covers devices that are used to manipulate video or video-related material, such as webcams, digital camcorders, analog video converters, some television tuners, and some digital cameras that support video streaming.

    By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression.

  • Wireless Controllers (Class e0)

    Includes a wide variety of wireless controllers, such as ultrawide band controllers and Bluetooth.

    Some of these devices might be providing critical network access, or connecting critical peripherals such as Bluetooth keyboards or mice.

    The default USB policy does not allow these devices. However, there might be particular devices it’s appropriate to provide access to using USB support.

List of USB devices

You can update the range of USB devices available for remoting to desktops. To update the range, edit the list of default rules in the usb.conf file on the user device in $ICAROOT/.

You update the list by adding new policy rules to allow or deny USB devices not included in the default range. Rules created by an administrator in this way control which devices are offered to the server. The rules on the server control which of these devices to be accepted.

The default policy configuration for disallowed devices is:

DENY: class=09 # Hub devices

DENY: class=03 subclass=01 # HID Boot device (keyboards and mice)

DENY: class=0b # Smartcard

DENY: class=e0 # Wireless Controllers

DENY: class=02 # Communications and CDC Control

DENY: class=03 # UVC (webcam)

DENY: class=0a # CDC Data

ALLOW: # Ultimate fallback: allow everything else

USB policy rules

Tip: When creating policy rules, see the USB Class Codes, available from the USB website at http://www.usb.org/. Policy rules in the usb.conf file on the user device take the format {ALLOW:|DENY:} followed by a set of expressions based on values for the following tags:

Tag Description
VID Vendor ID from the device descriptor
REL Release ID from the device descriptor
PID Product ID from the device descriptor
Class Class from either the device descriptor or an interface descriptor
SubClass SubClass from either the device descriptor or an interface descriptor
Prot Protocol from either the device descriptor or an interface descriptor

When creating policy rules, be aware of the following:

  • Rules are case-insensitive.
  • Rules might have an optional comment at the end, introduced by “#.” A delimiter isn’t required and the comment is ignored for matching purposes.
  • Blank and pure comment lines are ignored.
  • Whitespace used as a separator is ignored, but can’t appear in the middle of a number or identifier. For example, Deny: Class=08 SubClass=05 is a valid rule; Deny: Class=0 8 Sub Class=05 isn’t.
  • Tags must use the matching operator “=.” For example, VID=1230.

Example

The following example shows a section of the usb.conf file on the user device. For these rules to be implemented, the same set of rules must exist on the server.

ALLOW: VID=1230 PID=0007 \# ANOther Industries, ANOther Flash Drive

DENY: Class=08 SubClass=05 \# Mass Storage Devices

DENY: Class=0D \# All Security Devices

Start-up modes

Using desktop appliance mode, you can change how a virtual desktop handles previously attached USB devices. In the WfClient section of the $ICAROOT/config/module.ini file on each user device, set DesktopApplianceMode = Boolean as follows.

   
TRUE Any USB devices that are already plugged in start-up provided the device is not disallowed with a Deny rule in the USB policies on either the server (registry entry) or the user device (policy rules configuration file).
FALSE No USB devices start up.

Webcams

By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression. In some circumstances, however, you might require users to connect webcams using USB support. To connect webcams using USB support, disable HDX RealTime Webcam Video Compression.

Webcam redirection

Following are a few points on webcam redirection:

  • Webcam redirection is compatible with and without RTME.

  • Webcam redirection works for 32-bit and 64-bit applications. For example, Skype, GoToMeeting. Use a 32-bit browser or 64-bit browser to verify webcam redirection online. For example, www.webcamtests.com

  • Webcam usage is exclusive to applications. For example, when Skype is running with a webcam and you launch GoToMeeting, exit Skype to use the webcam with GoToMeeting.

Webcam redirection for 64-bit apps (Technical Preview)

Starting with the 2111 release, webcam redirection is supported for 64-bit applications.

System requirements

  • GStreamer framework version 0.1.x or 1.x depending on the current version installed in the system.
  • ICAClient version greater than 2106 in case it is using GStreamer 1.x
  • Gstreamer version and plug-ins:
    • gstreamer1.0-plugins-base
    • gstreamer1.0-plugins-bad
    • gstreamer1.0-plugins-good
    • gstreamer1.0-plugins-ugly
    • gstreamer1.0-vaapi plugin and libva library
    • x264 library

Note:

The version of the GStreamer plug-in must be consistent with the version of the GStreamer framework. For example, if you install the Gstreamer1.2.4, the version of all Gstreamer1.x plug-ins must be 1.2.4.

Webcam redirection configuration

Do the following steps to activate and configure webcam redirection feature for 64-bit apps on Citrix Workspace app for Linux.

Step 1: Verify the ICAClient configuration

Set the AllowAudioInput value to True to enable the webcam redirection feature. By default, this value is set to True during the installation of ICAClient.

If the AllowAudioInput value is set to False, do the following to enable the webcam redirection feature:

  1. Navigate to $HOME/.ICAClient/wfclient.ini path.
  2. Set the AllowAudioInput value to True.

    AllowAudioInput=True

Step 2: Verify the Theora encoder configuration

After you have successfully installed the ICAClient and the AllowAudioInput value is set to True, by default the Theora encoder is configured. This encoder is a software-based encoder with acceptable performance. However, this encoder supports only 32-bit apps on a VDA.

Do the following to verify that the Theora encoder supports 32-bit apps:

  1. Install Firefox 32-bit on a VDA.
  2. Access the webcam test site at https://webcamtests.com/

The Theora encoder does not support the webcam redirection feature for 64-bit apps on a VDA. Configure the H264 encoder option to support the webcam redirection feature for 64-bit apps on VDA.

Step 3: Configure H264 encoder

H264 encoder supports the webcam redirection feature for 64-bit apps on the VDA. To enable the H264 encoder, you must do the following:

  1. Navigate to $HOME/.ICAClient/wfclient.ini path.
  2. Set the HDXH264InputEnabled value to True.

    HDXH264InputEnabled=True

Do the following to verify that the H264 encoder supports 64-bit apps:

  1. Install Firefox 64-bit on a VDA.
  2. Access the webcam test site at https://webcamtests.com/.
Step 4: Verify system dependencies

After configuring the H264 encoder, if the webcam redirection feature does not support 64-bit apps on the VDA verify the system dependencies.

The webcam redirection feature for the 64-bit app is based on the GStreamer framework. The ICAClient uses GStreamer framework version 0.1.x or 1.x depending on the current version installed in your system.

Step 4.1: Verify ICAClient version

Verify whether the ICAClient version is greater than 2106 in case it is using GStreamer 1.x. Previous versions of ICAClient might fail.

Do the following steps to verify the ICAClient version is based on the GStreamer framework installed in your system:

  1. Open the terminal.
  2. Navigate to /opt/Citrix/ICAClient/util path.
  3. Run the following command:

    ls -alh
    <!--NeedCopy-->
    
  4. Verify whether the gst_read symlink is linked to gst_read1.0 or gst_read0.1. as shown in the following image:

    Image of gst_read symlink

You can also run the workspaceappcheck.sh script in the util directory and verify the output of the section referring to GStreamer dependencies.

Citrix recommends using the ICAClient version greater than or equal to 2106 and GStreamer 1.x.

Step 4.2: Verify Gstreamer version and plug-ins

Apart from the GStreamer 1.x framework, you must install the following required plug-ins:

  • Gstreamer1.0-plugins-base
  • Gstreamer1.0-plugins-bad
  • Gstreamer1.0-plugins-good
  • Gstreamer1.0-plugins-ugly
  • Gstreamer1.0-vaapi plugin
  • ibva library
  • x264 library

For more information to install the preceding plugins, see the GStreamer installation guide.

Note:

The version of the GStreamer plug-in must be consistent with the version of the GStreamer framework. For example, if you install Gstreamer1.2.4, the version of all Gstreamer1.x plug-ins must be 1.2.4.

Run the following command to check the current version of the GStreamer framework:

gst-inspect-1.0 --gst-version
<!--NeedCopy-->

For information about troubleshooting, see Webcam in the troubleshooting section.

Xcapture

The Citrix Workspace app package includes a helper application, xcapture. This application assists the exchange of graphical data between the server clipboard and non-ICCCM-compliant X Window applications on the X desktop. Users can use xcapture to:

  • Capture dialog boxes or screen areas and copy them between the user device desktop (including non-ICCCM-compliant applications) and an application running in a connection window
  • Copy graphics between a connection window and X graphics manipulation utilities xmag or xv

To start xcapture from the command line:

At the command prompt, type /opt/Citrix/ICAClient/util/xcapture and press ENTER (where /opt/Citrix/ICAClient is the directory in which you installed Citrix Workspace app).

To copy from the user device desktop:

  1. From the xcapture dialog box, click From Screen. The cursor changes to a crosshair.
  2. Choose from the following tasks:
    • Select a window. Move the cursor over the window that you want to copy and click the middle mouse button.
    • Select a region. Hold down the left mouse button and drag the cursor to select the area you want to copy.
    • Cancel the selection. Click the right mouse button. While dragging, you can cancel the selection by clicking the right button before releasing the middle or left mouse button.
  3. From the xcapture dialog box, click To ICA. The xcapture button changes color to show that it is processing the information.
  4. When the transfer is complete, use the appropriate paste command in an application launched from the connection window.

To copy from xv to an application in a connection window:

  1. From xv, copy the information.
  2. From the xcapture dialog box, click From XV and then click To ICA. The xcapture button changes color to show that it is processing the information.
  3. When the transfer is complete, use the appropriate paste command in an application launched from the connection window.

To copy from an application in the connection window to xv:

  1. From the application in a connection window, copy the information.
  2. From the xcapture dialog box, click From ICA and then click To XV. The xcapture button changes color to show that it is processing the information.
  3. When the transfer is complete, paste the information into xv.

Cursor

Support for cursor color inverting

Previously, the Citrix Workspace app displayed a dotted cursor that appeared the same in color to the black and white background of a text. As a result, it was difficult to locate the position of the cursor.

Starting with Version 2112, the cursor color inverts based on the background color of a text. As a result, you can easily locate the position of the cursor in the text. By default, this feature is disabled.

Prerequisites:

  • If .ICAClient is already present in the home folder of the current user:

    Delete All_Regions.ini file

    Or,

    To retain the All_Regions.ini file, add the following lines at the end of the [Virtual Channels\Thinwire Graphics] section:

    InvertCursorEnabled=

    InvertCursorRefreshRate=

    InvertCursorMode=

If the .ICAClient folder is not present then it indicates a fresh install of the Citrix Workspace app. In that case, the default setting for the feature is retained.

To enable this feature, do the following:

  1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.
  2. Go to [Thinwire3.0] section and set the following entry:

    InvertCursorEnabled=True

Note:

The cursor does not invert when the value for the Use video codec for compression policy in Citrix Studio is set to Do not use video codec.

Mouse

Relative Mouse

Relative Mouse support provides an option to interpret the mouse position in a relative rather than absolute manner. This capability is required for applications that demand relative mouse input rather than absolute.

Note:

This feature is available only in sessions running on Citrix Virtual Apps and Desktops 7.8 (or later) or Citrix DaaS. It’s disabled by default.

To enable the feature:

In the file $HOME/.ICAClient/wfclient.ini, in the section [WFClient], add the entry RelativeMouse=1.

This step enables the feature but keeps it inactive until you activate it. For more information on enabling relative mouse features, see Alternative Relative Mouse values section.

To activate the feature:

Type Ctrl/F12.

After the feature is enabled, type Ctrl/F12 again to synchronize the server pointer position with the client. The server and client pointer positions aren’t synchronized when using Relative Mouse.

To deactivate the feature:

Type Ctrl-Shift/F12.

The feature is also switched off when a session window loses focus.

Alternative Relative Mouse values

Alternatively, consider using the following values for RelativeMouse:

  • RelativeMouse=2 Enables the feature and activates it whenever a session window gains focus.
  • RelativeMouse=3 Enables, activates, and keeps the feature activated always.
  • RelativeMouse=4 Enables or disables the feature when the client-side mouse pointer is hidden or shown. This mode is suitable for automatically enabling or disabling the relative mouse for first-person gaming-style application interfaces.

To change the keyboard commands, add settings like:

  • RelativemouseOnChar=F11
  • RelativeMouseOnShift=Shift
  • RelativemouseOffChar=F11
  • RelativeMouseOffShift=Shift

The supported values for RelativemouseOnChar and RelativemouseOffChar are listed under [Hotkey Keys] in the config/module.ini file in the Citrix Workspace app installation tree. The values for RelativeMouseOnShift and RelativeMouseOffShift set the modifier keys to be used and are listed under the [Hotkey Shift States] heading.

Keyboard

Keyboard behavior

To generate a remote Ctrl+Alt+Delete key combination:

  1. Decide which key combination creates the Ctrl+Alt+Delete combination on the remote virtual desktop.
  2. In the WFClient section of the appropriate configuration file, configure UseCtrlAltEnd:
    • True means that Ctrl+Alt+End passes the Ctrl+Alt+Delete combination to the remote desktop.
    • False (default) means that Ctrl+Alt+Enter passes the Ctrl+Alt+Delete combination to the remote desktop.

Generic redirection

Configuring the Bloomberg v4 keyboard through Generic USB Redirection on the client side:

As a prerequisite, the policy must be enabled in the Domain Delivery Controller (DDC).

  1. Find the vid and pid of the Bloomberg keyboard. For example, in Debian and Ubuntu run the following command:

    lsusb

  2. Go to $ICAROOT and edit the usb.conf file.

  3. Add the following entry in the usb.conf file to allow the Bloomberg keyboard for USB redirection, and then save the file.

    ALLOW: vid=1188 pid=9545

  4. Restart the ctxusbd daemon on the client. For example, in Debian and Ubuntu run the following command:

    systemctl restart ctxusbd

  5. Launch a client session. Make sure that the session has focus while plugging in the Bloomberg v4 keyboard for redirection.

Selective redirection

This feature allows the use of the Bloomberg v4 keyboard interface across multiple sessions. This functionality provides flexibility to use the keyboard in all remote sessions except the fingerprint and audio interfaces. The fingerprint and audio interfaces are redirected to single sessions as before.

You can achieve Bloomberg keyboard redirection as follows:

  • through generic USB redirection

  • through generic USB redirection and with selective redirection support

Note:

By default, this feature is enabled for x86 and x64 platforms and is disabled for ARMHF platforms.

To enable the feature:

  1. Edit the BloombergRedirection section as follows in the config/All_Regions.ini file.

    BloombergRedirection=true

  2. Do all the steps mentioned in Generic redirection.

To disable the feature:

  1. Edit the BloombergRedirection section in the config/All_Regions.ini file.

  2. Set the BloombergRedirection value to false.

    BloombergRedirection=false

  3. Do all the steps mentioned in Generic redirection.

Note:

Setting the value to false reverts the functionality to the behavior present in earlier versions of the client, where all the interfaces are redirected to a single session.

Browser content redirection

Chromium Embedded Framework (CEF) for Browser Content Redirection

In releases earlier to Version 1912, BCR used a WebkitGTK+ based overlay to render the content. However, on thin clients, there were performance issues. Starting with Version 1912, BCR uses a CEF-based overlay. This functionality enriches the user experience for BCR. It helps offload network usage, page processing, and graphics rendering to the endpoint.

Starting with Version 2106, CEF-based browser content redirection is fully functional. The feature is enabled by default.

If needed, you can replace the libffmpeg.so file provided in the Workspace app package with a suitable libffmpeg.so file that has the required codecs, in the $ICAROOT/cef/libffmpeg.so path.

Note:

This feature isn’t supported on the ARMHF platform.

Enabling CEF-based BCR

To enable CEF-based BCR:

  1. Navigate to the $ICAROOT/config/All_Regions.ini file where, $ICAROOT is the default installation directory of Citrix Workspace app.
  2. Go to the [Client Engine\WebPageRedirection] section and set the following entry:

    UseCefBrowser=True

Known issues:

  • When you set the UseCefBrowser option to true in the ~/.ICAClient/All_Regions.ini, the Japanese, Chinese (Simplified), and Korean IME might not work in the input fields. Citrix Workspace app for Linux does not support the Japanese, Chinese (Simplified), and Korean IME when using Secure SaaS with Citrix Embedded Browser.

  • When you attempt to launch a webpage redirection using CEF-based BCR, you might receive an unknown certificate error. The issue occurs on Citrix Workspace app version 2106 and later. As a workaround, run the following command in the terminal to import the self-signed certificate into nssdb:

     certutil -A -n "badssl.cer" -t "C,," -d ~/.pki/nssdb -i ~/Downloads/badssl.cer
     <!--NeedCopy-->
    

    The arguments in the commands are:

    • -A - To add a certificate to the database.
    • -n - The name of the certificate. This argument is optional and can be used to add the nick name.
    • "badssl.cer" - The name of the certificate that is exported from the badssl.com site.
    • -t "C,," - -t is for TRUSTARGS and C is for CA certificate. For more information, see the Google documentation.
    • -d ~/.pki/nssdb - The location of the database.
    • -i - Denotes the input file. This argument is to add the location and name of the certificate file.

For information about BCR, see Browser content redirection in the Citrix Virtual Apps and Desktops documentation.

Automatic reconnection

This topic describes the HDX Broadcast auto-client reconnection feature. Citrix recommends that you use this feature with the HDX Broadcast session reliability feature.

Users can be disconnected from their sessions because of unreliable networks, highly variable network latency, or range limitations of wireless devices. With the HDX Broadcast auto-client reconnection feature, Citrix Workspace app for Linux can detect unintended disconnections of sessions and reconnect users to the affected sessions automatically.

When this feature is enabled on the server, users do not have to reconnect manually to continue working. Citrix Workspace attempts to reconnect to the session a set number of times until there is a successful reconnection or the user cancels the reconnection attempts. If user authentication is required, a dialog box requesting credentials appears to a user during automatic reconnection. Automatic reconnection does not occur if users exit applications without logging off. Users can reconnect only to disconnected sessions.

By default, Citrix Workspace app for Linux waits 30 seconds before attempting to reconnect to a disconnected session and attempts to reconnect to that session three times.

When connecting through an AccessGateway, ACR is not available. To protect against network dropouts, ensure that Session Reliability is enabled on the server, client, and configured on the AccessGateway.

For instructions on configuring HDX Broadcast auto-client reconnection, see your Citrix Virtual Apps and Desktops documentation.

Session reliability

This topic describes the HDX Broadcast session reliability feature, which is enabled by default.

With HDX Broadcast session reliability, users continue to see a published application’s window if the connection to the application experiences an interruption. For example, wireless users enter in a tunnel might lose their connection when they enter the tunnel and regain it when they emerge on the other side. During the downtime, all of the user’s data, key presses, and other interactions are stored, and the application appears frozen. When the connection is re-established, these interactions are replayed into the application.

You can now see screen changes when the session reliability begins. With this enhancement, the session window is grayed out and a countdown timer displays the time until the next reconnection attempt occurs. Session reliability

Tip

You can alter the grayscale brightness used for an inactive session using the Reconnection UI transparency level policy. By default, this value is set to 80. The maximum value can’t exceed 100 (indicates a transparent window) and the minimum value can be set to 0 (a fully blacked out screen).

When a session successfully reconnects, the countdown notification message disappears. You can interact with the desktop as usual.

Starting with the 2109 version, the session reliability notification is enabled by default.

To disable this enhancement:

  1. Navigate to the /opt/Citrix/ICAClient/config/module.ini configuration file.
  2. In the [WFClient] section, modify the following setting:

SRNotification=False

Note:

This feature is supported only for Citrix Virtual Desktops.

When auto-client reconnection and session reliability are configured, session reliability takes precedence if there is a connection problem. Session reliability attempts to re-establish a connection to the existing session. It might take up to 25 seconds to detect a connection problem. And then takes a configurable period (the default is 180 seconds) to attempt the reconnection. If session reliability fails to reconnect, then auto-client reconnect attempts to reconnect.

If HDX Broadcast session reliability is enabled, the default port used for session communication switches from 1494 to 2598.

Citrix Workspace users cannot override the server settings.

Important:

HDX Broadcast session reliability requires that another feature, the Common Gateway Protocol, is enabled (using policy settings) on the server. Disabling the Common Gateway Protocol also disables HDX Broadcast session reliability.

Using session reliability policies

The session reliability connections policy setting enables session reliability.

The session reliability timeout policy setting has a default of 180 seconds, or three minutes. If needed, you can extend the time session reliability keeps a session open. It does not prompt you for reauthentication.

Tip

As you extend the amount of time a session is kept open, you might get distracted and walk away from your device. This situation potentially leaves the session accessible to unauthorized users.

Incoming session reliability connections use port 2598, unless you change the port number defined in the session reliability port number policy setting.

For information on configuring session reliability policies, see Session reliability policy settings.

Note:

Session reliability is enabled by default at the server. To disable this feature, configure the policy managed by the server.

Multimedia performance

The Citrix Workspace app includes a broad set of technologies that provide a high-definition user experience for today’s media-rich user environments. These technologies improve the user experience when connecting to hosted applications and desktops, as follows:

Note:

Citrix supports RTOP coexistence with Citrix Workspace app for Linux Version 1901 and later with GStreamer 0.1.

HDX MediaStream Windows Media Redirection

HDX MediaStream Windows Media Redirection overcomes the need for the high bandwidths required to provide multimedia capture and playback on virtual Windows desktops accessed from Linux user devices. Windows Media Redirection provides a mechanism for playing the media run-time files on the user device rather than on the server. As a result, reduces the bandwidth requirements for playing multimedia files.

Windows Media Redirection improves the performance of Windows Media Player and compatible players running on virtual Windows desktops. A wide range of file formats are supported, including:

  • Advanced Systems Format (ASF)
  • Motion Picture Experts Group (MPEG)
  • Audio-Video Interleaved (AVI)
  • MPEG Audio Layer-3 (MP3)
  • WAV sound files

Citrix Workspace app includes a text-based translation table, MediaStreamingConfig.tbl, for translating Windows-specific media format GUIDs into MIME types GStreamer can use. You can update the translation table to do the following:

  • Add previously unknown or unsupported media filters/file formats to the translation table
  • Block problematic GUIDs to force fall-back to server-side rendering.
  • Add more parameters to existing MIME strings to allow for troubleshooting of problematic formats by changing a stream’s GStreamer parameters
  • Manage and deploy custom configurations that depend on the media file types supported by GStreamer on a user device.

With client-side fetching, you can also allow the user device to stream media directly from the URLs of the form <http://>, <mms://>, or <rtsp://> rather than streaming the media through a Citrix server. The server is responsible for directing the user device to the media, and for sending control commands (including Play, Pause, Stop, Volume, Seek). But the server does not handle any media data. This feature requires advanced multimedia GStreamer libraries on the device.

To implement HDX MediaStream Windows Media Redirection:

  1. Install GStreamer 0.10, an open-source multimedia framework, on each user device that requires it. Typically, you install GStreamer before you install Citrix Workspace app to allow the installation process to configure Citrix Workspace app to use it.

    Most Linux distributions include GStreamer. Alternatively, you can download GStreamer from http://gstreamer.freedesktop.org.

  2. To enable client-side fetching, install the required GStreamer protocol source plugins for the file types that users play on the device. You can verify that a plug-in is installed and operational using the gst-launch utility. If gst-launch can play the URL, the required plug-in is operational. For example, run gst-launch-0.10 playbin2 uri=<http://example-source/file.wmv> and check that the video plays correctly.

  3. When installing Citrix Workspace app on the device, select the GStreamer option if you’re using the tarball script (this step is done automatically for the .deb and .rpm packages).

Note about the client-side fetching feature:

  • By default, this feature is enabled. You can disable it using the SpeedScreenMMACSFEnabled option in the Multimedia section of All-Regions.ini. With this option set to False, Windows Media Redirection is used for media processing.
  • By default, all MediaStream features use the GStreamer playbin2 protocol. You can revert to the earlier playbin protocol for all MediaStream features except Client-Side Fetching. The Client-Side Fetching feature continues to use playbin2, using the SpeedScreenMMAEnablePlaybin2 option in the Multimedia section of the All-Regions.ini file.
  • Citrix Workspace app does not recognize playlist files or stream configuration information files such as .asx or .nsc files. If possible, users must specify a standard URL that does not reference these file types. Use gst-launch to verify that a given URL is valid.

Note about GStreamer 1.0:

  • By default, GStreamer 0.10 is used for HDX MediaStream Windows Media redirection. GStreamer 1.0 is used only when GStreamer 0.10 is not available.
  • If you want to use GStreamer 1.0, use the following instructions:
  1. Find the install directory of the GStreamer plug-ins. Depending on your distribution, the OS architecture, and the way you install GStreamer, the installation location of the plug-ins varies. The typical installation path is /usr/lib/x86_64-linux-gnu/gstreamer-1.0 or $HOME/ .local/share/gstreamer-1.0.
  2. Find the install directory of Citrix Workspace app for Linux. The default directory for privileged (root) user installations is /opt/Citrix/ICAClient. The default directory for non-privileged user installations is $HOME/ICAClient/platform (where the platform can be linuxx64, for example). For more information, see Install and set up.
  3. Install libgstflatstm1.0.so by making a symbolic link in the GStreamer plug-ins directory: ln -sf $ICACLIENT_DIR/util/libgstflatstm1.0.so $GST_PLUGINS_PATH/libgstflatstm1.0.so. This step might require elevated permissions, with sudo, for example.
  4. Use gst_play1.0 as the player: ln -sf $ICACLIENT_DIR/util/gst_play1.0 $ICACLIENT_DIR/util/gst_play. This step might require elevated permissions, with sudo, for example.
  • If you want to use GStreamer 1.0 in HDX RealTime Webcam Video Compression, use gst_read1.0 as the reader: ln -sf $ICACLIENT_DIR/util/gst_read1.0 $ICACLIENT_DIR/util/gst_read.

Enabling GStreamer 1.x

In releases earlier to 1912, GStreamer 0.10 was the default version supported for multimedia redirection. Starting with the 1912 release, you can configure GStreamer 1.x as the default version.

Limitations:

  • When you play a video, the backward and forward seek might not work as expected.
  • When you launch the Citrix Workspace app on ARMHF devices, GStreamer 1.x might not work as expected.
To install GStreamer 1.x

Install the GStreamer 1.x framework and the following plug-ins from https://gstreamer.freedesktop.org/documentation/installing/on-linux.html:

  • Gstreamer-plugins-base
  • Gstreamer-plugins-bad
  • Gstreamer-plugins-good
  • Gstreamer-plugins-ugly
  • Gstreamer-libav
To build binaries locally

On some Linux OS distributions, for example, SUSE and openSUSE, the system might not find the GStreamer packages in the default source list. In this case, download the source code and build all binaries locally:

  1. Download the source code from https://gstreamer.freedesktop.org/src/.
  2. Extract the contents.
  3. Navigate to the directory where the unzipped package is available.
  4. Run the following commands:

    $sudo ./configure
    $sudo make
    $sudo make install
    <!--NeedCopy-->
    

By default, the generated binaries are available at /usr/local/lib/gstreamer-1.0/.

For information about troubleshooting, see Knowledge Center article CTX224988.

To configure GStreamer 1.x

To configure GStreamer 1.x for use with Citrix Workspace app, apply the following configuration using the shell prompt:

  • $ln -sf $ICACLIENT_DIR/util/libgstflatstm1.0.so $GST_PLUGINS_PATH/libgstflatstm1.0.so.
  • $ln -sf $ICACLIENT_DIR/util/gst_play1.0 $ICACLIENT_DIR/util/gst_play

Where,

  • ICACLIENT_DIR - The installation path of Citrix Workspace app for Linux.
  • GST_PLUGINS_PATH - The plug-in path of GStreamer. For example, on a 64-bit Debian machine it is /usr/lib/x86_64-linux-gnu/gstreamer-1.0/.

Limitations:

  • In releases earlier to Version 2106, the webcam redirection might fail and the session might get disconnected when using GStreamer version 1.15.1 or later.

HDX MediaStream Flash Redirection

HDX MediaStream Flash Redirection enables Adobe Flash content to play locally on user devices, providing users with high definition audio and video playback, without increasing bandwidth requirements.

  1. Verify that your user device meets the feature requirements. For more information, see System requirements.

  2. Add the following parameters to the [WFClient] section of wfclient.ini (for all connections made by a specific user) or to the [Client Engine\Application Launching] section of All\_Regions.ini (for all users of your environment):

    • HDXFlashUseFlashRemoting=Ask: Never; Always

      Enables HDX MediaStream for Flash on the user device. By default, this value is set to Never. Also, users are presented with a dialog box asking them if they want to optimize Flash content when connecting to webpages containing that content.

    • HDXFlashEnableServerSideContentFetching=Disabled; Enabled

      Enables or disables server-side content fetching for Citrix Workspace app. By default this value is set to Disabled.

    • HDXFlashUseServerHttpCookie=Disabled; Enabled

      Enables or disables HTTP cookie redirection. By default, this value is set to Disabled.

    • HDXFlashEnableClientSideCaching=Disabled; Enabled

      Enables or disables client-side caching for web content fetched by Citrix Workspace app. By default, this value is set to Enabled.

    • HDXFlashClientCacheSize= [25-250]

      Defines the size of the client-side cache, in MB. This value can be any size between 25 MB and 250 MB. When the size limit is reached, existing content in the cache is deleted to allow storage of new content. By default, this value is set to 100.

    • HDXFlashServerSideContentCacheType=Persistent: Temporary; NoCaching

      Defines the type of caching used by Citrix Workspace app for content fetched using server-side content fetching. By default, this value is set to Persistent.

      Note: This parameter is required only if HDXFlashEnableServerSideContentFetching is set to Enabled.

  3. Flash redirection is disabled by default. In /config/module.ini change FlashV2=Off to FlashV2=On to enable the feature.

HDX RealTime webcam video compression

HDX RealTime provides a webcam video compression option to improve bandwidth efficiency during video conferencing. This option ensures users experience optimal performance when using applications such as GoToMeeting with HDFaces, Skype for Business.

  1. Verify that your user device meets the feature requirements.
  2. Verify that the Multimedia virtual channel is enabled. To enable it, open the $ICAROOT/config/module.ini file, and check that MultiMedia in the [ICA3.0] section is set to On.
  3. Enable audio input by clicking the Use my microphone and webcam on the Mic & Webcam page of the Preferences dialog.

Disable HDX RealTime webcam video compression

By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression. In some circumstances, however, you might require users to connect webcams using USB support. To do this connection, you must do the following:

  • Disable HDX RealTime Webcam Video Compression
  • Enable USB support for webcams
  1. Add the following parameter to the [WFClient] section of the appropriate .ini file:

    AllowAudioInput=False

    For more information, see default settings.

  2. Open the usb.conf file, typically available at $ICAROOT/usb.conf.

  3. Remove or comment out the following line:

    DENY: class=0e # UVC (default via HDX RealTime Webcam Video Compression)

  4. Save and close the file.

Secure SaaS with Citrix Embedded Browser experimental feature

Secure access to SaaS applications provides a unified user experience that delivers published SaaS applications to the users. SaaS apps are available with single sign-on. Administrators can now protect the organization’s network and end-user devices from malware and data leaks. For this protection, you can filter access to specific websites and website categories.

Citrix Workspace app for Linux support the use of SaaS apps using the Access Control Service. The service enables administrators to provide a cohesive experience, integrating single sign-on, and content inspection.

Prerequisite:

Verify that the libgtkglext1 package is available.

Delivering SaaS apps from the cloud has the following benefits:

  • Simple configuration – Easy to operate, update, and consume.
  • Single sign-on – Hassle-free log on with single sign-on.
  • Standard template for different apps – Template-based configuration of popular apps.

Note:

SaaS with Citrix Browser Engine is supported only on x64 and x86 platforms and not on ArmHardFloatPort (ARMHF)) hardware.

For information on how to configure SaaS apps using Access Control Services, see the Access Control documentation.

For more information about SaaS apps with Citrix Workspace app, see Workspace configuration in Citrix Workspace app for Windows documentation.

H.264

Citrix Workspace app supports the display of H.264 graphics, including HDX 3D Pro graphics, that the Citrix Virtual Apps and Desktops 7 serves. This support uses the deep compression codec feature, which is enabled by default. The feature provides better performance of rich and professional graphics applications on WAN networks compared with the existing JPEG codec.

Follow the instructions in this topic to disable the feature (and process graphics using the JPEG codec instead). You can also disable text tracking while still enabling deep compression codec support. This setting helps to reduce CPU costs while processing graphics that include complex images but relatively small amounts of text or non-critical text.

Important:

To configure this feature, do not use any lossless setting in the Citrix Virtual Apps and Desktops or Citrix DaaS Visual quality policy. If you do, H.264 encoding is disabled on the server and does not work in Citrix Workspace app.

To disable deep compression codec support:

In the wfclient.ini file, set H264Enabled to False. This setting also disables text tracking.

To disable text tracking only:

With deep compression codec support enabled, in the wfclient.ini file set TextTrackingEnabled to False.

Screen tiles

You can improve the way that JPEG-encoded screen tiles are processed using the direct-to-screen bitmap decoding, batch tile decoding, and deferred XSync features.

  1. Verify that your JPEG library supports these features.

  2. In the Thinwire3.0 section of wfclient.ini, set DirectDecode and BatchDecode to True.

    Note: Enabling batch tile decoding also enables deferred XSync.

Logging

In earlier versions, the debug.ini and module.ini files were used to configure logging.

As of version 2009, you can configure logging using one of the following methods:

  • Command-line interface
  • GUI

Also as of Version 2009, the debug.ini configuration file is removed from the Citrix Workspace app installer package.

Logging captures the Citrix Workspace app deployment details, configuration changes, and administrative activities to a logging database. A third-party developer can apply this logging mechanism by using the logging SDK, which is bundled as part of the Citrix Workspace app Platform Optimization SDK.

You can use the log information to:

  • Diagnose and troubleshoot issues that occur after any changes. The log provides a breadcrumb trail.
  • Assist change management and track configurations.
  • Report administration activities.

If Citrix Workspace app is installed with root user privileges, the logs are stored in the /var/log/citrix/ICAClient.log. Otherwise, the logs are stored in ${HOME}/.ICAClient/logs/ICAClient.log.

When Citrix Workspace app is installed, a user called citrixlog is created to handle the logging functionality.

Command-line interface

  1. At the command prompt, navigate to the /opt/Citrix/ICAClient/util path.
  2. Run the following command to set the log preferences.

    ./setlog help

All the available commands are displayed.

The following table lists various modules and their corresponding trace class values. Use the following table for a specific command-line log value set:

Module Log class
Assertions LOG_ASSERT
Audio Monitor TC_CM
BCR with CEF TC_CEFBCR
Client Audio Mapping TC_CAM
Connection Center TC_CONNCENTER
Client Communication Port TC_CCM
Client Drive Mapping TC_CDM
Clip TC_CLIP
Client Printer Mapping TC_CPM
Client Printer Mapping TC_CPM
Font TC_FONT
Frame TC_FRAME
Graphics Abstraction TC_GA
Input Method Editor TC_IME
IPC TC_IPC
Keyboard Mapping TC_KEY
Licensing Driver TC_VDLIC
Multimedia TC_MMVD`
Mouse Mapping TC_MOU
MS Teams TC_MTOP
Other Libraries TC_LIB
Protocol Driver TC_PD
PNA Store TC_PN
Standard Event Logs LOG_CLASS
SRCC TC_SRCC
SSPI Login TC_CSM
Smart Card TC_SCARDVD
Selfservice TC_SS
Selfservice Extension TC_SSEXT
StorefrontLib TC_STF
Transport Driver TC_TD
Thinwire TC_TW
Transparent Window Interface TC_TUI
Virtual Channel TC_VD
PAL TC_VP
UI TC_UI
UIDialogLibWebKit3 TC_UIDW3
UIDialogLibWebKit3_ext TC_UIDW3E
USB Daemon TC_CTXUSB
Video Frame Driver TC_VFM
Web kit TC_WEBKIT
WinStation Driver TC_WD
Wfica TC_NCS
Wfica Engine TC_WENG
Wfica Shell TC_WFSHELL
Web helper TC_WH
Zero Latency TC_ZLC

GUI

Go to Menu > Preferences. The Citrix Workspace-Preferences dialog appears. Preferences dialog

At increasing levels of tracing detail, the following values are available:

  • Disabled
  • Only Error
  • Normal
  • Verbose

By default, the Logging option is set to Only Error.

Due to the large amount of data that can be generated, tracing might significantly impact the performance of Citrix Workspace app. The Verbose level is recommended only if necessary for troubleshooting.

Click Save and Close after you select the desired logging level. The changes are applied in the session dynamically.

Click the settings icon next to the Logging option drop-down menu. The Citrix Log Preferences dialog appears. Log Preferences dialog

Note:

If you delete the ICAClient.log file, you must restart the logging service ctxlogd.

For example, if you are on a systemd-capable setup, run the following command:

systemctl restart ctxlogd.

Enabling logging on Version 2006 and earlier:

If you are on Version 2006 and earlier, enable the logging using the following procedure:

  1. Download and install Citrix Workspace app on your Linux machine.
  2. Set the ICAROOT environment variable to the installation location.

    For example, /opt/Citrix/ICAClient.

    By default, the TC_ALL trace class is enabled to provide all the traces.

  3. To collect logs for a particular module, open the debug.ini file at $ICAROOT and add the required trace parameters to the [wfica] section.

    Add the trace classes with a “+” symbol. For example, +TC_LIB.

    You can add different classes separated by the pipe symbol. For example, +TC_LIB|+TC_MMVD.

The following table lists the wfica modules and their corresponding trace class values:

Module TraceClasses value
Graphics TC_TW
EUEM TC_EUEM
WFICA (Session Launch) TC_NCS
Printing TC_CPM
Connection Sequence - WD TC_WD
Connection Sequence - PD TC_PD
Connection Sequence - TD TC_TD
Proxy related files TC_PROXY
Multimedia Virtual Driver / Webcam TC_MMVD
Virtual Drivers TC_VD
Client Drive Mapping TC_CDM
Audio TC_CAM
COM (Communication Port) TC_CCM
Seamless TC_TWI
Smart Card TC_SCARDVD

The following table lists the connection center module and their corresponding trace class value:

Module TraceClasses value
Connection center TC_CSM

The following table lists the trace class value for setWebHelper:

TraceClasses value
Set logSwitch to 1 (to enable) or 0 (to disable)
Example: logSwitch = 1

Troubleshooting:

If ctxlogd turns unresponsive, the logs are traced in the syslog.

For information about getting new and refreshed logs in subsequent launches, see Syslog configuration.

Syslog configuration

By default, all syslog logs are saved at /var/log/syslog. To configure the path and the name of the log file, edit the following line under the [RULES] section in the /etc/rsyslog.conf file. For example,

user.* -/var/log/logfile_name.log

Save your changes and then restart the syslog service using the command:

sudo service rsyslog restart

Points to remember:

  • To verify that a new syslog is available, delete syslog and run the command: sudo service rsyslog restart.

  • To avoid duplicate messages, add $RepeatedMsgReduction on at the beginning of the rsyslog.conf file.

  • To receive logs, ensure that the $ModLoad imuxsock.so line is uncommented at the beginning of the rsyslog.conf file.

Remote logging

To enable remote logging on:

  • Server-side configuration: uncomment the following lines in the rsyslog.conf file of the syslog server:

    $ModLoad imtcp

    $InputTCPServerRun 10514

  • Client-side configuration: add the following line in the rsyslog.conf file by replacing the localhost with the IP address of the remote server:

    *.* @@localhost:10514

Collecting log files

Previously, there was no tool available to collect the log files in Citrix Workspace app. Log files were present in different folders. You had to manually collect log files from different folders.

Starting with this release, Citrix Workspace app introduces collectlog.py tool to collect log files from different folders. You can run the tool using the command line. The log files are generated as a compressed log file. You can download it from the local server.

Prerequisites

  • Python3
  • Requires extra space to save the logs

Starting with Version 2109, two new files are added to collect log files using the collectlog.py tool:

  • logcollector.ini file – Saves the name and path of the log file.
  • collectlog.py file – Collects the log files and saves them as cwalog_{timestamp}.tar.gz compressed file.

By default, the [hdxteams] component is added in the logcollector.ini file to collect log files for Microsoft Teams. However, you can add other components also in the logcollector.ini file using the following procedure:

  1. Navigate to the ${HOME}/.ICAClient/logs/ICAClient.log/logcollector.ini file.
  2. Add the component that you require to collect log files as per the following example:

[component_name]

log_name1 = “log_path1”

log_name2 = “log_path2”

If you are on Version 2109, collect log files using the following procedure:

  1. Download and install Citrix Workspace app on your Linux machine.
  2. At the command line, navigate to the /opt/Citrix/ICAClient/util path.
  3. Run the following command: ./collctlog.py -h

    The following command usage information appears:

    usage: collect_log [-h] [-c CONFIG] [-a ARCHIVE]optional arguments: -h, --help show this help message and exit -c CONFIG, --config CONFIG The logcollector.ini path & file -a ARCHIVE, --archive ARCHIVE The archive path & file

  4. Run the following commands as required:

    • ./collectlog.py – Collects log files using the configuration file from the default path and saves them as a compressed log files at the default path.
    • ./collectlog.py -c /user_specified_path/logcollector.ini – Collects log files using the configuration file from a user-specified path and saves them as a compressed log files at the default path.
    • ./collectlog.py -c /user_specified_path/logcollector.ini -a/another_user_specified_path/ – Collects log files using the configuration file from a user-specified path and saves them as a compressed log files at the user-defined path.

    Note:

    The default path of the logcollector.ini configuration file is /opt/Citrix/ICAClient/config/logcollector.ini. The default path of the compressed log file is /tmp.

  5. Navigate to the /tmp folder and collect the cwalog_{timestamp }.tar.gz compressed file.

Note:

The log files are saved in the /tmp folder with the file name cwalog_{timestamp}.tar.gz.

Optimization for Microsoft Teams

Optimization for desktop-based Microsoft Teams using Citrix Virtual Apps and Desktops or Citrix DaaS and Citrix Workspace app. Optimization for Microsoft Teams is similar to HDX RealTime Optimization for Microsoft Skype for Business. The difference is that, we bundle all the necessary components for Microsoft Teams optimization into the VDA and the Workspace app for Linux.

Citrix Workspace app for Linux supports audio, video, and screen-sharing features with Microsoft Teams optimization.

Note:

  • Microsoft Teams optimization is supported only on x64 Linux distributions.
  • Microsoft optimization is supported in both Citrix Virtual Apps and Desktops and Citrix DaaS.
  • For Thin Clients that use Dell Wyse, use the Citrix Configuration Editor to edit any parameter in the /var/.config/citrix/hdx_rtc_engine/config.json file. For more information see the Dell documentation.

For information on how to enable logging, follow the steps mentioned under Logging for Microsoft Teams.

For information on system requirements, see Microsoft Teams optimization requirements.

For more information, see Optimization for Microsoft Teams and Microsoft Teams redirection.

Enhancement to audio configuration

If Microsoft Teams configures auto gain control and noise suppression options, Citrix-redirected Microsoft Teams honors the values as configured. Otherwise, these options are enabled by default. However, starting from Citrix Workspace app 2104, the echo cancellation option is disabled by default. Starting from Citrix Workspace app 2112, admins can change the default settings to troubleshoot Audio issues (like robotic voice, high CPU causing choppy audio, and so on) by doing the following:

  1. Navigate to the /var/.config/citrix/hdx_rtc_engine/config.json file.
  2. Set the following options:
    • EnableAEC value to 1 to enable and 0 to disable echo cancellation
    • EnableAGC value to 1 to enable and 0 to disable auto gain control
    • EnableNS value to 1 to enable and 0 to disable noise suppression
mkdir -p /var/.config/citrix/hdx_rtc_engine

vim /var/.config/citrix/hdx_rtc_engine/config.json

{

      "EnableAEC":1,"EnableAGC":1,"EnableNS":1

}
<!--NeedCopy-->

After the call is established, monitor the webrpc log (/tmp/webrpc/<current date>/) for the following entries to verify that the changes took effect:

/tmp/webrpc/Wed_Feb__2_14_56_33_2022/webrpc.log:[040.025] Feb 02 14:57:13.220 webrtcapi.NavigatorUserMedia Info: getUserMedia. audio constraints, aec=1, agc=1, ns=1
<!--NeedCopy-->

Encoder performance estimator for Microsoft Teams

The HdxRtcEngine is the WebRTC media engine embedded in Citrix Workspace app that handles Microsoft Teams redirection. The HdxRtcEngine.exe can estimate the best outgoing video (encoding) resolution that the endpoint’s CPU can sustain without overloading. Possible values are 240p, 360p, 720p, and 1080p.

The performance estimation process uses macroblock code to determine the best resolution that can be achieved with the particular endpoint. The Codec negotiation during a call setup includes the highest possible resolution. The Codec negotiation can be between the peers, or between the peer and the conference server.

The following table lists the four performance categories for endpoints that have its own maximum available resolution:

Endpoint performance Maximum resolution Registry key value
Fast 1080p (1920x1080 16:9 @ 30 fps) 3
Medium 720p (1280x720 16:9 @ 30 fps) 2
Slow 360p (either 640x360 16:9 @ 30 fps, or 640x480 4:3 @ 30 fps) 1
Very slow 240p (either 320x180 16:9 @ 30 fps, or 320x240 4:3 @ 30 fps) 0

To set the outgoing video (encoding) resolution value, for example to 360p, run the following command from the terminal:

mkdir -p /var/.config/citrix/hdx_rtc_engine

vim /var/.config/citrix/hdx_rtc_engine/config.json

{

    "OverridePerformance":1

}
<!--NeedCopy-->

Logging for Microsoft Teams

To enable logging for Microsoft Teams:

  1. Navigate to the /opt/Citrix/ICAClient/debug.ini file.
  2. Modify the [HDXTeams] section as follows:

    [HDXTeams]
    ; Retail logging for HDXTeams 0/1 = disabled/enabled
    HDXTeamsLogSwitch = 1
    ; Debug logging; , It is in decreasing order
    ; LS_NONE = 4, LS_ERROR = 3, LS_WARNING = 2, LS_INFO = 1, LS_VERBOSE = 0
    WebrtcLogLevel = 0
    ; None = 5, Info = 4, Warning = 3, Error = 2, Debug = 1, Trace = 0
    WebrpcLogLevel = 0
    
    <!--NeedCopy-->
    

Logging can also be enabled by adding the following line to the config.json file:

{
"WebrpcLogLevel": 0,"WebrtcLogLevel": 0
}
<!--NeedCopy-->

Adding the libunwind-12 library dependency for llvm-12

Starting with the 2111 release, a new dependency called the libunwind-12 library is added for llvm-12. However, by default, it does not exist in the original repository. Install the libunwind-12 library manually in the repository using the following steps:

  1. Open the terminal.
  2. Enter the following line to install the llvm repository key file:

    
     wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add
    <!--NeedCopy-->
    
  3. Enter the following line to configure the llvm repository source list:

     sudo vim /etc/apt/sources.list
    <!--NeedCopy-->
    
  4. Add the following line:

    deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main
    deb-src http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main
    <!--NeedCopy-->
    
  5. Run the following command to install the libunwind-12 library:

    sudo apt-get update
    sudo apt-get install libunwind-12
    <!--NeedCopy-->
    

Enhancements to Microsoft Teams optimization

  • Starting with version 2101 for Citrix Workspace app:
    • The Citrix Workspace app installer is packaged with the Microsoft Teams ringtones.
    • Audio output switches automatically to newly plugged-in audio devices, and an appropriate audio volume is set.
    • HTTP proxy support for anonymous authentication.
  • Starting with version 2103 for Citrix Workspace app, the VP9 video codec is disabled by default.

  • Starting with version 2104 for Citrix Workspace app, the echo cancellation feature is disabled by default. We recommend that you do not use your built-in speakers and microphone for calls. Use headphones instead. This fix aims to address choppy audio issues noticed on thin clients

  • Starting with version 2106 for Citrix Workspace app:

    • Previously, when you clicked Screen sharing, preview of a default or main monitor was only available for screen sharing.

      With this version, preview of all screens is displayed on the screen picker menu. You can select any screen for screen sharing in the VDA environment. A red square appears on the selected monitor and a small picture of the selected screen content appears on the screen picker menu.

      In seamless mode, you can select one from all screens to share. When the Desktop Viewer changes the window mode (maximized, restore, or minimize), the screen share stops.

  • Starting with version 2112 for Citrix Workspace app:

    Note:

    The following features are available only after the roll-out of a future update from Microsoft Teams. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

    • Request control in Microsoft Teams

      With this release, you can request control during a Microsoft Teams call when a participant is sharing the screen. Once you have control, you can make selections, edits, or other modifications to the shared screen.

      To take control when a screen is being shared, click Request control at the top of the Microsoft Teams screen. The meeting participant who’s sharing the screen can either allow or deny your request.

      While you have control, you can make selections, edits, and other modifications to the shared screen. When you’re done, click Release control.

      Limitation:

      The Request Control option is not available during the peer-to-peer call between an optimized user and a user on the native Microsoft Teams desktop client that is running on the endpoint. As a workaround, users can join a meeting to get the Request Control option.

    • Support for dynamic e911

      With this release, Citrix Workspace app supports dynamic emergency calling. When used in Microsoft Calling Plans, Operator Connect, and Direct Routing, it provides the capability to:

      • configure and route emergency calls
      • notify security personnel

      The notification is provided based on the current location of the Citrix Workspace app running on the endpoint, instead of the Microsoft Teams client running on the VDA. Ray Baum’s law requires the 911 caller’s dispatchable location to be transmitted to the appropriate Public Safety Answering Point (PSAP). Starting from Citrix Workspace app 2112 for Linux, Microsoft Teams Optimization with HDX is compliant with Ray Baum’s law. To support this feature, the LLDP library must be included in the Operating System distribution of the Thin Client.

  • Starting with version 2203 for Citrix Workspace app:

    Multi-window chat and meetings for Microsoft Teams

    With this release, you can use multiple windows for chat and meetings in Microsoft Teams, when optimized by HDX in Citrix Virtual Apps and Desktops 2112 or higher. You can pop out the conversations or meetings in various ways. For details about the pop-out window feature, see Microsoft Teams Pop-Out Windows for Chats and Meetings.

    If you’re running an older version of Citrix Workspace app or Virtual Delivery Agent (VDA), remember that Microsoft will deprecate the single-window code in the future. However, you will have a minimum of nine months after this feature is GA to upgrade to a version of the VDA or Citrix Workspace app that supports multiple windows (2203 and greater).

    Note:

    This feature is available only after the roll-out of a future update from Microsoft Teams. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

Support for NetScaler App Experience (NSAP) virtual channel

Previously available as an experimental feature, the NSAP virtual channel feature is fully supported starting with version 2006. All HDX Insight data is sourced from the NSAP virtual channel exclusively and sent uncompressed. This approach improves the scalability and the performance of sessions. The NSAP virtual channel is enabled by default. To disable it, toggle the VDNSAP flag NSAP=Off in the module.ini file.

For more information, see HDX Insight in the Linux Virtual Delivery Agent documentation, and HDX Insight in the Citrix Application Delivery Management service documentation.

Multi-monitor layout persistence

This feature retains the session monitor layout information across endpoints. The session appears at the same monitors as configured.

Prerequisite:

This feature requires the following:

  • StoreFront v3.15 or later.
  • If .ICAClient is already present in the home folder of the current user:

    Delete the All_Regions.ini file

    or

    To retain the All_Regions.ini file, add the following lines at the end of the [Client Engine\Application Launching] section:

    SubscriptionUrl=

    PreferredWindowsBounds=

    PreferredMonitors=

    PreferredWindowState=

    SaveMultiMonitorPref=

If the .ICAClient folder is not present then it indicates a fresh install of the Citrix Workspace app. In that case, the default setting for the feature is retained.

Use cases

  • Launch a session on any monitor in windowed mode and save the setting. When you relaunch the session, it appears in the same mode, on the same monitor, and in the same position.
  • Launch a session on any monitor in full-screen mode and save the setting. When you relaunch the session, it appears in full-screen mode on the same monitor.
  • Stretch and span a session in windowed mode across multiple monitors and then switch to full-screen mode. The session continues in full-screen across all monitors. When you relaunch the session, it appears in full-screen mode, spanning across all monitors.

Notes:

  • The layout is overwritten with every save, and the layout is saved only on the active StoreFront.
  • f you launch extra desktop sessions from the same StoreFront on different monitors, saving the layout in one session saves the layout information of all the sessions.

Save layout

To enable the save layout feature:

  1. Install the StoreFront 3.15 or later version (equal or greater than v3.15.0.12) on a compatible Delivery Controller (DDC).
  2. Download the build of Citrix Workspace app 1808 or later for Linux from the Downloads page and then install it on your Linux machine.
  3. Set the ICAROOT environment variable to the install location.
  4. Check whether the All_Regions.ini file is present in the .ICAClient folder. If so, delete it.
  5. In the $ICAROOT/config/All_Regions.ini file, look for the field – SaveMultiMonitorPref. By default, the value of this field is “true” (meaning this feature is turned on). To toggle off this feature, set this field to false. If you update the value of SaveMultiMonitorPref, you must delete the All_Regions.ini file present in the .ICAClient folder to prevent value mismatches and a possible profile lockdown. Set or unset the SaveMultiMonitorPref flag before launching sessions.
  6. Launch a new desktop session.
  7. Click Save Layout on the Desktop Viewer toolbar to save the current session layout. A notification appears at the bottom right of the screen, indicating success. When you click Save layout, the icon grays out. This color change indicates that saving is in progress. When the layout is saved the icon appears normal.

  8. Disconnect or log off from the session. Relaunch the session. The session appears in the same mode, on the same monitor, and in the same position.

Limitations and unsupported scenarios:

  • Saving a layout for windowed mode session spanning across multiple monitors is not supported due to limitations with the Linux Display manager.
  • Saving session information across monitors with varied resolution is not supported in this release and might result in unpredictable behavior.
  • Customers deployments with extra StoreFront

Using Citrix Virtual Desktops on dual monitor

  1. Select the Desktop Viewer and click the down arrow.
  2. Select Window.
  3. Drag the Citrix Virtual Desktops screen between the two monitors. Verify that about half the screen is present in each monitor.
  4. From the Citrix Virtual Desktop toolbar, select Full-screen.

    The screen extends to both the monitors.

Workspace launcher

Citrix introduces the Workspace launcher (WebHelper) to launch published desktops and applications.

Previously, the browser plug-in provided along with Citrix Workspace app for Linux enabled users to launch published desktops and applications was based on the NPAPI.

As a solution, Citrix is introducing the Workspace launcher (WebHelper). To enable this feature, configure StoreFront to send requests to Workspace launcher to detect the Citrix Workspace app installation.

Starting with Version 1901, the Citrix Workspace launcher is compatible with direct connections to StoreFront and Citrix Gateway. This feature helps to launch the ICA file automatically and to detect the Citrix Workspace app installation.

For information about configuring StoreFront, see Solution – 2 > a) Administrator configuration in Knowledge Center article CTX237727.

Note:

Citrix Workspace launcher currently works only with direct connections to StoreFront. It isn’t supported in other cases such as connections through Citrix Gateway.

Disabling new workspace web UI mode

When you launch the Citrix Workspace app for Linux using self-service executable file from third-party thin-client vendors, the application can become unresponsive because of 100% CPU utilization.

As a workaround, to switch back to the old UI mode:

  1. Remove cached files by using the command: rm -r ~/.ICAClient
  2. Go to $ICAROOT/config/AuthManconfig.xml file.
  3. Change CWACapableEnabled key value to false.
  4. Launch Citrix Workspace app for Linux. Observe that the self-service executable file loads the old UI.

Keyboard layout synchronization

Keyboard layout synchronization enables you to switch among preferred keyboard layouts on the client device. This feature is disabled by default. After you enable this feature, the client keyboard layout automatically synchronizes to the virtual apps and desktops.

Starting with version 2203, Citrix Workspace app supports the following three different keyboard layout synchronization modes:

  • Sync only once - when session launches – Based on the KeyboardLayout value in the wfclient.ini file, the client keyboard layout is synchronized to the server when the session launches. If the KeyboardLayout value is set to 0, the system keyboard is synchronized to VDA. If the KeyboardLayout value is set to a specific language, the language-specific keyboard is synchronized to VDA. Any changes you make to the client keyboard layout during the session do not take effect immediately. To apply the changes, sign out and sign in to the app. The Sync only once - when session launches mode is the default keyboard layout selected for Citrix Workspace app.
  • Allow dynamic sync - This option synchronizes the client keyboard layout to the server when you change the client keyboard layout.
  • Don’t sync - Indicates that the client uses the keyboard layout present on the server.

Prerequisite:

  • Enable the Unicode Keyboard Layout Mapping feature on the Windows VDA. For more information, see Knowledge Center article CTX226335.

  • Enable the Dynamic Keyboard layout sync feature on the Linux VDA. For more information, see Dynamic keyboard layout synchronization
  • Keyboard layout synchronization depends on XKB lib.
  • When using a Windows Server 2016 or Windows Server 2019, navigate to HKEY_LOCAL_MACHINE\Software\Citrix\ICA\IcaIme registry path and add a DWORD value with key name DisableKeyboardSync and set the value to 0.
  • If .ICAClient is already present in the home folder of the current user:

    Delete the All_Regions.ini file

    or

    To retain the All_Regions.ini file, add the following lines at the end of the[Virtual Channels\Keyboard] section:

    KeyboardSyncMode=

    KeyboardEventMode=

Configure keyboard layout

Citrix Workspace app provides both UI and configuration settings to enable the three different keyboard layout synchronization modes.

To configure keyboard layout synchronization using the graphical user interface:

  1. From the Citrix Workspace app icon in the notification area icon, select Preferences.

    Or,

    Open the terminal, navigate to the installation path, and run the following command:

    util/configmgr

    The Citrix Workspace – Preferences dialog appears.

    Image of Keyboard layout synchronization settings

  2. Click Keyboard tab.

    The Keyboard layout synchronization settings page appears.

  3. Select from one of the following options:

    • Sync only once - when session launches - Indicates that the keyboard layout is synced to the VDA only once at the session launch.
    • Allow dynamic sync - Indicates that the keyboard layout is synced dynamically to the VDA when the client keyboard is changed in a session.
    • Don’t sync - Indicates that the client uses the keyboard layout present on the server.
  4. Click Save and Close.

To configure keyboard layout synchronization using configuration file settings:

Modify the wfclient.ini configuration file to enable the required keyboard layout.

Sync only once – when session launches:

With this feature enabled, when launching a session, the active keyboard layout on the client device is synchronized to VDA. Based on the KeyboardLayout value in the wfclient.ini file, the client keyboard layout is synchronized to the server when the session launches. If the KeyboardLayout value is set to 0, the system keyboard is synchronized to VDA. If the KeyboardLayout value is set to a specific language, the language-specific keyboard is synchronized to VDA.

To select this mode, do the following:

  1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.
  2. Add the following entries:

    KeyboardSyncMode=Once
    KeyboardEventMode=Unicode/Scancode
    <!--NeedCopy-->
    

Unicode keyboard event mode is the recommended option for the Sync only once – when session launches mode.

Allow dynamic sync:

With this feature enabled, when the keyboard layout changes on the client device during a session, the keyboard layout of the session changes correctly.

To select this mode, do the following:

  1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.
  2. Add the following entries:

    KeyboardSyncMode=Dynamic
    KeyboardEventMode=Unicode (or KeyboardEventMode= Scancode)
    <!--NeedCopy-->
    

Unicode keyboard event mode is the recommended option for the Allow dynamic sync mode.

Don’t sync:

With this feature enabled, the VDA side keyboard layout is used, irrespective of the keyboard layout that is selected in the client device.

To select this mode, do the following:

  1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.
  2. Add the following entries:

    KeyboardSyncMode=No
    KeyboardEventMode= Scancode (or KeyboardEventMode= Unicode)
    <!--NeedCopy-->
    

Scancode keyboard event mode is the recommended option for the Don’t sync mode. You must make sure that the client keyboard layout is the same as the VDA side keyboard layout if you configure to Unicode for Don’t Sync option.

Note:

When you set KeyboardSyncMode="" (empty) in the wfclient.ini file, the mode reverts to the earlier behavior. In the earlier behavior, the keyboard layout is read from the $HOME/.ICAClient/wfclient.ini file and sent to the VDA along with other client information when the session starts.

Keyboard Event Mode

We provide recommended keyboard event mode for the three different keyboard layout sync options.

  • Scancode keyboard mode for Don’t Sync.
  • Unicode keyboard for Allow dynamic sync and Sync only once - when session launches

You can change the configuration of KeyboardEventMode in the wfclient.ini file. However, Citrix recommends that you use the recommended keyboard event modes to better work on different use scenarios, physical keyboards, and client devices.

Keyboard layout support for Windows VDA and Linux VDA

Linux Client Keyboard Description Linux Client Keyboard Layout Linux Client Keyboard Variant Syncs to Windows Locale ID Windows VDA Keyboard Layout (ID) Linux VDA Keyboard Layout Linux VDA Keyboard Variant
Arabic ara - ar-SA 00000401 ara -
Arabic (AZERTY) ara azerty ar-DZ 00020401 ara azerty
German (Austria) at - de-AT 00000407 at -
Belgian (alt. ISO) be iso-alternate fr-BE 0000080c be iso-alternate
Belgian be - nl-BE 00000813 be -
Bulgarian bg - bg-BG 00030402 bg -
Bulgarian (traditional phonetic) bg phonetic bg-BG 00040402 bg phonetic
Bulgarian (new phonetic) bg bas_phonetic bg-BG 00020402 bg bas_phonetic
Portuguese (Brazil) br - pt-BR 00000416 br -
Belarusian by - be-BY 00000423 by -
English (Canada) ca eng en-CA 00000409 ca eng
Canadian Multilingual ca multix fr-CA 00011009 ca multix
French (Canada, legacy) ca fr-legacy fr-CA 00000c0c ca fr-legacy
French (Canada) ca - fr-CA 00001009 ca -
French (Switzerland) ch fr fr-CH 0000100c ch fr
German (Switzerland) ch - de-CH 00000807 ch -
Chinese (Simplified) cn - en-US 00000409 us -
Czech cz - cs-CZ 00000405 cz -
Czech (QWERTY) cz qwerty cs-CZ 00010405 cz qwerty
German de - de-DE 00000407 de -
German (Macintosh) de mac de-DE 00000407 de mac
Danish dk - da-DK 00000406 dk -
Estonian ee - et-EE 00000425 ee -
Spanish (Latin American) es - es-ES 0000040a es -
Spanish (Macintosh) es mac es-ES 0000040a es mac
Finnish fi - fi-FI 0000040b fi -
French fr - fr-FR 0000040c fr -
French (Macintosh) fr mac fr-FR 0000040c fr mac
English (UK) gb - en-GB 00000809 gb -
English (Macintosh) gb mac en-GB 00000809 gb mac
English (UK, extended, with Win keys) gb extd en-GB 00000452 gb extd
Greek gr - el-GR 00000408 gr -
Croatian hr - hr-HR 0000041a hr -
Hungarian hu - hu-HU 0000040e hu -
Irish ie - en-IE 00001809 ie -
Hebrew il - he-IL 0002040d il -
English (India, with rupee) in eng en-IN 00004009 in eng
Iraqi iq - ar-IQ 00000401 iq -
Icelandic is - is-IS 0000040f is -
Italian it - it-IT 00000410 it -
Japanese jp - en-US 00000409 us -
Japanese (Macintosh) jp mac en-US 00000409 us mac
Korean kr - en-US 00000409 us -
Spanish (Latin American) latam - es-MX 0000080a latam -
Lithuanian lt - lt-LT 00010427 lt -
Lithuanian (IBM LST 1205-92) lt ibm lt-LT 00000427 lt ibm
Lithuanian (Standard) lt std lt-LT 00020427 lt std
Latvian lv - lv-LV 00020426 lv -
Norwegian no - nb-NO 00000414 no -
Polish pl - pl-PL 00000415 pl -
Polish (QWERTZ) pl qwertz pl-PL 00010415 pl qwertz
Portuguese pt - pt-PT 00000816 pt -
Portuguese (Macintosh) pt mac pt-PT 00000816 pt mac
Romanian (standard) ro std ro-RO 00010418 ro std
Serbian rs - sr-Cyrl-RS 00000c1a rs -
Serbian (Latin) rs latin sr-Latn-RS 0000081a rs latin
Russian ru - ru-RU 00000419 ru -
Russian (typewriter) ru typewriter ru-RU 00010419 ru typewriter
Russian (Macintosh) ru mac ru-RU 00000419 ru mac
Swedish se - sv-SE 0000041d se -
Swedish (Macintosh) se mac sv-SE 0000041d se mac
Slovenian si - sl-SI 00000424 si -
Slovak sk - sk-SK 0000041b sk -
Slovak (QWERTY) sk qwerty sk-SK 0001041b sk qwerty
Thai th - th-TH 0000041e th -
Thai (Pattachote) th pat th-TH 0001041e th pat
Tajik tj - tg-Cyrl-TJ 00000428 tj -
Turkish tr - tr-TR 0000041f tr -
Turkish (F) tr f tr-TR 0001041f tr f
Chinese (Traditional) tw - en-US 00000409 us -
Ukrainian ua - uk-UA 00000422 ua -
English (US) us - en-US 00000409 us -
English (Macintosh) us mac en-US 00000409 us mac
English (Dvorak) us dvorak en-US 00010409 us dvorak
English (Dvorak, left-handed) us dvorak-l en-US 00030409 us dvorak-l
English (Dvorak, right-handed) us dvorak-r en-US 00040409 us dvorak-r
English (US, intl., with dead keys) us intl nl-NL 00020409 us intl
Vietnamese vn - vi-VN 0000042a vn -

VDA keyboard layout

The VDA keyboard layout feature helps you use the VDA keyboard layout regardless of the client’s keyboard layout settings. It supports the following types of keyboard: PC/XT 101, 102, 104, 105, 106.

To use the server-side keyboard layout:

  1. Launch the wfclient.ini file.

  2. Change the value of the KeyboardLayout attribute as follows:

    KeyboardLayout=(Server Default)

    The default value for the KeyboardLayout attribute is (User Profile).

  3. Relaunch the session for the changes to take effect.

File type association

A Citrix Virtual Apps Services might also publish a file, rather than an application or desktop. This process is referred to as publishing content, and allows pnabrowse to open the published file.

There’s a limitation to the type of files that the Citrix Workspace app recognizes. Only when a published application is associated with the file type of the published file:

  • The system recognizes the file type of the published content
  • Users can view the file through Citrix Workspace app

For example, to view a published Adobe PDF file using Citrix Workspace app, an application such as Adobe PDF Viewer must be published. Unless a suitable application is published, users can’t view the published content.

To enable FTA on the client-side:

  1. Verify that the app that you want to associate is a favorite or a subscribed application.
  2. To get the list of published applications and the server URL, run the commands:

    ./util/storebrowse -l
    
    ./util/storebrowse -S <StoreFront URL>
    <!--NeedCopy-->
    
  3. Run the ./util/ctx_app_bind command with the following syntax:

    ./util/ctx_app_bind [-p] example_file|MIME-type published-application [server|server-URI]

    for example, ./util/ctx_app_bind a.txt BVT_DB.Notepad_AWTSVDA-0001 https://awddc1.bvt.local/citrix/store/discovery

  4. Verify that the file that you’re trying to open is client drive mapping (CDM) enabled.
  5. Double-click the file to open it using the associated application.

Associating a published application with file types

Citrix Workspace app reads and applies the settings configured by administrators in Citrix Studio.

Prerequisite:

Verify that you connect to the Store server where the FTA is configured.

To link a file name extension with a Citrix Workspace app for Linux application:

  1. Publish the application.
  2. Log on to Citrix Studio.
  3. Right-click the application and select Properties.
  4. Select Location.
  5. Add “%**” in the Command-line argument (optional) field to bypass the command-line validation and then click OK.

    Image of FTA location

  6. Right-click the application and select Properties.
  7. Select File Type Association.
  8. Select all the extensions that you want Citrix Workspace app to associate with the application. Image of FTA extensions
  9. Click Apply and Update file types.
  10. Follow the steps mentioned in File type association to enable FTA on the client-side.

Note:

The StoreFront file type association must be ON. By default, file type association is enabled.

Support for Citrix Analytics

Starting with version 2006, Citrix Workspace app is updated to transmit data to Citrix Analytics Service from ICA sessions that you launch from a browser.

For more information on how Citrix Analytics uses this information, see Self-Service for Performance and Self-service search for Virtual Apps and Desktops.

Citrix Workspace app for Linux is instrumented to securely transmit logs to Citrix Analytics when the app triggers certain events. The logs are analyzed and stored on Citrix Analytics servers when enabled. For more information about Citrix Analytics, see Citrix Analytics.

Transparent user interface

The Citrix ICA protocol uses the Transparent User Interface Virtual Channel [TUI VC] protocol to transmit data between Citrix Virtual Apps and Desktops or Citrix DaaS and host servers. The TUI protocol transmits user interface [UI] component messages for remote connections.

Citrix Workspace app for Linux supports the TUI VC feature. This feature helps the client to receive the TUI packets sent by the server, and the client can access the UI-related components. This functionality helps you to control the display of the default overlay screen. You can toggle the VDTUI flag in the module.ini file: VDTUI - On/Off

Starting with version 1912, the VDTUI flag is set to On by default. As a result, the “Starting <Application>” dialog box no longer appears when you launch an app. Instead, a “Connecting <Application>” dialog appears with a progress bar. The dialog also displays the progress of the app launch. However, if you set the flag to Off, the “Starting <Application>” dialog rendered on top of other application windows, covering the login prompt.

For more information on Virtual Channels, see Citrix ICA virtual channels in the Citrix Virtual Apps and Desktops documentation.