Configure

When using Citrix Workspace app for Linux, the following configuration steps allow users to access their hosted applications and desktops.

Settings

Configuration files

To change advanced or less common settings, you can modify Citrix Workspace app’s configuration files. These configuration files are read each time wfica starts. You can update various files depending on the effect you want the changes to have.

If session sharing is enabled, an existing session might be used instead of a newly reconfigured one. This setting might cause the session to ignore changes you made in a configuration file.

Default settings

If you want to change the default for all Citrix Workspace app users, modify the module.ini configuration file in the $ICAROOT/config directory.

Note:

If an entry in All\_Regions.ini is set to a specific value, the value for that entry in module.ini isn’t used. The values in All\_Regions.ini take precedence over the value in module.ini.

Template file

If the $HOME/.ICAClient/wfclient.ini file does not exist, wfica creates it by copying $ICAROOT/config/wfclient.template. When you change this template file, the changes are applied to all the Citrix Workspace app users.

User settings

To apply configuration changes for a user, modify the wfclient.ini file in the user’s $HOME/.ICAClient directory. The settings in this file apply to future connections for that user.

Validate configuration file entries

To limit the values for entries in wfclient.ini, specify the allowed options or ranges of options in All\_Regions.ini.

If you specify only one value, that value is used. The $HOME/.ICAClient/All\_Regions.ini file can match or reduce the possible values set in the $ICAROOT/config/All\_Regions.inifile, it can’t take away restrictions.

Note:

The value set in wfclient.ini takes precedence over the value in module.ini.

Parameters

The parameters listed in each file are grouped into sections. Each section begins with a name in brackets that indicates parameters that belong together; for example, \[ClientDrive\] for parameters related to client drive mapping (CDM).

Defaults are automatically supplied for any missing parameters except where indicated. If a parameter is present but not assigned a value then the default value is automatically applied. For example, consider the InitialProgram parameter is followed by an equal sign (=) and no value is provided. In this example, the default value (not to run a program after logging in) is applied.

Precedence

The All\_Regions.ini file specifies parameters that the other files can set. It can restrict the values of parameters or set them exactly.

For any given connection, the files are checked in the following order:

1. All\_Regions.ini - The values in this file override those values in:
   • The connections .ICA file
   • wfclient.ini
2. module.ini - The values in this file are used if they have not been set in All\_Regions.ini, the connections .ICA file, or wfclient.ini. However, these values aren’t restricted with the entries in All\_Regions.ini.

If no value is found in any of these files, the default in the Citrix Workspace app code is used.

Note:

There are exceptions to this order of precedence. For example, the code reads some values specifically from wfclient.ini for security reasons.

Inactivity Timeout for Citrix Workspace app

Note:

Starting with 2303 version, this feature is generally available for Citrix Workspace app.

The inactivity timeout feature signs you out of the Citrix Workspace app based on a value that the admin sets. Admins can specify the amount of idle time that is allowed before a user is automatically signed out of the Citrix Workspace app. You’re automatically signed out when no activity from the mouse, keyboard, or touch occurs for the specified interval of time, within the Citrix Workspace app window. The inactivity timeout does not affect the already running Citrix Virtual Apps and Desktops and Citrix DaaS sessions or the Citrix StoreFront stores.

The inactivity timeout value can be set starting from 10 minutes to 1440 minutes. The interval to change this timeout value must be in multiples of 5. For example: 10, 15, 20, or 25 minutes. By default, the inactivity timeout isn’t configured.

Note:

This feature is applicable only on cloud deployments.

As a prerequisite, you must enable this feature in the AuthManConfig.xml file. Navigate to $ICAROOT/config/AuthManConfig.xml and add the following entries:

<key>ITOEnabled</key>
<value>true</value>
<!--NeedCopy-->

Admins can configure the inactivityTimeoutInMinutes property by using a PowerShell module.

Steps to configure InactivityTimeoutInMinutes in the client machine:

1. Download the Configuring Citrix Workspace using PowerShell module.
2. To use the module, you must generate an API Client ID and Secret. For more information about obtaining credentials and getting started with the Citrix Cloud APIs, see Get started with Citrix Cloud APIs.
3. To import this module, pass the path to the Citrix.Workspace.StoreConfigs directory to the Import-Module cmdlet, that is, from the directory containing this file, run Import-Module ./Citrix.Workspace.StoreConfigs.
4. After the module has been imported, run Get-Help -Full to obtain help for specific cmdlet. For example: Get-Help Set-WorkspaceCustomConfigurations -Full

5. Run the following command to set inactivityTimeoutInMinutes to 1 hour, for example:

   Set-WorkspaceCustomConfigurations -WorkspaceUrl -ClientId -ClientSecret -InactivityTimeoutInMinutes "60"
   <!--NeedCopy-->
   

   You don’t need to run the preceding command on all clients; need to run only once and test.

The end-user experience is as follows:

• A notification appears three minutes before you’re signed out, with an option to stay signed in, or sign out.
• Users can click Stay signed in to dismiss the notification and continue using the app, in which case the inactivity timer is reset to its configured value. You can also click Sign out to end the session for the current store.

Note:

The inactivity timeout feature doesn’t support distributions that have Wayland as the default graphics protocol. For distributions that have Wayland, uncomment either of the following: WaylandEnable=false in /etc/gdm/custom.conf or in /etc/gdm3/custom.conf.

Screen pinning in custom web stores [Technical Preview]

Starting with version 2302, you can save the selection for multi-monitor screen layout in custom web stores.

As a prerequisite, you must enable this feature in the AuthManConfig.xml file. Navigate to $ICAROOT/config/AuthManConfig.xml and add the following entries:

<key>ScreenPinEnabled</key>
<value> true </value>
<!--NeedCopy-->

Only after adding the preceding key, you can see the Screen Layout option in the Citrix Workspace app menu.

To select the screen layout, select Screen Layout in the Citrix Workspace app menu. The Screen Layout dialog box appears.

Select a virtual desktop from the drop-down menu. The layout selection is applied only to the desktop that you select.

Select one or more tiles to form a rectangular selection for the layout. The session then appears as per the layout selection.

Limitations:

• Enabling screen pinning disables the save layout feature in a session.
• This feature is applicable only on desktops that are marked as favorite.

You can provide feedback for this technical preview by using the Podio form.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Performance optimization for Citrix Workspace app

Starting with version 2302, the performance of Citrix Workspace app for Linux is improved when authenticating using AuthManLite.

Global App Config Service [Public Technical Preview]

The new Global App Configuration Service for Citrix Workspace allows a Citrix administrator to deliver Workspace service URLs through a centrally managed service.

As a prerequisite, you must enable this feature in the AuthManConfig.xml file. Navigate to $ICAROOT/config/AuthManConfig.xml and add the following entries:

     <key>AppConfigEnabled</key>
     <value> true </value>
<!--NeedCopy-->

For more information on Workspace service URLs settings, see Global App Configuration Service documentation.

Note:

• Citrix Workspace app for Linux uses the Global App Configuration Service only to deliver Workspace service URLs.
• Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Workspace with intelligence [Technical Preview]

Citrix Workspace app for 2111 version is optimized to take advantage of the Workspace intelligence features when they are released. For more information, see Workspace Intelligence Features - Microapps.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Support for DPI matching [Technical Preview]

Starting with version 2207, the display resolution and DPI scale values set in the Citrix Workspace app match to the corresponding values in the virtual apps and desktops session. You can set the required scale value in the Linux client, and the scaling of the VDA session is updated automatically.

DPI scaling is mostly used with large size and high-resolution monitors. This feature helps to display the following in a size that can be viewed comfortably:

• Applications
• Text
• Images
• Other graphical elements

This feature is disabled by default. To enable this feature, do the following:

1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.

2. Go to [WFClient] section and set the following entry:

   DPIMatchingEnabled=TRUE

Limitation:

Currently, the DPI matching feature does not support the fractional scaling on the client side. If the DPI scale value is high, the Microsoft Teams optimization might not support as expected.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Persistent login

Note:

Strating with 2303 version, this feature is generally available for Citrix Workspace app.

The Persistent login feature enables you to stay logged in for up to the duration (2–365 days) configured by your admin. When this feature is enabled, you need not provide login credentials for the Citrix Workspace App during the configured period.

With this functionality, the SSO to Citrix DaaS sessions is extended up to a period of 365 days. This extension is based on the lifetime of Long-Lived Tokens. Your credentials are cached by default for 4 days or Lifetime whichever is lower. And then extended when you become active within these 4 days by connecting to the Citrix Workspace App.

Configure the persistent login feature

An admin need to configure the persistent login on the Workspace environment using the following procedure:

1. Sign in to Citrix Cloud.
2. In the Citrix Cloud console, click the menu in the upper left corner of the screen.
3. Select the Workspace Configuration option > Customize > Preferences.
4. Scroll down to Reauthentication Period for Workspace App.
5. Click Edit next to the Current Reauthentication Period field.
6. Enter the required days in the Current Reauthentication Period field.
7. You must enter two days or more in the Current Reauthentication Period field.

For more information, see the instructions in the Reauthentication Period for Workspace App section in the following image:

Experience with enhanced authentication

The persistent login window is embedded within the self-service window.

1. Access the Citrix Workspace app. The authentication window appears.

   

2. Sign in with your credentials. You are redirected to the Permission prompt to accept.

   

3. Click Allow.

Note:

If you select Deny for consent, you would see a second login prompt and you need to sign in to Citrix Workspace app for every 24 hours.

Disable the persistent login feature

An admin can disable the persistent login feature in the Citrix Cloud UI or in the AuthManConfig.xml file. However, the value set in the AuthManConfig.xml file overrides the value set in the Citrix Cloud UI.

Using Citrix Cloud UI

1. Sign in to Citrix Cloud.
2. In the Citrix Cloud console, click the menu in the upper left corner of the screen.
3. Select the Workspace Configuration option > Customize > Preferences.
4. Scroll down to Reauthentication Period for Workspace App.
5. Click Edit next to the Current Reauthentication Period field.
6. Enter one day in the Current Reauthentication Period field.

Using the AuthManConfig.xml file

To disable the persistent login feature, do the following

1. Navigate to <ICAROOT>/config/AuthManConfig.xml file.

2. Set the values as follows:

   <AuthManLite>
   
   <primaryTokenLifeTime>1.00:00:00</primaryTokenLifeTime>
   
   <secondaryTokenLifeTime>0.01:00:00</secondaryTokenLifeTime>
   
   <longLivedTokenSupport>false</longLivedTokenSupport>
   
   <nativeLoggingEnabled>true</nativeLoggingEnabled>
   
   <platform>linux</platform>
   
   <saveTokens>true</saveTokens>
   
   </AuthManLite>
   <!--NeedCopy-->
   

Creating custom user-agent strings in network request

Starting with 2109 version, Citrix Workspace app introduces an option to append the User-Agent strings in the network request and identify the source of a network request. Based on this User-Agent strings request, you can decide how to manage your network request. This feature allows you to accept network requests only from trusted devices.

Note:

• This feature is supported on cloud deployments of Citrix Workspace app. Also, x86, x64, and ARMHF are the supported packages.

To customize the User-Agent strings, do the followings:

1. Locate the $ICAROOT/config/AuthManConfig.xml configuration file.
2. Add a value to the following entry:

<UserAgentSuffix> </UserAgentSuffix>

Example that includes App and Version in the customized text:

<UserAgentSuffix>App/AppVersion </UserAgentSuffix>

If you’re adding App and AppVersion, separate them by a forward slash (“/”).

• If the network request is from the UI-based Citrix Workspace app, the following User-Agent appears in the network requests:

  CWAWEBVIEW/CWAVersion App/AppVersion

• If the network request isn’t from the UI-based Citrix Workspace app, the following User-Agent appears in the network requests:

  CWA/CWAVersion App/AppVersion

Notes:

• If you aren’t adding AppVersion at the end of the UserAgentSuffix string, the Citrix Workspace app version is appended in the network requests.
• Restart AuthManagerDaemon and ServiceRecord for the changes to take effect.

Feature flag management

If an issue occurs with Citrix Workspace app in production, we can disable an affected feature dynamically in Citrix Workspace app even after the feature releases. To do so, we use feature flags and a third-party service called LaunchDarkly.

You do not need to make any configurations to enable traffic to LaunchDarkly, unless you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to LaunchDarkly via specific URLs or IP addresses, depending on your policy requirements. You can enable traffic and communication to LaunchDarkly in the following ways:

Enable traffic to the following URLs

• events.launchdarkly.com
• stream.launchdarkly.com
• clientstream.launchdarkly.com
• firehose.launchdarkly.com
• mobile.launchdarkly.com
• app.launchdarkly.com

List IP addresses in an allow list

If you must list IP addresses in an allow list, for a list of all current IP address ranges, see the LaunchDarkly public IP list. You can use this list to verify that your firewall configurations are updated automatically in keeping with the infrastructure updates. For details about the status of the infrastructure changes, see the LaunchDarkly Status page.

LaunchDarkly system requirements

Verify that published apps can communicate with the following services if you have split tunneling on Citrix ADC set to OFF:

• LaunchDarkly service
• APNs listener service

Provision to disable LaunchDarkly service

Starting with version 2205, you can disable LaunchDarkly service on Citrix Workspace app.

To disable the LaunchDarkly service, do the following:

1. Navigate to the <ICAROOT>/config/module.ini folder and go to the LaunchDarkly section.
2. Select the entry EnableLaunchDarkly and set it to Disable.

Service continuity

Note:

This feature is generally available for Citrix Workspace app.

Service continuity removes or minimizes the dependency on the availability of components that are involved in the connection process. Users can launch their Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) regardless of the health status of the cloud services.

For information on requirements that support service continuity on Citrix Workspace app, see System Requirements.

For more information, see the Service continuity section in the Citrix Workspace documentation.

Pinning multi-monitor screen layout

Starting with Version 2103, you can save the selection for multi-monitor screen layout. The layout is how a desktop session is displayed. Pinning helps to relaunch a session with the selected layout, resulting in an optimized user experience.

As a prerequisite, you must enable this feature in the AuthManConfig.xml file. Navigate to $ICAROOT/config/AuthManConfig.xml and add the following entries:

     <key>ScreenPinEnabled</key>
     <value> true </value>
<!--NeedCopy-->

Only after adding the preceding key, you can see the Screen Layout option in the App indicator icon. For more information about app indicator icon, see App indicator icon.

To select the screen layout, click the app indicator icon in the taskbar, and select Screen Layout. The Screen Layout dialog appears.

Alternately, you can launch the Screen Layout dialog by pressing Ctrl+m keys when on the self-service window.

Select a virtual desktop from the drop-down menu. The layout selection is applied only to the desktop that you select.

Select one or more tiles to form a rectangular selection for the layout. The session then appears as per the layout selection.

Limitations:

• Enabling screen pinning disables the save layout feature in a session.
• This feature is applicable only on desktops that are marked as favorite.

Application Categories

Application Categories allow users to manage collections of applications in Citrix Workspace app. You can create application groups for the following:

• Applications shared across different delivery groups
• Applications used by a subset of users within delivery groups

For more information, see Create an application group in the Citrix Virtual Apps and Desktops documentation.

App Protection

DISCLAIMER

App Protection policies work by filtering access to required functions of the underlying operating system. Specific API calls are required to capture screens or keyboard presses. This feature means that App Protection policies can provide protection even against custom and purpose-built hacker tools. However, as operating systems evolve, new ways of capturing screens and logging keys can emerge. While we continue to identify and address them, we can’t guarantee full protection in specific configurations and deployments.

App Protection is an add-on feature that provides enhanced security when you use Citrix Virtual Apps and Desktops. The feature restricts the ability of clients to be compromised with keylogging and screen-capturing malware. App Protection prevents exfiltration of confidential information such as user credentials and sensitive information that are displayed on the screen. The feature prevents users and attackers from taking screenshots and from using keyloggers to glean and exploit sensitive information.

Notes:

• This feature is supported when Citrix Workspace app is installed by using the tarball, Debian, and Red Hat Package Manager (RPM) packages. Also, x64 and ARMHF are the only supported architectures.
• This feature is supported in on-premises deployments of Citrix Virtual Apps and Desktops. Also, in deployments using the Citrix Virtual Apps and Desktops Service with StoreFront.

App Protection requires that you install an add-on license on your License Server. A Citrix Virtual Desktops license must also be present. For information on Licensing, see the Configure section in the Citrix Virtual Apps and Desktops.

Starting with version 2108, the App Protection feature is now fully functional. The App Protection feature supports apps and desktop sessions and is enabled by default. However, you must configure the App Protection feature in the AuthManConfig.xml file to enable it for the authentication manager and the Self-Service plug-in interfaces.

Starting with this version, you can launch protected resources from Citrix Workspace app while Mozilla Firefox is running.

Starting with version 2012, the App Protection feature is an experimental feature.

Prerequisite:

App Protection works best with the following operating systems along with the Gnome Display Manager:

• 64-bit Ubuntu 18.04 and Ubuntu 20.04
• 64-bit Debian 9 and Debian 10
• 64-bit CentOS 7
• 64-bit RHEL 7
• ARMHF 32-bit Raspberry Pi OS (Based on Debian 10 (buster))

Note:

If you are using Citrix Workspace app earlier than version 2204, the App Protection feature does not support the operating systems that use glibc 2.34 or later.

If you install the Citrix Workspace app with App Protection feature enabled on OS that uses glibc 2.34 or later, the OS boot might fail on restarting the system. To recover from the OS boot failure, do any of the following:

• Reinstall the OS. However, we do not support the App Protection feature on the OS that uses glibc 2.34 or later.
• Go to Recovery mode of the OS and uninstall the Citrix Workspace app using terminal.
• Boot through the live OS and remove the rm -rf /etc/ld.so.preload file from the existing OS.

Installing the App Protection component:

When you install the Citrix Workspace app using the tarball package, the following message appears.

“Do you want to install the App Protection component? Warning: You can’t disable this feature. To disable it, you must uninstall Citrix Workspace app. For more information, contact your system administrator. [default $INSTALLER_N]:”

Enter Y to install the App Protection component.

By default, the App Protection component isn’t installed.

Restart your machine for the changes to take effect. App Protection work as expected only after you restart your machine.

Installing the App Protection component on RPM packages:

Starting with Version 2104, App Protection is supported on the RPM version of Citrix Workspace app.

To install App Protection, do the following:

1. Install Citrix Workspace app.
2. Install the App Protection ctxappprotection<version>.rpm package from the Citrix Workspace app installer.
3. Restart the system for the changes to take effect.

Installing the App Protection component on Debian packages:

Starting with Version 2101, App Protection is supported on the Debian version of Citrix Workspace app.

For silent installation of the App Protection component, run the following command from the terminal before installing Citrix Workspace app:

export DEBIAN_FRONTEND="noninteractive"
sudo debconf-set-selections <<< "icaclient app_protection/install_app_protection select yes"

sudo debconf-show icaclient
* app_protection/install_app_protection: yes

sudo apt install -f ./icaclient_<version>._amd64.deb
<!--NeedCopy-->

Starting with Version 2106, Citrix Workspace app introduces an option to configure the anti-keylogging and anti-screen-capturing functionalities separately for both the authentication manager and Self-Service plug-in interfaces.

Configuring App Protection for authentication manager:

Navigate to $ICAROOT/config/AuthManConfig.xml and edit the file as follows:

/opt/Citrix/ICAClient/config$ cat AuthManConfig.xml | grep -i authmananti -A 1
    <key>AuthManAntiScreenCaptureEnabled</key>
    <value>true</value>
    <key>AuthManAntiKeyLoggingEnabled</key>
    <value>true </value>

<!--NeedCopy-->

Configuring App Protection for the Self-Service plug-in interface:

Navigate to $ICAROOT/config/AuthManConfig.xml and edit the file as follows:

/opt/Citrix/ICAClient/config$ cat AuthManConfig.xml | grep -i protection -A 4
<!-- Selfservice App Protection configuration -->
    <Selfservice>
      <AntiScreenCaptureEnabled>true</AntiScreenCaptureEnabled>
      <AntiKeyLoggingEnabled>true</AntiKeyLoggingEnabled>
    </Selfservice>

<!--NeedCopy-->

Known issues:

• When you minimize a protected screen, App Protection continues to run in the background.

Limitation:

• Sometimes, you can’t launch protected resources when an application that is installed from the Snap Store is running. As a workaround, identify the application that causes the issue from the Citrix Workspace app log file. Also, close the application.
• When you’re trying to take a screenshot of a protected window, the entire screen, including the non-protected apps in the background, are grayed out.

Battery status indicator

The battery status of the device now appears in the notification area of a Citrix Desktop session.

Note:

Starting with the 2111 version, the battery status indicator appears for server VDAs also.

The battery status indicator is enabled by default.

To disable the battery status indicator:

1. Navigate to the <ICAROOT>/config/module.ini folder.
2. Go to the ICA 3.0 section.
3. Set the MobileReceiver= Off.

Customer Experience Improvement Program (CEIP)

Additional information

Citrix handles your data following the terms of your contract with Citrix. Also, protects it as specified in the Citrix Services Security Exhibit available on the Citrix Trust Center.

Citrix also uses Google Analytics to collect certain data from Citrix Workspace app as part of CEIP. You might review how Google handles data collected for Google Analytics.

Clear sending CEIP data to Citrix and Google Analytics. For this activity, there is an exception for the data collected for Google Analytics indicated by * in the second table in the following section. Do the following to clear sending CEIP data to Citrix and Google Analytics:

1. Navigate to the <ICAROOT>/config/module.ini folder and go to the CEIP section.
2. Select the entry EnableCeip and set it to Disable.

Note:

After you set the EnableCeip key to Disable, you can disable sending the final two CEIP data elements collected by Google Analytics. These data elements are Operating System version and Workspace app version. For this action, navigate to the following section and set the value as suggested:

Location: <ICAROOT>/config/module.ini

Section: GoogleAnalytics

Entry: DisableHeartBeat

Value: True

Note:

No data is collected for the users in European Union (EU), European Economic Area (EEA), Switzerland, and United Kingdom (UK).

The specific CEIP data elements collected by Google Analytics are:

App indicator icon

The app indicator starts when you launch Citrix Workspace app. It’s an icon that is present in the notification area. With the introduction of the app indicator, the Citrix Workspace app for Linux logon performance is improved.

You can observe performance improvement when you:

• First launch of Citrix Workspace app
• Close and relaunch the app
• Quit and relaunch the app

Note:

The libappindicator package is required for the app indicator to appear. Install the libappindicator package suitable for your Linux distribution from the web.

ICA-to-X proxy

You can use a workstation running Citrix Workspace app as a server and redirect the output to another X11-capable device. You might want to do this task to deliver Microsoft Windows applications to X terminals or to UNIX workstations for which Citrix Workspace app isn’t available.

Note:

Citrix Workspace app software is available for many X devices, and installing the software on these devices is the preferred solution in these cases. Running Citrix Workspace app in this way, as an ICA-to-X proxy, is also referred to as server-side ICA.

When you run Citrix Workspace app, you can think of it as an ICA-to-X11 converter that directs the X11 output to your local Linux desktop. However, you can redirect the output to another X11 display. You can run extra copies of Citrix Workspace app simultaneously on one system. In this case, each Citrix Workspace app sends its output to a different device.

This graphic shows a system with Citrix Workspace app for Linux set up as an ICA-to-X proxy:

To set up this type of system, you need a Linux server to act as the ICA-to-X11 proxy:

• If you have X terminals already, you can run Citrix Workspace app on the Linux server that usually supplies the X applications to the X terminals.
• If you want to deploy UNIX workstations for which Citrix Workspace app isn’t available, you need an extra server to act as the proxy. This server can be a PC running Linux.

Applications are supplied to the final device using X11, using the capabilities of the ICA protocol. By default, you can use drive mapping only to access the drives on the proxy. This setting isn’t a problem if you’re using X terminals (which usually do not have local drives). If you’re delivering applications to other UNIX workstations, you can either:

• NFS mounts the local UNIX workstation on the workstation acting as the proxy, then point a client drive map at the NFS mount point on the proxy.
• Use an NFS-to-SMB proxy such as SAMBA, or an NFS client on the server such as Microsoft Services for UNIX.

Some features aren’t passed to the final device:

• USB redirection
• Smart card redirection
• COM port redirection
• Audio isn’t delivered to the X11 device, even if the server acting as a proxy supports audio.
• Client printers aren’t passed through to the X11 device. You access the UNIX printer from the server manually using LPD printing, or use a network printer.
• Redirection of multimedia input isn’t supported because it requires a webcam on the machine that runs Citrix Workspace app, where the server acts as a proxy. However, redirection of multimedia output supports when GStreamer installed on the server acting as a proxy (untested).

To start Citrix Workspace app with server-side ICA from an X terminal or a UNIX workstation:

1. Use ssh or telnet to connect to the device acting as the proxy.

2. In a shell on the proxy device, set the DISPLAY environment variable to the local device. For example, in a C shell, type:

   setenv DISPLAY <local:0>

   Note:

   If you use the command ssh -X to connect to the device acting as the proxy, you do not need to set the DISPLAY environment variable.

3. At a command prompt on the local device, type xhost <proxy server name>

4. Verify whether Citrix Workspace app is installed in the default installation directory. If not installed, verify that the environment variable ICAROOT is set to point to the actual installation directory.

5. Locate the directory where Citrix Workspace app is installed. At a command prompt, type selfservice &.

Server-client content redirection

Server-client content redirection enables administrators to specify that URLs in a published application are opened using a local application. For example, opening a link to a webpage while using Microsoft Outlook in a session opens the required file using the browser on the user device.

Server-client content redirection enables administrators to give Citrix resources more efficiently, by that provides better performance to the users. The following types of URL can be redirected:

• HTTP
• HTTPS
• RTSP (Real Player)
• RTSPU (Real Player)
• PNM (Older Real Players)

The URL is opened using the server application when:

• Citrix Workspace app does not have an appropriate application
• Citrix Workspace app can’t directly access the content

Server-client content redirection is configured on the server. This feature is enabled by default in Citrix Workspace app if the path includes the following:

• RealPlayer
• One of Firefox, Mozilla, or Netscape.

To enable server-client content redirection if RealPlayer and a browser aren’t in the path:

1. Open the configuration file wfclient.ini.

2. In the [Browser] section, modify the following settings:

   Path=path

   Command=command

   The path is the directory where the browser executable is located. The command is the name of the executable used to handle redirected browser URLs, appended with the URL sent by the server. For example:

   $ICAROOT/nslaunch Netscape, Firefox, Mozilla

   This setting specifies the following:

   • The nslaunch utility is run to push the URL into an existing browser window
   • Each browser in the list is tried in turn until content can be displayed successfully

3. In the [Player] section, modify the following settings:

   Path=path

   Command=command

   The path is the directory where the RealPlayer executable is located. The command is the name of the executable used to handle the redirected multimedia URLs, appended with the URL sent by the server.

4. Save and close the file.

Note:

For both path settings, you need to specify the directory where the browser and RealPlayer executables are available. You do not need to specify the full path to the executables. For example, in the [Browser] section, the path might be set to /usr/X11R6/bin rather than /usr/X11R6/bin/netscape. Also, you can specify extra directory names as a colon-separated list. If these settings aren’t specified, the user’s current $PATH is used.

To clear server-client content redirection from Citrix Workspace:

1. Open the module.ini configuration file.
2. Change the CREnabled setting to Off.
3. Save and close the file.

Connection

Configure connections

On devices with limited processing power or where limited bandwidth is available, there’s a trade-off between performance and functionality. Users and administrators can choose an acceptable mixture of rich functionality and interactive performance. Making one or more of these changes, often on the server not the user device, can reduce the bandwidth that a connection requires and can improve performance:

• Enable SpeedScreen Latency Reduction - The SpeedScreen Latency Reduction improves performance over high latency connections. For this improvement, an instant feedback is provided to the user in response to typed data or mouse clicks. Use the SpeedScreen Latency Reduction Manager to enable this feature on the server. By default, in Citrix Workspace app, this feature is disabled for keyboard. This feature is only enabled for the mouse on high latency connections. See the Citrix Workspace app for Linux OEM’s Reference Guide.
• Enable data compression - Data compression reduces the amount of data transferred across the connection. This configuration requires more processor resources to compress and decompress the data, but it can increase performance over low-bandwidth connections. Use the Citrix Audio Quality and Image Compression policy settings to enable this feature.
• Reduce the window size - Change the window size to the minimum that is comfortable. On the farm set the Session Options.
• Reduce the number of colors - Reduce the number of colors to 256. On the Citrix Virtual Apps and Desktops or Citrix DaaS site, set the Session Options.
• Reduce sound quality - If audio mapping is enabled, reduce the sound quality to the minimum setting using the Citrix Audio quality policy setting.

For information about troubleshooting, see Connections in the troubleshooting section.

Font

ClearType font smoothing

ClearType font smoothing improves the quality of displayed fonts beyond the available quality through traditional font smoothing or anti-aliasing. ClearType font smoothing is also known as subpixel font rendering. You can turn this feature on or off.

You can also specify the type of smoothing by doing the following:

1. Navigate to the [WFClient] section of the appropriate configuration file.

2. Edit the following setting:

   FontSmoothingType = number

   Where the number can take one of the following values:

   Value	Behavior
   0	The local preference on the device is used. The FontSmoothingTypePref setting defines this value.
   1	No smoothing
   2	Standard smoothing
   3	ClearType (horizontal subpixel) smoothing

Both standard smoothing and ClearType smoothing can increase Citrix Workspace app’s bandwidth requirements.

Important:

The server can configure FontSmoothingType through the ICA file. This value takes precedence over the value set in [WFClient].

If the server sets the value to 0, the following setting in the [WFClient] determines the local preference: FontSmoothingTypePref = number

Where a number can take one of the following values:

Folder

Configure special folder redirection

In this context, there are only two special folders for each user:

• The user’s Desktop folder
• The user’s Documents folder (My Documents on Windows XP)

Special folder redirection enables you to specify the locations of a user’s special folders. As a result, these folders remain fixed across different server types and server farm configurations. It is important if, for example, a mobile user logs on to servers in different server farms. For static, desk-based workstations, where the user can log on to servers that reside in a single-server farm, special folder redirection is rarely necessary.

To configure special folder redirection:

Enable special folder redirection by making an entry in the module.ini file and specify the folder locations as follows:

1. Add the following text to module.ini (for example, $ICAROOT/config/module.ini):

   [ClientDrive]

   SFRAllowed = True

   DocumentsFolder = documents

   DesktopFolder = desktop

   where documents and desktop are the UNIX file names, including the full path, of the directories to use as the users Documents and Desktop folders respectively. For example:

   DesktopFolder = $HOME/.ICAClient/desktop

   • You can specify any component in the path as an environment variable, for example, $HOME.
   • Specify values for both parameters.
   • The directories you specify must be available through client device mapping. That is, the directory must be in the subtree of a mapped client device.
   • Use the drive letters C or higher.

Client-drive mapping

Client drive mapping allows drive letters on the Citrix Virtual Apps and Desktops and Citrix DaaS server to be redirected to directories that exist on the local user device. For example, drive H in a Citrix user session can be mapped to a directory on the local user device running the Workspace app.

Client drive mapping can make any directory mount on the local user device. The local user device includes a CD-ROM, DVD, or a USB memory stick, that are available to the user during a session. Also, the local user has permission to access the local user device. When a server is configured to allow client drive mapping:

• users can access their locally stored files
• Use the files during their session
• and then save them again either on a local drive or on a drive on the server.

Citrix Workspace app supports client device mapping for connections to Citrix Virtual Apps and Desktops and Citrix DaaS servers. This feature enables a remote application that runs on the server to access devices attached to the local user device. The applications and system resources appear to the user at the user device as if they’re running locally. Verify that client device mapping is supported on the server before using these features.

Note:

The Security-Enhanced Linux (SELinux) security model can affect the operation of the Client Drive Mapping and USB Redirection features. This model is applicable on both Citrix Virtual Apps and Desktops and Citrix DaaS. If you require either or both of these features, disable SELinux before configuring them on the server.

Two types of drive mapping are available:

• Static client drive mapping - Enables administrators to map any part of a user device’s file system to a specified drive on the server at logon. For example, it can be used to map all or part of a user’s home directory or /tmp. Also, map the mount points of mass storage devices such as CD-ROMs, DVDs, or USB memory sticks.
• Dynamic client drive mapping - Monitors the directories in which mass storage devices such as CD-ROMs, DVDs, and USB memory sticks are typically mounted on the user device. And any new ones that appear during a session are automatically mapped to the next available drive letter on the server.

When Citrix Workspace app connects to Citrix Virtual Apps and Desktops or Citrix DaaS, client drive mappings are reestablished unless client device mapping is disabled. You can use policies to give you more control over how client device mapping is applied. For more information, see the Citrix Virtual Apps and Desktops documentation.

Users can map drives using the Preferences dialog box.

Note:

By default, enabling static client drive mapping also enables dynamic client drive mapping. To disable the latter but enable the former, set DynamicCDM to False in wfclient.ini.

Previously, your setting for file access through CDM was applied on all configured stores.

Starting with Version 2012, Citrix Workspace app allows you to configure per-store CDM file access.

Note:

The file access setting isn’t persistent across sessions when using workspace for web. It defaults to the Ask me each time option.

You can use the wfclient.ini file to configure the mapped path and file name attributes. Use the GUI to set a file access level as shown in the preceding screen capture.

In a desktop session, you can set a file access level by navigating to the Preferences > File access dialog from the Desktop Viewer.

In an app session, you can set a file access level by launching the File access dialog from Citrix Connection Center.

The File access dialog includes the mapped folder name and its path.

The access level flag isn’t supported in the wfclient.ini file anymore.

Map client-printers

Citrix Workspace app supports printing to network printers and printers that are attached locally to user devices. By default, unless you create policies to change it, Citrix Virtual Apps and Desktops and Citrix DaaS lets users:

• Print to all printing devices accessible from the user device
• Add printers

These settings, however, might not be perfect in all environments. For example, the default setting that allows users to print to all printers accessible from the user device is the easiest to administer initially. But the default setting might create slower logon times in some environments. In this situation, you might want to limit the list of printers configured on the user device.

Likewise, your organization’s security policies might require that you prevent users from mapping local printing ports. To do so, on the server configure the ICA policy Auto connect client COM ports setting to Disabled.

To limit the list of printers configured on the user device:

1. Open the configuration file, wfclient.ini, in one of the following:

   • $HOME/.ICAClient directory to limit the printers for a single user
   • $ICAROOT/config directory to limit the printers for all Workspace app users. All users in this case are those users who first use the self-service program after the change.

2. In the [WFClient] section of the file type:

   ClientPrinterList=printer1:printer2:printer3

   Where printer1, printer2, and so on, are the names of the chosen printers. Separate printer name entries by a colon (:).

3. Save and close the file.

Map a local printer

The Citrix Workspace app for Linux supports the Citrix PS Universal Printer Driver. So, usually no local configuration is required for users to print to network printers or printers that are attached locally to user devices. You might manually map client printers on Citrix Virtual Apps and Desktops or Citrix DaaS for Windows if, for example, the user device’s printing software does not support the universal printer driver.

To map a local printer on a server:

1. From Citrix Workspace app, start a server connection and log on to a computer running Citrix Virtual Apps and Desktops or Citrix DaaS.

2. On the Start menu, choose Settings > Printers.

3. On the File menu, choose Add Printer.

   The Add Printer wizard appears.

4. Use the wizard to add a network printer from the Client Network, Client domain. Usually this value is a standard printer name, similar to values created by native Remote Desktop Services, such as “HP LaserJet 4 from client name in session 3.”

   For more information about adding printers, see your Windows operating system documentation.

Audio

Starting with Version 2112, the VdcamVersion4Support attribute in the module.ini file is renamed to AudioRedirectionV4. Starting with version 2212, the default value for AudioRedirectionV4 is set to True. As a result:

• the PulseAudio library is used to access the audio devices and extra devices are supported.
• more than one app can use the audio devices at a time.
• Citrix Workspace app displays all local audio devices that are available in a session. Instead of Citrix HDX Audio, the audio devices appear with their respective device names. You can switch to any of the available devices dynamically in a session.
• sessions update dynamically when you plug in or remove audio devices.

If you set the value of AudioRedirectionV4 to False:

• the ALSA library is used to access the audio devices and only single device is supported.
• default audio device with the name Citrix HDX Audio appears in the session.
• only one app can use the Citrix HDX Audio device at a time.

To set the AudioRedirectionV4 to False, do the following:

1. Navigate to the <ICAROOT>/config folder and open the module.ini file.

2. Go to the [ClientAudio] section and add the following entry:

   AudioRedirectionV4=False

3. Restart the session for the changes to take effect.

Support for audio recording

Starting with version 2212, audio recording feature is enabled by default. The devices to record audio appears when a session starts.

To disable this feature, set the value for AllowAudioInput to False in the wfclient.ini file.

Notes:

• The enhanced audio redirection feature is generally available starting from version 2212.
• The Mic and Webcam option in the Preferences dialog is disabled by default. For information on how to enable mic and webcam, see Preferences.
• Citrix Workspace app version 2010, addresses issues to improve the Multi-Stream ICA feature.

Known limitations:

By default, the AudioRedirectionV4 value is set to True. The following known limitation is present when the value of AudioRedirectionV4 is set to True:

• If you launch a session from the command line interface with root privilege, the PulseAudio server might refuse the connection when trying to connect to it. In this case, the audio devices might start using the ALSA library which supports single devices only.

If you set the AudioRedirectionV4 value to False , the following known limitations are present:

• On a VDA running on Windows Server 2016, you can’t change the audio device selection in a session. The selection is set to the default audio input and output only. This limitation is resolved when you set the AudioRedirectionV4 value to True.
• Audio device redirection isn’t supported with Bluetooth audio devices. This limitation is resolved when you set the AudioRedirectionV4 value to True.
• You can change the default audio device only on Windows 10, Windows 7, and Windows 8 operating systems. On Windows Server operating systems, such as Windows Server 2012, 2016, and 2019, you can’t change the default audio device. This issue is because of a limitation in the Microsoft remote desktop session.
• Audio device redirection isn’t supported with HDMI audio devices. This limitation is resolved when you set the AudioRedirectionV4 value to True. However, the Citrix Workspace app might display HDMI audio devices that aren’t connected in a session.

When the AudioRedirectionV4 value is False, the default audio device is typically the default ALSA device configured for your system. Use the following procedure to specify a different device:

1. Choose and open a configuration file according to which users you want your changes to affect. See default settings for information about how updates to particular configuration files affect different users.

2. Add the following option, creating the section if necessary:

   
   [ClientAudio]
   
   AudioDevice = \<device\>
   <!--NeedCopy-->
   

In this section, the device information is present in the ALSA configuration file on your operating system.

Note:

The location of this information isn’t standard across all Linux operating systems. Citrix recommends consulting your operating system documentation for more details about locating this information.

Enhancement to improve audio quality

Previously, the maximum output buffering value to play the audio smoothly was 200 ms in Citrix Workspace app. Because of this value set, 200 ms latency was added in the playback scenario. This maximum output buffering value had an impact on interactive audio applications as well.

With this enhancement, the maximum output buffering value is decreased to 50 ms in Citrix Workspace app. As a result, the user experience on the interactive audio application is improved. Also, the Round trip time (RTT) is decreased by 150 ms.

Starting with version 2207, you can select the appropriate playback threshold and pulse audio prebuffer to improve the audio quality. For this enhancement, the following parameters are added in the [ClientAudio] section of the module.ini file:

• PlaybackDelayThreshV4 – To specify the initial level of output buffering in milliseconds. Citrix Workspace app tries to maintain this level of buffering throughout a session’s duration. The default value of the PlaybackDelayThreshV4 is 50 ms. This parameter is valid only when AudioRedirectionV4 is set to True.
• AudioTempLatencyBoostV4 – When the audio throughput undergoes a sudden spike or isn’t enough for an unstable network, this value increases the output buffering value. This increase in the output buffering value provides smooth audio. However, the audio might be slightly delayed. The default value of AudioTempLatencyBoostV4 is set to 100 ms. This parameter is only valid when AudioRedirectionV4 is set to True and AudioLatencyControlEnabled is set to True. By default, the value of AudioLatencyControlEnabled is set to True.

By default, the value of AudioRedirectionV4 is set to True. To disable this feature, do the following:

1. Navigate to the <ICAROOT>/config folder and open the module.ini file.

2. Go to the [ClientAudio] section and add the following entry:

   AudioRedirectionV4=False

3. Restart the session for the changes to take effect.

Improved audio echo cancellation support

Note:

Starting with 2303 version, this feature is generally available for Citrix Workspace app.

Starting with this release, Citrix Workspace app supports echo cancellation. This feature is designed for real-time user cases, and it improves the user experience. The echo cancellation feature supports low quality, medium quality, and adaptive audio. Citrix recommends using adaptive audio for better performance.

By default, the echo cancellation feature is disabled. During real-time user cases, it is recommended to turn on the echo cancellation if the speaker is used instead of the headset.

To enable this feature, do the following:

1. Navigate to the <ICAROOT>/config folder and open the module.ini file.

2. Go to the [ClientAudio] section and update the value of the EnableEchoCancellation parameter as follows:

   EnableEchoCancellation =TRUE

Limitation:

By design, the echo cancellation feature is disabled for high quality audio.

Addition of client-side jitter buffer mechanism [Technical Preview]

Starting with version 2212, Citrix Workspace app ensures smooth audio even when the network latency fluctuates. By default, this feature is disabled.

To enable this feature, do the following:

1. Navigate to the /opt/Citrix/ICAClient/config/module.ini configuration file and edit it.

2. Disable audio latency control as follows:

   `AudioLatencyControlEnabled = FALSE`
   

3. Enable jitter buffer as follows:

   `JitterBufferEnabled = TRUE`
   

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Map client audio

Client audio mapping enables applications that run on the Citrix Virtual Apps and Desktops or Citrix DaaS server to play sounds through a sound device installed on the user device. You can set audio quality on a per-connection basis on the server and users can set it on the user device. If the user device and server audio quality settings are different, the lower setting is used.

Client audio mapping can cause excessive load on servers and the network. The higher the audio quality, the more bandwidth is required to transfer the audio data. Higher-quality audio also uses more server CPU to process.

You configure client audio mapping using policies. For more information, see the Citrix Virtual Apps and Desktops documentation.

Adaptive audio

Starting with version 2109, Citrix Workspace app supports adaptive audio. With adaptive audio, you don’t need to manually configure the audio quality policies on the VDA. Adaptive audio optimizes settings for your environment and replaces obsolete audio compression formats to provide an excellent user experience. Adaptive audio is enabled by default. For more information, see Adaptive audio.

Starting with version 2112, adaptive audio works when using User Datagram Protocol (UDP) audio delivery.

Known limitation:

• Adaptive audio requires CPU processors that support Streaming SIMD Extensions (SSE) 4.x. Citrix Workspace app might be closed when adaptive audio is used with the CPU processor that doesn’t support SSE 4.x.

Enabling UDP audio

UDP audio can improve the quality of phone calls made over the Internet. It uses UDP instead of TCP.

Starting with Version 2112, adaptive audio works when using UDP audio delivery. Also, from this version, Citrix Workspace app supports Datagram Transport Layer Security (DTLS) protocol for UDP audio. As a result, you can access the UDP audio through Citrix Gateway. By default, this feature is disabled.

Starting with version 2202, the enhancement to support UDP audio through Citrix Gateway is generally available for Citrix Workspace app.

To enable UDP audio:

1. Set the following options in the [ClientAudio] section of module.ini:
   • Set EnableUDPAudio to True. By default, this value is set to False, which disables UDP audio.
   • Specify the minimum and maximum port numbers for UDP audio traffic using UDPAudioPortLow and UDPAudioPortHigh respectively. By default, ports 16500–16509 are used.
2. By default, adaptive audio is enabled on the VDA and supports UDP audio. If you have disabled adaptive audio, set client and server audio settings as follows to support UDP audio. As a result, the resultant audio is of a medium quality (that is, not high or low).

To enable UDP audio through Citrix Gateway:

1. Navigate to the <ICAROOT>/config folder and open the module.ini file.

2. Go to the [WFClient] section and set the following entry:

   EnableUDPThroughGateway=True

3. Go to the [ClientAudio] section and set the following entry:

   EnableUDPAudio=True

Note:

If you use the StoreFront default.ica configuration, the value of EnableUDPThroughGateway set in the [Application] section takes precedence over the value set in the module.ini file. However, you can set the EnableUDPAudio value in the [ClientAudio] section only using the module.ini file. Also, it does not take precedence over the value set in the StoreFront default.ica configuration.

Limitations:

• UDP audio isn’t available in encrypted sessions (that is, those using TLS or ICA Encryption). In such sessions, audio transmission uses TCP.
• The ICA channel priority can affect UDP audio.

UDP on the client

1. Navigate to the $ICAROOT/config/module.ini file.

2. Set the following under the [ClientAudio] section:

   EnableUDPAudio=True

   UDPAudioPortLow=int

   UDPAudioPortHigh=int

3. Set the following under the [WFClient] section:

   EnableUDPThroughGateway=True

4. Navigate to the $HOME/.ICAClient/wfclient.ini file.

5. Set the following under the [WFClient] section:

   AllowAudioInput=True

   EnableAudioInput=true

   AudioBandWidthLimit=1

   Notes:

   • The values set for the AllowAudioInput, EnableAudioInput, and AudioBandWidthLimit attributes in the [WFClient] section are applicable to both UDP audio and TCP audio.
   • If the .ICAClient folder isn’t found (occurs only in first-time installation and launching) launch the Citrix Workspace app and close. This action creates the .ICAClient folder.
   • When the AudioBandWidthLimit is set to 1, the audio quality on the client is medium.

6. Set the following policies on the Domain Delivery Controller (DDC):

   • Set “Windows Media redirection” to “Prohibited”.
   • Set “Audio over UDP” to “Allowed”.
   • Set “Audio over UDP real-time transport” to “Enabled.
   • Set “Audio quality” to “Medium”.

Changing how Citrix Workspace app is used

ICA technology is highly optimized and typically does not have high CPU and bandwidth requirements. However, if you’re using a very low-bandwidth connection, consider the following to preserve performance:

• Avoid accessing large files using client drive mapping. When you access a large file with client drive mapping, the file is transferred over the server connection. On slow connections, this file transfer might take a long time.
• Avoid printing large documents on local printers. When you print a document on a local printer, the print file is transferred over the server connection. On slow connections, this file transfer might take a long time.
• Avoid playing multimedia content. Playing multimedia content uses many bandwidths and can cause reduced performance.

USB

USB support enables users to interact with a wide range of USB devices when connected to a virtual desktop. Users can plug USB devices into their computers and the devices are redirected to their virtual desktop after enabling auto-redirection manually through configuration file settings. Auto-redirection of USB devices is disabled, by default. USB devices available for remoting include the following:

• Flash drives
• Smartphones
• PDAs
• Printers
• Scanners
• MP3 players
• Security devices
• Tablets

USB redirection requires either Citrix Virtual Apps and Desktops 7.6 or later. Citrix Virtual Apps and Desktops and Citrix DaaS do not support USB redirection of mass storage devices and requires special configuration to support audio devices. For more information, see Citrix Virtual Apps 7.6 documentation for details.

Isochronous features in USB devices such as webcams, microphones, speakers, and headsets are supported in typical low latency or high speed LAN environments. But usually the standard audio or webcam redirection are more suitable.

The following types of device are supported directly in a virtual apps and desktops session, and so do not use USB support:

• Keyboards
• Mice
• Smart cards
• Headsets
• Webcams

Note:

Specialist USB devices (for example, Bloomberg keyboards and 3D mice) can be configured to use USB support. For information on configuring policy rules for other specialist USB devices, see CTX119722.

By default, certain types of USB devices aren’t supported for remoting through Citrix Virtual Apps and Desktops or Citrix DaaS. For example, a user might have a NIC attached to the system board by internal USB. Remoting this NIC wouldn’t be appropriate. By default, the following types of USB device aren’t supported for use in the virtual apps and desktops:

• Bluetooth dongles
• Integrated NICs
• USB hubs

To update the default list of USB devices available for remoting, edit the usb.conf file in the $ICAROOT/ folder. For more information, see the Update the list of USB devices available for remoting section.

To allow the remoting of USB devices to virtual desktops, enable the USB policy rule. For more information, see the Citrix Virtual Apps and Desktops documentation.

How USB support works

When a user plugs a USB device, it’s checked against the USB policy. And, if allowed, redirected to the virtual desktop. If the default policy denies the device, it’s available only to the local desktop.

Consider a user plug in a USB device in desktops accessed through desktop appliance mode. In this case, that device is auto-redirected to the virtual desktop after enabling auto-redirection manually through configuration file settings. Auto-redirection of USB devices is disabled, by default. To configure the auto-redirection of USB devices, do the following:

1. Navigate to the $Home/.ICAClient/wfclient.ini configuration file.

2. Add the following entry:

   DesktopApplianceMode=True

3. Navigate to /opt/Citrix/ICAClient/usb.conf configuration file.

4. Set any of the following device rules:

   • CONNECT – Set the “CONNECT” keyword to enable auto redirect of a device when a session starts.
   • ALLOW – Set the “ALLOW” keyword to allow auto-redirect of a device only after a session starts. However, if the “CONNECT” or “ALLOW” keyword is set, the device is auto-redirected when it unplugged and plugged in during a session.

   Sample device rule: CONNECT: vid=046D pid=0002 # Allow a specific device by vid/pid ALLOW: vid=046D pid=0102 # Allow a specific device by vid/pid

The session window must have focus when the user plugs in the USB device for redirection to occur, unless desktop appliance mode is in use.

Known limitation:

For USB redirection, the policies defined in the usb.conf file might not work and the USB devices might not be redirected into session. This issue occurs if you have more than 2000 characters present in the usb.conf file. As a workaround, you can remove the existing comments to the policies to reduce the number of characters in the usb.conf file.

Mass storage devices

Consider that a user disconnects from a virtual desktop when a USB mass storage device is still plugged in to the local desktop. In this case, that device isn’t redirected to the virtual desktop when the user reconnects. To verify that the mass storage device is redirected to the virtual desktop, the user must remove and reinsert the device after reconnecting.

Note:

If you insert a mass storage device into a Linux workstation that has been configured to deny remote support for USB mass storage devices, Citrix Workspace app does not accept the device. And a separate Linux file browser might open. So, Citrix recommends that you pre-configure user devices with the Browse removable media when inserted setting cleared by default. On Debian-based devices, do this using the Debian menu bar by selecting Desktop > Preferences > Removable Drives and Media. And on the Storage tab, under Removable Storage, clear the Browse removable media when inserted check box.

For the Client USB device redirection, note the following points.

Notes:

• Consider that the Client USB device redirection server policy is turned on. In this case, the mass storage devices are directed as USB devices even if client drive mapping is turned on.
• The app does not support composite device redirection for USB devices.

USB classes

The default USB policy rules allow the following classes of USB device:

• Audio (Class 01)

  Includes microphones, speakers, headsets, and MIDI controllers.

• Physical Interface (Class 05)

  These devices are similar to HIDs, but generally provide real-time input or feedback and include force feedback joysticks, motion platforms, and force feedback exoskeletons.

• Still Imaging (Class 06)

  Includes digital cameras and scanners. Digital cameras support the still imaging class that uses the Picture Transfer Protocol (PTP) or Media Transfer Protocol (MTP) to transfer images to a computer or other peripheral. Cameras might also appear as mass storage devices. And it might be possible to configure a camera to use either class, through the setup menus provided by the camera itself.

  If a camera appears as a mass storage device, client drive mapping is used, and USB support isn’t required.

• Printers (Class 07)

  In general most printers are included in this class, although some use vendor-specific protocols (class ff). Multi-function printers might have an internal hub or be composite devices. In both cases, the printing element generally uses the Printers class and the scanning or fax element uses another class; for example, Still Imaging.

  Printers normally work appropriately without USB support.

• Mass Storage (Class 08)

  The most common mass storage devices are USB flash drives; others include USB-attached hard drives, CD/DVD drives, and SD/MMC card readers. There’s a wide variety of devices having internal storage which also presents a mass storage interface; these include media players, digital cameras, and mobile phones. Known subclasses include:

• 01 Limited flash devices
• 02 Typically CD/DVD devices (ATAPI/MMC-2)
• 03 Typically tape devices (QIC-157)
• 04 Typically floppy disk drives (UFI)
• 05 Typically floppy disk drives (SFF-8070i)

• 06 Most mass storage devices use this variant of SCSI

  Mass storage devices can often be accessed through client drive mapping, and so USB support isn’t required.

  Important: Some viruses are known to propagate actively using all types of mass storage. Consider carefully whether there’s a business requirement to allow the use of mass storage devices, either through client drive mapping, or USB support. To reduce this risk, the server might be configured to prevent files being run-through client drive mapping.

• Content Security (Class 0d)

  Content security devices enforce content protection, typically for licensing or digital rights management. This class includes dongles.

• Personal Healthcare (Class 0f)

  These devices include personal healthcare devices such as blood pressure sensors, heart rate monitors, pedometers, pill monitors, and spirometers.

• Application and Vendor Specific (Classes fe and ff)

  Many devices use vendor-specific protocols or protocols not standardized by the USB consortium, and these devices usually appear as vendor-specific (class ff).

USB device classes

The default USB policy rules deny the following classes of USB devices:

• Communications and CDC Control (Classes 02 and 0a)

  Includes modems, ISDN adapters, network adapters, and some telephones and fax machines.

  The default USB policy does not allow these devices, because one of them might be providing the connection to the virtual desktop itself.

• Human Interface Devices (Class 03)

  Includes a wide variety of both input and output devices. Typical Human Interface Devices (HIDs) are keyboards, mice, pointing devices, graphic tablets, sensors, game controllers, buttons, and control functions.

  Subclass 01 is known as the boot interface class and is used for keyboards and mice.

  The default USB policy does not allow USB keyboards (class 03, subclass 01, protocol 1), or USB mice (class 03, subclass 01, protocol 2). This setting is because most keyboards and mice are handled appropriately without USB support. And it’s normally necessary to use these devices locally as well remotely when connecting to a virtual desktop.

• USB Hubs (Class 09)

  USB Hubs allow extra devices to be connected to the local computer. It isn’t necessary to access these devices remotely.

• Smart card (Class 0b)

  Smart card readers include contactless and contact smart card readers, and also USB tokens with an embedded smart card equivalent chip.

  Smart card readers are accessed using smart card remoting and do not require USB support.

• Video (Class 0e)

  The video class covers devices that are used to manipulate video or video-related material, such as webcams, digital camcorders, analog video converters, some television tuners, and some digital cameras that support video streaming.

  By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression.

• Wireless Controllers (Class e0)

  Includes a wide variety of wireless controllers, such as ultrawide band controllers and Bluetooth.

  Some of these devices might be providing critical network access, or connecting critical peripherals such as Bluetooth keyboards or mice.

  The default USB policy does not allow these devices. However, there might be particular devices it’s appropriate to provide access to using USB support.

List of USB devices

You can update the range of USB devices available for remoting to desktops. To update the range, edit the list of default rules in the usb.conf file on the user device in $ICAROOT/.

You update the list by adding new policy rules to allow or deny USB devices not included in the default range. Rules created by an administrator in this way control which devices are offered to the server. The rules on the server control which of these devices to be accepted.

The default policy configuration for disallowed devices is:

DENY: class=09 # Hub devices

DENY: class=03 subclass=01 # HID Boot device (keyboards and mice)

DENY: class=0b # Smartcard

DENY: class=e0 # Wireless Controllers

DENY: class=02 # Communications and CDC Control

DENY: class=03 # UVC (webcam)

DENY: class=0a # CDC Data

ALLOW: # Ultimate fallback: allow everything else

USB policy rules

Tip: When creating policy rules, see the USB Class Codes, available from the USB website at http://www.usb.org/. Policy rules in the usb.conf file on the user device take the format {ALLOW:|DENY:} followed by a set of expressions based on values for the following tags:

When creating policy rules, be aware of the following:

• Rules are case-insensitive.
• Rules might have an optional comment at the end, introduced by “#.” A delimiter isn’t required and the comment is ignored for matching purposes.
• Blank and pure comment lines are ignored.
• Whitespace used as a separator is ignored, but can’t appear in the middle of a number or identifier. For example, Deny: Class=08 SubClass=05 is a valid rule; Deny: Class=0 8 Sub Class=05 isn’t.
• Tags must use the matching operator “=.” For example, VID=1230.

Example

The following example shows a section of the usb.conf file on the user device. For these rules to be implemented, the same set of rules must exist on the server.

ALLOW: VID=1230 PID=0007 \# ANOther Industries, ANOther Flash Drive

DENY: Class=08 SubClass=05 \# Mass Storage Devices

DENY: Class=0D \# All Security Devices

Start-up modes

Using desktop appliance mode, you can change how a virtual desktop handles previously attached USB devices. In the WfClient section of the $ICAROOT/config/module.ini file on each user device, set DesktopApplianceMode = Boolean as follows.

Note:

Set the “CONNECT” keyword to enable the auto redirect of a device when a session starts. Also, set the “ALLOW” keyword to allow auto-redirect of a device only after a session starts. However, if the CONNECT or ALLOW keyword is set, the device is auto-redirected when it unplugged and plugged in during a session.

Composite USB device redirection

Starting with 2207 version, Citrix Workspace app allows splitting of composite USB devices. A composite USB device can perform more than one function. These functions are accomplished by exposing each of those functions using different interfaces. Examples of composite USB devices include HID devices that consist of audio and video input and output.

Currently composite USB device redirection is available in desktop session only. The split devices appear in the Desktop Viewer.

Earlier when a device was unplugged and plugged in during a session, the device was auto-redirected. As a result, the device was auto connected to the VDA. With this release, you are required to enable auto-redirection manually through configuration file settings. Auto-redirection of composite USB devices is disabled, by default.

USB 2.1 and later supports the notion of USB composite devices where multiple child devices share a single connection with the same USB bus. Such devices employ a single configuration space and shared bus connection where a unique interface number 00-ff is used to identify each child device. This setting is not the same as a USB hub which provides a new USB bus origin for other independently addressed USB devices for connection.

Composite devices found on the client endpoint can be forwarded to the virtual host as either:

• a single composite USB device, or
• a set of independent child devices (split devices)

When a composite USB device is forwarded, the entire device becomes unavailable to the endpoint. This action blocks the local usage of the device for all applications on the endpoint, including the Citrix Workspace client needed for an optimized HDX remote experience.

Consider a USB headset device with both audio device and HID button for mute and volume control. If the entire device is forwarded using a generic USB channel, the device becomes unavailable for redirection over the optimized HDX audio channel. However, you can achieve best experience when the audio is sent through the optimized HDX audio channel unlike the audio sent using host-side audio drivers through generic USB remoting. This is because of the noisy nature of the USB audio protocols.

You also notice issues when the system keyboard or pointing device are part of a composite device with other integrated features required for the remote session support. When a complete composite device is forwarded, the system keyboard or mouse becomes inoperable at the endpoint, except within the remote desktop session or application.

To resolve these issues, Citrix recommends that you split the composite device and forward only the child interfaces that use a generic USB channel. This setting ensures that the other child devices are available for use by applications on the client endpoint, including, the Citrix Workspace app that provides optimized HDX experiences, while allowing only the required devices to be forwarded and available to the remote session.

Configure auto-redirection of composite USB devices

Earlier when a device was unplugged and plugged in during a session, the device was redirected automatically. As a result, the device was auto-connected to the VDA. With this release, you are required to enable auto-redirection manually through configuration file settings. Auto-redirection of composite USB devices is disabled, by default.

To configure the auto-redirection of composite USB devices, do the following:

1. Navigate to the $Home/.ICAClient/wfclient.ini configuration file.

2. Add the following entry:

   DesktopApplianceMode=True

3. Navigate to /opt/Citrix/ICAClient/usb.conf configuration file.

4. Set any of the following device rules:

   • CONNECT – Set the “CONNECT” keyword to enable auto redirect of a device when a session starts.
   • ALLOW – Set the “ALLOW” keyword to allow auto-redirect of a device only after a session starts.

   However, if the CONNECT or ALLOW keyword is set, the device is auto-redirected when it unplugged and plugged in during a session.

Sample device rule:

CONNECT: vid=046D pid=0002 # Allow a specific device by vid/pid`

ALLOW: vid=046D pid=0102 # Allow a specific device by vid/pid`

Device Rules:

As with regular USB devices, the composite devices for forwarding are selected based on the device rules set in the Citrix Workspace app configuration. Citrix Workspace app uses these rules to decide which USB devices to allow or prevent from forwarding to the remote session.

Each rule consists of an action keyword (Allow, Connect, or Deny), a colon (:), and zero or more filter parameters that match actual devices at the endpoints USB subsystem. These filter parameters correspond to the USB device descriptor metadata used by every USB device to identify itself.

Device rules are clear text with each rule on a single line and an optional comment after a # character. Rules are matched top down (descending priority order). The first rule that matches the device or child interface is applied. Subsequent rules that select the same device or interface are ignored.

To modify the device rules, do the following:

1. Navigate to /opt/Citrix/ICAClient/usb.conf file.
2. Update the device rules as required.

Sample device rules:

ALLOW: vid=046D pid=0102 # Allow a specific device by vid/pid

ALLOW: vid=0505 class=03 subclass=01 # Allow any pid for vendor 0505 w/subclass=01

DENY: vid=0850 pid=040C # deny a specific device (including all child devices)

DENY: class=03 subclass=01 prot=01 # deny any device that matches all filters

CONNECT: vid=0911 pid=0C1C # Allow and auto-connect a specific device

ALLOW: vid=0286 pid=0101 split=01 # Split this device and allow all interfaces

ALLOW: vid=1050 pid=0407 split=01 intf=00,01 # Split and allow only 2 interfaces

CONNECT: vid=1050 pid=0407 split=01 intf=02 # Split and auto-connect interface 2

DENY: vid=1050 pid=0407 split=1 intf=03 # Prevent interface 03 from being remoted

You can use any of the following filter parameters to apply rules to the encountered devices:

The first six parameters select the USB devices for which the rule must be applied. If any parameter is not specified, the rule matches a device with ANY value for that parameter.

The USB Implementors Forum maintains a list of defined class, subclass, and protocol values in Defined Class Codes. USB-IF also maintains a list of registered vendor IDs. You can check the vendor, product, release, and interface IDs of a specific device using a free tool like lsusb:

 <username@username>-ThinkPad-T470:/var/log$ lsusb

Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 002 Device 002: ID 0bda:0316 Realtek Semiconductor Corp. USB3.0-CRW

Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Bus 001 Device 005: ID 138a:0097 Validity Sensors, Inc.

Bus 001 Device 004: ID 5986:111c Acer, Inc Integrated Camera

Bus 001 Device 003: ID 8087:0a2b Intel Corp.

Bus 001 Device 006: ID 17ef:609b Lenovo Lenovo USB Receiver

Bus 001 Device 045: ID 1188:a001 Bloomberg L.P. Lenovo USB Receiver

Bus 001 Device 044: ID 1188:a301 Bloomberg L.P.

Bus 001 Device 043: ID 1188:a901 Bloomberg L.P. Keyboard Hub

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

<!--NeedCopy-->

    | <username@username>-ThinkPad-T470:/var/log$ lsusb -t

    /:  Bus 04.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 10000M

    /:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M

    /:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/6p, 5000M

    |__ Port 3: Dev 2, If 0, Class=Mass Storage, Driver=usb-storage, 5000M

    /:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/12p, 480M

    |__ Port 1: Dev 43, If 0, Class=Hub, Driver=hub/4p, 480M

        |__ Port 1: Dev 46, If 0, Class=Human Interface Device, Driver=usbhid, 12M

        |__ Port 4: Dev 45, If 0, Class=Human Interface Device, Driver=usbhid, 12M

        |__ Port 4: Dev 45, If 1, Class=Human Interface Device, Driver=usbhid, 12M

        |__ Port 2: Dev 44, If 3, Class=Audio, Driver=snd-usb-audio, 12M

        |__ Port 2: Dev 44, If 1, Class=Vendor Specific Class, Driver=, 12M

        |__ Port 2: Dev 44, If 4, Class=Audio, Driver=snd-usb-audio, 12M

        |__ Port 2: Dev 44, If 2, Class=Audio, Driver=snd-usb-audio, 12M

        |__ Port 2: Dev 44, If 0, Class=Human Interface Device, Driver=usbhid, 12M

    |__ Port 4: Dev 6, If 1, Class=Human Interface Device, Driver=usbhid, 12M

    |__ Port 4: Dev 6, If 2, Class=Human Interface Device, Driver=usbhid, 12M

    |__ Port 4: Dev 6, If 0, Class=Human Interface Device, Driver=usbhid, 12M

    |__ Port 7: Dev 3, If 0, Class=Wireless, Driver=btusb, 12M

    |__ Port 7: Dev 3, If 1, Class=Wireless, Driver=btusb, 12M

    |__ Port 8: Dev 4, If 1, Class=Video, Driver=uvcvideo, 480M

    |__ Port 8: Dev 4, If 0, Class=Video, Driver=uvcvideo, 480M

    |__ Port 9: Dev 5, If 0, Class=Vendor Specific Class, Driver=, 12M |

<!--NeedCopy-->

When present, the last two parameters apply only to USB composite devices. The split parameter determines if a composite device must be forwarded as split devices or as a single composite device.

Split=1 indicates that the selected child interfaces of a composite device must be forwarded as split devices. Split=0 indicates that the composite device must not be split.

Note:

If the split parameter is omitted, Split=0 is assumed.

The intf parameter selects the specific child interfaces of the composite device to which the action must be applied. If omitted, the action applies to all interfaces of the composite device.

Consider a composite USB device (For example, Bloomberg 4 keyboard) with six interfaces:

• Interface 0 - Bloomberg 4 Keyboard HID
• Interface 1 - Bloomberg 4 Keyboard HID
• Interface 2 - Bloomberg 4 HID
• Interface 3 - Bloomberg 4 Keyboard Audio Channel
• Interface 4 - Bloomberg 4 Keyboard Audio Channel
• Interface 5 - Bloomberg 4 Keyboard Audio Channel
• The suggested rules for this type of device are:

CONNECT: vid=1188 pid=9545 split=01 intf=00 # Bloomberg 4 Keyboard HID

CONNECT: vid=1188 pid=9545 split=01 intf=01 # Bloomberg 4 Keyboard HID

CONNECT: vid=1188 pid=9545 split=01 intf=02 # Bloomberg 4 HID

DENY: vid=1188 pid=9545 split=01 intf=03 # Bloomberg 4 Keyboard Audio Channel

DENY: vid=1188 pid=9545 split=01 intf=04 # Bloomberg 4 Keyboard Audio Channel

DENY: vid=1188 pid=9545 split=01 intf=05 # Bloomberg 4 Keyboard Audio Channel

Composite USB device redirection with Citrix Viewer

To connect the USB devices from the Devices section, do the following:

1. In a desktop session, navigate to the Desktop Viewer under Devices. The split USB devices appear.

   

2. To connect a device, select the required menu item.

To connect the USB devices from the Preferences section, do the following:

1. Navigate to the Preferences > Devices section. The split USB devices appear.

   

2. Select the check boxes next to the devices, as required.

3. Click OK.

The selected configuration is applied to the device connection.

Note:

Clear the required menu item or check boxes next to the devices to disconnect a device.

Webcams

By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression. In some circumstances, however, you might require users to connect webcams using USB support. To connect webcams using USB support, disable HDX RealTime Webcam Video Compression.

Webcam redirection

Following are a few points on webcam redirection:

• Webcam redirection is compatible with and without RTME.

• Webcam redirection works for 32-bit and 64-bit applications. For example, Skype, GoToMeeting. Use a 32-bit browser or 64-bit browser to verify webcam redirection online. For example, www.webcamtests.com

• Webcam usage is exclusive to applications. For example, when Skype is running with a webcam and you launch GoToMeeting, exit Skype to use the webcam with GoToMeeting.

Webcam redirection for 64-bit apps [Technical Preview]

Starting with the 2111 release, webcam redirection is supported for 64-bit applications.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

System requirements

• GStreamer framework version 0.1.x or 1.x depending on the current version installed in the system.
• ICAClient version greater than 2106 in case it is using GStreamer 1.x
• Gstreamer version and plug-ins:
  • gstreamer1.0-plugins-base
  • gstreamer1.0-plugins-bad
  • gstreamer1.0-plugins-good
  • gstreamer1.0-plugins-ugly
  • gstreamer1.0-vaapi plugin and libva library
  • x264 library

Note:

The version of the GStreamer plug-in must be consistent with the version of the GStreamer framework. For example, if you install the Gstreamer1.2.4, the version of all Gstreamer1.x plug-ins must be 1.2.4.

Webcam redirection configuration

Do the following steps to activate and configure webcam redirection feature for 64-bit apps on Citrix Workspace app for Linux.

Step 1: Verify the ICAClient configuration

Set the AllowAudioInput value to True to enable the webcam redirection feature. By default, this value is set to True during the installation of ICAClient.

If the AllowAudioInput value is set to False, do the following to enable the webcam redirection feature:

1. Navigate to ~/.ICAClient/wfclient.ini configuration file and edit it.

2. Set the AllowAudioInput value to True.

   AllowAudioInput=True

Step 2: Verify the Theora encoder configuration

After you have successfully installed the ICAClient and the AllowAudioInput value is set to True, by default the Theora encoder is configured. This encoder is a software-based encoder with acceptable performance. However, this encoder supports only 32-bit apps on a VDA.

Do the following to verify that the Theora encoder supports 32-bit apps:

1. Install Firefox 32-bit on a VDA.
2. Access the webcam test site at https://webcamtests.com/

The Theora encoder does not support the webcam redirection feature for 64-bit apps on a VDA. Configure the H264 encoder option to support the webcam redirection feature for 64-bit apps on VDA.

Step 3: Configure H264 encoder

H264 encoder supports the webcam redirection feature for 64-bit apps on the VDA. To enable the H264 encoder, you must do the following:

1. Navigate to ~/.ICAClient/wfclient.ini configuration file and edit it.

2. Set the HDXH264InputEnabled value to True.

   HDXH264InputEnabled=True

Do the following to verify that the H264 encoder supports 64-bit apps:

1. Install Firefox 64-bit on a VDA.
2. Access the webcam test site at https://webcamtests.com/.

Step 4: Verify system dependencies

After configuring the H264 encoder, if the webcam redirection feature does not support 64-bit apps on the VDA verify the system dependencies.

The webcam redirection feature for the 64-bit app is based on the GStreamer framework. The ICAClient uses GStreamer framework version 0.1.x or 1.x depending on the current version installed in your system.

Step 4.1: Verify ICAClient version

Verify whether the ICAClient version is greater than 2106 in case it is using GStreamer 1.x. Previous versions of ICAClient might fail.

Do the following steps to verify the ICAClient version is based on the GStreamer framework installed in your system:

1. Enter the following commands in a command line:

   cd /opt/Citrix/ICAClient/util
   <!--NeedCopy-->
   

   ls -alh
   <!--NeedCopy-->
   

2. Verify whether the gst_read symlink is linked to gst_read1.0 or gst_read0.1. as shown in the following image:

   

You can also run the workspaceappcheck.sh script in the util directory and verify the output of the section referring to GStreamer dependencies.

Citrix recommends using the ICAClient version greater than or equal to 2106 and GStreamer 1.x.

Step 4.2: Verify Gstreamer version and plug-ins

Apart from the GStreamer 1.x framework, you must install the following required plug-ins:

• Gstreamer1.0-plugins-base
• Gstreamer1.0-plugins-bad
• Gstreamer1.0-plugins-good
• Gstreamer1.0-plugins-ugly
• Gstreamer1.0-vaapi plugin
• ibva library
• x264 library

For more information to install the preceding plugins, see the GStreamer installation guide.

Note:

The version of the GStreamer plug-in must be consistent with the version of the GStreamer framework. For example, if you install Gstreamer1.2.4, the version of all Gstreamer1.x plug-ins must be 1.2.4.

Run the following command to check the current version of the GStreamer framework:

gst-inspect-1.0 --gst-version
<!--NeedCopy-->

For information about troubleshooting, see Webcam in the troubleshooting section.

Background blurring for webcam redirection

Starting with 2303 version, Citrix Workspace app for Linux supports background blurring for webcam redirection. To enable this feature, do the following:

1. Navigate to the ~/.ICAClient/wfclient.ini configuration file.

2. Add the following entry in the wfclient.ini file:

   HDXWebCamEnableBackgndEffect=True
   <!--NeedCopy-->
   

Note:

The configuration setting enables the background blurring for webcam redirection feature for UI and UI-less clients.

To disable background blurring inside the session for webcam redirection using the graphical user interface:

1. Click Preferences from the Desktop Viewer. The Citrix Workspace – Preferences dialog box appears.

2. Click the Webcam tab. The following dialog box appears.

   

3. Select the Disable Background Blur Effect check box to disable background blurring for webcam redirection.
4. Click OK.

Xcapture

The Citrix Workspace app package includes a helper application, xcapture. This application assists the exchange of graphical data between the server clipboard and non-ICCCM-compliant X Window applications on the X desktop. Users can use xcapture to:

• Capture dialog boxes or screen areas and copy them between the user device desktop (including non-ICCCM-compliant applications) and an application running in a connection window
• Copy graphics between a connection window and X graphics manipulation utilities xmag or xv

To start xcapture from the command line:

At the command prompt, type /opt/Citrix/ICAClient/util/xcapture and press ENTER (where /opt/Citrix/ICAClient is the directory in which you installed Citrix Workspace app).

To copy from the user device desktop:

1. From the xcapture dialog box, click From Screen. The cursor changes to a crosshair.
2. Choose from the following tasks:
   • Select a window. Move the cursor over the window that you want to copy and click the middle mouse button.
   • Select a region. Hold down the left mouse button and drag the cursor to select the area you want to copy.
   • Cancel the selection. Click the right mouse button. While dragging, you can cancel the selection by clicking the right button before releasing the middle or left mouse button.
3. From the xcapture dialog box, click To ICA. The xcapture button changes color to show that it is processing the information.
4. When the transfer is complete, use the appropriate paste command in an application launched from the connection window.

To copy from xv to an application in a connection window:

1. From xv, copy the information.
2. From the xcapture dialog box, click From XV and then click To ICA. The xcapture button changes color to show that it is processing the information.
3. When the transfer is complete, use the appropriate paste command in an application launched from the connection window.

To copy from an application in the connection window to xv:

1. From the application in a connection window, copy the information.
2. From the xcapture dialog box, click From ICA and then click To XV. The xcapture button changes color to show that it is processing the information.
3. When the transfer is complete, paste the information into xv.

Cursor

Support for 32-bit cursor [Technical Preview]

Previously, when you were using the custom 32-bit cursor, a black box might appear around the cursor.

Starting with version 2212, Citrix Workspace app for Linux supports 32-bit cursor. As a result, the black box around the cursor issue is resolved.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Support for cursor color inverting

Previously, the Citrix Workspace app displayed a dotted cursor that appeared the same in color to the black and white background of a text. As a result, it was difficult to locate the position of the cursor.

Starting with Version 2112, the cursor color inverts based on the background color of a text. As a result, you can easily locate the position of the cursor in the text. By default, this feature is disabled.

Prerequisites:

• If .ICAClient is already present in the home folder of the current user:

  Delete All_Regions.ini file

  Or,

  To retain the All_Regions.ini file, add the following lines at the end of the [Virtual Channels\Thinwire Graphics] section:

  InvertCursorEnabled=

  InvertCursorRefreshRate=

  InvertCursorMode=

If the .ICAClient folder is not present then it indicates a fresh install of the Citrix Workspace app. In that case, the default setting for the feature is retained.

To enable this feature, do the following:

1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.

2. Go to [Thinwire3.0] section and set the following entry:

   InvertCursorEnabled=True

Note:

The cursor does not invert when the value for the Use video codec for compression policy in Citrix Studio is set to Do not use video codec.

Mouse

Relative Mouse

Relative Mouse support provides an option to interpret the mouse position in a relative rather than absolute manner. This capability is required for applications that demand relative mouse input rather than absolute.

Note:

This feature is available only in sessions running on Citrix Virtual Apps and Desktops 7.8 (or later) or Citrix DaaS. It’s disabled by default.

To enable the feature:

In the file $HOME/.ICAClient/wfclient.ini, in the section [WFClient], add the entry RelativeMouse=1.

This step enables the feature but keeps it inactive until you activate it. For more information on enabling relative mouse features, see Alternative Relative Mouse values section.

To activate the feature:

Type Ctrl/F12.

After the feature is enabled, type Ctrl/F12 again to synchronize the server pointer position with the client. The server and client pointer positions aren’t synchronized when using Relative Mouse.

To deactivate the feature:

Type Ctrl-Shift/F12.

The feature is also switched off when a session window loses focus.

Alternative Relative Mouse values

Alternatively, consider using the following values for RelativeMouse:

• RelativeMouse=2 Enables the feature and activates it whenever a session window gains focus.
• RelativeMouse=3 Enables, activates, and keeps the feature activated always.
• RelativeMouse=4 Enables or disables the feature when the client-side mouse pointer is hidden or shown. This mode is suitable for automatically enabling or disabling the relative mouse for first-person gaming-style application interfaces.

To change the keyboard commands, add settings like:

• RelativemouseOnChar=F11
• RelativeMouseOnShift=Shift
• RelativemouseOffChar=F11
• RelativeMouseOffShift=Shift

The supported values for RelativemouseOnChar and RelativemouseOffChar are listed under [Hotkey Keys] in the config/module.ini file in the Citrix Workspace app installation tree. The values for RelativeMouseOnShift and RelativeMouseOffShift set the modifier keys to be used and are listed under the [Hotkey Shift States] heading.

Keyboard

Keyboard behavior

To generate a remote Ctrl+Alt+Delete key combination:

1. Decide which key combination creates the Ctrl+Alt+Delete combination on the remote virtual desktop.
2. In the WFClient section of the appropriate configuration file, configure UseCtrlAltEnd:
   • True means that Ctrl+Alt+End passes the Ctrl+Alt+Delete combination to the remote desktop.
   • False (default) means that Ctrl+Alt+Enter passes the Ctrl+Alt+Delete combination to the remote desktop.

Generic redirection

Configuring the Bloomberg v4 keyboard through Generic USB Redirection on the client side:

As a prerequisite, the policy must be enabled in the Domain Delivery Controller (DDC).

1. Find the vid and pid of the Bloomberg keyboard. For example, in Debian and Ubuntu run the following command:

   lsusb

2. Go to $ICAROOT and edit the usb.conf file.

3. Add the following entry in the usb.conf file to allow the Bloomberg keyboard for USB redirection, and then save the file.

   ALLOW: vid=1188 pid=9545

4. Restart the ctxusbd daemon on the client. For example, in Debian and Ubuntu run the following command:

   systemctl restart ctxusbd

5. Launch a client session. Make sure that the session has focus while plugging in the Bloomberg v4 keyboard for redirection.

Browser content redirection

Chromium Embedded Framework (CEF) for Browser Content Redirection

In releases earlier to Version 1912, BCR used a WebkitGTK+ based overlay to render the content. However, on thin clients, there were performance issues. Starting with Version 1912, BCR uses a CEF-based overlay. This functionality enriches the user experience for BCR. It helps offload network usage, page processing, and graphics rendering to the endpoint.

Starting with Version 2106, CEF-based browser content redirection is fully functional. The feature is enabled by default.

If needed, you can replace the libffmpeg.so file provided in the Workspace app package with a suitable libffmpeg.so file that has the required codecs, in the $ICAROOT/cef/libffmpeg.so path.

Note:

This feature isn’t supported on the ARMHF platform.

Enabling CEF-based BCR

To enable CEF-based BCR:

1. Navigate to the $ICAROOT/config/All_Regions.ini file where, $ICAROOT is the default installation directory of Citrix Workspace app.

2. Go to the [Client Engine\WebPageRedirection] section and set the following entry:

   UseCefBrowser=True

Known issues:

• When you set the UseCefBrowser option to True in the ~/.ICAClient/All_Regions.ini, the Japanese, Chinese (Simplified), and Korean IME might not work in the input fields. Citrix Workspace app for Linux does not support the Japanese, Chinese (Simplified), and Korean IME when using Secure SaaS with Citrix Embedded Browser.

• When you attempt to launch a webpage redirection using CEF-based BCR, you might receive an unknown certificate error. The issue occurs on Citrix Workspace app version 2106 and later. As a workaround, run the following command in the terminal to import the self-signed certificate into nssdb:

   certutil -A -n "badssl.cer" -t "C,," -d ~/.pki/nssdb -i ~/Downloads/badssl.cer
   <!--NeedCopy-->
  

  The arguments in the commands are:

  • -A - To add a certificate to the database.
  • -n - The name of the certificate. This argument is optional and can be used to add the nick name.
  • "badssl.cer" - The name of the certificate that is exported from the badssl.com site.
  • -t "C,," - -t is for TRUSTARGS and C is for CA certificate. For more information, see the Google documentation.
  • -d ~/.pki/nssdb - The location of the database.
  • -i - Denotes the input file. This argument is to add the location and name of the certificate file.

For information about BCR, see Browser content redirection in the Citrix Virtual Apps and Desktops documentation.

Configure path for Browser Content Redirection overlay Browser temp data storage

Starting with Citrix Workspace app 2303 version, you are requested to configure temp data storage path for CEF based browser. To configure the path, do the following:

1. Navigate to the $ICAROOT/config/All_Regions.ini file where, $ICAROOT is the default installation directory of Citrix Workspace app.

2. Go to the [Client Engline\WebPageRedirection] section and add the following entry:

   CefCachePath = <folder for CEF based BCR tmp files>
   <!--NeedCopy-->
   

Automatic reconnection

This topic describes the HDX Broadcast auto-client reconnection feature. Citrix recommends that you use this feature with the HDX Broadcast session reliability feature.

Users can be disconnected from their sessions because of unreliable networks, highly variable network latency, or range limitations of wireless devices. With the HDX Broadcast auto-client reconnection feature, Citrix Workspace app for Linux can detect unintended disconnections of sessions and reconnect users to the affected sessions automatically.

When this feature is enabled on the server, users do not have to reconnect manually to continue working. Citrix Workspace attempts to reconnect to the session a set number of times until there is a successful reconnection or the user cancels the reconnection attempts. If user authentication is required, a dialog box requesting credentials appears to a user during automatic reconnection. Automatic reconnection does not occur if users exit applications without logging off. Users can reconnect only to disconnected sessions.

By default, Citrix Workspace app for Linux waits 30 seconds before attempting to reconnect to a disconnected session and attempts to reconnect to that session three times.

When connecting through an AccessGateway, ACR is not available. To protect against network dropouts, ensure that Session Reliability is enabled on the server, client, and configured on the AccessGateway.

For instructions on configuring HDX Broadcast auto-client reconnection, see your Citrix Virtual Apps and Desktops documentation.

Session reliability

This topic describes the HDX Broadcast session reliability feature, which is enabled by default.

With HDX Broadcast session reliability, users continue to see a published application’s window if the connection to the application experiences an interruption. For example, wireless users enter in a tunnel might lose their connection when they enter the tunnel and regain it when they emerge on the other side. During the downtime, all of the user’s data, key presses, and other interactions are stored, and the application appears frozen. When the connection is re-established, these interactions are replayed into the application.

You can now see screen changes when the session reliability begins. With this enhancement, the session window is grayed out and a countdown timer displays the time until the next reconnection attempt occurs.

Tip

You can alter the grayscale brightness used for an inactive session using the Reconnection UI transparency level policy. By default, this value is set to 80. The maximum value can’t exceed 100 (indicates a transparent window) and the minimum value can be set to 0 (a fully blacked out screen).

When a session successfully reconnects, the countdown notification message disappears. You can interact with the desktop as usual.

Starting with the 2109 version, the session reliability notification is enabled by default.

To disable this enhancement:

1. Navigate to the /opt/Citrix/ICAClient/config/module.ini configuration file.
2. In the [WFClient] section, modify the following setting:

SRNotification=False

Note:

This feature is supported only for Citrix Virtual Desktops.

When auto-client reconnection and session reliability are configured, session reliability takes precedence if there is a connection problem. Session reliability attempts to re-establish a connection to the existing session. It might take up to 25 seconds to detect a connection problem. And then takes a configurable period (the default is 180 seconds) to attempt the reconnection. If session reliability fails to reconnect, then auto-client reconnect attempts to reconnect.

If HDX Broadcast session reliability is enabled, the default port used for session communication switches from 1494 to 2598.

Citrix Workspace users cannot override the server settings.

Important:

HDX Broadcast session reliability requires that another feature, the Common Gateway Protocol, is enabled (using policy settings) on the server. Disabling the Common Gateway Protocol also disables HDX Broadcast session reliability.

Using session reliability policies

The session reliability connections policy setting enables session reliability.

The session reliability timeout policy setting has a default of 180 seconds, or three minutes. If needed, you can extend the time session reliability keeps a session open. It does not prompt you for reauthentication.

Tip

As you extend the amount of time a session is kept open, you might get distracted and walk away from your device. This situation potentially leaves the session accessible to unauthorized users.

Incoming session reliability connections use port 2598, unless you change the port number defined in the session reliability port number policy setting.

For information on configuring session reliability policies, see Session reliability policy settings.

Note:

Session reliability is enabled by default at the server. To disable this feature, configure the policy managed by the server.

Multimedia performance

The Citrix Workspace app includes a broad set of technologies that provide a high-definition user experience for today’s media-rich user environments. These technologies improve the user experience when connecting to hosted applications and desktops, as follows:

• HDX MediaStream Windows Media Redirection
• HDX MediaStream Flash Redirection
• HDX RealTime Webcam Video Compression
• H.264

Note:

Citrix supports RTOP coexistence with Citrix Workspace app for Linux Version 1901 and later with GStreamer 0.1.

HDX MediaStream Windows Media Redirection

HDX MediaStream Windows Media Redirection overcomes the need for the high bandwidths required to provide multimedia capture and playback on virtual Windows desktops accessed from Linux user devices. Windows Media Redirection provides a mechanism for playing the media run-time files on the user device rather than on the server. As a result, reduces the bandwidth requirements for playing multimedia files.

Windows Media Redirection improves the performance of Windows Media Player and compatible players running on virtual Windows desktops. A wide range of file formats are supported, including:

• Advanced Systems Format (ASF)
• Motion Picture Experts Group (MPEG)
• Audio-Video Interleaved (AVI)
• MPEG Audio Layer-3 (MP3)
• WAV sound files

Citrix Workspace app includes a text-based translation table, MediaStreamingConfig.tbl, for translating Windows-specific media format GUIDs into MIME types GStreamer can use. You can update the translation table to do the following:

• Add previously unknown or unsupported media filters/file formats to the translation table
• Block problematic GUIDs to force fall-back to server-side rendering.
• Add more parameters to existing MIME strings to allow for troubleshooting of problematic formats by changing a stream’s GStreamer parameters
• Manage and deploy custom configurations that depend on the media file types supported by GStreamer on a user device.

With client-side fetching, you can also allow the user device to stream media directly from the URLs of the form <http://>, <mms://>, or <rtsp://> rather than streaming the media through a Citrix server. The server is responsible for directing the user device to the media, and for sending control commands (including Play, Pause, Stop, Volume, Seek). But the server does not handle any media data. This feature requires advanced multimedia GStreamer libraries on the device.

To implement HDX MediaStream Windows Media Redirection:

1. Install GStreamer 0.10, an open-source multimedia framework, on each user device that requires it. Typically, you install GStreamer before you install Citrix Workspace app to allow the installation process to configure Citrix Workspace app to use it.

   Most Linux distributions include GStreamer. Alternatively, you can download GStreamer from http://gstreamer.freedesktop.org.

2. To enable client-side fetching, install the required GStreamer protocol source plugins for the file types that users play on the device. You can verify that a plug-in is installed and operational using the gst-launch utility. If gst-launch can play the URL, the required plug-in is operational. For example, run gst-launch-0.10 playbin2 uri=<http://example-source/file.wmv> and check that the video plays correctly.

3. When installing Citrix Workspace app on the device, select the GStreamer option if you’re using the tarball script (this step is done automatically for the .deb and .rpm packages).

Note about the client-side fetching feature:

• By default, this feature is enabled. You can disable it using the SpeedScreenMMACSFEnabled option in the Multimedia section of All-Regions.ini. With this option set to False, Windows Media Redirection is used for media processing.
• By default, all MediaStream features use the GStreamer playbin2 protocol. You can revert to the earlier playbin protocol for all MediaStream features except Client-Side Fetching. The Client-Side Fetching feature continues to use playbin2, using the SpeedScreenMMAEnablePlaybin2 option in the Multimedia section of the All-Regions.ini file.
• Citrix Workspace app does not recognize playlist files or stream configuration information files such as .asx or .nsc files. If possible, users must specify a standard URL that does not reference these file types. Use gst-launch to verify that a given URL is valid.

Note about GStreamer 1.0:

• By default, GStreamer 0.10 is used for HDX MediaStream Windows Media redirection. GStreamer 1.0 is used only when GStreamer 0.10 is not available.
• If you want to use GStreamer 1.0, use the following instructions:

1. Find the install directory of the GStreamer plug-ins. Depending on your distribution, the OS architecture, and the way you install GStreamer, the installation location of the plug-ins varies. The typical installation path is /usr/lib/x86_64-linux-gnu/gstreamer-1.0 or $HOME/ .local/share/gstreamer-1.0.
2. Find the install directory of Citrix Workspace app for Linux. The default directory for privileged (root) user installations is /opt/Citrix/ICAClient. The default directory for non-privileged user installations is $HOME/ICAClient/platform (where the platform can be linuxx64, for example). For more information, see Install and set up.
3. Install libgstflatstm1.0.so by making a symbolic link in the GStreamer plug-ins directory: ln -sf $ICACLIENT_DIR/util/libgstflatstm1.0.so $GST_PLUGINS_PATH/libgstflatstm1.0.so. This step might require elevated permissions, with sudo, for example.
4. Use gst_play1.0 as the player: ln -sf $ICACLIENT_DIR/util/gst_play1.0 $ICACLIENT_DIR/util/gst_play. This step might require elevated permissions, with sudo, for example.

• If you want to use GStreamer 1.0 in HDX RealTime Webcam Video Compression, use gst_read1.0 as the reader: ln -sf $ICACLIENT_DIR/util/gst_read1.0 $ICACLIENT_DIR/util/gst_read.

Enabling GStreamer 1.x

In releases earlier to 1912, GStreamer 0.10 was the default version supported for multimedia redirection. Starting with the 1912 release, you can configure GStreamer 1.x as the default version.

Limitations:

• When you play a video, the backward and forward seek might not work as expected.
• When you launch the Citrix Workspace app on ARMHF devices, GStreamer 1.x might not work as expected.

To install GStreamer 1.x

Install the GStreamer 1.x framework and the following plug-ins from https://gstreamer.freedesktop.org/documentation/installing/on-linux.html:

• Gstreamer-plugins-base
• Gstreamer-plugins-bad
• Gstreamer-plugins-good
• Gstreamer-plugins-ugly
• Gstreamer-libav

To build binaries locally

On some Linux OS distributions, for example, SUSE and openSUSE, the system might not find the GStreamer packages in the default source list. In this case, download the source code and build all binaries locally:

1. Download the source code from https://gstreamer.freedesktop.org/src/.
2. Extract the contents.
3. Navigate to the directory where the unzipped package is available.

4. Run the following commands:

   $sudo ./configure
   $sudo make
   $sudo make install
   <!--NeedCopy-->
   

By default, the generated binaries are available at /usr/local/lib/gstreamer-1.0/.

For information about troubleshooting, see Knowledge Center article CTX224988.

To configure GStreamer 1.x

To configure GStreamer 1.x for use with Citrix Workspace app, apply the following configuration using the shell prompt:

• $ln -sf $ICACLIENT_DIR/util/libgstflatstm1.0.so $GST_PLUGINS_PATH/libgstflatstm1.0.so.
• $ln -sf $ICACLIENT_DIR/util/gst_play1.0 $ICACLIENT_DIR/util/gst_play

Where,

• ICACLIENT_DIR - The installation path of Citrix Workspace app for Linux.
• GST_PLUGINS_PATH - The plug-in path of GStreamer. For example, on a 64-bit Debian machine it is /usr/lib/x86_64-linux-gnu/gstreamer-1.0/.

Limitations:

• In releases earlier to Version 2106, the webcam redirection might fail and the session might get disconnected when using GStreamer version 1.15.1 or later.

HDX MediaStream Flash Redirection

HDX MediaStream Flash Redirection enables Adobe Flash content to play locally on user devices, providing users with high definition audio and video playback, without increasing bandwidth requirements.

1. Verify that your user device meets the feature requirements. For more information, see System requirements.

2. Add the following parameters to the [WFClient] section of wfclient.ini (for all connections made by a specific user) or to the [Client Engine\Application Launching] section of All\_Regions.ini (for all users of your environment):

   • HDXFlashUseFlashRemoting=Ask: Never; Always

     Enables HDX MediaStream for Flash on the user device. By default, this value is set to Never. Also, users are presented with a dialog box asking them if they want to optimize Flash content when connecting to webpages containing that content.

   • HDXFlashEnableServerSideContentFetching=Disabled; Enabled

     Enables or disables server-side content fetching for Citrix Workspace app. By default this value is set to Disabled.

   • HDXFlashUseServerHttpCookie=Disabled; Enabled

     Enables or disables HTTP cookie redirection. By default, this value is set to Disabled.

   • HDXFlashEnableClientSideCaching=Disabled; Enabled

     Enables or disables client-side caching for web content fetched by Citrix Workspace app. By default, this value is set to Enabled.

   • HDXFlashClientCacheSize= [25-250]

     Defines the size of the client-side cache, in MB. This value can be any size between 25 MB and 250 MB. When the size limit is reached, existing content in the cache is deleted to allow storage of new content. By default, this value is set to 100.

   • HDXFlashServerSideContentCacheType=Persistent: Temporary; NoCaching

     Defines the type of caching used by Citrix Workspace app for content fetched using server-side content fetching. By default, this value is set to Persistent.

     Note: This parameter is required only if HDXFlashEnableServerSideContentFetching is set to Enabled.

3. Flash redirection is disabled by default. In /config/module.ini change FlashV2=Off to FlashV2=On to enable the feature.

HDX RealTime webcam video compression

HDX RealTime provides a webcam video compression option to improve bandwidth efficiency during video conferencing. This option ensures users experience optimal performance when using applications such as GoToMeeting with HDFaces, Skype for Business.

1. Verify that your user device meets the feature requirements.
2. Verify that the Multimedia virtual channel is enabled. To enable it, open the $ICAROOT/config/module.ini file, and check that MultiMedia in the [ICA3.0] section is set to On.
3. Enable audio input by clicking the Use my microphone and webcam on the Mic & Webcam page of the Preferences dialog.

Disable HDX RealTime webcam video compression

By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression. In some circumstances, however, you might require users to connect webcams using USB support. To do this connection, you must do the following:

• Disable HDX RealTime Webcam Video Compression
• Enable USB support for webcams

1. Add the following parameter to the [WFClient] section of the appropriate .ini file:

   AllowAudioInput=False

   For more information, see default settings.

2. Open the usb.conf file, typically available at $ICAROOT/usb.conf.

3. Remove or comment out the following line:

   DENY: class=0e # UVC (default via HDX RealTime Webcam Video Compression)

4. Save and close the file.

Secure SaaS with Citrix Embedded Browser experimental feature

Secure access to SaaS applications provides a unified user experience that delivers published SaaS applications to the users. SaaS apps are available with single sign-on. Administrators can now protect the organization’s network and end-user devices from malware and data leaks. For this protection, you can filter access to specific websites and website categories.

Citrix Workspace app for Linux support the use of SaaS apps using the Access Control Service. The service enables administrators to provide a cohesive experience, integrating single sign-on, and content inspection.

Prerequisite:

Verify that the libgtkglext1 package is available.

Delivering SaaS apps from the cloud has the following benefits:

• Simple configuration – Easy to operate, update, and consume.
• Single sign-on – Hassle-free log on with single sign-on.
• Standard template for different apps – Template-based configuration of popular apps.

Note:

SaaS with Citrix Browser Engine is supported only on x64 and x86 platforms and not on ArmHardFloatPort (ARMHF)) hardware.

For information on how to configure SaaS apps using Access Control Services, see the Access Control documentation.

For more information about SaaS apps with Citrix Workspace app, see Workspace configuration in Citrix Workspace app for Windows documentation.

H.264

Citrix Workspace app supports the display of H.264 graphics, including HDX 3D Pro graphics, that the Citrix Virtual Apps and Desktops 7 serves. This support uses the deep compression codec feature, which is enabled by default. The feature provides better performance of rich and professional graphics applications on WAN networks compared with the existing JPEG codec.

Note:

In H.264, the Citrix Workspace app for Linux supports YUV 420 format only and it doesn’t support YUV 444 format.

Follow the instructions in this topic to disable the feature (and process graphics using the JPEG codec instead). You can also disable text tracking while still enabling deep compression codec support. This setting helps to reduce CPU costs while processing graphics that include complex images but relatively small amounts of text or non-critical text.

Important:

To configure this feature, do not use any lossless setting in the Citrix Virtual Apps and Desktops or Citrix DaaS Visual quality policy. If you do, H.264 encoding is disabled on the server and does not work in Citrix Workspace app.

To disable deep compression codec support:

In the wfclient.ini file, set H264Enabled to False. This setting also disables text tracking.

To disable text tracking only:

With deep compression codec support enabled, in the wfclient.ini file set TextTrackingEnabled to False.

Screen tiles

You can improve the way that JPEG-encoded screen tiles are processed using the direct-to-screen bitmap decoding, batch tile decoding, and deferred XSync features.

1. Verify that your JPEG library supports these features.

2. In the Thinwire3.0 section of wfclient.ini, set DirectDecode and BatchDecode to True.

   Note: Enabling batch tile decoding also enables deferred XSync.

Logging

In earlier versions, the debug.ini and module.ini files were used to configure logging.

As of version 2009, you can configure logging using one of the following methods:

• Command-line interface
• GUI

Also as of Version 2009, the debug.ini configuration file is removed from the Citrix Workspace app installer package.

Logging captures the Citrix Workspace app deployment details, configuration changes, and administrative activities to a logging database. A third-party developer can apply this logging mechanism by using the logging SDK, which is bundled as part of the Citrix Workspace app Platform Optimization SDK.

You can use the log information to:

• Diagnose and troubleshoot issues that occur after any changes. The log provides a breadcrumb trail.
• Assist change management and track configurations.
• Report administration activities.

If Citrix Workspace app is installed with root user privileges, the logs are stored in the /var/log/citrix/ICAClient.log. Otherwise, the logs are stored in ${HOME}/.ICAClient/logs/ICAClient.log.

When Citrix Workspace app is installed, a user called citrixlog is created to handle the logging functionality.

Command-line interface

1. At the command prompt, navigate to the /opt/Citrix/ICAClient/util path.

2. Run the following command to set the log preferences.

   ./setlog help

All the available commands are displayed.

The following table lists various modules and their corresponding trace class values. Use the following table for a specific command-line log value set:

GUI

Go to Menu > Preferences. The Citrix Workspace-Preferences dialog appears.

At increasing levels of tracing detail, the following values are available:

• Disabled
• Only Error
• Normal
• Verbose

By default, the Logging option is set to Only Error.

Due to the large amount of data that can be generated, tracing might significantly impact the performance of Citrix Workspace app. The Verbose level is recommended only if necessary for troubleshooting.

Click Save and Close after you select the desired logging level. The changes are applied in the session dynamically.

Click the settings icon next to the Logging option drop-down menu. The Citrix Log Preferences dialog appears.

Note:

If you delete the ICAClient.log file, you must restart the logging service ctxlogd.

For example, if you are on a systemd-capable setup, run the following command:

systemctl restart ctxlogd.

Enabling logging on Version 2006 and earlier:

If you are on Version 2006 and earlier, enable the logging using the following procedure:

1. Download and install Citrix Workspace app on your Linux machine.

2. Set the ICAROOT environment variable to the installation location.

   For example, /opt/Citrix/ICAClient.

   By default, the TC_ALL trace class is enabled to provide all the traces.

3. To collect logs for a particular module, open the debug.ini file at $ICAROOT and add the required trace parameters to the [wfica] section.

   Add the trace classes with a “+” symbol. For example, +TC_LIB.

   You can add different classes separated by the pipe symbol. For example, +TC_LIB|+TC_MMVD.

The following table lists the wfica modules and their corresponding trace class values:

The following table lists the connection center module and their corresponding trace class value:

The following table lists the trace class value for setWebHelper:

Troubleshooting:

If ctxlogd turns unresponsive, the logs are traced in the syslog.

For information about getting new and refreshed logs in subsequent launches, see Syslog configuration.

Syslog configuration

By default, all syslog logs are saved at /var/log/syslog. To configure the path and the name of the log file, edit the following line under the [RULES] section in the /etc/rsyslog.conf file. For example,

user.* -/var/log/logfile_name.log

Save your changes and then restart the syslog service using the command:

sudo service rsyslog restart

Points to remember:

• To verify that a new syslog is available, delete syslog and run the command: sudo service rsyslog restart.

• To avoid duplicate messages, add $RepeatedMsgReduction on at the beginning of the rsyslog.conf file.

• To receive logs, ensure that the $ModLoad imuxsock.so line is uncommented at the beginning of the rsyslog.conf file.

Remote logging

To enable remote logging on:

• Server-side configuration: uncomment the following lines in the rsyslog.conf file of the syslog server:

  $ModLoad imtcp

  $InputTCPServerRun 10514

• Client-side configuration: add the following line in the rsyslog.conf file by replacing the localhost with the IP address of the remote server:

  *.* @@localhost:10514

Collecting log files

Previously, there was no tool available to collect the log files in Citrix Workspace app. Log files were present in different folders. You had to manually collect log files from different folders.

Starting with 2109 version, Citrix Workspace app introduces collectlog.py tool to collect log files from different folders. You can run the tool using the command line. The log files are generated as a compressed log file. You can download it from the local server.

Prerequisites

• Python3
• Requires extra space to save the logs

Starting with Version 2109, two new files are added to collect log files using the collectlog.py tool:

• logcollector.ini file – Saves the name and path of the log file.
• collectlog.py file – Collects the log files and saves them as cwalog_{timestamp}.tar.gz compressed file.

By default, the [hdxteams] component is added in the logcollector.ini file to collect log files for Microsoft Teams. However, you can add other components also in the logcollector.ini file using the following procedure:

1. Navigate to the ${HOME}/.ICAClient/logs/ICAClient.log/logcollector.ini file.
2. Add the component that you require to collect log files as per the following example:

[component_name]

log_name1 = “log_path1”

log_name2 = “log_path2”

If you are on Version 2109, collect log files using the following procedure:

1. Download and install Citrix Workspace app on your Linux machine.
2. At the command line, navigate to the /opt/Citrix/ICAClient/util path.

3. Run the following command: ./collctlog.py -h

   The following command usage information appears:

   usage: collect_log [-h] [-c CONFIG] [-a ARCHIVE]optional arguments: -h, --help show this help message and exit -c CONFIG, --config CONFIG The logcollector.ini path & file -a ARCHIVE, --archive ARCHIVE The archive path & file

4. Run the following commands as required:

   • ./collectlog.py – Collects log files using the configuration file from the default path and saves them as a compressed log files at the default path.
   • ./collectlog.py -c /user_specified_path/logcollector.ini – Collects log files using the configuration file from a user-specified path and saves them as a compressed log files at the default path.
   • ./collectlog.py -c /user_specified_path/logcollector.ini -a/another_user_specified_path/ – Collects log files using the configuration file from a user-specified path and saves them as a compressed log files at the user-defined path.

   Note:

   The default path of the logcollector.ini configuration file is /opt/Citrix/ICAClient/config/logcollector.ini. The default path of the compressed log file is /tmp.

5. Navigate to the /tmp folder and collect the cwalog_{timestamp }.tar.gz compressed file.

Note:

The log files are saved in the /tmp folder with the file name cwalog_{timestamp}.tar.gz.

Optimization for Microsoft Teams

Optimization for desktop-based Microsoft Teams using Citrix Virtual Apps and Desktops or Citrix DaaS and Citrix Workspace app. Optimization for Microsoft Teams is similar to HDX RealTime Optimization for Microsoft Skype for Business. The difference is that, we bundle all the necessary components for Microsoft Teams optimization into the VDA and the Workspace app for Linux.

Citrix Workspace app for Linux supports audio, video, and screen-sharing features with Microsoft Teams optimization.

Note:

• Microsoft Teams optimization is supported only on x64 Linux distributions.
• Microsoft optimization is supported in both Citrix Virtual Apps and Desktops and Citrix DaaS.
• For Thin Clients that use Dell Wyse, use the Citrix Configuration Editor to edit any parameter in the /var/.config/citrix/hdx_rtc_engine/config.json file. For more information see the Dell documentation.

For information on how to enable logging, follow the steps mentioned under Logging for Microsoft Teams.

For information on system requirements, see Microsoft Teams optimization requirements.

For more information, see Optimization for Microsoft Teams and Microsoft Teams redirection.

Enhancement to audio configuration

If Microsoft Teams configures auto gain control and noise suppression options, Citrix-redirected Microsoft Teams honors the values as configured. Otherwise, these options are enabled by default. However, starting from Citrix Workspace app 2104, the echo cancellation option is disabled by default. Starting from Citrix Workspace app 2112, admins can change the default settings to troubleshoot Audio issues (like robotic voice, high CPU causing choppy audio, and so on) by doing the following:

1. Navigate to the /var/.config/citrix/hdx_rtc_engine/config.json file.
2. Set the following options:
   • EnableAEC value to 1 to enable and 0 to disable echo cancellation
   • EnableAGC value to 1 to enable and 0 to disable auto gain control
   • EnableNS value to 1 to enable and 0 to disable noise suppression

mkdir -p /var/.config/citrix/hdx_rtc_engine

vim /var/.config/citrix/hdx_rtc_engine/config.json

{

      "EnableAEC":1,"EnableAGC":1,"EnableNS":1

}
<!--NeedCopy-->

After the call is established, monitor the webrpc log (/tmp/webrpc/<current date>/) for the following entries to verify that the changes took effect:

/tmp/webrpc/Wed_Feb__2_14_56_33_2022/webrpc.log:[040.025] Feb 02 14:57:13.220 webrtcapi.NavigatorUserMedia Info: getUserMedia. audio constraints, aec=1, agc=1, ns=1
<!--NeedCopy-->

Encoder performance estimator for Microsoft Teams

The HdxRtcEngine is the WebRTC media engine embedded in Citrix Workspace app that handles Microsoft Teams redirection. The HdxRtcEngine.exe can estimate the best outgoing video (encoding) resolution that the endpoint’s CPU can sustain without overloading. Possible values are 240p, 360p, 720p, and 1080p.

The performance estimation process uses macroblock code to determine the best resolution that can be achieved with the particular endpoint. The Codec negotiation during a call setup includes the highest possible resolution. The Codec negotiation can be between the peers, or between the peer and the conference server.

The following table lists the four performance categories for endpoints that have its own maximum available resolution:

To set the outgoing video (encoding) resolution value, for example to 360p, run the following command from the terminal:

mkdir -p /var/.config/citrix/hdx_rtc_engine

vim /var/.config/citrix/hdx_rtc_engine/config.json

{

    "OverridePerformance":1

}
<!--NeedCopy-->

Logging for Microsoft Teams

To enable logging for Microsoft Teams:

1. Navigate to the /opt/Citrix/ICAClient/debug.ini file.

2. Modify the [HDXTeams] section as follows:

   [HDXTeams]
   ; Retail logging for HDXTeams 0/1 = disabled/enabled
   HDXTeamsLogSwitch = 1
   ; Debug logging; , It is in decreasing order
   ; LS_NONE = 4, LS_ERROR = 3, LS_WARNING = 2, LS_INFO = 1, LS_VERBOSE = 0
   WebrtcLogLevel = 0
   ; None = 5, Info = 4, Warning = 3, Error = 2, Debug = 1, Trace = 0
   WebrpcLogLevel = 0
   
   <!--NeedCopy-->
   

Logging can also be enabled by adding the following line to the config.json file:

{
"WebrpcLogLevel": 0,"WebrtcLogLevel": 0
}
<!--NeedCopy-->

Adding the libunwind-12 library dependency for llvm-12

Starting with the 2111 release, a new dependency called the libunwind-12 library is added for llvm-12. However, by default, it does not exist in the original repository. Install the libunwind-12 library manually in the repository using the following steps:

1. Open the terminal.

2. Enter the following line to install the llvm repository key file:

   
    wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add
   <!--NeedCopy-->
   

3. Enter the following line to configure the llvm repository source list:

    sudo vim /etc/apt/sources.list
   <!--NeedCopy-->
   

4. Add the following line:

   deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main
   deb-src http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main
   <!--NeedCopy-->
   

5. Run the following command to install the libunwind-12 library:

   sudo apt-get update -y
   sudo apt-get install libunwind-12
   <!--NeedCopy-->
   

Limiting video resolutions

Aadministrators who have users on lower‑performance client endpoints can choose to limit incoming or outgoing video resolutions to decrease the impacts of encoding and decoding video on those endpoints. Starting from Citrix Workspace app 2303 for Linux, you can limit these resolutions using client configuration options.

Note:

Users running with restricted resolutions impact the overall video quality of the conference because the Microsoft Teams server will be forced to use the lowest‑common‑denominator resolution for all conference participants.

Call constraints are disabled by default on the client with Citrix Workspace app 2303. To enable, administrators must set the following client‑side configurations in the /var/.config/citrix/hdx_rtc_engine/config.json file:

{

        "EnableSimulcast": 1,

        "MaxOutgoingResolution" : 720,

        "MaxIncomingResolution" : 720,

        "MaxIncomingStreams" : 4,

        "MaxSimulcastLayers" : 2
<!--NeedCopy-->

Configuring a preferred network interface

Starting with Citrix Workspace app 2303 version, you can now configure a preferred network interface for media traffic. With this enhancement, if you have multiple network connections and the performance of the default one is not good, you can change to another network. To enable this enable this enhancement:

1. Navigate to /var/.config/citrix/hdx_rtc_engine/config.json file.

2. Go to the following section:

          mkdir -p /var/.config/citrix/hdx_rtc_engine
   
           vim /var/.config/citrix/hdx_rtc_engine/config.json
   
          {
   
               ”NetworkPreference”:1
   
           }
   <!--NeedCopy-->
   

3. Update the “NetworkPreference:” value with one of the following values as required:

   • 1: Ethernet
   • 2: Wi-Fi
   • 3: Cellular
   • 4: Vpn
   • 5: Loopback
   • 6: Any

By default and if no value is set, the WebRTC media engine chooses the best available route.

Enhancements to Microsoft Teams optimization

• Starting with version 2101 for Citrix Workspace app:
  • The Citrix Workspace app installer is packaged with the Microsoft Teams ringtones.
  • Audio output switches automatically to newly plugged-in audio devices, and an appropriate audio volume is set.
  • HTTP proxy support for anonymous authentication.

• Starting with version 2103 for Citrix Workspace app, the VP9 video codec is disabled by default.

• Starting with version 2104 for Citrix Workspace app, the echo cancellation feature is disabled by default. We recommend that you do not use your built-in speakers and microphone for calls. Use headphones instead. This fix aims to address choppy audio issues noticed on thin clients

• Starting with version 2106 for Citrix Workspace app:

  • Previously, when you clicked Screen sharing, preview of a default or main monitor was only available for screen sharing.

    With this version, preview of all screens is displayed on the screen picker menu. You can select any screen for screen sharing in the VDA environment. A red square appears on the selected monitor and a small picture of the selected screen content appears on the screen picker menu.

    In seamless mode, you can select one from all screens to share. When the Desktop Viewer changes the window mode (maximized, restore, or minimize), the screen share stops.

• Starting with version 2112 for Citrix Workspace app:

  Note:

  The following features are available only after the roll-out of a future update from Microsoft Teams. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

  • Request control in Microsoft Teams

    With this release, you can request control during a Microsoft Teams call when a participant is sharing the screen. Once you have control, you can make selections, edits, or other modifications to the shared screen.

    To take control when a screen is being shared, click Request control at the top of the Microsoft Teams screen. The meeting participant who’s sharing the screen can either allow or deny your request.

    While you have control, you can make selections, edits, and other modifications to the shared screen. When you’re done, click Release control.

    Limitations:

    • Users on a Linux client cannot Give control to other users. In other words, after the user on the Linux client starts sharing content, the option Give control is not present in the sharing toolbar. This is a Microsoft limitation.
    • The Request Control option is not available during the peer-to-peer call between an optimized user and a user on the native Microsoft Teams desktop client that is running on the endpoint. As a workaround, users can join a meeting to get the Request Control option.

  • Support for dynamic e911

    With this release, Citrix Workspace app supports dynamic emergency calling. When used in Microsoft Calling Plans, Operator Connect, and Direct Routing, it provides the capability to:

    • configure and route emergency calls
    • notify security personnel

    The notification is provided based on the current location of the Citrix Workspace app running on the endpoint, instead of the Microsoft Teams client running on the VDA. Ray Baum’s law requires the 911 caller’s dispatchable location to be transmitted to the appropriate Public Safety Answering Point (PSAP). Starting from Citrix Workspace app 2112 for Linux, Microsoft Teams Optimization with HDX is compliant with Ray Baum’s law. To support this feature, the LLDP library must be included in the Operating System distribution of the Thin Client.

• Starting with version 2203 for Citrix Workspace app:

  Multi-window chat and meetings for Microsoft Teams

  With this release, you can use multiple windows for chat and meetings in Microsoft Teams, when optimized by HDX in Citrix Virtual Apps and Desktops 2112 or higher. You can pop out the conversations or meetings in various ways. For details about the pop-out window feature, see Microsoft Teams Pop-Out Windows for Chats and Meetings.

  If you’re running an older version of Citrix Workspace app or Virtual Delivery Agent (VDA), remember that Microsoft will deprecate the single-window code in the future. However, you will have a minimum of nine months after this feature is GA to upgrade to a version of the VDA or Citrix Workspace app that supports multiple windows (2203 and greater).

  Note:

  This feature is available only after the roll-out of a future update from Microsoft Teams. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.

• Starting with version 2207 for Citrix Workspace app:

  Support for secondary ringer:

  You can use the Secondary ringer feature to select a secondary device on which you want to get the incoming call notification when Microsoft Teams is optimized (Citrix HDX optimized in About/Version). For example, consider that you have set a speaker as the Secondary ringer and your endpoint is connected to a headphone. In this case, Microsoft Teams sends the incoming call signal to the speaker even though your headphones are the primary peripheral for the audio call itself. You can’t set a secondary ringer in the following cases:

  • When you aren’t connected to more than one audio device
  • When the peripheral is not available (for example, Bluetooth headset)

  Note:

  This feature is available only after the roll-out of a future update from Microsoft Teams. To know when the update is rolled-out by Microsoft, see the Microsoft 365 roadmap. You can also refer to CTX253754 for the documentation update and the announcement.

• Starting with version 2207 for Citrix Workspace app:

  • App sharing enabled: Starting with Citrix Workspace app 2209 for Linux and Citrix Virtual Apps and Desktops 2109, you can share an app using the Screen sharing feature in Microsoft Teams.
  • Enhancements to high DPI support: When the high DPI feature is enabled and you’re using 4K monitors, Microsoft Teams video overlays are in the desired position and of the correct size. Irrespective of your display settings such as single or multi-monitor arrangements, overlays always appear correctly and aren’t scaled up or appear in an undesired position. To enable this enhancement, ensure that the DPIMatchingEnabled parameter in the wfclient.ini configuration file is set to True . For more information, see Support for DPI matching.
  • WebRTC SDK upgrade: The version of WebRTC SDK that is used for the optimized Microsoft Teams is upgraded to version M98.

• Starting with version 2212 for Citrix Workspace app:

  • Support for background blurring and replacement for Citrix Optimized Teams: [Technical Preview]

    Prerequisite:

    Ensure that you have installed wget.

    Citrix Optimized Teams in Citrix Workspace app for Linux now supports background blurring and background replacement. You can use this feature by selecting More > Apply Background Effects when you are in a meeting or in a P2P call.

    Note:

    Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Support for NetScaler App Experience (NSAP) virtual channel

Previously available as an experimental feature, the NSAP virtual channel feature is fully supported starting with version 2006. All HDX Insight data is sourced from the NSAP virtual channel exclusively and sent uncompressed. This approach improves the scalability and the performance of sessions. The NSAP virtual channel is enabled by default. To disable it, toggle the VDNSAP flag NSAP=Off in the module.ini file.

For more information, see HDX Insight in the Linux Virtual Delivery Agent documentation, and HDX Insight in the Citrix Application Delivery Management service documentation.

Multi-monitor layout persistence

This feature retains the session monitor layout information across endpoints. The session appears at the same monitors as configured.

Prerequisite:

This feature requires the following:

• StoreFront v3.15 or later.

• If .ICAClient is already present in the home folder of the current user:

  Delete the All_Regions.ini file

  or

  To retain the All_Regions.ini file, add the following lines at the end of the [Client Engine\Application Launching] section:

  SubscriptionUrl=

  PreferredWindowsBounds=

  PreferredMonitors=

  PreferredWindowState=

  SaveMultiMonitorPref=

If the .ICAClient folder is not present then it indicates a fresh install of the Citrix Workspace app. In that case, the default setting for the feature is retained.

Use cases

• Launch a session on any monitor in windowed mode and save the setting. When you relaunch the session, it appears in the same mode, on the same monitor, and in the same position.
• Launch a session on any monitor in full-screen mode and save the setting. When you relaunch the session, it appears in full-screen mode on the same monitor.
• Stretch and span a session in windowed mode across multiple monitors and then switch to full-screen mode. The session continues in full-screen across all monitors. When you relaunch the session, it appears in full-screen mode, spanning across all monitors.

Notes:

• The layout is overwritten with every save, and the layout is saved only on the active StoreFront.
• f you launch extra desktop sessions from the same StoreFront on different monitors, saving the layout in one session saves the layout information of all the sessions.

Save layout

To enable the save layout feature:

1. Install the StoreFront 3.15 or later version (equal or greater than v3.15.0.12) on a compatible Delivery Controller (DDC).
2. Download the build of Citrix Workspace app 1808 or later for Linux from the Downloads page and then install it on your Linux machine.
3. Set the ICAROOT environment variable to the install location.
4. Check whether the All_Regions.ini file is present in the .ICAClient folder. If so, delete it.
5. In the $ICAROOT/config/All_Regions.ini file, look for the field – SaveMultiMonitorPref. By default, the value of this field is “true” (meaning this feature is turned on). To toggle off this feature, set this field to false. If you update the value of SaveMultiMonitorPref, you must delete the All_Regions.ini file present in the .ICAClient folder to prevent value mismatches and a possible profile lockdown. Set or unset the SaveMultiMonitorPref flag before launching sessions.
6. Launch a new desktop session.

7. Click Save Layout on the Desktop Viewer toolbar to save the current session layout. A notification appears at the bottom right of the screen, indicating success. When you click Save layout, the icon grays out. This color change indicates that saving is in progress. When the layout is saved the icon appears normal.

8. Disconnect or log off from the session. Relaunch the session. The session appears in the same mode, on the same monitor, and in the same position.

Limitations and unsupported scenarios:

• Saving a layout for windowed mode session spanning across multiple monitors is not supported due to limitations with the Linux Display manager.
• Saving session information across monitors with varied resolution is not supported in this release and might result in unpredictable behavior.
• Customers deployments with extra StoreFront

Using Citrix Virtual Desktops on dual monitor

1. Select the Desktop Viewer and click the down arrow.
2. Select Window.
3. Drag the Citrix Virtual Desktops screen between the two monitors. Verify that about half the screen is present in each monitor.

4. From the Citrix Virtual Desktop toolbar, select Full-screen.

   The screen extends to both the monitors.

Workspace launcher

Citrix introduces the Workspace launcher (WebHelper) to launch published desktops and applications.

Previously, the browser plug-in provided along with Citrix Workspace app for Linux enabled users to launch published desktops and applications was based on the NPAPI.

As a solution, Citrix is introducing the Workspace launcher (WebHelper). To enable this feature, configure StoreFront to send requests to Workspace launcher to detect the Citrix Workspace app installation.

Starting with Version 1901, the Citrix Workspace launcher is compatible with direct connections to StoreFront and Citrix Gateway. This feature helps to launch the ICA file automatically and to detect the Citrix Workspace app installation.

For information about configuring StoreFront, see Solution – 2 > a) Administrator configuration in Knowledge Center article CTX237727.

Note:

Citrix Workspace launcher currently works only with direct connections to StoreFront. It isn’t supported in other cases such as connections through Citrix Gateway.

Disabling new workspace web UI mode

When you launch the Citrix Workspace app for Linux using self-service executable file from third-party thin-client vendors, the application can become unresponsive because of 100% CPU utilization.

As a workaround, to switch back to the old UI mode:

1. Remove cached files by using the command: rm -r ~/.ICAClient
2. Go to $ICAROOT/config/AuthManconfig.xml file.
3. Change CWACapableEnabled key value to false.
4. Launch Citrix Workspace app for Linux. Observe that the self-service executable file loads the old UI.

Keyboard layout synchronization

Keyboard layout synchronization enables you to switch among preferred keyboard layouts on the client device. This feature is disabled by default. After you enable this feature, the client keyboard layout automatically synchronizes to the virtual apps and desktops.

Starting with version 2203, Citrix Workspace app supports the following three different keyboard layout synchronization modes:

• Sync only once - when session launches – Based on the KeyboardLayout value in the wfclient.ini file, the client keyboard layout is synchronized to the server when the session launches. If the KeyboardLayout value is set to 0, the system keyboard is synchronized to VDA. If the KeyboardLayout value is set to a specific language, the language-specific keyboard is synchronized to VDA. Any changes you make to the client keyboard layout during the session do not take effect immediately. To apply the changes, sign out and sign in to the app. The Sync only once - when session launches mode is the default keyboard layout selected for the Citrix Workspace app.
• Allow dynamic sync - This option synchronizes the client keyboard layout to the server when you change the client keyboard layout.
• Don’t sync - Indicates that the client uses the keyboard layout present on the server.

Prerequisite:

• Enable the Unicode Keyboard Layout Mapping feature on the Windows VDA. For more information, see Knowledge Center article CTX226335.

• Enable the Dynamic Keyboard layout sync feature on the Linux VDA. For more information, see Dynamic keyboard layout synchronization
• Keyboard layout synchronization depends on XKB lib.
• When using a Windows Server 2016 or Windows Server 2019, navigate to HKEY_LOCAL_MACHINE\Software\Citrix\ICA\IcaIme registry path and add a DWORD value with key name DisableKeyboardSync and set the value to 0.

• If .ICAClient is already present in the home folder of the current user:

  Delete the All_Regions.ini file

  or

  To retain the All_Regions.ini file, add the following lines at the end of the[Virtual Channels\Keyboard] section:

  KeyboardSyncMode=

  KeyboardEventMode=

Configure keyboard layout

Citrix Workspace app provides both UI and configuration settings to enable the three different keyboard layout synchronization modes.

To configure keyboard layout synchronization using the graphical user interface:

1. From the Citrix Workspace app icon in the notification area, select Preferences.

   Or,

   Open the terminal, navigate to the installation path, and run the following command:

   util/configmgr

   The Citrix Workspace – Preferences dialog appears.

   

2. Click Keyboard tab.

   The Keyboard layout synchronization settings page appears.

3. Select from one of the following options:

   • Sync only once - when session launches - Indicates that the keyboard layout is synced to the VDA only once at the session launch. Unicode keyboard input mode is the recommended option for the Sync only once – when session launches mode.
   • Allow dynamic sync - Indicates that the keyboard layout is synced dynamically to the VDA when the client keyboard is changed in a session. Unicode keyboard input mode is the recommended option for the Allow dynamic sync mode.
   • Don’t sync - Indicates that the client uses the keyboard layout present on the server, irrespective of the keyboard layout that is selected in the client. Scancode keyboard input mode is the recommended option for the Don’t sync mode. You must make sure that the client keyboard layout is the same as the keyboard layout on the VDA if you select Unicode for the Don’t Sync option.

4. Click Save and Close.

To configure keyboard layout synchronization using configuration file settings:

Modify the wfclient.ini configuration file to enable the required keyboard layout.

Sync only once – when session launches:

With this feature enabled, when launching a session, the active keyboard layout on the client device is synchronized to VDA. Based on the KeyboardLayout value in the wfclient.ini file, the client keyboard layout is synchronized to the server when the session launches. If the KeyboardLayout value is set to 0, the system keyboard is synchronized to VDA. If the KeyboardLayout value is set to a specific language, the language-specific keyboard is synchronized to VDA.

To select this mode, do the following:

1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.

2. Add the following entries:

   KeyboardSyncMode=Once
   KeyboardEventMode=Unicode/Scancode
   <!--NeedCopy-->
   

Unicode keyboard input mode is the recommended option for the Sync only once – when session launches mode.

Allow dynamic sync:

With this feature enabled, when the keyboard layout changes on the client device during a session, the keyboard layout of the session changes correctly.

To select this mode, do the following:

1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.

2. Add the following entries:

   KeyboardSyncMode=Dynamic
   KeyboardEventMode=Unicode (or KeyboardEventMode= Scancode)
   <!--NeedCopy-->
   

Unicode keyboard input mode is the recommended option for the Allow dynamic sync mode.

Don’t sync:

With this feature enabled, the VDA side keyboard layout is used, irrespective of the keyboard layout that is selected in the client device.

To select this mode, do the following:

1. Navigate to the $HOME/.ICAClient/wfclient.ini configuration file.

2. Add the following entries:

   KeyboardSyncMode=No
   KeyboardEventMode= Scancode (or KeyboardEventMode= Unicode)
   <!--NeedCopy-->
   

Scancode keyboard input mode is the recommended option for the Don’t sync mode. You must make sure that the client keyboard layout is the same as the VDA side keyboard layout if you configure to Unicode for Don’t Sync option.

Note:

When you set KeyboardSyncMode="" (empty) in the wfclient.ini file, the mode reverts to the earlier behavior. In the earlier behavior, the keyboard layout is read from the $HOME/.ICAClient/wfclient.ini file and sent to the VDA along with other client information when the session starts.

Keyboard Input Mode

Citrix recommends the following keyboard input mode for the different keyboard layout sync options:

• Scancode mode for Don’t Sync option.
• Unicode mode for Allow dynamic sync and Sync only once - when session launches options.

You can change the configuration of KeyboardEventMode in the wfclient.ini file. However, for best performance, use the Citrix-recommended modes for different scenarios, physical keyboards, and client devices.

Keyboard input mode enhancements [Technical Preview]

Previously, you were able to enable different keyboard input modes only by updating the value of KeyboardEventMode in the configuration file. There was no UI option to select the keyboard input mode.

Starting with Citrix Workspace app 2209, you can configure different keyboard input modes from the newly introduced Keyboard input mode settings section. You can select Scancode or Unicode as keyboard input mode.

To configure keyboard input mode by using the GUI, do the following:

1. From the Citrix Workspace app icon in the notification area, select Preferences. The Citrix Workspace – Preferences dialog box appears.

2. Click Keyboard. You can see the newly added the Keyboard input mode settings section.

   

3. Select one of the following options:

   • Scancode – Sends the key position from client-side keyboard to VDA and VDA generates the corresponding character. Applies server-side keyboard layout.
   • Unicode - Sends the key from the client-side keyboard to VDA and VDA generates the same character in VDA. Applies client-side keyboard layout.

   By default, the Keyboard input mode settings is selected as Unicode. For more information on keyboard input mode, see the Configure keyboard layout section in the Keyboard layout synchronization documentation.

4. Click Save and Close.

Note:

The keyboard configuration changes take effect once you reconnect to the application. If you change the keyboard input mode in the UI, the parameter value of the KeyboardEventMode in the wfclient.ini file is also updated automatically.

For example, consider a scenario where you’re using a US international keyboard layout and the VDA is using the Russian keyboard layout.

When you choose Scancode and type the key next to Caps lock, the scancode 1E is sent to the VDA. The VDA then uses 1E to display the character ф.

If you choose Unicode and type the key next to Caps lock, the character a is sent to the VDA. So, even if the VDA uses the Russian keyboard layout, the character a appears on the screen.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Support for extended keyboard layouts [Technical Preview]

Starting with Citrix Workspace app version 2209, the Scancode keyboard input mode supports the following extended keyboard layouts:

• Japanese 106 keyboard
• Portuguese ABNT/ABNT2 keyboards
• Multimedia keyboards

The Scancode keyboard input mode supports the extended keyboard layouts along with all keyboard layout synchronization modes.

This support is enabled by default.

Note:

Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.

Keyboard layout support for Windows VDA and Linux VDA

VDA keyboard layout

The VDA keyboard layout feature helps you use the VDA keyboard layout regardless of the client’s keyboard layout settings. It supports the following types of keyboard: PC/XT 101, 102, 104, 105, 106.

To use the server-side keyboard layout:

1. Launch the wfclient.ini file.

2. Change the value of the KeyboardLayout attribute as follows:

   KeyboardLayout=(Server Default)

   The default value for the KeyboardLayout attribute is (User Profile).

3. Relaunch the session for the changes to take effect.

File type association

A Citrix Virtual Apps Services might also publish a file, rather than an application or desktop. This process is referred to as publishing content, and allows pnabrowse to open the published file.

There’s a limitation to the type of files that the Citrix Workspace app recognizes. Only when a published application is associated with the file type of the published file:

• The system recognizes the file type of the published content
• Users can view the file through Citrix Workspace app

For example, to view a published Adobe PDF file using Citrix Workspace app, an application such as Adobe PDF Viewer must be published. Unless a suitable application is published, users can’t view the published content.

To enable FTA on the client-side:

1. Verify that the app that you want to associate is a favorite or a subscribed application.

2. To get the list of published applications and the server URL, run the commands:

   ./util/storebrowse -l
   
   ./util/storebrowse -S <StoreFront URL>
   <!--NeedCopy-->
   

3. Run the ./util/ctx_app_bind command with the following syntax:

   ./util/ctx_app_bind [-p] example_file|MIME-type published-application [server|server-URI]

   for example, ./util/ctx_app_bind a.txt BVT_DB.Notepad_AWTSVDA-0001 https://awddc1.bvt.local/citrix/store/discovery

4. Verify that the file that you’re trying to open is client drive mapping (CDM) enabled.
5. Double-click the file to open it using the associated application.

Associating a published application with file types

Citrix Workspace app reads and applies the settings configured by administrators in Citrix Studio.

Prerequisite:

Verify that you connect to the Store server where the FTA is configured.

To link a file name extension with a Citrix Workspace app for Linux application:

1. Publish the application.
2. Log on to Citrix Studio.
3. Right-click the application and select Properties.
4. Select Location.

5. Add “%**” in the Command-line argument (optional) field to bypass the command-line validation and then click OK.

   

6. Right-click the application and select Properties.
7. Select File Type Association.
8. Select all the extensions that you want Citrix Workspace app to associate with the application.
9. Click Apply and Update file types.
10. Follow the steps mentioned in File type association to enable FTA on the client-side.

Note:

The StoreFront file type association must be ON. By default, file type association is enabled.

Support for Citrix Analytics

Starting with version 2006, Citrix Workspace app is updated to transmit data to Citrix Analytics Service from ICA sessions that you launch from a browser.

For more information on how Citrix Analytics uses this information, see Self-Service Search for Performance and Self-service search for Virtual Apps and Desktops.

Citrix Workspace app for Linux is instrumented to securely transmit logs to Citrix Analytics when the app triggers certain events. The logs are analyzed and stored on Citrix Analytics servers when enabled. For more information about Citrix Analytics, see Citrix Analytics.

Transparent user interface

The Citrix ICA protocol uses the Transparent User Interface Virtual Channel [TUI VC] protocol to transmit data between Citrix Virtual Apps and Desktops or Citrix DaaS and host servers. The TUI protocol transmits user interface [UI] component messages for remote connections.

Citrix Workspace app for Linux supports the TUI VC feature. This feature helps the client to receive the TUI packets sent by the server, and the client can access the UI-related components. This functionality helps you to control the display of the default overlay screen. You can toggle the VDTUI flag in the module.ini file: VDTUI - On/Off

Starting with version 1912, the VDTUI flag is set to On by default. As a result, the “Starting <Application>” dialog box no longer appears when you launch an app. Instead, a “Connecting <Application>” dialog appears with a progress bar. The dialog also displays the progress of the app launch. However, if you set the flag to Off, the “Starting <Application>” dialog rendered on top of other application windows, covering the login prompt.

For more information on Virtual Channels, see Citrix ICA virtual channels in the Citrix Virtual Apps and Desktops documentation.