Configure
When using Citrix Workspace app for Linux, the following configuration steps allow users to access their hosted applications and desktops.
Settings
Configuration files
To change advanced or less common settings, you can modify Citrix Workspace app’s configuration files. These configuration files are read each time wfica
starts. You can update various files depending on the effect you want the changes to have.
If session sharing is enabled, an existing session might be used instead of a newly reconfigured one. This setting might cause the session to ignore changes you made in a configuration file.
Default settings
If you want to change the default for all Citrix Workspace app users, modify the module.ini
configuration file in the $ICAROOT/config
directory.
Note:
If an entry in
All\_Regions.ini
is set to a specific value, the value for that entry inmodule.ini
isn’t used. The values inAll\_Regions.ini
take precedence over the value inmodule.ini
.
Template file
If the $HOME/.ICAClient/wfclient.ini
file does not exist, wfica
creates it by copying $ICAROOT/config/wfclient.template
. When you change this template file, the changes are applied to all the Citrix Workspace app users.
User settings
To apply configuration changes for a user, modify the wfclient.ini
file in the user’s $HOME/.ICAClient
directory. The settings in this file apply to future connections for that user.
Validate configuration file entries
To limit the values for entries in wfclient.ini
, specify the allowed options or ranges of options in All\_Regions.ini
.
If you specify only one value, that value is used. The $HOME/.ICAClient/All\_Regsions.ini
file can match or reduce the possible values set in the $ICAROOT/config/All\_Regions.ini
file, it can’t take away restrictions.
Note:
The value set in
wfclient.ini
takes precedence over the value inmodule.ini
.
Parameters
The parameters listed in each file are grouped into sections. Each section begins with a name in brackets that indicates parameters that belong together; for example, \[ClientDrive\]
for parameters related to client drive mapping (CDM).
Defaults are automatically supplied for any missing parameters except where indicated. If a parameter is present but not assigned a value then the default value is automatically applied. For example, consider the InitialProgram
parameter is followed by an equal sign (=) and no value is provided. In this example, the default value (not to run a program after logging in) is applied.
Precedence
The All\_Regions.ini
file specifies parameters that the other files can set. It can restrict the values of parameters or set them exactly.
For any given connection, the files are checked in the following order:
-
All\_Regions.ini
- The values in this file override those values in:- The connections
.ICA
file wfclient.ini
- The connections
-
module.ini
- The values in this file are used if they have not been set inAll\_Regions.ini
, the connections.ICA
file, orwfclient.ini
. However, these values aren’t restricted with the entries inAll\_Regions.ini
.
If no value is found in any of these files, the default in the Citrix Workspace app code is used.
Note:
There are exceptions to this order of precedence. For example, the code reads some values specifically from
wfclient.ini
for security reasons.
Persistent login [Technical Preview]
The Persistent login feature enables you to stay logged in for up to the duration (2 to 365 days) configured by your admin. When this is enabled, you need not provide login credentials for the Citrix Workspace App during the configured period.
With this functionality, the SSO to Citrix DaaS sessions is extended up to a period of 365 days depending upon the lifetime of Long-Lived Tokens. Your credentials are cached by default for 4 days (or Lifetime whichever is lower) and then extended when you become active within these 4 days (by connecting to Citrix Workspace App).
Note:
Technical previews are available for customers to test in their non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for feature previews but welcomes feedback for improving them. Citrix might or might not act on feedback based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed in production environments.
Configure the persistent login feature
An admin need to configure the persistent login on the Workspace environment using the following procedure:
- Sign in to Citrix Cloud.
- In the Citrix Cloud console, click the menu in the upper left corner of the screen.
- Select the Workspace Configuration option > Customize > Preferences.
- Scroll down to Reauthentication Period for Workspace App.
- Click Edit next to the Current Reauthentication Period field.
- Enter the required days in the Current Reauthentication Period field.
- You need to enter two days or more in the Current Reauthentication Period field.
For more information, see the instructions in the Reauthentication Period for Workspace App section in the following image:
Experience with enhanced authentication
The persistent login window is embedded within the self-service window.
-
Access the Citrix Workspace app. The authentication window appears.
-
Sign in with your credentials. You are redirected to the Permission prompt to accept.
-
Click Allow.
Note:
If you select Deny for consent, you would see a second login prompt and you need to sign in to Citrix Workspace app for every 24 hours.
Disable the persistent login feature
An admin can disable the persistent login feature in the Citrix Cloud UI or in the AuthManConfig.xml
file. However, the value set in the AuthManConfig.xml
file overrides the value set in the Citrix Cloud UI.
Using Citrix Cloud UI
- Sign in to Citrix Cloud.
- In the Citrix Cloud console, click the menu in the upper left corner of the screen.
- Select the Workspace Configuration option > Customize > Preferences.
- Scroll down to Reauthentication Period for Workspace App.
- Click Edit next to the Current Reauthentication Period field.
- Enter one day in the Current Reauthentication Period field.
Using AuthManConfig.xml file
To disable persistent feature, do the following
- Navigate to
<ICAROOT>/config/AuthManConfig.xml
file. -
Set the values as follows:
<!-- AuthManLiteEnabled - enable AML - true/false --> <key>AuthManLiteEnabled</key> <value>true</value> <AuthManLite> <primaryTokenLifeTime>1.00:00:00</primaryTokenLifeTime> <secondaryTokenLifeTime>0.01:00:00</secondaryTokenLifeTime> <longLivedTokenSupport>false</longLivedTokenSupport> <nativeLoggingEnabled>true</nativeLoggingEnabled> <platform>linux</platform> <saveTokens>true</saveTokens> </AuthManLite> <!--NeedCopy-->
Email-based auto-discovery of store
Note:
This feature is generally available for Citrix Workspace app.
You can now provide your email address in Citrix Workspace app to automatically discover the store associated with the email address. If there are multiple stores associated with a domain, by default the first store returned by the Global App Configuration Service is added as the store of choice. Users can always switch to another store if necessary.
To disable this feature, do the following:
- Navigate to
$ICAROOT/config/AuthManConfig.xml
file. -
Set the following entry to false.
<key>AppConfigEnabled</key> <value>false</value> <!--NeedCopy-->
Creating custom user-agent strings in network request
Starting with 2109 version, Citrix Workspace app introduces an option to append the User-Agent strings in the network request and identify the source of a network request. Based on this User-Agent strings request, you can decide how to manage your network request. This feature allows you to accept network requests only from trusted devices.
Note:
- This feature is supported on cloud deployments of Citrix Workspace app. Also, x86, x64, and ARMHF are the supported packages.
To customize the User-Agent strings, do the followings:
- Locate the
$ICAROOT/config/AuthManConfig.xml
configuration file. - Add a value to the following entry:
<UserAgentSuffix> </UserAgentSuffix>
Example that includes App and Version in the customized text:
<UserAgentSuffix>App/AppVersion </UserAgentSuffix>
If you’re adding App and AppVersion, separate them by a forward slash (“/”).
-
If the network request is from the UI-based Citrix Workspace app, the following User-Agent appears in the network requests:
CWAWEBVIEW/CWAVersion App/AppVersion
-
If the network request isn’t from the UI-based Citrix Workspace app, the following User-Agent appears in the network requests:
CWA/CWAVersion App/AppVersion
Notes:
- If you aren’t adding AppVersion at the end of the UserAgentSuffix string, the Citrix Workspace app version is appended in the network requests.
- Restart
AuthManagerDaemon
andServiceRecord
for the changes to take effect.
Feature flag management
If an issue occurs with Citrix Workspace app in production, we can disable an affected feature dynamically in Citrix Workspace app even after the feature ships. To do so, we use feature flags and a third-party service called LaunchDarkly.
You do not need to make any configurations to enable traffic to LaunchDarkly, unless you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to LaunchDarkly via specific URLs or IP addresses, depending on your policy requirements. You can enable traffic and communication to LaunchDarkly in the following ways:
Enable traffic to the following URLs
- events.launchdarkly.com
- stream.launchdarkly.com
- clientstream.launchdarkly.com
- firehose.launchdarkly.com
- mobile.launchdarkly.com
- app.launchdarkly.com
List IP addresses in an allow list
If you must list IP addresses in an allow list, for a list of all current IP address ranges, see the LaunchDarkly public IP list. You can use this list to verify that your firewall configurations are updated automatically in keeping with the infrastructure updates. For details about the status of the infrastructure changes, see the LaunchDarkly Status page.
LaunchDarkly system requirements
Verify that published apps can communicate with the following services if you have split tunneling on Citrix ADC set to OFF:
- LaunchDarkly service
- APNs listener service
Provision to disable LaunchDarkly service
Starting with version 2205, you can disable LaunchDarkly service on Citrix Workspace app.
To disable the LaunchDarkly service, do the following:
- Navigate to the
<ICAROOT>/config/module.ini
folder and go to the LaunchDarkly section. - Select the entry
EnableLaunchDarkly
and set it to Disable.
Service continuity
Note:
This feature is generally available for Citrix Workspace app.
Service continuity removes or minimizes the dependency on the availability of components that are involved in the connection process. Users can launch their Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) regardless of the health status of the cloud services.
For information on requirements that support service continuity on Citrix Workspace app, see System Requirements.
For information on installing service continuity with Citrix Workspace app, see Installing Service Continuity.
For more information, see the Service continuity section in the Citrix Workspace documentation.
Pinning multi-monitor screen layout
Starting with Version 2103, you can save the selection for multi-monitor screen layout. The layout is how a desktop session is displayed. Pinning helps to relaunch a session with the selected layout, resulting in an optimized user experience.
As a prerequisite, you must enable this feature in the AuthManConfig.xml
file. Navigate to $ICAROOT/config/AuthManConfig.xml
and add the following entries:
<key>ScreenPinEnabled</key>
<value> true </value>
<!--NeedCopy-->
Only after adding the preceding key, you can see the Screen Layout option in the App indicator icon. For more information about app indicator icon, see App indicator icon.
To select the screen layout, click the app indicator icon in the taskbar, and select Screen Layout. The Screen Layout dialog appears.
Alternately, you can launch the Screen Layout dialog by pressing Ctrl+m keys when on the self-service window.
Select a virtual desktop from the drop-down menu. The layout selection is applied only to the desktop that you select.
Select one or more tiles to form a rectangular selection for the layout. The session then appears as per the layout selection.
Limitations:
- Enabling screen pinning disables the save layout feature in a session.
- This feature is applicable only on desktops that are marked as favorite.
Application Categories
Application Categories allow users to manage collections of applications in Citrix Workspace app. You can create application groups for the following:
- Applications shared across different delivery groups
- Applications used by a subset of users within delivery groups
For more information, see Create an application group in the Citrix Virtual Apps and Desktops documentation.
App protection
DISCLAIMER
App protection policies work by filtering access to required functions of the underlying operating system. Specific API calls are required to capture screens or keyboard presses. This feature means that app protection policies can provide protection even against custom and purpose-built hacker tools. However, as operating systems evolve, new ways of capturing screens and logging keys can emerge. While we continue to identify and address them, we can’t guarantee full protection in specific configurations and deployments.
App protection is an add-on feature that provides enhanced security when you use Citrix Virtual Apps and Desktops. The feature restricts the ability of clients to be compromised with keylogging and screen-capturing malware. App protection prevents exfiltration of confidential information such as user credentials and sensitive information that are displayed on the screen. The feature prevents users and attackers from taking screenshots and from using keyloggers to glean and exploit sensitive information.
Notes:
- This feature is supported when Citrix Workspace app is installed by using the tarball, Debian, and Red Hat Package Manager (RPM) packages. Also, x64 and ARMHF are the only supported architectures.
- This feature is supported in on-premises deployments of Citrix Virtual Apps and Desktops. Also, in deployments using the Citrix Virtual Apps and Desktops Service with StoreFront.
App protection requires that you install an add-on license on your License Server. A Citrix Virtual Desktops license must also be present. For information on Licensing, see the Configure section in the Citrix Virtual Apps and Desktops.
Starting with Version 2108, the app protection feature is now fully functional. The app protection feature supports apps and desktop sessions and is enabled by default. However, you must configure the app protection feature in the AuthManConfig.xml
file to enable it for the authentication manager and the Self-Service plug-in interfaces.
Starting with this version, you can launch protected resources from Citrix Workspace app while Mozilla Firefox is running.
Prerequisite:
App protection works best with the following operating systems along with the Gnome Display Manager:
- 64-bit Ubuntu 18.04+, except Ubuntu 21.10.
- 64-bit Debian 9+
- 64-bit CentOS7.5+
- 64-bit RHEL7.5+
- ARMHF 32-bit Raspbian 10 (Buster)+
Note:
App protection feature does not support the operating systems that use
glibc
2.34 or later.If you install the Citrix Workspace app with app protection feature enabled on OS that uses
glibc
2.34 or later, the OS boot might fail on restarting the system. To recover from the OS boot failure, do any of the following:
- Reinstall the OS. However, we do not support the app protection feature on the OS that uses
glibc
2.34 or later.- Go to Recovery mode of the OS and uninstall the Citrix Workspace app using terminal.
- Boot through the live OS and remove the
rm -rf /etc/ld.so.preload
file from the existing OS.
Installing the app protection component:
When you install the Citrix Workspace app using the tarball package, the following message appears.
“Do you want to install the app protection component? Warning: You can’t disable this feature. To disable it, you must uninstall Citrix Workspace app. For more information, contact your system administrator. [default $INSTALLER_N]:”
Enter Y to install the app protection component.
By default, the app protection component isn’t installed.
Restart your machine for the changes to take effect. App protection work as expected only after you restart your machine.
Installing the app protection component on RPM packages:
Starting with Version 2104, app protection is supported on the RPM version of Citrix Workspace app.
To install app protection, do the following:
- Install Citrix Workspace app.
- Install the app protection
ctxappprotection<version>.rpm
package from the Citrix Workspace app installer. - Restart the system for the changes to take effect.
Installing the app protection component on Debian packages:
Starting with Version 2101, app protection is supported on the Debian version of Citrix Workspace app.
For silent installation of the app protection component, run the following command from the terminal before installing Citrix Workspace app:
export DEBIAN_FRONTEND="noninteractive"
sudo debconf-set-selections <<< "icaclient app_protection/install_app_protection select yes"
sudo debconf-show icaclient
* app_protection/install_app_protection: yes
sudo apt install -f ./icaclient_<version>._amd64.deb
<!--NeedCopy-->
Starting with Version 2106, Citrix Workspace app introduces an option to configure the anti-keylogging and anti-screen-capturing functionalities separately for both the authentication manager and Self-Service plug-in interfaces.
Configuring app protection for authentication manager:
Navigate to $ICAROOT/config/AuthManConfig.xml
and edit the file as follows:
/opt/Citrix/ICAClient/config$ cat AuthManConfig.xml | grep -i authmananti -A 1
<key>AuthManAntiScreenCaptureEnabled</key>
<value>true</value>
<key>AuthManAntiKeyLoggingEnabled</key>
<value>true </value>
<!--NeedCopy-->
Configuring app protection for the Self-Service plug-in interface:
Navigate to $ICAROOT/config/AuthManConfig.xml
and edit the file as follows:
/opt/Citrix/ICAClient/config$ cat AuthManConfig.xml | grep -i protection -A 4
<!-- Selfservice app protection configuration -->
<Selfservice>
<AntiScreenCaptureEnabled>true</AntiScreenCaptureEnabled>
<AntiKeyLoggingEnabled>true</AntiKeyLoggingEnabled>
</Selfservice>
<!--NeedCopy-->
Known issues:
- When you minimize a protected screen, app protection continues to run in the background.
Limitation:
- Sometimes, you can’t launch protected resources when an application that is installed from the Snap Store is running. As a workaround, identify the application that causes the issue from the Citrix Workspace app log file. Also, close the application.
- When you’re trying to take a screenshot of a protected window, the entire screen, including the non-protected apps in the background, are grayed out.
Battery status indicator
The battery status of the device now appears in the notification area of a Citrix Desktop session.
Note:
Starting with the 2111 version, the battery status indicator appears for server VDAs also.
The battery status indicator is enabled by default.
To disable the battery status indicator:
- Navigate to the
<ICAROOT>/config/module.ini
folder. - Go to the
ICA 3.0
section. - Set the
MobileReceiver= Off
.
Customer Experience Improvement Program (CEIP)
Data collected | Description | What we use it for |
---|---|---|
Configuration and usage data | The Citrix Customer Experience Improvement Program (CEIP) gathers configuration and usage data from Citrix Workspace app for Linux and automatically sends the data to Google Analytics. | This data helps Citrix improve the quality, reliability, and performance of Citrix Workspace app. |
Additional information
Citrix handles your data following the terms of your contract with Citrix. Also, protects it as specified in the Citrix Services Security Exhibit available on the Citrix Trust Center.
Citrix also uses Google Analytics to collect certain data from Citrix Workspace app as part of CEIP. You might review how Google handles data collected for Google Analytics.
Clear sending CEIP data to Citrix and Google Analytics (except for the data collected for Google Analytics indicated by * in the second table in the following section) by:
- Navigate to the
<ICAROOT>/config/module.ini
folder and go to theCEIP
section. - Select the entry
EnableCeip
and set it toDisable
.
Note:
After you set the
EnableCeip
key toDisable
, you can disable sending the final two CEIP data elements collected by Google Analytics. These data elements are Operating System version and Workspace app version. For this action, navigate to the following section and set the value as suggested:
Location: <ICAROOT>/config/module.ini
Section: GoogleAnalytics
Entry: DisableHeartBeat
Value: True
The specific CEIP data elements collected by Google Analytics are:
Operating system version* | Workspace app version* | App name | Client ID |
Session launch method | Compiler version | Hardware platform |
App indicator icon
The app indicator starts when you launch Citrix Workspace app. It’s an icon that is present in the notification area. With the introduction of the app indicator, the Citrix Workspace app for Linux logon performance is improved.
You can observe performance improvement when you:
- First launch of Citrix Workspace app
- Close and relaunch the app
- Quit and relaunch the app
Note:
The
libappindicator
package is required for the app indicator to appear. Install thelibappindicator
package suitable for your Linux distribution from the web.
ICA-to-X proxy
You can use a workstation running Citrix Workspace app as a server and redirect the output to another X11-capable device. You might want to do this task to deliver Microsoft Windows applications to X terminals or to UNIX workstations for which Citrix Workspace app isn’t available.
Note:
Citrix Workspace app software is available for many X devices, and installing the software on these devices is the preferred solution in these cases. Running Citrix Workspace app in this way, as an ICA-to-X proxy, is also referred to as server-side ICA.
When you run Citrix Workspace app, you can think of it as an ICA-to-X11 converter that directs the X11 output to your local Linux desktop. However, you can redirect the output to another X11 display. You can run extra copies of Citrix Workspace app simultaneously on one system. In this case, each Citrix Workspace app sends its output to a different device.
This graphic shows a system with Citrix Workspace app for Linux set up as an ICA-to-X proxy:
To set up this type of system, you need a Linux server to act as the ICA-to-X11 proxy:
- If you have X terminals already, you can run Citrix Workspace app on the Linux server that usually supplies the X applications to the X terminals.
- If you want to deploy UNIX workstations for which Citrix Workspace app isn’t available, you need an extra server to act as the proxy. This server can be a PC running Linux.
Applications are supplied to the final device using X11, using the capabilities of the ICA protocol. By default, you can use drive mapping only to access the drives on the proxy. This setting isn’t a problem if you’re using X terminals (which usually do not have local drives). If you’re delivering applications to other UNIX workstations, you can either:
- NFS mounts the local UNIX workstation on the workstation acting as the proxy, then point a client drive map at the NFS mount point on the proxy.
- Use an NFS-to-SMB proxy such as SAMBA, or an NFS client on the server such as Microsoft Services for UNIX.
Some features aren’t passed to the final device:
- USB redirection
- Smart card redirection
- COM port redirection
- Audio isn’t delivered to the X11 device, even if the server acting as a proxy supports audio.
- Client printers aren’t passed through to the X11 device. You access the UNIX printer from the server manually using LPD printing, or use a network printer.
- Redirection of multimedia input isn’t supported because it requires a webcam on the machine that runs Citrix Workspace app, where the server acts as a proxy. However, redirection of multimedia output supports when
GStreamer
installed on the server acting as a proxy (untested).
To start Citrix Workspace app with server-side ICA from an X terminal or a UNIX workstation:
-
Use ssh or telnet to connect to the device acting as the proxy.
-
In a shell on the proxy device, set the DISPLAY environment variable to the local device. For example, in a C shell, type:
setenv DISPLAY <local:0>
Note:
If you use the command
ssh -X
to connect to the device acting as the proxy, you do not need to set the DISPLAY environment variable. -
At a command prompt on the local device, type xhost <proxy server name>
-
Verify whether Citrix Workspace app is installed in the default installation directory. If not installed, verify that the environment variable ICAROOT is set to point to the actual installation directory.
-
Locate the directory where Citrix Workspace app is installed. At a command prompt, type
selfservice &
.
Server-client content redirection
Server-client content redirection enables administrators to specify that URLs in a published application are opened using a local application. For example, opening a link to a webpage while using Microsoft Outlook in a session opens the required file using the browser on the user device.
Server-client content redirection enables administrators to give Citrix resources more efficiently, by that provides better performance to the users. The following types of URL can be redirected:
- HTTP
- HTTPS
- RTSP (Real Player)
- RTSPU (Real Player)
- PNM (Older Real Players)
The URL is opened using the server application when:
- Citrix Workspace app does not have an appropriate application
- Citrix Workspace app can’t directly access the content
Server-client content redirection is configured on the server. This feature is enabled by default in Citrix Workspace app if the path includes RealPlayer and one of Firefox, Mozilla, or Netscape.
To enable server-client content redirection if RealPlayer and a browser aren’t in the path:
-
Open the configuration file
wfclient.ini
. -
In the [Browser] section, modify the following settings:
Path=path
Command=command
The path is the directory where the browser executable is located. The command is the name of the executable used to handle redirected browser URLs, appended with the URL sent by the server. For example:
$ICAROOT/nslaunch
Netscape, Firefox, MozillaThis setting specifies the following:
- The
nslaunch
utility is run to push the URL into an existing browser window - Each browser in the list is tried in turn until content can be displayed successfully
- The
-
In the [Player] section, modify the following settings:
Path=path
Command=command
The path is the directory where the RealPlayer executable is located. The command is the name of the executable used to handle the redirected multimedia URLs, appended with the URL sent by the server.
-
Save and close the file.
Note:
For both path settings, you need to specify the directory where the browser and RealPlayer executables are available. You do not need to specify the full path to the executables. For example, in the [Browser] section, the path might be set to /usr/X11R6/bin rather than /usr/X11R6/bin/netscape. Also, you can specify extra directory names as a colon-separated list. If these settings aren’t specified, the user’s current $PATH is used.
To clear server-client content redirection from Citrix Workspace:
- Open the
module.ini
configuration file. - Change the
CREnabled
setting toOff
. - Save and close the file.
Connection
Configure connections
On devices with limited processing power or where limited bandwidth is available, there’s a trade-off between performance and functionality. Users and administrators can choose an acceptable mixture of rich functionality and interactive performance. Making one or more of these changes, often on the server not the user device, can reduce the bandwidth that a connection requires and can improve performance:
- Enable SpeedScreen Latency Reduction - The SpeedScreen Latency Reduction improves performance over high latency connections. For this improvement, an instant feedback is provided to the user in response to typed data or mouse clicks. Use the SpeedScreen Latency Reduction Manager to enable this feature on the server. By default, in Citrix Workspace app, this feature is disabled for keyboard and only enabled for the mouse on high latency connections. See the Citrix Workspace app for Linux OEM’s Reference Guide.
- Enable data compression - Data compression reduces the amount of data transferred across the connection. This configuration requires more processor resources to compress and decompress the data, but it can increase performance over low-bandwidth connections. Use the Citrix Audio Quality and Image Compression policy settings to enable this feature.
- Reduce the window size - Change the window size to the minimum that is comfortable. On the farm set the Session Options.
- Reduce the number of colors - Reduce the number of colors to 256. On the Citrix Virtual Apps and Desktops or Citrix DaaS site, set the Session Options.
- Reduce sound quality - If audio mapping is enabled, reduce the sound quality to the minimum setting using the Citrix Audio quality policy setting.
For information about troubleshooting, see Connections in the troubleshooting section.
Font
ClearType font smoothing
ClearType font smoothing (also known as subpixel font rendering) improves the quality of displayed fonts beyond the available quality through traditional font smoothing or anti-aliasing. You can turn this feature on or off. Or you specify the type of smoothing by editing the following setting in the [WFClient] section of the appropriate configuration file:
FontSmoothingType = number
Where the number can take one of the following values:
Value | Behavior |
---|---|
0 | The local preference on the device is used. The FontSmoothingTypePref setting defines this value. |
1 | No smoothing |
2 | Standard smoothing |
3 | ClearType (horizontal subpixel) smoothing |
Both standard smoothing and ClearType smoothing can increase Citrix Workspace app’s bandwidth requirements.
Important:
The server can configure
FontSmoothingType
through theICA
file. This value takes precedence over the value set in [WFClient].
If the server sets the value to 0, the following setting in the [WFClient] determines the local preference: FontSmoothingTypePref = number
Where a number can take one of the following values:
Value | Behavior |
---|---|
0 | No smoothing |
1 | No smoothing |
2 | Standard smoothing |
3 | ClearType (horizontal subpixel) smoothing (default) |
Folder
Configure special folder redirection
In this context, there are only two special folders for each user:
- The user’s Desktop folder
- The user’s Documents folder (My Documents on Windows XP)
Special folder redirection enables you to specify the locations of a user’s special folders. As a result, these folders remain fixed across different server types and server farm configurations. It is important if, for example, a mobile user logs on to servers in different server farms. For static, desk-based workstations, where the user can log on to servers that reside in a single-server farm, special folder redirection is rarely necessary.
To configure special folder redirection:
Enable special folder redirection by making an entry in the module.ini file and specify the folder locations as follows:
-
Add the following text to module.ini (for example, $ICAROOT/config/module.ini):
[ClientDrive]
SFRAllowed = True
DocumentsFolder = documents
DesktopFolder = desktop
where documents and desktop are the UNIX file names, including the full path, of the directories to use as the users Documents and Desktop folders respectively. For example:
DesktopFolder = $HOME/.ICAClient/desktop
- You can specify any component in the path as an environment variable, for example, $HOME.
- Specify values for both parameters.
- The directories you specify must be available through client device mapping. That is, the directory must be in the subtree of a mapped client device.
- Use the drive letters C or higher.
Client-drive mapping
Client drive mapping allows drive letters on the Citrix Virtual Apps and Desktops and Citrix DaaS server to be redirected to directories that exist on the local user device. For example, drive H in a Citrix user session can be mapped to a directory on the local user device running the Workspace app.
Client drive mapping can make any directory mount on the local user device. The local user device includes a CD-ROM, DVD, or a USB memory stick, that are available to the user during a session. Also, the local user has permission to access the local user device. When a server is configured to allow client drive mapping:
- users can access their locally stored files
- Use the files during their session
- and then save them again either on a local drive or on a drive on the server.
Citrix Workspace app supports client device mapping for connections to Citrix Virtual Apps and Desktops and Citrix DaaS servers. This feature enables a remote application that runs on the server to access devices attached to the local user device. The applications and system resources appear to the user at the user device as if they’re running locally. Verify that client device mapping is supported on the server before using these features.
Note:
The Security-Enhanced Linux (SELinux) security model can affect the operation of the Client Drive Mapping and USB Redirection features. This model is applicable on both Citrix Virtual Apps and Desktops and Citrix DaaS. If you require either or both of these features, disable SELinux before configuring them on the server.
Two types of drive mapping are available:
- Static client drive mapping - Enables administrators to map any part of a user device’s file system to a specified drive on the server at logon. For example, it can be used to map all or part of a user’s home directory or /tmp. Also, map the mount points of mass storage devices such as CD-ROMs, DVDs, or USB memory sticks.
- Dynamic client drive mapping - Monitors the directories in which mass storage devices such as CD-ROMs, DVDs, and USB memory sticks are typically mounted on the user device. And any new ones that appear during a session are automatically mapped to the next available drive letter on the server.
When Citrix Workspace app connects to Citrix Virtual Apps and Desktops or Citrix DaaS, client drive mappings are reestablished unless client device mapping is disabled. You can use policies to give you more control over how client device mapping is applied. For more information, see the Citrix Virtual Apps and Desktops documentation.
Users can map drives using the Preferences dialog box.
Note:
By default, enabling static client drive mapping also enables dynamic client drive mapping. To disable the latter but enable the former, set
DynamicCDM
toFalse
inwfclient.ini
.
Previously, your setting for file access through CDM was applied on all configured stores.
Starting with Version 2012, Citrix Workspace app allows you to configure per-store CDM file access.
Note:
The file access setting isn’t persistent across sessions when using workspace for web. It defaults to the Ask me each time option.
You can use the wfclient.ini
file to configure the mapped path and file name attributes. Use the GUI to set a file access level as shown in the preceding screen capture.
In a desktop session, you can set a file access level by navigating to the Preferences > File access dialog from the Desktop Viewer.
In an app session, you can set a file access level by launching the File access dialog from Citrix Connection Center.
The File access dialog includes the mapped folder name and its path.
The access level flag isn’t supported in the wfclient.ini
file anymore.
Map client-printers
Citrix Workspace app supports printing to network printers and printers that are attached locally to user devices. By default, unless you create policies to change it, Citrix Virtual Apps and Desktops and Citrix DaaS lets users:
- Print to all printing devices accessible from the user device
- Add printers
These settings, however, might not be perfect in all environments. For example, the default setting that allows users to print to all printers accessible from the user device is the easiest to administer initially. But the default setting might create slower logon times in some environments. In this situation, you might want to limit the list of printers configured on the user device.
Likewise, your organization’s security policies might require that you prevent users from mapping local printing ports. To do so, on the server configure the ICA policy Auto connect client COM ports setting to Disabled.
To limit the list of printers configured on the user device:
-
Open the configuration file, wfclient.ini, in one of the following:
- $HOME/.ICAClient directory to limit the printers for a single user
- $ICAROOT/config directory to limit the printers for all Workspace app users. All users in this case are those users who first use the self-service program after the change.
-
In the [WFClient] section of the file type:
ClientPrinterList=printer1:printer2:printer3
Where printer1, printer2, and so on, are the names of the chosen printers. Separate printer name entries by a colon (:).
-
Save and close the file.
Map a local printer
The Citrix Workspace app for Linux supports the Citrix PS Universal Printer Driver. So, usually no local configuration is required for users to print to network printers or printers that are attached locally to user devices. You might manually map client printers on Citrix Virtual Apps and Desktops or Citrix DaaS for Windows if, for example, the user device’s printing software does not support the universal printer driver.
To map a local printer on a server:
-
From Citrix Workspace app, start a server connection and log on to a computer running Citrix Virtual Apps and Desktops or Citrix DaaS.
-
On the Start menu, choose Settings > Printers.
-
On the File menu, choose Add Printer.
The Add Printer wizard appears.
-
Use the wizard to add a network printer from the Client Network, Client domain. Usually this value is a standard printer name, similar to values created by native Remote Desktop Services, such as “HP LaserJet 4 from client name in session 3.”
For more information about adding printers, see your Windows operating system documentation.
Audio
Starting with Version 2112, the VdcamVersion4Support
attribute in the module.ini
file is renamed to AudioRedirectionV4
. The default value for AudioRedirectionV4
is set to False
. As a result:
- the ALSA library is used to access the audio devices and only single device is supported.
- default audio device with the name Citrix HDX Audio appears in the session.
- only one app can use the Citrix HDX Audio device at a time.
You can set the value for AudioRedirectionV4
to True
. As a result:
- the PulseAudio library is used to access the audio devices and extra devices are supported.
- more than one app can use the audio devices at a time.
- Citrix Workspace app displays all local audio devices that are available in a session. Instead of Citrix HDX Audio, the audio devices appear with their respective device names. You can switch to any of the available devices dynamically in a session.
- sessions update dynamically when you plug in or remove audio devices.
- audio device redirection is supported with HDMI and Bluetooth audio devices.
To enable this feature, do the following:
- Navigate to the
<ICAROOT>/config
folder and open themodule.ini
file. -
Go to the [ClientAudio] section and add the following entry:
AudioRedirectionV4=True
- Restart the session for the changes to take effect.
Notes:
- The enhanced audio redirection feature is in Technical Preview.
- The Mic and Webcam option in the Preferences dialog is disabled by default. For information on how to enable mic and webcam, see Preferences.
Known limitations:
By default, the AudioRedirectionV4
value is set to False
. If you haven’t changed the default value, the following known limitations are present:
- On a VDA running on Windows Server 2016, you can’t change the audio device selection in a session. The selection is set to the default audio input and output only. This limitation is resolved when you set the
AudioRedirectionV4
value toTrue
. - Audio device redirection isn’t supported with Bluetooth audio devices. This limitation is resolved when you set the
AudioRedirectionV4
value toTrue
. - You can change the default audio device only on Windows 10, Windows 7, and Windows 8 operating systems. On Windows Server operating systems, such as Windows Server 2012, 2016, and 2019, you can’t change the default audio device. This issue is because of a limitation in the Microsoft remote desktop session.
- Audio device redirection isn’t supported with HDMI audio devices. This limitation is resolved when you set the
AudioRedirectionV4
value toTrue
. However, the Citrix Workspace app might display HDMI audio devices that aren’t connected in a session.
When the AudioRedirectionV4
value is False
, the default audio device is typically the default ALSA device configured for your system. Use the following procedure to specify a different device:
- Choose and open a configuration file according to which users you want your changes to affect. See default settings for information about how updates to particular configuration files affect different users.
-
Add the following option, creating the section if necessary:
[ClientAudio] AudioDevice = \<device\> <!--NeedCopy-->
In this section, the device information is present in the ALSA configuration file on your operating system.
Note:
The location of this information isn’t standard across all Linux operating systems. Citrix recommends consulting your operating system documentation for more details about locating this information.
Map client audio
Client audio mapping enables applications that run on the Citrix Virtual Apps and Desktops or Citrix DaaS server to play sounds through a sound device installed on the user device. You can set audio quality on a per-connection basis on the server and users can set it on the user device. If the user device and server audio quality settings are different, the lower setting is used.
Client audio mapping can cause excessive load on servers and the network. The higher the audio quality, the more bandwidth is required to transfer the audio data. Higher-quality audio also uses more server CPU to process.
You configure client audio mapping using policies. For more information, see the Citrix Virtual Apps and Desktops documentation.
Enabling UDP audio
UDP audio can improve the quality of phone calls made over the Internet. It uses User Datagram Protocol (UDP) instead of TCP.
Starting with Version 2109, Citrix Workspace app supports Adaptive audio. With adaptive audio, you don’t need to manually configure the audio quality policies on the VDA. Adaptive audio optimizes settings for your environment and replaces obsolete audio compression formats to provide an excellent user experience. Adaptive audio is enabled by default. For more information, see Adaptive audio.
Starting with Version 2112, Citrix Workspace app supports Datagram Transport Layer Security (DTLS) protocol for UDP audio. As a result, you can access the UDP audio through Citrix Gateway. By default, this feature is disabled.
Starting with version 2202, the enhancement to support UDP audio through Citrix Gateway is generally available for Citrix Workspace app.
To enable UDP audio:
- Set the following options in the [ClientAudio] section of module.ini:
- Set
EnableUDPAudio
toTrue
. By default, this value is set toFalse
, which disables UDP audio. - Specify the minimum and maximum port numbers for UDP audio traffic using
UDPAudioPortLow
andUDPAudioPortHigh
respectively. By default, ports 16500–16509 are used.
- Set
- By default, adaptive audio is enabled on the VDA and supports UDP audio. If you have disabled adaptive audio, set client and server audio settings as follows to support UDP audio. As a result, the resultant audio is of a medium quality (that is, not high or low).
Audio quality on client | Audio quality on client | Audio quality on client | ||
---|---|---|---|---|
High | Medium | Low | ||
Audio quality on server | High | High | Medium | Low |
Audio quality on server | Medium | Medium | Medium | Low |
Audio quality on server | Low | Low | Low | Low |
To enable UDP audio through Citrix Gateway:
- Navigate to the
<ICAROOT>/config
folder and open themodule.ini
file. -
Go to the [WFClient] section and set the following entry:
EnableUDPThroughGateway=True
-
Go to the [ClientAudio] section and set the following entry:
EnableUDPAudio=True
Note:
If you use the StoreFront default.ica configuration, the value of
EnableUDPThroughGateway
set in the [Application] section takes precedence over the value set in themodule.ini
file. However, you can set theEnableUDPAudio
value in the [ClientAudio] section only using themodule.ini
file. Also, it does not take precedence over the value set in the StoreFront default.ica configuration.
Limitations:
- UDP audio isn’t available in encrypted sessions (that is, those using TLS or ICA Encryption). In such sessions, audio transmission uses TCP.
- The ICA channel priority can affect UDP audio.
UDP on the client
- Navigate to the
$ICAROOT/config/module.ini
file. -
Set the following under the [ClientAudio] section:
EnableUDPAudio=True
UDPAudioPortLow=int
UDPAudioPortHigh=int
-
Set the following under the [WFClient] section:
EnableUDPThroughGateway=True
- Navigate to the
$HOME/.ICAClient/wfclient.ini
file. -
Set the following under the [WFClient] section:
AllowAudioInput=True
EnableAudioInput=true
AudioBandWidthLimit=1
Notes:
- The values set for the
AllowAudioInput
,EnableAudioInput
, andAudioBandWidthLimit
attributes in the [WFClient] section are applicable to both UDP audio and TCP audio. - If the
.ICAClient
folder isn’t found (occurs only in first-time installation and launching) launch the Citrix Workspace app and close. This action creates the.ICAClient
folder. - When the
AudioBandWidthLimit
is set to 1, the audio quality on the client is medium.
- The values set for the
-
Set the following policies on the Domain Delivery Controller (DDC):
- Set “Windows Media redirection” to “Prohibited”.
- Set “Audio over UDP” to “Allowed”.
- Set “Audio over UDP real-time transport” to “Enabled.
- Set “Audio quality” to “Medium”.
Changing how Citrix Workspace app is used
ICA technology is highly optimized and typically does not have high CPU and bandwidth requirements. However, if you’re using a very low-bandwidth connection, consider the following to preserve performance:
- Avoid accessing large files using client drive mapping. When you access a large file with client drive mapping, the file is transferred over the server connection. On slow connections, this file transfer might take a long time.
- Avoid printing large documents on local printers. When you print a document on a local printer, the print file is transferred over the server connection. On slow connections, this file transfer might take a long time.
- Avoid playing multimedia content. Playing multimedia content uses many bandwidths and can cause reduced performance.
Enabling audio input
To enable input for audio:
- Navigate to the
<ICAROOT>/config
folder and open thewfclient.ini
file. -
Go to the [WFClient] section and set the following entry:
AllowAudioInput=True
Note:
The value set for the
AllowAudioInput
attribute applies to both the UDP audio and TCP audio.
USB
USB support enables users to interact with a wide range of USB devices when connected to a virtual desktop. Users can plug USB devices into their computers and the devices are redirected to their virtual desktop. USB devices available for remoting include flash drives, smartphones, PDAs, printers, scanners, MP3 players, security devices, and tablets.
USB redirection requires either Citrix Virtual Apps and Desktops 7.6 or later. Citrix Virtual Apps and Desktops and Citrix DaaS do not support USB redirection of mass storage devices and requires special configuration to support audio devices. For more information, see Citrix Virtual Apps 7.6 documentation for details.
Isochronous features in USB devices such as webcams, microphones, speakers, and headsets are supported in typical low latency or high speed LAN environments. But usually the standard audio or webcam redirection are more suitable.
The following types of device are supported directly in a virtual apps and desktops session, and so do not use USB support:
- Keyboards
- Mice
- Smart cards
- Headsets
- Webcams
Note:
Specialist USB devices (for example, Bloomberg keyboards and 3D mice) can be configured to use USB support. For information on configuring policy rules for other specialist USB devices, see CTX119722.
By default, certain types of USB devices aren’t supported for remoting through Citrix Virtual Apps and Desktops or Citrix DaaS. For example, a user might have a NIC attached to the system board by internal USB. Remoting this NIC wouldn’t be appropriate. By default, the following types of USB device aren’t supported for use in the virtual apps and desktops:
- Bluetooth dongles
- Integrated NICs
- USB hubs
To update the default list of USB devices available for remoting, edit the usb.conf
file in the $ICAROOT/
folder. For more information, see the Update the list of USB devices available for remoting section.
To allow the remoting of USB devices to virtual desktops, enable the USB policy rule. For more information, see the Citrix Virtual Apps and Desktops documentation.
How USB support works
When a user plugs in a USB device, it’s checked against the USB policy, and, if allowed, redirected to the virtual desktop. If the default policy denies the device, it’s available only to the local desktop.
For desktops accessed through desktop appliance mode, when a user plugs in a USB device, that device is automatically redirected to the virtual desktop. The virtual desktop controls the USB device and displays it in the user interface.
The session window must have focus when the user plugs in the USB device for redirection to occur, unless desktop appliance mode is in use.
Mass storage devices
If a user disconnects from a virtual desktop when a USB mass storage device is still plugged in to the local desktop, that device isn’t redirected to the virtual desktop when the user reconnects. To verify that the mass storage device is redirected to the virtual desktop, the user must remove and reinsert the device after reconnecting.
Note:
If you insert a mass storage device into a Linux workstation that has been configured to deny remote support for USB mass storage devices, Citrix Workspace app does not accept the device. And a separate Linux file browser might open. So, Citrix recommends that you pre-configure user devices with the Browse removable media when inserted setting cleared by default. On Debian-based devices, do this using the Debian menu bar by selecting Desktop > Preferences > Removable Drives and Media. And on the Storage tab, under Removable Storage, clear the Browse removable media when inserted check box.
For the Client USB device redirection, note the following points.
Notes:
- If the Client USB device redirection server policy is turned on, the mass storage devices are directed as USB devices even if client drive mapping is turned on.
- The app does not support composite device redirection for USB devices.
USB classes
The default USB policy rules allow the following classes of USB device:
-
Audio (Class 01)
Includes microphones, speakers, headsets, and MIDI controllers.
-
Physical Interface (Class 05)
These devices are similar to HIDs, but generally provide real-time input or feedback and include force feedback joysticks, motion platforms, and force feedback exoskeletons.
-
Still Imaging (Class 06)
Includes digital cameras and scanners. Digital cameras support the still imaging class that uses the Picture Transfer Protocol (PTP) or Media Transfer Protocol (MTP) to transfer images to a computer or other peripheral. Cameras might also appear as mass storage devices. And it might be possible to configure a camera to use either class, through the setup menus provided by the camera itself.
If a camera appears as a mass storage device, client drive mapping is used, and USB support isn’t required.
-
Printers (Class 07)
In general most printers are included in this class, although some use vendor-specific protocols (class ff). Multi-function printers might have an internal hub or be composite devices. In both cases, the printing element generally uses the Printers class and the scanning or fax element uses another class; for example, Still Imaging.
Printers normally work appropriately without USB support.
-
Mass Storage (Class 08)
The most common mass storage devices are USB flash drives; others include USB-attached hard drives, CD/DVD drives, and SD/MMC card readers. There’s a wide variety of devices having internal storage which also presents a mass storage interface; these include media players, digital cameras, and mobile phones. Known subclasses include:
- 01 Limited flash devices
- 02 Typically CD/DVD devices (ATAPI/MMC-2)
- 03 Typically tape devices (QIC-157)
- 04 Typically floppy disk drives (UFI)
- 05 Typically floppy disk drives (SFF-8070i)
-
06 Most mass storage devices use this variant of SCSI
Mass storage devices can often be accessed through client drive mapping, and so USB support isn’t required.
Important: Some viruses are known to propagate actively using all types of mass storage. Consider carefully whether there’s a business requirement to allow the use of mass storage devices, either through client drive mapping, or USB support. To reduce this risk, the server might be configured to prevent files being run-through client drive mapping.
-
Content Security (Class 0d)
Content security devices enforce content protection, typically for licensing or digital rights management. This class includes dongles.
-
Personal Healthcare (Class 0f)
These devices include personal healthcare devices such as blood pressure sensors, heart rate monitors, pedometers, pill monitors, and spirometers.
-
Application and Vendor Specific (Classes fe and ff)
Many devices use vendor-specific protocols or protocols not standardized by the USB consortium, and these devices usually appear as vendor-specific (class ff).
USB device classes
The default USB policy rules deny the following classes of USB devices:
-
Communications and CDC Control (Classes 02 and 0a)
Includes modems, ISDN adapters, network adapters, and some telephones and fax machines.
The default USB policy does not allow these devices, because one of them might be providing the connection to the virtual desktop itself.
-
Human Interface Devices (Class 03)
Includes a wide variety of both input and output devices. Typical Human Interface Devices (HIDs) are keyboards, mice, pointing devices, graphic tablets, sensors, game controllers, buttons, and control functions.
Subclass 01 is known as the boot interface class and is used for keyboards and mice.
The default USB policy does not allow USB keyboards (class 03, subclass 01, protocol 1), or USB mice (class 03, subclass 01, protocol 2). This setting is because most keyboards and mice are handled appropriately without USB support. And it’s normally necessary to use these devices locally as well remotely when connecting to a virtual desktop.
-
USB Hubs (Class 09)
USB Hubs allow extra devices to be connected to the local computer. It isn’t necessary to access these devices remotely.
-
Smart card (Class 0b)
Smart card readers include contactless and contact smart card readers, and also USB tokens with an embedded smart card equivalent chip.
Smart card readers are accessed using smart card remoting and do not require USB support.
-
Video (Class 0e)
The video class covers devices that are used to manipulate video or video-related material, such as webcams, digital camcorders, analog video converters, some television tuners, and some digital cameras that support video streaming.
By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression.
-
Wireless Controllers (Class e0)
Includes a wide variety of wireless controllers, such as ultrawide band controllers and Bluetooth.
Some of these devices might be providing critical network access, or connecting critical peripherals such as Bluetooth keyboards or mice.
The default USB policy does not allow these devices. However, there might be particular devices it’s appropriate to provide access to using USB support.
List of USB devices
You can update the range of USB devices available for remoting to desktops. To update the range, edit the list of default rules in the usb.conf
file on the user device in $ICAROOT/
.
You update the list by adding new policy rules to allow or deny USB devices not included in the default range. Rules created by an administrator in this way control which devices are offered to the server. The rules on the server control which of these devices to be accepted.
The default policy configuration for disallowed devices is:
DENY: class=09 # Hub devices
DENY: class=03 subclass=01 # HID Boot device (keyboards and mice)
DENY: class=0b # Smartcard
DENY: class=e0 # Wireless Controllers
DENY: class=02 # Communications and CDC Control
DENY: class=03 # UVC (webcam)
DENY: class=0a # CDC Data
ALLOW: # Ultimate fallback: allow everything else
USB policy rules
Tip: When creating policy rules, see the USB Class Codes, available from the USB website at
http://www.usb.org/. Policy rules in the usb.conf
file on the user device take the format {ALLOW:|DENY:} followed by a set of expressions based on values for the following tags:
Tag | Description |
---|---|
VID | Vendor ID from the device descriptor |
REL | Release ID from the device descriptor |
PID | Product ID from the device descriptor |
Class | Class from either the device descriptor or an interface descriptor |
SubClass | SubClass from either the device descriptor or an interface descriptor |
Prot | Protocol from either the device descriptor or an interface descriptor |
When creating policy rules, be aware of the following:
- Rules are case-insensitive.
- Rules might have an optional comment at the end, introduced by “#.” A delimiter isn’t required and the comment is ignored for matching purposes.
- Blank and pure comment lines are ignored.
- Whitespace used as a separator is ignored, but can’t appear in the middle of a number or identifier. For example, Deny: Class=08 SubClass=05 is a valid rule; Deny: Class=0 8 Sub Class=05 isn’t.
- Tags must use the matching operator “=.” For example, VID=1230.
Example
The following example shows a section of the usb.conf
file on the user device. For these rules to be implemented, the same set of rules must exist on the server.
ALLOW: VID=1230 PID=0007 \# ANOther Industries, ANOther Flash Drive
DENY: Class=08 SubClass=05 \# Mass Storage Devices
DENY: Class=0D \# All Security Devices
Start-up modes
Using desktop appliance mode, you can change how a virtual desktop handles previously attached USB devices. In the WfClient section of the $ICAROOT/config/module.ini
file on each user device, set DesktopApplianceMode = Boolean
as follows.
TRUE | Any USB devices that are already plugged in start-up provided the device is not disallowed with a Deny rule in the USB policies on either the server (registry entry) or the user device (policy rules configuration file). |
FALSE | No USB devices start up. |
Webcams
By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression. In some circumstances, however, you might require users to connect webcams using USB support. To connect webcams using USB support, disable HDX RealTime Webcam Video Compression.
Webcam redirection
Following are a few points on webcam redirection:
-
Webcam redirection is compatible with and without RTME.
-
Webcam redirection works for 32-bit and 64-bit applications. For example, Skype, GoToMeeting. Use a 32-bit browser or 64-bit browser to verify webcam redirection online. For example, www.webcamtests.com
-
Webcam usage is exclusive to applications. For example, when Skype is running with a webcam and you launch GoToMeeting, exit Skype to use the webcam with GoToMeeting.
Webcam redirection for 64-bit apps (Technical Preview)
Starting with the 2111 release, webcam redirection is supported for 64-bit applications.
System requirements
-
GStreamer
framework version 0.1.x or 1.x depending on the current version installed in the system. -
ICAClient
version greater than 2106 in case it is usingGStreamer
1.x -
Gstreamer
version and plug-ins:gstreamer1.0-plugins-base
gstreamer1.0-plugins-bad
gstreamer1.0-plugins-good
gstreamer1.0-plugins-ugly
-
gstreamer1.0-vaapi plugin
andlibva
library - x264 library
Note:
The version of the
GStreamer
plug-in must be consistent with the version of theGStreamer
framework. For example, if you install theGstreamer
1.2.4, the version of allGstreamer
1.x plug-ins must be 1.2.4.
Webcam redirection configuration
Do the following steps to activate and configure webcam redirection feature for 64-bit apps on Citrix Workspace app for Linux.
Step 1: Verify the ICAClient configuration
Set the AllowAudioInput
value to True
to enable the webcam redirection feature. By default, this value is set to True
during the installation of ICAClient
.
If the AllowAudioInput
value is set to False
, do the following to enable the webcam redirection feature:
- Navigate to $HOME/.ICAClient/wfclient.ini path.
-
Set the
AllowAudioInput
value toTrue
.AllowAudioInput=True
Step 2: Verify the Theora encoder configuration
After you have successfully installed the ICAClient
and the AllowAudioInput
value is set to True
, by default the Theora encoder is configured. This encoder is a software-based encoder with acceptable performance. However, this encoder supports only 32-bit apps on a VDA.
Do the following to verify that the Theora encoder supports 32-bit apps:
- Install Firefox 32-bit on a VDA.
- Access the webcam test site at
https://webcamtests.com/
The Theora encoder does not support the webcam redirection feature for 64-bit apps on a VDA. Configure the H264 encoder option to support the webcam redirection feature for 64-bit apps on VDA.
Step 3: Configure H264 encoder
H264 encoder supports the webcam redirection feature for 64-bit apps on the VDA. To enable the H264 encoder, you must do the following:
- Navigate to $HOME/.ICAClient/wfclient.ini path.
-
Set the
HDXH264InputEnabled
value toTrue
.HDXH264InputEnabled=True
Do the following to verify that the H264 encoder supports 64-bit apps:
- Install Firefox 64-bit on a VDA.
- Access the webcam test site at
https://webcamtests.com/
.
Step 4: Verify system dependencies
After configuring the H264 encoder, if the webcam redirection feature does not support 64-bit apps on the VDA verify the system dependencies.
The webcam redirection feature for the 64-bit app is based on the GStreamer
framework. The ICAClient
uses GStreamer
framework version 0.1.x or 1.x depending on the current version installed in your system.
Step 4.1: Verify ICAClient version
Verify whether the ICAClient
version is greater than 2106 in case it is using GStreamer
1.x. Previous versions of ICAClient
might fail.
Do the following steps to verify the ICAClient
version is based on the GStreamer
framework installed in your system:
- Open the terminal.
- Navigate to /opt/Citrix/ICAClient/util path.
-
Run the following command:
ls -alh <!--NeedCopy-->
-
Verify whether the
gst_read symlink
is linked togst_read1.0
orgst_read0.1.
as shown in the following image:
You can also run the workspaceappcheck.sh
script in the util
directory and verify the output of the section referring to GStreamer
dependencies.
Citrix recommends using the ICAClient
version greater than or equal to 2106 and GStreamer
1.x.
Step 4.2: Verify Gstreamer version and plug-ins
Apart from the GStreamer
1.x framework, you must install the following required plug-ins:
Gstreamer1.0-plugins-base
Gstreamer1.0-plugins-bad
Gstreamer1.0-plugins-good
Gstreamer1.0-plugins-ugly
Gstreamer1.0-vaapi plugin
ibva library
x264 library
For more information to install the preceding plugins
, see the GStreamer
installation guide.
Note:
The version of the
GStreamer
plug-in must be consistent with the version of theGStreamer
framework. For example, if you installGstreamer1.2.4
, the version of allGstreamer1.x
plug-ins must be 1.2.4.
Run the following command to check the current version of the GStreamer
framework:
gst-inspect-1.0 --gst-version
<!--NeedCopy-->
For information about troubleshooting, see Webcam in the troubleshooting section.
Xcapture
The Citrix Workspace app package includes a helper application, xcapture. This application assists the exchange of graphical data between the server clipboard and non-ICCCM-compliant X Window applications on the X desktop. Users can use xcapture to:
- Capture dialog boxes or screen areas and copy them between the user device desktop (including non-ICCCM-compliant applications) and an application running in a connection window
- Copy graphics between a connection window and X graphics manipulation utilities xmag or xv
To start xcapture from the command line:
At the command prompt, type /opt/Citrix/ICAClient/util/xcapture
and press ENTER (where /opt/Citrix/ICAClient is the directory in which you installed Citrix Workspace app).
To copy from the user device desktop:
- From the xcapture dialog box, click From Screen. The cursor changes to a crosshair.
- Choose from the following tasks:
- Select a window. Move the cursor over the window that you want to copy and click the middle mouse button.
- Select a region. Hold down the left mouse button and drag the cursor to select the area you want to copy.
- Cancel the selection. Click the right mouse button. While dragging, you can cancel the selection by clicking the right button before releasing the middle or left mouse button.
- From the xcapture dialog box, click To ICA. The xcapture button changes color to show that it is processing the information.
- When the transfer is complete, use the appropriate paste command in an application launched from the connection window.
To copy from xv to an application in a connection window:
- From xv, copy the information.
- From the xcapture dialog box, click From XV and then click To ICA. The xcapture button changes color to show that it is processing the information.
- When the transfer is complete, use the appropriate paste command in an application launched from the connection window.
To copy from an application in the connection window to xv:
- From the application in a connection window, copy the information.
- From the xcapture dialog box, click From ICA and then click To XV. The xcapture button changes color to show that it is processing the information.
- When the transfer is complete, paste the information into xv.
Cursor
Support for cursor color inverting
Previously, the Citrix Workspace app displayed a dotted cursor that appeared the same in color to the black and white background of a text. As a result, it was difficult to locate the position of the cursor.
Starting with Version 2112, the cursor color inverts based on the background color of a text. As a result, you can easily locate the position of the cursor in the text. By default, this feature is disabled.
Prerequisites:
-
If
.ICAClient
is already present in the home folder of the current user:Delete
All_Regions.ini
fileOr,
To retain the
All_Regions.ini
file, add the following lines at the end of the [Virtual Channels\Thinwire Graphics] section:InvertCursorEnabled=
InvertCursorRefreshRate=
InvertCursorMode=
If the .ICAClient
folder is not present then it indicates a fresh install of the Citrix Workspace app. In that case, the default setting for the feature is retained.
To enable this feature, do the following:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
configuration file. -
Go to [Thinwire3.0] section and set the following entry:
InvertCursorEnabled=True
Note:
The cursor does not invert when the value for the Use video codec for compression policy in Citrix Studio is set to
Do not use video codec
.
Mouse
Relative Mouse
Relative Mouse support provides an option to interpret the mouse position in a relative rather than absolute manner. This capability is required for applications that demand relative mouse input rather than absolute.
Note:
This feature is available only in sessions running on Citrix Virtual Apps and Desktops 7.8 (or later) or Citrix DaaS. It’s disabled by default.
To enable the feature:
In the file $HOME/.ICAClient/wfclient.ini
, in the section [WFClient], add the entry RelativeMouse=1.
This step enables the feature but keeps it inactive until you activate it. For more information on enabling relative mouse features, see Alternative Relative Mouse values section.
To activate the feature:
Type Ctrl/F12.
After the feature is enabled, type Ctrl/F12 again to synchronize the server pointer position with the client. The server and client pointer positions aren’t synchronized when using Relative Mouse.
To deactivate the feature:
Type Ctrl-Shift/F12.
The feature is also switched off when a session window loses focus.
Alternative Relative Mouse values
Alternatively, consider using the following values for RelativeMouse:
- RelativeMouse=2 Enables the feature and activates it whenever a session window gains focus.
- RelativeMouse=3 Enables, activates, and keeps the feature activated always.
- RelativeMouse=4 Enables or disables the feature when the client-side mouse pointer is hidden or shown. This mode is suitable for automatically enabling or disabling the relative mouse for first-person gaming-style application interfaces.
To change the keyboard commands, add settings like:
- RelativemouseOnChar=F11
- RelativeMouseOnShift=Shift
- RelativemouseOffChar=F11
- RelativeMouseOffShift=Shift
The supported values for RelativemouseOnChar and RelativemouseOffChar are listed under [Hotkey Keys] in the config/module.ini file in the Citrix Workspace app installation tree. The values for RelativeMouseOnShift and RelativeMouseOffShift set the modifier keys to be used and are listed under the [Hotkey Shift States] heading.
Keyboard
Keyboard behavior
To generate a remote Ctrl+Alt+Delete key combination:
- Decide which key combination creates the Ctrl+Alt+Delete combination on the remote virtual desktop.
- In the WFClient section of the appropriate configuration file, configure UseCtrlAltEnd:
- True means that Ctrl+Alt+End passes the Ctrl+Alt+Delete combination to the remote desktop.
- False (default) means that Ctrl+Alt+Enter passes the Ctrl+Alt+Delete combination to the remote desktop.
Generic redirection
Configuring the Bloomberg v4 keyboard through Generic USB Redirection on the client side:
As a prerequisite, the policy must be enabled in the Domain Delivery Controller (DDC).
-
Find the vid and pid of the Bloomberg keyboard. For example, in Debian and Ubuntu run the following command:
lsusb
-
Go to $ICAROOT and edit the usb.conf file.
-
Add the following entry in the usb.conf file to allow the Bloomberg keyboard for USB redirection, and then save the file.
ALLOW: vid=1188 pid=9545
-
Restart the
ctxusbd
daemon on the client. For example, in Debian and Ubuntu run the following command:systemctl restart ctxusbd
-
Launch a client session. Make sure that the session has focus while plugging in the Bloomberg v4 keyboard for redirection.
Selective redirection
This feature allows the use of the Bloomberg v4 keyboard interface across multiple sessions. This functionality provides flexibility to use the keyboard in all remote sessions except the fingerprint and audio interfaces. The fingerprint and audio interfaces are redirected to single sessions as before.
You can achieve Bloomberg keyboard redirection as follows:
-
through generic USB redirection
-
through generic USB redirection and with selective redirection support
Note:
By default, this feature is enabled for x86 and x64 platforms and is disabled for ARMHF platforms.
To enable the feature:
-
Edit the BloombergRedirection section as follows in the config/All_Regions.ini file.
BloombergRedirection=true
-
Do all the steps mentioned in Generic redirection.
To disable the feature:
-
Edit the BloombergRedirection section in the config/All_Regions.ini file.
-
Set the BloombergRedirection value to false.
BloombergRedirection=false
-
Do all the steps mentioned in Generic redirection.
Note:
Setting the value to false reverts the functionality to the behavior present in earlier versions of the client, where all the interfaces are redirected to a single session.
Browser content redirection
Chromium Embedded Framework (CEF) for Browser Content Redirection
In releases earlier to Version 1912, BCR used a WebkitGTK+ based overlay to render the content. However, on thin clients, there were performance issues. Starting with Version 1912, BCR uses a CEF-based overlay. This functionality enriches the user experience for BCR. It helps offload network usage, page processing, and graphics rendering to the endpoint.
Starting with Version 2106, CEF-based browser content redirection is fully functional. The feature is enabled by default.
If needed, you can replace the libffmpeg.so
file provided in the Workspace app package with a suitable libffmpeg.so
file that has the required codecs, in the $ICAROOT/cef/libffmpeg.so
path.
Note:
This feature isn’t supported on the ARMHF platform.
Enabling CEF-based BCR
To enable CEF-based BCR:
- Navigate to the
$ICAROOT/config/All_Regions.ini
file where, $ICAROOT is the default installation directory of Citrix Workspace app. -
Go to the
[Client Engine\WebPageRedirection]
section and set the following entry:UseCefBrowser=True
Known issues:
-
When you set the
UseCefBrowser
option totrue
in the~/.ICAClient/All_Regions.ini
, the Japanese, Chinese (Simplified), and Korean IME might not work in the input fields. Citrix Workspace app for Linux does not support the Japanese, Chinese (Simplified), and Korean IME when using Secure SaaS with Citrix Embedded Browser. -
When you attempt to launch a webpage redirection using CEF-based BCR, you might receive an unknown certificate error. The issue occurs on Citrix Workspace app version 2106 and later. As a workaround, run the following command in the terminal to import the self-signed certificate into
nssdb
:certutil -A -n "badssl.cer" -t "C,," -d ~/.pki/nssdb -i ~/Downloads/badssl.cer <!--NeedCopy-->
The arguments in the commands are:
-
-A
- To add a certificate to the database. -
-n
- The name of the certificate. This argument is optional and can be used to add the nick name. -
"badssl.cer"
- The name of the certificate that is exported from the badssl.com site. -
-t "C,,"
--t
is for TRUSTARGS and C is for CA certificate. For more information, see the Google documentation. -
-d ~/.pki/nssdb
- The location of the database. -
-i
- Denotes the input file. This argument is to add the location and name of the certificate file.
-
For information about BCR, see Browser content redirection in the Citrix Virtual Apps and Desktops documentation.
Automatic reconnection
This topic describes the HDX Broadcast auto-client reconnection feature. Citrix recommends that you use this feature with the HDX Broadcast session reliability feature.
Users can be disconnected from their sessions because of unreliable networks, highly variable network latency, or range limitations of wireless devices. With the HDX Broadcast auto-client reconnection feature, Citrix Workspace app for Linux can detect unintended disconnections of sessions and reconnect users to the affected sessions automatically.
When this feature is enabled on the server, users do not have to reconnect manually to continue working. Citrix Workspace attempts to reconnect to the session a set number of times until there is a successful reconnection or the user cancels the reconnection attempts. If user authentication is required, a dialog box requesting credentials appears to a user during automatic reconnection. Automatic reconnection does not occur if users exit applications without logging off. Users can reconnect only to disconnected sessions.
By default, Citrix Workspace app for Linux waits 30 seconds before attempting to reconnect to a disconnected session and attempts to reconnect to that session three times.
When connecting through an AccessGateway, ACR is not available. To protect against network dropouts, ensure that Session Reliability is enabled on the server, client, and configured on the AccessGateway.
For instructions on configuring HDX Broadcast auto-client reconnection, see your Citrix Virtual Apps and Desktops documentation.
Session reliability
This topic describes the HDX Broadcast session reliability feature, which is enabled by default.
With HDX Broadcast session reliability, users continue to see a published application’s window if the connection to the application experiences an interruption. For example, wireless users enter in a tunnel might lose their connection when they enter the tunnel and regain it when they emerge on the other side. During the downtime, all of the user’s data, key presses, and other interactions are stored, and the application appears frozen. When the connection is re-established, these interactions are replayed into the application.
You can now see screen changes when the session reliability begins. With this enhancement, the session window is grayed out and a countdown timer displays the time until the next reconnection attempt occurs.
Tip
You can alter the grayscale brightness used for an inactive session using the Reconnection UI transparency level policy. By default, this value is set to 80. The maximum value can’t exceed 100 (indicates a transparent window) and the minimum value can be set to 0 (a fully blacked out screen).
When a session successfully reconnects, the countdown notification message disappears. You can interact with the desktop as usual.
Starting with the 2109 version, the session reliability notification is enabled by default.
To disable this enhancement:
- Navigate to the
/opt/Citrix/ICAClient/config/module.ini
configuration file. - In the [WFClient] section, modify the following setting:
SRNotification=False
Note:
This feature is supported only for Citrix Virtual Desktops.
When auto-client reconnection and session reliability are configured, session reliability takes precedence if there is a connection problem. Session reliability attempts to re-establish a connection to the existing session. It might take up to 25 seconds to detect a connection problem. And then takes a configurable period (the default is 180 seconds) to attempt the reconnection. If session reliability fails to reconnect, then auto-client reconnect attempts to reconnect.
If HDX Broadcast session reliability is enabled, the default port used for session communication switches from 1494 to 2598.
Citrix Workspace users cannot override the server settings.
Important:
HDX Broadcast session reliability requires that another feature, the Common Gateway Protocol, is enabled (using policy settings) on the server. Disabling the Common Gateway Protocol also disables HDX Broadcast session reliability.
Using session reliability policies
The session reliability connections policy setting enables session reliability.
The session reliability timeout policy setting has a default of 180 seconds, or three minutes. If needed, you can extend the time session reliability keeps a session open. It does not prompt you for reauthentication.
Tip
As you extend the amount of time a session is kept open, you might get distracted and walk away from your device. This situation potentially leaves the session accessible to unauthorized users.
Incoming session reliability connections use port 2598, unless you change the port number defined in the session reliability port number policy setting.
For information on configuring session reliability policies, see Session reliability policy settings.
Note:
Session reliability is enabled by default at the server. To disable this feature, configure the policy managed by the server.
Multimedia performance
The Citrix Workspace app includes a broad set of technologies that provide a high-definition user experience for today’s media-rich user environments. These technologies improve the user experience when connecting to hosted applications and desktops, as follows:
- HDX MediaStream Windows Media Redirection
- HDX MediaStream Flash Redirection
- HDX RealTime Webcam Video Compression
- H.264
Note:
Citrix supports RTOP coexistence with Citrix Workspace app for Linux Version 1901 and later with
GStreamer
0.1.
HDX MediaStream Windows Media Redirection
HDX MediaStream Windows Media Redirection overcomes the need for the high bandwidths required to provide multimedia capture and playback on virtual Windows desktops accessed from Linux user devices. Windows Media Redirection provides a mechanism for playing the media run-time files on the user device rather than on the server. As a result, reduces the bandwidth requirements for playing multimedia files.
Windows Media Redirection improves the performance of Windows Media Player and compatible players running on virtual Windows desktops. A wide range of file formats are supported, including:
- Advanced Systems Format (ASF)
- Motion Picture Experts Group (MPEG)
- Audio-Video Interleaved (AVI)
- MPEG Audio Layer-3 (MP3)
- WAV sound files
Citrix Workspace app includes a text-based translation table, MediaStreamingConfig.tbl, for translating Windows-specific media format GUIDs into MIME types GStreamer
can use. You can update the translation table to do the following:
- Add previously unknown or unsupported media filters/file formats to the translation table
- Block problematic GUIDs to force fall-back to server-side rendering.
- Add more parameters to existing MIME strings to allow for troubleshooting of problematic formats by changing a stream’s
GStreamer
parameters - Manage and deploy custom configurations that depend on the media file types supported by
GStreamer
on a user device.
With client-side fetching, you can also allow the user device to stream media directly from the URLs of the form <http://>
, <mms://>
, or <rtsp://>
rather than streaming the media through a Citrix server. The server is responsible for directing the user device to the media, and for sending control commands (including Play, Pause, Stop, Volume, Seek). But the server does not handle any media data. This feature requires advanced multimedia GStreamer
libraries on the device.
To implement HDX MediaStream Windows Media Redirection:
-
Install
GStreamer
0.10, an open-source multimedia framework, on each user device that requires it. Typically, you installGStreamer
before you install Citrix Workspace app to allow the installation process to configure Citrix Workspace app to use it.Most Linux distributions include
GStreamer
. Alternatively, you can downloadGStreamer
from http://gstreamer.freedesktop.org. -
To enable client-side fetching, install the required
GStreamer
protocol source plugins for the file types that users play on the device. You can verify that a plug-in is installed and operational using thegst-launch
utility. Ifgst-launch
can play the URL, the required plug-in is operational. For example, rungst-launch-0.10 playbin2 uri=<http://example-source/file.wmv>
and check that the video plays correctly. -
When installing Citrix Workspace app on the device, select the
GStreamer
option if you’re using the tarball script (this step is done automatically for the.deb
and.rpm
packages).
Note about the client-side fetching feature:
- By default, this feature is enabled. You can disable it using the SpeedScreenMMACSFEnabled option in the Multimedia section of All-Regions.ini. With this option set to False, Windows Media Redirection is used for media processing.
- By default, all MediaStream features use the
GStreamer
playbin2 protocol. You can revert to the earlierplaybin
protocol for all MediaStream features except Client-Side Fetching. The Client-Side Fetching feature continues to use playbin2, using theSpeedScreenMMAEnablePlaybin2
option in the Multimedia section of theAll-Regions.ini
file. - Citrix Workspace app does not recognize playlist files or stream configuration information files such as
.asx
or.nsc
files. If possible, users must specify a standard URL that does not reference these file types. Usegst-launch
to verify that a given URL is valid.
Note about GStreamer
1.0:
- By default,
GStreamer
0.10 is used for HDX MediaStream Windows Media redirection.GStreamer
1.0 is used only whenGStreamer
0.10 is not available. - If you want to use
GStreamer
1.0, use the following instructions:
- Find the install directory of the
GStreamer
plug-ins. Depending on your distribution, the OS architecture, and the way you installGStreamer
, the installation location of the plug-ins varies. The typical installation path is /usr/lib/x86_64-linux-gnu/gstreamer-1.0 or $HOME/ .local/share/gstreamer-1.0. - Find the install directory of Citrix Workspace app for Linux. The default directory for privileged (root) user installations is /opt/Citrix/ICAClient. The default directory for non-privileged user installations is $HOME/ICAClient/platform (where the platform can be linuxx64, for example). For more information, see Install and set up.
- Install libgstflatstm1.0.so by making a symbolic link in the
GStreamer
plug-ins directory: ln -sf $ICACLIENT_DIR/util/libgstflatstm1.0.so $GST_PLUGINS_PATH/libgstflatstm1.0.so. This step might require elevated permissions, with sudo, for example. - Use gst_play1.0 as the player: ln -sf $ICACLIENT_DIR/util/gst_play1.0 $ICACLIENT_DIR/util/gst_play. This step might require elevated permissions, with sudo, for example.
- If you want to use
GStreamer
1.0 in HDX RealTime Webcam Video Compression, use gst_read1.0 as the reader: ln -sf $ICACLIENT_DIR/util/gst_read1.0 $ICACLIENT_DIR/util/gst_read.
Enabling GStreamer 1.x
In releases earlier to 1912, GStreamer
0.10 was the default version supported for multimedia redirection. Starting with the 1912 release, you can configure GStreamer
1.x as the default version.
Limitations:
- When you play a video, the backward and forward seek might not work as expected.
- When you launch the Citrix Workspace app on ARMHF devices,
GStreamer
1.x might not work as expected.
To install GStreamer 1.x
Install the GStreamer
1.x framework and the following plug-ins from https://gstreamer.freedesktop.org/documentation/installing/on-linux.html:
Gstreamer-plugins-base
Gstreamer-plugins-bad
Gstreamer-plugins-good
Gstreamer-plugins-ugly
Gstreamer-libav
To build binaries locally
On some Linux OS distributions, for example, SUSE and openSUSE, the system might not find the GStreamer
packages in the default source list. In this case, download the source code and build all binaries locally:
- Download the source code from https://gstreamer.freedesktop.org/src/.
- Extract the contents.
- Navigate to the directory where the unzipped package is available.
-
Run the following commands:
$sudo ./configure $sudo make $sudo make install <!--NeedCopy-->
By default, the generated binaries are available at /usr/local/lib/gstreamer-1.0/.
For information about troubleshooting, see Knowledge Center article CTX224988.
To configure GStreamer 1.x
To configure GStreamer
1.x for use with Citrix Workspace app, apply the following configuration using the shell prompt:
- $ln -sf $ICACLIENT_DIR/util/libgstflatstm1.0.so $GST_PLUGINS_PATH/libgstflatstm1.0.so.
- $ln -sf $ICACLIENT_DIR/util/gst_play1.0 $ICACLIENT_DIR/util/gst_play
Where,
- ICACLIENT_DIR - The installation path of Citrix Workspace app for Linux.
- GST_PLUGINS_PATH - The plug-in path of
GStreamer
. For example, on a 64-bit Debian machine it is /usr/lib/x86_64-linux-gnu/gstreamer-1.0/.
Limitations:
- In releases earlier to Version 2106, the webcam redirection might fail and the session might get disconnected when using
GStreamer
version 1.15.1 or later.
HDX MediaStream Flash Redirection
HDX MediaStream Flash Redirection enables Adobe Flash content to play locally on user devices, providing users with high definition audio and video playback, without increasing bandwidth requirements.
-
Verify that your user device meets the feature requirements. For more information, see System requirements.
-
Add the following parameters to the [WFClient] section of
wfclient.ini
(for all connections made by a specific user) or to the [Client Engine\Application Launching] section ofAll\_Regions.ini
(for all users of your environment):-
HDXFlashUseFlashRemoting=Ask: Never; Always
Enables HDX MediaStream for Flash on the user device. By default, this value is set to Never. Also, users are presented with a dialog box asking them if they want to optimize Flash content when connecting to webpages containing that content.
-
HDXFlashEnableServerSideContentFetching=Disabled; Enabled
Enables or disables server-side content fetching for Citrix Workspace app. By default this value is set to Disabled.
-
HDXFlashUseServerHttpCookie=Disabled; Enabled
Enables or disables HTTP cookie redirection. By default, this value is set to Disabled.
-
HDXFlashEnableClientSideCaching=Disabled; Enabled
Enables or disables client-side caching for web content fetched by Citrix Workspace app. By default, this value is set to Enabled.
-
HDXFlashClientCacheSize= [25-250]
Defines the size of the client-side cache, in MB. This value can be any size between 25 MB and 250 MB. When the size limit is reached, existing content in the cache is deleted to allow storage of new content. By default, this value is set to 100.
-
HDXFlashServerSideContentCacheType=Persistent: Temporary; NoCaching
Defines the type of caching used by Citrix Workspace app for content fetched using server-side content fetching. By default, this value is set to Persistent.
Note: This parameter is required only if HDXFlashEnableServerSideContentFetching is set to Enabled.
-
-
Flash redirection is disabled by default. In /config/module.ini change FlashV2=Off to FlashV2=On to enable the feature.
HDX RealTime webcam video compression
HDX RealTime provides a webcam video compression option to improve bandwidth efficiency during video conferencing. This option ensures users experience optimal performance when using applications such as GoToMeeting with HDFaces, Skype for Business.
- Verify that your user device meets the feature requirements.
- Verify that the
Multimedia
virtual channel is enabled. To enable it, open the$ICAROOT/config/module.ini
file, and check thatMultiMedia
in the [ICA3.0] section is set toOn
. - Enable audio input by clicking the Use my microphone and webcam on the Mic & Webcam page of the Preferences dialog.
Disable HDX RealTime webcam video compression
By default, optimum webcam performance is provided by HDX RealTime Webcam Video Compression. In some circumstances, however, you might require users to connect webcams using USB support. To do this connection, you must do the following:
- Disable HDX RealTime Webcam Video Compression
- Enable USB support for webcams
-
Add the following parameter to the [WFClient] section of the appropriate .ini file:
AllowAudioInput=False
For more information, see default settings.
-
Open the
usb.conf
file, typically available at$ICAROOT/usb.conf
. -
Remove or comment out the following line:
DENY: class=0e # UVC (default via HDX RealTime Webcam Video Compression)
-
Save and close the file.
experimental feature
Secure SaaS with Citrix Embedded BrowserSecure access to SaaS applications provides a unified user experience that delivers published SaaS applications to the users. SaaS apps are available with single sign-on. Administrators can now protect the organization’s network and end-user devices from malware and data leaks. For this protection, you can filter access to specific websites and website categories.
Citrix Workspace app for Linux support the use of SaaS apps using the Access Control Service. The service enables administrators to provide a cohesive experience, integrating single sign-on, and content inspection.
Prerequisite:
Verify that the libgtkglext1
package is available.
Delivering SaaS apps from the cloud has the following benefits:
- Simple configuration – Easy to operate, update, and consume.
- Single sign-on – Hassle-free log on with single sign-on.
- Standard template for different apps – Template-based configuration of popular apps.
Note:
SaaS with Citrix Browser Engine is supported only on x64 and x86 platforms and not on ArmHardFloatPort (ARMHF)) hardware.
For information on how to configure SaaS apps using Access Control Services, see the Access Control documentation.
For more information about SaaS apps with Citrix Workspace app, see Workspace configuration in Citrix Workspace app for Windows documentation.
H.264
Citrix Workspace app supports the display of H.264 graphics, including HDX 3D Pro graphics, that the Citrix Virtual Apps and Desktops 7 serves. This support uses the deep compression codec feature, which is enabled by default. The feature provides better performance of rich and professional graphics applications on WAN networks compared with the existing JPEG codec.
Follow the instructions in this topic to disable the feature (and process graphics using the JPEG codec instead). You can also disable text tracking while still enabling deep compression codec support. This setting helps to reduce CPU costs while processing graphics that include complex images but relatively small amounts of text or non-critical text.
Important:
To configure this feature, do not use any lossless setting in the Citrix Virtual Apps and Desktops or Citrix DaaS Visual quality policy. If you do, H.264 encoding is disabled on the server and does not work in Citrix Workspace app.
To disable deep compression codec support:
In the wfclient.ini
file, set H264Enabled to False
. This setting also disables text tracking.
To disable text tracking only:
With deep compression codec support enabled, in the wfclient.ini
file set TextTrackingEnabled to False
.
Screen tiles
You can improve the way that JPEG-encoded screen tiles are processed using the direct-to-screen bitmap decoding, batch tile decoding, and deferred XSync
features.
-
Verify that your JPEG library supports these features.
-
In the Thinwire3.0 section of wfclient.ini, set DirectDecode and BatchDecode to True.
Note: Enabling batch tile decoding also enables deferred
XSync
.
Logging
In earlier versions, the debug.ini
and module.ini
files were used to configure logging.
As of version 2009, you can configure logging using one of the following methods:
- Command-line interface
- GUI
Also as of Version 2009, the debug.ini
configuration file is removed from the Citrix Workspace app installer package.
Logging captures the Citrix Workspace app deployment details, configuration changes, and administrative activities to a logging database. A third-party developer can apply this logging mechanism by using the logging SDK, which is bundled as part of the Citrix Workspace app Platform Optimization SDK.
You can use the log information to:
- Diagnose and troubleshoot issues that occur after any changes. The log provides a breadcrumb trail.
- Assist change management and track configurations.
- Report administration activities.
If Citrix Workspace app is installed with root user privileges, the logs are stored in the /var/log/citrix/ICAClient.log
. Otherwise, the logs are stored in ${HOME}/.ICAClient/logs/ICAClient.log
.
When Citrix Workspace app is installed, a user called citrixlog
is created to handle the logging functionality.
Command-line interface
- At the command prompt, navigate to the
/opt/Citrix/ICAClient/util
path. -
Run the following command to set the log preferences.
./setlog help
All the available commands are displayed.
The following table lists various modules and their corresponding trace class values. Use the following table for a specific command-line log value set:
Module | Log class |
---|---|
Assertions | LOG_ASSERT |
Audio Monitor | TC_CM |
BCR with CEF | TC_CEFBCR |
Client Audio Mapping | TC_CAM |
Connection Center | TC_CONNCENTER |
Client Communication Port | TC_CCM |
Client Drive Mapping | TC_CDM |
Clip | TC_CLIP |
Client Printer Mapping | TC_CPM |
Client Printer Mapping | TC_CPM |
Font | TC_FONT |
Frame | TC_FRAME |
Graphics Abstraction | TC_GA |
Input Method Editor | TC_IME |
IPC | TC_IPC |
Keyboard Mapping | TC_KEY |
Licensing Driver | TC_VDLIC |
Multimedia | TC_MMVD` |
Mouse Mapping | TC_MOU |
MS Teams | TC_MTOP |
Other Libraries | TC_LIB |
Protocol Driver | TC_PD |
PNA Store | TC_PN |
Standard Event Logs | LOG_CLASS |
SRCC | TC_SRCC |
SSPI Login | TC_CSM |
Smart Card | TC_SCARDVD |
Selfservice | TC_SS |
Selfservice Extension | TC_SSEXT |
StorefrontLib | TC_STF |
Transport Driver | TC_TD |
Thinwire | TC_TW |
Transparent Window Interface | TC_TUI |
Virtual Channel | TC_VD |
PAL | TC_VP |
UI | TC_UI |
UIDialogLibWebKit3 | TC_UIDW3 |
UIDialogLibWebKit3_ext | TC_UIDW3E |
USB Daemon | TC_CTXUSB |
Video Frame Driver | TC_VFM |
Web kit | TC_WEBKIT |
WinStation Driver | TC_WD |
Wfica |
TC_NCS |
Wfica Engine |
TC_WENG |
Wfica Shell |
TC_WFSHELL |
Web helper | TC_WH |
Zero Latency | TC_ZLC |
GUI
Go to Menu > Preferences. The Citrix Workspace-Preferences dialog appears.
At increasing levels of tracing detail, the following values are available:
- Disabled
- Only Error
- Normal
- Verbose
By default, the Logging option is set to Only Error.
Due to the large amount of data that can be generated, tracing might significantly impact the performance of Citrix Workspace app. The Verbose level is recommended only if necessary for troubleshooting.
Click Save and Close after you select the desired logging level. The changes are applied in the session dynamically.
Click the settings icon next to the Logging option drop-down menu. The Citrix Log Preferences dialog appears.
Note:
If you delete the
ICAClient.log
file, you must restart the logging servicectxlogd
.For example, if you are on a systemd-capable setup, run the following command:
systemctl restart ctxlogd
.
Enabling logging on Version 2006 and earlier:
If you are on Version 2006 and earlier, enable the logging using the following procedure:
- Download and install Citrix Workspace app on your Linux machine.
-
Set the
ICAROOT
environment variable to the installation location.For example,
/opt/Citrix/ICAClient
.By default, the
TC_ALL
trace class is enabled to provide all the traces. -
To collect logs for a particular module, open the
debug.ini
file at$ICAROOT
and add the required trace parameters to the[wfica]
section.Add the trace classes with a “+” symbol. For example,
+TC_LIB
.You can add different classes separated by the pipe symbol. For example,
+TC_LIB|+TC_MMVD
.
The following table lists the wfica
modules and their corresponding trace class values:
Module | TraceClasses value |
---|---|
Graphics | TC_TW |
EUEM | TC_EUEM |
WFICA (Session Launch) | TC_NCS |
Printing | TC_CPM |
Connection Sequence - WD | TC_WD |
Connection Sequence - PD | TC_PD |
Connection Sequence - TD | TC_TD |
Proxy related files | TC_PROXY |
Multimedia Virtual Driver / Webcam | TC_MMVD |
Virtual Drivers | TC_VD |
Client Drive Mapping | TC_CDM |
Audio | TC_CAM |
COM (Communication Port) | TC_CCM |
Seamless | TC_TWI |
Smart Card | TC_SCARDVD |
The following table lists the connection center module and their corresponding trace class value:
Module | TraceClasses value |
---|---|
Connection center | TC_CSM |
The following table lists the trace class value for setWebHelper:
TraceClasses value |
---|
Set logSwitch to 1 (to enable) or 0 (to disable) |
Example: logSwitch = 1 |
Troubleshooting:
If ctxlogd
turns unresponsive, the logs are traced in the syslog.
For information about getting new and refreshed logs in subsequent launches, see Syslog configuration.
Syslog configuration
By default, all syslog logs are saved at /var/log/syslog. To configure the path and the name of the log file, edit the following line under the [RULES] section in the /etc/rsyslog.conf
file. For example,
user.* -/var/log/logfile_name.log
Save your changes and then restart the syslog service using the command:
sudo service rsyslog restart
Points to remember:
-
To verify that a new syslog is available, delete syslog and run the command:
sudo service rsyslog restart
. -
To avoid duplicate messages, add $RepeatedMsgReduction on at the beginning of the
rsyslog.conf
file. -
To receive logs, ensure that the $ModLoad imuxsock.so line is uncommented at the beginning of the
rsyslog.conf
file.
Remote logging
To enable remote logging on:
-
Server-side configuration: uncomment the following lines in the rsyslog.conf file of the syslog server:
$ModLoad imtcp
$InputTCPServerRun 10514
-
Client-side configuration: add the following line in the
rsyslog.conf
file by replacing the localhost with the IP address of the remote server:*.* @@localhost:10514
Collecting log files
Previously, there was no tool available to collect the log files in Citrix Workspace app. Log files were present in different folders. You had to manually collect log files from different folders.
Starting with this release, Citrix Workspace app introduces collectlog.py tool to collect log files from different folders. You can run the tool using the command line. The log files are generated as a compressed log file. You can download it from the local server.
Prerequisites
- Python3
- Requires extra space to save the logs
Starting with Version 2109, two new files are added to collect log files using the collectlog.py tool:
-
logcollector.ini
file – Saves the name and path of the log file. -
collectlog.py
file – Collects the log files and saves them ascwalog_{timestamp}.tar.gz
compressed file.
By default, the [hdxteams]
component is added in the logcollector.ini
file to collect log files for Microsoft Teams. However, you can add other components also in the logcollector.ini
file using the following procedure:
- Navigate to the
${HOME}/.ICAClient/logs/ICAClient.log/logcollector.ini
file. - Add the component that you require to collect log files as per the following example:
[component_name]
log_name1 = “log_path1”
log_name2 = “log_path2”
If you are on Version 2109, collect log files using the following procedure:
- Download and install Citrix Workspace app on your Linux machine.
- At the command line, navigate to the
/opt/Citrix/ICAClient/util
path. -
Run the following command:
./collctlog.py -h
The following command usage information appears:
usage: collect_log [-h] [-c CONFIG] [-a ARCHIVE]optional arguments: -h, --help show this help message and exit -c CONFIG, --config CONFIG The logcollector.ini path & file -a ARCHIVE, --archive ARCHIVE The archive path & file
-
Run the following commands as required:
-
./collectlog.py
– Collects log files using the configuration file from the default path and saves them as a compressed log files at the default path. -
./collectlog.py -c /user_specified_path/logcollector.ini
– Collects log files using the configuration file from a user-specified path and saves them as a compressed log files at the default path. -
./collectlog.py -c /user_specified_path/logcollector.ini -a/another_user_specified_path/
– Collects log files using the configuration file from a user-specified path and saves them as a compressed log files at the user-defined path.
Note:
The default path of the
logcollector.ini
configuration file is/opt/Citrix/ICAClient/config/logcollector.ini
. The default path of the compressed log file is/tmp
. -
- Navigate to the
/tmp
folder and collect thecwalog_{timestamp }.tar.gz
compressed file.
Note:
The log files are saved in the
/tmp
folder with the file namecwalog_{timestamp}.tar.gz
.
Optimization for Microsoft Teams
Optimization for desktop-based Microsoft Teams using Citrix Virtual Apps and Desktops or Citrix DaaS and Citrix Workspace app. Optimization for Microsoft Teams is similar to HDX RealTime Optimization for Microsoft Skype for Business. The difference is that, we bundle all the necessary components for Microsoft Teams optimization into the VDA and the Workspace app for Linux.
Citrix Workspace app for Linux supports audio, video, and screen-sharing features with Microsoft Teams optimization.
Note:
- Microsoft Teams optimization is supported only on x64 Linux distributions.
- Microsoft optimization is supported in both Citrix Virtual Apps and Desktops and Citrix DaaS.
- For Thin Clients that use Dell Wyse, use the Citrix Configuration Editor to edit any parameter in the
/var/.config/citrix/hdx_rtc_engine/config.json
file. For more information see the Dell documentation.
For information on how to enable logging, follow the steps mentioned under Logging for Microsoft Teams.
For information on system requirements, see Microsoft Teams optimization requirements.
For more information, see Optimization for Microsoft Teams and Microsoft Teams redirection.
Enhancement to audio configuration
If Microsoft Teams configures auto gain control and noise suppression options, Citrix-redirected Microsoft Teams honors the values as configured. Otherwise, these options are enabled by default. However, starting from Citrix Workspace app 2104, the echo cancellation option is disabled by default. Starting from Citrix Workspace app 2112, admins can change the default settings to troubleshoot Audio issues (like robotic voice, high CPU causing choppy audio, and so on) by doing the following:
- Navigate to the /var/.config/citrix/hdx_rtc_engine/config.json file.
- Set the following options:
-
EnableAEC
value to 1 to enable and 0 to disable echo cancellation -
EnableAGC
value to 1 to enable and 0 to disable auto gain control -
EnableNS
value to 1 to enable and 0 to disable noise suppression
-
mkdir -p /var/.config/citrix/hdx_rtc_engine
vim /var/.config/citrix/hdx_rtc_engine/config.json
{
"EnableAEC":1,"EnableAGC":1,"EnableNS":1
}
<!--NeedCopy-->
After the call is established, monitor the webrpc
log (/tmp/webrpc/<current date>/)
for the following entries to verify that the changes took effect:
/tmp/webrpc/Wed_Feb__2_14_56_33_2022/webrpc.log:[040.025] Feb 02 14:57:13.220 webrtcapi.NavigatorUserMedia Info: getUserMedia. audio constraints, aec=1, agc=1, ns=1
<!--NeedCopy-->
Encoder performance estimator for Microsoft Teams
The HdxRtcEngine
is the WebRTC media engine embedded in Citrix Workspace app that handles Microsoft Teams redirection. The HdxRtcEngine.exe
can estimate the best outgoing video (encoding) resolution that the endpoint’s CPU can sustain without overloading. Possible values are 240p, 360p, 720p, and 1080p.
The performance estimation process uses macroblock code to determine the best resolution that can be achieved with the particular endpoint. The Codec negotiation during a call setup includes the highest possible resolution. The Codec negotiation can be between the peers, or between the peer and the conference server.
The following table lists the four performance categories for endpoints that have its own maximum available resolution:
Endpoint performance | Maximum resolution | Registry key value |
---|---|---|
Fast | 1080p (1920x1080 16:9 @ 30 fps) | 3 |
Medium | 720p (1280x720 16:9 @ 30 fps) | 2 |
Slow | 360p (either 640x360 16:9 @ 30 fps, or 640x480 4:3 @ 30 fps) | 1 |
Very slow | 240p (either 320x180 16:9 @ 30 fps, or 320x240 4:3 @ 30 fps) | 0 |
To set the outgoing video (encoding) resolution value, for example to 360p, run the following command from the terminal:
mkdir -p /var/.config/citrix/hdx_rtc_engine
vim /var/.config/citrix/hdx_rtc_engine/config.json
{
"OverridePerformance":1
}
<!--NeedCopy-->
Logging for Microsoft Teams
To enable logging for Microsoft Teams:
- Navigate to the
/opt/Citrix/ICAClient/debug.ini
file. -
Modify the
[HDXTeams]
section as follows:[HDXTeams] ; Retail logging for HDXTeams 0/1 = disabled/enabled HDXTeamsLogSwitch = 1 ; Debug logging; , It is in decreasing order ; LS_NONE = 4, LS_ERROR = 3, LS_WARNING = 2, LS_INFO = 1, LS_VERBOSE = 0 WebrtcLogLevel = 0 ; None = 5, Info = 4, Warning = 3, Error = 2, Debug = 1, Trace = 0 WebrpcLogLevel = 0 <!--NeedCopy-->
Logging can also be enabled by adding the following line to the config.json file:
{
"WebrpcLogLevel": 0,"WebrtcLogLevel": 0
}
<!--NeedCopy-->
Adding the libunwind-12 library dependency for llvm-12
Starting with the 2111 release, a new dependency called the libunwind-12 library is added for llvm-12. However, by default, it does not exist in the original repository. Install the libunwind-12 library manually in the repository using the following steps:
- Open the terminal.
-
Enter the following line to install the
llvm
repository key file:wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add <!--NeedCopy-->
-
Enter the following line to configure the
llvm
repository source list:sudo vim /etc/apt/sources.list <!--NeedCopy-->
-
Add the following line:
deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main deb-src http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main <!--NeedCopy-->
-
Run the following command to install the libunwind-12 library:
sudo apt-get update sudo apt-get install libunwind-12 <!--NeedCopy-->
Enhancements to Microsoft Teams optimization
- Starting with version 2101 for Citrix Workspace app:
- The Citrix Workspace app installer is packaged with the Microsoft Teams ringtones.
- Audio output switches automatically to newly plugged-in audio devices, and an appropriate audio volume is set.
- HTTP proxy support for anonymous authentication.
-
Starting with version 2103 for Citrix Workspace app, the VP9 video codec is disabled by default.
-
Starting with version 2104 for Citrix Workspace app, the echo cancellation feature is disabled by default. We recommend that you do not use your built-in speakers and microphone for calls. Use headphones instead. This fix aims to address choppy audio issues noticed on thin clients
-
Starting with version 2106 for Citrix Workspace app:
-
Previously, when you clicked Screen sharing, preview of a default or main monitor was only available for screen sharing.
With this version, preview of all screens is displayed on the screen picker menu. You can select any screen for screen sharing in the VDA environment. A red square appears on the selected monitor and a small picture of the selected screen content appears on the screen picker menu.
In seamless mode, you can select one from all screens to share. When the Desktop Viewer changes the window mode (maximized, restore, or minimize), the screen share stops.
-
-
Starting with version 2112 for Citrix Workspace app:
Note:
The following features are available only after the roll-out of a future update from Microsoft Teams. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.
-
Request control in Microsoft Teams
With this release, you can request control during a Microsoft Teams call when a participant is sharing the screen. Once you have control, you can make selections, edits, or other modifications to the shared screen.
To take control when a screen is being shared, click Request control at the top of the Microsoft Teams screen. The meeting participant who’s sharing the screen can either allow or deny your request.
While you have control, you can make selections, edits, and other modifications to the shared screen. When you’re done, click Release control.
Limitation:
The Request Control option is not available during the peer-to-peer call between an optimized user and a user on the native Microsoft Teams desktop client that is running on the endpoint. As a workaround, users can join a meeting to get the Request Control option.
-
Support for dynamic e911
With this release, Citrix Workspace app supports dynamic emergency calling. When used in Microsoft Calling Plans, Operator Connect, and Direct Routing, it provides the capability to:
- configure and route emergency calls
- notify security personnel
The notification is provided based on the current location of the Citrix Workspace app running on the endpoint, instead of the Microsoft Teams client running on the VDA. Ray Baum’s law requires the 911 caller’s dispatchable location to be transmitted to the appropriate Public Safety Answering Point (PSAP). Starting from Citrix Workspace app 2112 for Linux, Microsoft Teams Optimization with HDX is compliant with Ray Baum’s law. To support this feature, the LLDP library must be included in the Operating System distribution of the Thin Client.
-
-
Starting with version 2203 for Citrix Workspace app:
Multi-window chat and meetings for Microsoft Teams
With this release, you can use multiple windows for chat and meetings in Microsoft Teams, when optimized by HDX in Citrix Virtual Apps and Desktops 2112 or higher. You can pop out the conversations or meetings in various ways. For details about the pop-out window feature, see Microsoft Teams Pop-Out Windows for Chats and Meetings.
If you’re running an older version of Citrix Workspace app or Virtual Delivery Agent (VDA), remember that Microsoft will deprecate the single-window code in the future. However, you will have a minimum of nine months after this feature is GA to upgrade to a version of the VDA or Citrix Workspace app that supports multiple windows (2203 and greater).
Note:
This feature is available only after the roll-out of a future update from Microsoft Teams. When the update is rolled-out by Microsoft, you can check CTX253754 for the documentation update and the announcement.
Support for NetScaler App Experience (NSAP) virtual channel
Previously available as an experimental feature, the NSAP virtual channel feature is fully supported starting with version 2006. All HDX Insight data is sourced from the NSAP virtual channel exclusively and sent uncompressed. This approach improves the scalability and the performance of sessions. The NSAP virtual channel is enabled by default. To disable it, toggle the VDNSAP flag NSAP=Off
in the module.ini file.
For more information, see HDX Insight in the Linux Virtual Delivery Agent documentation, and HDX Insight in the Citrix Application Delivery Management service documentation.
Multi-monitor layout persistence
This feature retains the session monitor layout information across endpoints. The session appears at the same monitors as configured.
Prerequisite:
This feature requires the following:
- StoreFront v3.15 or later.
-
If
.ICAClient
is already present in the home folder of the current user:Delete the All_Regions.ini file
or
To retain the
All_Regions.ini
file, add the following lines at the end of the [Client Engine\Application Launching] section:SubscriptionUrl=
PreferredWindowsBounds=
PreferredMonitors=
PreferredWindowState=
SaveMultiMonitorPref=
If the .ICAClient
folder is not present then it indicates a fresh install of the Citrix Workspace app. In that case, the default setting for the feature is retained.
Use cases
- Launch a session on any monitor in windowed mode and save the setting. When you relaunch the session, it appears in the same mode, on the same monitor, and in the same position.
- Launch a session on any monitor in full-screen mode and save the setting. When you relaunch the session, it appears in full-screen mode on the same monitor.
- Stretch and span a session in windowed mode across multiple monitors and then switch to full-screen mode. The session continues in full-screen across all monitors. When you relaunch the session, it appears in full-screen mode, spanning across all monitors.
Notes:
- The layout is overwritten with every save, and the layout is saved only on the active StoreFront.
- f you launch extra desktop sessions from the same StoreFront on different monitors, saving the layout in one session saves the layout information of all the sessions.
Save layout
To enable the save layout feature:
- Install the StoreFront 3.15 or later version (equal or greater than v3.15.0.12) on a compatible Delivery Controller (DDC).
- Download the build of Citrix Workspace app 1808 or later for Linux from the Downloads page and then install it on your Linux machine.
- Set the ICAROOT environment variable to the install location.
- Check whether the All_Regions.ini file is present in the .ICAClient folder. If so, delete it.
- In the $ICAROOT/config/All_Regions.ini file, look for the field – SaveMultiMonitorPref. By default, the value of this field is “true” (meaning this feature is turned on). To toggle off this feature, set this field to false. If you update the value of SaveMultiMonitorPref, you must delete the All_Regions.ini file present in the .ICAClient folder to prevent value mismatches and a possible profile lockdown. Set or unset the SaveMultiMonitorPref flag before launching sessions.
- Launch a new desktop session.
-
Click Save Layout on the Desktop Viewer toolbar to save the current session layout. A notification appears at the bottom right of the screen, indicating success. When you click Save layout, the icon grays out. This color change indicates that saving is in progress. When the layout is saved the icon appears normal.
- Disconnect or log off from the session. Relaunch the session. The session appears in the same mode, on the same monitor, and in the same position.
Limitations and unsupported scenarios:
- Saving a layout for windowed mode session spanning across multiple monitors is not supported due to limitations with the Linux Display manager.
- Saving session information across monitors with varied resolution is not supported in this release and might result in unpredictable behavior.
- Customers deployments with extra StoreFront
Using Citrix Virtual Desktops on dual monitor
- Select the Desktop Viewer and click the down arrow.
- Select Window.
- Drag the Citrix Virtual Desktops screen between the two monitors. Verify that about half the screen is present in each monitor.
-
From the Citrix Virtual Desktop toolbar, select Full-screen.
The screen extends to both the monitors.
Workspace launcher
Citrix introduces the Workspace launcher (WebHelper) to launch published desktops and applications.
Previously, the browser plug-in provided along with Citrix Workspace app for Linux enabled users to launch published desktops and applications was based on the NPAPI.
As a solution, Citrix is introducing the Workspace launcher (WebHelper). To enable this feature, configure StoreFront to send requests to Workspace launcher to detect the Citrix Workspace app installation.
Starting with Version 1901, the Citrix Workspace launcher is compatible with direct connections to StoreFront and Citrix Gateway. This feature helps to launch the ICA file automatically and to detect the Citrix Workspace app installation.
For information about configuring StoreFront, see Solution – 2 > a) Administrator configuration in Knowledge Center article CTX237727.
Note:
Citrix Workspace launcher currently works only with direct connections to StoreFront. It isn’t supported in other cases such as connections through Citrix Gateway.
Disabling new workspace web UI mode
When you launch the Citrix Workspace app for Linux using self-service executable file from third-party thin-client vendors, the application can become unresponsive because of 100% CPU utilization.
As a workaround, to switch back to the old UI mode:
- Remove cached files by using the command:
rm -r ~/.ICAClient
- Go to
$ICAROOT/config/AuthManconfig.xml
file. - Change
CWACapableEnabled
key value to false. - Launch Citrix Workspace app for Linux. Observe that the self-service executable file loads the old UI.
Keyboard layout synchronization
Keyboard layout synchronization enables you to switch among preferred keyboard layouts on the client device. This feature is disabled by default. After you enable this feature, the client keyboard layout automatically synchronizes to the virtual apps and desktops.
Starting with version 2203, Citrix Workspace app supports the following three different keyboard layout synchronization modes:
-
Sync only once - when session launches – Based on the
KeyboardLayout
value in the wfclient.ini file, the client keyboard layout is synchronized to the server when the session launches. If theKeyboardLayout
value is set to0
, the system keyboard is synchronized to VDA. If theKeyboardLayout
value is set to a specific language, the language-specific keyboard is synchronized to VDA. Any changes you make to the client keyboard layout during the session do not take effect immediately. To apply the changes, sign out and sign in to the app. The Sync only once - when session launches mode is the default keyboard layout selected for Citrix Workspace app. - Allow dynamic sync - This option synchronizes the client keyboard layout to the server when you change the client keyboard layout.
- Don’t sync - Indicates that the client uses the keyboard layout present on the server.
Prerequisite:
-
Enable the Unicode Keyboard Layout Mapping feature on the Windows VDA. For more information, see Knowledge Center article CTX226335.
- Enable the Dynamic Keyboard layout sync feature on the Linux VDA. For more information, see Dynamic keyboard layout synchronization
- Keyboard layout synchronization depends on XKB lib.
- When using a Windows Server 2016 or Windows Server 2019, navigate to
HKEY_LOCAL_MACHINE\Software\Citrix\ICA\IcaIme
registry path and add a DWORD value with key nameDisableKeyboardSync
and set the value to0
. -
If
.ICAClient
is already present in the home folder of the current user:Delete the All_Regions.ini file
or
To retain the
All_Regions.ini
file, add the following lines at the end of the[Virtual Channels\Keyboard] section:KeyboardSyncMode=
KeyboardEventMode=
Configure keyboard layout
Citrix Workspace app provides both UI and configuration settings to enable the three different keyboard layout synchronization modes.
To configure keyboard layout synchronization using the graphical user interface:
-
From the Citrix Workspace app icon in the notification area icon, select Preferences.
Or,
Open the terminal, navigate to the installation path, and run the following command:
util/configmgr
The Citrix Workspace – Preferences dialog appears.
-
Click Keyboard tab.
The Keyboard layout synchronization settings page appears.
-
Select from one of the following options:
- Sync only once - when session launches - Indicates that the keyboard layout is synced to the VDA only once at the session launch.
- Allow dynamic sync - Indicates that the keyboard layout is synced dynamically to the VDA when the client keyboard is changed in a session.
- Don’t sync - Indicates that the client uses the keyboard layout present on the server.
-
Click Save and Close.
To configure keyboard layout synchronization using configuration file settings:
Modify the wfclient.ini
configuration file to enable the required keyboard layout.
Sync only once – when session launches:
With this feature enabled, when launching a session, the active keyboard layout on the client device is synchronized to VDA. Based on the KeyboardLayout
value in the wfclient.ini
file, the client keyboard layout is synchronized to the server when the session launches. If the KeyboardLayout
value is set to 0
, the system keyboard is synchronized to VDA. If the KeyboardLayout
value is set to a specific language, the language-specific keyboard is synchronized to VDA.
To select this mode, do the following:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
configuration file. -
Add the following entries:
KeyboardSyncMode=Once KeyboardEventMode=Unicode/Scancode <!--NeedCopy-->
Unicode keyboard event mode is the recommended option for the Sync only once – when session launches mode.
Allow dynamic sync:
With this feature enabled, when the keyboard layout changes on the client device during a session, the keyboard layout of the session changes correctly.
To select this mode, do the following:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
configuration file. -
Add the following entries:
KeyboardSyncMode=Dynamic KeyboardEventMode=Unicode (or KeyboardEventMode= Scancode) <!--NeedCopy-->
Unicode keyboard event mode is the recommended option for the Allow dynamic sync mode.
Don’t sync:
With this feature enabled, the VDA side keyboard layout is used, irrespective of the keyboard layout that is selected in the client device.
To select this mode, do the following:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
configuration file. -
Add the following entries:
KeyboardSyncMode=No KeyboardEventMode= Scancode (or KeyboardEventMode= Unicode) <!--NeedCopy-->
Scancode keyboard event mode is the recommended option for the Don’t sync mode. You must make sure that the client keyboard layout is the same as the VDA side keyboard layout if you configure to Unicode for Don’t Sync option.
Note:
When you set
KeyboardSyncMode=""
(empty) in thewfclient.ini
file, the mode reverts to the earlier behavior. In the earlier behavior, the keyboard layout is read from the$HOME/.ICAClient/wfclient.ini
file and sent to the VDA along with other client information when the session starts.
Keyboard Event Mode
We provide recommended keyboard event mode for the three different keyboard layout sync options.
- Scancode keyboard mode for Don’t Sync.
- Unicode keyboard for Allow dynamic sync and Sync only once - when session launches
You can change the configuration of KeyboardEventMode
in the wfclient.ini
file. However, Citrix recommends that you use the recommended keyboard event modes to better work on different use scenarios, physical keyboards, and client devices.
Keyboard layout support for Windows VDA and Linux VDA
Linux Client Keyboard Description | Linux Client Keyboard Layout | Linux Client Keyboard Variant | Syncs to | Windows Locale ID | Windows VDA Keyboard Layout (ID) | Linux VDA Keyboard Layout | Linux VDA Keyboard Variant |
---|---|---|---|---|---|---|---|
Arabic | ara |
- | → |
ar-SA |
00000401 | ara |
- |
Arabic (AZERTY) | ara |
azerty |
→ |
ar-DZ |
00020401 | ara |
azerty |
German (Austria) | at |
- | → |
de-AT |
00000407 | at |
- |
Belgian (alt. ISO) | be |
iso-alternate |
→ |
fr-BE |
0000080c |
be |
iso-alternate |
Belgian | be |
- | → |
nl-BE |
00000813 | be |
- |
Bulgarian | bg |
- | → |
bg-BG |
00030402 | bg |
- |
Bulgarian (traditional phonetic) | bg |
phonetic | → |
bg-BG |
00040402 | bg |
phonetic |
Bulgarian (new phonetic) | bg |
bas_phonetic |
→ |
bg-BG |
00020402 | bg |
bas_phonetic |
Portuguese (Brazil) | br |
- | → |
pt-BR |
00000416 | br |
- |
Belarusian | by |
- | → |
be-BY |
00000423 | by |
- |
English (Canada) | ca |
eng |
→ |
en-CA |
00000409 | ca |
eng |
Canadian Multilingual | ca |
multix |
→ |
fr-CA |
00011009 | ca |
multix |
French (Canada, legacy) | ca |
fr-legacy |
→ |
fr-CA |
00000c0c | ca |
fr-legacy |
French (Canada) | ca |
- | → |
fr-CA |
00001009 | ca |
- |
French (Switzerland) | ch |
fr |
→ |
fr-CH |
0000100c | ch |
fr |
German (Switzerland) | ch |
- | → |
de-CH |
00000807 | ch |
- |
Chinese (Simplified) | cn |
- | → |
en-US |
00000409 | us |
- |
Czech | cz |
- | → |
cs-CZ |
00000405 | cz |
- |
Czech (QWERTY) | cz |
qwerty |
→ |
cs-CZ |
00010405 | cz |
qwerty |
German | de |
- | → |
de-DE |
00000407 | de |
- |
German (Macintosh) | de |
mac |
→ |
de-DE |
00000407 | de |
mac |
Danish | dk |
- | → |
da-DK |
00000406 | dk |
- |
Estonian | ee |
- | → |
et-EE |
00000425 | ee |
- |
Spanish (Latin American) | es |
- | → |
es-ES |
0000040a | es |
- |
Spanish (Macintosh) | es |
mac |
→ |
es-ES |
0000040a | es |
mac |
Finnish | fi |
- | → |
fi-FI |
0000040b | fi |
- |
French | fr |
- | → |
fr-FR |
0000040c | fr |
- |
French (Macintosh) | fr |
mac |
→ |
fr-FR |
0000040c | fr |
mac |
English (UK) | gb |
- | → |
en-GB |
00000809 | gb |
- |
English (Macintosh) | gb |
mac | → |
en-GB |
00000809 | gb |
mac |
English (UK, extended, with Win keys) | gb |
extd |
→ |
en-GB |
00000452 | gb |
extd |
Greek | gr |
- | → |
el-GR |
00000408 | gr |
- |
Croatian | hr |
- | → |
hr-HR |
0000041a | hr |
- |
Hungarian | hu |
- | → |
hu-HU |
0000040e | hu |
- |
Irish | ie |
- | → |
en-IE |
00001809 | ie |
- |
Hebrew | il |
- | → |
he-IL |
0002040d | il |
- |
English (India, with rupee) | in |
eng |
→ |
en-IN |
00004009 | in |
eng |
Iraqi | iq |
- | → |
ar-IQ |
00000401 | iq |
- |
Icelandic | is |
- | → |
is-IS |
0000040f | is |
- |
Italian | it |
- | → |
it-IT |
00000410 | it |
- |
Japanese | jp |
- | → |
en-US |
00000409 | us |
- |
Japanese (Macintosh) | jp |
mac |
→ |
en-US |
00000409 | us |
mac |
Korean | kr |
- | → |
en-US |
00000409 | us |
- |
Spanish (Latin American) | latam |
- | → |
es-MX |
0000080a | latam |
- |
Lithuanian | lt |
- | → |
lt-LT |
00010427 | lt |
- |
Lithuanian (IBM LST 1205-92) | lt |
ibm |
→ |
lt-LT |
00000427 | lt |
ibm |
Lithuanian (Standard) | lt |
std |
→ |
lt-LT |
00020427 | lt |
std |
Latvian | lv |
- | → |
lv-LV |
00020426 | lv |
- |
Norwegian | no |
- | → |
nb-NO |
00000414 | no |
- |
Polish | pl |
- | → |
pl-PL |
00000415 | pl |
- |
Polish (QWERTZ) | pl |
qwertz |
→ |
pl-PL |
00010415 | pl |
qwertz |
Portuguese | pt |
- | → |
pt-PT |
00000816 | pt |
- |
Portuguese (Macintosh) | pt |
mac |
→ |
pt-PT |
00000816 | pt |
mac |
Romanian (standard) | ro |
std |
→ |
ro-RO |
00010418 | ro |
std |
Serbian | rs |
- | → |
sr-Cyrl-RS |
00000c1a | rs |
- |
Serbian (Latin) | rs |
latin | → |
sr-Latn-RS |
0000081a | rs |
latin |
Russian | ru |
- | → |
ru-RU |
00000419 | ru |
- |
Russian (typewriter) | ru |
typewriter |
→ |
ru-RU |
00010419 | ru |
typewriter |
Russian (Macintosh) | ru |
mac |
→ |
ru-RU |
00000419 | ru |
mac |
Swedish | se |
- | → |
sv-SE |
0000041d | se |
- |
Swedish (Macintosh) | se |
mac |
→ |
sv-SE |
0000041d | se |
mac |
Slovenian | si |
- | → |
sl-SI |
00000424 | si |
- |
Slovak | sk |
- | → |
sk-SK |
0000041b | sk |
- |
Slovak (QWERTY) | sk |
qwerty |
→ |
sk-SK |
0001041b | sk |
qwerty |
Thai | th |
- | → |
th-TH |
0000041e | th |
- |
Thai (Pattachote ) |
th |
pat |
→ |
th-TH |
0001041e | th |
pat |
Tajik | tj |
- | → |
tg-Cyrl-TJ |
00000428 | tj |
- |
Turkish | tr |
- | → |
tr-TR |
0000041f | tr |
- |
Turkish (F) | tr |
f |
→ |
tr-TR |
0001041f | tr |
f |
Chinese (Traditional) | tw |
- | → |
en-US |
00000409 | us |
- |
Ukrainian | ua |
- | → |
uk-UA |
00000422 | ua |
- |
English (US) | us |
- | → |
en-US |
00000409 | us |
- |
English (Macintosh) | us |
mac |
→ |
en-US |
00000409 | us |
mac |
English (Dvorak) | us |
dvorak |
→ |
en-US |
00010409 | us |
dvorak |
English (Dvorak, left-handed) | us |
dvorak-l |
→ |
en-US |
00030409 | us |
dvorak-l |
English (Dvorak, right-handed) | us |
dvorak-r |
→ |
en-US |
00040409 | us |
dvorak-r |
English (US, intl., with dead keys) | us |
intl |
→ |
nl-NL |
00020409 | us |
intl |
Vietnamese | vn |
- | → |
vi-VN |
0000042a | vn |
- |
VDA keyboard layout
The VDA keyboard layout feature helps you use the VDA keyboard layout regardless of the client’s keyboard layout settings. It supports the following types of keyboard: PC/XT 101, 102, 104, 105, 106.
To use the server-side keyboard layout:
-
Launch the wfclient.ini file.
-
Change the value of the
KeyboardLayout
attribute as follows:KeyboardLayout=(Server Default)
The default value for the
KeyboardLayout
attribute is (User Profile). -
Relaunch the session for the changes to take effect.
File type association
A Citrix Virtual Apps Services might also publish a file, rather than an application or desktop. This process is referred to as publishing content, and allows pnabrowse to open the published file.
There’s a limitation to the type of files that the Citrix Workspace app recognizes. Only when a published application is associated with the file type of the published file:
- The system recognizes the file type of the published content
- Users can view the file through Citrix Workspace app
For example, to view a published Adobe PDF file using Citrix Workspace app, an application such as Adobe PDF Viewer must be published. Unless a suitable application is published, users can’t view the published content.
To enable FTA on the client-side:
- Verify that the app that you want to associate is a favorite or a subscribed application.
-
To get the list of published applications and the server URL, run the commands:
./util/storebrowse -l ./util/storebrowse -S <StoreFront URL> <!--NeedCopy-->
-
Run the ./util/ctx_app_bind command with the following syntax:
./util/ctx_app_bind [-p] example_file|MIME-type published-application [server|server-URI]
for example,
./util/ctx_app_bind a.txt BVT_DB.Notepad_AWTSVDA-0001 https://awddc1.bvt.local/citrix/store/discovery
- Verify that the file that you’re trying to open is client drive mapping (CDM) enabled.
- Double-click the file to open it using the associated application.
Associating a published application with file types
Citrix Workspace app reads and applies the settings configured by administrators in Citrix Studio.
Prerequisite:
Verify that you connect to the Store server where the FTA is configured.
To link a file name extension with a Citrix Workspace app for Linux application:
- Publish the application.
- Log on to Citrix Studio.
- Right-click the application and select Properties.
- Select Location.
-
Add “%**” in the Command-line argument (optional) field to bypass the command-line validation and then click OK.
- Right-click the application and select Properties.
- Select File Type Association.
- Select all the extensions that you want Citrix Workspace app to associate with the application.
- Click Apply and Update file types.
- Follow the steps mentioned in File type association to enable FTA on the client-side.
Note:
The StoreFront file type association must be ON. By default, file type association is enabled.
Support for Citrix Analytics
Starting with version 2006, Citrix Workspace app is updated to transmit data to Citrix Analytics Service from ICA sessions that you launch from a browser.
For more information on how Citrix Analytics uses this information, see Self-Service for Performance and Self-service search for Virtual Apps and Desktops.
Citrix Workspace app for Linux is instrumented to securely transmit logs to Citrix Analytics when the app triggers certain events. The logs are analyzed and stored on Citrix Analytics servers when enabled. For more information about Citrix Analytics, see Citrix Analytics.
Transparent user interface
The Citrix ICA protocol uses the Transparent User Interface Virtual Channel [TUI VC] protocol to transmit data between Citrix Virtual Apps and Desktops or Citrix DaaS and host servers. The TUI protocol transmits user interface [UI] component messages for remote connections.
Citrix Workspace app for Linux supports the TUI VC feature. This feature helps the client to receive the TUI packets sent by the server, and the client can access the UI-related components. This functionality helps you to control the display of the default overlay screen. You can toggle the VDTUI
flag in the module.ini
file: VDTUI - On/Off
Starting with version 1912, the VDTUI flag is set to On by default. As a result, the “Starting <Application>” dialog box no longer appears when you launch an app. Instead, a “Connecting <Application>” dialog appears with a progress bar. The dialog also displays the progress of the app launch. However, if you set the flag to Off, the “Starting <Application>” dialog rendered on top of other application windows, covering the login prompt.
For more information on Virtual Channels, see Citrix ICA virtual channels in the Citrix Virtual Apps and Desktops documentation.
In this article
- Settings
- Persistent login [Technical Preview]
- Email-based auto-discovery of store
- Creating custom user-agent strings in network request
- Feature flag management
- Service continuity
- Pinning multi-monitor screen layout
- Application Categories
- App protection
- Battery status indicator
- Customer Experience Improvement Program (CEIP)
- App indicator icon
- ICA-to-X proxy
- Server-client content redirection
- Connection
- Font
- Folder
- Client-drive mapping
- Map client-printers
- Audio
- USB
- Webcams
- Xcapture
- Cursor
- Mouse
- Keyboard
- Browser content redirection
- Automatic reconnection
- Session reliability
- Multimedia performance
- Secure SaaS with Citrix Embedded Browser experimental feature
- Screen tiles
- Logging
- Optimization for Microsoft Teams
- Support for NetScaler App Experience (NSAP) virtual channel
- Multi-monitor layout persistence
- Workspace launcher
- Keyboard layout synchronization
- File type association
- Support for Citrix Analytics
- Transparent user interface