Service continuity for connectorless workloads

Non-disclosure Agreement

The information in this document is the information of Cloud Software Group, Inc. and/or its affiliates. Use, duplication, transmission, or republication for any purpose without the prior written consent of Cloud Software Group, Inc. is expressly prohibited.

This document (including, without limitation, any product roadmap or statement of direction data) illustrates the planned testing, release, and availability dates for Cloud Software Group, Inc. products and services.

This document is provided for informational purposes only and its contents are subject to change without notice. Cloud Software Group, Inc. makes no warranties, express or implied, in or relating to this document or any information in it, including, without limitation, that this document or any information in it, is error-free or meets any conditions of merchantability or fitness for a particular purpose.

The material provided is for informational purposes only and should not be relied on in making a purchasing decision. The information is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remain at our sole discretion.

Important:

The Early Adopter Release (EAR) documentation is available for information purposes only. It isn’t a commitment, promise, or legal obligation to deliver any material, code, or functionality and must not be relied upon in making Citrix product purchase decisions. The development, release, and timing of any features or functionality described in the EAR documentation remain at our sole discretion and are subject to change without notice or consultation. Citrix does not accept support cases for EAR but welcomes feedback for improving them. Citrix might act on feedback based on its severity, criticality, and importance.

Features in Technical Preview

Features in Technical Preview are available to use in non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for features in technical preview but welcomes feedback for improving them. Citrix might act on feedback based on its severity, criticality, and importance.

It isn’t a commitment, promise, or legal obligation to deliver any material, code, or functionality and must not be relied upon in making Citrix product purchase decisions. The development, release, and timing of any features or functionality remain at our sole discretion and are subject to change without notice or consultation.

Overview

Service Continuity enables end users to maintain access to business-critical workloads during service disruptions. With this new feature, Service Continuity now supports dedicated VDI workloads in connectorless resource locations. This includes AD joined, Microsoft Entra ID joined, and Windows 365 workloads.

How it works

Service Continuity for connectorless workloads uses the connection leasing technology to provide end-user access to applications and desktops during a service disruption. To learn more about Service Continuity and connection leasing, see the Service Continuity e-docs and tech zone article.

Service Continuity for connectorless workloads extends the capabilities of Service Continuity by enabling the resiliency feature for resource locations without Citrix Cloud Connectors. Service Continuity for connectorless workloads is supported for persistent dedicated desktop workloads. When a user signs into Citrix Workspace for Windows 2309 or later, connection lease files that support connectorless workloads are generated and distributed to the device.

Connection lease files contain information about the resources available to the end user. These connection lease files can be used to enumerate resources on an end-user’s device if there are issues with normal enumeration and are also used to launch the resources when a user selects an app or desktop. More information regarding connection lease file generation can be found in Appendix A - Workspace Connection Lease File Generation.

Service Continuity for connectorless workloads differs from Service Continuity in that the brokering of the session is done through the Virtual Delivery Agent (VDA) rather than Cloud Connectors. The VDA communicates with the Citrix Cloud back end services to broker the session for the user through either a direct connection or the Gateway Service, depending on the settings configured for that resource location. More information regarding how resource location network connectivity can be configured for Service Continuity can be found in Configure resource location network connectivity for service continuity.

Users are prompted to sign in to the VDA after a successful launch using Service Continuity. More information regarding Service Continuity launches can be found in Appendix B - Service Continuity Launch With Gateway Service and Appendix C - Service Continuity Launch Without Gateway Service.

Requirements and Limitations

Site Requirements

• DaaS environment with a connectorless resource location
• Citrix Workspace service and Gateway Service
• Service Continuity enabled

User Device Requirements

• Citrix Workspace app for Windows 2309 or later

Supported workspace authentication methods

• Active Directory
• Active Directory plus token
• Azure Active Directory
• Okta
• Citrix Gateway (primary user claim must be from AD)
• SAML 2.0

Note:

These authentication methods are supported for signing into Citrix Workspace. Users must sign in to the VDA using a Microsoft Entra ID user name and password.

Workspace app network connectivity

If you configure connection to your resource location from outside your LAN, the Workspace app on user devices must be able to reach the Citrix Gateway Service FQDN, https://*.g.nssvc.net. Ensure that your firewall is configured to allow outgoing traffic to https://global-s.g.nssvc.net:433, so that user devices can connect to the Citrix Gateway Service always.

Requirements and limitations

• VDA 2402 LTSR
• VDAs might be Microsoft Entra ID joined or AD joined. Hybrid joined machines aren’t supported

• VDA workloads supported during outages:

  • Static persistent desktops
• Rendezvous V2
• Signing in with Windows Hello in the virtual desktop is not supported. Only user name and password are currently supported. If users try to sign in with any Windows Hello method, they receive an error stating that they are not the brokered user, and the session is disconnected. Associated methods include PIN, FIDO2 key, MFA, and so on.

Configure Service Continuity for connectorless workloads

Service Continuity for connectorless workloads must be configured per resource location.

1. Install VDA 2402 for Microsoft Entra ID joined VDAs.

   1. Enable the CLXMTP service on the VDAs by setting the following registry key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ClxMtpService]
    "ClxMtpSvcEnabled"=dword:00000001
    "ClxMtpTimeoutInMilliSeconds"=dword:00035000
    "ClxMtpFsmLogLevel"=dword:00000003
        
    <!--NeedCopy-->
   

   1. Note:

      For MCS provisioned VDAs, consider setting these registry keys on the master image

2. Create a Microsoft Entra ID joined catalog.

3. Create a Delivery Group.

   • Only dedicated desktops are supported. Assign the desktop to a user.
4. Enable Service Continuity.
5. Enable Service Continuity for connectorless workloads on the connectorless resource location by running the following PowerShell.

   powershell
   Set-ConfigZone -Name <zoneName> -EnableVdaConnectivityForResourceLeases $true
   <!--NeedCopy-->