StoreFront

Manage the resources made available in stores

Use the Manage delivery controllers screen to add, modify, and delete resource feeds provided by Citrix Virtual Apps and Desktops, Citrix Desktops as a Service, and Secure Private Access.

View resource feeds

  1. From within the Citrix StoreFront management console, in the left pane select the Stores node.
  2. Select a store in the results pane
  3. In the Actions pane, lick Manage delivery controllers .

Add resource feeds

Add resource feeds for Citrix Virtual Apps and Desktops

In the Manage delivery controllers screen, click Add.

  1. Enter a Display name that helps you to identify the feed.
  2. Select the Type as Citrix Virtual Apps and Desktops.
  3. Under Servers click Add and enter the name of the delivery controller. Repeat for each delivery controller. Citrix recommends that you have at least two servers for load balancing or failover.
  4. Citrix recommends that you select the option Servers are load balanced. This causes StoreFront to distribute the load between all delivery controllers or connectors by selecting a server from the list at random during each launch. If this option is not selected, then the servers list is treated as a failover list in priority order. In this case 100% of launches occur on the first active Delivery Controller or connector in the list. If that server goes offline, 100% of launches occur using the second in the list, and so on.
  5. From the Transport type list, select the type of connections for StoreFront to use for communications with the servers.

    • To send data over unencrypted connections, select HTTP. If you select this option, you must make your own arrangements to secure connections between StoreFront and your servers.
    • To send data over secure HTTP connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), select HTTPS. If you select this option for Citrix Virtual Apps and Desktops servers, ensure that the Citrix XML Service is set to share its port with Microsoft Internet Information Services (IIS) and that IIS is configured to support HTTPS.

    Note:

    If you’re using HTTPS to secure connections between StoreFront and your servers, ensure that the names you specify in the servers list match exactly (including the case) the names on the certificates for those servers.

Screenshot of Add delivery controller window

  1. Specify the port for StoreFront to use for connections to the servers. The default port is 80 for HTTP connections and 443 for HTTPS connections. The specified port must be the port used by the Citrix XML Service.

Add resource feeds for Citrix Desktops as a Service

In the Manage delivery controllers screen, click Add.

  1. Enter a Display name that helps you to identify the feed.
  2. Select the Type as Citrix Virtual Apps and Desktops.
  3. Under Servers click Add and enter the name of a cloud connector. Repeat for each server or connector. Citrix recommends that you have at least two connectors for redundancy. If you have multiple resource locations, Citrix recommends that you add the cloud connectors from all resource locations so that in the event of an outage StoreFront can use the local host cache to launch VDAs at the appropriate location.
  4. If you have connectors from multiple locations, Citrix recommends that you put the connectors with the lowest latency to the StoreFront server at the top of the list and clear the option Servers are load balanced. As the connectors are only proxying information to DaaS delivery controllers, there is limited benefit from using load balancing.
  5. From the Transport type list, select the type of connections for StoreFront to use for communications with the servers.

    • To send data over unencrypted connections, select HTTP. If you select this option, you must make your own arrangements to secure connections between StoreFront and your servers.
    • To send data over secure HTTP connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), select HTTPS. If you select this option for Citrix Virtual Apps and Desktops servers, ensure that the Citrix XML Service is set to share its port with Microsoft Internet Information Services (IIS) and that IIS is configured to support HTTPS.

    Note:

    If you’re using HTTPS to secure connections between StoreFront and your servers, ensure that the names you specify in the servers list match exactly (including the case) the names on the certificates for those servers.

  6. Specify the port for StoreFront to use for connections to the servers. The default port is 80 for HTTP connections and 443 for HTTPS connections.

Screenshot of Add delivery controller window

Add resource feeds for XenApp 6.5

  1. Enter a Display name that helps you to identify the feed.
  2. Select the Type as Secure Private Access.
  3. Enter the Secure Private Access server name.
  4. From the Transport type list, select the type of connections for StoreFront to use for communications with the servers.
    • To send data over unencrypted connections, select HTTP. If you select this option, you must make your own arrangements to secure connections between StoreFront and your servers.
    • To send data over secure HTTP connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), select HTTPS.
    • To send data over secure connections to Citrix Virtual Apps servers using the SSL Relay to perform host authentication and data encryption, select SSL Relay. You must also enter an SSL relay port
  5. Specify the port for StoreFront to use for connections to the servers. The default port is 80 for HTTP or SSL relay connections and 443 for HTTPS connections.

Screenshot of Add delivery controller window

Modify a resource feed

In the Manage delivery controllers screen, select a resource feed and click Edit.

Delete a resource feed

In the Manage delivery controllers screen, select a resource feed and click Remove.

Configure server bypass behavior

To improve performance when some of the servers providing resources become unavailable, StoreFront temporarily bypasses servers that fail to respond. While a server is being bypassed, StoreFront ignores that server and does not use it to access resources. Use these parameters to specify the duration of the bypass behavior:

  • All failed bypass duration specifies a reduced duration in minutes that StoreFront uses instead of Bypass duration if all servers for a particular Delivery Controller are being bypassed. The default is 0 minutes.
  • Bypass duration specifies the time in minutes that StoreFront bypasses an individual server after a failed attempt to contact that server. The default bypass duration is 60 minutes.

Considerations when specifying All failed bypass duration

Setting a larger All failed bypass duration reduces the impact of unavailability of a particular Delivery Controller, however it has the negative affect that resources from this Delivery Controller are unavailable to users for the specified duration after a temporary network outage or server unavailability. Consider the use of larger All failed bypass durationvalues when many Delivery Controllers have been configured for a store, particularly for nonbusiness-critical Delivery Controllers.

Setting a smaller All failed bypass duration increases the availability of resources served by that Delivery Controller but increases the possibility of client-side timeouts if many Delivery Controllers are configured for a store and several of them become unavailable. It is worth keeping the default 0-minute value when not many farms are configured and for business-critical Delivery Controllers.

To change the bypass parameters

  1. From within the Citrix StoreFront management console, in the left pane select the Stores node.
  2. Select a store in the results pane.
  3. In the Actions pane, click Manage Delivery Controllers.
  4. Select a controller, click Edit, and then click Settings on the Edit Delivery Controller screen.
  5. Under Advanced Settings click Settings.
  6. In the Configure Advanced Settings dialog:
    1. On the All failed bypass duration row, click in the second column and enter a time, in minutes, for which a Delivery Controller is considered offline after all its servers fail to respond.
    2. On the Bypass duration row, click in the second column and enter a time, in minutes, for which a single server is considered offline after it fails to respond.

Multi-Site Aggregation

For stores that aggregate resources from multiple deployments, particularly geographically dispersed deployments, you can configure load balancing and failover between deployments, mapping of users to deployments, and specific disaster recovery deployments to provide highly available resources. Where you have configured separate Citrix Gateway appliances for your deployments, you can define the optimal appliance for users to access each of the deployments.

Resource aggregation

By default, StoreFront enumerates all the deployments providing desktops and applications for a store and treats all those resources as distinct. This means that if the same resource is available from several deployments, users see an icon for each resource, which might be confusing if the resources have the same name. When you set up highly available multi-site configurations, you can group Citrix Virtual Apps and Desktops deployments that deliver the same desktop or application so that identical resources can be aggregated for users. Grouped deployments do not need to be identical, but resources must have the same name and path on each server to be aggregated.

When a desktop or application is available from multiple Citrix Virtual Apps and Desktops deployments configured for a particular store, StoreFront aggregates all instances of that resource and presents users with a single icon. App Controller applications cannot be aggregated. When a user starts an aggregated resource, StoreFront determines the most appropriate instance of that resource for the user on the basis of server availability, whether the user already has an active session, and the ordering you specified in your configuration.

StoreFront dynamically monitors servers that fail to respond to requests on the basis that such servers are either overloaded or temporarily unavailable. Users are directed to resource instances on other servers until communications are re-established. Where supported by the servers providing the resources, StoreFront attempts to reuse existing sessions to deliver additional resources. If a user already has an active session on a deployment that also provides the requested resource, StoreFront reuses the session if it is compatible with that resource. Minimizing the number of sessions for each user reduces the time taken to start additional desktops or applications and can allow for more efficient use of product licenses.

After checking for availability and existing user sessions, StoreFront uses the ordering specified in your configuration to determine the deployment to which the user is connected. If multiple equivalent deployments are available to the user, you can specify that users are connected either to the first available deployment or randomly to any deployment in the list. Connecting users to the first available deployment enables you to minimize the number of deployments in use for the current number of users. Randomly connecting users provides a more even distribution of users across all the available deployments.

You can override the specified deployment ordering for individual Citrix Virtual Apps and Desktops resources to define preferred deployments to which users are connected when they access a particular desktop or application. This enables you to, for example, specify that users are preferentially connected to a deployment specifically adapted to deliver a particular desktop or application, but use other deployments for other resources. To do this, append the string KEYWORDS:Primary to the description of the desktop or application on the preferred deployment and KEYWORDS:Secondary to the resource on other deployments. Where possible, users are connected to the deployment providing the primary resource, regardless of the deployment ordering specified in your configuration. Users are connected to deployments providing secondary resources when the preferred deployment is unavailable.

Map users to resources

By default, users accessing a store see an aggregate of all the resources available from all the deployments configured for that store. To provide different resources for different users, you can configure separate stores or even separate StoreFront deployments. However, when you set up highly available multi-site configurations, you can provide access to particular deployments on the basis of users’ membership of Microsoft Active Directory groups. This enables you to configure different experiences for different user groups through a single store.

For example, you can group common resources for all users on one deployment and finance applications for the Accounts department on another deployment. In such a configuration, a user who is not a member of the Accounts user group sees only the common resources when accessing the store. A member of the Accounts user group is presented with both the common resources and the finance applications.

Alternatively, you can create a deployment for power users that provides the same resources as your other deployments, but with faster and more powerful hardware. This enables you to provide an enhanced experience for business-critical users, such as your executive team. All users see the same desktops and applications when they log on to the store, but members of the Executives user group are preferentially connected to resources provided by the power user deployment.

Configure user mapping and aggregation

The StoreFront management console enables you to:

  • Map users to deployments: Based on Active Directory group membership, you can limit which users have access to particular deployments.
  • Aggregate deployments: You can specify which deployments have resources that you want to aggregate. Matching resources from aggregated deployments are presented to the user as a single highly-available resource.
  • Associate a zone with a deployment: When accessed with Citrix Gateway in a global load-balancing configuration, StoreFront prioritizes deployments from zones matching the gateway zone when launching resources.
  1. On the Manage Delivery Controllers screen, under User Mapping and Multi-Site Aggregation Configuration click Configure. This option is only available if two or more resource feeds are configured.
  2. Click Map users to controllers and make selections on the screens to specify which Delivery Controllers are available to which users.
  3. Click Aggregate resources to aggregate resources from multiple deployments. When Delivery Controllers are aggregated, applications and desktops from Delivery Controllers with the same display name and path are presented as a single application or desktop in Citrix Workspace app.

    1. To aggregate Delivery Controllers, select multiple controllers and click Aggregate.
    2. Select Aggregated Controller Settings options:

      Controllers publish identical resources - When selected, StoreFront enumerates resources from only one of the controllers in the aggregated set. When not selected, StoreFront enumerates resources from all controllers in the aggregated set (to accumulate the user’s entire set of available resources). Selecting this option gives a performance improvement when enumerating resources, but we do not recommend it unless you are certain that the list of resources is identical across all aggregated deployments.

      Load balance resources across controllers - When selected, launches are distributed evenly among the available controllers. When not selected, launches are directed to the first controller specified in the user mapping dialog screen, failing over to subsequent controllers if the launch fails.

  4. In the User Mapping and Multi-Site Aggregation Configuration dialog, click OK.

  5. In the Manage Delivery Controllers dialog, click OK.

Advanced configurations

You can configure many common multi-site and high availability operations with the StoreFront management console. You can also configure StoreFront using PowerShell or by editing the StoreFront configuration files, which provides the following extra functionality:

  • Ability to specify multiple groupings of deployments for aggregation.
    • The management console allows only a single grouping of deployments, which is sufficient for most cases.
    • For stores with many deployments with disjointed sets of resources, multiple groupings might give performance improvements.
  • Ability to specify complex preference orders for aggregated deployments. The management console allows aggregated deployments to be load balanced or to be used as a single failover list.
  • Ability to define disaster recovery deployments (deployments accessed only when all other deployments are unavailable).

Warning:

After configuring advanced multi-site options by manually editing the configuration file, some tasks become unavailable in the Citrix StoreFront management console to prevent misconfiguration.

  1. Ensure that you have configured the store with details of all the Citrix Virtual Apps and Desktops deployments that you want to use in your configuration.

  2. Use a text editor to open the web.config file for the store, which is typically located in the directory C:\inetpub\wwwroot\Citrix\storename\, where storename is the name specified for the store when it was created.

  3. Locate the following section in the file.

    <resourcesWingConfigurations>
    <resourcesWingConfiguration name="Default" wingName="Default" />
    </resourcesWingConfigurations>
    <!--NeedCopy-->
    
  4. Specify your configuration as shown below.

    <resourcesWingConfigurations>
    <resourcesWingConfiguration name="Default" wingName="Default">
    <userFarmMappings>
    <clear />
    <userFarmMapping name="user_mapping">
    <groups>
    <group name="domain\usergroup" sid="securityidentifier" />
    <group ... />
    ...
    </groups>
    <equivalentFarmSets>
    <equivalentFarmSet name="setname" loadBalanceMode="{LoadBalanced | Failover}"
    aggregationGroup="aggregationgroupname">
    <primaryFarmRefs>
    <farm name="primaryfarmname" />
    <farm ... />
    ...
    </primaryFarmRefs>
    <backupFarmRefs>
    <farm name="backupfarmname" />
    <farm ... />
    ...
    </backupFarmRefs>
    </equivalentFarmSet>
    <equivalentFarmSet ... >
    ...
    </equivalentFarmSet>
    </equivalentFarmSets>
    </userFarmMapping>
    <userFarmMapping>
    ...
    </userFarmMapping>
    </userFarmMappings>
    </resourcesWingConfiguration>
    </resourcesWingConfigurations>
    <!--NeedCopy-->
    

Use the following elements to define your configuration.

  • userFarmMapping—Specifies groups of deployments and defines the load balancing and failover behavior between those deployments. Identifies deployments to be used for disaster recovery. Controls user access to resources by mapping Microsoft Active Directory user groups to the specified groups of deployments.

  • groups—Specifies the names and security identifiers (SIDs) of Active Directory user groups to which the associated mapping applies. User group names must be entered in the format domain\usergroup. Where more than one group is listed, the mapping is only applied to users who are members of all the specified groups. To enable access for all Active Directory user accounts, set the group name & sid to everyone.

  • equivalentFarmSet—Specifies a group of equivalent deployments providing resources to be aggregated for load balancing or failover, plus an optional associated group of disaster recovery deployments.

    The loadBalanceMode attribute determines the allocation of users to deployments. Set the value of the loadBalanceMode attribute to LoadBalanced to randomly assign users to deployments in the equivalent deployment set, evenly distributing users across all the available deployments. When the value of the loadBalanceMode attribute is set to Failover, users are connected to the first available deployment in the order in which they are listed in the configuration, minimizing the number of deployments in use at any given time. Specify names for aggregation groups to identify equivalent deployment sets providing resources to be aggregated. Resources provided by equivalent deployment sets belonging to the same aggregation group are aggregated. To specify that the deployments defined in a particular equivalent deployment set should not be aggregated with others, set the aggregation group name to the empty string ”“.

    The identical attribute accepts the values true and false, and specifies whether all deployments within an equivalent deployment set provide exactly the same set of resources. When the deployments are identical, StoreFront enumerates the user’s resources from just one primary deployment in the set. When the deployments provide overlapping but not identical resources, StoreFront enumerates from each deployment to obtain the full set of resources available to a user. Load balancing (at launch time) can take place whether or not the deployments are identical. The default value for the identical attribute is false, although it is set to true when StoreFront is upgraded to avoid altering the pre-existing behavior following an upgrade.

  • primaryFarmRefs—Specifies a set of equivalent Citrix Virtual Apps and Desktops sites where some or all of the resources match. Enter the names of deployments that you have already added to the store. The names of the deployments you specify must match exactly the names you entered when you added the deployments to the store.

  • optimalGatewayForFarms—Specifies groups of deployments and defines the optimal Citrix Gateway appliances for users to access resources provided by these deployments. Typically, the optimal appliance for a deployment is colocated in the same geographical location as that deployment. You only need to define optimal Citrix Gateway appliances for deployments where the appliance through which users access StoreFront is not the optimal appliance.

Manage the resources made available in stores