Workspace Environment Management

Web console

There is one Windows infrastructure service: Citrix WEM Public API Service (NT SERVICE\Citrix WEM Public API Service). It provides HTTPS services to support the Workspace Environment Management (WEM) web console and communicate with the WEM infrastructure service. Account: A specified domain user account that has the WEM global full access, and belongs to the administrator user group on the web console server where the web console service runs. We recommend installing the web console service on the machine where the WEM infrastructure service runs.

Install the web console services

To install the web console services, run Citrix Workspace Environment Management Web Console.exe. By default, the infrastructure services install into the following folder: C:\\Program Files (x86)\\Citrix\\Workspace Environment Management Web Console.

You can customize your installation using the following arguments:

ApiLocation: The directory to install the web console service.

You can choose a silent installation or an upgrade of the infrastructure services. For example:

  • .\Citrix Workspace Environment Management Web Console.exe /quiet ApiLocation="C:\WEM\webconsole"

  • .\setup.exe /quiet ApiLocation="path:\to\install" /log="path:\to\log"

    • setup.exe. Lets you replace it with the file name of the installer.
    • /quiet. Indicates that no user interface appears during the installation.
    • /log. Indicates logging file location.
    • ApiLocation="path:\to\install". Specifies where to install the web console service.

Web console configuration

You must configure the web console by using the following tool in the installation path. WEM Web Console Configuration.exe

Prerequisites

This release of web console is compatible with WEM 2303 deployments and later.

For deployments earlier than 2303, first, upgrade to 2303 and then configure the web console.

Configure and start the Web console

To configure and start the web console, complete the following steps.

  1. Launch the WEM Web Console Configuration.exe tool in the web console folder and click Next.

    WEM Web console Configuration.exe

  2. Configure the console port by specifying a port for the browser to connect to the console. The default port is 443.

  3. Configure the Infrastructure service by specifying the Infrastructure service information.

    • For the Infrastructure server name, type the machine name, fully qualified domain name, or IP address of the WEM infrastructure server.

    • For the Administration port, type the port on which the web console connects to the infrastructure service. The default port is 8284.

      Web console default port

  4. Configure Service impersonation when the web console service impersonates the specific account to improve security. You can create a new user or select an existing user.

    • Create a new user and add the user to the WEM global full-access administrator group.

    Service impersonation - create new account

    • Select an existing user from WEM global full-access administrator group.

    Service impersonation - select user

  5. Configure the Data folder by specifying a folder to share data-related items such as databases, and configuration files.

    Data folder

  6. Click Start service.

    Start service

  7. After the successful start of the web console service, click Configure certificate to configure the certificate. There are two methods to configure the certificate.

    • To use a certificate file, click Browse.

    Configure certificate

    • To create a self-signed certificate, click Create self-signed certificate.

    Create self-signed certificate

    • Click Set up certificate.

    Set up certificate

    • After configuring the certificate successfully, click Finish.

    Finish

    • To use a certificate from the certificate store, select the desired certificate.

      Configure certificate

    • Click Set up certificate.

      Set up certificate

    • After configuring the certificate successfully, click Finish.

    Finish

  8. To use Template based GPO, Scripted task, Backup and restore, and files, you must set up a shared storage folder.

    Note:

    To set the permissions for the shared folder, follow these guidelines:

    • Ensure that at least one user has full access to the shared folder, excluding the permissions to change permissions or take ownership.
    • Verify that the shared folder is accessible from the machine hosting the web console service.
    • If the configured user is the same user impersonated by the web console service, you can omit the credentials when configuring the shared folder in the web console. Otherwise, credentials must be specified. Using the impersonated user is the recommended approach.

    To enhance security and minimize access, limit the number of accounts with permissions to the shared folder as much as possible.

    Go to the web console, click your account name in the top-right corner, click Storage folder, and configure the shared SMB path.

Web console