Product Documentation

Remote PC Access

Jun 20, 2013

Remote PC Access allows an end user to log on remotely to the physical Windows PC in his or her office from virtually anywhere. The Citrix XenDesktop Virtual Delivery Agent (VDA) on the office PC enables it to register with the Delivery Controller and manages the HDX connection between the machine and end user client devices. The Citrix Receiver running on the client device provides access to all of the applications and data on the office PC.

A user may have multiple desktops, including more than one physical PC or a combination of physical PCs and virtual desktops.

Planning a remote PC deployment

Remote PC Access supports a self-service model for employee remote access to office PCs. After you set up the whitelist of machines that users are permitted to access, the users can join their office PCs to a XenDesktop site themselves, without administrator intervention. Once joined, users can access their office PCs remotely, from any device running Citrix Receiver.

Consider the following when planning your remote PC deployment:
  • The following XenDesktop 7 features are not applicable to remote PC deployments:
    • managing hosts
    • creating master images and virtual machines
    • power managing machines (shut down and restart)
    • delivering hosted applications
    • Personal vDisks
    • client folder redirection
  • Active Directory (AD) considerations:
    • Much of the configuration of a remote PC deployment is done through AD. Before configuring the remote PC deployment site, set up your AD Organizational Units (OUs) and security groups and then create AD user accounts. Use these accounts to specify users for the Delivery Groups you will use to provide Remote PC Access.
    • If you modify AD after a machine has been added to a machine catalog, remote PC automatic administration does not reevaluate that assignment. You can manually reassign a machine to a different catalog, if needed.
    • If you move or delete Organizational Unit (OU) entries in AD, the OU entries used for remote PC access can become out of date. Virtual Delivery Agents (VDAs) might no longer be associated with the most appropriate machine catalog or Delivery Group, or with any machine catalog or Delivery Group.
  • Machine catalog and Delivery Group considerations:
    • A machine can only be assigned to one machine catalog and one Delivery Group at a time.
    • You can keep all machines in a single remote PC machine catalog, or separate them into multiple machine catalogs.
    • When choosing Machine Accounts for a machine catalog, select the lowest applicable Organizational Unit (OU) to avoid potential conflicts with machines in another machine catalog. For example, in the case of Bank/officers/tellers, select tellers.
    • You can allocate all machines from one remote PC machine catalog through a single Delivery Group, or via multiple Delivery Groups.
    • If you have one group of users who require certain policy settings and another group of users who require different settings, assigning the users to different Delivery Groups enables you to filter the HDX policies according to each Delivery Group.
    • If your IT infrastructure assigns responsibility for servicing users based on geographic location, department, or some other category, you can group machines and users accordingly to allow for delegated administration. Ensure that each administrator has permissions for both the relevant machine catalogs and the corresponding Delivery Groups.
    • If some of your users have office PCs running Windows 7 or Windows 8 and want to use the latest XenDesktop functionality, but other users have office PCs running Windows XP and therefore cannot, create a separate machine catalog and Delivery Group for the Windows XP systems. When choosing machine accounts for that catalog, select the checkbox Some of the machine are running Windows XP.
  • Deployment considerations:
    • You can set up a remote PC deployment and then add traditional Virtual Desktop Infrastructure (VDI) desktops or applications later. You can also add remote PC desktops to an existing VDI deployment.
    • When installing the VDA, consider whether to enable Windows Remote Assistance (by specifying /enable_remote_assistance). This option allows help desk teams using Director to view and interact with a user's sessions via Remote Assistance.
    • Consider how you will deploy the VDA to each office PC. Citrix recommends using electronic software distribution such as Active Directory (AD) scripts, Microsoft System Center Configuration Manager (SCCM), etc. The installation media contains sample AD scripts.
    • Each office PC must be domain-joined with a wired network connection.
    • Windows 7 Aero is not a requirement on the office PC, but is supported.
    • Remote PC Access can be used on most laptop computers. To improve accessibility and deliver the best connection experience, the laptop power saving options should be configured to those of desktop PC. For example:
      • Disable the Hibernate feature.
      • Disable the Sleep feature.
      • Set the close lid action to Do Nothing.
      • Set the press the power button action to Shut Down.
      • Disable video card energy saving features.
      • Disable network interface card energy saving features.
      • Disable battery saving technologies.

      Not supported for Remote PC Access devices:

      • Docking and undocking the laptop.
      • KVM switches or other components that can disconnect a session.
      • Hybrid PCs (including All-in-One and NVIDIA Optimus laptops and PCs).
    • Install Citrix Receiver on each client device that remotely accesses the office PC. Receiver is available for a wide range of client devices including desktops, laptops, tablets, and smartphones.
    • Multiple users with remote access to the same office PC see the same icon in Receiver. When any user remotely logs on to the PC, that resource is marked unavailable to other users.
  • Smart card considerations:
    • Smart cards are supported only for remote access to physical office PCs running Windows 7 or Windows 8; smart cards are not supported for office PCs running Windows XP.
    • The following smart cards were tested with remote PC access:
      • Gemalto .Net 2.0 with the Gemalto .Net mini driver
      • Gemalto IDPrime .NET 510 with Gemalto .Net mini driver
      • Gemalto PIV cards with ActivIdentity ActivClient 6.2

    For more information about smart cards with this release, see Authenticate securely with smart cards

  • Licensing considerations:
    • Remote PC Access sessions consume licenses in the same way as other XenDesktop sessions.

Best practices for users to ensure safe connecting and disconnecting

Keyboard and mouse devices should be attached directly to the PC or laptop, not to the monitor or other components that can be powered down while users may be connecting remotely. This setup ensures that users can log on to their physical PCs and have the input devices in functional state. If input devices are attached to a component like a monitor that can be powered down, users may have issues logging on to their workstation after a Remote PC Access session.

  • If input devices are attached to components like monitors, then users should not power down such components.
  • If a session is unintentionally disconnected, users can reconnect, which should restore the session.