Product Documentation

XenApp and XenDesktop Service


XenApp and XenDesktop provides virtualization solutions that give IT control of virtual machines, applications, and security while providing anywhere access for any device. End users can use applications and desktops independently of the device’s operating system and interface.

Using the XenApp and XenDesktop Service, you can deliver secure virtual apps and desktops to any device, and leave most of the product installation, setup, configuration, upgrades, and monitoring to Citrix. You maintain complete control over applications, policies, and users while delivering the best user experience on any device, under any network condition.

You connect to the service through Citrix Cloud Connector, which serves as a channel for communication between Citrix Cloud and your resource locations. Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels. Resource locations contain the machines and other resources that deliver applications and desktops to your subscribers.

Who manages what

The following graphic shows all the core components in a service deployment in Citrix Cloud.

Cloud components image


As shown in the graphic, Citrix manages the core components in Citrix Cloud. Citrix also takes care of installing and upgrading those components. (This differs from an on-premises customer-managed XenApp and XenDesktop deployment, where you are responsible for installing, managing, and upgrading the core components.)

Your applications and desktops reside in one or more resource locations. You install and manage most components in each resource location. The exceptions are the Citrix Cloud Connectors. You install the Cloud Connectors; Citrix manages them.

The following graphic shows a layer view of the XenApp and XenDesktop Service components.

Layers image

Layer view of components

Citrix Receiver is installed on user devices and other endpoints, such as virtual desktops. Citrix Receiver provides users with secure, self-service access to documents, applications, and desktops from any device, including smartphones, tablets, and PCs. Citrix Receiver provides on-demand access to Windows, web, and Software as a Service (SaaS) applications. For devices that cannot install Citrix Receiver software, Citrix Receiver for HTML5 provides a connection through a HTML5-compatible web browser.

Citrix Cloud components

Citrix installs and manages the following components in Citrix Cloud.

Delivery Controller

The Delivery Controller is the central control layer component in a deployment. The Controller’s services communicate through the Cloud Connectors in each resource location to:

  • Distribute applications and desktops.
  • Authenticate and manage user access.
  • Broker connections between users and their virtual desktops and applications.
  • Optimize use connections, and load-balance these connections.
  • Track which users are logged on and where, which session resources the users have, and if users need to reconnect to existing applications. This includes managing the state of desktops, starting and stopping them based on demand and administrative configuration.

Data from the Controller services is stored in a Microsoft SQL Server site database. A XenApp and XenDesktop deployment also uses a Configuration Logging database, plus a monitoring database used by Director.

When the Citrix Cloud is hosted on Microsoft Azure, SQL Server on Azure VMs (IaaS) is supported. Azure SQL (PaaS) Database is not supported.

Citrix license management

License management functionality communicates with the Controller to manage licensing for each user’s session and allocate license files. The customer administrator does not need to configure or manage anything with licensing. All of that work is done automatically in Citrix Cloud.

Citrix Studio

Studio is the management console you use to configure and manage connections, machine catalogs, and Delivery Groups. Studio launches when you select Manage in the Citrix Cloud console.

Citrix Director

Director enables IT support and help desk teams to monitor an environment, troubleshoot issues before they become system-critical, and perform support tasks for end users. Displays include:

  • Real-time session data from the Broker Service in the Controller, which includes data from the broker agent in the VDA.
  • Historical data from the Monitor Service in the Controller.
  • Data about HDX traffic (also known as ICA traffic).

Director provides the data when you select Monitor in the Citrix Cloud console.

Citrix StoreFront

In the access layer, StoreFront authenticates users to deployments hosting resources, and manages stores of desktops and applications that users access. It can host the enterprise application store, which gives users self-service access to desktops and applications that are available to them. It also keeps track of users’ application subscriptions, shortcut names, and other data to ensure users have a consistent experience across multiple devices.

Although Citrix installs and manages StoreFront servers in Citrix Cloud, you can also optionally install StoreFront servers in resource locations.

NetScaler Gateway

When users connect from outside the corporate firewall, XenApp and XenDesktop can use Citrix NetScaler Gateway technology to secure these connections with TLS. The NetScaler Gateway or NetScaler VPX virtual appliance is an SSL VPN appliance deployed in the DMZ. It provides a single secure point of access through the corporate firewall.

Although Citrix installs and manages NetScaler Gateway in Citrix Cloud, you can also optionally install NetScaler Gateway in resource locations.

Components in resource locations

A resource location contains resources required to deliver services to your subscribers (users). You manage these resources from Citrix Cloud. Resource locations contain different resources depending on which Citrix Cloud services you’re using and the services you want to provide to your users.

To interact with Citrix Cloud, each resource location needs Cloud Connectors and access to a Microsoft Active Directory domain.

In a XenApp and XenDesktop Service deployment, a resource location contains items from the access layer and resource layer:

  • Cloud Connectors
  • Active Directory domain controller
  • Virtual Delivery Agents (VDAs)
  • Hypervisors that provision VDAs and store their data, if used
  • Citrix NetScaler Gateway (optional)
  • StoreFront servers (optional)

Cloud Connector

Every resource location contains at least one Cloud Connector (two or more are recommended for redundancy). A Cloud Connector is the communications channel between the components in the Citrix Cloud and components in the resource location. In the resource location, the Cloud Connector acts as a proxy for the Delivery Controller in Citrix Cloud.

You install Cloud Connectors from the Citrix Cloud console. Citrix then manages and updates the Cloud Connectors automatically.

Virtual Delivery Agents (VDAs)

Each physical or virtual machine that delivers applications and desktops must have a VDA. The VDA registers with a Cloud Connector. After registration, connections are brokered from those resources to users. VDAs establish and manage the connection between the machine and the user device, and apply policies that are configured for the session.

The VDA communicates session information to the Cloud Connector through a broker agent in the VDA. The broker agent hosts multiple plugins and collects real-time data.

VDAs are available for Windows server and desktop operating systems. VDAs for Windows server operating systems allow multiple users to connect to the server at one time. VDAs for Windows desktop operating systems allow only one user to connect to the desktop at a time. Linux VDAs are also available.

Throughout this documentation, “VDA” refers to the agent and the machine on which it is installed.

Hypervisors and cloud services

A hypervisor or cloud service contains the VDAs that host applications and desktops.

To provision virtual machines that deliver applications and desktops, you can use:

  • Machine Creation Services: The MCS technology is built into Studio and is accessed automatically through the Citrix Cloud Console. MCS creates copies of a master image to create and provision VMs.
  • Provisioning Services: The PVS technology streams a master image to user devices. PVS doesn’t require a hypervisor, so you can provision physical machines.
  • Another provisioning tool of your choice.

Although many deployments use hypervisors, you don’t need one if:

  • Your applications and desktops are hosted on physical machines.
  • You use Provisioning Services to provision VMs.
  • You want to deploy Remote PC Access, which enables employees to remotely access their physical PCs.

Active Directory

Although not a product component, Microsoft Active Directory is required for authentication and authorization in any deployment. The Kerberos infrastructure in Active Directory is used to guarantee the authenticity and confidentiality of communications with Citrix Cloud.

Items that help deliver desktops and applications

As part of delivering applications and desktops to users, you configure the following items.

Host connection

A host connection enables communication between components in the control plane and VDAs in a hypervisor or cloud service. Connection specifications include:

  • The address and credentials to access the host
  • Which tool you use to create VMs
  • The storage method to use, and the machines to use for storage
  • Which network the VMs will use

Machine catalog

A machine catalog is a collection of virtual or physical machines that have the same operating system type: server or desktop.

If you use VMs, you can create a master image (also known as template) on the hypervisor or cloud service, and install a VDA on the master image. You can also install applications on the master image, if you want them to appear on all machines created from that image and don’t want to virtualize them. Then, you create a catalog using a Citrix tool (MCS or PVS) or your own tools. With MCS and PVS, the catalog creation process provisions identical VMs from that image.

If you use your own tools to provision VMs, or if you use physical machines, the catalog creation process adds those machines to the catalog.

Delivery Group

A Delivery Group specifies:

  • One or more machines from a machine catalog.
  • Optionally, users who are allowed to access those machines.(Alternatively, you can specify users through the Citrix Cloud console.)
  • Optionally, which applications and desktops users can access. (Alternatively, you can specify applications through the Citrix Cloud console.)

Delivering applications and desktops

Delivery methods describes the choices available to deliver applications and desktops to users.

Service Level Agreement

The XenApp and XenDesktop Service (the Service) is designed using industry best practices to achieve cloud scale and a high degree of service availability.

For complete details about Citrix’s commitment for availability of Citrix Cloud services, see the Service Level Agreement.

More information


Get started

To learn how to set up your deployment, see Install and configure. That summary guides you through the major steps in the process, and provides links to detailed descriptions.