Product Documentation

Install and set up

Sep 12, 2014

To install and configure StoreFront, complete the following steps in order.

  1. If you plan to use StoreFront to deliver XenDesktop, XenApp, or VDI-in-a-Box resources to users, ensure that the StoreFront server is joined to either the Microsoft Active Directory domain containing your users' accounts or a domain that has a trust relationship with the user accounts domain.

    Note: StoreFront cannot be installed on a domain controller.
  2. If not already present, StoreFront requires Microsoft .NET 4.5 Framework, which can be downloaded from Microsoft. You must have Microsoft .NET 4.5 installed before you can install StoreFront.
  3. Optionally, if you plan to configure a multiple server StoreFront deployment, set up a load balancing environment for your StoreFront servers.

    To use NetScaler for load balancing, you define a virtual server to proxy your StoreFront servers. For more information on configuring NetScaler for load balancing, see Load Balancing Traffic on a NetScaler.

    1. Ensure that load balancing is enabled on your NetScaler appliance.
    2. For each StoreFront server, create individual HTTP or SSL load balancing services, as appropriate, using the StoreFront monitor type.

      For more information, see Monitoring Citrix StoreFront Stores.

    3. Configure the services to insert the client IP address into the X-Forwarded-For HTTP header of requests forwarded to StoreFront, overriding any global policies.

      StoreFront requires users' IP addresses to establish connections to their resources. For more information, see Inserting the IP Address of the Client in the Request Header.

    4. Create a virtual server and bind the services to the virtual server.
    5. On the virtual server, configure persistence on the basis of source IP address.

      Persistence ensures that only the initial user connection is load balanced, after which subsequent requests from that user are directed to the same StoreFront server. For more information, see Persistence Based on Source IP Address.

  4. Optionally, enable the following features.

    • .NET Framework 4.5 Features > .NET Framework 4.5, ASP.NET 4.5

    Optionally, enable the following roles and their dependencies on the StoreFront server.

    • Web Server (IIS) > Web Server > Common HTTP Features > Default Document, HTTP Errors, Static Content, HTTP Redirection
    • Web Server (IIS) > Web Server > Health and Diagnostics > HTTP Logging
    • Web Server (IIS) > Web Server > Security > Request Filtering, Windows Authentication
    • On Windows Server 2012 servers:

      Web Server (IIS) > Web Server > Application Development > .NET Extensibility 4.5, Application Initialization, ASP.NET 4.5, ISAPI Extensions, ISAPI Filters

      On Windows Server 2008 R2 servers:

      Web Server (IIS) > Web Server > Application Development > .NET Extensibility, Application Initialization, ASP.NET, ISAPI Extensions, ISAPI Filters

    • Web Server (IIS) > Management Tools > IIS Management Console, IIS Management Scripts and Tools

    The StoreFront installer checks that all the features and server roles above are enabled.

  5. Install StoreFront.
  6. Optionally, configure Microsoft Internet Information Services (IIS) for HTTPS if you plan to use HTTPS to secure communications between StoreFront and users' devices.

    HTTPS is required for smart card authentication. By default, Citrix Receiver requires HTTPS connections to stores. You can change from HTTP to HTTPS at any time after installing StoreFront, provided the appropriate IIS configuration is in place.

    To configure IIS for HTTPS, use the Internet Information Services (IIS) Manager console on the StoreFront server to create a server certificate signed by your domain certification authority. Then, add HTTPS binding to the default website. For more information about creating a server certificate in IIS, see For more information about adding HTTPS binding to an IIS site, see

  7. Ensure your firewalls and other network devices permit access to TCP port 80 or 443, as appropriate, from both inside and outside the corporate network. In addition, ensure that any firewalls or other devices on your internal network do not block traffic to any of the unassigned TCP ports.

    When you install StoreFront, a Windows Firewall rule is configured enabling access to the StoreFront executable through a TCP port randomly selected from all unreserved ports. This port is used for communications between the StoreFront servers in a server group.

  8. Use the Citrix StoreFront management console to configure your server.