CCI Talking Points:

• Module 1: The Apps and Desktops Images | Total Time: 59 minutes

• 59 Slides | Lecture Time: 59 minutes
• 0 Labs
• The purpose of this module is to:
• Give students an understanding of how to provision and deliver desktop and application resources to end users.

1 © 2020 Citrix | Confidential

CCI Talking Points:
• [Point 1]
• We will introduce the Citrix Virtual Apps and Desktops by explaining the overall capabilities of the product.
• [Point 2]
• We will present an architectural overview of a typical Proof Of Concept (POC) deployment, and explain the role of
each component organized by layers.

2 © 2020 Citrix | Confidential

 • [Point 3]
• We will explain the different product features focused on resource models, and cover the use case
advantages and considerations for each one.
• [Point 4]
• We will focus on the different platforms Citrix supports for hosting Citrix Virtual Apps and Desktops.
• [Point 5]
• We will take a look at the Citrix Virtual Apps and Desktops Service and consider Citrix Cloud.
• [Point 6]
• We will present the connection flow process of app or desktop launches using Citrix Workspace app.

Delivery Preparation:
• The Learning Objectives explain what the students can expect to learn and how to learn the concepts
presented in this module.
• A sign of a great instructor is his or her ability to provide meaningful overviews of the course content as it
relates to both the learning trajectory of the course, and also to student experiences.

‹#› © 2020 Citrix | Confidential

3 © 2020 Citrix | Confidential
Key Notes:
• This access requires software on the user device called the Citrix Workspace app (formerly known as Citrix Receiver).
• Citrix Workspace app can be downloaded both using https://www.citrix.com/downloads/workspace-app/ and mobile
App-Stores.
• Citrix Workspace app uses the Citrix connection protocol called HDX to access these apps and desktops.

4 © 2020 Citrix | Confidential

Additional Resources:
• Citrix Online Documentation Introduction to Citrix Virtual Apps and Desktops service: https://docs.citrix.com/en-us/citrix-
virtual-apps-desktops-service

5 © 2020 Citrix | Confidential

6 © 2020 Citrix | Confidential
CCI Talking Points:
• Provide students with a high-level flow and setup of a Proof of Concept (POC) environment.
• Tell the students that high availability is covered in a later module.

Key Notes:
• Layer Presentation:

7 © 2020 Citrix | Confidential

 • External users connect through Citrix Gateway, located in a DMZ, and then are directed to StoreFront
(explain that Citrix Gateway is not covered in this course, but is covered in CNS-222 “Citrix ADC 12.x
Essentials and Citrix Gateway”).
• Internal users connect directly to StoreFront.
• StoreFront presents the resources that are available to users.
• Resources include the desktops and apps made available through the different Feature models:
• Published Desktops/Published Apps – Server OS
• Assigned Desktop OS – Hosted VDI (static/persistent)
• Random Desktop OS – Hosted VDI (random/non-persistent)
• Delivery Controller brokers connections to desktop and app resources.
• Citrix Workspace app must be installed on endpoint to supply connection to resource.
• Hypervisor – optional component.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the User Layer covers all user devices or endpoints that are used to make connections to resources.

Key Notes:
• The User Layer is the grouping presentation of endpoint device architecture that users use to make connections to the
Citrix Virtual Apps and Desktops Environment.

8 © 2020 Citrix | Confidential

 • In this layer the endpoint choices can range from small mobile devices to specialized thin clients and
multifunctional devices like notebooks or PCs.
• For devices where admins/users are unable to install Citrix Workspace app, Citrix Workspace app for HTML5
can be leveraged. Remember Citrix Workspace app for HTML5 provides a connection through an HTML5
compatible Web browser; however, it does not have all the functionality that the other Citrix Workspace app
clients have.

Additional Resources:
• Citrix Workspace app download: https://www.citrix.com/downloads/workspace-app/
• Citrix Workspace app Feature Matrix:
https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/citrix-workspace-app/Citrix-Workspace-
app-Feature-matrix.pdf
• Citrix VDI Best Practices for Citrix XenApp and XenDesktop 7.15 LTSR, Page 45: http://docs.citrix.com/en-
us/xenapp-and-xendesktop/7-15-ltsr/citrix-vdi-best-practices.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the Access Layer covers all Citrix infrastructure devices that are providing authentication points, and are
used to orchestrate the access to resources.

Key Notes:
• The Access Layer is the presentation of the technical component(s) that serve as a middle-man between the users with

9 © 2020 Citrix | Confidential

 their endpoints and the
Citrix Virtual Apps and Desktops Site with its apps and desktops.
• Typical deployments require external users to make secure encrypted connections through an SSL VPN that
supports the HDX protocol, such as a Citrix Gateway.
• Internal users may bypass the Citrix Gateway to directly access the StoreFront server.
• These two access methods are typically determined by several factors, such as the location of the users, the
types of devices used for access, and company policy.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the components within the Control Layer determine flexibility and scalability of the deployment.
• Focus on the Delivery Controller first and then cover how it ties into the other components in the Control Layer.

Key Notes:
• The Control Layer is used to group and present the core components of the Citrix Virtual Apps and Desktops

10 © 2020 Citrix | Confidential

 implementation.
• The Delivery Controller is the central broker that handles all requests for all user sessions; this includes both
apps and desktops, across Server OS and Desktop OS hosts.
• The Delivery Controller also performs load balancing on user requests for apps and desktops on Server OS
hosts.
• The Citrix Virtual Apps and Desktops deployment relies on the SQL platform to host the Site database.
• The Citrix License Server centrally manages and disburses licenses for user connections.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the Resource Layer covers houses all of the machines that are used to host the resource sessions that
users are connecting to.

Key Notes:
• The Resource Layer is a presentation of all resources that authorized users can gain access to, such as:

11 © 2020 Citrix | Confidential

 • Apps
• Desktops
• User data, like profiles and documents
• The Resource Layer is also the architectural orientation where administrators consider how best to manage
and control these above resources, such as through creating policies to grant or restrict features.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the Hardware Layer (sometimes referred to as Compute layer) can also be abstracted by using cloud-
based resources (Amazon/Azure); which you will explain in a later lesson in this module.
• Hardware Layer is also addressed as Hardware Layer in some documents, for example VDI Handbook, but in this
course we will be using the term “Hardware Layer” throughout.

12 © 2020 Citrix | Confidential

 Key Notes:
• The Hardware Layer provides the virtual computing needed by the Access, Control and Resource Layers.
• It’s no accident that the Hardware layer is presented beneath those three layers, as Compute layer is the
“supply channel” for the environment.
• We will expand upon the Hardware Layer in a later lesson in this module.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the layers presented can be deployed 100% on premise or 100% in a public cloud, or be partnered with
Citrix Cloud and a Citrix Virtual App and Desktops service subscription.

13 © 2020 Citrix | Confidential

Key Notes:
• What is the role of StoreFront?
• Enumerating, Aggregating, and Presenting Desktops and Applications
• Which Citrix infrastructure component brokers end user connections to application and desktop resources?
• Delivery Controller

14 © 2020 Citrix | Confidential

 Delivery Preparation:
• The purpose of a Lesson Objective Review is to challenge the students to verify they understood the lesson
presented.
• If the students can’t answer the question, then the CCI knows to review the topic presented.

‹#› © 2020 Citrix | Confidential

15 © 2020 Citrix | Confidential
CCI Talking Points:
• Use this slide as only an introduction slide. The following slides in this lesson addresses the features in more details.
• Spend a minimal amount of time here.

Key Notes:
• Citrix Virtual Apps and Desktops share a unified architecture called FlexCast Management Architecture (FMA).

16 © 2020 Citrix | Confidential

 • FMA's key features are the ability to manage both Server OS and Desktop OS hosts from a single Site and
integrated provisioning.
• The variety of delivery methods are referred to as Feature (also known as FlexCast) models, such as those
depicted above. Although not a comprehensive list, they are the most common.
• One of the advantages of using this FMA platform is that it enables administrators to tailor the delivery method
to the business and technical requirements of the end user.

Additional Resources:
• For a Complete list of features: https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/citrix-
virtual-apps-and-desktops-current-release.pdf
• Citrix Virtual Apps and Desktops 7 1912 (LTSR) – Technical overview: https://docs.citrix.com/en-us/citrix-
virtual-apps-desktops/1912-ltsr/technical-overview.html

Delivery Preparation:
• During your presentation in this course, please remember that with the Citrix Virtual Apps and Desktops 7
version release:
• Both products have the same core infrastructure.
• The features of both products are dependent on the license edition.
• This is important when referencing machine types:
• A Server OS running a VDA is not a Citrix Virtual Apps Server, because I can get that functionality under
both a Citrix Virtual Apps and Desktops license.
• This applies to both apps and desktops.
• A Desktop OS running a VDA is not a Citrix Virtual Desktop, because a Citrix Virtual Apps License also
supports a Desktop OS VDA, but only for VM Published Apps.
• Ultimately we want to ensure that we use as much as possible “Citrix Virtual Apps and Desktops”.
• If the feature presented is only under a Citrix Virtual Desktops license, then we can call it Citrix Virtual
Desktops, but we need to be mindful of the Citrix Virtual Apps -only Students and get them excited about
upgrades, not limitations.
• Only if needed, because you have students coming from 6.5 or earlier, mention:

‹#› © 2020 Citrix | Confidential

 • FMA replaces IMA, which was the management architecture from Citrix Virtual Apps 6.5 and earlier.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain use case and considerations.
• Can provide server resource allocations for resource intensive applications.

Key Notes:
• Published apps are managed centrally and users cannot modify the application, providing a user experience that is

17 © 2020 Citrix | Confidential

 consistent, safe, and reliable.
• Benefits and Considerations:
• Manageable and scalable solution within your datacenter.
• Most cost effective application delivery solution.
• Users must be online to access their applications.
• Example scenario: WWLabs has identified the following requirements for its HR user group:
• Requires access to standard Microsoft Office applications
• Does not require personalization
• Does not engage in resource intensive application work
• Which Feature Model(s) would be an effective solution and why?
• Answer: Published Apps or Published Desktops.
• Lead with Server OS apps/desktop if meets the requirements due to scalability and manageability.
• Applications are Server OS and Remote Desktop Services compatible.
• Users do not require personalization (non-persistent).
• Users do not engage in resource intensive application work, so they do not require dedicated resource
allocation.
• Does not specify if users require a desktop feel or if published applications would suffice, so either Server
OS apps or desktops are acceptable.

Additional Resources:
• Citrix Virtual Apps published apps and desktops: https://docs.citrix.com/en-us/citrix-virtual-apps-
desktops/technical-overview/delivery-methods/published-apps-desktops.html

‹#› © 2020 Citrix | Confidential

Key Notes:
• Published content types include:
• HTML website address
• Document file on a web server
• Directory on a FTP server
• Document file on an FTP server

18 © 2020 Citrix | Confidential

 • UNC directory path
• UNC file path
• If using Citrix Virtual Apps and Desktops, then use the regular PowerShell SDK.
• If using Citrix Virtual Apps and Desktops Service, then switch to the remote PowerShell SDK.
• After publishing the content using PowerShell, it can be viewed just like any other published application in
Citrix Studio.

Additional Resources:
• XenApp published apps and desktops (7.15 LTSR): https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-
15-ltsr/install-configure/publish-content.html
• Citrix Virtual Apps published apps and desktops (1912) : https://docs.citrix.com/en-us/citrix-virtual-apps-
desktops/1912-ltsr/install-configure/publish-content.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• In this release Citrix Virtual Apps and Desktops 7 1912 Long Term Service Release (LTSR). Server and Desktop OS
Machine Catalogs have been renamed as: Multi-session OS and Single-session OS:
• Multi-session OS: The Server OS Machine Catalog that provides hosted shared desktops for a large-scale
deployment of standardized Windows Server OS or Linux OS machines.
• Single-session OS: The Desktop OS Machine Catalog that provides VDI desktops ideal for a variety of different

19 © 2020 Citrix | Confidential

 users.
• Explain use case and considerations.
• Explain that this method is for many companies still the preferred delivery method because of delivering
desktop connections at a low cost per user.

Key Notes:
• Server OS machines can run multiple desktop or application sessions from a single machine. It is considered
an inexpensive server-based delivery mechanism that minimizes the cost of delivering applications to a large
number of users, while providing a secure, high-definition user experience.

Additional Resources:
• XenApp published apps and desktops (7.15 LTSR): http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-
ltsr/technical-overview/delivery-methods/published-apps-desktops.html
• Citrix Virtual Apps published apps and desktops (LTSR 1912): https://docs.citrix.com/en-us/citrix-virtual-apps-
desktops/1912-ltsr/technical-overview/delivery-methods/published-apps-desktops.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• In this release Citrix Virtual Apps and Desktops 7 1912 Long Term Service Release (LTSR). Server and Desktop OS
Machine Catalogs have been renamed as: Multi-session OS and Single-session OS:
• Multi-session OS: The Server OS Machine Catalog that provides hosted shared desktops for a large-scale
deployment of standardized Windows Server OS or Linux OS machines.
• Single-session OS: The Desktop OS Machine Catalog that provides VDI desktops ideal for a variety of different

20 © 2020 Citrix | Confidential

 users.

Key Notes:
• Use Server OS machines to deliver VDI desktops.
• Server VDI desktops are hosted on virtual machines and provide each user with a Server operating system.
• Server VDI desktops can use the Enhanced Desktop Experience Citrix policy setting to make this server
Operating system look like a desktop operating system.
• Server VDI is a limited use case feature, typically used for engineers or designers that require a more
powerful platform than a regular Desktop operating system.
• Once the Server machine is configured for VDI, it cannot be used to host published applications, because it is
a 1:1 ratio of users to desktop.
• The Server machine must be prepared to install and configure Server VDI. The high level overview of the
preparation steps are as follows:
1. Remove Remote Desktop Services.
2. Install the VDA using CLI in ”quiet” mode with “servervdi” options.
3. Create the machine catalog.
4. Create the Delivery Group..

Additional Resources:
• Server VDI Desktops:
• 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-overview/delivery-
methods/vdi-desktops.html
• Server VDI: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/server-vdi.html
• VDI desktops: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-
overview/delivery-methods/vdi-desktops.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• In this release Citrix Virtual Apps and Desktops 7 1912 Long Term Service Release (LTSR). Server and Desktop OS
Machine Catalogs have been renamed as: Multi-session OS and Single-session OS:
• Multi-session OS: The Server OS Machine Catalog that provides hosted shared desktops for a large-scale
deployment of standardized Windows Server OS or Linux OS machines.
• Single-session OS: The Desktop OS Machine Catalog that provides VDI desktops ideal for a variety of different

21 © 2020 Citrix | Confidential

 users.

Key Notes:
• Use Desktop OS machines to deliver VDI desktops.
• VDI desktops are hosted on virtual machines and provide each user with a desktop operating system.
• VDI desktops require more resources than Hosted Shared Desktops, but do not require that applications
installed on them support server-based operating systems. Additionally, depending on the type of VDI desktop
you choose, the desktop can be assigned to individual users and allow these users a high degree of
personalization.
• Considerations:
• 1:1 ratio of users to desktop; at logon, user is randomly assigned a desktop. After logging off, changes are
discarded and VM returns to pool for another user.
• A user’s resource consumption or action is less likely to affect other users, making it a good use case for
those who require a higher level of performance due to resource intensive application work.
• The overhead of running a complete operating system per user requires more resources on hypervisors.
• Hosted VDI models also offer the option of dramatically accelerating graphically intensive applications by
providing GPUs (or vGPUs) to the VM.
• Example Scenario: WWLabs has identified the following requirements for its Technician user group:
• Applications are not multi-user compatible
• Does not require ability to install applications
• Engages in resource intensive work
• Which Feature Model(s) would be an effective solution and why?
• Answer: Hosted VDI (random/non-persistent)
• Applications need to be installed on Desktop OS.
• No installation of applications means persistence is not required.
• 1:1 ratio of user desktops means that a user’s resource intensive work will not affect others.

Additional Resources:
• VDI Desktops:

‹#› © 2020 Citrix | Confidential

 • 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-overview/delivery-
methods/vdi-desktops.html
• Current release: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/delivery-
methods/vdi-desktops.html
• VDI desktops: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-
overview/delivery-methods/vdi-desktops.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• In this release Citrix Virtual Apps and Desktops 7 1912 Long Term Service Release (LTSR). Server and Desktop OS
Machine Catalogs have been renamed as: Multi-session OS and Single-session OS:
• Multi-session OS: The Server OS Machine Catalog that provides hosted shared desktops for a large-scale
deployment of standardized Windows Server OS or Linux OS machines.
• Single-session OS: The Desktop OS Machine Catalog that provides VDI desktops ideal for a variety of different

22 © 2020 Citrix | Confidential

 users.
• Explain use case and considerations.
• Explain the additional management and operational tasks that go into creating, updating, and troubleshooting
persistent desktops.

Key Notes:
• The first time a user logs on to use one of these desktops, the user is assigned a desktop from a pool of
desktops based on a single master image. After the first use, the user will subsequently connect to the same
desktop that was initially assigned. Changes to the desktop are not lost when the machine reboots.
• Considerations:
• 1:1 ratio of users to desktop; user is assigned the same desktop on each subsequent logon; changes
persist and are not discarded on logoff.
• A user’s resource consumption or actions is less likely to affect other users, making it a good use case for
those who require a higher level of performance due to resource intensive application work.
• Example Scenario: WWLabs has identified the following requirements for its Engineer user group:
• Requires ability to install applications
• Requires personalization and elevated administrator rights
• Engages in resource intensive work
• Which Feature Model(s) would be an effective solution and why?
• Answer: Hosted VDI (Static/persistent)
• Users need to install applications and have them persist.
• 1:1 ratio of user to desktops means that a user’s resource intensive work and use of elevated admin
rights will not affect others.

Additional Resources:
• VDI Desktops:
• 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-overview/delivery-
methods/vdi-desktops.html
• VDI desktops: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-

‹#› © 2020 Citrix | Confidential

 overview/delivery-methods/vdi-desktops.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain use case and considerations.
• Explain that this Feature model can also be used as a temporary solution while migrating to a different Feature model.

Key Notes:
• Remote PC Access allows an end user to log on remotely from virtually anywhere to the physical Windows PC in the

23 © 2020 Citrix | Confidential

 office. The Virtual Delivery Agent (VDA) is installed on the office PC; it registers with the Delivery Controller
and manages the HDX connection between the PC and the end user client devices.
• Remote PC Access supports a self-service model; after you set up the whitelist of machines that users are
permitted to access, those users can join their office PC’s to a Site themselves, without administrator
intervention. The Citrix Workspace app running on their client device enables access to the applications and
data on the office PC from the Remote PC Access desktop session.
• Remote PC is a great solution for customers that have a great workstation design with a backup solution
already in place. These customers would not need to build out additional server infrastructure to get many of
the same benefits.
• Remote PC can be a great stop-gap where customers can get benefits quickly while the Citrix Virtual Apps
and Desktops solution is being developed.
• Example Scenario: WWLabs has identified the following requirements for its Designer user group:
• Needs to leverage existing physical corporate desktops
• Requires remote access to their applications as soon as possible
• Engages in resource intensive work
• Which Feature Model(s) would be an effective solution and why?
• Answer: Remote PC
• Physical desktops that have already been deployed.
• Quicker time to value.
• 1:1 ratio of user to desktops means that user’s resource intensive work will not affect others.

Additional Resources:
• Remote PC Access:
• Remote PC Access 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/install-
configure/remote-pc-access.html
• Current Release: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/install-configure/remote-
pc-access.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain use case and considerations.

Key Notes:
• Applications and desktops on the master image are securely managed, hosted, and run on machines within your
datacenter, providing a more cost effective application delivery solution.

24 © 2020 Citrix | Confidential

 • Considerations:
• 1:1 ratio of users to desktop for user to access a hosted Desktop OS application.
• It is not highly scalable as it requires a desktop for each user for a single application

Additional Resources:
• VM hosted apps:
• 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-overview/delivery-
methods/vm-hosted-apps.html
• Current Release: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-
overview/delivery-methods/vm-hosted-apps.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Use this slide to present the concept of defining use cases for users and feature-based resources and then assigning
groups of users to one or more resources.

Key Notes:
• The diagram depicts the assessment and segmentation of users into groups based on the following criteria: graphic

25 © 2020 Citrix | Confidential

 intensive apps, CPU-intensive application work, high-security requirements, and printing requirements.
• It is important to the success of the deployment to understand the user requirements and tailor the solution
to their specific needs, as this can impact user acceptance and project costs.
• You need to define user groups based on shared common characteristics in order to assign the Feature
model that effectively addresses the requirements of the user group.
• Mobility – understand where user is connecting from (network speeds, network security, etc.) and how
frequently the user is roaming.
• Security - lockdown, audit requirements.
• Personalization – assess if user requires additional personalization that cannot be provided by roaming
profiles. Determine if user needs the ability to install apps themselves, or if the admin should install any
additional apps required by user.
• Application set/application usage – common applications required; how resource intensive the application
work is that users are doing.
• Have to have an understanding of how users are using applications; not always a clear mapping between
app and workload.
• E.g. Excel for one user may be a light workload, but may have another user who is running reports with
thousands of data sets and who therefore is a heavy workload.
• Desktop loss criticality – understand impact to revenue, projects, and product if user is unable to access
resources.
• User segmentation is also important for understanding policies that may need to be applied.

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that students should think of the diagram as buckets. If the use case fits the first option, then it goes in that
bucket. Only move on to next bucket if the previous model is not sufficient to address needs.
• Another good analogy that can be used is to think of a pyramid. Aim to cover most of your users with the most cost-
effective model, which is the bottom of the pyramid (Server OS workloads). Each successive level of the pyramid will
get smaller and smaller, and then at the top are your handful of persistent desktop users who need the customization

26 © 2020 Citrix | Confidential

 of a dedicated machine.
• Lead with the scalable options (Server OS workloads, then non-persistent VDI) to reduce deployment time
and simplify management.
• In some cases, have to leverage another method for temporary backup (e.g. user is assigned a dedicated
desktop, but is also provided with a pooled desktop in case there is a loss).

Key Notes:
• As with physical desktops, it is not possible to meet every user requirement with a single Feature model.
Different types of users need different types of resources. Some users may require simplicity and
standardization, while others may require high levels of performance and personalization. Implementing a
single Feature model across an entire organization will inevitably lead to user frustration and reduced
productivity.
• The Citrix Virtual Apps and Desktops features offer a complete set of application and desktop virtualization
technologies that have been combined into a single integrated solution. Because each Feature (formerly
known as FlexCast) model has different advantages and disadvantages, it is important that the right model is
chosen for each user group within the organization.
• There are six feature models available, the advantages and disadvantages of each model are described
below:
• Published Apps - The Hosted Apps model utilizes a server-based Windows operating system, where only
the application interface is seen by the user. This approach provides a seamless way for organizations to
deliver a centrally managed and hosted application into the user’s local PC. The Windows app model is
often utilized when organizations must simplify management of a few line-of-business applications.
• Published Desktop – With the published desktop model, multiple user desktops are hosted from a single,
server-based operating system (Windows 2008, 2012, 2016, Red Hat, SUSE, CentOS). The shared
desktop model provides a low-cost, high-density solution; however, applications must be compatible with a
multi-user server based operating system. In addition, because multiple users share a single operating
system instance, users are restricted from performing actions that negatively impact other users, for
example installing applications, changing system settings and restarting the operating system.
• Hosted VDI (Random/non-persistent) - The Hosted VDI (random/non-persistent) desktop model provides

‹#› © 2020 Citrix | Confidential

 each user with a random, temporary desktop operating system. Because each user receives their own
instance of an operating system, overall hypervisor density is lower when compared to the published
desktop model. However, pooled desktops remove the requirement that applications must be multi-user
aware and support server based operating systems.
• Hosted VDI (Static/persistent) – This model provides each user with a statically assigned, customizable,
persistent desktop operating system. Because each user receives their own instance of an operating
system, overall hypervisor density is lower when compared to the published desktop model. However,
personal desktops remove the requirement that applications must be multi-user aware and support server
based operating systems.
• Remote PC – The remote PC access desktop model provides a user with secure remote access to their
statically assigned, traditional PC. This is often the fastest and easiest VDI model to deploy as it utilizes
already deployed desktop PCs.
• VM-hosted applications – Similar to published apps, the main difference being that the apps are hosted on
a desktop operating system. This approach can be used when the seamless app approach is desired, but
the application is not compatible with a multi-user Server OS machine. Because each application session is
hosted by its own instance of an operating system, overall hypervisor density is lower when compared to
the published apps model.

Additional Resources:
• Citrix VDI Best Practices for Citrix XenApp and XenDesktop 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-
and-xendesktop/7-15-ltsr/citrix-vdi-best-practices.html

‹#› © 2020 Citrix | Confidential

27 © 2020 Citrix | Confidential
28 © 2020 Citrix | Confidential
CCI Talking Points:
• Talk the students through the historical changes of how Citrix was typically deployed and what has changed, focus on
the fact that every deployment type is still supported using the FMA architecture.

Key Notes:

29 © 2020 Citrix | Confidential

 • In 1990s and up to mid 2000s Citrix was typically hardware deployed.
• Mid 2000s, the focus shifted towards virtual Citrix environments.
• Today the focus is on cloud deployments, either full or hybrid.

‹#› © 2020 Citrix | Confidential

Key Notes:
• Citrix Cloud simplifies the management of virtual applications, desktops, mobile devices, and data sharing with its cloud-
based management platform. You can choose whether you put your resources (hypervisors, VDAs, and StoreFront
servers, for example) on premises or in a private or public cloud.
• The biggest drivers for moving to the cloud are flexibility, redundancy, and scalability.
• Citrix Virtual Apps and Desktops supports on premises, hybrid cloud solutions and full cloud deployments.

30 © 2020 Citrix | Confidential

 Additional Resources:
• Citrix Workspace Cloud Apps and Desktop Services for New Customers Reference Architecture:
https://docs.citrix.com/en-us/citrix-cloud/downloads/workspace-cloud-apps-desktop-services-for-new-
customers-reference-architecture.pdf

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that Citrix does not require a 100%-Cloud-Commitment or the opposite, but instead offers several options for
adopting cloud based deployments in various degrees.
• Do not go into detail about these options as they will be addressed in the next four slides.

31 © 2020 Citrix | Confidential

Key Notes:
• This model offers complete control over every aspect of the deployment, including choice of the hardware manufacturer.
It also comes with complete responsibility for designing and operating security, climate control, backup, maintenance
and updates.
• A typical on-premises configuration consists of one or more Delivery Controllers. For customers looking to use Citrix
Cloud and have Citrix host the Delivery Controller, consider the following needs:

32 © 2020 Citrix | Confidential

 • All current Delivery Controllers that are on premises need to use the “ListOfDDCs” option for those VDAs to
remain on premises. Otherwise, move the VDAs you want to use with Citrix Cloud into a different OU and
change the “ListOfDDCs” option. Currently, there is no support for adding both an on-premises Delivery
Controller and Citrix Cloud Connector system to the “ListOfDDCs” in the same OU.
• You need to configure one or more systems with Internet access that are used to host the Citrix Cloud
Connector that gets installed on these systems to host multiple services.
• Citrix Cloud Connector requires Windows Server 2012 R2 or newer.
• Port 443 outbound is required to be open and used by the Citrix Cloud Connector system. The Citrix Cloud
Connector system will also support the use of IE proxy settings configured for outbound connections. For
proxy support, see https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-connector/technical-details.html
• The Citrix Cloud Connector enables access to:
• On premises Active Directory and provides Protocol Proxy for all STA\NFuse connectivity .
• Other services such as Citrix Endpoint Management, Citrix Content Collaboration, Networking, Monitoring,
and Lifecycle Management, which can be added at a later time.
• The Citrix Cloud Connector supports multiple AD forests. Windows 2003 and later are supported for AD forest.

Citrix Hypervisor is included in Citrix Virtual Apps and Desktops.

Enterprise features:
• Automated Windows VM Driver Updates
• Automatic updating of the Management Agent
• Support for SMB storage
• Direct Inspect APIs
• Dynamic Workload Balancing
• GPU Virtualization with NVIDIA GRID and Intel GVT-g
• VMware vSphere to Citrix Hypervisor Conversion utilities
• Intel Secure Measured Boot (TXT)
• Export Pool Resource Data
• In-memory read caching

‹#› © 2020 Citrix | Confidential

 Additional Resources:
Citrix Workspace Cloud Apps and Desktop Service with an on-Premises Resource Reference Architecture:
https://docs.citrix.com/en-us/citrix-cloud/downloads/workspace-cloud-apps-desktop-service-on-premises-
resource-reference-architecture.pdf

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that reasons for this model range from costs and lack of experience to security considerations.

33 © 2020 Citrix | Confidential

CCI Talking Points:
• Explain that the administrative effort is centered around setting up, configuring and maintaining virtual machines that are
running on cloud-based resources.
• This model offers flexibility when it comes to adding new machines to the datacenter and it can also be a cost effective
solution.

34 © 2020 Citrix | Confidential

 Key Notes:
• Simplify cloud adoption:
• Ensure a smooth and secure transition when migrating environments to the public cloud.
• Expand capacity quickly and with less capital cost.
• Manage hybrid and multi-cloud environments:
• Leverage a common management plane across all Citrix environments.
• Use multiple disaster recovery locations or manage multiple sites and/or clouds.
• Speed time-to-value:
• Quickly establish new sites and offices.
• Rapidly set up test environments and proof-of-concepts.
• Starting with version 7.11, Azure ARM is now supported.

Additional Resources:
• Citrix Cloud Overview: https://www.citrix.com/products/citrix-cloud/

‹#› © 2020 Citrix | Confidential

Key Notes:
• Explain that new versions of the software in use will automatically be provided for Citrix-managed machines, while on
premise machines need to be maintained and updated manually.
• Choice - Host your apps and data on any cloud or virtualization platform as well as across multiple locations.
• Security - Citrix Cloud doesn’t handle your apps and data – you control where they reside.
• Experience - An intuitive admin experience keeps management simple, while award-winning Citrix HDX technology

35 © 2020 Citrix | Confidential

 delights end users.

Additional Resources:
• Citrix Cloud Overview: https://www.citrix.com/products/citrix-cloud/

‹#› © 2020 Citrix | Confidential

36 © 2020 Citrix | Confidential
Key Notes:
• Citrix Cloud does not host the Resource Layer.
• Resource layer containing Desktop and Apps can be on-premise or on public cloud as per customer needs.
• Citrix Cloud provides Control layer and also gives options to have Access Layer maintained on Citrix Cloud.

37 © 2020 Citrix | Confidential

 Additional Resources:
• Citrix Workspace Cloud Apps and Desktop Service with an on-Premises Resource Reference Architecture:
https://docs.citrix.com/en-us/citrix-cloud/downloads/workspace-cloud-apps-desktop-service-on-premises-
resource-reference-architecture.pdf
• Citrix Cloud Overview: https://www.citrix.com/products/citrix-cloud/
• Citrix Workspace Cloud Apps and Desktops Services for New Customers Reference Architecture:
https://docs.citrix.com/en-us/citrix-cloud/downloads/workspace-cloud-apps-desktop-services-for-new-
customers-reference-architecture.pdf

‹#› © 2020 Citrix | Confidential

38 © 2020 Citrix | Confidential
39 © 2020 Citrix | Confidential
CCI Talking Points:
• Don’t spend a lot of time on this slide. This is just in introduction to Citrix Cloud, but this is not a focus for the course.
• This course focuses on the Citrix Virtual Apps and Desktops Service, not all of the others; although we will work with the
Analytics service on Friday.

Key Notes:

40 © 2020 Citrix | Confidential

 • Citrix Workspace is a combination of the following services:
• Virtual Apps and Virtual Desktops
• Citrix Endpoint Management Premium Service
• Citrix Content Collaboration Advanced Service
• Citrix Gateway with ICA proxy Includes XA/XD Service, Citrix Endpoint Management Premium Service,
Citrix Content Collaboration Advanced Service and Citrix Gateway.
• Citrix Virtual Apps and Desktops Service:
• The common use cases for both Citrix Virtual Apps and Desktops Service are the same as the on-premises
versions. However, the Cloud based service is more simple in terms of deployment and management for
the customer.
• On-premises customers can convert existing Virtual Apps/Virtual Desktops concurrent or user/device
license to the Virtual Apps/Desktops service offering.
• Citrix Virtual Apps and Desktops Service is licensed on a per user basis. The on-premises user/device
(U/D) or concurrent user (CCU) licensing options are not available for Cloud Services.
• Citrix Virtual Apps and Desktops Service: Deliver secure access to virtual Windows, Linux, and web apps
and desktops. Manage apps and desktops centrally across multiple resource locations while maintaining a
great end user experience.
• Secure Browser Standard: Protect the corporate network from browser-based attacks by isolating web
browsing activities. IT administrators can offer users safe internet access without sacrificing security by
delivering consistent, secure remote access to internet hosted web applications on public cloud
infrastructure with zero end-point configuration.
• Virtual Apps Essentials: Easily and securely deliver Windows apps in the Azure Cloud to any device.
Purchased on the Azure Marketplace.
• Virtual Desktops Essentials: Accelerate Windows 10 Enterprise migration with the power of Citrix Virtual
Desktops and Microsoft Azure. Purchased on the Azure Marketplace.
• Citrix Endpoint Management Service
• The benefits of Citrix Endpoint Management as a Service are quicker time to value, as Users are
productive sooner as a result of faster deployment and access to new productivity application features &
platform updates

‹#› © 2020 Citrix | Confidential

 • Citrix Endpoint Management : Provide cloud-based, comprehensive enterprise mobility management—
including mobile device management (MDM), mobile application management (MAM), and enterprise-
grade productivity apps—on BYO or corporate devices.
• Citrix Content Collaboration Service
• Citrix Content Collaboration is a feature rich cloud based file sharing and enterprise collaboration service.
• Citrix Content Collaboration: Provide secure access to files and data from any device, across any
infrastructure. Control how and where you store your data while meeting mobility and collaboration needs
of employees and the data security requirements of the enterprise
• Citrix Networking
• A number of unique advantages exist for Citrix Gateway Standard Service over on-premises
implementations, such as availability across 12 regions, removing the need to manage global server load
balancing.
• Citrix Gateway: Utilize the most secure way to deliver virtual apps and desktops with a cloud-based
offering that is simple to deploy and manage. Ensure the availability of Virtual Apps and Desktops and
provide the best user experience on any device, under any network condition.
• Citrix Web App Firewall Service: Protect web applications and infrastructure from cyber-attacks using
security tools like signatures, blacklisted and whitelisted URLs/applications, and IP Reputation. Keep
historical retention capabilities for easy operations and incident analysis.
• Citrix Analytics
• The Application Delivery Management is a cloud-based management, monitoring, automation and analytics
service which provides end-to-end visibility and control of application infrastructure deployed on-premises or
in public clouds.
• Citrix Application Delivery Management Service: Gain end-to-end visibility and control of your application
infrastructure across multiple clouds. Using application and network data, easily view summaries and
detailed analytics to allow for faster troubleshooting, proactive performance management, and security-
threat management.

‹#› © 2020 Citrix | Confidential

Key Notes:
• Be aware that Citrix Cloud is under constant development and evolvement. To understand the latest features and
benefits, refer to the link below.
• Server VDI is supported in Virtual Desktop Service.
• Citrix will not actively deny access for a user when the bandwidth restrictions are met for Citrix Gateway, but will contact
the customer and offer them to purchase an extra 300 GB data transfer.

41 © 2020 Citrix | Confidential

 Additional Resources:
• Subscriptions to meet your needs - https://www.citrix.com/products/citrix-workspace

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Remind students that the feature set is constantly changing; point out to students the link found below in Additional
Resources.

Key Notes:
• Citrix Workspace is the Citrix Cloud version of Workspace Suite. It includes Citrix Virtual Apps and Desktops, Citrix

42 © 2020 Citrix | Confidential

 Endpoint Management and Citrix Content Collaboration as a hosted service.
• Be aware that Citrix Cloud is under constant development and evolvement. To understand the latest features
and benefits, refer to the link below.
• Citrix will not actively deny access for a user when the bandwidth restrictions are met for Citrix Gateway, but
will contact the customer and offer them to purchase an extra 300 GB data transfer.

Additional Resources:
• Subscriptions to meet your needs - https://www.citrix.com/products/citrix-cloud/subscriptions.html

‹#› © 2020 Citrix | Confidential

Key Notes:
• Be aware that Citrix Cloud is under constant development and evolvement. To understand the latest features and
benefits, refer to the link below.

Additional Resources:
• Subscriptions to meet your needs - https://www.citrix.com/products/citrix-cloud/subscriptions.html

43 © 2020 Citrix | Confidential

Key Notes:
• Citrix Application Delivery Management provides the following benefits:
• Agile – Easy to operate, update, and consume. The service model of Citrix Application Delivery Management is
available over the cloud, making it is easy to operate, update, and use the features provided by Citrix Application
Delivery Management. The frequency of updates, combined with the automated update feature, quickly enhances
your Citrix ADC deployment.

44 © 2020 Citrix | Confidential

 • Faster time to value – Quicker business goals achievement. Unlike with the traditional on-premises
deployment, you can use your Citrix Application Delivery Management with a few clicks. You not only save
the installation and configuration time, but also avoid wasting time and resources on potential errors.
• Multi-Site Management – Single Pane of Glass for instances across Multi-Site data centers. With the Citrix
Application Delivery Management, you can manage and monitor Citrix ADCs that are in various types of
deployments. You have one-stop management for Citrix ADCs deployed on premises and in the cloud.
• Operational Efficiency – Optimized and automated way to achieve higher operational productivity. With the
Citrix Application Delivery Management, your operational costs are reduced by saving your time, money, and
resources on maintaining and upgrading the traditional hardware deployments.

Additional Resources:
• Citrix Application Delivery Management: https://www.citrix.com/products/citrix-cloud/services.html
• Citrix Application Delivery Management 12.1: https://docs.citrix.com/en-us/citrix-application-delivery-
management-software/12-1.html
• Citrix Application Delivery Management Features and Solutions: https://docs.citrix.com/en-us/citrix-
application-delivery-management-software/13/overview/features.html

‹#› © 2020 Citrix | Confidential

Key Notes:
• Linux VDA Image Service:
• Use this Citrix-prepared CentOS Linux VDA base image to quickly provision an entire machine catalog for the Citrix
Virtual Apps and Desktops onto a Microsoft Azure resource location – avoiding the hassle of installing dozens of
open-source Linux packages by hand. By hosting an MCS-ready golden master VDA, this Citrix Cloud service allows
administrators to jump-start their Linux VDA deployment onto Azure with the peace of mind of starting from a “Citrix

45 © 2020 Citrix | Confidential

 validated” image.
• Session Manager dramatically reduces app launch times:
• The new Session Manager lab improves application launch performance by pre-launching anonymous
sessions when using the Citrix Cloud Virtual Apps and Desktops. This is particularly useful during “logon
storms,” such as at the beginning of the workday or at shift changes, and in healthcare environments where
rapid access to applications is critical.
• Leverage a powerful, user-friendly tool for workspace automation:
• Citrix Provisioning for Microsoft Office 365:
• Assign Microsoft Office 365 subscription licenses alongside other Citrix apps and services. Simplify user
management and assignment with centralized access control. Citrix Provisioning for Microsoft Office 365
also provides license consumption and verification to simplify administration.

Additional Resources:
• Explore new services in Citrix Cloud Labs - https://www.citrix.com/products/citrix-cloud/labs.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Demo the cloud web page by clicking on Sign up and try it free link. Do not create unnecessary accounts.
• Students do not need to sign up for a trial account during class, because a trial account has already been created for
every student.

Key Notes:

46 © 2020 Citrix | Confidential

 • It’s free and fast to create a Citrix Cloud account.
• When you log on with your new Citrix Cloud account, you will not have access to any services but you will
have the ability to request trials of different services.
• When requesting a trial for Citrix Virtual Apps and Desktops Service, the request is evaluated by the Citrix
Cloud team for business potential.
• If you create your Citrix Cloud account using a personal email account and do not provide any customer
information, your Citrix Virtual Apps and Desktops Service trial will probably never be granted.
• You do not need to create a trial account for this class, an . An account has already been provisioned for use
during class.

Delivery Preparation:
• Opportunity to do a quick demo for students at this point.
• Citrix Cloud – https://Citrix.cloud.com

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Demo option to show the status web page.

Key Notes:
• It is important to understand that 99.9% uptime is a goal and not a SLA.
• Citrix hosts all Cloud Solutions within a public cloud, since no public cloud vendors will sign an official service level

47 © 2020 Citrix | Confidential

 agreement and Citrix can not provide a legal SLA either.
• Limitation examples:
• Customer failure to follow configuration requirements for the service.
• Customer controlled physical and virtual machines.
• Customer installed and maintained operating systems.
• Customer installed and controlled networking equipment or other hardware.
• Customer defined and controlled security settings, group policies and other configuration policies.
• Public cloud provider failures, Internet Service Provider failures or other external to Citrix’s control.
• Service disruption due to reasons beyond Citrix’s control, including natural disaster, war or acts of terrorism,
government action.
• The screenshot presents each Citrix Cloud Service and the status of those services for each day it has been
in operation.

Additional Resources:
• About the Citrix Virtual Apps and Desktops Service: https://docs.citrix.com/en-us/citrix-cloud/xenapp-and-
xendesktop-service.html#service-level-goal
• Citrix Cloud Status: http://status.cloud.com/

‹#› © 2020 Citrix | Confidential

Key Notes:
• All services are available in all regions. Certain services, like Citrix Virtual Apps and Desktops, have dedicated regional
instances. However, some services are only US based.
• Where a service uses a region that is different from the one you selected for your organization, certain information (such
as authentication data) may be transferred between regions as needed.
• Where a service is globally replicated, all data in that service is stored in all regions.

48 © 2020 Citrix | Confidential

 • Your region is where certain metadata is stored about your environment. For example:
• Citrix Cloud administrator details, including the name, username, and password.
• Data resulting from traffic directed through your region by any Citrix Cloud Connectors you install. For
example, any authentication data using your domain controllers (whether managed on your premises or
through your subscription with a public cloud vendor) stays in your region.
• Data used to map users to library offerings. For example, if you add Microsoft Office to your library as an
offering for your users, and then add five users to that offering as subscribers, the data linking each user to
that offering (such as user name and domain name) is stored in your region.
• Data about users for any services available in your region. For example, if you use the Citrix Endpoint
Management in your region, data such as name, address, and telephone number is stored there.
• If your organization is not located in any of the supported regions, you can simply pick the region that is either
closest to the majority of your users or that provides the best controls for protecting the integrity of your data.
• It is not possible to change the region after a customer account has been created, instead a customer must
stand up a new account and subscription in another region and manually migrate settings, Catalogs, Delivery
Groups, etc.
• A single account cannot have a presence in both locations at a time. If an organization wants a presence in
both the USA and the EU, they must create two Cloud accounts and subscribe to the Citrix Virtual Apps and
Desktops Service from both accounts.

Additional Resources:
• Geographical Considerations - https://docs.citrix.com/en-us/citrix-cloud/overview/signing-up-for-citrix-
cloud/geographical-considerations.html

‹#› © 2020 Citrix | Confidential

Key Notes:
• Citrix Cloud does not host the machines running the VDAs nor the customer data.
• The only data stored in Citrix Cloud is the metadata in Cloud Studio and Cloud Director, such as user or group names,
application names, client IP addresses, etc.
• Security:
• Every customer’s metadata is secured in separate containers.

49 © 2020 Citrix | Confidential

 • Application data remains on-premise
• Security Compliance:
• Security Development Lifecycle
• Regular security training for the entire team
• Threat modeling before any code is written
• Both static and human code analysis for vulnerabilities
• Quarterly independent penetration tests
• Ongoing security reviews and auditing
• 24/7 Monitoring & Alerting for Security and Availability
• Handling of Data
• Data at Rest:
• Citrix Cloud only stores metadata, such as:
• Usernames
• Application Names
• Icons
• Sensitive data remains in the resource location, under the customer’s control:
• Machine Images
• User and Application Data
• Data in Transit:
• All data is encrypted with TLS while in transit
• HDX data (pixels, keystrokes, etc.) transit the Citrix Gateway
• User credentials transit Citrix Workspace, but are not persisted
• Alternatively, StoreFront may be deployed by the customer to encrypt credentials before they leave the
customer’s premises.
• Encryption Flow
• User Password:
• Flows from client device to Citrix Gateway for authentication
• StoreFront forwards to Connector
• Citrix Cloud Connector:

‹#› © 2020 Citrix | Confidential

 • Generates the launch ticket and encrypts password using the ticket as the key.
• Encrypted password is forwarded to the proper Virtual Delivery Agent (VDA) by Citrix Cloud.
• Ticket is returned in the ICA file without ever reaching the cloud.
• Citrix Workspace App:
• Connects to VDA, which provides a launch ticket that allows VDA to decrypt credentials.
• Red: Symbolizes the password being transmitted from Workspace App to Citrix Gateway to StoreFront to
Cloud Connector.
• Green: Symbolizes the Cloud Connector encrypting the password with AES encryption before sending the
credentials to Citrix. Cloud. At launch time Citrix Cloud sends back the AES encrypted credentials to the
Cloud Connector which then forwards the credentials to the VDA.
• Grey: Symbolized the exchange of the STA ticket retrieved from the Cloud Connector, the STA ticket will
never reach Citrix Cloud.

‹#› © 2020 Citrix | Confidential

Key Notes:
• Citrix can move Cloud Customers between the two environments freely and without the customer noticing any
difference.
• A move will not be completed until a customer signs out of any administrative consoles, and, this way the move will
not interfere with the administrators work.
• Customers can chose whether to be first movers (opt in) or last movers (opt out), but every customer will be moved

50 © 2020 Citrix | Confidential

 and receive the updates eventually.
• If errors are found during the migration, customers will be migrated back to the stabile platform until the error
is resolved.
• Updates are deployed to Citrix Cloud every two weeks using the canary process.
• You may be notified about a pending update and asked to finish your tasks before an update is deployed to
your Citrix Cloud account.
• You can verify which release platform you are connected to using the browser development tools. Look for
release-a and release-b in the code.
• Browser tools can typically be invoked by pressing F12 in your browser.
• Canary Update
• In software testing, a canary is a push of programming code changes to a small group of end users who
are unaware that they are receiving new code.
• For incremental code changes, a canary approach to delivering functionality allows the development team
to quickly evaluate whether or not the code release provides the desired outcome.
• The word canary was selected to describe the code push to a subset of users because canaries were
once used in coal mining to alert miners when toxic gases reached dangerous levels.
• Schedule:
• Control plane and Cloud Connectors are automatically updated.
• 4-5 Day process to migrate customers to new code.
• If issues are observed, the Control Plane issues a hard stop until the issue is resolved.
• Test State: Internal customers to verify deployment.
• Opt-In: Customers who have explicitly notified Citrix that they want the latest stable
code as quickly as possible.
• Opt-Out: Customers who want to wait until 100% state is achieved.

Delivery Preparation:
• Ensure that you are familiar with the Canary process and how it is used in software development.
• What is the canary process? - http://whatis.techtarget.com/definition/canary-canary-testing

‹#› © 2020 Citrix | Confidential

Key Notes:
• Platform roll back within 5 minutes.
• The Citrix Cloud platform services and cloud connector can now recover from release-to-release customer-impacting
issues in less than 5 minutes. This is achieved by rolling back to the previous version of platform service and
connector code. Previously, we had a ‘roll forward only’ approach where fixes were made in place and pushed to
production, which sometimes resulted in a recovery time of an hour or more.

51 © 2020 Citrix | Confidential

 • Note: Connector downgrades may take longer than 5 minutes as they are done serially across the
customers’ environments.

‹#› © 2020 Citrix | Confidential

52 © 2020 Citrix | Confidential
53 © 2020 Citrix | Confidential
CCI Talking Points:
• Use this slide as an overview for the next two slides. (This full lesson is only 3 slides).
• All three connection flow processes are presented on each slide.
• One Scenario is in general, on-prem or public cloud, the other is for Citrix Cloud.
• We’ve not covered enough content to the students to full understand all of these concepts presented.
• Use this lesson to lay out the “battle field” to show the direction of our strategy to deploy the product.

54 © 2020 Citrix | Confidential

 Key Notes:
• Previously, the Citrix Virtual Apps and Desktops Architecture was presented with a layer by layer approach.
• The next few slides will target specific components from all of those layers and group them together.
• This grouping is used to present the basic concepts in one of Three Connection Flow Processes:
• Authentication
• Enumeration
• Session Launch

Additional Resources:
• Citrix XenDesktop Connection Process and Communication Flow: http://support.citrix.com/article/CTX128909
• Technical overview - How typical deployments work:
• 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-overview.html
• Current Release: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-overview.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Keep in mind the diagram addresses Internal Users. External users would start Authentication through a firewall, then
to a Citrix Gateway, then proxy authentication to the Domain Controller running Active Directory.
• Use this slide as an overview to begin to show some of the concepts and approaches throughout this course.
• The Step By Step explanation is listed under the Key Notes.

55 © 2020 Citrix | Confidential

 Key Notes:
• Authentication is the process in which user identity is verified.
• There are two methods for authentication with StoreFront:
• Direct: StoreFront validates credentials against Active Directory. Direct authentication is the default
behavior of StoreFront.
• XML service-based authentication: StoreFront passes credentials to Delivery Controller, which validates
credentials against Active Directory.
• Both methods are acceptable, and may simply be a choice of preference.
• However some companies don’t have the choice. For example, if the StoreFront server is not in the same
domain as Citrix Virtual Apps and Desktops, or if it is not possible to put an Active Directory trust in place,
then the only method you can configure is to require the Delivery Controller to authenticate to Active
Directory on behalf of StoreFront.
• In order to support this, you have to delegate authentication to the XML server.
• Enumeration:
• The Broker Service determines which desktops and applications the user is allowed to access.
• Once the credentials are verified, the information about available apps or desktops is sent back to the user
through the StoreFront-Receiver pathway.
• Session launch:
• When the user selects applications or desktops from this list, that information goes back down the pathway
to the Controller, which determines the proper VDA to host the specific applications or desktop.
• The Controller sends a message to the VDA with the user's credentials and sends all the data about the
user and the connection to the VDA. The VDA accepts the connection and prepare itself for the session
(start listening on Port 1494,2598 on desktop OS VDA's) and sends the information back through the same
pathways all the way to Delivery Controller. Delivery Controller send the information about the VDA too the
Storefront and Storefront bundles up all the information that has been generated in the session to create
Independent Computing Architecture (ICA). file and sends to the user's device. Citrix Workspace app opens
ICA file and establishes connection with the VDA. As long as the Site was properly set up, the credentials
remain encrypted throughout this process.
• The ICA file is copied to the user's device and establishes a direct connection between the device and the

‹#› © 2020 Citrix | Confidential

 ICA stack running on the VDA. This connection bypasses the management infrastructure such as
StoreFront and the Delivery Controller.
• The connection between Citrix Workspace app and the VDA uses the Citrix Gateway Protocol (CGP). If a
connection is lost, the Session Reliability feature enables the user to reconnect to the VDA rather than
having to re-launch through the management infrastructure. Session Reliability can be enabled or disabled
in Studio.
• Once the client connects to the VDA, the VDA notifies the Controller that the user is logged on, and the
Controller sends this information to the Site database and starts logging data in the Monitoring database.
• In this diagram, the differences between IMA and FMA are apparent. For example, under IMA architecture,
each worker was responsible for obtaining the license file. In FMA architecture, this is now centralized and
the Delivery Controller checks out the licenses.
• This provides greater flexibility in segmenting the network and also means that the redirection of the license
cache on non-persistent machines is no longer needed.
• Connection Flow Process: (Keep in mind the diagram addresses Internal Users. External users would start
Authentication through a firewall, then to a Citrix Gateway, then proxy authentication to the Domain Controller
running Active Directory.)
• Authentication: (Red)
1. Credentials are submitted to StoreFront.
2. StoreFront passes the credentials to the Delivery Controller.
3. The Delivery Controller validates the credentials received from StoreFront with Active Directory.
• Enumeration: (Blue)
1. The Delivery Controller queries the site database for assigned apps and desktops.
2. Available apps and desktops are forwarded to StoreFront.
3. Apps and desktops are presented to the user
• Session Launch: (Pink)
1. User clicks a listed app or desktop. This request is sent to the StoreFront Server.
2. This request is forwarded to the Delivery Controller.
3. The Delivery Controller queries the Site database to determine which VDAs are currently available to
host the selected resource, then selects a VDA.

‹#› © 2020 Citrix | Confidential

 4. The Delivery Controller validates the current status of the selected VDA.
5. Delivery Controller notifies the VDA about the upcoming connection.
6. The Delivery Controller forwards information about the assigned VDA to StoreFront.
7. A launch file (.ICA) is sent to the end user’s endpoint.
8. Citrix Workspace app establishes connection with VDA.
9. VDA notifies Delivery Controller about established HDX Session.
10. Delivery Controller queries Citrix License Server and checks out a valid license for the session.
11. Delivery Controller notifies VDA that licensing is qualified.
12. Citrix Workspace app presents virtual app or desktop to the user.

Additional Resources:
• Citrix XenDesktop Connection Process and Communication Flow: http://support.citrix.com/article/CTX128909
• Technical overview - How typical deployments work:
• 7.15 LTSR: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/technical-overview.html
• Current Release: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-overview.html

‹#› © 2020 Citrix | Confidential

CCI Talking Points:
• Encourage students to take the CXD-250 course.
• Identify to the students that the role of StoreFront has a different name on Premise or Cloud Hosted versus Citrix Cloud
as a hosted service.
• Use this slide as an overview to begin to show some of the concepts and approaches throughout this course.
• The Step By Step explanation is listed under the Key Notes.

56 © 2020 Citrix | Confidential

 Key Notes:
• It is worth noticing that the Cloud Hosted StoreFront passes the credentials to Citrix Cloud Delivery
Controllers which then proxy the authentication to Citrix Cloud Connectors. Finally, the Cloud Connectors
talk to Domain Controllers to authenticate the users.
• Credentials are being parsed in the Cloud, this might be a security concern for some organizations.
• If Citrix Gateway is not being used then the launch.ica file will have an internal IP which cannot be resolved
by the remote clients. Hence a Cloud Hosted StoreFront without Citrix Gateway provides access to internal
users only.
• Citrix Cloud StoreFront does not support direct authentication.
• Currently, there is no option to customize the default settings for Cloud Hosted StoreFront.
• If a user logs in to a Cloud Hosted StoreFront and is published a single Desktop; then the desktop will auto-
launch. This is a default behavior and cannot be customized for a Cloud Hosted StoreFront.
• Connection Flow Process: (Remember, when outside of Citrix cloud, the StoreFront role is still called
StoreFront, but inside of Citrix Cloud it has a different name, Citrix Workspace. It make it easier, the following
steps, consistently use StoreFront, regardless of location.)
• Authentication: (Red)
1. Citrix Workspace app contacts StoreFront in Cloud.
2. StoreFront authenticates with Cloud Delivery Controller.
3. Cloud Delivery Controller proxies authentication to Cloud Connector.
4. Cloud Connector queries Domain Controller.
• Enumeration: (Blue)
1. Cloud Delivery Controller queries the database.
2. Cloud Delivery Controller returns XML to Cloud StoreFront.
3. StoreFront displays available resources.
• Session Launch: (Pink)
1. User selects a resource, which sends the request to the Cloud StoreFront, to the Cloud Delivery
Controller.
2. The Delivery Controller queries the Site database to determine which VDAs are currently available to

‹#› © 2020 Citrix | Confidential

 host the selected resource, then selects a VDA.
3. Cloud Delivery Controller checks resource availability through Cloud Connector
4. The Delivery Controller forwards information about the assigned VDA to StoreFront.
5. A launch file (.ICA) is sent to the end user’s endpoint.
6. Citrix Workspace app establishes connection with VDA.
7. Delivery Controller queries Citrix License Server and checks out a valid license for the session.
8. Citrix Workspace app presents virtual app or desktop to the user

‹#› © 2020 Citrix | Confidential

57 © 2020 Citrix | Confidential
58 © 2020 Citrix | Confidential
59 © 2020 Citrix | Confidential