XenApp & XenDesktop Pre-Sales Technical Workshop

XenApp & XenDesktop Pre-Sales Technical Workshop
Worldwide Product Readiness
June 2016
Prepared by: Elisabeth Teixeira

Table of Contents
Training Overview ..................................................................................................................................... 5
Lab Environment Details ........................................................................................................................... 6
Exercise 1: Initial XenDesktop Site Setup .................................................................................................. 9
Exercise 2: Joining a Second Controller to the Site ................................................................................. 20
Exercise 3: Configuring StoreFront .......................................................................................................... 23
Exercise 4: Installing StoreFront Certificates........................................................................................... 37
Exercise 5: Configuring NetScaler for StoreFront Load Balancing .......................................................... 54
Exercise 6: Creating a Desktop OS Machine Catalog............................................................................... 72
Exercise 7: Creating a Delivery Group for Desktops ................................................................................ 78
Exercise 8: Creating a Server OS Machine Catalog.................................................................................. 84
Exercise 9: PVS Farm Configuration ........................................................................................................ 89
Exercise 10: Importing vDisks to the PVS Console ................................................................................ 108
Exercise 11: Creating Desktops Catalog within PVS .............................................................................. 111
Exercise 12: Creating a Delivery Group for the PVS Catalog ................................................................. 120
Exercise 13: Creating Catalogs of Servers with the XenDesktop Setup Wizard .................................... 126
Exercise 14: Creating Server-based Delivery Groups and Publishing Applications ............................... 133
Exercise 15: Setting Up Remote Access ................................................................................................ 145
Exercise 16: Testing Internal Access ...................................................................................................... 163
Exercise 17: Publishing Secure Browser ................................................................................................ 169
Exercise 18: AppDisks with MCS............................................................................................................ 194
Exercise 19: Delivering Skype for Business............................................................................................ 221
Exercise 20: Using the Self-Service Plug-in............................................................................................ 241
Exercise 21: Monitoring with Director .................................................................................................. 246
Lab Guide Appendix .................................................................................................................... 254

Appendix A: Installing the XenDesktop Controller ................................................................................ 255
Appendix B: Installing StoreFront.......................................................................................................... 263
Appendix C: Installing the VDA on the Base Desktop VM ..................................................................... 270
Appendix D: Installing Federated Authentication Service .................................................................... 278
Appendix E: Provisioning Services Optimizations ................................................................................. 296
Appendix F: Leveraging an Office 365 Trial for Testing ......................................................................... 303

Training Overview
4
Training Overview
Objective
This training will provide hands-on experience with the configuration and operation of XenApp and
XenDesktop 7.9 and related components.
Required Prerequisites
Working knowledge of Windows server and desktop operating systems, SQL Server and basic
networking in order to complete this lab successfully.
Optional Prerequisites
Working knowledge of Citrix XenApp / XenDesktop and NetScaler.
Audience
Priority Target
1 Citrix Internal Sales Engineers

2 Citrix Internal Technical Support
3 Partners
4 Customers
Lab Guide Conventions

Indicator Purpose
This symbol indicates particular attention must be paid to this step
Special note to offer advice or background information
reboot Text the student enters or an item they select is printed like this
Start Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen (R:255 G:20 B:147)
Shows where to click or select an item on a screenshot (R:255 G:102 B:0)

Lab Environment Details
Virtual Machines
VM Name IP Address Description
AD.training.lab 192.168.10.11 Domain Controller, DNS, DHCP, Certificate Services.

AppDNA1 192.168.10.22 AppDNA 7.9.
DC1 192.168.10.14 XenDesktop 7.9 Delivery Controller I with Director.
DC2 192.168.10.15 XenDesktop 7.9 Delivery Controller II with Director.
NS1 192.168.10.99 NetScaler 11.0 VPX.
PVS1 192.168.10.17 Provisioning Services 7.9.
PVS2 192.168.10.18 Provisioning Services 7.9.
SF1 192.168.10.19 StoreFront 3.6 Server. Public IP.
SF2 192.168.10.20 StoreFront 3.6 Server.
Skype DHCP Skype for Business 2015 (client).
SQLServer 192.168.10.12 SQL Server 2012 R2.
Win10Base DHCP Windows 10 Base Operating System Image.
Win2012Base DHCP Windows Server 2012 R2. Base Operating System Image.
6
Credentials
User Name Password Description
Training\Administrator Citrix123 Domain Administrator

Training\User1 Citrix123 Standard User
nsroot nsroot Netscaler Login
administrator apps3cur3 AppDNA
7
Overview
XenApp and XenDesktop are virtualization solutions that give IT control of virtual machines, applications,
licensing, and security while providing anywhere access for any device.
A typical XenApp or XenDesktop environment consists of a few key technology components, which
interact when users connect to applications and desktops, and log data about Site activity.
Citrix Receiver: A software client that is installed on the user device, supplies the connection to the
virtual machine via TCP port 80 or 443, and communicates with StoreFront using the StoreFront Service
API.
Citrix StoreFront: The interface that authenticates users, manages applications and desktops, and hosts
the application store. StoreFront communicates with the Delivery Controller using XML.
Delivery Controller: The central management component of a XenApp or XenDesktop Site that consists
of services that manage resources, applications, and desktops; and optimize and balance the loads of
user connections.
Virtual Delivery Agent (VDA): An agent that is installed on machines running Windows server or
Windows desktop operating systems that allows these machines and the resources they host to be made
available to users. The VDA-installed machines running Windows server OS allow the machine to host
multiple connections for multiple users.
Broker Service: A Delivery Controller service that tracks which users are logged in and where, what
session resources the users have, and if users need to reconnect to existing applications.
Broker agent: An agent that hosts multiple plugins and collects real-time data. The Broker agent is
located on the VDA and is connected to the Controller by TCP port 80.
Monitor Service: A Delivery Controller component that collects historical data and puts it in the Site
database by default.
ICA File/Stack: Bundled user information that is required to connect to the VDA.
Site Database: A Microsoft SQL Server database that stores data for the Delivery Controller, such as
Site policies, Machine Catalogs, and Delivery Groups.
NetScaler Gateway: A data-access solution that provides secure access inside or outside the LAN's
firewall with additional credentials.
Citrix Director: A web-based tool that allows administrators and help desk personnel to access real-time
data from the broker agent, historical data from the Site database, and HDX data from NetScaler for
troubleshooting and support.
Citrix Studio: A management console that allows administers to configure and manage Sites, and gives
access to real-time data from the broker agent.
Citrix License Server Manages product licenses.
citrix.com 8
Exercise 1: Initial XenDesktop Site Setup
Overview
A Site is the name you give to a XenApp or XenDesktop deployment. It comprises the Delivery
Controllers and other core components, Virtual Delivery Agents (VDAs), connections to hosts (if
used), plus the Machine Catalogs and Delivery Groups you create and manage. You create the
Site after you install the core components and before creating the first Machine Catalog and
Delivery Group.
In this exercise you will:

Perform the steps necessary to setup a new XenDesktop site.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise

DC1
Delivery Controller
Step by Step Guidance

Step Action
1. On the Student Desktop, click the XenCenter Icon.
2. Right-click on AppDNA1 virtual machine and select Start.
citrix.com 9
Step Action
3. In XenCenter click the DC1 virtual machine.
4. Click the Console tab on the right.
5. Login using the TRAINING\administrator with Citrix123 credentials.
6. From the Start menu click Citrix Studio.
XenDesktop 7.9 has been previously installed to save time. For detailed
steps on how to install XenDesktop refer to Appendix A.
citrix.com 10
Step Action
7. In Citrix Studio, click Deliver applications and desktops to your users.
8. Leave the first option selected for a fully configured, production-ready Site and type in
XDSite1 for the Site name. Then click Next.
citrix.com 11
Step Action
9. Select the first option to Create and set up database from Studio. Enter the following
parameters for Database name and Location and then click Next.
Data type Database name Location
Site: XDSite1 sqlserver
Monitoring: XDSite1Monitoring sqlserver
Logging: XDSite1Logging sqlserver
citrix.com 12
Step Action
10. Enter licenses.citrixvirtualclassroom.com for the License server address and click
Connect.
This is a central license server for the cloud-based training environment.

It has been previously setup with the correct Citrix License Server version
and the product licenses required.
11. Select Connect me and click Confirm.
admin
The license server uses a self-signed certificate which is untrusted by this

virtual machine. This will be adequate for the purposes of this lab; however,
production environments should have fully trusted certificates.
citrix.com 13
Step Action
12. Select Citrix XenDesktop Platinum and click Next.
citrix.com 14
Step Action
13. View your XenServer IP Address Configuration to retrieve the IP Address.
View your Lab Portal Web Page to retrieve the Username and Password.
Address: http://10.x.x.x
Username: admin
Password: ********
Connection name: Host1
Enter the retrieved information into the Site Setup window and then click Next.
citrix.com 15
Step Action
14. Select Use storage local to the hypervisor and click Next.
15. Click Next.
citrix.com 16
Step Action
16. Type Host1Settings for the Network, select Internal and click Next.
17. Select AppDNA and click Next.
citrix.com 17
Step Action
18. Type the following for the AppDNA connection:
Connection address: http://AppDNA1.training.lab:8199/AppDNA
Database: sqlserver:AppDNADB
User name: administrator
Password: apps3cur3
Click Next.
19. Click Finish to complete the Site Setup.
citrix.com 18
Step Action
20. It will take a few minutes for Studio to complete the setup.
21. The initial configuration is complete.
Exercise Summary
XenDesktop includes an easy-to-use wizard for the initial site setup.
It is possible to specify the host, network and storage details during the initial site setup or specify only
the minimum required details of the database and licensing and configure other details later (empty site
deployment option).
citrix.com 19
Exercise 2: Joining a Second Controller to the Site
Overview
Delivery Controller: The Delivery Controller is the central management component of any
XenApp or XenDesktop Site. Every XenDesktop Site must have persistent and reliable
connections to Delivery Controllers. If your deployment includes virtual machines hosted on a
hypervisor or cloud service, the Controller services communicate with the hypervisor to
distribute applications and desktops, authenticate and manage user access, broker connections
between users and their virtual desktops and applications, optimize use connections, and load-
balance these connections.

Join a second XenDesktop controller to our existing site.
It is a best practice to have two or more controllers for high-availability purposes.

DC2
Delivery Controller

Step Action
1. Right-click the DC2 virtual machine and click Start.
2. Click the Console tab on the right. Login using the TRAINING\administrator with
Citrix123 credentials.
citrix.com 20
Step Action
3. Click on Start from the DC2 Console Desktop and double-click the Citrix Studio icon.
4. From Citrix Studio on DC2, click Connect this Delivery Controller to an existing Site.
5. Type in dc1.training.lab and click OK.
6. Click Yes on the dialog to update the database automatically.
citrix.com 21
Step Action
7. Wait a moment for the process to complete. Go to the Configuration > Controllers
node and confirm that both controllers are shown.
Exercise Summary
When building the first Delivery Controller the scripts might have already included the second Delivery
Controller. Thus no special SQL permissions are needed. If the second Delivery Controller has not
already been added to the SQL databases, then there are several methods of adding a second Controller
to the databases for XenApp/XenDesktop:
If you have sysadmin permissions to SQL, let Citrix Studio modify the databases automatically.
If you dont have sysadmin permissions to SQL then do use Citrix Studio to generate SQL scripts
and send them to a DBA.
citrix.com 22
Exercise 3: Configuring StoreFront
Overview
StoreFront manages the delivery of desktops and applications from XenApp, XenDesktop and
XenMobile servers in the datacenter to users' devices. StoreFront enumerates and aggregates
available desktops and applications into stores. Users access StoreFront stores through Citrix
Receiver directly or by browsing to a Citrix Receiver for Web or Desktop Appliance site. Users
can also access StoreFront using thin clients and other end-user-compatible devices through
XenApp Services site.
StoreFront keeps a record of each user's applications and automatically updates their devices,
ensuring users have a consistent experience as they roam between their smartphones, tablets,
laptops, and desktop computers. StoreFront is an integral component of XenApp 7.x and
XenDesktop 7.x but can be used with several versions of XenApp and XenDesktop.

Configure the StoreFront virtual machines which serve as the connection point to resources.
AD.training.lab SF1 SF2
Active Directory StoreFront StoreFront

Step Action
1. Login to AD using the TRAINING\administrator with Citrix123 credentials.
2. Launch Server Manager from the AD Console Desktop.
citrix.com 23
Step Action
3. In Server Manager, click Tools and then click DNS.
4. Expand AD > Forward Lookup Zones > training.lab. Right-click training.lab and
select New Host (A or AAAA)
citrix.com 24
Step Action
5. Enter connect for the name and 192.168.10.100 for the IP address. Click Add Host.
This will serve as the virtual host and IP address

that users will connect to through the NetScaler.
6. Click OK on the confirmation.
7. Click Done and close DNS Manager.
citrix.com 25
Step Action
8. Right-click the SF1 and SF2 virtual machines and select Start.
9. Switch to the SF1 virtual machine. Login using the TRAINING\administrator with
10. Click on Start from the SF1 console desktop. Double-click the Citrix StoreFront icon.
11. Select Create a new deployment.
citrix.com 26
Step Action
12. Enter https://connect.training.lab (ensure you specify HTTPS) and click Next. This
process may take a moment.
It will take a few minutes for the new deployment to be created.
13. Click Next to create a new Store.
citrix.com 27
Step Action
14. Enter CorporateStore as the Store Name.
Check Set this Receiver for Web site as IIS default checkbox.
Click Next.
15. Click Add to add Delivery Controllers.
citrix.com 28
Step Action
16. Click Add and enter dc1.training.lab for the Server name and click OK.
17. Repeat step 7 to add dc2.training.lab.
citrix.com 29
Step Action
18. Change Transport type to HTTP and OK.
19. Click Next to continue.
citrix.com 30
Step Action
We will configure remote access in a later exercise.
citrix.com 31
Step Action
22. Click Create.
23. Click Finish.
citrix.com 32
Step Action
24. In the StoreFront management console, select Server Group and click Add Server
from the Actions pane.
25. Click on the Authorization code and select Copy.
Please wait message means it is waiting on you to

nd
add the 2 server. You dont actually have to wait.
26. Switch to the SF2 virtual machine. Login using the TRAINING\administrator with
27. Click on Start from the SF2 console desktop. Double-click the Citrix StoreFront icon.
citrix.com 33
Step Action
28. Login to the SF2 StoreFront server and launch the management console from the Start
Menu. In the middle, click Join existing server group.
29. In the Join Server Group page, enter SF1 for the Authorizing server and enter the
Authorization code copied earlier. Click Join.
The process will take several minutes as it prepares and download the
StoreFront configuration to this server. On SF1 you will see a corresponding
status indicator that the configuration propagation is taking place.
30. It will take a few seconds for the process to complete.
citrix.com 34
Step Action
31. Click OK.
32. Close the StoreFront console.
33. Go back to SF1. Click Details and click OK.
34. A message will be displayed about propagated changes and synchronized settings.
Exercise Summary
StoreFront 3.6 has a Store-centric architecture where many settings which used to apply server-
wide have now become Store-specific and can be configured independently per Store.
Stores can use independent or shared Authentication Methods.
citrix.com 35
Password validation can be delegated to Delivery Controllers if it is not desired that the
StoreFront servers communicate directly with Active Directory.
A Store can have multiple Receiver for Web sites which can be configured independently.
Many of the advanced configuration options are now available in the Studio console and it is no
longer necessary to edit the web.config files to configure them.
citrix.com 36
Exercise 4: Installing StoreFront Certificates
Overview
Server certificates are used for machine identification and Transport Layer Security (TLS)
transport security in StoreFront. If you decide to enable ICA file signing, StoreFront can also use
certificates to digitally sign ICA files.

Install and configure certificates
Virtual Machines Required For This Exercise
AD.training.lab SF1 SF2
Active Directory StoreFront StoreFront

Step Action
1. Login to SF2 VM using the domain administrator credentials. Click on Citrix StoreFront
from the Start menu.
citrix.com 37
Step Action
2. Click on Stores and Set Default Website from the Actions menu. Verify the Default
Website was already configured during the installation. Click OK.
3. Launch IIS Manager from the Start menu.
4. Expand the nodes and click the Default Web Site. Double-click HTTP Redirect.
citrix.com 38
Step Action
5. Click Redirect requests to this destination and enter
https://connect.training.lab/Citrix/CorporateStoreWeb
Select both options:
Redirect all requests to the exact destination
Only redirect requests to content in this directory
Then click Apply.
6. Expand SF2 and double-click Server Certificates. Click Create Domain Certificate.
citrix.com 39
Step Action
7. Click Create Domain Certificate.
8. Enter the following details:

Common name: *.training.lab
Organization: Citrix
Organization unit: Readiness
City/locality: Fort Lauderdale
State/province: Florida
Country/region: US
Click Next.
Make sure you enter *. training. lab correctly for the common name. If this
is misspelled and you proceed through the exercises, you will need to repeat
several steps with a newly requested certificate.
citrix.com 40
Step Action
9. Click the Select button and select the certificate authority of training-AD-CA and click
OK.
10. Enter WildcardCert for the Friendly name. Click Finish.
11. Ensure the WildcardCert is selected and click Export.
citrix.com 41
Step Action
12. Export the certificate to C:\WildcardCert.pfx with password Citrix123.
13. Expand the Sites node in IIS, right-click the Default Web Site node and select Edit
Bindings.
14. Click Add.
citrix.com 42
Step Action
15. Change the type to https, leave the host name blank, and select the WildcardCert
under SSL certificate. Click OK.
16. Click Close.
17. Switch to SF1. Launch IIS Manager from the Start menu.
citrix.com 43
Step Action
18. Expand the nodes and click the Default Web Site. Double-click HTTP Redirect.
19. Click Redirect requests to this destination and enter

Select both options:
Redirect all requests to the exact destination
Only redirect requests to content in this directory
Then click Apply.
citrix.com 44
Step Action
20. Click the SF1 server node and double-click Server Certificates.
21. Click Import.
citrix.com 45
Step Action
22. Click the three periods icon to start the Open dialog box. In the Open dialog box, in
the filename line type \\sf2\c$, select the WildcardCert certificate and click Open.
23. Enter password Citrix123 and leave the default as Personal for the store. Click OK.
24. Expand the Sites node. Right-click the Default Web Site and select Edit Bindings.
citrix.com 46
Step Action
25. Click Add and change the type to https, leave the host name blank, and select the
WildcardCert under SSL certificate. Click OK.
26. Click Close.
citrix.com 47
Step Action
27. Switch to the DC1 virtual machine. Login as TRAINING\administrator with password
Citrix123. Launch IIS Manager from Start.
We will import the certificate to our delivery controllers as well as our

StoreFront servers in order to provide secure communications between
StoreFront and the XML Service on the controllers.
28. Click the DC1 node and double-click Server Certificates.
citrix.com 48
Step Action
29. Click Import.
30. Click the button to browse () and type \\sf2\c$ on the path and click enter. Select
WildcardCert and click Open.
31. Enter password Citrix123 and leave the default as Personal for the store. Click OK.
citrix.com 49
Step Action
32. Expand Sites. Right-click the Default Web Site and select Edit Bindings.
33. Click Add. Change the type to https, leave the host name blank, and select the
WildcardCert under SSL certificate. Click OK.
34. Click Close.
citrix.com 50
Step Action
35. Switch to DC2 virtual machine and launch IIS Manager from the Start screen.
We will now perform the certificate and web site binding steps on this machine
to complete the process for all four machines, namely SF1, SF2, DC1 and DC2.
36. Click the DC2 node. Double-click Server Certificates on the middle pane.
37. Click Import.
citrix.com 51
Step Action
38. Click the button and browse to the WildcardCert certificate at \\sf2\c$, enter password
Citrix123 and leave the default as Personal for the store. Click OK.
39. Expand Sites. Right-click the Default Web Site and select Edit Bindings.
40. Click Add. Change the type to https, leave the host name blank, and select the
WildcardCert under SSL certificate. Change the type to https, leave the host name
blank, and select the WildcardCert under SSL certificate. Click OK. Click Close.
citrix.com 52
Exercise Summary
StoreFront configuration data is stored locally on the StoreFront Servers and synchronized
periodically between each one (with the option to synchronize manually as well).
An IIS HTTP redirect is used to ensure that when users hit the default web site through the
NetScaler, they are redirected to the correct location (we will configure NetScaler in the next
exercise).
The certificates have to be present on all delivery controllers and StoreFront servers to ensure
secure communication can take place.
citrix.com 53
Exercise 5: Configuring NetScaler for StoreFront Load
Balancing
Overview
Configure a NetScaler appliance to load balance incoming requests from Citrix Receiver/Citrix
Receiver for Web between all of the StoreFront nodes in the server group and to configure the
new Storefront Monitor for use with a NetScaler or third party load balancer.
Configure the NetScaler virtual appliance to load balance connections amongst both StoreFront
servers.

NS1
NetScaler Gateway

Step Action
2. Make sure NS1 virtual machine is Started.
citrix.com 54
Step Action
3. nFrom the student desktop, launch Internet Explorer. Browse to http://192.168.10.99
s
r
and logon with the credentials nsroot / nsroot.
o
4. From Traffic Management, right-click on SSL and select Enable Feature.
citrix.com 55
Step Action
5. Expand Traffic Management > SSL. Then click Import PKCS#12.
6. Type trainingcert.pem in the Output File Name field and then click the down arrow
next to browse for PKCS12 File. Select Local.
citrix.com 56
Step Action
7. Browse to \\SF2\c$ and select WildcardCert and click Open. When prompted for the
Network Password enter training\administrator with password Citrix123.
8. Enter Citrix123 in the Import Password field and click OK.
citrix.com 57
Step Action
9. Expand Traffic Management > SSL > Certificates and then click Install.
10. Enter TRAINING-Wildcard as the Certificate-Key Pair Name.

Click Browse next to Certificate File Name.
citrix.com 58
Step Action
11. Select trainingcert.pem.
12. Click Browse next to Key File Name and select trainingcert.pem.
Enter Citrix123 in the password field and click Install.
13. Verify TRAINING-Wildcard now appears in the certificate list.
citrix.com 59
Step Action
14. From the navigation tree on the left, expand Traffic Management and then expand
Load Balancing. Click on Virtual Servers. Click on Add.
15. Enter the following information:

Name: StoreFront-vServer
Protocol: SSL
IP Address Type: IP Address
IP Address: 192.168.10.100
Port: 443
Click OK.
The IP Address 192.168.10.100 is identified as the

Virtual IP (VIP) of this virtual server.
citrix.com 60
Step Action
16. Click Yes to enable the LB feature.
17. Click No Load Balancing Virtual Server Service Binding >
18. Click the Plus sign.
citrix.com 61
Step Action
Service Name: SF1-Server
IP Address: 192.168.10.19
Protocol: SSL
Port: 443
Click OK.
20. Scroll down until the end of the page and click Done.
citrix.com 62
Step Action
21. Click Bind.
22. Now we are going to add the second StoreFront Server. Click 1 Load Balancing
Virtual Server Service Binding.
23. Click Add Binding.
24. Click the Plus sign.
citrix.com 63
Step Action
Service Name: SF2-Server
IP Address: 192.168.10.20
Protocol: SSL
Port: 443
Click OK to add the StoreFront server to the StoreFront-vServer Virtual server.
26. Scroll down until the end of the page and click Done.
27. Click Bind.
citrix.com 64
Step Action
28. Click Close.
29. Click Continue.
citrix.com 65
Step Action
30. The Certificates section should now appear on the screen. Click on No Server
Certificate.
31. Click to select the Certificate.
32. Check the box next to TRAINING-Wildcard and click Select.
citrix.com 66
Step Action
33. Click Bind.
34. Click Continue.
citrix.com 67
Step Action
35. Click the + Method under Advanced Settings.
36. The Method section should be added to the screen.

Verify LEASTCONNECTION is selected from the Load Balancing Method drop down
box and click OK.
citrix.com 68
Step Action
37. Scroll down and click the + next to Persistence.
38. Click in the drop down menu and select COOKIEINSERT.
citrix.com 69
Step Action
39. The Persistence section is expanded. Enter the following information:
Time-out (mins): 0
Backup Persistence:
Backup Persistence: SOURCEIP
Backup Time-out: 30
IPv4 Netmask: 255.255.255.0
IPv6 Mask Length: 128
Click OK.
40. Scroll down and click Done.
citrix.com 70
Step Action
41. You have successfully configured the StoreFront Virtual Server. Verify that the State
and Effective State of StoreFront-vServer are listed as Up and click the Save icon at
the top right.
42. Click Yes.
43. Close Internet Explorer.
Exercise Summary
Using NetScaler to load-balance connections to backend servers (such as StoreFront) is simple.
A valid certificate needs to be imported and bound to the virtual server in order to use secure SSL
communication.
citrix.com 71
Exercise 6: Creating a Desktop OS Machine Catalog
Overview
Machine Catalogs are collections of virtual or physical machines that you manage as a single
entity. These machines, and the application or virtual desktops on them, are the resources you
want to provide to your users. All the machines in a machine catalog have the same operating
system and the same VDA installed. They also have the same applications or virtual desktops
available on them. Typically, you create a master image and use it to create identical virtual
machines in the catalog. When you create a machine catalog, you specify the type of machine
and provisioning method for the machines in that catalog.

Perform the steps necessary to create a catalog to be used with Machine Creation
Services.

DC1
Delivery Controller

Step Action
1. Switch to DC1 virtual machine. If Citrix Studio is not open, launch it from the Start
Screen.
2. Select the Machine Catalogs node and click Create Machine Catalog.
citrix.com 72
Step Action
3. Click Next on the Introduction screen.
4. Select Desktop OS and click Next.
citrix.com 73
Step Action
5. For Machine Management, leave the defaults of Machines that are power managed
and Citrix Machine Creation Services (MCS) selected and click Next.
6. On the Desktop Experience screen select I want users to connect to a new

(random) desktop each time they log on and then click Next.
citrix.com 74
Step Action
7. On the Master Image screen select Win10Base and then click Next.
A snapshot will be created automatically as part of the provisioning

process.
8. Change the Number of virtual machines needed to 2. Leave the other defaults for the
virtual machines. Then click Next.
citrix.com 75
Step Action
9. On the Computer Accounts screen select:
Create new Active Directory accounts
Expand Training and select VDAs
Selected location will read: OU=VDAs,OU=Training,DC=training,DC=lab
Win10MCS## for the Account naming scheme and click Next.
citrix.com 76
Step Action
10. Type Win10 MCS Desktops and click Finish.
It will take a few minutes for the virtual machines to be

provisioned and the machine catalog created.
11. After the process completes, you should see the new catalog under the Machine
Catalogs node.
Exercise Summary
Machine Creation Services communicates directly with the hosting infrastructure to provision
virtual machines from a base template.
citrix.com 77
Exercise 7: Creating a Delivery Group for Desktops
Overview
Delivery Groups are collections of users given access to a common group of resources.
Delivery Groups contain machines from your Machine Catalogs, and Active Directory users who
have access to your Site.

Create a delivery group to be used with the Machine Creation Services catalog of
desktop machines created earlier.

DC1
Delivery Controller

Step Action
1. From Citrix Studio, select the Delivery Groups node and click Create Delivery Group.
citrix.com 78
Step Action
3. Ensure Win10 MCS Desktops is selected and type 2 to Choose number of machines
for this Delivery Group. Click Next.
citrix.com 79
Step Action
4. Leave Allow any authenticated users to use this Delivery Group and click Next.
5. Click Next for the Applications.
citrix.com 80
Step Action
6. Click Add to Add assignments.
You can now publish multiple desktops from a single Delivery

Group. Each desktop can be named differently and you can restrict
access to the published desktop.
7. Type Desktops for the Display name and Win 10 Desktops for the Description. Click
OK.
citrix.com 81
Step Action
8. Click Next.
9. Type Win10 MCS for the Delivery Groups name and click Finish.
citrix.com 82
Step Action
10. Verify that the Delivery Group was created successfully.
Exercise Summary
Delivery Groups contain systems from Machine Catalogs and set properties such as who will
have access to the resource and how the resource will be presented.
You can set up a Delivery Group to deliver applications, desktops, or both. You define which
resources users in the Delivery Group can access.
citrix.com 83
Exercise 8: Creating a Server OS Machine Catalog
Overview
The Server OS Machine Catalog provides hosted shared desktops for a large-scale deployment
of standardized machines as well as hosted application delivery. Machine Creation Services
uses a master virtual machine within your XenDesktop environment to manage virtual
machines, enabling you to easily manage and update target devices through one master image.

Perform the steps necessary to create a catalog with a Server OS.

DC1
Delivery Controller

Step Action
1. From Citrix Studio on DC1, select the Machine Catalogs node and click Create
Machine Catalog.
citrix.com 84
Step Action
3. Select Server OS and click Next.
citrix.com 85
Step Action
4. For Machine Management, leave the defaults of Machines that are power managed
and Citrix Machine Creation Services (MCS) selected and click Next.
5. On the Master Image screen, select Win2012R2Base and then click Next.
citrix.com 86
Step Action
6. Change the Number of virtual machines needed to 2. Leave the other defaults and
then click Next.
7. On the Computer Accounts screen select: Create new Active Directory accounts
Training and select VDAs
Selected location should read: OU=VDAs,OU=Training,DC=training,DC=lab
Win2012R2MCS## for the Account naming scheme and click Next.
citrix.com 87
Step Action
8. Type Win2012R2 MCS Servers for the Machine Catalog name and click Finish.
It will take a few minutes for the virtual machines to be

provisioned and the machine catalog created.
9. Verify the Machine Catalog was successfully created.
Exercise Summary
Machine Creation Services provides an easy-to-use wizard to provision virtual desktops and
servers from base templates.
citrix.com 88
Exercise 9: PVS Farm Configuration
Overview
Run the Configuration Wizard on a Provisioning Server when creating a new farm, adding new
Provisioning Servers to an existing farm, or reconfiguring an existing Provisioning Server.

Configure a new Provisioning Services farm.
Add a second server to an existing PVS farm.

PVS1 PVS2
Provisioning Services Provisioning Services

Step Action
1. Select PVS1 and PVS2 virtual machines, right-click and select Start.
2. Wait a few moments for the VMs to start. Click on the PVS1 console tab and login using
the credentials training\administrator with password: Citrix123.
citrix.com 89
Step Action
3. From the Start menu, select the Provisioning Services Configuration Wizard.
Provisioning Services components have been previously installed.
4. Click Next on the initial screen.
5. Select the location where DHCP is installed. In this case we will select The service that
runs on another computer. Then click Next.
Microsoft DHCP is running on AD.training.lab.
citrix.com 90
Step Action
6. For PXE Services, select The service that runs on another computer as DHCP
options 66 and 67 are set on AD.training.lab. Then click Next.
7. Leave Create farm selected and click Next.
8. Click Browse for the Server name and select SQLSERVER and click OK.
citrix.com 91
Step Action
9. Click Next.
10. Database name: ProvisioningServices

Farm name: PVS
Site name: PVSSite1
Collection name: Desktops
Farm administrator group: training.lab/Users/Domain Admins
Click Next.
citrix.com 92
Step Action
11. Type PVSStore for Store name. For the Default path, click on Browse
12. Select This PC > PVSStore (S:) then click OK and Next.
13. Type licenses.citrixvirtualclassroom.com for the license server name. Leave the
Validate license server version and communication box checked and click Next.
citrix.com 93
Step Action
14. Provide the credentials for Provisioning Services. Click Specified user account. Enter
administrator for the User name; training for the Domain and password Citrix123.
Click Next.
15. Accept the defaults for the Active Directory Computer Account Password and click
Next.
citrix.com 94
Step Action
16. Click Next.
17. Select the check box Use the Provisioning Services TFTP service and click Next.
citrix.com 95
Step Action
18. Click on Advanced.
19. Check Verbose mode which will allow us to follow the boot process during the labs.
Click OK and then Next.
citrix.com 96
Step Action
20. Review the final configuration settings and then click Finish.
Leave the Automatically Start Services box checked.
21. Click OK in the Windows Firewall warning dialog.
22. After all the settings are applied successfully click Done.
citrix.com 97
Step Action
23. At this point the configuration of the Provisioning Services Server is finished. Launch the
PVS Console from the Start menu.
24. Right-click on the Provisioning Services Console node and choose Connect to Farm.
25. Type localhost and click Connect.
citrix.com 98
Step Action
26. Ensure you are able to connect to the farm and see all the nodes.
27. Switch to PVS2 virtual machine and login as training\administrator with password
Citrix123. Start the Provisioning Services Configuration Wizard from Start menu.
Provisioning Services components have been previously installed.
28. Click Next on the initial screen.
citrix.com 99
Step Action
29. Select the location where DHCP is installed. In this case we will select The service that
runs on another computer (Microsoft DHCP is running on AD.training.lab). Then click
Next.
30. For PXE Services, select The service that runs on another computer as DHCP
options 66 and 67 are set on AD.training.lab. Then click Next.
citrix.com 100
Step Action
31. Select Join existing farm and click Next.
32. Click Browse for the Server name and select SQLSERVER and click OK.
33. Click Next.
citrix.com 101
Step Action
34. Click Next.
35. Click Next.
36. Click Next.
citrix.com 102
Step Action
37. Click Next.
38. Provide the credentials for Provisioning Services. Click Specified user account. Enter
administrator for the User name; training for the Domain and password Citrix123.
Click Next.
citrix.com 103
Step Action
39. Accept the defaults for the Active Directory Computer Account Password and click Next.
40. Click Next.
41. Select the check box Use the Provisioning Services TFTP service and click Next.
citrix.com 104
Step Action
42. Click Add type 192.168.10.18 for the IP address and click OK.
43. Click Advanced and check Verbose mode which will allow us to follow the boot
process during the labs. Click OK and then Next.
citrix.com 105
Step Action
44. Click Finish.
45. Click OK in the Windows Firewall warning dialog.
46. After all the settings are applied successfully click Done.
Exercise Summary
All Provisioning Servers within a farm must share the same database to locate vDisks for target
devices on shared storage devices within the farm. If that shared storage device is a Windows
network share, refer to configuration information described in the Administrators Guide,
Managing Network Components section. If that shared storage device is a SAN, no additional
citrix.com 106
configuration is necessary.
To properly configure the network services for PVS, be sure that you understand network
service options and settings.
citrix.com 107
Exercise 10: Importing vDisks to the PVS Console
Overview
A vDisk or vDisk chain of differencing VHD files can be imported into a store if:
The VHD being imported does not already exist in the store and both the highest version
number of the VHD and associated manifest files match, and if the VHD chain includes a
base image, and that base image version number matches the base image version in
the manifest file.
The VHD does exist in the store but the imported version number in the associated
manifest file is greater than the existing VHD version number.

Install pre-created vDisks to save time.

PVS1
Provisioning Services

Step Action
1. From the Provisioning Services Console on PVS1, expand Sites and right-click on the
vDisk Pool and select Add or Import Existing vDisk
citrix.com 108
Step Action
2. Click on Search.
3. Click Add.
4. Click OK and then click Close.
citrix.com 109
Step Action
5. Click vDisk Pool. Verify both vDisks were imported.
Exercise Summary
All Provisioning Servers within a farm must share the same database to locate vDisks for target
devices on shared storage devices within the farm. If that shared storage device is a Windows
network share, refer to configuration information described in the Administrators Guide,
Managing Network Components section. If that shared storage device is a SAN, no additional
configuration is necessary.
To properly configure the network services for PVS, be sure that you understand network
service options and settings.
citrix.com 110
Exercise 11: Creating Desktops Catalog within PVS
Overview
Using a Provisioning Services streamed vDisk, the Provisioning Services XenDesktop Setup
Wizard assists in deploying virtual desktops to virtual machines (VMs) as well as to devices that
use personal vDisks.
You must use corresponding releases of Provisioning Services and XenDesktop. The
Provisioning Services XenDesktop Setup Wizard works only with the corresponding
XenDesktop controller.

Creates VMs on a XenDesktop-hosted hypervisor server using an existing XenDesktop
machine template (XenServer).

PVS1 DC1
Provisioning Services Delivery Controller

Step Action
1. From XenCenter right-click PVSDeskTemplate and select Convert to Template
Then click Convert.
citrix.com 111
Step Action
2. From XenCenter right-click PVSSrvTemplate and select Convert to Template Then
click Convert.
3. From the Provisioning Services Console right-click on PVSSite1 in the Console tree
panel, then select XenDesktop Setup Wizard
4. Click Next on the welcome screen.
citrix.com 112
Step Action
5. Type dc1.training.lab for the XenDesktop Controller address to connect to it. Click
Next.
The most recently used XenDesktop Controller (name or IP) is cached in the registry
of the local machine running this instance of the PVS Console for convenient reuse.
6. Select the Virtualization Settings Host1Settings and click Next.
citrix.com 113
Step Action
7. View your Lab Portal Web Page to retrieve the following details:
Username: admin
Password: *******
Enter the information and click OK.
8. Select the PVSDeskTemplate from the list of available templates and click Next.
9. Select the PVSStore\Win10 vDisk and click Next.
citrix.com 114
Step Action
10. Leave Create a new catalog selected. Type Windows 10 PVS for the Catalog name
and click Next.
11. Leave Windows Desktop Operating System selected and click Next.
In order to create Server Catalogs with the XenDesktop Setup Wizard follow the
exact same steps and choose Windows Server Operation System in this step.
citrix.com 115
Step Action
12. Select A fresh new (random) desktop each time and click Next.
13. Change the Number of virtual machines to create to 2.

Leave PXE selected for the Boot mode and click Next.
14. Leave Create new accounts selected and click Next.
citrix.com 116
Step Action
15. Expand training.lab and then expand Training. Select VDAs, enter Win10PVS## as the
Account naming scheme and click Next.
16. Click Finish.
citrix.com 117
Step Action
17. Once the process completes, click Done.
18. Expand Device Collections and verify a new Device Collection with the same name as
the XenDesktop catalog was created: Windows 10 PVS. Check that the 2 virtual
machines Win10PVS01 and Win10PVS02 were added to the Device Collection.
citrix.com 118
Step Action
19. Switch to DC1 and from Citrix Studio click on Machine Catalogs. From the Actions
panel, click Refresh. Verify that the Windows 10 PVS catalog was created and has 2
virtual machines.
Exercise Summary
Associated Provisioning Services target devices were added to the PVS Device Collection
created during the wizard.
A Machine Catalog was automatically created in XenDesktop and a Device Collection with the
same name as the Machine Catalog was created within the Provisioning Services Console.
citrix.com 119
Exercise 12: Creating a Delivery Group for the PVS
Catalog
Overview
Delivery Groups are collections of machines, and specify who can use a group of desktops or
applications. Create Delivery Groups for specific teams, departments, or types of users. With
Delivery Groups, you can:
Specify groups of users who access desktops, applications, or desktops and

applications.
Add users and groups of users.

Create a delivery group to be used with the Provisioning Services catalog created in the
previous exercise.

DC1 PVS1
Delivery Controller Provisioning Services

Step Action
1. From Citrix Studio on DC1, right-click the Delivery Groups node and click Create
Delivery Group.
citrix.com 120
Step Action
3. Select Windows 10 PVS and type 2 to Choose number of machines to add. Click
Next.
citrix.com 121
Step Action
4. Select Add Add Domain Users click OK and then click Next.
5. Click next for the Applications.
citrix.com 122
Step Action
6. Click Add.
7. Type Win 10 Desktops for the Display name and Developers for the Description. Click
Add and include TRAINING\Domain Users. Click OK.
citrix.com 123
Step Action
8. Click Next.
9. Type Win10 PVS for the Delivery Group name and click Finish.
citrix.com 124
Step Action
10. Verify the Delivery Group was succesfully created.
Exercise Summary
Delivery Groups contain systems from Machine Catalogs and set properties such as who will
have access to the resource and how the resource will be presented.
citrix.com 125
Exercise 13: Creating Catalogs of Servers with the
XenDesktop Setup Wizard
Overview
XenDesktop Setup Wizard is a machine deployment option offered by Provisioning Services
(PVS) and should in most cases be your method of choice when deploying extra target VMs to
your Citrix environment.
The XenDesktop Setup Wizard creates the Delivery Group and imports the created VDAs,
automating part of the process.

Create a delivery group for our server machines and publish applications.

DC1 PVS1
Delivery Controller Provisioning Services

Step Action
1. Logon to PVS1 using domain administrator credentials. Open Provisioning Services
Console from Start menu. Expand Sites and right-click PVSSite1 in the Console tree
panel, then select XenDesktop Setup Wizard
citrix.com 126
Step Action
2. Click Next on the welcome screen.
3. Verify dc1.training.lab is set for the XenDesktop Controller address and click Next.
4. Click Next.
citrix.com 127
Step Action
5. View your Lab Portal Web Page to retrieve the following details:
Username: admin
Password: *******
Enter the information and click OK.
6. A list of available templates appears. Select the PVSSrvTemplate and click Next.
7. Select the PVSStore\Win2012R2 vDisk and click Next.
citrix.com 128
Step Action
8. Leave Create a new catalog selected. Type Win 2012R2 PVS for the Catalog name
and click Next.
9. Select Windows Server Operating System and click Next.
citrix.com 129
Step Action
10. Click Next.
11. Leave Create new accounts selected and click Next.
12. Expand training.lab and Training, select VDAs and type Win2012R2PVS### for
Account naming scheme. Click Next.
citrix.com 130
Step Action
13. Click Finish. Once the process completes, click Done.
14. Click on Device Collections and verify a new Device Collection with the same name as
the XenDesktop catalog was created: Windows 2012R2 PVS. Verify 1 virtual machine
Win2012R2PVS01 was added to the Device Collection.
15. Switch to DC1 and from Citrix Studio click on Machine Catalogs. From the Actions
panel, click Refresh. Verify that the Windows 2012R2 PVS catalog was created.
citrix.com 131
Exercise Summary
Publishing applications can be done either when a Delivery Group is created or afterwards.
It is possible to further restrict who can see applications contained within a Delivery Group.
citrix.com 132
Exercise 14: Creating Server-based Delivery Groups and
Publishing Applications
Overview
Creating a Delivery Group is the next step in configuring your deployment after creating a Site
and creating a Machine Catalog. Later, you can change the initial settings in the first Delivery
Group and create other Delivery Groups. There are also features and settings you can configure
only when editing a Delivery Group, not when creating it.


DC1
Delivery Controller

Step Action
1. Verify that Win2012R2MCS01 and Win2012R2PVS01 are powered on and at the logon
screen. If the VMs are powered off, start them.
At least one machine from each of the server catalogs must be powered on
for XenDesktop to automatically discover available applications.
Alternatively, publishing custom applications by paths is also an option.
citrix.com 133
Step Action
2. From Citrix Studio, right-click Delivery Groups and select Create Delivery Group.
citrix.com 134
Step Action
4. Select the Win2012R2 MCS Servers catalog, add in 1 machine and click Next.
5. Click Add and add in Domain Users. Then click OK and Next.
citrix.com 135
Step Action
6. Click Add and select From start menu
7. A list of applications will be gathered from the VDA in that catalog which is powered on.
Select Excel 2013, OneNote 2013, PowerPoint 2013 and Word 2013. Click OK.
citrix.com 136
Step Action
8. Click Next.
9. Click Add and enter Win2012R2 Desktops for the Display name and click OK.
citrix.com 137
Step Action
10. Click Next.
11. Type Win2012R2 MCS for the Delivery Group Name and click Finish.
citrix.com 138
Step Action
12. Click Create Delivery Group again. Click Next on the initial screen.
13. Ensure Windows 2012R2 PVS is the selected catalog, add in 1 machine and click Next.
citrix.com 139
Step Action
14. Click Add and add in Domain Users. Then click OK and Next.
15. Click Add and select From start menu
citrix.com 140
Step Action
16. A list of applications will be gathered from the VDA. Select Calculator, Notepad and
Paint and then click OK.
17. Click Next.
citrix.com 141
Step Action
18. Click Add and enter Win2012R2 PVS for Display name. Click OK and Next.
19. Type Win2012R2 PVS for the Delivery Group name and click Finish.
citrix.com 142
Step Action
20. Click the Applications tab and notice the applications that were just published.
21. All applications are currently available to Domain Users since that is how the Delivery
Group is assigned. Lets now restrict one of the applications to a subset of Domain
Users. Right-click Excel 2013 and go to Properties.
22. Click Limit Visibility and select Limit visibility for this application to the users listed
below. Click Add.
citrix.com 143
Step Action
23. Add in User1 and User2 and then click OK.
Exercise Summary
Use server OS machines to deliver XenApp published apps and published desktops:
You want inexpensive server-based delivery to minimize the cost of delivering applications to a
large number of users, while providing a secure, high-definition user experience.
Your users perform well-defined tasks and do not require personalization or offline access to
applications. Users may include task workers such as call center operators and retail workers, or
users that share workstations.
Application types: any application.
citrix.com 144
Exercise 15: Setting Up Remote Access
Overview
Use the Remote Access Settings task to configure access to stores through NetScaler Gateway
for users connecting from public networks. Remote access through a NetScaler Gateway
cannot be applied to unauthenticated stores.

Configure remote access with NetScaler and StoreFront.

NS1 SF1
NetScaler Gateway StoreFront

Step Action
1. Click on the NS1 virtual machine and then click the Snapshots tab.
Select Take Snapshot
Enter Before Remote Access in the Name field and click Take Snapshot.
A snapshot will allow you to easily revert back and re-run the initial NetScaler Gateway
wizard (should you need to do so) without having to manually clean up multiple entries.
citrix.com 145
Step Action
2. Verify that the Before Remote Access snapshot is now listed. Minimize XenCenter.
3. Launch Internet Explorer from the student desktop and browse to http://192.168.10.99.
Logon as nsroot /nsroot.
4. Click the Configuration heading and click XenApp and XenDesktop at the bottom left.
citrix.com 146
Step Action
5. Scroll down and click the Get Started button.
6. Select StoreFront from the drop-down menu and click Continue.
citrix.com 147
Step Action
7. Enter following information:
Virtual Server Name: NS-StoreFront
NetScaler Gateway IP Address: 192.168.10.101
Port: 443
Gateway FQDN: https://XXX-XXX-XXX-XXX.mycitrixtraining.net
Select Redirect requests from port 80 to secure port and click Continue.
Enter the PortablePublicIP2 from your lab

in dashed format: XXX-XXX-XXX-XXX
8. Select the MCT_Wildcard server certificate and click Continue.
This certificate needs to be issued from a public CA and

must be previously installed on the NetScaler appliance.
citrix.com 148
Step Action
9. Enter the following Authentication Settings to allow the NetScaler to serve as a proxy:
Primary authentication method: Active Directory/LDAP
IP Address: 192.168.10.11
Port: 389
Time out (seconds): 3
Base DN: dc=training, dc=lab
Service Account: administrator@training.lab
Server Logon Name Attribute: sAMAccountName
Password: Citrix123
Confirm Password: Citrix123
Click Continue.
citrix.com 149
Step Action
10. Enter the following settings to identify the Storefront server in the lab environment:
StoreFront FQDN: connect.training.lab
Site Path: /Citrix/CorporateStoreWeb
Single Sign-on Domain: training.lab
Store Name: CorporateStore
Secure Ticket Authority Server: https://dc1.training.lab (click on + sign)
https://dc2.training.lab
StoreFront Server: 192.168.10.19 (click on + sign)
192.168.10.20
Protocol: SSL
Port: 443
Click Continue.
11. Select XenDesktop.
citrix.com 150
Step Action
12. Add 192.168.10.14 and 192.168.10.15 for the Desktop Delivery Controller Server. Click
Continue.
13. Click Advanced Settings on the right side and select + Optimization.
14. Click Apply.
citrix.com 151
Step Action
15. Click Done to complete the configuration of the Netscaler for Storefront.
16. Click the Configuration tab > NetScaler Gateway > Virtual Servers. Verify XenApp
and XenDesktop virtual server with a state of Up on port 443.
17. Click Save. Select the Virtual Server and click Edit.
citrix.com 152
Step Action
18. Click on the + sign under Authentication.
19. Select LDAP for Choose Policy* and click Continue.
20. Click the arrow to Select Policy*
21. Check the box and click Select.
citrix.com 153
Step Action
22. Click Bind.
23. Scroll to the bottom of the page and click Done.
24. Click Save.
25. Click Yes to confirm.
citrix.com 154
Step Action
26. Select Portal Themes under NetScaler Gateway. Select Citrix Training and click Edit.
27. Click the link Click to bind and view configured theme.
28. Click Preview and click Done.
29. Click the Configuration tab and then click the Save icon. Click Yes.
citrix.com 155
Step Action
30. Switch to SF1. In the StoreFront Console select Manage Authentication Methods.
31. Select Pass-through from NetScaler Gateway and click OK.
citrix.com 156
Step Action
32. Under the NetScaler Gateway node, click Manage NetScaler Gateways.
33. Click Add.
citrix.com 157
Step Action
34. Enter the following details where XXX-XXX-XXX-XXX is your translated
PortablePublicIP2 in dashed format:
Display name: Primary Gateway
NetScaler Gateway URL: https://XXX-XXX-XXX-XXX.mycitrixtraining.net
Usage or role: Authentication and HDX routing
Click Next.
35. Click Add Type http://dc1.training.lab and click OK.
citrix.com 158
Step Action
36. Click Add Type http://dc2.training.lab and click OK and click Next.
37. Click Create.
The Callback URL must have a trusted and valid (matches the FQDN) certificate.
The Callback URL must not have client certificates set to Mandatory.
citrix.com 159
Step Action
38. Click Finish.
39. Click Close.
citrix.com 160
Step Action
40. Under the Stores node, click Configure Remote Access Settings.
41. Select No VPN tunnel, check Primary Gateway and then click OK.
42. Right-click Server Group node and then click Propagate Changes.
citrix.com 161
Step Action
43. Click Yes.
44. Click OK when the propagation completes.
citrix.com 162
Exercise 16: Testing Internal Access
Overview
Users can work with applications running on XenDesktop servers when the Receiver or the
online plug-in is installed on their user devices. Users can access applications from virtually any
type of user device over many types of network connections, including LAN, WAN, dial-up,
virtual private network (VPN) and direct asynchronous connections. Because the applications
are not downloaded to user devices (as is the case with the more traditional network
architecture), application performance is not limited by bandwidth or device performance.

Test internal connectivity to the environment through NetScaler load balancing and
StoreFront.
Win10Base

Step Action
1. From Win10Base, launch a new instance of Firefox from the taskbar.
2. Navigate to https://connect.training.lab. Check I agree with the Citrix license

agreement and click Install.
citrix.com 163
Step Action
3. Select Save file.
4. Click the blue arrow on the top right.
5. Click CitrixReceiverWeb.exe.
6. Select Yes.
citrix.com 164
Step Action
7. Click Start.
8. Check I accept the license agreement and click Next.
9. Click Next.
citrix.com 165
Step Action
10. Click Install.
11. Click Finish.
12. Log On as training\user1 with password Citrix123.
citrix.com 166
Step Action
13. Launch each of the desktops shown one at a time to confirm connectivity. Log off after
the desktop fully loads. Choose Read/Write if asked.
14. Click the Apps button at the bottom of the Receiver Web site. Click on Details for
Calculator.
citrix.com 167
Step Action
15. Click Add to Favorites. Go back and add a few other applications to Favorites.
16. Launch All Applications and verify they are working properly.
17. Logoff from StoreFront.
Exercise Summary
Citrix Receiver can be installed by simply double-clicking it or letting StoreFront Receiver for Web offer it
to new users.
If a non-administrator installs Receiver, then each non-administrator that logs in to the workstation will
have to reinstall Receiver. Non-administrator installations are installed
to%USERPROFILE%\AppData\Local\Citrix\ICA Client.
If CitrixReceiver.exe is installed using an administrator account then the Receiver only needs to be
installed once. Administrator installations are installed to C:\Program Files (x86)\Citrix\ICA Client.
Administrator installations cannot be upgraded by non-administrators.
citrix.com 168
Exercise 17: Publishing Secure Browser
Overview
Users can have a seamless web-based application experience, using the latest enhancement of
XenApp, where a hosted web-based application simply appears within the users preferred local
browser. For example, if a users preferred browser is Mozilla Firefox but the application is only
compatible with Microsoft Internet Explorer, XenApp Secure Browser will display the Internet
Explorer compatible application as a tab within the Firefox browser.

Enable HTML5 access with a Citrix Policy.
Integrate an unauthenticated StoreFront Store.
SF1 DC1
Secure Browser
StoreFront Delivery Controller

Step Action
1. From DC1 VM, within Citrix Studio, select Machine Catalogs and select Win2012R2
MCS in the middle pane. Right-click and select Add Machines.
citrix.com 169
Step Action
2. Leave the Number of machines to add 1 and click Next.
3. Select VDAs under Training and click Next.
citrix.com 170
Step Action
4. Click Finish.
5. In the navigation tree on the left, select Delivery Groups. In the Actions pane on the
right, select Create Delivery Group.
citrix.com 171
Step Action
6. Select Next on the Getting started with Delivery Groups welcome screen.
7. Select the Win2012R2 MCS Servers catalog and add 1 for the machines to include
within this catalog. Click Next.
citrix.com 172
Step Action
8. Leave Allow any authenticated users to use this Delivery Group checked and check
Give access to unauthenticated (anonymous) users. Select Next.
9. Click Next.
citrix.com 173
Step Action
10. Select Next.
For Secure Browser implementations, users will not require the

ability to launch the full desktop interface.
11. Type Secure Browser for the Delivery Group and select Finish.
citrix.com 174
Step Action
12. A warning message might appear indicating that the delivery group does not contain any
applications or desktops. Select Yes to continue.
13. Verify the Secure Browser delivery group appears in Citrix Studio.
14. In the navigation tree on the left, select Applications. In the Actions pane on the right,
select Add applications.
Although this step could be accomplished in the delivery group portion of the
implementation, it is separated as a stand-alone step as admins might wish to add
additional applications in the future without being required to recreate the delivery group.
citrix.com 175
Step Action
15. Click Next.
16. Select Secure Browser delivery group in the Add Applications wizard, then click Next.
citrix.com 176
Step Action
17. Select Add drop down item and select From start menu
18. Select Google Chrome and click OK.
citrix.com 177
Step Action
19. Select Google Chrome and click Properties
20. In Application Settings wizard, provide the following details:

Application name (for users): Secure Browser
Application name (for administrator): Secure Browser
Select Delivery.
citrix.com 178
Step Action
21. Select Change next to the application icon.
22. Select Choose from Citrix default icons and select the last one and click OK.
You can change the icon under the Delivery tab so users can see a
unique icon for the application instead of the default Mozilla Firefox.
citrix.com 179
Step Action
23. Click Location.
24. Add the following in the Command line argument box: -k http://www.citrix.com then
click OK.
citrix.com 180
Step Action
25. Click Next.
26. Click Finish.
citrix.com 181
Step Action
27. The Secure Browser application should now appear within Studio.
28. In the navigation tree on the left, right-click Policies and select Create Policy.
citrix.com 182
Step Action
29. Select Web Sockets in the All Settings drop down box. In the settings portion of the
dialog box, highlight WebSockets connections and click Select.
30. Select Allowed. Select OK. Then select Next.
citrix.com 183
Step Action
31. Select Delivery Group and select Assign.
32. In the Assign Policy screen, select Delivery Group Secure Browser and click OK.
citrix.com 184
Step Action
33. In the Users and Machines screen of the Create Policy wizard, click Next.
34. Type HTML5 for the policy name and click Finish.
citrix.com 185
Step Action
35. Switch to SF1 VM. Within Citrix StoreFront, in the navigation tree on the left, select
Stores. In the Actions pane on the right, select Create Store.
36. In the Getting Started screen, click Next.
citrix.com 186
Step Action
37. Type SecureBrowser for the store name.
Enable the Allow only unauthenticated users to access this store and click Next.
38. Click Add. Leave the defaults and click Add for the Servers.
Add dc1.training.lab and dc2.training.lab for the load balanced Servers.
Click OK.
citrix.com 187
Step Action
39. Change the Transport type to HTTP and select OK.
When using HTTPS, appropriate server and root

certificates must be installed and configured.
40. Click Next.
citrix.com 188
Step Action
41. In the XenApp services URL screen, select the following:
Enable XenApp Services URL
Make this the default Store for PNAgent
Click Create.
It will take a few minutes for the store to be created.
42. Click Finish.
citrix.com 189
Step Action
43. The new store should be visible in Citrix Studio. Select Receiver for Web Sites in the
middle of the screen.
Remember this URL as it is used by end users to access the store.
44. Select Manage Receiver for Web Sites on the right side of the console.
citrix.com 190
Step Action
45. Select Configure...
46. Select Deploy Citrix Receiver tab.

Select Always use Receiver for HTML5 in the Deployment option.
citrix.com 191
Step Action
47. Select Workspace Control tab. Set Logoff action to Terminate and Unselect Enable
workspace control.
Click OK and then click Close.
48. Switch to Win10Base VM. Launch Mozilla Firefox from the taskbar.
49. SType the following URL:

e
chttps://connect.training.lab/Citrix/SecureBrowserWeb/
u
Select the SecureBrowser app.
r
e
Validation: StoreFront should not request the user to log in.
citrix.com 192
Step Action
50. Select your default browser.
Validation:
XenApp Secure Browser should create a new tab within the users running browser.
The XenApp Secure Browser tab should only contain a single set of navigation buttons
and bars. The experience should mimic that of the traditional PC experience.
Exercise Summary
A Citrix XenApp-based machine catalog must already be created within Citrix Studio. The
machine catalog must contain at least one XenApp 7.8 server and can utilize Provisioning
Services, Machine Creation Services or manual provisioning.
A delivery group defines the available resources and user rights assignments for a particular
group of XenApp hosts.
In order to allow HTML5 access to the available resources, the system must allow web
socket connections.
To get access to the available resources, users use their local web browser and connect to
the StoreFront site.
citrix.com 193
Exercise 18: AppDisks with MCS
Overview
Delivery Groups used with AppDisks can contain machines from Pooled Random Machine
Catalogs containing Server OS or Desktop OS machines. You cannot use AppDisks with
machines from other catalog types, such as pooled static or dedicated (assigned). AppDisks are
available in all editions of XenApp/XenDesktop 7.8 and newer. AppDNA is only available in
Platinum Edition.

Create, analyze, and update AppDisks using MCS.
Assign AppDisks to Delivery Groups.

AD.training.lab AppDNA1 DC1 SQLServer
SQL
Active Directory Delivery Controller Database
AppDNA

Step Action
1. Shut Down Win2012R2MCSxx and Win2012R2PVSxx virtual machines.
Start AppDNA1 virtual machine.
citrix.com 194
Step Action
2. In XenServer, navigate to Win10Base and click on the Snapshots node. Click Take
Snapshot. Type HDX/RDA Monitoring Tools for the name and click Take SnapShot.
3. Switch to Studio on DC1. Right-click on Machine Catalogs node and select Create
Machine Catalog.
citrix.com 195
Step Action
4. Click Next.
5. Select the Desktop OS radio button. Click Next.
citrix.com 196
Step Action
6. Ensure the Machines that are power managed and Citrix Machine Creation
Services radio buttons are selected. Click Next.
7. Select I want users to connect to a new (random) desktop each time they log on
radio button. Click Next.
citrix.com 197
Step Action
8. Navigate to the Win10Base node and select the HDX/RDA Monitoring Tools version.
Click Next.
9. Click Next.
citrix.com 198
Step Action
10. Set the number of virtual machines to be created at 2 and uncheck the cache for
temporary data. Click Next.
11. Select the Desktops OU under Training. Set the account naming scheme as
Win10Desk##. Click Next.
citrix.com 199
Step Action
12. Name the machine catalog Win10 MCS Pooled. Verify the other information and click
Finish.
13. After the machines have been provisioned, navigate to the Delivery Groups node in
studio. Select the Win10 MCS Pooled delivery group and click Add Machines.
citrix.com 200
Step Action
14. Add 1 machine to the Delivery Group and click Next.
15. Click Finish.
citrix.com 201
Step Action
16. Click on the AppDisks node. Click Create AppDisk.
17. Click Next.
citrix.com 202
Step Action
18. Select the Create new AppDisk radio button. Select 3GB (Small) disk size and click
Next.
citrix.com 203
Step Action
19. Select the Win10 MCS Pooled machine catalog. Click Next.
Only machines that are not assigned to delivery groups can be used for this purpose.
20. Name the AppDisk Developer and click Finish.
citrix.com 204
Step Action
21. Wait for the AppDisk to finish being created and prepared. When the status is Ready to
install applications, right-click and select Install Applications.
Note the name of the machine and click Close.
22. RDP into Win10Deskxx (VM noted in the previous step). Right-click on the Windows
icon and select Run. Type mstsc and click OK.
23. Click Connect and login using the TRAINING\administrator with Citrix123 credentials.
citrix.com 205
Step Action
24. Navigate in Windows Explorer to \\DC1\C$\Software and locate the Adobe Reader
installation file. Install Adobe Reader 11.
25. When complete click Finish and close the RDP connection. Return to Studio on DC1.
26. Click Seal AppDisk.
citrix.com 206
Step Action
27. When prompted, click Yes. The seal process will begin.
It will take several minutes to Seal AppDisk.
28. Note that the sealed AppDisk will begin to capture.
29. Then the State will change to Analyzing.
citrix.com 207
Step Action
30. After the AppDNA analysis has been completed, click View report.
In case you get an error due to insufficient memory, shutdown some VMs
and select AppDNA Analyze from the right menu.
31. View the report, which opens in the default browser.
citrix.com 208
Step Action
32. Go to the Win10 MCS Pooled delivery group in studio. Click Manage AppDisks.
33. Click Add.
citrix.com 209
Step Action
34. Select the Developer AppDisk and click Ok.
35. Click Next.
citrix.com 210
Step Action
36. Select the Immediately (shut down and restart machines now) radio button. Select
the Update all machines at the same time dropdown and Do not send a notification
dropdown. Click Next.
37. Click Finish.
citrix.com 211
Step Action
38. Navigate back to the delivery groups. After all machines in the catalog have been
rebooted, you will see a green Ready checkbox. Log into a machine in the delivery
group and launch Acrobat Reader DC.
39. Navigate back to the AppDisks node. Click on the Developer AppDisk and click Create
New Version.
40. Name the new version Developer-v2. Select the Win10 MCS Pooled catalog and click
Create new version.
citrix.com 212
Step Action
41. The new disk will begin the creation process.
42. After creation is complete, RDP into Win10Deskxx (machine name showing in the
details for Developer-v2).
citrix.com 213
Step Action
43. Navigate to \\DC1\C$\Software.
44. Install NotePad++(npp.6.9.Installer) from \\DC1\C$\Software.
45. Accept all the defaults, clicking next and at the end click Finish.
citrix.com 214
Step Action
46. When complete, go back to Studio on DC1 and click Seal AppDisk. Click Yes when
prompted.
citrix.com 215
Step Action
47. The sealing process is initiated, followed by AppDNA analysis.
It will take several minutes for the sealing and AppDNA Analysis to finish.
citrix.com 216
Step Action
48. Once the AppDNA report is complete, click on Delivery Groups.
49. Select the Win10 MCS Pooled Delivery Group and click Manage AppDisks.
citrix.com 217
Step Action
50. In the proceeding dialog, remove the Developer AppDisk, and click Add.
51. Select the Developer-v2 and check the box. Click OK.
citrix.com 218
Step Action
52. Click Next.
53. Select the Immediately radio button and Update all machines at the same time and
Do not send a notification dropdown. Click Next.
citrix.com 219
Step Action
54. Click Finish.
55. Select AppDisks and verify the Installed packages under the Applications tab at the
bottom panel.
Exercise Summary
How to create and manage AppDisks with MCS.
How to analyze an AppDisk from Studio using AppDNA.
citrix.com 220
Exercise 19: Delivering Skype for Business
Overview
Many enterprises are faced with the need to deliver high performance access to Skype for
Business inside of a Citrix session that is delivered remotely. For organizations with a mix of
Windows, Mac and/or Linux devices the Citrix HDX RealTime Optimization Pack for Lync offers
the flexibility of delivering the Lync 2010, Lync 2013 or Skype for Business client (in Lync UI
mode) as either part of a full virtual/published desktop or as a published application.

Install and configure Citrix HDX RealTime Optimization Pack for Skype for Business,
version 2.x.
Confirm optimization is in place, and test the experience.
Requires installation of Citrix HDX RealTime Optimization Pack for Skype for
Business at the end point device (your own laptop/desktop).

DC1 Skype
Virtual Delivery
Delivery Controller Agent

Step Action
1. Start Skype VM.
2. Log On as training\administrator with password Citrix123.
citrix.com 221
Step Action
3. This VM has Skype for Business 2015 client installed. You must ensure that Skype for
Business installation is patched with an appropriate Microsoft Update to work with HDX
RealTime Optimization. Navigate to Control Panel > Programs and Features.
4. Click on the View Installed Updates option in the upper right corner.
5. Use the SEARCH field in the upper right. Search for KB3115261 which is the latest
Skype for Business 2015 update from Microsoft (as of the time this document was
published) that provides support for HDX RealTime Optimization.
In the lab environment provided, the hotfix should already be

applied, as seen in the illustration above.
citrix.com 222
Step Action
6. Click on the Snapshots tab of the Skype VM and select Take Snapshot
7. Type Before HDX Install for the Name and click Take Snapshot.
8. Mount the DVD Citrix_HDX_RealTime_Connector_2.1_for_Skype_For_Business.iso
9. The ISO will show on top right of the Start menu. Select it and chick Open folder to
view files.
10. Double-click the installer.
citrix.com 223
Step Action
11. Click Next.
Accept the terms of the license agreement. Then click Next.
citrix.com 224
Step Action
12. Accept the default location for the destination install location. Then click Next to
continue.
13. Click Install to progress with the installation process.
citrix.com 225
Step Action
14. Click Finish to complete the installation of the HDX RealTime Optimization Pack
Connector.
15. Reboot the Skype VM, even if you are not prompted to do so.
16. Switch to DC1 VM. From Citrix Studio select Machine Catalogs and click Create
Machine Catalog.
citrix.com 226
Step Action
17. Click Next.
18. Leave Server OS selected and click Next.
citrix.com 227
Step Action
19. Select the following:
This Machine Catalog will use: Machines that are power managed (for example,
virtual machines or blade PCs).
Deploy machines using: Another service or technology.
Click Next.
20. Select Add VMs Expand Host 1, scroll down and select Skype. Click OK.
citrix.com 228
Step Action
21. Enter skype.training.lab for the Computer AD account and click Next.
22. Type Skype for Business for the Machine Catalog name and click Finish.
citrix.com 229
Step Action
23. Once the Machine Catalog has been successfully created, click on Delivery Groups.
Select Create Delivery Group from the Actions pane.
24. Click Next on the initial screen. Add 1 for the Choose the number of machines for
this Delivery Group and click Next.
citrix.com 230
Step Action
25. Click Next.
26. Click Next.
citrix.com 231
Step Action
27. Click Add and type Skype for Business for the Display name. Click OK and Next.
28. Type Skype for Business for the Delivery Group name and click Finish.
citrix.com 232
Step Action
29. Verify the Delivery Group was successfully created and the machine registered.
citrix.com 233
Step Action
30. In order to have an optimized Skype for Business experience, you must install the HDX
RealTime Optimization Media Engine 2.x on your endpoint device.
Open a browser on your endpoint laptop, and browse to:
https://xxx-xxx-xx-xxx.mycitrixtraining.net/Citrix/CorporateStoreWeb.
Log in as training\user1 with password Citrix123. Launch Skype for Business
desktop.
Make sure you are using a Windows or Macintosh endpoint laptop that you brought for the
installation of the HDX RealTime Optimization Media Engine 2.x. If you already have a
Citrix or Microsoft optimization pack installed on your endpoint, uninstall the previous
media engine now, before proceeding to the next step. If you have a Citrix session running
in Receiver, you will have to disconnect or close it in order to complete the following steps.
Citrix Receiver must be completely closed on your student laptop in order to remove any
existing installation of the HDX. RealTime Media Engine
Do not install it on the Student Desktop that you have been assigned and have been
accessing via the RDP session.
citrix.com 234
Step Action
31. Launch Skype for Business 2015 from Start menu. You may be prompted to permit
access to your microphone and webcam. Be sure to choose Yes.
32. Log in either with an externally accessible Skype for Business Server environment in
your enterprise. You may also use an externally accessible Lync 2013 Server
environment.
If you dont have a Skype for Business account refer to

Appendix F: Leveraging an Office 365 Trial for Testing.
citrix.com 235
Step Action
33. You may be asked in first time use about installing updates. If so, choose Use
Recommended Settings and click Accept.
34. You may see, on your first login, the Quick Tips wizard. Review the tips if you wish, or
simply close this wizard.
citrix.com 236
Step Action
35. Click on the Citrix HDX RealTime Connector on the bottom right. When everything is
configured correctly you will see the notification as Connected.
HDX RealTime Optimization Pack for Skype for Business communicates over ICA virtual
channels for command and control functions. You can confirm your connection is optimized.
36. Select the About page and confirm connection attributes (versions of the components
and OS this is deployed on).
citrix.com 237
Step Action
37. You can configure your audio settings. Click on the settings gear, Tools, Audio Device
Settings.
38. You can configure your video settings. Click on the settings gear, Tools, Video Device
Settings.
citrix.com 238
Step Action
39. Optional: You can now initiate a call or conference. In the Find Someone window of
the Skype for Business UI, type the user you wish to conference with. When their
name shows up, right click on it, and choose to Start a Video Call.
40. While the call is in session, go to the systray. Right click on the HDX RealTime
Connector status icon. Notice the Call Statistics. This provides a network health report
which can be used to troubleshoot video that lags or choppy audio within calls.
citrix.com 239
Step Action
41. Right-click on the taskbar and select Task Manager. Notice the processor utilization is
flat inside the virtual desktop, despite an audio video call in session. This is because the
video and audio rendering is occurring solely on your endpoint device, and doesnt have
to hairpin back to the data center as it does in generic delivery. The heavy lifting of
handling media is offloaded completely to the endpoint.
Exercise Summary
The primary recommended method for delivering the Microsoft Skype for Business client from
XenApp and XenDesktop is HDX RealTime Optimization Pack 2.x, the product of a close
collaboration between Citrix and Microsoft to co-develop a new and improved "v2" delivery
architecture for Skype for Business and XenApp/XenDesktop customers.
Whitepaper: Delivering Skype for Business and Microsoft Lync to XenApp and XenDesktop.
citrix.com 240
Exercise 20: Using the Self-Service Plug-in
Overview
Citrix Receiver is the easy-to-install client software that provides access to your XenDesktop
and XenApp installations. With this free download you can access applications, desktops and
data easily and securely from any device, including smartphones, tablets, PCs and Macs.

Use the Self-Service Plug-in within Receiver to further integrate within the client desktop.

AD.training.lab Win10Base
Receiver
Active Directory

Step Action
1. Login as domain administrator to AD. From Server Manager click Tools and then click
DNS.
citrix.com 241
Step Action
2. Expand Forward Lookup Zones, right-click training.lab and select Other New
Records.
3. Select Service Location (SRV) and then click Create Record.
citrix.com 242
Step Action
4. In the New Resource Record dialog box, enter the following values:
Service: _citrixreceiver
Protocol: _tcp
Host offering this service: connect.training.lab
Then click OK.
5. Click Done in the Resource Record Type dialog.
6. Switch to Win10Base VM and login as TRAINING\administrator with password

Citrix123. Right-click the Receiver icon in the system tray and select Open.
citrix.com 243
Step Action
7. Enter user1@training.lab for the email address and click Next.
8. Authenticate as training\user1 with password Citrix123 and click Log On.
9. Authenticate as training\user1 with password Citrix123 and click Log On.
citrix.com 244
Step Action
10. Receiver should now launch (if not double-click it in the system tray). Click the arrow
next to User One and select Activate...
Notice that the desktops and applications this user previously subscribed to are available.
11. Click OK.
Exercise Summary
Windows Self-Service Plug-in can be configured within Citrix Receiver for an integrated desktop
experience.
citrix.com 245
Exercise 21: Monitoring with Director
Overview
Director is a real-time web tool that allows administrators to monitor, troubleshoot, and perform
support tasks for end users. Director uses a troubleshooting dashboard that provides real-time
health monitoring of the XenApp or XenDesktop Site. This feature allows administrators to see
failures in real time, providing a better idea of what the end user is experiencing.
Configure and test Director Windows Authentication
Explore new reporting for desktop and hosted application usage

DC1
Delivery Controller

Step Action
1. Log on to DC1 VM as TRAINING\administrator and start IIS Manager.
citrix.com 246
Step Action
2. Navigate to Director under the default website and double-click Authentication.
3. Disable Anonymous Authentication and enable Windows Authentication.
4. Close IIS Manager. From an Administrative Command Prompt, perform an IISRESET.
citrix.com 247
Step Action
5. Open IE and navigate to http://localhost/director. The site should open without
requiring a login.
6. From Win10Base VM open Firefox and connect to:

Log On with the training\administrator credentials.
7. Launch Notepad, PowerPoint, Win 10 Desktop and Win2012R2 Desktop.
citrix.com 248
Step Action
8. Wait approximately one minute then return to DC1 and review the Director Dashboard.
You should see a few sessions connected.
9. Click on Session Connected and select one session by clicking the Associated User.
citrix.com 249
Step Action
10. Verify the information for that session.
11. Click the Trends button, select Capacity Management Tab. Review Hosted
Application Usage.
12. Note individual application statistics at the bottom of the page. Click on the blue
Notepad for information about the specific application.
citrix.com 250
Step Action
13. Review the User Based Application Usage information at the bottom of the page.
14. Click Desktop OS Usage and review the information on this page. As with hosted
applications, additional information can be reviewed by drilling down on the specific
delivery group. Then click Server OS Usage and review the information for the Servers.
15. Return to the Win10Base and log out of the Win 10 Desktop.
citrix.com 251
Step Action
16. Log on to DC1 as domain administrator. Open Studio and click Delivery Groups. Select
Win10 MCS and click Turn On Maintenance Mode in the Actions Pane. Click Yes to
confirm.
17. Return to Win10Base VM and attempt to start the Desktops a couple of times.
18. You should receive an error message.
citrix.com 252
Step Action
19. Return to Director on DC1. Click on User Connection Failures and analyze the
information.
Exercise Summary
With full administrator permissions, when you open Director, the Dashboard provides a
centralized location to monitor the health and usage of a site. If there are currently no failures
and no failures have occurred in the past 60 minutes, panels stay collapsed. When there are
failures, the specific failure panel automatically appears.
citrix.com 253
Lab Guide Appendix

Appendix A: Installing the XenDesktop Controller
Overview
The Delivery Controller is the server-side component that is responsible for managing user
access, plus brokering and optimizing connections. Controllers also provide the Machine
Creation Services that create desktop and server images.
A Site must have at least one Controller. After you install the initial Controller, you can add more
Controllers when you create a Site, or later.

Install the XenDesktop Controller software as well as the management consoles.

AD.training.lab DC1
Active Directory Delivery Controller

Step Action
2. In XenCenter click the DC1 virtual machine.
citrix.com 255
Step Action
4. Click <empty> next to DVD Drive 1: and then select

XenApp_and_XenDesktop_7_9.iso.
5. On the DC1 Desktop, click the File Explorer icon.
6. Double-click CD Drive (D:) XA and XD.
citrix.com 256
Step Action
7. Click Start next to XenDesktop.
8. Click the Delivery Controller selection box.
citrix.com 257
Step Action
9. Read and respond to the license agreement and then click Next.
10. De-select License Server and StoreFront and then click Next.
This lab will use a central cloud-based Citrix License Server.

StoreFront will be installed on dedicated virtual machines.
citrix.com 258
Step Action
11. De-select Install Microsoft SQL Server 2012 Express and click Next.
This lab will use the SQL setup previously configured. SQL Server Express is only
recommended for small PoC and pilot environments since it has limited
resources and features.
12. Click Next on the Firewall screen.
citrix.com 259
Step Action
13. Click Install to begin the installation.
14. Click Close to restart the machine.
citrix.com 260
Step Action
15. Login to DC1 and wait a few minutes for the installation to complete. Select I do not
want to participate in Call Home and click Next.
In order to participate in Call Home, you must connect to Citrix Insight Services.
citrix.com 261
Step Action
16. Click Finish.
Exercise Summary
The Delivery Controller is the central management component of a XenApp or XenDesktop Site that
consists of services that manage resources, applications, and desktops; and optimize and balance the
loads of user connections.
citrix.com 262
Appendix B: Installing StoreFront
Overview
The StoreFront manages the delivery of desktops and applications from XenApp, XenDesktop
and XenMobile servers in the datacenter to users' devices. StoreFront enumerates and
aggregates available desktops and applications into stores. Users access StoreFront stores
through Citrix Receiver directly or by browsing to a Citrix Receiver for Web or Desktop
Appliance site. Users can also access StoreFront using thin clients and other end-user-
compatible devices through XenApp Services site., or later.

Install the XenDesktop Controller software as well as the management consoles.

SF1
StoreFront

Step Action
2. In XenCenter right-click the SF1 virtual machine and select Start.
citrix.com 263
Step Action
4. Click <empty> next to DVD Drive 1: and then select

XenApp_and_XenDesktop_7_9.iso.
5. Login as TRAINING\administrator with password Citrix123.

6. On the SF1 Desktop, click the File Explorer icon.
7. Double-click CD Drive (D:) XA and XD.
citrix.com 264
Step Action
9. Click the Citrix StoreFront selection box.
citrix.com 265
Step Action
10. Read and respond to the license agreement and then click Next.
citrix.com 266
Step Action
11. Click Next on the Core Components screen.
This lab will use a central cloud-based Citrix License Server.

StoreFront will be installed on dedicated virtual machines.
citrix.com 267
Step Action
12. Click Next on the Firewall screen.
This lab will use the SQL setup previously configured. SQL Server Express is
only recommended for small PoC and pilot environments since it has limited
resources and features.
13. Click Install to begin the installation.
citrix.com 268
Step Action
14. Click Close to restart the machine.
15. Click Finish.
Exercise Summary
StoreFront keeps a record of each user's applications and automatically updates their devices, ensuring
users have a consistent experience as they roam between their smartphones, tablets, laptops, and
desktop computers. StoreFront is an integral component of XenApp 7.x and XenDesktop 7.x but can be
used with several versions of XenApp and XenDesktop.
citrix.com 269
Appendix C: Installing the VDA on the Base Desktop VM
Overview
The Virtual Delivery Agent (VDA) is installed on each physical or virtual machine in your Site
that you want to make available to users. It enables the machine to register with the Controller,
which in turn allows the machine and the resources it is hosting to be made available to users.
VDAs establish and manage the connection between the machine and the user device, verify
that a Citrix license is available for the user or session, and apply whatever policies have been
configured for the session. The VDA communicates session information to the Broker Service in
the Controller through the broker agent included in the VDA.
VDAs are available for Windows server and desktop operating systems. VDAs for Windows
server operating systems allow multiple users to connect to the server at one time. VDAs for
Windows desktop operating systems allow only one user to connect to the desktop at a time.
Install the Virtual Delivery Agent (VDA) to prepare the Windows 10 master image.

Win10Base
Virtual Delivery
Agent

Step Action
2. In XenCenter, right-click the Win10Base virtual machine and click Start.
citrix.com 270
Step Action
3. Click the Console tab. Click <empty> next to DVD Drive 1: and select
XenApp_and_XenDesktop7_9.iso.
4. On the Win10Base desktop, open File Explorer.
5. Double-click CD Drive (D:) XA and XD 7.9.
citrix.com 271
Step Action
7. Select Virtual Delivery Agent for Windows Desktop OS.
8. Leave Create a Master Image selected and click Next.
citrix.com 272
Step Action
9. Leave No, install the standard VDA selected and click Next.
10. Uncheck Citrix Receiver and click Next.
citrix.com 273
Step Action
11. Leave Do it manually selected for the location of your Delivery Controllers, then add in:
dc1.training.lab
dc2.training.lab
Click Next.
12. Leave the default features selected and click Next.
citrix.com 274
Step Action
13. Click Next leaving the firewall rules to be configured automatically.
14. Review the Summary page and click Install.
citrix.com 275
Step Action
15. Select I do not want to participate in Call Home and click Next.
16. When the installation completes, click Finish and the machine will restart.
citrix.com 276
Step Action
18. Click Eject next to the XenApp_andXenDesktop7_9.iso.
19. Once Win10Base finishes rebooting, right-click Win10Base and click Shut Down. Click
Yes to shut down the Win10Base VM.
Exercise Summary
To deliver desktops and applications for machines in Server OS or Desktop OS machine catalogs, you
must prepare the master image that creates the user desktops and applications.
The master image is a template that you use to provision multiple systems from in your environment. In
addition to desktops and applications, creating a master image includes installing and configuring the
operating system and any software you want to include on your image.
citrix.com 277
Appendix D: Installing Federated Authentication Service
Overview
Citrix Federated Authentication Service enables users to login to NetScaler Gateway and
StoreFront using SAML authentication.
Citrix Federated Authentication Service uses Microsoft Certificate Authority to issue certificates
on behalf of users. These certificates are used for the StoreFront and Virtual Delivery Agent
logon process.

Install the Federated Authentication Service.
Enable the Federated Authentication Service plug-in on StoreFront servers.
Configure Group Policy.
Use the Federated Authentication Service administration console to:

o Deploy the provided templates
o Set up certificate authorities
o Authorize the Federated Authentication Service to use your certificate authority
Configure user rules.

Win 2012 R2 Server Template

Step Action
citrix.com 278
Step Action
1. On the Federated Authentication Service server, go to the XenDesktop 7.9 ISO and
run AutoSelect.exe. On the bottom right, click Federated Authentication Service.
2. In the Licensing Agreement page, select I have read, understand, and accept the
terms of the license agreement and click Next.
citrix.com 279
Step Action
3. In the Core Components page, click Next.
4. In the Firewall page, click Next.
citrix.com 280
Step Action
5. In the Summary page, click Install.
6. Click Close.
7. In the Finish Installation page, click Finish.
citrix.com 281
Step Action
8. Switch to the SF1 VM. Open a PowerShell window and run the following command:
& "$Env:PROGRAMFILES\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1"
9. Run the following commands:

$StoreVirtualPath = "/Citrix/CorporateStore"
$store = Get-STFStoreService -VirtualPath $StoreVirtualPath
$auth = Get-STFAuthenticationService -StoreService $store
Set-STFClaimsFactoryNames -AuthenticationService $auth -ClaimsFactoryName "FASClaimsFactory"
Set-STFStoreLaunchOptions -StoreService $store -VdaLogonDataProvider "FASLogonDataProvider"
To stop using the FAS, use the following PowerShell script:
Get-Module "Citrix.StoreFront.*" -ListAvailable | Import-Module

$StoreVirtualPath = "/Citrix/Store"
$store = Get-STFStoreService -VirtualPath $StoreVirtualPath
$auth = Get-STFAuthenticationService -StoreService $store
Set-STFClaimsFactoryNames -AuthenticationService $auth -ClaimsFactoryName "standardClaimsFactory"
Set-STFStoreLaunchOptions -StoreService $store -VdaLogonDataProvider ""
10. Propagate the changes to SF2. Click Yes and then OK.
citrix.com 282
Step Action
11. On DC1, open a PowerShell window and run the following commands:
asnp citrix.*
Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true
12. On the Federated Authentication Service server, browse to C:\Program

Files\Citrix\Federated Authentication Service\PolicyDefinitions. Copy the file and
folder.
13. Copy the file and the en-US subfolder to your domain controller and place them in the
C:\Windows\PolicyDefinitions.
citrix.com 283
Step Action
14. Switch to AD VM. Run the Microsoft Management Console (mmc.exe from the
command line). From the menu bar, select File > Add/Remove Snap-in.
The policy must be applied to all machines running affected

Citrix software (VDAs, StoreFront servers, administration tools).
15. Add the Group Policy Management Editor.
citrix.com 284
Step Action
16. When prompted for a Group Policy Object, select Browse and then select Default
Domain Policy and click OK. Click Finished and OK.
17. Navigate to the Federated Authentication Service policy located in Computer

Configuration > Policies > Administrative Templates > Citrix Components >
Authentication.
citrix.com 285
Step Action
18. Open the Federated Authentication Service policy and select Enabled. This allows
you to select the Show button, where you configure the FQDN of the FAS Federated
Authentication Service server.
Click OK twice.
19. Click OK to exit the Group Policy wizard and apply the group policy changes. You may need to
restart your machines (or run gpupdate /force from the command line) for the change to take
effect.
citrix.com 286
Step Action
20. The Group Policy template includes support for configuring the system for in-session
certificates.
21. This places certificates in the users personal certificate store after logon for application
use.
For example, if you require TLS authentication to web servers within the
VDA session, the certificate can be used by Internet Explorer. By default,
VDAs will not allow access to certificates after logon.
citrix.com 287
Step Action
22. Switch to the Citrix Federated Authentication server. From the Start Menu, run Citrix
Federated Authentication Service as administrator. Make sure you run it elevated.
23. The console attempts to automatically locate the FAS servers in your environment using
the Group Policy configuration. Click OK.
For If your user account is not a member of the Administrators group on the machine
running the Federated Authentication Service, you will be prompted for credentials.
24. Step 1: Deploy certificate templates, click Start.
The first time the administration console is used, it guides you through a three-step
process that deploys certificate templates, sets up the certificate authority, and
authorizes the Federated Authentication Service to use the certificate authority. Some
of the steps can alternatively be completed manually using OS configuration tools.
citrix.com 288
Step Action
25. Click OK to add certificate templates to Active Directory.
This tool must be run as an account that has

permissions to administer your Enterprise forest.
26. Step 2: Setup Certificate Authority, click Start.
citrix.com 289
Step Action
27. Select a Certificate Authority to issue the certificates and click Ok.
28. Step 3: Authorize this Service, click Start.
29. Select the issuing Certificate Authority and click OK.
citrix.com 290
Step Action
30. Go to the Certificate Authority Console > Pending Requests.
31. Switch to AD and navigate to Control Panel > Administrative Tools > Certification
Authority. Under Pending Requests, right-click and Issue the pending certificate.
32. In a minute or two, Federated Authentication Service will recognize the issued certificate
and it will turn green.
citrix.com 291
Step Action
33. Switch to the User Rules Tab.
Use the Certificate Authority drop-down to select AD.training.lab\training=AD-CA.
Use the Certificate Template drop-down to select the Citrix_SmartcardLogon.
A user rule authorizes the issuance of certificates for VDA logon and in-session use, as
directed by StoreFront. Each rule specifies the StoreFront servers that are trusted to
request certificates, the set of users for which they can be requested, and the set of VDA
machines permitted to use them.
34. Click Edit next to List of StoreFront servers that can use this rule.
citrix.com 292
Step Action
35. Remove Domain Computers from the top half.
You could add an Active Directory security group instead of individual StoreFront
servers.
36. Add the StoreFront servers. On the bottom half, make sure Assert Identity is Allowed.
Click OK.
citrix.com 293
Step Action
37. By default, all users and all VDAs are allowed. You can click the other two Edit boxes to
change this.
38. When done, click Apply under the User Rules tab.
citrix.com 294
Step Action
39. Click OK when Rule updated successfully.
40. To further restrict who can be issued certificates, go to the Certificate Authoritys
Properties and use the Enrollment Agents tab to restrict enrollment agents.
41. For additional information about the Federated Authentication Service.
Exercise Summary
Federated Authentication Service provides secure business-to-business access to contractors and
partners as well as simplify Active Directory domain integration as part of an acquisition, merger or cloud
transition. The new Federated Authentication Service integrates with SAML-based identity providers via
Citrix NetScaler to allow each business unit to manage their own accounts yet still provide the same
secure, remote access to their virtualized apps and desktops hosted on XenApp and XenDesktop.
citrix.com 295
Appendix E: Provisioning Services Optimizations
Overview
The tweaks below follow best practices when configuring Citrix Provisioning Services on a
network.

Implement some performance and scalability tweaks recommended for Provisioning
Services.

PVS1
Provisioning Services

Step Action
42. Open the Control Panel on PVS1 from the Start screen and then click Network and
Sharing Center. Click Change adapter settings.
citrix.com 296
Step Action
43. Right-click on the Lab connection and select Properties.
44. Click Configure.
citrix.com 297
Step Action
45. Select the Advanced tab then select Large Send Offload Version 2 (IPv4). Change
the Value to Disabled. Click OK.
46. Click on the PowerShell icon and type regedit. Then press Enter.
citrix.com 298
Step Action
47. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
48. Right-click on Parameters and select New > DWORD (32-bit) Value.
citrix.com 299
Step Action
49. Type DisableTaskOffload and change the Value data to 1. Click OK.
50. Verify the flag was created and then close Registry Editor and close PowerShell.
citrix.com 300
Step Action
51. Switch back to the Provisioning Services Console. Navigate to PVS > Sites >
PVSSite1 > Servers. Right-click on the PVS1 server and select Properties.
52. Select the Network tab and change the last port number from 6930 to 6960. Then click
Advanced.
Additional ports provide better scalability when

streaming workloads.
citrix.com 301
Step Action
53. Change the Threads per port from 8 to 30 and click OK and then OK on Server
Properties.
Additional threads provide better scalability when streaming workloads. The number of
threads per port should match the number of cores in the server (including hyper threading).
54. Click Yes to restart the stream service.
Exercise Summary
Several optimizations are recommended to ensure optimal performance with Provisioning Services.
See Optimizing PVS for more details.
See Turbo Charging your IOPS with the new PVS Cache in RAM with Disk Overflow Feature!
citrix.com 302
Appendix F: Leveraging an Office 365 Trial for Testing
Overview
You can quickly and easily test Skype for Business optimization by utilizing cloud based unified
communications services. Microsoft offers a free 30-day trial of Office 365 Enterprise, which
includes an enterprise, publicly accessible Skype for Business environment. This trial allows for
up to 25 users to test with. The environment need not be federated to your enterprise Active
Directory.

Procure an Office 365 evaluation.
Laptops

Step Action
1. Browse to: Start your free 30-day trial
2. Complete the web form to obtain 25 user accounts for a minimum of 30 days.
citrix.com 303
Step Action
3. Upon logging in to your Office 365 admin portal for the first time, choose Add new
users which can be found at the upper right corner of the portal page in your browser.
4. Fill out the appropriate account details to create the account.
citrix.com 304
Step Action
5. Set the role and the location for the user.
.
6. Select Skype for Business Online service. Others may be trialed, however only the
Skype for Business Online service is needed for HDX RealTime Optimization testing.
citrix.com 305
Step Action
7. Be certain that you are sending the beginning password for the account to a valid email
address.
8. Create additional users as needed. Please note that if specified during setup, the
password will be required to be changed upon the first login to Skype for Business.
citrix.com 306
Step Action
9. If you wish to allow your test users to engage in communications with outside entities,
such as your own corporate Skype or Lync account for testing, you will need to enable
external access. Log in to the Office365 Admin Portal with an administrators account
and open the Admin app. Under the Apps section choose the Skype for Business
section. Then click Organization-external communications. Set the external access
drop down to On except for blocked domains.
citrix.com 307
Corporate Headquarters India Development Center Latin America Headquarters
Fort Lauderdale, FL, USA Bangalore, India Coral Gables, FL, USA
Silicon Valley Headquarters Online Division Headquarters UK Development Center

Santa Clara, CA, USA Santa Barbara, CA, USA Chalfont, United Kingdom
EMEA Headquarters Pacific Headquarters

Schaffhausen, Switzerland Hong Kong, China
About Citrix
Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new
ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps,
desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler
and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100
million users globally. Learn more at www.citrix.com.
Copyright 2014 Citrix Systems, Inc. All rights reserved. [list Citrix trademarks (without or symbols!) in document] are trademarks of Citrix Systems, Inc.
and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be
trademarks of their respective companies.
citrix.com 308

XenApp & XenDesktop Pre-Sales Technical Workshop

Uploaded by

Copyright:

Available Formats

XenApp & XenDesktop Pre-Sales Technical Workshop

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

XenApp & XenDesktop Pre-Sales Technical Workshop

Uploaded by

Copyright:

Available Formats

XenApp & XenDesktop Pre-Sales Technical Workshop

Worldwide Product Readiness

Prepared by: Elisabeth Teixeira

Lab Guide Appendix .................................................................................................................... 254

Prepared by: Elisabeth Teixeira

1 Citrix Internal Sales Engineers

Lab Guide Conventions

Special note to offer advice or background information

Start Bold text indicates reference to a button or object

Focuses attention on a particular part of the screen (R:255 G:20 B:147)

Shows where to click or select an item on a screenshot (R:255 G:102 B:0)

Prepared by: Elisabeth Teixeira

AD.training.lab 192.168.10.11 Domain Controller, DNS, DHCP, Certificate Services.

Training\Administrator Citrix123 Domain Administrator

Citrix License Server Manages product licenses.

In this exercise you will:

Estimated time to complete this exercise: 10 Minutes

Virtual Machines Required for This Exercise

Step by Step Guidance

2. Right-click on AppDNA1 virtual machine and select Start.

4. Click the Console tab on the right.

5. Login using the TRAINING\administrator with Citrix123 credentials.

6. From the Start menu click Citrix Studio.

Data type Database name Location

Site: XDSite1 sqlserver

Monitoring: XDSite1Monitoring sqlserver

Logging: XDSite1Logging sqlserver

This is a central license server for the cloud-based training environment.

11. Select Connect me and click Confirm.

The license server uses a self-signed certificate which is untrusted by this

15. Click Next.

17. Select AppDNA and click Next.

19. Click Finish to complete the Site Setup.

21. The initial configuration is complete.

In this exercise you will:

It is a best practice to have two or more controllers for high-availability purposes.

Estimated time to complete this exercise: 5 Minutes

Virtual Machines Required for This Exercise

Step by Step Guidance

5. Type in dc1.training.lab and click OK.

6. Click Yes on the dialog to update the database automatically.

In this exercise you will:

Estimated time to complete this exercise: 15 Minutes

Virtual Machines Required for This Exercise

AD.training.lab SF1 SF2

Active Directory StoreFront StoreFront

Step by Step Guidance

2. Launch Server Manager from the AD Console Desktop.

This will serve as the virtual host and IP address

6. Click OK on the confirmation.

7. Click Done and close DNS Manager.

11. Select Create a new deployment.

It will take a few minutes for the new deployment to be created.

13. Click Next to create a new Store.

15. Click Add to add Delivery Controllers.

17. Repeat step 7 to add dc2.training.lab.

19. Click Next to continue.

We will configure remote access in a later exercise.

21. Click Next to continue.

23. Click Finish.