VDI Citrix: An In-Depth Look

What is Citrix VDI?

Citrix is a veteran player in the virtual desktop infrastructure (VDI) space. Its core VDI solution is Citrix Virtual Apps and Desktops, an enterprise solution that enables organizations to deliver a large number of virtualized desktops and applications to employees, instead of provisioning full workstations.

The solution provides several components that provide:

  • A back-end infrastructure that enables serving virtualized desktops in a scalable and secure manner.
  • A client application that lets end users to view virtualized desktops on their local device.
  • Administrative systems that allow administrators to configure the VDI deployment, set up access for users, and troubleshoot problems.

Citrix Virtual Apps and Desktops is based on the Citrix FMA technology (FlexCast Management Architecture), which enables resource provisioning, cloud management, and application delivery.

Related content: learn how to run VDI on VMware

Citrix Virtual Apps and Desktops Key Components

The Citrix architecture includes several components. The backend components are deployed in the local data center, while the WorkSpace App is deployed on end user devices.

Delivery Controller

A central component that manages a VDI site. There can be one or several Deliver Controllers. Because they are mission critical, it is advised to deploy this component on at least two separate servers.

In VDI sites that include a hypervisor, the Delivery Controller uses it to deploy desktops, manage access, perform connection brokering, and manage load balancing of user sessions.

Database

A Citrix VDI site requires at least one SQL Server database, which holds session information, configuration, and other data collected by Deliver Controller services. The database must have a fast connection to the Controller.

Virtual Delivery Agent (VDA)

Installed on every machine or VM that runs virtualized desktops or applications. VDA allows you to register a system with the controller. This makes the computer host-hosted resources available to users. VDA also verifies licenses and policies.

Citrix StoreFront

Used to authenticate connections and manage desktops and applications available for users to access (known in Citrix as a “store”). The enterprise application store gives users self-service 

access to desktops and applications they are eligible to access. It also keeps record of each user’s application subscriptions and other profile data, which lets Citrix provide the same experience to the same user across all their devices.

Citrix Workspace App

A client application that users install on their devices—available either as a downloadable application, or as an HTML5 app that can be accessed over a web browser. Allows the user to view and interact with a virtualized desktop or application as if it were running on their local device.

Citrix Studio

An administration interface that lets IT staff configure the VDI deployment. It provides wizard-based controls for setting up the environment, provisioning resources to host desktops, assigning them to users, and managing Citrix licenses for VDI components. 

Citrix Director

Another administrative tool that enables IT staff to monitor the VDI site, identify and troubleshoot issues, and support end users experiencing problems with their virtualized desktops. One Director instance can be used to support and monitor several Citrix VDI sites.

Citrix Hypervisor

In many Citrix environments, virtualization is managed by the Citrix hypervisor. The hypervisor manages virtual machines that run user desktops and applications. A Citrix VDI site can also run on hypervisors from other vendors.

Citrix VDI Support Models

Citrix lets you choose between two support models for its VDI infrastructure:

  • Long-Term Service Release (LTSR) provides a stable environment and reduces the frequency of feature releases.
  • Current Release (CR) model enables more frequent updates, bringing more new features to virtual apps and desktops, but requiring more frequent maintenance.

Citrix recommends that organizations use the CR-supported model as new features may be introduced. As many applications and platforms move to an update-based subscription-based model, more Citrix customers are moving to the CR model.

Citrix Security Considerations

VDI is a mission critical system that holds a lot of sensitive data. Security is an essential consideration. Here are several important security best practices.

Use App Protection

App Protection is provided as part of the Citrix Workspace App. You can enable it via PowerShell command (there is no UI). It provides two key capabilities:

  • Keylogger protection—encrypts the user’s keystrokes, so a keylogger installed by an attacker cannot see what the user is typing. 
  • Anti screen capturing—prevents attackers from taking screenshots on a virtualized desktop—can protect the entire screen on Windows or only the active window in MacOS.

Transport Layer Security (TLS)

It is essential to protect user connections using secure protocols. Citrix supports TLS for TCP-based connections, and DTLS for UDP based connections. Both protocols operate similarly and can use the same certificates. 

Manage User Privileges

Provide user access only to the operating system features they actually need. You can continue to apply Microsoft Windows permissions through User Rights Assignment and adding members to groups with specific policies. One of the benefits of this method is that you can give users administrative rights to their desktops without also giving them control of the entire machine.

Citrix Virtual Desktop Deployment Considerations

Test Extensively Before Deploying

One of the most important best practices for Citrix VDI is to run tests before fully deploying virtual applications and desktops. Otherwise, IT administrators will face application compatibility issues, insufficient resource allocation, and performance issues, which can make IT management difficult.

End-user storage, memory requirements, and desktop login time are three important aspects of VDI testing. For example, users who run video editing software have different requirements than knowledge workers who use Microsoft Word. IT must predict these requirements as accurately as possible to avoid performance issues.

IT admins can test using native Citrix tools such as Citrix QuickLaunch, or using third-party tools such as Automai AppLoader.

Monitor for Performance Issues and Adjust

Even if IT admins have thoroughly tested virtual applications and desktops, performance issues can still arise when faced with real users and workloads. IT must adhere to Citrix VDI best practices to identify and eliminate these issues. 

There are two primary techniques for improving performance:

Optimize the operating system 

Operating systems like Windows 10 are bloated with features and services that are not relevant for all users. This makes it difficult for them to run as a virtual desktop operating system. 

Operating system optimization helps reduce operating system size and significantly improve image performance. Citrix provides Citrix Optimizer, a tool which comes with built-in templates for specific Windows builds.

Review configuration of Citrix Provisioning Services (PVS)

IT admins running non-persistent Citrix deployments can run into misconfigured PVS environments. 

To follow Citrix VDI best practices, administrators should set the amount of RAM on the PVS server appropriately. Also, they should automate vDisk creation, to avoid having too many versions of PVS on the same vDisk.

Addressing VDI Challenges with Hysolate Isolated Workspace as a Service

Creating and managing a VDI solution is a large project and a huge undertaking for an organization. Creating, planning the infrastructure correctly, and making sure everything is tested, has the proper sizing to support the target population requires thousands of hours of work and a huge investment. In addition, running the servers on premise, involves tremendous costs of purchasing the servers, and of course maintaining the infrastructure leading to high OpEx and CapEx costs.

With that said, in today’s remote first world, users connecting to the datacenter VDI solution, sometimes over a VPN tunnel will get poor performance and user experience and desktops are not available when offline.

Hysolate solves these problems with an innovation called isolated workspace as a service (IWaaS). Users get a local isolated operating system running on their machine deployed within minutes which is managed from the cloud. 

Isolated workspaces enable: 

  • A higher level of freedom on employees corporate devices
  • Ability to receive 3rd party generated content in an isolated zone 
  • Access to IT admins, DevOps, developers, and other privileged users in their everyday environment
  • Access to employees from personal, unmanaged devices

The behavior of the workspace is managed in the cloud, while all of the computing resources run locally on user machines.

This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience, with offline availability.

Learn more about our Isolated- Workspace as-a-Service platform