This document provides guidelines for planning and designing a Citrix StoreFront infrastructure. StoreFront plays a critical role in user authentication, resource enumeration, and aggregation. Key recommendations include:
- Deploy at least two StoreFront servers and use an intelligent load balancer like NetScaler for high availability and load balancing.
- Implement SSL certificates to encrypt communication between Receiver and StoreFront. Also consider encrypting backend traffic between StoreFront and XenApp/XenDesktop controllers.
- Configure multiple controllers per XenApp farm/XenDesktop site and use load balancing for large environments or high login loads.
- Configure highly available internal and external beacon points to determine user network location.
- Use application
SYN224: Best practices for migrating from Web Interface to StoreFront ServicesCitrix
While StoreFront Services goes beyond Web Interface in many areas, it does not support all features of Web interface. Determining when and how to migrate to StoreFront Services is a challenge faced by many Citrix administrators. Hear from the product experts, who will share migration considerations and best practices and considerations. This session will also cover upcoming StoreFront Services capabilities in future product releases.
Citrix Master Class - Live Upgrade from XenApp 6.5 to 7.6Lee Bushen
Video available here: http://www.citrix.com/tv/#videos/12787
Join technology experts Lee Bushen and Patrick Irwin as they discuss and demonstrate a step-by-step move from XenApp 6.5 to XenApp 7.6. With this live demo, we’ll take a user-centric approach and transition across to a new XenApp 7.6 environment with minimal disruption and retraining. We’ll be showing best-practice methods such as consolidating your old and new system with StoreFront, testing for application compatibility with AppDNA and upgrading a server live into the new XenDesktop 7.6 system.
Upgrading from WinS 2008/2008 R2 to WinS 2012iTawy Community
- Why Upgrade to Windows Server 2012?
- Operating System Hardware and Disk Space Requirements
- Supported Windows Clients and Servers
- Supported In-Place Upgrade Paths
- Functional Levels, Operation Master Roles, Active Directory Considerations
- Migration Tools for Windows Server 2012
- Hyper-V and Virtual Machines Considerations
- Summary
SYN224: Best practices for migrating from Web Interface to StoreFront ServicesCitrix
While StoreFront Services goes beyond Web Interface in many areas, it does not support all features of Web interface. Determining when and how to migrate to StoreFront Services is a challenge faced by many Citrix administrators. Hear from the product experts, who will share migration considerations and best practices and considerations. This session will also cover upcoming StoreFront Services capabilities in future product releases.
Citrix Master Class - Live Upgrade from XenApp 6.5 to 7.6Lee Bushen
Video available here: http://www.citrix.com/tv/#videos/12787
Join technology experts Lee Bushen and Patrick Irwin as they discuss and demonstrate a step-by-step move from XenApp 6.5 to XenApp 7.6. With this live demo, we’ll take a user-centric approach and transition across to a new XenApp 7.6 environment with minimal disruption and retraining. We’ll be showing best-practice methods such as consolidating your old and new system with StoreFront, testing for application compatibility with AppDNA and upgrading a server live into the new XenDesktop 7.6 system.
Upgrading from WinS 2008/2008 R2 to WinS 2012iTawy Community
- Why Upgrade to Windows Server 2012?
- Operating System Hardware and Disk Space Requirements
- Supported Windows Clients and Servers
- Supported In-Place Upgrade Paths
- Functional Levels, Operation Master Roles, Active Directory Considerations
- Migration Tools for Windows Server 2012
- Hyper-V and Virtual Machines Considerations
- Summary
This is my 75 minutes "highlights" presentation on what's new in WS2012 R2. It's not all encompassing - intended just to get across the key points of the core OS. It followed a "Cloud OS" keynote and preceded a "System Center hybrid cloud" presentation.
Real world experience with provisioning servicesCitrix
If you use Citrix NetScaler for secure remote access to your Citrix XenApp/Citrix XenDesktop deployment, you may be wondering if there’s more that it can do. You are correct! NetScaler also offers load balancing, global server load balancing, web interface integration, HDX traffic inspection and much more. It can enhance Citrix ShareFile StorageZones and Citrix mobile deployments. Join this session for a quick NetScaler refresher.
A presentation that myself and Dave Northey (MSFT IE) delivered on a road show in Ireland. The goal was to discuss why people should upgrade to Windows Server 2012 ... and we deliberately exlcuded Hyper-V.
Xd planning guide - storage best practicesNuno Alves
The Citrix Storage planning guide provides a list of best practices, recommendations and
performance related tips that cover the most critical areas of storage integration with Citrix
XenDesktop. It is not intended as a comprehensive guide for planning and configuring storage
infrastructures, nor as a storage training handbook.
Due to scope, this guide provides some device-specific information. For additional device- specific
configuration, Citrix suggests reviewing the storage vendor’s documentation, the storage vendor’s
hardware compatibility list, and contacting the vendor’s technical support if necessary
This document describes how XenServer provides and keeps track of the storage supplied to its guests. The first section
is a reminder of how Linux looks at storage and the second section builds on that to explain XenServer storage. Basic
knowledge of Linux is required, as some standard tools are used.
This is my 75 minutes "highlights" presentation on what's new in WS2012 R2. It's not all encompassing - intended just to get across the key points of the core OS. It followed a "Cloud OS" keynote and preceded a "System Center hybrid cloud" presentation.
Real world experience with provisioning servicesCitrix
If you use Citrix NetScaler for secure remote access to your Citrix XenApp/Citrix XenDesktop deployment, you may be wondering if there’s more that it can do. You are correct! NetScaler also offers load balancing, global server load balancing, web interface integration, HDX traffic inspection and much more. It can enhance Citrix ShareFile StorageZones and Citrix mobile deployments. Join this session for a quick NetScaler refresher.
A presentation that myself and Dave Northey (MSFT IE) delivered on a road show in Ireland. The goal was to discuss why people should upgrade to Windows Server 2012 ... and we deliberately exlcuded Hyper-V.
Xd planning guide - storage best practicesNuno Alves
The Citrix Storage planning guide provides a list of best practices, recommendations and
performance related tips that cover the most critical areas of storage integration with Citrix
XenDesktop. It is not intended as a comprehensive guide for planning and configuring storage
infrastructures, nor as a storage training handbook.
Due to scope, this guide provides some device-specific information. For additional device- specific
configuration, Citrix suggests reviewing the storage vendor’s documentation, the storage vendor’s
hardware compatibility list, and contacting the vendor’s technical support if necessary
This document describes how XenServer provides and keeps track of the storage supplied to its guests. The first section
is a reminder of how Linux looks at storage and the second section builds on that to explain XenServer storage. Basic
knowledge of Linux is required, as some standard tools are used.
Provisioning server high_availability_considerations2Nuno Alves
The purpose of this document is to give the target audience an overview about the critical components of a Citrix
Provisioning Server infrastructure with regards to a high availability implementation. These considerations focus on the
following areas:
• Virtual Disk (vDisk) Storage
• Write Cache Placement
• SQL Database
• TFTP Service
• DHCP Service
This document is an introduction to Disk Storage technologies and its terminology. Within this
document basic disk and storage architectures as well as storage protocols and common fault
tolerance technologies will be discussed. It is not intended as a comprehensive guide for planning
and configuring storage infrastructures, nor as a storage training handbook.
Due to scope, this guide provides some device-specific information. For additional device- specific
configuration, Citrix suggests reviewing the storage vendor‘s documentation, the storage vendor‘s
hardware compatibility list, and contacting the vendor‘s technical support if necessary.
For design best practices and planning guidance, Citrix recommends reviewing the Storage Best
Practices and Planning Guide (http://support.citrix.com/article/CTX130632)
Citrix unterscheidet wieder zwischen XenApp 7.5 und XenDesktop 7.5. Aber keine Angst, beide Produkte verwenden die gleiche Technologie wie in XenDesktop 7.1, die Flexcast-Management-Architektur. Also keine IMA-Dienste und Zonen-Data-Kollektoren mehr.
Neu wird es auch möglich sein, die Citrix-Lösungen in hybride oder öffentliche Clouds zu integrieren, wie zum Beispiel Amazon Web Services oder Windows Azure. Daneben werden auch andere Produkte wie AppDNA, Mobile Device Management oder die neuste Protokoll-Errungenschaft Framehawk in der kommenden Version je nach Lizenzversion integriert sein.
Slides zum Referat von Stephan Pfister.
Configure Two-Factor Authentication in Citrix StorefrontGary Smith
Learn, How to configure Two-Factor Authentication in Citrix Storefront Web Interface. Citrix Storefront Web Interface has become alternative option for Citrix Web Interface. Get customized your Storefront Web Interface in own style.
In this presentation we introduce database syncronizacion with SQL Server and Sync Framework 4.0
Regards,
Eduardo Castro Martinez
http://ecastrom.blogspot.com
http://comunidadwindows.org
Sitecore xDB - Architecture and ConfigurationCodersCenter
Presentation about Sitecore xDB by Tomasz Juranek – Sitecore Developer/Architect at Coders Center.
Certificated Sitecore Developer since 2012. For last 5 years has worked on several Sitecore project for big brands around the Europe.
Web based investment management system with multiple API integrations for managing Financial portfolios and statistics along with profit and loss management for investors
ARMnet Financial Product Management Solution is a flexible CRM based platform designed to support any loan, commercial or residential mortgage, vehicle or equipment leasing or deposit product in a financial institution. The solution\'s very architecture allows us to work with an institution to define their business requirements and mirror those rules within the system easily without any hard coded programmer intervention whatsoever.
In einem interaktiven Referat diskutierte Marco Fernandez, Citirx Certified Instructor, über die Implementierungsvarianten von Citrix XenApp und XenDesktop 7.8.
Unter anderem wurden Themen wie die Multi-Geo-Zonen, proaktive Benachrichtigungen und Warnungen, Citrix-Director-Erweiterungen und AppDisk (Tech Preview) besprochen.
Die Teilnehmer des Referats konnten Best Practices für Ihr Unternehmen aus den Diskussionen mitnehmen.
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceCloudian
This document is to help a new user set up the network when deploying a 3-node Cloudian storage cluster in your data center for use with the Cloudian HyperStore Hybrid Cloud Service from AWS Marketplace.
Bullion Trading Portal with real time update and sync with existing bullion trading system built with VC#. See More At:http://www.greymatterindia.com/btp-bullion-trading-portal
Good news from the Worldwide Consulting Desktop & Apps (DnA) team! We’ve just finished updating theVirtual Desktop Handbook for XenDesktop 7, StoreFront 2.0 and XenServer 6.2.
The Virtual Desktop Handbook is an architect’s guide to desktop virtualization. It provides you with the methodology, experience and best practices you need to successfully design your own desktop virtualization solution.
Updates in this release include:
Resource requirements for Windows 8 and Server 2012
XD controller sizing
XenDesktop 7 policy guidelines
Database sizing for XenDesktop 7
SQL 2012 chapter
StoreFront 2.0 chapter
32-bit or 64-bit desktop OS guidance
Desktop group & StoreFront integration
In addition, we’ve also included a Citrix policy quick reference spreadsheet so that you can quickly identify default, baseline and template settings from XenDesktop 5 / XenApp 6 all the way up to XenDesktop 7. Thanks go out to Michael Havens, Maria Chang and Uzair Ali for creating this great reference spreadsheet.
I hope you find this handbook useful during your next desktop virtualization project.
And we’re not done yet, future updates will include:
Bandwidth
Hyper-V 2012
PVS 7
User data
And more …
The Virtual Desktop Handbook is not the only resource to guide you through your desktop virtualization journey. Citrix also provides Project Accelerator; an interactive online tool creating customized sizing and design recommendations based on the methodology, best practices and expert advice identified within this handbook.
You can still reach the XenDesktop 5 handbook using the old URL – CTX136546
Andy Baker – Architect
Worldwide Consulting
Desktop & Apps Team
http://blogs.citrix.com/2013/10/10/new-xendesktop-7-handbook-published/
Reference architecture dir and es - finalNuno Alves
Citrix Director with EdgeSight provides a complete troubleshooting window to quickly resolve issues around desktops or applications. Previous versions of XenApp leveraged EdgeSight, while XenDesktop deployments looked to Director for assistance. Starting in XenDesktop 7, these two great technologies have been merged into one central point for troubleshooting.
The purpose of this document will be to provide you an overviewof all the necessary parts required to give your company a holistic view. With this being a new product with new features, this document will provide administrators the tools to feel comfortable moving forward with monitoring of a XenDesktop 7 deployment.
This document will cover the configuration of the Director server, as well as how to interface with the Insight Center provided from our NetScaler product line. For more of an overview of the EdgeSight product, please reference the whitepapersfound at www.citrix.com/xendesktop.
http://support.citrix.com/article/CTX139051
XenDesktop relies on the hypervisor for many core functions, including VM creation, power operations, performance and redundancy. Therefore, it is important that you take the time to design an appropriate hypervisor infrastructure (XenServer, Hyper-V or vSphere). Otherwise, you may experience performance, functionality or even reliability issues.
Most information required to design a XenDesktop deployment on your chosen hypervisor platform is available publicly, but it can be hard to find since it’s spread across a multitude of knowledge base articles or white papers. In order to simplify and speed-up the design process, we’re in the process of consolidating the information that you need into a single document and augmenting it with recommendations and best practices. We’ve just finished incorporating the Hyper-V 2008 R2 and SCVMM 2012 planning section into the latest release of the Citrix Virtual Desktop Handbook, which includes important design decisions relating to this hypervisor, for example:
Selecting and sizing the right physical hardware for virtual machines
Knowing what storage options available for Hyper-V 2008 R2
What type of networks to build on the Hyper-V host
How to size the SCVMM servers
Designing a highly available SCVMM solution
Planning an effective failover cluster
The products covered in this current release of the handbook include XenDesktop 5.6, XenApp 6.5, Provisioning Services 6.x and XenClient Enterprise 4.5. A version of the Virtual Desktop Handbook covering XenDesktop 7.x, Provisioning Services 7, Hyper V 2012 R2 and SCVMM 2012 R2 is in the works with an initial release scheduled later in Q4. As always your feedback is welcomed.
http://blogs.citrix.com/2013/09/05/citrix-virtual-desktop-handbook-hyper-v-update/
CTX138217 - IntelliCache Reduction in IOPS: XenDesktop 5.6 FP1 on XenServer 6.1 - Citrix Knowledge Center http://ow.ly/o3Ma4
The purpose of this document is to provide testing results based on MCS-delivered streamed virtual desktops leveraging IntelliCache
NetScaler Deployment Guide for XenDesktop7Nuno Alves
This guide demonstrates how to deploy Citrix NetScaler in conjunction with Citrix XenDesktop 7 with a focus on both simplicity in configuration and advanced features not easily delivered with other products. This guide shows how to provision the XenDesktop 7 infrastructure, the NetScaler appliance and NetScaler Insight Center services to extend Citrix virtual desktop infrastructure and services to remote users in small to medium-size enterprises.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Citrix Store front planning guide
1. Consulting Solutions | WHITE PAPER | StoreFront Planning Guide
www.citrix.com
StoreFront Planning Guide
2. Page 2
Contents
Overview.............................................................................................................................................................3
StoreFront Functionality & Architecture....................................................................................................................4
User Logon Workflow...................................................................................................................................................7
Guidelines ...........................................................................................................................................................8
Web Interface or StoreFront ........................................................................................................................................8
High Availability .............................................................................................................................................................9
Security – Inbound Traffic............................................................................................................................................9
Security – Backend Traffic..........................................................................................................................................10
Delivery Controllers.....................................................................................................................................................10
Beacons...........................................................................................................................................................................11
Auto Provisioned Apps (Keywords) .........................................................................................................................11
Scalability (preliminary)...................................................................................................................................12
Planning.............................................................................................................................................................13
Scenario 1 – 500 Users.................................................................................................................................................13
Scenario 2 – 5,000 Users..............................................................................................................................................14
Scenario 3 – 10,000 Users ...........................................................................................................................................15
Scenario 4 – 10,000 Users with Split Sites and Dedicated Home Datacenters ..................................................17
3. Page 3
Overview
Citrix StoreFront, which is the successor to Citrix Web Interface, authenticates users to XenDesktop sites,
XenApp farms, App Controller (SaaS Apps), and VDI-in-a-Box enumerating and aggregating available
desktops and applications into stores that users access through Citrix Receiver for Android, iOS, Linux,
Windows, Win8/RT or Receiver for Web sites. StoreFront is an integral component of XenDesktop 7 but
can be used with XenApp and XenDesktop 5.5 and up deployments. It has been built on a modern, more
flexible and powerful framework than Web Interface that enables StoreFront to provide next generation
features, such as:
Unified StoreFront for XenApp and XenDesktop resources that can also deliver SaaS & Native
Mobile applications (through App Controller).
Simplified Account Provisioning, which enables users to connect to assigned desktops and
applications by simply entering their email or server address, or by opening a Provisioning File in
Receiver.
Access from any Receiver with a consistent user experience, including automatic fallback to
Receiver for HTML5 on Receiver for Web sites if a native client isn’t available locally and can’t be
installed.
Synchronization of resource subscriptions across all platforms and devices (Follow-me Apps &
Data).
Cross-farm aggregation and de-duplication, that aggregates and delivers a unique set of
applications from multiple farms across different sites.
Farm-Based Optimal HDX Connection Routing, which enables the use of the nearest NetScaler
Gateway for HDX traffic routing independent of the NetScaler Gateway used for initial
authentication.
This planning guide provides details about the StoreFront architecture and key design decisions for
typical deployments.
4. StoreFront Functionality & Architecture
The following diagram depicts a typical StoreFront infrastructure for environments without XenMobile:
Please refer to CTX138635 - Citrix Reference Architecture for XenMobile 8.5 for further information about XenMobile deployments.
5. StoreFront consists of the following components:
Authentication service: This service, which is an integral part of StoreFront,
authenticates users to XenDesktop sites, XenApp farms, and App Controller (for SaaS
apps). The authentication service ensures that users only need to log on to
StoreFront/Receiver once.
Store: The store retrieves user credentials from the authentication service to authenticate
users to the components providing the resources. The store also enumerates and
aggregates the resources currently available from XenDesktop sites, XenApp farms, and
App Controller (SaaS Apps). Users access the store through Citrix Receiver or a Receiver
for Web site.
Application Subscription Store (Data Store): This store saves and indexes the
application or desktop subscriptions of the users on a per-StoreFront Store basis. In
contrast to older versions of StoreFront, where an external Microsoft SQL database was
required, the new Application Subscription Store uses the built-in Microsoft Windows
Extensible Storage Engine to store details of users’ app subscriptions locally on StoreFront
servers. When joining a StoreFront server to a Server Group the replication of data
between all members is configured automatically.
Receiver for Web site: This site enables users to access stores through a webpage.
Furthermore, this site can verify the version of Receiver installed locally on the endpoint
and guide the user through an upgrade or installation procedure if required. In scenarios
where Receiver cannot be locally Receiver for HTML5 can be enabled for the Receiver for
Web sites so that users can access resources directly within HTML5-compatible web
browsers.
Desktop Appliance site: Desktop Appliance sites provide users of non-domain desktops
with an experience similar to that of users with domain-joined desktops. The web browsers
on desktop appliances are configured to start in full-screen mode displaying the logon
screen for a Desktop Appliance site. When a user logs on to a site, by default, the first
desktop (in alphabetical order) available to the user in the store for which the site is
configured starts automatically. Desktop Appliance sites are only created by default when
StoreFront is installed and configured as part of a XenDesktop installation.
XenApp Services site: Users with older Citrix clients that cannot be upgraded can access
stores by configuring their clients with the XenApp Services URL for a store. This site can
also be used from domain-joined desktop appliances and repurposed PCs running the
Citrix Desktop Lock.
NetScaler Gateway: Citrix NetScaler Gateway is a physical or virtual appliance, which
provides secure remote access to internal resources. The appliance is typically located
within the DMZ and exposed to the Internet. When a user connects to NetScaler Gateway
they will need to authenticate before any access to internal resources is granted. The
access can be controlled by the admin by means of granular application-level policies and
action controls.
6. Page 6
Users connect to StoreFront using three different methods:
Receiver for Web: This component allows users to access their stores from a web
browser. Desktops and applications are launched using the locally installed Receiver or
Receiver for HTML5 for clientless access.
Native Receiver: To take full advantage of the features StoreFront has to offer, users
should connect into the Citrix environment using Citrix Receiver on their desktop or mobile
device. Citrix Receiver is available for Android, iOS, Mac, Window 8/RT, Windows Phone,
and soon Linux.
XenApp Services Site (PNAgent): By default, StoreFront creates a XenApp Services site
to provide access from legacy devices to the XenApp and XenDesktop resources available
in a store. Even though XenApp and XenDesktop resources can be accessed through the
PNAgent site, resources from App Controller are not visible. This site enables access from
a variety of thin clients, Receiver for Enterprise for specific use cases such as as a
seamless desktop experience, Fast Connect, and Desktop Lock for repurposed PCs.
7. Page 7
User Logon Workflow
The user logon workflow in StoreFront is different to Web Interface, as detailed in the following
table:
Step Web Interface StoreFront
1 User enters username and password. This is
sent to the Web Interface server.
User enters username and password. This is
sent to the StoreFront server.
2 The authentication service of StoreFront
fetches the user credentials and validates
them with a domain controller. StoreFront
servers must reside either within the Active
Directory domain containing the user accounts
or within a domain that has a trust relationship
with the user accounts domain. All the
StoreFront servers in a group must reside
within the same domain.
3 StoreFront checks the data store for existing
user subscriptions and stores them in memory.
4 Web Interface forwards the user credentials as
part of a XML query to XenApp or XenDesktop
sequentially. In this case, the credentials are
sent to the XenDesktop Controller which is the
sole resource configured.
StoreFront forwards the user credentials as
part of a XML query to the backend systems,
such as XenApp, XenDesktop, App Controller
or VDI-in-a-Box sequentially. In this case the
credentials are sent to the XenDesktop
Controller which is the sole resource
configured.
5 The XenDesktop Controller validates the user credentials with a domain controller.
6 After a successful validation the XenDesktop Controller checks which resources have been
published to this user within its database.
7 The XenDesktop Controller sends an XML response to Web Interface / StoreFront which
contains all resources available for the user from the XenDesktop site.
8 Web Interface displays the available
resources.
StoreFront sends the list of available resources
including the existing subscriptions to the Citrix
Receiver installed locally or displays them in
Receiver for Web.
End Now the user can start a resource.
Table 1: User Logon Workflows
8. Page 8
Guidelines
StoreFront plays a critical role in the user authentication process as well as resource enumeration and
aggregation of multiple providers. Therefore, designing a StoreFront infrastructure is a vital aspect of an
overall Citrix design project.
Within this section critical design decisions will be discussed and recommendations will be provided.
Web Interface or StoreFront
As outlined earlier Web Interface and StoreFront are two different solutions, whose feature sets
overlap in many areas, but also offer a variety of distinct features. Therefore it is very important for
organizations to review the capabilities of each product against their requirements. In general, it is
strongly recommended to build new solutions based on StoreFront, since new features will not be
added to Web Interface and end of life has been announced for Web Interface. Furthermore it is
important to understand that Web Interface does not support XenDesktop 7 or later. Details on
Web Interface lifecycle milestones are available from the Citrix website – Lifecycle Milestones.
While StoreFront goes beyond Web Interface in many areas, StoreFront 2.0 does not support all
features of Web Interface. The following tables outlines the Web Interface features that are not
currently available in StoreFront:
Area Feature
Deployment Options Web Interface on NetScaler (StoreFront is deployable as an application
behind NetScaler but runs on separate servers)
Authentication Delegated Kerberos Authentication
Active Directory Federation Services (ADFS) 1.0 integration
Account self-service (SSPR) (reset/unlock with security questions)
Smart card authentication via browser (Native Receivers required)
Domain pass through authentication via browser (Native Receiver for
Windows required)
Support for Novell NDS
Anonymous authentication
Other Messaging (user notifications)
Settings per location (IP Subnet)
Client proxy settings configuration
Offline Apps (Users cannot access offline applications or App-V
sequences through Receiver for Web sites. Native Receiver is
required)
Compact/Low graphics Mode and embedding
Table 2: Web Interface features currently not supported by StoreFront 2.0
9. Page 9
High Availability
If the server hosting StoreFront or the respective web service is unavailable, users will not be able
to launch new virtual desktops, published applications or manage their subscriptions. Therefore at
least two StoreFront servers should be deployed to prevent this component from becoming a single
point of failure. An intelligent load balancing appliance (e.g. Citrix NetScaler), which is capable of
verifying the availability of the StoreFront service, should be used to load balance users across
multiple StoreFront servers. Other less sophisticated load balancing mechanisms, such as
Windows NLB, can perform very basic availability checks only (i.e. server up / down) but cannot
determine the status of individual services. This could result in users being forwarded to StoreFront
servers that cannot process new requests (e.g. server up but web service down).
Recommendation: At least two StoreFront servers should be deployed for redundancy reasons
and Citrix NetScaler or another intelligent load balancing solution should be used for load balancing
and fault tolerance. To simplify management of the StoreFront infrastructure, both servers should
be member of the same StoreFront Server Goup.
Security – Inbound Traffic
Communications from the web browser or Receiver and StoreFront server include user credentials,
resource sets, and session initialization files. This traffic is typically routed over networks outside
the datacenter boundaries or on completely untrusted connections (such as the Internet).
Therefore Citrix strongly recommends that this traffic is encrypted using SSL.
Note: By default, Citrix Receiver requires SSL to connect to StoreFront. This means email-based
account discovery or the manual configuration of a StoreFront store in Receiver will not work
unless a valid and trusted SSL certificate has been implemented on the StoreFront server and/or
the respective external load balancer. However, workarounds exist for environments in which an
SSL certificate cannot be implemented.
Windows
1. Navigate to HKEY_LOCAL_MACHINESOFTWARECitrixAuthManager (for 64-bit
machines, navigate to
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixAuthManager)
2. Create a new String value called ConnectionSecurityMode.
3. Set the value to Any.
4. Navigate to HKEY_LOCAL_MACHINESOFTWARECitrixDazzle (for 64-bit machines,
navigate to HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixDazzle)
5. Modify the String value called AllowAddStore to A.
Please refer to eDocs – Configure and install Receiver for further information.
10. Page 10
iOS
1. Add a new Store using the “New Accounts” wizard.
2. Change to manual setup.
3. Enable the “Ignore certificate warnings” setting.
Recommendation: Implement trusted and valid server certificates on all StoreFront servers and
external load balancers to enable SSL communication between Receiver and StoreFront.
Security – Backend Traffic
User credentials are sent between StoreFront and the XenApp Controllers, XenDesktop Controllers
and the App Controller virtual appliance. For example, in a typical session with a XenDesktop
Controller, the StoreFront server passes user credentials to the Citrix XML Service for user
authentication and the Citrix XML Service returns resource set information. A TCP/IP connection
and the Citrix XML protocol is used to pass the information between the StoreFront server and the
XenDesktop site. The XML protocol uses clear text to exchange all data, with the exception of
passwords, which are transmitted using obfuscation.
Recommendation: For Citrix environments with high security requirements, encrypt StoreFront to
XenApp, XenDesktop and App Controller communications. For further guidance on how to encrypt
this traffic, please refer to
eDocs – Use the SSL Relay (XenApp only).
CTX130213 - How to Configure SSL on XenDesktop 5 Controller to Secure XML Traffic
(XenDesktop only).
eDocs – Use SSL on XenDesktop 7 Controllers (XenDesktop only).
Please refer to eDocs – Secure your StoreFront environment for further information
Delivery Controllers
To provide users with desktops and applications, StoreFront must be configured with the IP
address or DNS name of at least one Controller in each XenDesktop site and/or XenApp farm. For
fault tolerance, multiple Controllers should be entered for each site and/or farm specified.
StoreFront will automatically failover to the second server in the list in case the first server
becomes unavailable (active/passive). For large infrastructures or environments with a high logon
load an active distribution of the user load (active/active) is recommended. This can be achieved by
means of an industry proven load balancer with built-in XML monitors and session persistency,
such as Citrix NetScaler.
Recommendation: At least two Controllers should be specified per XenApp farm / XenDesktop
site.
Recommendation: For large environments, active/active load balancing of the delivery controllers
is recommended.
11. Page 11
Beacons
Citrix Receiver uses beacon points (web sites) to identify whether a user is connected to an internal
or external network. Internal users are connected directly to resources while external users are
connected via Citrix NetScaler Gateway. Citrix Receiver continuously monitors the status of
network connections (e.g. link up / link down or change of the default gateway). When a status
change is detected, Citrix Receiver will first check that the internal beacon points can be accessed
before moving on to check the accessibility of external beacon points. StoreFront provides Citrix
Receiver with the http(s) addresses of the beacon points during the initial connection process and
provides updates as necessary.
Recommendation: Configure as least two highly available external beacons that can be resolved
from public networks so that Citrix Receiver can determine whether users are located behind an
Internet paywall, such as in a hotel or Internet café.
It is strongly recommended that highly available websites are specified as beacons.
Auto Provisioned Apps (Keywords)
StoreFront displays applications differently to Web Interface. Instead of having all accessible
applications appear on the home screen, first time users are invited to choose (subscribe) to the
applications they want to regularly use after they logon. Before a user can launch an application,
they must first choose which applications should be placed on their home screen. This approach,
deemed “Self-Service” apps, allows users to restrict the applications that they see on their home
screen to the ones that they use on a regular basis. The applications chosen by every user for
each store are recorded by the subscription store service so that they can be displayed on the
Receiver home screen from any device that the user connects from (Follow me Apps).
To avoid users from having a blank screen when they first logon, it is recommended that
administrators automatically subscribe users to a few core applications. To do this,
add KEYWORDS:Auto to the application or desktop description in XenApp or XenDesktop.
Another option that can be used to organize applications is KEYWORDS:Featured. Unlike the
Auto keyword which places certain apps on the home screen, the Featured keyword only places
apps in the Featured category (as shown below).
12. Page 12
The app will also appear in another category if a Client Application folder has been specified.
In addition the string KEYWORDS:prefer="application" can be used to specify that the locally
installed version of an application should be used in preference to the equivalent delivered instance
if both are available.
For further information please refer to eDocs – Optimize the user experience.
Scalability (preliminary)
The number of Citrix Receiver users supported by a single StoreFront server depends on the hardware
specifications and on the level of user activity. At the current point in time, scalability testing for
StoreFront 2.0 has not been completed. Early testing results indicate that, a single StoreFront 2.0 server
with twin 2 GHz quad-core CPUs and 8 GB RAM supports up to 25,000 user connections per hour in a
light usage scenario (users log on, enumerate their resources, and access existing subscribed resources)
or up to 6000 user connections per hour in an intensive usage scenario (users log on, enumerate their
resources, and then subscribe and unsubscribe to a resource.)
For the optimum user experience, Citrix recommends that not more than 10 XenDesktop, XenApp, App
Controller, and VDI-in-a-Box deployments are aggregated in a single store.
13. Page 13
Planning
When choosing the optimal StoreFront architecture, it is important to understand the configurations
discussed within this document and the requirements of the respective infrastructure. This section
outlines three sample customer scenarios, in which we’ll follow the topics discussed earlier opting for the
simplest and best performing solution.
Scenario 1 – 500 Users
In this scenario 500 users should be supported. The users logon to StoreFront in the morning over
a period of 2 hours and connect to their virtual desktop. Users typically they keep their sessions
open all-day and occasionally access StoreFront after the initial login.
The load on the StoreFront servers in this scenario can be considered very light. Therefore two
StoreFront servers have been chosen for redundancy reasons only. Both StoreFront servers are
equipped with 2 CPUs and 2GB of RAM to allow for future growth without requiring changes to the
access infrastructure. A pair of NetScaler appliances provide load balancing, SSL offloading and
availability monitoring for the StoreFront servers. The XenDesktop Controllers are configured in
failover order (active/passive) within StoreFront for simplicity reasons. An active/active load
balancing of the XenDesktop Controllers is not required due to the small number of users.
14. Page 14
Scenario 2 – 5,000 Users
In this scenario, 5,000 users should be supported. As opposed to scenario 1, the users logon to
StoreFront in the morning over a very short period of time. Furthermore, users tend to disconnect
and reconnect to their desktops multiple times a day.
Due to the high logon load in the morning, three StoreFront servers need to be implemented. All
three StoreFront servers are equipped with 2 CPUs and 4GB of RAM to ensure sufficient capacity.
A pair of NetScaler appliances provide load balancing, SSL offloading and availability monitoring
for the StoreFront servers. Furthermore, these appliances are leveraged to load balance the XML
requests sent from the StoreFront servers to the XenDesktop Controllers. This ensures an even
distribution of the load among the XenDesktop Controllers and avoids a potential bottleneck.
StoreFront is configured to connect to a NetScaler vServer rather than the XenDesktop Controllers
directly.
15. Page 15
Scenario 3 – 10,000 Users
In this scenario 10,000 users should be supported. Similar to scenario 2, users logon to StoreFront
in the morning over a very short period of time and typically disconnect and reconnect to their
desktops multiple times a day. As opposed to scenario 1 and 2 the infrastructure needs to be
distributed across two datacenters for disaster recovery reasons. The environment should provide
100% tolerance to a full datacenter outage.
To cope with the high logon load in the morning and the constant load during the day three
StoreFront servers with 4CPUs and 4GB of RAM are required. Alternatively, two servers with
8CPUs and 8GB of RAM could be implemented. However, to minimize the impact from a single
server outage and to have more management and maintenance flexibility a three-server solution is
recommended. Because of the 100% tolerance requirement, the same number of StoreFront
servers should be implemented in each datacenter.
Users can access the environment by means of the FQDN example.mycompany.lab. The incoming
user requests are distributed by means of Global Server Load Balancing (GSLB). This means the
NetScaler HA pairs located in both of the datacenters are configured as authoritative DNS servers
for the aforementioned FQDN. When a user initiates a connection to the example.mycompany.lab
FQDN, one of the NetScaler HA pairs (selected randomly) will determine which datacenter is best
suited to serve the request. This decision can be based on proximity, home IP subnet or similar
16. Page 16
properties of the user. Session persistence is achieved using a client side cookie automatically set
by NetScaler.
Since a user can be forwarded to both datacenters, it is required to synchronize the application
subscriptions. This can be achieved be means of PowerShell Commandlets as outlined in eDocs -
To configure subscription synchronization.
In addition, the NetScaler appliances within each datacenter also provide load balancing, SSL
offloading and availability monitoring for the StoreFront servers. These appliances are also
leveraged to load balance the XML requests sent from the StoreFront servers to the XenDesktop
Controllers. This ensures an even distribution of load amongst the XenDesktop Controllers and
avoids a potential bottleneck. StoreFront needs be configured to connect to the NetScaler vServers
in both datacenters rather than the XenDesktop Controllers directly.
17. Page 17
Scenario 4 – 10,000 Users with Split Sites and Dedicated Home
Datacenters
This scenario is equal to scenario 3 except for the fact that the XenDesktop sites have been split
into two sites per datacenter to minimize the impact of a XenDesktop site outage. In addition, each
datacenter is configured as a home datacenter for 50% of the users. Each user’s virtual desktop,
user profile, home directory and all user related data is located in their home datacenter. In case of
a datacenter outage affected users are redirected to the second datacenter until normal operations
can be restored.
In order to meet the aforementioned load balancing and failover requirements, the new StoreFront
User Mapping and DR features need to be configured. For this scenario two user groups will be
created in Active Directory (Datacenter-A-Users and Datacenter-B-Users). For the Datacenter-A-
Users user group, an Aggregation Group consisting of XenDesktop Sites 1 and 2 will be created
and configured for load balancing. In addition XenDesktop Site 3 and 4 will be configured for
backup only and vice-versa for Datacenter-B-Users. In order to ensure the StoreFront instances in
both datacenters behave equally the configuration has to be replicated. When a member of the
Datacenter-A-Users user group logs on to StoreFront, the account credentials submitted will be
validated and the user is authenticated. StoreFront then determines the user group memberships
and verifies if the user already has a session in any of the XenDesktop sites. If that is not the case
and the user cannot be reconnected or session sharing cannot be used a new user session is
established. In case none of the XenDesktop sites in datacenter A are available, the user will be
18. Page 18
redirected to XenDesktop Site 3 or 4. For further information in regards to StoreFront User Mapping
and DR, please refer to eDocs - StoreFront high availability and multi-site configuration.