On-prem and on-cloud

Category archive



Citrix in-session watermark

in Citrix Cloud/Receiver/XenApp/XenDesktop by

The fact in VDI security designs is that people are the weakest links in your protection chain. How can you prevent insiders from simply taking the screen and leaking your most brilliant ideas to external sources? How can you trace a leak back to when it first happened?

Citrix In-session Watermark offers a solution for you. It adds traceable information on top of the VDI screen. This provides a deterrent to prevent people from stealing the screen. To take this one step further, even if the information is leaked, you can still easily trace back to follow the identity on the screenshot.

While XenApp & XenDesktop provides a great barrier to information theft for outside attackers, In-session Watermark is provides an additional layer of security against theft from inside users. To clarify, watermarks are primarily a deterrent to inside users – for trustworthy users, yes, who sometimes need a reminder to be honest, and also for malicious insiders who are working to steal intellectual property. Since users control their endpoints running Citrix Receiver, there are security advantages to implementing server-side protections, and this is where we implemented In-session Watermark.

The watermark is added to the image before it is transferred to the endpoint. Compare the approach for implementing Citrix In-session Watermark on server side to other solutions and offerings on the market. The Citrix In-session Watermark cannot be removed without killing the session. If a watermark solution were implemented using a user space process to draw the watermark, the malicious users can kill that process to remove the watermark, which is clearly not a sufficient deterrent.

In the Citrix solution, the watermark is added deep inside the HDX engine and if the user were to kill the process that draws the watermark, it would also kill the user’s session, which is a much more effective deterrent.

The benefits of embedding this security into the HDX engine also include better screen coverage. The Windows 10 start menu and UWP apps will be covered properly with Citrix Watermark while a user mode process might leave some of the screen uncovered.

More details can be read in the original Citrix article at: https://www.citrix.com/blogs/2017/12/04/a-new-option-to-protect-your-workspace-in-session-watermark/

XenApp and XenDesktop 7.15 LTSR CU1 and 7.16 CR

in XenApp/XenDesktop by

XenApp and XenDesktop LTSR and CR latest releases are here!

You should always research release notes, known issues and fixes of the new releases under each of the two main XenApp/XenDesktop forks, LTSR and CR.

More details about the two new recently released versions can be found by following the Citrix links below:

XenApp and XenDesktop LTSR 7.15 CU1


XenApp and XenDesktop CR 7.16


XenApp/XenDesktop 7.15 LTSR lab on a single machine

in Hyper-V/XenApp/XenDesktop by

Having built a powerful Windows desktop with the following configuration, I would like to share the requirements and high level deployment process for a single machine XenDesktop 7.15 LTSR lab.

Host machine configuration: 

  1. Windows Server 2016 Standard evaluation with Hyper-V server role and management tools
  2. RAM and SSD storage will be much appreciated of course, the more the better.
  3. All virtual machines have single vNIC, minimum 2 GB RAM (Hyper-V dynamic), 2vCores CPU as well as basic 40GB dynamic Hyper-V disk. The following virtual machines pre-created based on sysprepped Windows 2016 Standard template:
    1. DC01. Includes Active Directory domain services, DNS, file server (for Citrix UPM), certificate services (for Storefront SSL certificate) and DHCP (for PVS).
    2. CTX01. Includes Citrix XenDesktop 7.15 LTSR Delivery Controller, Citrix Licenser server and Citrix Storefront 3.12. Initially a demo 30-day license can be used (included by Citrix) or a new trial license can be issued from MyCitrix account website. The Citrix server roles can be consolidated except for XenDesktop VDA.
    3. VDA01. Includes Citrix XenDesktop 7.15 LTSR VDA (session machine), which can be a server or desktop OS VDA.
    4. SCVMM01. Includes System Center Virtual  Machine Manager (for use of Citrix MCS provisioning technology)
    5. PVS01. Includes Citrix PVS server (for use of Citrix PVS provisioning technology), running also PXE and TFTP services.
    6. Master01. This used as the master image for creating PVS vdisk.
    7. (Optionally) Netscaler VPX Express can be used for evaluating HDX proxy with Netscaler Gateway.

Citrix lab high level deployment process: This is based upon guidance from Citrix CTP Carl Stalhood: http://www.carlstalhood.com/xaxd/xenappxendesktop-7-15-ltsr/ 


What’s new in XenApp and XenDesktop LTSR 7.15

in XenApp/XenDesktop by

XenApp and XenDesktop 7.15 LTSR is essentially a field-proven, hardened version of XenApp and XenDesktop 2017 releases, with a variety of fixes and updates based on internal testing and customer feedback. It also includes broad OS platform support from Server 2008R2 to 2016 and Windows 7 to 10. Unlike the first LTSR, which was retroactively declared, this LTSR and future LTSRs will use a dedicated version number and LTSR designation. This makes it easier to identify LTSR sites over time. However, this LTSR should be adopted by all customers including those of you who are on the Current Release path given that this 7.15 LTSR contains fixes and updates for the 7.14 CR as well.

As mentioned above, the three main focus areas for XenApp and XenDesktop are security, flexibility, and user experience. Let us now delve into the plot further by covering the key points for each below which have culminated from the past few 7.x releases into this 7.15 LTSR.

More details can be found at Citrix blog post: https://www.citrix.com/blogs/2017/08/15/xenapp-xendesktop-7-15-ltsr-the-blockbuster-release-of-the-summer/ 

Also a great collection of articles can be found in the following Citrix XenApp and XenDesktop 7.15 LTSR FAQ: https://www.citrix.com/blogs/2017/09/07/xenapp-and-xendesktop-q3-2017-faq-from-the-whats-new-webinar/

and https://support.citrix.com/article/CTX205549

What’s Changed with this LTSR?

There are a few additional, notable updates that Citrix provides on its blog:

  • For the first time ever, Citrix Cloud will support LTSR benefits by combining the XenApp and XenDesktop Service with on-premises 7.15 LTSR VDAs.
  • The product lifecycle for all XenApp and XenDesktop Current Releases and LTSRs have been updated. Please review the latest information on the Citrix Product Lifecycle Support Policy and related pages.
  • With the retirement of Subscription Advantage, LTSR benefits are an entitlement of Customer Success Services only.


Citrix Receiver

in XenApp/XenDesktop by

A tedious but important task for any Citrix admin is to keep track of their customer’s Citrix Receiver client versions. You can grab the latest CR version from https://receiver.citrix.com and http://docs.citrix.com/en-us/receiver.html for all supported devices. The latest LTSR version can be found at https://www.citrix.com/downloads/citrix-receiver/windows-ltsr/ .

You can make use of Citrix Receiver Group Policy scripts for automatic mass deployment/upgrades in an Active Directory domain.

Always test before deploying in production, The known issues and fixed issues for each version of Citrix Receiver must always be checked thoroughly in the release notes section of Citrix Docs.

An exciting new feature is the auto-update feature in version 4.9. New Citrix Receiver for Windows 4.9 (LTSR) includes the Citrix Receiver updates capability, which enables updating it directly from Citrix, instead of manually downloading and installing it.

You can update to the new Citrix Receiver for Windows 4.9 (LTSR) automatically if you have installed Citrix Receiver for Windows 4.8 on your device, which has the capability to check for updates. In addition to the Citrix Receiver, you can get automatic updates to Real Time Media Engine for Skype for business (RTME) on your device, so now you can always be on the latest and greatest version of Citrix Receiver and RTME!

Citrix Connection Quality Indicator

in Monitoring and operations/XenApp/XenDesktop by

In complex environments, where distributed applications are deployed across the network utilizing numerous physical servers and workstations, connectivity can be reduced in general and/or per session basis. Citrix Connection Quality Indicator is a tool which provides feedback to the user when the network has been reduced to the point that the user’s experience is degraded. Displaying this information to the end user will improve overall user experience and reduce the number of calls to our customers’ help desks for network related user experience issues.

Sometimes end users complain that their Citrix applications or desktops are “slow today.” Citrix XenApp and XenDesktop are usually the first suspects when the user experience is not on par with expectations. This results in a higher than usual number of calls for the IT team, who then have to investigate Citrix environments, as well as their network, hardware, and so on. In most cases, the problem is caused by something other than Citrix.

Citrix Workspace Services – Supportability Team has introduced the end user-facing Citrix Connection Quality Indicator that gives users a better understanding of what is happening with their connection to a Citrix environment. As a result, they are able to adjust their expectations based on the notifications provided by the tool. Even when a device shows a strong network connection (e.g. all 5 bars on WiFi), that may not be a true representation of what is happening between the user’s device and the Citrix environment. The Connection Quality Indicator shows the correct indication of the connection strength to Citrix XenApp and XenDesktop.

The Connection Quality Indicator is an independent package that can be downloaded from Citrix Knowledge Base article CTX220774.
It needs to be installed on the Windows machine where the VDA is installed. The indicator shows notifications to the user when there is a change in the connection quality, for applications and desktops delivered by XenApp and XenDesktop.




Source: Citrix Blogs and Citrix Support pages

XenDesktop 7.13 is out

in DaaS/PVS/XenApp/XenDesktop by

This release marks a major milestone with significant enhancements to HDX. With new Adaptive Transport Technology, users benefit from faster, more responsive sessions across all functions by up to 10x — even over challenging network conditions. Furthermore, overall bandwidth consumption is reduced by up to 60% using the default graphics settings. Performance and scalability is improved when running on Intel graphics platforms and expanded USB tablet integration opens up new possibilities. Admins benefit with simplified setup of NetScaler Gateway, quick identification of inactive sessions and expanded Linux support. Also PVS now supports Linux desktop streaming.

More details can be found at:

XenApp and XenDesktop Director 7.12 features

in DaaS/Monitoring and operations/XenApp/XenDesktop by

As 2016 draws towards a close and people start planning for the holiday season, Citrix announced availability of Director 7.12 – a feature-packed release that will make a XenApp/XenDesktop administrator’s job simpler and less time-consuming. The list of new features and enhancements with this release includes the ability to mine the monitoring database with custom reporting, context-specific troubleshooting tips, a surprise gift for customers with Enterprises licenses, alerts via SNMP and more. Read on for details.

Director 7.12: A Citrix Holiday Gift to XenApp & XenDesktop Administrators


Citrix XenApp server reboot framework

in DaaS/XenApp/XenDesktop by

As the Citrix XenApp and XenDesktop FMA architecture does not include sophisticated reboot functionality by design, the use of a reboot script comes in very handy. There are two versions of the Citrix reboot framework, which introduce a great level of granularity when it comes to scheduling the reboot of Citrix session machines (workers).

The first version of the Citrix reboot framework can be found at: https://www.citrix.com/blogs/2015/10/16/xenapp-and-xendesktop-7-x-server-os-vda-staggered-reboot/

The first version of the Citrix reboot framework can be found at: https://www.citrix.com/blogs/2016/09/20/xenapp-and-xendesktop-7-x-server-os-vda-staggered-reboot-framework-v2/

Despite slightly different configuration parameters, the main difference between the first and the second version of the framework is the support of all provisioning methods offered by XenApp and XenDesktop. While the first version has no support for Machine Creation Services (MCS), the second version now has support for all provisioning methods including MCS.

XenApp and XenDesktop 7.12 is here!

in XenApp/XenDesktop by

XenApp and XenDesktop 7.12 ensures site accessibility with newly improved Local Host Cache technology, improved Azure integration, granular control for app and desktop publishing and intelligent server maintenance. Platinum Edition now contains enhanced monitoring with custom reporting and alert integration. It is the best platform to-date for app and desktop delivery – whether starting new, upgrading from a previous 7.x version or especially if migrating from XenApp 6.5.

A detailed matrix of the XenApp and XenDesktop 7.12 features can be found at:


A handy presentation of what’s new in XenApp and XenDesktop 7.12 can be found at:



XenAPp 7.x reboot schedules

in XenApp/XenDesktop by

Citrix server reboot schedules will be required in most cases in a XenApp environment, in order to cleanup files residing in RAM and prevent issues arising from the session machines being up and running for a long period of time. Citrix UPM files and other files are writen periodically which can cause a clutter if they remain on the server for a long time. It is high recommended to evaluate your company’s session machine reboot schedule to address various issues. After you agree on a reboot schedule with your customers, you can go ahead and either utilize the XenApp inherent functionality or make use of scripts provided by Citrix, which enable enhanced server reboot schedule functionality.

Main references for designing and implementing your reboot schedule can be the following:

  1. http://www.basvankaam.com/2014/08/19/rebooting-your-xendesktop-7-x-application-servers-whats-up-with-the-build-in-restart-schedule/ (main article)
  2. Script 1
  3. Script 2

XenApp/XenDesktop Long Term Service Release (LTSR)

in DaaS/XenApp/XenDesktop by

As a benefit of Software Maintenance, Long Term Service Releases (LTSR) of XenApp and XenDesktop enable enterprises to retain a particular release for an extended period of time while receiving minor updates that provide fixes, typically void of new functionality. This provides customers with greater predictability and simplified on-going maintenance. Citrix has announced the first-ever Long Term Service Release of XenApp and XenDesktop 7.6 available for download on Citrix.com. The following diagram shows the evolution of XenApp/XenDesktop releases over the course of the past 3 years.


Instead of using the LTSR release, service provider wishing to apply all the latest features and technologies can make use of the Current Release (CR). More details on the LTSR vs. the CR releases can be found in the following links:


Go to Top