Skip to content

Citrix App Studio Quick Deployment Guide

September 14, 2013

This article describes how to install Citrix App Studio using a very simple configuration. It includes an brief overview of Citrix App Studio’s basic deployment architecture followed by a guided walkthrough that shows how to set up the simplest possible configuration so you can get started using Citrix App Studio right away.

Basic Deployment Architecture

A Citrix App Studio basic deployment consists of an Active Directory domain, a Microsoft SQL Server, at least one Citrix App Studio management server, and servers running Citrix XenApp components. All servers need to be running Microsoft Windows Server 2008 R2 and must have .NET 4.0 installed and .NET 3.5 installed as a server role. They can be either physical machines or virtual machines running on one or more hypervisors.

The following diagram shows the components of a basic deployment:

  • Active Directory Domain at the Windows Server 2008 R2 functional level – Citrix App Studio requires an Active Directory domain and domain administrator credentials for the domain. Before installing Citrix App Studio, you must create an Organization Unit (OU) that will be managed by Citrix App Studio.
  • Microsoft SQL Server, version 2008 SP1 or later, configured with Mixed-mode authentication – Microsoft SQL Server is used to store the Citrix App Studio configuration and your XenApp configuration. For our basic deployment you will need credentials for the SQL Server sa account, and your domain administrator must be configured as a SQL server administrator. Your SQL server must be accessible from the network; make sure that Windows Firewall is configured to permit access to the “sqlservr.exe” program. Note: SQL Server Express Edition is not supported.
  • Machine 1 – This machine hosts the management components of Citrix App Studio. This includes the Citrix App Orchestration Engine and the Citrix App Studio Web Console.
  • Machine 2 – This machine runs Citrix Web Interface configured to broker sessions using the XenApp controllers.
  • Machine 3 and 4 – These machines run Citrix XenApp configured as primary and backup controllers respectively.
  • Machine 5 – This machine runs Citrix XenApp configured as a session host for the XenApp controllers. You should install the applications that you wish to host on these machines.

We will use Citrix App Delivery Setup Tools to automatically configure XenApp and Web Interface, so it is not necessary to pre-install any Citrix software on these machines.

Prerequisites

Make sure you have the following prerequisites:

  • Active Directory domain where Citrix App Studio will be deployed.
  • Domain GPOs for Citrix App Studio configured. Refer to the “Configuring GPOs” section for instructions.
  • Administrator Credentials for the Active Directory domain.
  • Citrix App Studio OU created. This guide assumes the OU will be “[domain]/CitrixAppStudio”.
  • OU where Tenants’ computers and users reside. This guide assumes the OU will be “[domain]/CitrixAppStudio/Tenants”.
  • SQL Server 2008 SP1 or later, configured to allow Mixed-Mode authentication.
  • Windows Firewall on SQL Server machine configured to allow network traffic to sqlservr.exe program. Refer to the “Configuring SQL Server Firewall Settings” section for instructions.
  • Password for the SQL Server “sa” user.
  • Domain administrator configured as SQL Server database administrator.
  • GPO for PowerShell remoting, linked to Citrix App Studio OU and (if different) the OU where the SQL Server machine resides.
  • At least 5 machines (physical or virtual) running Windows Server 2008 R2, and joined to the Active Directory domain.
    • At least one of these must have the applications installed that you want to offer as a hosted service.
    • All machines must have both the .NET 3.5 server role enabled, and the .NET 4.0 runtime installed.  You can find the .NET 4.0 runtime in the “Support” directory of the Citrix App Studio media.
    • All machines must reside in an OU that is a child of the OU where the GPO for PowerShell remoting is linked.
    • XenApp 6.5 DVD image on a network share that you have write-access to. You can download the XenApp 6.5 DVD image from here if you do not already have it.
    • A Citrix License Server, version 11.9 or greater, with a XenApp Premium CSP license installed.

Configuring GPOs

There are a few Active Directory GPOs that need to be created to ensure that your machines are properly configured to run Citrix App Studio. The following sections describe and give instructions for creation of those GPOs.

PowerShell Execution Policy

Before you install Citrix App Studio, set the PowerShell execution policy on the required servers by using Group Policy. To do this, use the Group Policy Management Console to configure the Turn on Script Execution policy setting.

  1. On a server joined to the domain, open the Group Policy Management Console (gpmc.msc) and create a new Group Policy Object (GPO) or edit an existing one. This GPO should be associated with the following servers in the Citrix App Studio environment:
    • Citrix App Studio management server
    • XenApp controllers and session hosts
    • Web Interface server
    • Database server hosting the XenApp farm databases
  2. From the Group Policy Management Editor, navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell.
  3. Right-click Turn on Script Execution and select Edit.
  4. Select Enabled and then, under Options, select Allow only signed scripts.
  5. To apply the settings, on each server, open a PowerShell command window and run gpupdate.
PowerShell Remoting

You can configure PowerShell remoting on all servers in the domain by using Group Policy. To do this, use the Group Policy Management Console to enable the WinRM service, configure listeners, set the amount of session memory available, and provide a list of trusted hosts. You will also need to configure the WinRM service to start automatically and ensure Windows Firewall allows traffic through the ports assigned to WinRM.

Note: By default, WinRM 2.0 uses the ports 5985 for HTTP traffic and 5986 for HTTPS traffic. If you are using firewalls between the Citrix App Studio management server and the other servers in your deployment, ensure these ports are enabled.

  1. On a server joined to the domain, open the Group Policy Management Console (gpmc.msc) and create a new Group Policy Object (GPO) or edit an existing one. This GPO should be associated with all servers in the Citrix App Studio environment.
  2. From the Group Policy Management Editor, navigate to Computer Configuration > Policies > Administrative Templates > Windows Components.
  3. Use the following table to configure the required policy settings:

Setting Location & Name
Policy Setting
Setting Values

Windows Remote Management (WinRM) > WinRM Service
Allow automatic configuration of listeners

  • Enabled.
  • To configure WinRM to listen on all addresses, type an asterisk (*) in the IPv4 Filter and IPv6 Filter fields.

Windows Remote Management (WinRM) > WinRM Client
Trusted Hosts

  • Enabled.
  • In TrustedHostsList, type an asterisk (*) to indicate all hosts are trusted.

Windows Remote Shell
Specify maximum amount of memory in MB per Shell

  • Enabled.
  • In MaxMemoryPerShellMB, type 1000.

Specify maximum number of remote shells per user

  • Enabled.
  • In MaxShellsPerUser, typing 0 indicates an unlimited number of shells.
  1. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > System Services.
  2. Double-click the Windows Remote Managementservice and select the following options:
    • Define this policy setting
    • Automatic
  3. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules.
  4. Right-click Inbound Rules and select New Rule.
  5. In the New Inbound Rule Wizard, on the Rule Type page, select Predefined and then select the Windows Remote Management rule. Click Next.
  6. On the Predefined Rules page, accept the defaults and click Next.
  7. On the Action page, ensure Allow the connection is selected and click Finish.
  8. To apply the settings, on each server, open a PowerShell command window and run gpupdate (you can perform this step once all GPOs are created).
Agent Polling Interval

By default, Citrix App Studio agents poll for workflow execution once every 5 minutes. The polling interval is adjustable, with shorter intervals resulting in higher server load on the configuration service, and higher intervals resulting in a longer delay before configuration takes effect. For our quick deployment, we are creating a small number of machines so we can reduce the polling interval and speed up configuration dramatically without creating a high server or network load on the Citrix App Studio management server.

To reduce the polling interval to 15 seconds:

  1. Create or edit a policy attached to the Shared Allocation OU
  2. Navigate to Computer Configuration -> Preferences -> Windows Settings -> Registry
  3. Right-click on Registry and select New -> Registry Item
  4. Set the following settings:
    • Action: Update
    • Hive: HKEY_LOCAL_MACHINE
    • Key Path: SOFTWARE\Citrix\CloudAppManagement\Agent
    • Value name: SyncIntervalSeconds
    • Value type: REG_DWORD
    • Value data: 15
    • Base: Decimal
  5. Click OK
  6. To apply the settings, on each server, open a PowerShell command window and run gpupdate (you can perform this step once all GPOs are created).
Enabling Windows 7 Look and Feel for Hosted Desktops

In this simple deployment, you will be creating a hosted desktop. In order to provide users with a desktop that has the Windows 7 look and feel:

  1. Enable the “Group Policy Management” feature on the Citrix App Studio management server (Machine 1 in the diagram above).
  2. Launch the Service Provider Automation Toolkit link from the Start Menu, located at:
    • Start -> All Programs -> Citrix -> App Delivery Setup Tools -> App Delivery Setup Tools PowerShell (x64)
  3. Run the .\New-CtxManagedDesktopGPO.ps1 command.
  4. When the command is finished, open the Group Policy Management Console and link the following GPOs to the Citrix App Studio OU:
    • CtxStartMenuTaskbarUser (user GPO)
    • CtxPersonalizableUser (user GPO)
    • CtxRestrictedComputer (computer GPO)
  5. To apply the settings, on each server, open a PowerShell command window and run gpupdate (you can perform this step once all GPOs are created).

Configuring SQL Server Firewall Settings

To ensure the database server can communicate as required with the other servers in your deployment, create a Windows Firewall policy on the database server that allows connections with other servers.

  1. On the database server, click Start > Administrative Tools > Windows Firewall with Advanced Security.
  2. In the left pane, click Inbound Rules.
  3. Right-click Inbound Rules and then select New Rule. The New Inbound Rule Wizard appears.
  4. On the Rule Type page, select Program and then click Next.
  5. On the Program page, select This program path and then click Browse.
  6. Locate and select the SQL Server executable and then click Open. Typically, on a server running a 64-bit operating system, the SQL Server executable is located at C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe.
  7. On the Action page, select Allow the connection and then click Next.
  8. On the Profile page, select Domain, Private, and Public.
  9. On the Name page, enter a name for the rule and click Finish.

Installation

Perform the following steps on Machine 1:

  • Open the directory where you have the Citrix App Studio image and run Setup.exe. When the setup program starts, click the “Get Started” button, then look over the EULA and click “I accept the terms of this license agreement” followed by the “Next” button. When you are ready to install, click the “Install button. When the installation finishes successfully, click “Close” and the Citrix App Studio Server Configuration will start automatically.
  • You will be presented with two choices: “Create a new deployment” or “Join an existing deployment”. Click the “Create a new deployment” button.
  • Next, you must specify your database information. You can accept the default database name or enter a different one. Then enter the database server name along with your SQL Server’s sa user name and password. When you click “Next”, the database information will be verified. Note: Citrix App Studio only supports SQL Native Authentication for the deployment database.
  • Next, you must pick an SSL configuration option. It is highly recommended that you use SSL. Deployments that do not use SSL will result in administrator credentials being transmitted in plain text over an unsecure network. If you choose to use SSL, choose an SSL certificate that is installed in your certificate store. When you are done, click “Next”.
  • Finally, provide the path to your XenApp 6.5 DVD image. This is needed to allow patching of the XenApp DVD with a new version of the Citrix App Delivery Setup Tools and the Citrix App Orchestration Agents. Note that you must have write access to the chosen path. Click “Next” when you are done.
  • Verify all of the configuration information you entered. If it is correct, click “Configure”. At this point, the configuration will be applied. When the configuration finishes successfully, click “Close” and the Citrix App Studio Web Console will start automatically.

Global Settings Configuration

Now that you have finished the installation and server configuration on Machine 1, you are ready to configure the Citrix App Studio global settings. The Citrix App Studio Web Console should have been started automatically when you closed the server configuration app, but if it wasn’t, or you accidentally closed it, just click on “Citrix App Studio” in your Start Menu under All Programs -> Citrix.

Once you logon to Citrix App Studio using your credentials, you should see the home screen that includes a link that says “Configure Citrix App Studio”. Click the link to bring up the Global Settings wizard.

The first page will ask for the following info:

  • License server – This is the name of your Citrix license server.
  • Shared allocation domain – This is the name of your Active Directory domain.
  • Shared allocation OU – This is the name of the Active Directory OU that you created for Citrix App Studio. For our simple deployment, use the default: CitrixAppStudio
  • Shared infrastructure import OU – When you enter the shared allocation OU, this field will be automatically set to “[SharedAllocationOU]/Infrastructure”. For our simple deployment, use the default: CitrixAppStudio/Infrastructure
  • Decommissioned server OU – When you enter the shared allocation OU, this field will be automatically set to “[SharedAllocationOU]/Decommissioned Servers”. For our simple deployment, use the default: CitrixAppStudio/Decommissioned Servers
  • User name: This is the domain administrator user name.
  • Password: This is the domain administrator password.

When you have finished this page, click “Next”.

The second page will ask you information about the first farm catalog:

  • Name – This is the name for your first farm catalog. For our simple deployment, use the default: “Starter Farm Catalog”.
  • Description – This is the description for the farm catalog. Use the default.
  • Tags – This is a list of tags for the farm catalog.
  • Maximum workload machines per farm – This is the max number of session hosts that will be joined to a single farm in the catalog. If a workload requests capacity that would exceed this number, another farm will be allocated. For the simple deployment, use the default: 500
  • Farm import OU – This is the OU that will be monitored to identify the machines that are acting as farm controllers and import farms into the catalog. This field will be automatically set based on the shared allocation OU and the name of the farm catalog we just specified. For our simple deployment, use the default value.

When you have finished this page, click “Next”.

The third page will ask you information about the farm catalog database credentials:

  • Farm database authentication type – Choose whether the farm database access will be done using Windows Authentication or SQL Authentication. For a simple deployment, choose Windows Authentication.
  • User name – Enter the Windows user name of the domain administrator who is a SQL Server database administrator.
  • Password –Enter the Windows password of the domain administrator who is a SQL Server database administrator.

When you have finished this page, click “Next”.

The fourth page will ask you information about the first workload catalog:

  • Name – This is the name for your first workload catalog. For our simple deployment, use “WorkloadCatalog1”.
  • Description – This is the description for the workload catalog. Leave this blank.
  • Tags – This is a list of tags for the workload catalog.
  • Workload machine import OU – This is the OU that will be monitored to identify the machines that are acting as session hosts, and import those machines into the catalog. This field will be automatically set based on the shared allocation OU and the name of the workload catalog we just specified. For our simple deployment, use the default value.

When you have finished this page, click “Next”.

Review all of the summary information and click “Finish” if it is correct. The global settings will be saved.

At this point, you can click on Workflows to see the tasks that the system is performing to configure the deployment. If there are no workflows running, click the History button to see completed workflows.

Adding a Web Interface Server

The home screen should now show that the initial setup and configuration is complete. Now we need to add a Web Interface server. Simply click the “How do I do this?” link in the “Add Web Interface servers” section to get customized instructions on how to do this for your deployment.

When following the instructions, the machine name should be the name of Machine 2 in the “Basic Deployment Architecture” diagram.

Additionally, the XenApp DVD path you specify should be the one that you provided during the Citrix App Studio Server Configuration.

Once you have completed the steps and given the system some time to process the request, the home screen should show that the Web Interface server was added. You can always check the Workflows page to see what the system is doing. Note that it may take up to 5 minutes after the New-CamWIServer script completes before the system recognizes the server in the import OU and begins the import process.

Adding a Farm to the Farm Catalog

The home screen should now show that the Web Interface server has been added. Now we need to add a farm to the farm catalog. Simply click the “How do I do this?” link in the “Add farms to Starter Farm Catalog” section to get customized instructions on how to do this for your deployment.

When following the instructions, the machine names for the primary and backup controllers should be the names of Machine 3 and Machine 4 respectively in the “Basic Deployment Architecture” diagram.

Additionally, the XenApp DVD path you specify should be the one that you provided during the Citrix App Studio Server Configuration.

Once you have completed the steps and given the system some time to process the request, the home screen should show that a farm was added. You can always check the Workflows page to see what the system is doing. Note that it may take up to 5 minutes after the New-CamFarm script completes before the system recognizes the farm controllers in the import OU and begins the import process.

Adding a Machine to the Workload Catalog

The home screen should now show that the farm has been added. Now we need to add a machine to the workload catalog. Simply click the “How do I do this?” link in the “Add machines to WC1” section to get customized instructions on how to do this for your deployment.

When following the instructions, the machine name for the session host should be the name of Machine 5 in the “Basic Deployment Architecture” diagram.

Additionally, the XenApp DVD path you specify should be the one that you provided during the Citrix App Studio Server Configuration.

Once you have completed the steps and given the system some time to process the request, the home screen should show that the machine was added. You can always check the Workflows page to see what the system is doing. Note that it may take up to 5 minutes after the New-CamSessionHost script completes before the system recognizes the server in the import OU and begins the import process.

Advertising a Desktop or Application

Now that we have the infrastructure ready, we can advertise a desktop or application. Click on the “Make desktops and apps available” link. This will display a wizard that will let you pick a desktop or applications to advertise. Note that Citrix App Studio has already determined all applications that can be advertised from the catalog.  If you want to advertise a system application, click “Show system applications” and the system applications will be displayed.

For our simple deployment, we will advertise a hosted desktop with Windows 7 look-and-feel. Select the “Hosted Desktop” icon and hit next, then just accept the default values for the rest of the pages of this wizard. Click “Next” until you get to the summary page, then click “Finish”. At this point, the advertisement will be created.

Typically, a hosted desktop is used in Full Screen mode. To ensure this, click on the name of the newly advertised desktop to see its details, then click the “Edit” button. Choose “Session properties” and then “Full screen”. Click “Save Advertisement” to submit the changes.

Adding a Tenant

Now it’s time to add a tenant. It is important to understand that Citrix App Studio does not create tenants or manage the users within a tenant. Those functions should be performed by an external system, such as Citrix CloudPortal Services Manager or another control panel. For this guide, we will simulate the actions that a typical control panel would make to add a tenant.

  • Open up the “Active Directory Users and Computers” console and create an Organization Unit (OU) where our new tenant’s users and computers will reside. For this example, create the OU: [domain]/CitrixAppStudio/Tenants/Tenant1
  • Right-click on the newly created OU and select New->User.
  • Fill in the user information in the wizard and click “Finish”. For this example, name the user “user1”.

Back within the Citrix App Studio Web Console, click the “Add tenants to the system” link. This will display a wizard that will let you import the tenant you just created.

The first page will ask you basic information about the tenant:

  • Name – This is the name of the tenant. For our simple deployment, use “Tenant1”.
  • Description – This is the description for the tenant. Leave this blank.
  • Tags – This is a list of tags for the tenant.
  • Tenant root OU – This is the OU that will be used to identify the tenant. The tenant’s users must reside within this OU, and any computers that are privately allocated to the tenant will be automatically moved under this OU. This field will be automatically set based on the shared allocation OU and the name of the tenant we just specified but can be changed to reflect any tenant OU hierarchy. The OU must exist before you can continue. For our simple deployment, use the default OU: CitrixAppStudio/Tenants/Tenant1.

When you have finished this page, click “Next”.

The second page asks what type of Web Interface isolation to use. For our simple deployment, use the default value of “Shared site”. Click “Next” to go to the next page.

Ensure the summary information is correct and click “Finish” to create the tenant. When the operation is done, click the “Go to the Dashboard” link.

Subscribing the Tenant to Services

In order for a tenant’s users to access the advertised desktops and applications, we must create a subscription. So the next step is to subscribe our new tenant to the desktop we advertised.

Click on “Tenants” in the Citrix App Studio menu bar. Then click the “Subscribe” button. This will display the subscription wizard:

  • Choose the tenant and click “Next”.
  • Select the desktop we advertised earlier and click “Next”.
  • We need to choose which users will have access to the desktop. Enter the user or group name into the “Users or Active Directory groups to add” field. If you followed this guide exactly, the user name should be “[domain]\user1”. Click “Validate Users”. Once the user is validated, click “Next”.
  • Click “Next” to accept the default workload allocation.
  • Ensure the summary information is correct and click “Finish” to create the subscription.

Now click on System -> Workflows to check on the status of the tenant creation. When the workflow completes, click on Tenants and then click on the tenant you created. You should see a link to the Web Interface site. Click the link and your browser will display the tenant’s Web Interface site. Log on using the tenant user’s credentials and you will see the desktop you subscribed to.

Enabling Desktop Viewer for Web Interface Sites

By default, Desktop Viewer is disabled for Web Interface sites created by Citrix App Studio. For the best user experience with hosted shared desktops, it is recommended to enable Desktop Viewer. This gives the user better control over their hosted desktop session.

To enable Desktop Viewer, perform the following steps for each Web Interface site:

  • On your Web Interface machine, open the WebInterface.conf file from the following locations:
    • C:\inetpub\wwwroot\Citrix\PNA\[SiteName]\conf
    • C:\inetpub\wwwroot\Citrix\WI\[SiteName]\conf

Remove the # from the line that says “ShowDesktopViewer=Off” and change the line to “ShowDesktopViewer=On” as shown here:

About these ads
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: