 Product documentation

Citrix Virtual Apps and Desktops service


July 1, 2021
Contributed by:  C

IN THIS ARTICLE

Introduction
Site overview
Components and services managed by Citrix
Management interfaces
Components and technologies managed by the customer
Objects you configure to deliver desktops and applications
Citrix Managed Azure
Delivering applications and desktops to users
Service Level Agreement
More information
Get started

Introduction
Citrix Virtual Apps and Desktops provides virtualization solutions that give IT control of virtual machines, applications, and security
while providing anywhere access for any device. End users can use applications and desktops independently of the device’s
operating system and interface.
Using the Citrix Virtual Apps and Desktops service, you can deliver secure virtual apps and desktops to any device, leaving most of
the installation, setup, and upgrades to Citrix. You maintain complete control over applications, policies, and users while delivering
the best user experience on any device.
The service allows you to manage on-premises data center and public cloud workloads together in a hybrid deployment. You can
connect to public clouds Microsoft Azure, Amazon Web Services (AWS), and Google Cloud, plus on-premises hypervisors such as
Citrix Hypervisor, Microsoft Hyper-V, and VMware vSphere. The hybrid, multi-cloud approach gives you the flexibility to deploy
different applications in different resource locations worldwide.
The service offers several ways to deliver apps and desktops.
Delivery methods describes the primary ways, with use-cases and pros/cons.
Delivery models lists more choices, and also offers VDI model comparisons.
Citrix Managed Azure further simplifies the deployment of virtual apps and desktops. With Citrix Managed Azure, Citrix also
manages the hosting of Azure workloads.
Learn more about the advantages of using this service.
Site overview
The following graphic shows the services and components that Citrix administrators work with in a Citrix Virtual Apps and
Desktops service production deployment (also known as a site).

As shown in the graphic, Citrix manages the user access and management services and components in Citrix Cloud. The
applications and desktops that you deliver to users reside on machines in one or more resource locations. In a Citrix Virtual Apps
and Desktops service deployment, a resource location contains components from the access layer and resource layers. Each
resource location is considered a zone.
If you recently migrated from on-premises Citrix Virtual Apps and Desktops, you’ll see that the service eliminates most of the
component setup work required in an on-premises deployment.

Components and services managed by Citrix

Delivery Controllers: The Citrix Virtual Apps and Desktops service provides the functionality to load balance applications and
desktops, authenticate users, and broker or prioritize connections directly from the cloud, without the need to manage Delivery
Controllers, as with on-premises Citrix Virtual Apps and Desktops.
Databases: Site configuration, monitoring, and configuration logging data is stored by the cloud service, eliminating the SQL
database requirement of the on-premises Citrix Virtual Apps and Desktops product.
Licensing: Manages licenses and provides [usage statistics].
Management interfaces: See Management interfaces. Many tasks are also available in service APIs.
Monitor interface: The Monitor interface enables IT support and help desk teams to monitor an environment, troubleshoot
issues before they become critical, and perform support tasks for end users. Displays include:
Real-time session data from the Broker Service in the Controller, which includes data from the broker agent in the Virtual
Deliver Agent (VDA).
 Historical data from the Monitor Service in the Controller.
Data about HDX traffic (also known as ICA traffic).
Cloud Connectors: A Cloud Connector is the communications channel between the components in the Citrix Cloud and
components in the resource location. In the resource location, the Cloud Connector acts as a proxy for the Delivery Controller in
Citrix Cloud.
Every resource location contains at least one Cloud Connector. Two or more Cloud Connectors are recommended for redundancy.
When using Full Configuration to provision machines, you first install Cloud Connectors from the Citrix Cloud console. For
details, see Cloud Connectors.
When using Quick Deploy to provision Azure machines, Citrix creates the resource location and Cloud Connectors for you
when you create a catalog.
After Cloud Connectors are installed, Citrix manages and updates them. The only tasks handled by the customer are Cloud
Connector Windows updates and patching.

Management interfaces
From the Manage tab of the service, you can select the following interfaces.

Full Configuration
From the Manage > Full Configuration interface, you can:
Create and manage connections to hosts.
Create and manage catalogs of machines that contain apps and desktops you deliver to your users.
Create and manage delivery groups (and optionally, application groups.
Create and manage Citrix policies that affect the use and behavior of HDX technologies and features, plus site-level
management. This includes policy settings for sessions, adaptive transport, devices, graphics, multimedia, content redirection,
and VDAs.
Customize delegated administration to create role-based administrators who have specific scopes of authority.
Manage the Autoscale feature to proactively power manage machines that deliver apps and desktops.
Load balance machines
Run health checks on your VDAs to identify potential issues and fix suggestions.
Display configuration log content to see when configuration changes and other administrative activities occurred, and who
initiated them.

Quick Deploy
From the Manage > Quick Deploy interface, you can easily deploy and manage Microsoft Azure workloads that use either a Citrix
Managed Azure subscription or your own Azure subscription. For more information, see Quick Deploy and Citrix Managed Azure.
From Quick Deploy, you can:
Create and manage catalogs.
 Create and customize images, either from various Citrix prepared images, or from images you import from your Azure
subscription.
For more information, see Quick Deploy.

Environment Management
From the Environment Management interface, you can use intelligent resource management and Profile Management
technologies to deliver the best possible performance, desktop logon, and application response times. For more information, see
Workspace Environment Management.

Components and technologies managed by the customer

Citrix Gateway: When users connect from outside the corporate firewall, Citrix Virtual Apps and Desktops can use Citrix
Gateway technology to secure these connections with TLS. The Citrix Gateway or VPX virtual appliance is an SSL VPN appliance
deployed in the DMZ. It provides a single secure point of access through the corporate firewall.
Citrix installs and manages the Citrix Gateway service in Citrix Cloud. You can also optionally install Citrix Gateway in resource
locations.
Active Directory: Active Directory is used for authentication and authorization. It authenticates users and ensures that they are
getting access to appropriate resources. A subscriber’s identity defines the services to which they have access in Citrix Cloud.
This identity comes from Active Directory domain accounts provided from the domains within the resource location.
Identity Provider (IdP): The IdP is the final authority for the user’s identity. Supported IdPs include: on-premises Active Directory,
Active Directory plus token, Azure Active Directory, Citrix Gateway, and Okta. For more information, see:
Workspace Identity
Identity and access management
Virtual Delivery Agents (VDAs): Each physical or virtual machine that delivers resources (applications and desktops) must have
a Citrix VDA installed on it. VDAs establish and manage the connection between the machine on which it’s installed and the user
device, and apply policies that are configured for the session.
The VDA registers with a Delivery Controller, using a Cloud Connector in the resource location as a proxy.
Several VDA types are available:
VDAs for Windows multi-session operating systems allow multiple users to connect to the machine at one time. This VDA type
is usually installed on Windows servers.
VDAs for Windows single-session operating systems allow one user to connect to a machine at a time. This VDA type is
usually used for VDI.
A core version of this VDA type is available for use with the Remote PC Access feature. It contains a subset of the features in
the full single-session VDA.
Linux VDAs support virtual apps and desktops based on an RHEL, CentOS, SUSE, or Ubuntu distribution.
Throughout this service’s documentation, “VDA” often refers to the agent and the machine on which it is installed.
Hypervisors and cloud services: In most production sites, the app and desktop instances (workloads) that you make available
(publish) to your users are “hosted” by a supported hypervisor or cloud service. (The Remote PC Access feature is usually used
with physical machines. Therefore, it does not use hypervisors or cloud services for machine provisioning.)
 When using the Full Configuration interface, you create a connection to a supported host hypervisor or cloud service. Then
from Full Configuration, you use an image (created through that host) to create a catalog of machines that contain the app
and desktop instances. Then you create a delivery group. Citrix provides many tools to simplify and facilitate how these
session hosts are built and maintained.
When using Quick Deploy to deliver Azure workloads, you only need to create the catalog. Although you can use your own
Azure subscription when creating the catalog, using a Citrix Managed Azure subscription eliminates your need to manage the
host, too.
The app and desktop instances that you publish can be on-premises, hosted in public clouds, or in a hybrid mixture of both.
Citrix StoreFront: Citrix StoreFront is the predecessor to the cloud-hosted Citrix Workspace. It is used as the web interface for
access to applications and desktops.
You can optionally install StoreFront servers in resource locations. Having local stores can help deliver apps and desktops during
network outages. The Local Host Cache feature requires a customer-managed StoreFront in each resource location.
See User access for considerations for using StoreFront in a service environment.

Objects you configure to deliver desktops and applications

You configure the following items to deliver apps and desktops in a production environment.
Host connection: A host connection (mentioned earlier) helps enable communication between components in the control plane
(Citrix Cloud) and VDAs in a resource location. Connection specifications include:
The address and credentials to access the host
The storage method to use, and the machines to use for storage
Which network the VMs can use
Remember: When using Quick Deploy, you don’t have to create a connection. And if you use Citrix Managed Azure, Citrix
manages the hosting, as well.
Catalog: In the Full Configuration and Monitor interfaces, catalogs are called “machine catalogs.”
A catalog is a collection of
virtual or physical machines that have the same operating system type (for example, Windows multi-session, Ubuntu single-
session).
When creating a catalog, you usually use an image, which is also known as a template. (Remote PC Access catalogs usually
contain physical machines, so no image is needed.)
When using Quick Deploy, Citrix provides several Citrix prepared images you can use to create your own customized images.
Or, you can import images from your own Azure subscription.
When using Full Configuration to create VMs using a supported host type, the image usually must be created and reside on a
host machine. When creating the catalog, you provide the path to that image.
Regardless of where the image resides, you can install applications on the image, if you want those apps on all machines created
from that image (and don’t want to virtualize those apps).
After the image is ready, you create the catalog.
For VMs, MCS creates the machines and the catalog.
For Remote PC Access, MCS simply creates the catalog, because the physical machines already exist.
For more information about MCS, see Image management.
 Delivery group: A delivery group specifies:
One or more machines from a catalog.
Users who are allowed to access those machines. Alternatively, you can specify users through the Citrix Cloud Library.
The applications and desktops that users can access through Workspace. Alternatively, you can specify applications and
users through the Citrix Cloud Library.
When using Quick Deploy, a delivery group is created automatically. (It appears only in the Full Configuration interface.)
Application group: Application groups let you manage collections of applications. You can create application groups for
applications shared across different delivery groups or used by a subset of users within delivery groups. Application groups are
optional.

Citrix Managed Azure

Citrix Managed Azure is an option available in several Citrix Virtual Apps and Desktops service editions. Using Citrix Managed
Azure simplifies the deployment of virtual apps and desktops from Azure. Citrix manages the infrastructure for hosting Azure
workloads.
With Citrix Managed Azure, you get a dedicated Citrix-managed Azure subscription and resource location. In that Azure
subscription, you create a catalog of VMs. You can:
Deploy single-session and multi-session Windows OS machines or Linux OS machines, from various supported versions.
Choose from a curated list of compute types and storage options in select regions.
Provision persistent or non-persistent workloads on those machines.
Choose from several Citrix provided images that have the latest VDA installed. Then, from the Citrix interface, you build your own
image from that template, and customize it. You can also import and use images from your own Azure subscriptions.
Even though Citrix manages Azure capacity, if you want to communicate with existing resources on your own Azure subscription,
you can use Azure VNet peering to connect resources. You can also use Citrix SD-WAN to connect to your on-premises resources
directly.

Ordering Citrix Managed Azure

To get a Citrix Managed Azure subscription, you must subscribe to a supported Citrix service offering, and then order Citrix
Managed Azure Consumption Funds. You can order the service and consumption funds through Citrix or from Azure Marketplace.
Citrix Managed Azure is supported on the following service offerings:
Citrix Workspace Premium Plus
Citrix Virtual Apps and Desktops service, Advanced and Premium editions
Citrix Virtual Apps and Desktops Standard for Azure edition
For details, see Sign up for the service.

Citrix Managed Azure benefits summary

Using Citrix Managed Azure offers several benefits:
Fastest path to hybrid-cloud benefits.
 Offloads IT management of infrastructure. Provides an administration experience that puts IT in control without the
management and maintenance challenges.
Enables you to rapidly scale work solutions.
Provides a separate Azure subscription that is managed and maintained by Citrix. This Isolates activity from your other Azure
subscriptions.
You retain the flexibility to create and manage workloads using your own Azure subscriptions. Your deployment can include
workloads that use the Citrix Managed Azure subscription, and workloads that use your own (customer-managed) Azure
subscriptions.
Uses a true consumption-based Infrastructure as a Service (IaaS) model.
Several technologies are available to create connections to your own on-premises networks (such as Azure VNet peering and
SD-WAN). This allows your users to access your network’s resources, such as file servers.
Deploying and managing Citrix Managed Azure from this service uses the Quick Deploymanagement interface.
For more information, contact your Citrix representative.

Delivering applications and desktops to users

Citrix Workspace
Subscribers (users) access their desktops and apps through Citrix Workspace.
After installing and configuring the service, you’re provided with a workspace URL link. The workspace URL is posted in two places:
From the Citrix Cloud console, select Workspace Configuration from the menu in the upper left corner. The Access tab contains
the Workspace URL.
From the Citrix Virtual Apps and Desktops service Welcome page, the workspace URL appears at the bottom of the page.
Test and then share the workspace URL link with your subscribers (users) to give them access to their apps and desktops. Your
subscribers can access the workspace URL without any additional configuration.
You configure workspaces from Citrix Cloud.
Specify which services are integrated with Citrix Workspace.
Customize the URL that your subscribers use to access their workspace.
Customize the appearance of subscribers’ workspaces, such as logos, color, and preferences.
Specify how subscribers authenticate to their workspace, such as using Active Directory or Azure Active Directory.
Specify external connectivity for resource locations used by your subscribers.
Automate workspace actions with Microapps and optimize workflows.
For more information, see Citrix Workspace.

Citrix Workspace app

From the user side, Citrix Workspace app is installed on user devices and other endpoints, such as virtual desktops. Citrix
Workspace app provides users with secure, self-service access to documents, applications, and desktops from any device,
including smartphones, tablets, and PCs. Citrix Workspace app provides on-demand access to Windows, web, and Software as a
Service (SaaS) applications.
For devices that cannot install Citrix Workspace app software, Citrix Workspace app for HTML5 provides a connection through a
HTML5-compatible web browser.
Citrix Workspace app is available for various operating systems. For details, see Citrix Workspace app.

Service Level Agreement

The Citrix Virtual Apps and Desktops service (the Service) is designed using industry best practices to achieve cloud scale and a
high degree of service availability.
For complete details about Citrix’s commitment for availability of Citrix Cloud services, see the Service Level Agreement.
Performance against this goal can be monitored on an ongoing basis at https://status.cloud.com.

Limitations
The calculation of this Service Level Goal will not include loss of availability from the following causes:
Customer failure to follow configuration requirements for the Service documented in the product documentation on
https://docs.citrix.com.
Caused by any component not managed by Citrix including, but not limited to, customer controlled physical and virtual
machines, customer installed and maintained operating systems, customer installed and controlled networking equipment or
other hardware; customer defined and controlled security settings, group policies and other configuration policies; public cloud
provider failures, Internet Service Provider failures or other external to Citrix control.
Service disruption due to reasons beyond Citrix control, including natural disaster, war or acts of terrorism, government action.

More information
Citrix Virtual Apps and Desktops Service diagrams
Citrix Virtual Apps and Desktops Service Reference Architecture and Deployment Methods
Technical security overview
Network ports
Third-party notices
System requirements
Features
An introduction to HDX technologies, plus details about Devices, Graphics, and Multimedia.
Remote PC Access: Allow users to log on remotely from anywhere to a physical PC in the office. You can configure Remote PC
Access from Full Configuration or Quick Deploy.
Publish content: Publish an application that is simply a URL or UNC path to a resource.
Server VDI: Deliver a desktop from a server operating system for a single user.
For the Citrix Virtual Apps and Desktops Standard for Azure service, see its dedicated product documentation.
 To learn about feature availability in the Citrix Virtual Apps and Desktops products and editions, see the Citrix Virtual Apps and
Desktops feature matrix.
The Citrix Cloud Learning Series offers education course to get you up and running with Citrix Cloud and its services. You can
sequentially view all of the modules, from introductions through planning and building services. You can also choose individual
modules or task-specific segments within a module. See Cloud Learning Series.

Get started
To learn how to set up your deployment, start with Plan and build a deployment. That summary guides you through the major steps
in the process, and provides links to more information and detailed procedures.

Site feedback
|
Privacy and legal terms
|
Cookie preferences
 © 1999-2021 Citrix Systems, Inc. All
rights reserved.