citrix workspace suite reference architecture for … workspace suite reference architecture for...

Prepared by: Citrix Solutions Lab

Citrix Workspace Suite Reference Architecture for Trade up Customers This document is intended to aid IT architects and administrators who have an existing XenDesktop deployment and are looking to add other key components of Citrix Workspace Suite. It includes an overview of the architecture and introductory implementation guidance. Last Updated: July 2015

1 citrix.com

Table of Contents

Section 1: Executive Summary ................................................................... 2

Audience .................................................................................................................... 2 Project Overview ........................................................................................................ 2 Disclaimer ................................................................................................................... 2

Citrix Solutions Lab Implementation .............................................................................. 3

Section 2: Architectural Overview ............................................................... 4

Section 3: Deploying the Environment ........................................................ 5

Server Hardware ........................................................................................................ 5 Networking Components ............................................................................................ 6 Storage Configuration ................................................................................................ 6 Environment Infrastructure ......................................................................................... 6

Software ........................................................................................................................ 7 Environment Infrastructure ......................................................................................... 7 NetScaler Configuration ............................................................................................. 9 StoreFront Configuration .......................................................................................... 13 XenDesktop & XenApp Configuration ...................................................................... 16 XenMobile Configuration .......................................................................................... 22 ShareFile Configuration ............................................................................................ 24

Section 4: Conclusion ................................................................................ 29

Appendix A – References .......................................................................... 30

Appendix B – Tables .................................................................................. 31

Appendix C – Figures ................................................................................ 32

Citrix Workspace Suite Reference Architecture

2 citrix.com

Section 1: Executive Summary The goal of any data center is to deliver secure access to applications, data and services allowing the end-user to use any device in any location. To help enterprises accomplish this, Citrix Workspace Suite delivers a powerful solution to address the performance, security and mobility requirements of today’s workforce. Citrix Workspace Suite brings XenDesktop, XenApp, XenMobile, ShareFile, NetScaler, and CloudBridge into a single solution making business critical applications (Windows, web, SaaS and mobile) and data available to anyone, anytime, anywhere, thus allowing your users to work smarter, work better. For more information about Citrix Workspace Suite, visit www.citrix.com/go/workspacesuite. This reference architecture documents the leading practices in migrating from XenDesktop to Citrix Workspace Suite. It outlines the high-level tasks needed to bring XenMobile and ShareFile into an existing XenDesktop environment:

• XenMobile delivers mobile device management (MDM), mobile application management (MAM), and enterprise-grade productivity apps to users on their mobile device. For more information on XenMobile, visit: http://www.citrix.com/products/xenmobile/overview.html

• ShareFile provides a secure enterprise file sync and share service that meets the mobility, collaboration, and data security requirements of business. For more information on ShareFile, visit: http://www.citrix.com/products/sharefile/overview.html.

Audience This reference architecture is aimed at IT administrators, implementers, and architects who have a current installation of XenDesktop and are looking to trade up to Citrix Workspace Suite, which involves adding XenMobile and ShareFile to the environment.

Project Overview This document assumes there is an existing XenDesktop installation. In the scenario, a XenDesktop 7.5 installation and is upgraded to the Citrix Workspace Suite which includes XenDesktop 7.6 and XenMobile 10. To get here, we did an upgrade to the XenDesktop environment and installed the XenMobile and ShareFile components to the environment. This scenario assumes NetScaler is already configured into the environment to support XenDesktop, and the configuration will be updated and modified to support the addition of XenMobile and ShareFile. Note: The scenario does not include branch office users and therefore will not include CloudBridge.

Disclaimer This guide is not intended to constitute legal advice. Customers should consult with their legal counsel regarding compliance with U.S., and other country-specific industry laws and regulations, and the intended use of Citrix products and services. Citrix makes no warranties, express, implied, or statutory, as to the information in this document.


3 citrix.com

Citrix Solutions Lab Implementation The Citrix Solutions Lab built a XenDesktop deployment utilizing XenDesktop 7.1 almost a year ago. Over the past year, this environment has been updated and managed similar to a real-world data center deployment, upgrading the XenDesktop deployment with each new release of XenDesktop. In this implementation, not only will XenDesktop be upgraded to 7.6, but also XenMobile 10 and ShareFile will be added to the environment. The following diagram shows the environment prior to upgrading to Citrix Workspace Suite.

For all deployments and upgrades of the components, the Citrix product documentation process was followed as closely as possible. What is presented in this document highlights clarification of how to configure specific steps. Note: this document is not a step-by-step how to guide. For specific guidance on deployments, see Citrix Product documentation at http://docs.citrix.com.


4 citrix.com

Section 2: Architectural Overview The goal of this reference architecture is to build an environment to support 2000 users Citrix Workspace Suite users, which means creating an environment for the same 2000 users on XenDesktop, XenMobile and ShareFile. It assumes an existing XenDesktop environment is in place. The following figure shows the design after implementing the trade up program.

The above diagram highlights the goal and design of the Workspace Suite deployment. Four networks will be leveraged within the deployment, with the Guest network connecting to the DMZ containing firewalls, NetScaler and XenMobile deployments and ShareFIle configured as an on-premises storage zone. This environment uses local storage for the XenApp write cache files. It is used to leverage the advantage of XenApp sites (delivery groups) to create a highly available XenApp deployment, and using the N+1 approach to ensure enough overheard to handle any server failures. To accomplish the use of


5 citrix.com

local storage, the blade servers that used to support the XenApp VMs were configured with additional storage: a 300GB SAS HDD to hold the operating system and a 400GB SSD to hold the write cache files. These VMs were also deployed utilizing the RAM Cache with disk-overflow capabilities of PVS to reduce the I/O reads and writes to local storage. If any server, physical or virtual, fails, the remaining servers in the site will absorb the workload. If additional users are desired, adding another blade to the XenApp site is all that is required. There is no requirement of SAN storage to add more XenApp servers. Several new features for XenDesktop 7.6 were also added to the configuration, the first being PVS RAM Cache with disk overflow. This provisioning method uses memory on the physical server supporting the HSD or VDI VMs to hold the write cache information, and if the RAM cache becomes full then older data in the cache will be pushed to disk. The second feature is the ability to use SSL to the VDA which is used to encrypt the entire user connection process. Section 3: Deploying the Environment

Server Hardware Citrix Solutions Lab deployed the following HP BL460c Gen8 blade servers to host the infrastructure for the entire solution:

Server Role Qty. Operating System Configuration

Infrastructure Hyper–V Hosts

2 Windows Server 2012 R2 Datacenter Edition

2 x 2.8 GHz Intel E5–2680 Xeon processors (10 cores/processor), 3 TB SAN storage. 192 GB RAM

Hosted Shared Desktop Hyper–V Hosts

9 Windows Server 2012 R2 Datacenter Edition

2 x 2.6 GHz Intel E5–2670 Xeon processors (10 cores/processor), 2 x 400 GB SSD (RAID1) local storage. 256 GB RAM

VDI Hyper-V Hosts 2 Windows Server 2012 R2 Datacenter Edition


PVD Hyper-V Hosts 2 Windows Server 2012 R2 Datacenter Edition


Table 1 – Server Hardware


6 citrix.com

Networking Components The following networking components were used for this implementation:

Device Qty. Purpose

Cisco 5048 2 Layer 2

HP 1 Layer 3 Table 2 – Networking Components

Storage Configuration This implementation used an EMC VNX5400 to support the infrastructure components. An iSCSI LUN was attached to the two node Hyper–V cluster and was used to store the infrastructure VMs. Local SSD drives on the Hyper–V hosts hosting the Shared Delivery Group VMs used local SSD drives to host the PVS Write Cache files.

Environment Infrastructure The following virtual servers were used in this implementation: Name Role CPU RAM

(GB) Disk Space (GB)

OS Notes

MAM/MDM XM Controller 4 8 50 Citrix Proprietary

DC01 Primary AD Domain Controller, DHCP and DNS server

2 4 40 Windows Server 2012 R2 Datacenter

Domain Controller, DNS, DHCP, Certificate Services

DC02 Secondary AD Domain Controller


Domain Controller, DNS

FS01 File server storage


UPM Storage

FS02 File server storage


PVS vDisk(s) Storage

LIC01 Citrix License Server


Citrix Licensing

LIC02 Secondary Citrix License Server, RDS License Server


MDM XM Mobile Device Manager


PVS01 Primary Citrix PVS Server


Provisioning Services, DHCP for PVS vLAN


7 citrix.com

PVS02 Secondary Citrix PVS Server


Provisioning Services

SCVMM01 Microsoft SCVMM Console and management server


Virtual Machine Manager

SF01 Primary Citrix StoreFront Server


StoreFront Services

SF02 Secondary Citrix StoreFront Server


StoreFront Services

ShareFile01 Primary ShareFile StorageZones Controller


ShareFile02 Secondary ShareFile StorageZones Controller


SQL01 Primary Microsoft SQL Database server


SQL Database Server

SQL02 Secondary Microsoft SQL Database server


SQL Database Server

XD01 Primary Citrix XenDesktop Delivery Controller server


Delivery Controller

XD02 Secondary Citrix XenDesktop Delivery Controller server


Delivery Controller

Table 3 – Workspace Suite Infrastructure

Software Environment Infrastructure Software Components The following software components were used in this implementation.


8 citrix.com

Component Version

Virtual Desktop Broker Citrix XenDesktop 7.6

Mobile Device Management XenMobile 10.0

Enterprise Personal Storage Citrix ShareFile 3.1.0.1438

VDI Desktop Provisioning Citrix Provisioning Services 7.6

Endpoint Client Citrix Receiver for Windows 4.2

User Profile Management Citrix User Profile Manager 5.x (Built–in)

Web Portal Citrix StoreFront 2.6

Licensing Citrix License Server 11.12.1

Workload Generator Login VSI 4.1.2.1205

Office Microsoft Office 2013

Virtual Desktop OS (Hosted Shared Desktops)

Microsoft Windows Server 2012 R2

Virtual Desktop OS (VDI and PVD)

Microsoft Windows 8.1 Client x64

Database Server for SCVMM, XD, and PVS

Microsoft SQL Server 2012 R2

VDI Hypervisor Management Microsoft SCVMM 2012 R2

VDI Hypervisor Microsoft Windows Server 2012 R2 with Hyper–V Role

NetScaler Software NS 10.5 Table 4 – Software Components

Network VLANs

The following Virtual LANs (VLANs) were used in this implementation. VLAN Traffic

510 Management VLAN for internal network

511 Storage VLAN for internal network

512 Guest VLAN for internal network

513 External VLAN for internal network

526 Provisioning Services (PVS) PXE boot traffic for internal network

514 Management VLAN for external network

516 Provisioning Services (PVS) PXE boot traffic for external network

517 Guest VLAN for client devices

518 External VLAN for external network Table 5 – Network VLANs


9 citrix.com

Microsoft SQL AlwaysOn Database Configuration Several Citrix software components in this architecture require SQL databases, including XenDesktop. This implementation uses Microsoft® SQL Server™ as the database management system. SQL Server 2014 features high availability and disaster recovery solutions, including AlwaysOn clusters and availability groups, which were implemented to increase the reliability of this Reference Architecture. AlwaysOn Availability Groups provide an enterprise–level alternative to database mirroring. Introduced in SQL Server 2012, AlwaysOn Availability Groups maximize the availability of user databases. An availability group supports failover for a set of databases that fail over together. XenDesktop 7.6 uses a Microsoft SQL Server database as the data store for both configuration and session information. A typical single–site XenDesktop 7.6 deployment consists of three databases, as follows:

• Site configuration database: Stores the current configuration and XenDesktop state. • Monitoring database: Stores historical data for display within Director. • Configuration logging database: Tracks XenDesktop configuration changes.

SQL Server may also create a temporary database called TempDB.

NetScaler Configuration The NetScaler instance for this implementation functions as an Access Gateway configured to load balance the StoreFront and ShareFile services. The connectivity configuration for the XenDesktop/XenApp, ShareFile and XenMobile is listed in each respective product/component section.

Citrix Solutions Lab Implementation The NetScaler Gateway Enterprise Edition virtual server is an entity within a NetScaler appliance that is a representative of all the configured services available to clients. The virtual server is also the point through which clients access these services.

Device Qty. Operating System Configuration

NetScaler 1 NetScaler VPX 10.5 55.8.nc

Access Gateway and Load Balancing

Figure 1 – NetScaler Instance

Note: The NetScaler VPX products have been used as a flexible means to enable multiple virtual appliances to be implemented in various configurations throughout the different networks within the architecture. There may be scenarios where larger throughput needs and economics are better served by the physical NetScaler appliances such as the MPX or SDX. Please refer to the NetScaler product page for more information on which product line may fit your particular designs.

Basic Configuration In order to get the NetScaler appliance working to a basic level, the VPX needs to be downloaded and loaded on a hypervisor. Once the VPX has been started, enter the IPv4 address, netmask and gateway IPv4 address. With this basic information, the web-based console can be used for the remaining configuration. Once the device reboots, open the web console by using a web browser and navigating to the IPv4 address specified earlier. After logging in, click on the Configuration tab at the top to complete the basic configuration.


10 citrix.com

Figure 2 -‐ NetScaler -‐ Basic Configuration

Specify the license file to properly license the necessary features for a deployment of this kind. The following screen shows the licensed features of the NetScaler appliance and the license is highlighted, model and primary functions of this NetScaler.

Figure 3 – NetScaler – Licensed Features


11 citrix.com

Lastly specify that LDAP authentication will be used. The screen below displays the LDAP policy applied to this implementation:

Figure 4 -‐ NetScaler -‐ Authentication

NetScaler Insight Configuration NetScaler Insight Center was installed in this implementation to capture and monitor all ICA traffic. NetScaler Insight uses AppFlow, (AppFlow.org) an open standards technology that includes per flow level application and networking data. In this environment, NetScaler Insight Center is the central point for collecting ICA traffic and monitors and analyzes ICA performance. Note: For more information on NetScaler Insight Center, http://docs.citrix.com/en-us/netscaler-insight/10-5/ni-understanding-insight-wrapper-con.html. NetScaler Insight Center is installed as a virtual appliance on a hypervisor. The virtual appliance must be downloaded, extracted and started. Once started, basic settings such as credentials and IPv4 can be set using the command line interface. After configuring basic settings, the rest of the settings can be configured using the web console. Upon logging onto the web console, clicking on the Configuration tab displays the configuration settings. A subnet IP (SNIP) address needs to be created next. The NetScaler ADC uses the subnet IP address as a source IP address to proxy client connections to servers. For more information about SNIP, http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-snips-tsk.html . The following screen displays the specifics of the SNIP address created for this environment:


12 citrix.com

Figure 5 -‐ NetScaler -‐ Insight SNIP Configuration

After setting up the SNIP, go to the Inventory Setup and enable AppFlow.

Figure 6 -‐ NetScaler -‐ Insight AppFlow Configuration

Back on the NetScaler VPX appliance, transparent-mode data collection must be enabled. To do this, use the command line interface of the appliance to create a collector and bind it to the virtual server handling the ICA traffic, in this case _XD_go.ctxmobi.com.


13 citrix.com

Figure 7 -‐ NetScaler -‐ Insight Data Collection Mode Configuration

StoreFront Configuration The StoreFront component of the environment was configured with two StoreFront servers in a server group. Load balancing between those two servers is achieved using the load-balancing feature of NetScaler. Communication to the StoreFront servers was configured to use SSL. For information on securing StoreFront, http://support.citrix.com/proddocs/topic/dws-storefront-26/dws-secure.html . The following screenshot taken in the StoreFront console displays the server group containing the two StoreFront servers as well as the load-balanced URL specified in the NetScaler configuration.


14 citrix.com

Figure 8 – StoreFront Server Group

XenDesktop & XenApp Connectivity The Secure Ticket Authority settings must be configured to point to the STA URLs for both the XeNDesktop controllers.

Figure 9 – Secure Ticket Authority (STA) Settings

Both XenDesktop Delivery controllers must be specified in the Delivery Controller settings of the StoreFront console.


15 citrix.com

Figure 10 – Delivery Controller Settings

NetScaler Connectivity and Configuration The following screen shows how to point the StoreFront group to the NetScaler Instance from the StoreFront console.


16 citrix.com

Figure 11 – NetScaler Gateway Settings

The NetScaler appliance will load balance between the two StoreFront servers. Log onto the NetScaler console and navigate to the Configuration -> Traffic Management -> Load Balancing tab. Create two services corresponding to the two StoreFront servers.

Figure 12 -‐ NetScaler -‐ StoreFront Load Balancing Services

Next, create a virtual server to represent the address that will be load balanced on the two StoreFront Servers.

Figure 13 -‐ NetScaler -‐ StoreFront Load Balancing Virtual Server

Lastly, bind the two services to the Virtual server.

XenDesktop & XenApp Configuration Since we had a fully deployed XD environment we followed the Citrix Product Documentation for upgrading from 7.5 to 7.6. As stated previously, the PVS RAM Cache with Disk Overflow was configured for the HSD and VDI VMs for this upgrade. This option reduces the IOPs and helps with performance


17 citrix.com

overall1. Also configured in the upgrade was the use of SSL to the VDA encrypting communication from the client to the Virtual Desktop Agent (VDA). Configuring the SSL communication was done according to Citrix Product Documentation: http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-ssl.html#xad-mng-cntrlr-ssl .

Provisioning Services Configuration Two PVS servers were deployed to add resiliency and load balancing of the vDisks. The following screenshots taken from the PVS console outlines the configuration.

Figure 14 – Provisioning Services console farm view

Figure 15 – PVS Console Device Collections

As part of the XenDesktop and XenApp elements of the environment, three virtual desktop offerings were created.

Hosted Shared Desktop Deployment Hosted shared desktops allow users to connect to a desktop virtual machine hosted on a Windows Server running Citrix XenApp. The configuration for this environment was as follows: Function Hosted Shared Desktops 1 For more information on cache in device RAM cache with overflow to hard disk feature in PVS, refer to (“Understanding Write Cache in Provisioning Services Server”) and the article titled “Less than 1 IOPS per user with XenDesktop 7.5” For RAM cache sizing guidelines see (“Size Matters: PVS RAM Cache Overflow Sizing”).


18 citrix.com

Quantity 63 Operating System Windows 2012 R2 CPU 4 vCPU Memory 12 GB Storage 60GB (Master/vDisk) NIC 2– NetVSC Network Guest v512

PVS v526 PVS configuration 18GB Windows Page File

25GB Write Cache RAM Cache

Software Microsoft Office 2013 Citrix Virtual Desktop Agent (XD 7.6) Hypervisor tools

The virtual machines running the Hosted Shared Desktops were all hosted on Microsoft Hyper–V running in a non–clustered configuration. The virtual disks were stored on Solid State Drives (SSDs) installed on the Hyper–V machines host machines. This configuration provides significant storage cost reductions.

VDI Desktop Deployment The VDI desktop deployment option allows users to connect to a virtual machine running a Windows client OS. The configuration for this environment was as follows: Function VDI Virtual Desktops Quantity 120 Operating System Windows 8.1 x64 Enterprise CPU 1 vCPU Memory 1.5 GB Storage 40GB (Master/vDisk) NIC 2– NetVSC Network Guest v512

PVS v526 PVS configuration 3GB Windows Page File

4GB Write Cache RAM Cache



19 citrix.com

Virtual Desktop with PvD Deployment In addition to being able to provide users with virtual desktops, a private vDisk can be assigned to each user that will allow them to have persistent data. The configuration for this environment was as follows: Function Virtual Desktops with PvD Quantity 120 Operating System Windows 8.1 x64 Enterprise CPU 1 vCPU Memory 1.5 GB Storage 40GB (Master/vDisk) NIC 2– NetVSC Network Guest v512

PVS v526 PVS configuration 10GB Personal vDisk

3GB Windows Page File 4GB Write Cache RAM Cache



20 citrix.com

XenDesktop/NetScaler Connectivity Configuration This screen illustrates the various Virtual Servers used. The _XD_go.ctxmobi.com and callback ones handle the authentication page and authentication call back to the StoreFront server.

Figure 16 – NetScaler – XenDesktop Virtual Servers

Each Virtual Server will have session policies associated with them and those policies will in turn have actions. For example, the _XD_go.ctxmobi.com VIP it has 2 policies:

Figure 17 – NetScaler – Session Policies

The PL_WB_172.16.140.4 policy handles all requests originating from a web browser (not Citrix Receiver). This policy ensures the user lands on the StoreFront authentication page.


21 citrix.com

The Virtual Server details are shown in this screen:

Figure 18 – NetScaler – Virtual Server Details 1


22 citrix.com

Figure 19 – NetScaler – Virtual Server Details 2

XenMobile Configuration The XenMobile component of this environment was deployed using standard defaults and following the steps defined in the Citrix product documentation2. XenMobile 10 console, referred to as XenMobile Server (XMS), resides in the DMZ as a single appliance and combines the App controller and Device Manager (MDM) into a unified management tool. XMS now consists of the mobile device manager (MDM) and the mobile app management (MAM) components. It uses LDAP authentication and has a portfolio of applications available to the mobile user. The same console can be used to manage integration with NetScaler Gateway. It is recommended to connect to the XenMobile server either through the NetScaler Gateway or from within the firewall directly to the XMS. The Solutions Lab environment used a single instance of XMS, and therefore had no HA capabilities. With XenMobile 10, this configuration changed by combining the app controller and the device manager. In order to cluster

2 XenMobile Installation steps: http://docs.citrix.com/en-us/xenmobile/10/xmob-about.html?__utma=222274247.2025277090.1406064996.1434046922.1434118093.25&__utmb=222274247.10.9.1434119751622&__utmc=222274247&__utmx=-&__utmz=222274247.1434044799.23.9.utmcsr=citrix.com%257Cutmccn=(referral)%257Cutmcmd=referral%257Cutmcct=/products/xendesktop/whats-new.html&__utmv=222274247.%257C10=phone=786-449-3700=1%255e11=annual_sales=1614000000=1%255e12=audience=Enterprise%20Business=1%255e13=web_site=citrix.com=1%255e14=industry=Technology=1%255e15=sub_industry=Software%20Applicat


23 citrix.com

XenMobile 10 load balancing of the virtual IP addresses needs to be configured on the NetScaler as defined in the installation documentation. The screen below shows the LDAP configuration:

Figure 20 -‐ XenMobile -‐ LDAP Configuration

This screen shows the apps available to the mobile user:

Figure 21 -‐ XenMobile -‐ Apps

As stated, the Solutions Lab deployment used default configurations. For more information sizing a XenMobile deployment, please consult http://docs.citrix.com/en-us/xenmobile/10.html or your consultant.

XenMobile/NetScaler Connectivity Configuration The following screen shows the virtual server used to handle the XenMobile Server requests:


24 citrix.com

ShareFile Configuration The following section will detail the sequence for deploying the ShareFile portion of the environment. Certain design and configuration decisions were made as each deployment gas its own requirements; decisions should be made on those requirements. In this deployment, Restricted Storage Zones were used. Here are the highlights using this configuration:

• A secure data enclave – Unlike Citrix–managed storage zones in the cloud or standard customer–managed storage zones on–premises, files in a Restricted StorageZone are accessible only to authenticated domain users within your enterprise. Citrix has no ability to impersonate users or access files in a Restricted StorageZone.

• Metadata encryption key ownership – File and folder names are encrypted with a private key using AES–256 before being written to the ShareFile cloud. Encryption is performed by the on–premise StorageZone Controller server. Authenticated access to that server is required to unencrypt the metadata, meaning employees accessing content have zero knowledge about file and folder names.

• Zone authentication – In addition to ShareFile cloud authentication, users must also authenticate to the StorageZone Controller. This gives IT organizations more options in how to control user access.

• Network access restrictions – A restricted StorageZone need not be exposed to the Internet. When configured with an internal–only address, users must be on the company network or VPN in order to access, sync or share documents.


25 citrix.com

• Governed sync and sharing – Authenticated employees still get the benefits of ShareFile including mobile access, web browser access and file sync across multiple devices. But files in a Restricted StorageZone cannot be shared with anyone outside your organization’s domain.

The following figure illustrates the high level view of a Restricted StorageZones deployment:

Figure 22 – High level view of ShareFile Restricted StorageZones

Another benefit of the Restricted StorageZones configuration is that a StorageZones Controller configured for restricted zones does not need to accept in–bound connections from the ShareFile cloud. It can be configured with an internal address. The following figure indicates the traffic flow between user devices, the ShareFile cloud, and StorageZones Controller:

Figure 23 – StorageZone Controller with restricted zones


26 citrix.com

Storage Zone Controller Installation and Configuration ShareFile StorageZones Controllers enterprises with private data storage, referred to as StorageZones for ShareFile Data.

Prerequisites These are the pre–requisites for a StorageZone controller:

• Web Server (IIS) role including the following sub roles: o Static Content o ASP.NET (4.5) o Basic Authentication o Windows Authentication

• Microsoft .NET Framework 4.5 Preparations Before starting the installation, consider preparing with the following steps:

• Open port 443 on the firewall for inbound TCP requests • Have an external IP address available • Configured an external DNS record (for example sharefile.domain.com) • Created a ShareFile Service Account in Active Directory • Have a ShareFile Enterprise account • Have a Citrix NetScaler up and running • Have an SSL certificate trusted with an external CA • Have an internal Certificate Authority (CA) up and running • Have two free IP address for configuring ShareFile on the Citrix NetScaler • Assign a web server certificate to the IIS server and modify the bindings so the web server can

authenticate using that certificate. Once all the prerequisites have been completed, create a share on the StorageZone controller and grant the ShareFile service account Full Control permissions to it.

StorageZone Controller Software Installation and Configuration The installation of the Citrix ShareFile StorageZone Controller software is documented in the Citrix product documentation website found here. After the installation is complete, reboot the server. Once the server has been rebooted, log into the ShareFile StorageZones Controller Configuration page to configure the Storage Zones.


27 citrix.com

Figure 24 – ShareFile StorageZone Controller Zone Creation

ShareFile and XenMobile AppController Integration After creating and configuring the StorageZones, the next step is to integrate XenMobile Server with ShareFile. Logging onto the XMS, the administrator can create a security group and add members to it. These members represent users that will have access to ShareFile functionality in the environment. Once that security group exists in the Active Directory, a role must be added to the XMS using the XMS console to add the role, assign the StorageZone created in the previous section and grant the AD security group access to it.


28 citrix.com

ShareFile/NetScaler Connectivity Configuration For the ShareFile configuration, a content switching virtual server needs to be created to handle CIFS storage and App Controller requests. This screen displays the one created in this environment:

Figure 25 – NetScaler – ShareFile Content Switching Virtual Server

In addition to the content switching virtual server, load balancing servers also need to be created to handle the CIFS and StorageZone traffic:


29 citrix.com

Figure 26 – NetScaler – ShareFile Load Balancers

Section 4: Conclusion The goal of this project was to document the technical deployment process of trading up to Citrix Workspace Suite from an existing XenDesktop deployment. This means adding XenMobile and ShareFile to the environment. The upgrade of XenDesktop followed the Citrix product documentation procedure, with the addition of PVS RAM Cache with Disk Overflow and moving the HSD PVS write cache files from SAN storage to local storage. The ShareFile configuration utilized an on-premises Restricted StorageZone, meaning the storage was local and the Solutions lab provided our own encryption key. You need to evaluate the best type of StorageZone for your environment and obtain the necessary certificates and DNS addresses required. The XenMobile installation was a basic installation following the product documentation guidelines, to support 2ooo XenMobile users, the same 2000 users who leverage XenDesktop. When using a NetScaler system for XenDesktop and XenMobile, one system, or HA pair, can be use the same NetScaler, but NetScaler performance will be impacted. The more concurrent XenMobile connections the slower the remote user access can be. Documentation on NetScaler configurations at www.citrix.com/go/solutions-lab and at http://docs.citrix.com/en-us/netscaler/11.html . You can also look at “Understanding Performance of NetScaler VPX” at http://blogs.citrix.com.


30 citrix.com

Appendices Appendix A – References Citrix XenApp and XenDesktop 7.6 Reference – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6.html Configuring SSL to the VDA on XenDesktop and XenApp 7.6 - http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6/xad-security-article/xad-ssl.html Citrix XenMobile 10.0 Reference - http://docs.citrix.com/en-us/xenmobile/10/xmob-about.html Citrix XenMobile 10 migration overview and migration tool- http://docs.citrix.com/en-us/xenmobile/10/xmob-upgradetool-overview.html Citrix ShareFile StorageZone Controller 3.1 Reference – http://docs.citrix.com/en-us/storagezones-controller/3-1.html Citrix Provisioning Services (PVS) – Write Cache Reference – http://support.citrix.com/article/CTX119469 Citrix Provisioning Services (PVS) – PVS RAM Cache Sizing – http://blogs.citrix.com/2015/01/19/size–matters–pvs–ram–cache–overflow–sizing/#.VL0piNBOUSQ.linkedin Citrix Provisioning Services (PVS) – Turbo charging your IOPS with the new PVS Cache in RAM with Disk Overflow Feature – http://blogs.citrix.com/2014/04/18/turbo–charging–your–iops–with–the–new–pvs–cache–in–ram–with–disk–overflow–feature–part–one/ Citrix NetScaler 10.5 Reference – http://docs.citrix.com/en-us/netscaler-gateway/10-5.html Citrix NetScaler 10.5 Insight Center Reference - http://docs.citrix.com/en-us/netscaler-insight/10-5.html LoginVSI Technical Reference – http://www.loginvsi.com/documentation/Login_VSI


31 citrix.com

Appendix B – Tables Table 1 – Server Hardware .............................................................................................. 5 Table 2 – Networking Components .................................................................................. 6 Table 3 – Workspace Suite Infrastructure ........................................................................ 7 Table 4 – Software Components ...................................................................................... 8 Table 5 – Network VLANs ................................................................................................ 8


32 citrix.com

Appendix C – Figures Figure 1 – NetScaler Instance .......................................................................................... 9 Figure 2 - NetScaler - Basic Configuration ..................................................................... 10 Figure 3 – NetScaler – Licensed Features ..................................................................... 10 Figure 4 - NetScaler - Authentication ............................................................................. 11 Figure 5 - NetScaler - Insight SNIP Configuration .......................................................... 12 Figure 6 - NetScaler - Insight AppFlow Configuration .................................................... 12 Figure 7 - NetScaler - Insight Data Collection Mode Configuration ................................ 13 Figure 8 – StoreFront Server Group ............................................................................... 14 Figure 9 – Secure Ticket Authority (STA) Settings ......................................................... 14 Figure 10 – Delivery Controller Settings ......................................................................... 15 Figure 11 – NetScaler Gateway Settings ....................................................................... 16 Figure 12 - NetScaler - StoreFront Load Balancing Services ........................................ 16 Figure 13 - NetScaler - StoreFront Load Balancing Virtual Server ................................ 16 Figure 14 – PVS Console Farm View ............................................................................. 17 Figure 15 – PVS Console Device Collections ................................................................ 17 Figure 16 – NetScaler – XenDesktop Virtual Servers .................................................... 20 Figure 17 – NetScaler – Session Policies ...................................................................... 20 Figure 18 – NetScaler – Virtual Server Details 1 ............................................................ 21 Figure 19 – NetScaler – Virtual Server Details 2 ............................................................ 22 Figure 20 - XenMobile - LDAP Configuration ................................................................. 23 Figure 21 - XenMobile - Apps ......................................................................................... 23 Figure 22 – High level view of ShareFile Restricted StorageZones ............................... 25 Figure 23 – StorageZone Controller with restricted zones ............................................. 25 Figure 24 – ShareFile StorageZone Controller Zone Creation ....................................... 27 Figure 25 – NetScaler – ShareFile Content Switching Virtual Server ............................ 28 Figure 26 – NetScaler – ShareFile Load Balancers ....................................................... 29


33 citrix.com

Corporate Headquarters Fort Lauderdale, FL, USA

India Development Center Bangalore, India

Latin America Headquarters Coral Gables, FL, USA

Sil icon Valley Headquarters Santa Clara, CA, USA

Online Division Headquarters Santa Barbara, CA, USA

UK Development Center Chalfont, United Kingdom

EMEA Headquarters Schaffhausen, Switzerland

Pacific Headquarters Hong Kong, China

About Citrix Citrix (NASDAQ:CTXS) is leading the transition to software-‐defining the workplace, uniting virtualization, mobility management, networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com.

Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, XenDesktop, Citrix Receiver, HDX Insight, XenMobile, XenApp, FlexCast, Citrix Provisioning Services, NetScaler, NetScaler Insight Center, NetScaler VPX, XenServer, NetScaler MPX and NetScaler Gateway are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies.

citrix workspace suite reference architecture for … workspace suite reference architecture for...

Documents