Improve the User Experience with Citrix Adaptive Transport – How to make EDT work again on the latest Citrix Gateway and ADC 13.0 release

Adaptive transport is a data transport mechanism for Citrix Virtual Apps and Desktops. It is faster, can scale, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections.

Adaptive transport is a data transport mechanism for Citrix Virtual Apps and Desktops. It is faster, can scale, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections. Adaptive transport maintains high server scalability and efficient use of bandwidth. By using adaptive transport, ICA virtual channels automatically respond to changing network conditions. They intelligently switch the underlying protocol between the Citrix protocol called Enlightened Data Transport (EDT) and TCP to deliver the best performance. It improves data throughput for all ICA virtual channels including Thinwire display remoting, file transfer (Client Drive Mapping), printing, and multimedia redirection. The same setting is applicable for both LAN and WAN conditions.

When set to Preferred, data transport over EDT is used as primary and fallback to TCP. With the Citirx Workspace app for Windows minimum version 1808 or Citrix Receiver for Windows minimum version 4.10 and session reliability enabled, EDT and TCP are attempted in parallel during the initial connection, session reliability reconnection, and auto client reconnect. Doing so reduces connection time if EDT is Preferred, but the required underlying UDP transport is unavailable and TCP must be used. By default, after fallback to TCP, adaptive transport continues to seek EDT every five minutes.

As you can see EDT is particularly useful for WAN connections to your Citrix Virtual Apps and Desktops. Those connections usually are established through a Citrix Gateway (Citrix ADC, known as Citrix NetScaler). EDT is supported on versions 11.1 build 51.21, 12.0 build 35.6 and later of Citrix Gateway (Citrix ADC). Unfortunately there is a bug in all builds newer than 13.0 36.27 which causes EDT connections to fail and always fallback to TCP.

Up to the recently discovered vulnerability in Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781) this wasn’t too much of an issue, because you could stay on the working build and wait for an upcoming new release to fix the issue. Things changed dramatically with the vulnerability and the fixed builds Citrix released last month – it’s definitely NO option anymore to stay on one of the older builds and expose your Gatway / ADC to those security risks.

The issue with non working EDT over Citrix Gateway and Citrix ADC releases newer than build 13.0.36.27 is caused by a bug, which prevents DTLS from enabling. For the moment there is no other way than enabling DTLS manually over CLI by executing the following commands:

  1. shell nsapimgr -ys enable_dtls12_vpn_vserver=1

  2. set vpn vserver [vservername] dtls OFF

  3. set vpn vserver [vservername] dtls ON

Make sure to run the first command in shell, while turning off and on of DTLS has to be executed in the CLI mode.

Keep in mind this workaround doesn’t survive a reboot and doesn’t persist. After a reboot DTLS stops working until you apply the workaround again. To persist the DTLS setting it should be possible to apply the workaround to rc.netscaler:

shell “echo ‘nsapimgr -ys enable_dtls12_vpn_vserver=1’ >> /nsconfig/rc.netscaler”

With this simple workaround your WAN connections will start working again over EDT, while you can keep your Citrix Gateways and Citrix ADCs on the latest fixed 13.0 build until one of the upcoming releases will permanently fix the underlying issue.

 

Linux Apps and Desktops delivered by Citrix Virtual Apps and Desktops

There are tons of great free Linux applications available today, but since most users aren’t using Linux on their devices this whole parallel universe of hidden gems isn’t that easy to discover and to add to the personal toolbox. But wait, there is Citrix Virtual Apps and Desktops (formerly known as Citrix XenApp and XenDesktop) to jump in. In this article I will show you how to publish virtual apps and desktops from a Linux operating system. As a small additional giveaway I will also explain how to add support for Citrix Federated Authentication Service (FAS) in an existing Citrix Virtual Apps and Desktop (CVAD) deployment.

There are tons of great free Linux applications available today, but since most users aren’t using Linux on their devices this whole parallel universe of hidden gems isn’t that easy to discover and to add to the personal toolbox. But wait, there is Citrix Virtual Apps and Desktops (formerly known as Citrix XenApp and XenDesktop) to jump in. In this article I will show you how to publish virtual apps and desktops from a Linux operating system. As a small additional giveaway I will also explain how to add support for Citrix Federated Authentication Service (FAS) in an existing Citrix Virtual Apps and Desktop (CVAD) deployment. Continue reading “Linux Apps and Desktops delivered by Citrix Virtual Apps and Desktops”

Nutanix InstantON For Citrix Cloud

Nutanix and Citrix have partnered to create a tightly integrated hybrid cloud solution that simplifies and accelerates VDI deployments for companies of any size. With Nutanix InstantON for Citrix Cloud, the entire Citrix software stack is delivered as a 1-click service from the Citrix Cloud, attaching with zero effort to the on-prem Nutanix clusters powered by Citrix XenServer or AHV, the Nutanix native hypervisor.

The latest release of Nutanix AOS 5.5 supports out-of-the-box integration with Citrix Cloud and allows businesses to spin up a fully functional hybrid Citrix Cloud solution for XenApp and XenDesktop service environment within a couple of hours.

With Citrix Cloud XenApp and XenDesktop service, businesses no longer have to manage the desktop images, applications and security. All the desktop management services are part of the subscription. On the other hand the VDI and RDSH workloads, including all the sensitive data remain safe and close to the end users in the corporate data center. This hybrid solution approach takes out a lot of complexity of todays implementation of a traditional VDI infrastructure and internal IT can focus on stuff that really matters for the endusers. Continue reading “Nutanix InstantON For Citrix Cloud”

Multi-factor Authentication for Citrix XenDesktop / NetScaler against Azure AD

In my last post about secure access to XenDesktop virtual workspaces I tried to give an overview of the different ways to implement multi-factor authentication with Citrix NetScaler and XenDesktop. I came to the conclusion that integrating the remote access with Azure AD and using the Microsoft MFA feature is a very end user friendly way to accomplish this goal, especially when you already have Azure AD in your setup. In this post I will outline a walkthrough to the setup and configuration steps needed.

In my last post about secure access to XenDesktop virtual workspaces I tried to give an overview of the different ways to implement multi-factor authentication with Citrix NetScaler and XenDesktop. I came to the conclusion that integrating the remote access with Azure AD and using the Microsoft MFA feature is a very end user friendly way to accomplish this goal, especially when you already have Azure AD in your setup. In this post I will outline a walkthrough to the setup and configuration steps needed. Continue reading “Multi-factor Authentication for Citrix XenDesktop / NetScaler against Azure AD”

Citrix Federated Authentication Service: Azure AD as Identity Provider

Are you looking to provide a secure way for your users to access Citrix XenDesktop and / or XenApp resources? Do you already have Citrix NetScaler in your setup? Do you have an Azure AD subscription? Well, by combining this three building blocks in the right way, you can easily secure the remote access to your users workspaces, implement conditional access rules and enforce multi-factor authentication – all in a very user friendly manner with a consistent experience for your end users, they might be already familiar with from existing cloud services like Office 365.

Are you looking to provide a secure way for your users to access Citrix XenDesktop and / or XenApp resources? Do you already have Citrix NetScaler in your setup? Do you have an Azure AD subscription? Well, by combining this three building blocks in the right way, you can easily secure the remote access to your users workspaces, implement conditional access rules and enforce multi-factor authentication – all in a very user friendly manner with a consistent experience for your end users, they might be already familiar with from existing cloud services like Office 365. Continue reading “Citrix Federated Authentication Service: Azure AD as Identity Provider”

Deploying Citrix NetScaler on Nutanix AHV

Citrix NetScaler VPX, the virtual appliance, is available for XenServer, VMWare ESX, Microsoft Hyper-V and KVM hypervisors. Since Nutanix AHV is based on KVM, it is possible to run your NetScaler VPX on the Nutanix native Acropolis hypervisor AHV.

NetScaler Gateway VPX is a virtual NetScaler Gateway appliance that is hosted on a hypervisor. NetScaler Gateway VPX supports all the features and functionality of the physical NetScaler Gateway appliance.
Continue reading “Deploying Citrix NetScaler on Nutanix AHV”

NVIDA Tesla M10 – vGPU Power for the XenDesktop VDI

Last year NVIDIA added the Tesla M10 GPU to their existing lineup of NVIDIA GRID accelerators. The Tesla M10 board is designed specifically for data centers that are looking for graphics acceleration for high density virtual desktop environments. It’s a dual-slot PCI Express form factor for rack and tower servers capable of supporting 64 concurrent users. I did a small single server setup / Poc based on XenServer 7.1 and XenDesktop 7.13 to see how vGPU helps to improve user experience, in particular for the delivery of multimedia content on a Windows 10 VDI.

Last year NVIDIA added the Tesla M10 GPU to their existing lineup of NVIDIA GRID accelerators. The Tesla M10 board is designed specifically for data centers that are looking for graphics acceleration for high density virtual desktop environments. It’s a dual-slot PCI Express form factor for rack and tower servers capable of supporting 64 concurrent users. I did a small single server setup / Poc based on XenServer 7.1 and XenDesktop 7.13 to see how vGPU helps to improve user experience, in particular for the delivery of multimedia content on a Windows 10 VDI.  Continue reading “NVIDA Tesla M10 – vGPU Power for the XenDesktop VDI”