Installing and configuring Citrix StoreFront 3.5

In this article I will walk you through the installation and configuration steps for setting up a Citrix StoreFront infrastructure.

Citrix StoreFront is the successor of old good Citrix Web Interface. With the release of StoreFront 3.5 together with XenDesktop 7.8 at the end of February 2016 also the administrator possibilities are on the same level as Web Interface. Personally I think there are (almost) no reasons more to migrate from Web Interface to StoreFront anymore.

Installation Method

First we need to determine how and on which system we would like to install StoreFront. StoreFront can be installed on Windows 2008R2, Windows 2012 and Windows 2012R2. StoreFront requires .Net Framework and Internet Information Services (IIS). Based on the last requirement (IIS) I personally prefer to install Citrix StoreFront on a separate machine.

However you also can install StoreFront on the Delivery Controller, this is even a default setting when you install a Delivery Controller as shown in figure 1. There is also a separate download available, but also the XenDesktop installer offers the possibility to install the StoreFront separately. For Proof of Concepts or small environments it’s doable to combine the StoreFront and Delivery Controller role.

For larger environments I recommend to install StoreFront on a different system. It can be combined with Citrix Directory for example.

Figure 1: Installation options Citrix StoreFront



For this article I will use the separate download for installing StoreFront. After selecting the single execution installation file the installation wizard is started. The installation is actually pretty simple and consists of a few steps only.

The first step is to accept the license agreement.

Figure 2: StoreFront License Agreement

If not installed already the prerequisites will be installed automatically. In my case IIS role is not already activated, so the installation will take care of that.

Figure 3: StoreFront Review Prerequisites

The next step is to actually confirm that StoreFront (with his prerequisites) may be installed on the machine.

Figure 4: StoreFront Ready to Install

After a while the installation is done, showing the status of each component.

Figure 5: Successfully installed StoreFront

After the installation the StoreFront console is automatically started, so you can start configuring StoreFront directly.



When the StoreFront Console is started you have two options: Create a New Deployment and Join an existing server group. For the first initial server we need the option Create a New Deployment. Later on in this article I will discuss the Join an existing server group option.

Figure 6: Initial StoreFront configuration.

For production environment it’s recommended to use https. To accomplish this for StoreFront you need to add a certificate and bind it to the default website. If you don’t know the exact steps you can find good guides on the Internet for these steps. You can configure StoreFront with http, but logically it is not secure. For the actual configuration steps it does not matter if you are using http or https.

The first windows of the configuration wizard asks for the base URL. By default the wizard offers the computer name however it’s a good thing to change the URL to a more generic name, especially when you set-up a StoreFront infrastructure that exists of more StoreFront servers (more on that later on this article).

Figure 7: StoreFront configuration Base URL.

After entering the base URL the store is already created, this can take some time. After the actual creation, the wizard shows a diagram that shows the three possible connection methods to the StoreFront. This is just for information at this moment, we can continue using the Next button.

Figure 8: StoreFront configuration Getting Started

The wizard continues with asking for a Store name. The store name can be any name, but remember that the name is used in the URL for Receiver for Web Site. New in StoreFront 3.5 (compared with earlier StoreFront versions) is the option to set the Receiver for Web site, which is created out of the store and will be the default IIS web site. You can also allow unauthenticated access to this store.

Figure 9: StoreFront configuration Store Name and Access

To contact the XenDesktop/XenApp environment you need to specify the Delivery Controllers information, so StoreFront knows which servers to contact. Choose the Add button to add a XenDesktop/XenApp environment. If you have more environments you need to add those separately via the Add button.

Figure 10: StoreFront configuration Delivery Controllers.

In the pop-up window you provide a name for the group of delivery controllers. I normally use the same name as the XenDesktop/XenApp site. Secondly you need to choose the type of the environment. In this article I will use a XenDesktop/XenApp 7.x environment. StoreFront also supports XenApp 6.5 and XenApp 5.0. Next you specify the Delivery Controllers of the XenDesktop/XenApp site and preferable use those in a load balanced set-up, followed by specifing the communication port (default HTTP port 80).

Figure 11: StoreFront configuration Add Delivery Controller

After adding a XenDesktop/XenApp site it shows up in the wizard. If you have more environments you can add the following environment via the Add button till all environments are added.

Next you are asked to enable Remote Access for the StoreFront store. With Remote Access you configure the StoreFront to work together with a NetScaler Gateway allowing users to connect to the environment. When you would like to connect using a NetScaler Gateway you enable Remote Access and provide information about the NetScaler Gateway. For simplicity I skip this step in this article.

Figure 12: StoreFront configuration Remote Access

StoreFront supports several authentication methods. Most used are User Name and Password, Domain pass-through and Pass-through for NetScaler Gateway. Via the option Smart card, StoreFront can also be combined with smart card logons.

Figure 13: StoreFront configuration Authentication Methods

The last step is to enable the XenApp services URL. This option is better known as PN Agent in Web Interface. If you are using application shortcut publishing in the Start Menu using PN Agent, this option should be checked.

Figure 14: StoreFront configuration XenApp Services URL

After choosing the Create button in the previous step the configuration will be added to the Store and the Receiver for Web Site will be added to the StoreFront set-up. The same diagram will be shown as in the beginning of the wizard.

Figure 15: StoreFront configuration successfully

In the StoreFront console the Store is created. If you already worked with previous StoreFront version, you will notice that the GUI has been changed. Personally I like the new approach as it simplifies the administration and configuration of the environment.

Figure 16: StoreFront Console

In this new version many configuration options are (finally) available within the GUI. In previous versions you needed to edit the configuration (web.config) manually. Let’s go over the Store configuration options, available in the right pane:
  • Manage Delivery Controllers
Here you can add, remove or edit the XenDesktop/XenApp sites which will be contacted by the StoreFront servers. This is done via the same way as during the initial configuration wizard.
  • Configure Unified Experience
With StroreFront 3.1 the Unified Experience is introduced. The Unified Experience is a new look and feel of StoreFront, which Citrix will be extending to the other products as well. For example NetScaler Gateway also supports the Unified Experience already. Here you can enable or disable the new look and feel. In StoreFront 3.5 the new look and feel is enabled by default, I would recommend to reconsider disabling the new look and feel if you are migrating from a previous StoreFront.
  • Manage Authentication Methods
In this component you can add, change or edit the authentication methods. You should always (in my opinion) configure the additional options available for the User name and password. For this component you add trusted domains (so users don’t have to fill in the domain name when logging on). You can also enable the password options. This allows you to specify if users can change their password via Storefront and if the users should be warned that their password expires. Last you can specify how the password should be validated. This can be done via Active Directory or the Delivery Controller. By default StoreFront uses Active Directory, if there is no direct connection to Active Directory you can use the Delivery Controller for this validation step.

Figure 17: Authentication Methods

  • Manage Receiver for Web Sites
Within this component you can add, delete or configure the Receiver for Web Sites. Per Store you can have more Receiver for Web Sites. This can be necessary if you need a different look and feel or different settings are required. Adding a Receiver for Web Site asks for a path (which the users’ needs to enter to access the web site), the look and feel and the authentication methods. When the Receiver for Web site is already available you can edit the configuration. There are a lot of options available as shown in figure 1.

Figure 1: Customize Experience

First of all you can enable or disable the Unified Experience on this level. This makes it possible to configure two Receiver for Web sites, where you can both offer the old and new look and feel in a migration project for example. At Customize Appearance you can change the look and feel/branding. Within the GUI you can change logo and header and some basic colors. There are many more options via other methods. I will go into more detail about this topic in a separate article.

Another option is the Featured App Groups. Via this option you can group Published Applications in the Receiver for Web sites. This can be useful if users have a lot of Published Applications to find applications more quickly. The applications can be grouped based on keywords, which can be defined as one of the properties. The Featured Groups are shown in blocks above the overview of Published Applications.

Figure 2: Featured App Groups

At authentication methods you can enable or disable the authentication method on the Receiver for Web sites, while at Website shortcuts you can integrate the StoreFront functionality within your business website. Till now I did not use this option, so unfortunately I cannot share any experiences of this feature.

Figure 3: Deploy Citrix Receiver

At Deploy Citrix Receiver you can select the deployment options of the Citrix Receiver. By default, Install locally is selected, but this can be changed to Always use Receiver for HTML5 or Use Receiver for HTML 5 if the local Receiver is unavailable. When you select an option where the local Receiver is included you can also offer a download of the local Citrix Receiver. The client can be offered via the website of Citrix, local on the StoreFront server or on a remote server. When using the StoreFront Server you can also upload the client to the correct location. Also when you offer the client via the StoreFront server the plug-in can be upgraded when the users log in.

The next configuration option is labeled Session Settings. Here you can define several session time-outs for the StoreFront environment. The most important is the session time-out. With this setting you define when the Receiver for Web site logs off the user of the website. There is no correct setting for this one, it depends on the customer needs. For example an organization starting a desktop will use a shorter session time out than an organization that is using Published Applications.

Figure 4: Session Settings

Workspace Control is the feature that Citrix has already been promoting for years. Even at the last Citrix Synergy the roaming of sessions was used in one of the demos. That roaming of session is based on Workspace Control. On the tab Workspace Control you can enable or disable the roaming behavior and if enabled how Workspace Control should be responding including the option to show the option in the GUI of the Receiver for Web sites.

Figure 5: Workspace Control

Another important tab is Client Interface Settings. On this tab you can configure the behavior of the Receiver for Web sites. You can enable or disable the auto start of a XenApp/XenDesktop desktop when using a desktop. You can also enable or disable the Desktop Viewer (the black toolbar showing on top of the Citrix session). Also the time between multiple clicks can be configured on this tab (so users do not start a Published Application or Desktop multiple times). Also the view of StoreFront can be defined: showing or not showing the desktop or application view or both. The default view can also be configured. This comes into play if you both have a desktop(s) and applications published and want to set a view as default. Be careful with auto as this is dependent of the Receiver experience configured.

Figure 6: Client Interface Settings

The last tab is as the name applies for Advanced Settings. The most important one is probably enabling or disabling the folder view, this one was requested a lot. The other options I would not change from default.

Figure 7: Edit Receiver for Web Site
  • Configure Remote Access Settings
On this part you can configure the connection with the NetScaler Gateway for remote access. The options are the same as shown during the initial wizard.
  • Configure XenApp Services Support
Just as Configure Remote Access Settings this part is also available in the initial wizard. Here you can change configure or change the functionality formerly known as PNAgent. The options are exactly the same as during the initial wizard.
  • Configure Store Settings
Within Configure Store Settings, options can be found that are applied at the Store level. Several options are available. The first option is User Subscription. Within this option you can enable the User Subscription feature, which makes it possible for users to favorite their Desktops or Published Applications shown on the home screen of StoreFront.

Figure 8: Store Settings: User Subscriptions

Second option is Kerberos Delegation. Here you can enable or disable Kerberos delegation to the Delivery Controllers. I never used the Kerberos delegation part, so I cannot share experiences with this functionality.
New in StoreFront 3.5 is Optimal HDX Routing. Optimal HDX Routing works in combination with the Zones functionality introduced in XenDesktop 7.7. With Optimal HDX Routing Users can be routed to the NetScaler Gateway that is located in the same datacenter as the XenDesktop/XenApp server or VDI where the user is routed to. For each NetScaler Gateway you can specify the zone name(s) for which the Gateway is the primary access point.

Figure 9: Store Settings: Optimal HDX Routing

Next is the Citrix Online Integration. Here you can enable that icons are shown to the end-user of the Citrix Online products GoToMeeting, GoToWebinar and GoToTraining. Happily those icons are disabled by default, in previous versions they were enabled by default.

Within Advertise Store you can configure that the store is presented to the end user when using e-mail discovery, while the last option Advanced Settings is offering all kinds of settings that do not fit in the just discussed components. Within Advanced Settings some interesting options are available like Allow Font Smoothing, allow session reconnect, Enable socket spooling, Filter resources and override ICA client name. I advise only to change those settings, when support articles are pointing to changing those settings for issues you currently have.
  • Export Provisioning File
This is actually not a configuration option, but the option to generate a file that can be used to configure the Receiver to communicate with the Citrix infrastructure.
  • Manage NetScaler Gateways / Manage Beacons
The Manage NetScaler Gateways and Manage Beacons options are placed higher in the pane as those are not limited to one Store. Within Manage NetScaler Gateways you can add, delete or modify the NetScaler Gateway settings together with the Secure Ticket Authority options. The options are similar as shown in the initial configuration wizard and are also available at Configure Remote Access settings. Manage Beacons is a separate component. Within Beacons you add sites so StoreFront can determine if the connection is made from the internal network or is set-up from the Internet. This is required when using the same URL for internal as external sessions.

We went through all the configuration options available in StoreFront 3.5. As a last topic I will show you how to create a fault tolerant/load balanced StoreFront infrastructure.


Fault Tolerant Citrix StoreFront configuration

Till now we have worked with one StoreFront server. Citrix did a good job about publishing a document about the scalability of Citrix StoreFront. In one of the articles they mention that a 2 vCPU StoreFront server can handle 32000 user connections per hour and with more CPU’s added this number can go up to 75000 user connections per hour. For many organizations those numbers are high enough to use one server for handling the load. However for fault tolerance you want to have at least one additional server. In StoreFront servers can be easily combined to a so called Server Group.

Let’s take a look how to set-up a Server Group. The first step is to install a StoreFront server and configure those to your need (at least the initial configuration wizard). The second step is to install another StoreFront server via the installation steps described earlier.

When the installation is complete go to the StoreFront Console on the first server and choose Server Group in the left pane. Within the Server Group in the right pane there is the option Add Server. When using Add Server a window will pop-up showing the information to add a server to this server (group).

Figure 10: Adding a server to a Server Group

On the server you would like to add you choose Join existing Server Group in the StoreFront console. After that you need to fill in the provided information from the first server.

Figure 11: Join existing server group

Next the servers will be connected and the configuration is replicated to the new server. When the process is finished on both machines a message will be displayed about the join process. Do not forget that the servers are not replicating automatically. When you make changes to the configuration you always execute the task on the first server, when the changes are done you go to the server group part and choose Replicate changes from the right pane.

Now the configuration of StoreFront is replicated and available on both StoreFront servers. However StoreFront does not provide an option out of the product to load balance the users over the two servers automatically. For that we need to add a (hardware) load balancer. You can use a NetScaler appliance for example



In this article I described the steps to install and configure a Citrix StoreFront 3.5 server. In steps above we executed the installation, the initial configuration wizard and started with the configuration options and we continued with the configuration options and set-up a StoreFront Server Group for load balancing and fault tolerance.
Like This Article ? :

We encourage healthy criticism, so do not hesitate to leave your thoughts in comment box.