In this article I will walk you through the installation and configuration steps for setting up a Citrix StoreFront infrastructure.
Citrix StoreFront is the successor of old good Citrix Web Interface. With the release of StoreFront 3.5 together with XenDesktop 7.8 at the end of February 2016 also the administrator possibilities are on the same level as Web Interface. Personally I think there are (almost) no reasons more to migrate from Web Interface to StoreFront anymore.
Installation MethodFirst we need to determine how and on which system we would like to install StoreFront. StoreFront can be installed on Windows 2008R2, Windows 2012 and Windows 2012R2. StoreFront requires .Net Framework and Internet Information Services (IIS). Based on the last requirement (IIS) I personally prefer to install Citrix StoreFront on a separate machine.
However you also can install StoreFront on the Delivery Controller, this is even a default setting when you install a Delivery Controller as shown in figure 1. There is also a separate download available, but also the XenDesktop installer offers the possibility to install the StoreFront separately. For Proof of Concepts or small environments it’s doable to combine the StoreFront and Delivery Controller role.
For larger environments I recommend to install StoreFront on a different system. It can be combined with Citrix Directory for example.
Figure 1: Installation options Citrix StoreFront
InstallationFor this article I will use the separate download for installing StoreFront. After selecting the single execution installation file the installation wizard is started. The installation is actually pretty simple and consists of a few steps only.
The first step is to accept the license agreement.
Figure 2: StoreFront License Agreement
If not installed already the prerequisites will be installed automatically. In my case IIS role is not already activated, so the installation will take care of that.
Figure 3: StoreFront Review Prerequisites
The next step is to actually confirm that StoreFront (with his prerequisites) may be installed on the machine.
Figure 4: StoreFront Ready to Install
After a while the installation is done, showing the status of each component.
Figure 5: Successfully installed StoreFront
After the installation the StoreFront console is automatically started, so you can start configuring StoreFront directly.
ConfigurationWhen the StoreFront Console is started you have two options: Create a New Deployment and Join an existing server group. For the first initial server we need the option Create a New Deployment. Later on in this article I will discuss the Join an existing server group option.
Figure 6: Initial StoreFront configuration.
For production environment it’s recommended to use https. To accomplish this for StoreFront you need to add a certificate and bind it to the default website. If you don’t know the exact steps you can find good guides on the Internet for these steps. You can configure StoreFront with http, but logically it is not secure. For the actual configuration steps it does not matter if you are using http or https.
The first windows of the configuration wizard asks for the base URL. By default the wizard offers the computer name however it’s a good thing to change the URL to a more generic name, especially when you set-up a StoreFront infrastructure that exists of more StoreFront servers (more on that later on this article).
Figure 7: StoreFront configuration Base URL.
After entering the base URL the store is already created, this can take some time. After the actual creation, the wizard shows a diagram that shows the three possible connection methods to the StoreFront. This is just for information at this moment, we can continue using the Next button.
Figure 8: StoreFront configuration Getting Started
The wizard continues with asking for a Store name. The store name can be any name, but remember that the name is used in the URL for Receiver for Web Site. New in StoreFront 3.5 (compared with earlier StoreFront versions) is the option to set the Receiver for Web site, which is created out of the store and will be the default IIS web site. You can also allow unauthenticated access to this store.
Figure 9: StoreFront configuration Store Name and Access
To contact the XenDesktop/XenApp environment you need to specify the Delivery Controllers information, so StoreFront knows which servers to contact. Choose the Add button to add a XenDesktop/XenApp environment. If you have more environments you need to add those separately via the Add button.
Figure 10: StoreFront configuration Delivery Controllers.
In the pop-up window you provide a name for the group of delivery controllers. I normally use the same name as the XenDesktop/XenApp site. Secondly you need to choose the type of the environment. In this article I will use a XenDesktop/XenApp 7.x environment. StoreFront also supports XenApp 6.5 and XenApp 5.0. Next you specify the Delivery Controllers of the XenDesktop/XenApp site and preferable use those in a load balanced set-up, followed by specifing the communication port (default HTTP port 80).
Figure 11: StoreFront configuration Add Delivery Controller
After adding a XenDesktop/XenApp site it shows up in the wizard. If you have more environments you can add the following environment via the Add button till all environments are added.
Next you are asked to enable Remote Access for the StoreFront store. With Remote Access you configure the StoreFront to work together with a NetScaler Gateway allowing users to connect to the environment. When you would like to connect using a NetScaler Gateway you enable Remote Access and provide information about the NetScaler Gateway. For simplicity I skip this step in this article.
Figure 12: StoreFront configuration Remote Access
StoreFront supports several authentication methods. Most used are User Name and Password, Domain pass-through and Pass-through for NetScaler Gateway. Via the option Smart card, StoreFront can also be combined with smart card logons.
Figure 13: StoreFront configuration Authentication Methods
The last step is to enable the XenApp services URL. This option is better known as PN Agent in Web Interface. If you are using application shortcut publishing in the Start Menu using PN Agent, this option should be checked.
Figure 14: StoreFront configuration XenApp Services URL
After choosing the Create button in the previous step the configuration will be added to the Store and the Receiver for Web Site will be added to the StoreFront set-up. The same diagram will be shown as in the beginning of the wizard.
Figure 15: StoreFront configuration successfully
In the StoreFront console the Store is created. If you already worked with previous StoreFront version, you will notice that the GUI has been changed. Personally I like the new approach as it simplifies the administration and configuration of the environment.
Figure 16: StoreFront Console
In this new version many configuration options are (finally) available within the GUI. In previous versions you needed to edit the configuration (web.config) manually. Let’s go over the Store configuration options, available in the right pane:
- Manage Delivery Controllers
- Configure Unified Experience
- Manage Authentication Methods
Figure 17: Authentication Methods
- Manage Receiver for Web Sites
Figure 1: Customize Experience
First of all you can enable or disable the Unified Experience on this level. This makes it possible to configure two Receiver for Web sites, where you can both offer the old and new look and feel in a migration project for example. At Customize Appearance you can change the look and feel/branding. Within the GUI you can change logo and header and some basic colors. There are many more options via other methods. I will go into more detail about this topic in a separate article.
Another option is the Featured App Groups. Via this option you can group Published Applications in the Receiver for Web sites. This can be useful if users have a lot of Published Applications to find applications more quickly. The applications can be grouped based on keywords, which can be defined as one of the properties. The Featured Groups are shown in blocks above the overview of Published Applications.
Figure 2: Featured App Groups
At authentication methods you can enable or disable the authentication method on the Receiver for Web sites, while at Website shortcuts you can integrate the StoreFront functionality within your business website. Till now I did not use this option, so unfortunately I cannot share any experiences of this feature.
Figure 3: Deploy Citrix Receiver
At Deploy Citrix Receiver you can select the deployment options of the Citrix Receiver. By default, Install locally is selected, but this can be changed to Always use Receiver for HTML5 or Use Receiver for HTML 5 if the local Receiver is unavailable. When you select an option where the local Receiver is included you can also offer a download of the local Citrix Receiver. The client can be offered via the website of Citrix, local on the StoreFront server or on a remote server. When using the StoreFront Server you can also upload the client to the correct location. Also when you offer the client via the StoreFront server the plug-in can be upgraded when the users log in.
The next configuration option is labeled Session Settings. Here you can define several session time-outs for the StoreFront environment. The most important is the session time-out. With this setting you define when the Receiver for Web site logs off the user of the website. There is no correct setting for this one, it depends on the customer needs. For example an organization starting a desktop will use a shorter session time out than an organization that is using Published Applications.
Figure 4: Session Settings
Workspace Control is the feature that Citrix has already been promoting for years. Even at the last Citrix Synergy the roaming of sessions was used in one of the demos. That roaming of session is based on Workspace Control. On the tab Workspace Control you can enable or disable the roaming behavior and if enabled how Workspace Control should be responding including the option to show the option in the GUI of the Receiver for Web sites.
Figure 5: Workspace Control
Another important tab is Client Interface Settings. On this tab you can configure the behavior of the Receiver for Web sites. You can enable or disable the auto start of a XenApp/XenDesktop desktop when using a desktop. You can also enable or disable the Desktop Viewer (the black toolbar showing on top of the Citrix session). Also the time between multiple clicks can be configured on this tab (so users do not start a Published Application or Desktop multiple times). Also the view of StoreFront can be defined: showing or not showing the desktop or application view or both. The default view can also be configured. This comes into play if you both have a desktop(s) and applications published and want to set a view as default. Be careful with auto as this is dependent of the Receiver experience configured.
Figure 6: Client Interface Settings
The last tab is as the name applies for Advanced Settings. The most important one is probably enabling or disabling the folder view, this one was requested a lot. The other options I would not change from default.
Figure 7: Edit Receiver for Web Site
- Configure Remote Access Settings
- Configure XenApp Services Support
- Configure Store Settings
Figure 8: Store Settings: User Subscriptions
Second option is Kerberos Delegation. Here you can enable or disable Kerberos delegation to the Delivery Controllers. I never used the Kerberos delegation part, so I cannot share experiences with this functionality.
New in StoreFront 3.5 is Optimal HDX Routing. Optimal HDX Routing works in combination with the Zones functionality introduced in XenDesktop 7.7. With Optimal HDX Routing Users can be routed to the NetScaler Gateway that is located in the same datacenter as the XenDesktop/XenApp server or VDI where the user is routed to. For each NetScaler Gateway you can specify the zone name(s) for which the Gateway is the primary access point.
Figure 9: Store Settings: Optimal HDX Routing
Next is the Citrix Online Integration. Here you can enable that icons are shown to the end-user of the Citrix Online products GoToMeeting, GoToWebinar and GoToTraining. Happily those icons are disabled by default, in previous versions they were enabled by default.
Within Advertise Store you can configure that the store is presented to the end user when using e-mail discovery, while the last option Advanced Settings is offering all kinds of settings that do not fit in the just discussed components. Within Advanced Settings some interesting options are available like Allow Font Smoothing, allow session reconnect, Enable socket spooling, Filter resources and override ICA client name. I advise only to change those settings, when support articles are pointing to changing those settings for issues you currently have.
- Export Provisioning File
- Manage NetScaler Gateways / Manage Beacons
We went through all the configuration options available in StoreFront 3.5. As a last topic I will show you how to create a fault tolerant/load balanced StoreFront infrastructure.
Fault Tolerant Citrix StoreFront configurationTill now we have worked with one StoreFront server. Citrix did a good job about publishing a document about the scalability of Citrix StoreFront. In one of the articles they mention that a 2 vCPU StoreFront server can handle 32000 user connections per hour and with more CPU’s added this number can go up to 75000 user connections per hour. For many organizations those numbers are high enough to use one server for handling the load. However for fault tolerance you want to have at least one additional server. In StoreFront servers can be easily combined to a so called Server Group.
Let’s take a look how to set-up a Server Group. The first step is to install a StoreFront server and configure those to your need (at least the initial configuration wizard). The second step is to install another StoreFront server via the installation steps described earlier.
When the installation is complete go to the StoreFront Console on the first server and choose Server Group in the left pane. Within the Server Group in the right pane there is the option Add Server. When using Add Server a window will pop-up showing the information to add a server to this server (group).
Figure 10: Adding a server to a Server Group
On the server you would like to add you choose Join existing Server Group in the StoreFront console. After that you need to fill in the provided information from the first server.
Figure 11: Join existing server group
Next the servers will be connected and the configuration is replicated to the new server. When the process is finished on both machines a message will be displayed about the join process. Do not forget that the servers are not replicating automatically. When you make changes to the configuration you always execute the task on the first server, when the changes are done you go to the server group part and choose Replicate changes from the right pane.
Now the configuration of StoreFront is replicated and available on both StoreFront servers. However StoreFront does not provide an option out of the product to load balance the users over the two servers automatically. For that we need to add a (hardware) load balancer. You can use a NetScaler appliance for example