Decision: StoreFront or Web Interface
Web Interface and StoreFront are two different solutions, whose feature sets overlap in many areas, but also offer a variety of distinct features. Therefore it is very important for organizations to review
the capabilities of each product against their requirements. In general, it is strongly recommended to build new solutions based on StoreFront. Since new features will not be added to Web Interface,
this chapter will focus on StoreFront only.
Note: Web Interface 5.4 support has been extended for XenDesktop 7.6 & XenApp 7.6. For more information please view the Citrix Product Matrix.
While StoreFront goes beyond Web Interface in many areas, StoreFront 2.5 and 2.6 does not support all features of Web Interface.
Note: With StoreFront 2.0 and higher, it is no longer necessary to store user subscription data in Microsoft SQL database.
The following table outlines the Web Interface features that are not available in StoreFront 2.6:
StoreFront
Citrix StoreFront, the successor to Citrix Web Interface, authenticates users to XenDesktop, XenApp, and App Controller (SaaS Apps) resources. StoreFront enumerates and aggregates available desktops and applications into stores that users access through Citrix Receiver for Windows, iOS, Android, Win8/RT or Receiver for Web sites. StoreFront is an integral component of XenDesktop 7.x and can be used with XenApp 5.0/XenDesktop 5.5 and higher deployments. StoreFront is essential for managing multisite XenDesktop deployments. For more information on StoreFront, see the Citrix eDocs – About StoreFront.
Decision: Unauthenticated Access
Unauthenticated access allows users to access XenApp published desktops and applications via Citrix StoreFront without having to provide Active Directory domain credentials. Unauthenticated access offers a fast logon experience and is generally used with public or kiosk workstations, or applications with built-in user management features.
Building a XenApp environment with unauthenticated access requires the following components:
• XenApp 7.6 Delivery Controller
• StoreFront 2.6 store that has been configured for unauthenticated users
• Virtual Delivery Agent running on Windows Server 2008 R2 or higher
• A client with Citrix Receiver installed
When a XenApp unauthenticated access session is launched, a local user account becomes associated with the session. When the session logs off, the local user account is returned to the pool to be used by another connection. The local accounts are typically named AnonXYZ, where XYZ is a unique 3-digit value.
Unauthenticated access is enabled in Citrix Studio when specifying the users or user groups allowed access to applications and/or desktops in the Delivery Group.
The server VDA will create the anonymous local accounts on demand up to the maximum specified in the registry or 99 if no maximum is provided. This number can be changed by editing the
value for the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\ MaxAnonymousUsers
The Anonymous Users’ profiles are reset after each session ends. For considerations and requirements for unauthenticated access please refer to Citrix eDocs – Manage users in a Delivery Group.
Experience from the Field
A hospital is using XenApp to deliver their EMR application to users. ThinClient devices on stationary and mobile carts are being used by doctors and nurses to capture and retrieve patient data.
Unauthenticated access has been configured to prevent medical staff from having to authenticate to the domain as well as the EMR application.
Decision: High Availability
If the server hosting StoreFront or the respective web service is unavailable, users will not be able to launch new virtual desktops, published applications or manage their subscriptions. Therefore
at least two StoreFront servers should be deployed to prevent this component from becoming a single point of failure. By implementing a load balancing solution, users will not experience an interruption in their service. Options include:
• Hardware load balancing – An intelligent appliance, which is capable of verifying the availability of the StoreFront service and actively load balance user requests appropriately. Citrix NetScaler is a great example of a hardware load balancer. Citrix NetScaler is an ideal load balancer, coming pre-configured with StoreFront health checks.
• DNS Round Robin – Provides rudimentary load balancing across multiple servers without performing any checks on availability. If a StoreFront server becomes unavailable, DNS round robin would still route users to the failed server. Because of this, DNS round robin is not recommended by Citrix.
• Windows network load balancing – A Windows service capable of performing rudimentary checks to verify the server is available but cannot determine the status of individual services. This can cause users to be forwarded to StoreFront servers which are not able to process new requests. The user would then not be able to launch applications in their session.
The following figure (on the next page) shows a typical StoreFront deployment using Citrix NetScaler, operating as a load balancer for the environment. External users authenticate and gain access to StoreFront with the help of a NetScaler Gateway. NetScaler will also authenticate internal users as well.
Decision: Delivery Controller High Availability and StoreFront
To provide users with desktops and applications, StoreFront must be configured with the IP address or DNS name of at least one Controller in each XenDesktop and XenApp site. For fault tolerance,
multiple controllers should be entered for each site and/or farm specified. StoreFront will automatically failover to the second server in the list if the first server becomes unavailable (active/passive). For large deployments or environments with a high logon load an active distribution of the user load (active/active) is recommended. This can be achieved by means of a load balancer with built-in XML monitors and session persistency, such as Citrix NetScaler.
No comments:
Post a Comment