CXD 310 2I en StudentExerciseWorkbook 1 3 Days v05

Download as pdf or txt
Download as pdf or txt
You are on page 1of 390

Education

Citrix Virtual Apps and Desktops 7.1x Advanced


Management with App Layering, WEM and HDX
Citrix Course: CXD-303-2I

Exercise Workbook
Version 2.2
Credits
Title Name
Architect Justin Apsley
Product Manager Amit Ben-Chanoch
Technical Solutions Developers Edwin Villafana
Chris McMillan
Karthik Raja
Nitesh Sharma
Ryan Keller
Instructional Designer
Graphic Designer Ryan Flowers
Publication Services Rahul Mohandas

2
Contents
Credits ................................................................................................................................................................... 2
Exercise Workbook Overview ................................................................................................................................. 5
Lab Environment Overview..................................................................................................................................... 6
LAB ACCESS ............................................................................................................................................................ 7
Module 1: Intermediate Site Architecture ............................................................................................................... 8
Exercise 1-1: Verify SQL connections .................................................................................................................. 8
Exercise 1-2: Validate the <service name> service............................................................................................. 14
Exercise 1-3: Create a Satellite Zone ................................................................................................................. 16
Exercise 1-4: Move Controller into the Satellite Zone ........................................................................................ 21
Exercise 1-5: Move a Catalog into a Satellite Zone ............................................................................................ 23
Exercise 1-6: Auto update Policy....................................................................................................................... 25
Exercise 1-7: Identifying VDA Controller Registration ........................................................................................ 29
Exercise 1-8: Add a Home Zone for a User ........................................................................................................ 35
Exercise 1-9: Add a Home Zone for an App ....................................................................................................... 37
Exercise 1-10: Test Home Zone App Launch ...................................................................................................... 43
Module 2: Workspace Environment Management (WEM)..................................................................................... 49
Exercise 2-1: Install the Agent Host on Server OS .............................................................................................. 49
Exercise 2-2: Manage the VDA Machines Using WEM Console .......................................................................... 55
Exercise 2-3: Identify CPU Spikes ...................................................................................................................... 58
Exercise 2-4: Configure CPU Management ........................................................................................................ 60
Exercise 2-5: Test the changes .......................................................................................................................... 63
Exercise 2-6: Manage the VDA Processes .......................................................................................................... 64
Exercise 2-7: Log on to Test the Default Environment ....................................................................................... 70
Exercise 2-8: Configure User Environment Settings ........................................................................................... 74
Exercise 2-9: Log on to Test the Now Configured Environment.......................................................................... 82
Module 3: StoreFront Optimization and Routing ................................................................................................... 87
Exercise 3-1: Set the Default Page Redirect....................................................................................................... 87
Exercise 3-2: Configure StoreFront Tuning ........................................................................................................ 91
Exercise 3-3: Use Browser Developer Tools....................................................................................................... 98
Exercise 3-4: Configure NetScaler Branding .................................................................................................... 103
Exercise 3-5: Configure Optimal Gateway Routing .......................................................................................... 111
Exercise 3-6: Test Optimal Gateway Testing .................................................................................................... 124
Module 4: HDX and Multimedia.......................................................................................................................... 127
Exercise 4-1: Enlightened Data Transport (EDT) .............................................................................................. 127
Exercise 4-2: Test EDT .................................................................................................................................... 133
Exercise 4-3: Configure EDT with NetScaler..................................................................................................... 136
Exercise 4-4: Thinwire Compatibility 8-bit Mode ............................................................................................. 140
Exercise 4-5: Enable Flash Redirection ............................................................................................................ 147
Exercise 4-6: Test Windows Media Redirection ............................................................................................... 151
Module 5: App Layering...................................................................................................................................... 155
Exercise 5-1: Create an App Layer with Microsoft Office ................................................................................. 155
Exercise 5-2: Create an App Layer with PDF Reader ........................................................................................ 178
Exercise 5-3: Create a Template...................................................................................................................... 189
Exercise 5-4: Create a Machine Catalog .......................................................................................................... 200

3
Exercise 5-5: Create an Elastic Layer ............................................................................................................... 213
Exercise 5-6: Update an App Layer.................................................................................................................. 218
Exercise 5-7: Update the Machine Catalog ...................................................................................................... 231
Self-Paced Bonus Exercise 5-8: Configure the ELM Server ............................................................................... 246
Self-Paced Bonus Exercise 5-9: Create an OS Layer ......................................................................................... 260
Self-Paced Bonus Exercise 5-10: Create a Platform Layer ................................................................................ 284
Self-Paced Bonus Exercise 5-11: Create an App Layer with WinSCP ................................................................. 309
Self-Paced Bonus Exercise 5-12: Create an App Layer with NotePad++ ............................................................ 322
Self-Paced Bonus Exercise 5-13: Create a Template. ....................................................................................... 336
Self-Paced Bonus Exercise 5-14: Create a Machine Catalog. ............................................................................ 345
Self-Paced Bonus Exercise 5-15: Create an Elastic Layer .................................................................................. 355
Self-Paced Bonus Exercise 5-16: Update an OS Layer ...................................................................................... 360
Self-Paced Bonus Exercise 5-17: Update an App Layer .................................................................................... 372
Self-Paced Bonus Exercise 5-18: Delete an App Layer...................................................................................... 384

4
Exercise Workbook Overview
Lab Exercises:
The exercises in this exercise workbook were developed for use with the CXD-310 Citrix XenApp and XenDesktop
course. The virtual machines in this lab are running on Windows Server 2016 and Windows 10 Desktop.

Lab Scenario:
WW Labs is a technical company whose infrastructure topology is centrally located in New York City, referenced as
NYC in the company naming convention. Your team has managed a XenApp and XenDesktop Platinum
environment for a few years, and recently upgraded the environment to version 7.15. The new CTO would like to
expand the size of the XenApp and XenDesktop environment in preparation for a series of acquisitions that are
currently going through regulatory approval. However, before the expansion occurs, she wants to ensure that the
environment is secured and optimized before more users are added. The Lead Citrix Architect has tasked the Citrix
Administrator team to implement the following changes to a development environment to determine whether
they will be feasible for an eventual production implementation:

 Create a satellite zone with a Delivery Controller and Virtual Delivery Agents (VDAs), and then assign
home user and app zones as needed.
 Use Workspace Environment Manager (WEM) to manage user profiles and settings, improve security, and
optimize resource utilization on the VDAs.
 Secure communications to and from the VDAs.
 Tune the StoreFront servers and implement optimal gateway routing settings.
 Improve the end-user experience by implementing branding on the NetScaler Gateway logon page, as
well as testing the new Enlightened Data Transport (EDT) transport protocol, Thinwire 8-bit mode, and
multimedia redirection.

Additionally, the Citrix Architect wants to ensure that the team is prepared to manage and support a larger
environment. No funds are available for hiring additional resources for the Citrix Administrative team, so the
current team will need to optimize the way certain operational activities occur:

 Validate and troubleshoot FMA service status.


 Implement Application Layering to optimize image and application management.
 Improve XenApp and XenDesktop troubleshooting techniques and tools.

You are a Citrix Administrator on the WW Labs Citrix Administrator team and you have been tasked to assist with
this implementation.

5
Lab Environment Overview
SERVER LIST

Virtual Machine Name IP Address Operating System Description


NYC-ADS-001 192.168.10.11 Windows Server 2016 Domain Controller, DNS, DHCP
NYC-SQL-001 192.168.10.21 Windows Server 2016 SQL Server
NYC-FSR-001 192.168.10.17 Windows Server 2016 File Server, Print Server
NYC-XDC-001 192.168.10.46 Windows Server 2016 Delivery Controller
NYC-XDC-002 192.168.10.47 Windows Server 2016 Delivery Controller
NYC-STF-001 192.168.10.31 Windows Server 2016 StoreFront 3.8
NYC-SRV-001 192.168.10.49 Windows Server 2016 Server OS VDA 7.13
NYC-SRV-002 192.168.10.54 Windows Server 2016 Server OS VDA 7.13
NYC-DTP-001 192.168.10.52 Windows 10 Desktop OS VDA 7.13
NYC-DTP-002 DHCP Windows 10 Machine Creation Services (MCS)
machine for App Layering
NYC-DTP-004 DHCP Windows 10 Non-Domain Joined for App
Layering
NYC-ELM-001 192.168.10.76 CentOS Virtual Appliance for App Layering
NYC-ELM-002 192.168.10.77 CentOS Virtual Appliance for App Layering

CREDENTIALS LIST

Username Password Description


Workspacelab\Administrator Password1 Domain Administrator
(workspacelab.com)
Admin1 Password1 Local (non-domain) user
Workspacelab\HR1 Password1 HR User

6
LAB ACCESS
Once connected to the Student Desktop, start both the lab management consoles: Remote Desktop Connection
Manager and XenCenter as shown in the example below.

The icon to start the Remote Desktop Connection manager is named CXD-310.rdg and the icon to start XenCenter
is Citrix XenCenter.

You will primarily use the Remote Desktop Connection Manager to login and interact with your virtual lab
machines. You will primarily use XenCenter to manage the power state of the virtual machines and manage the
mounting and un-mounting of ISOs used in installations.

Remote Desktop Connection Manager is pre-configured with the credentials required for this lab. To select the
credentials you wish to use as shown in the example below, right-click the machine and select Connect server as.

7
Module 1: Intermediate Site Architecture
Overview:
The module presents how to verify the core FMA services within a XenApp and XenDesktop Site, identify and
change the connection string of a service to the Site database, and create a satellite Zone.

Before you begin:


Estimated time to complete Module 1 lab exercises: 34 minutes

Exercise 1-1: Verify SQL connections


Scenario:
You are a Citrix Administrator for your company, WW Labs. As part of the large company-wide initiative to unify
the naming conventions of all servers, your team has been tasked with renaming all the non-compliant servers. An
engineer on your team implemented the name change on the SQL Server using knowledge base article CTX140319.
After the changes were made, Citrix Studio can no longer be started and is reporting an error A working service
could not be found. The Citrix Architect has assigned you to investigate and resolve this issue.

Step Action
1. The following VMs are required before beginning the exercises for this Module; all others may be
powered down.

To power manage your VMs, switch to XenCenter, right-click on the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.

• NYC-ADS-001
• NYC-DTP-001
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-XDC-001
2. Connect to XenCenter console and verify that NYC-XDC-002 is shut down. If powered on, right-click
and Shut Down.
3. Using the CXD-310.rdg named icon on the Student Desktop, launch the Remote Desktop Connection
Manager.

8
Note: The Remote Desktop Connection Manager is the primary management console used to log on
and interact with the virtual machines of the lab environment. Throughout the rest of the course, the
exercise workbook will reference the named icon above as Remote Desktop Connection Manager.
4. Using the Remote Desktop Connection manager, connect to NYC-XDC-001.

To log on to NYC-XDC-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
5. Double-click the Breaker icon that is located on your desktop.

Enter the following text and click Break button:

DB Connection

Wait for confirmation that changes are applied, and then click OK and close the application.

Note: This operation can take up to five minutes.

9
6. Click Start > Citrix and select Citrix Studio. Notice that Studio fails to initialize properly.

Note: Studio will take few minutes to open. If prompted with Snap-in error, click Cancel.
7. After Citrix Studio fails to load, notice the error message saying A working ‘Environment Test’ service
could not be found. Click View details button to review the details of the failure.

The first part of the Error Details includes the .NET exception details, while the second part covers the
specific PowerShell code that has triggered the error. Scroll to the bottom of Error Details box and
review the PowerShell code that has triggered this error message. Notice that the last cmdlet
executed for NYC-XDC-001 was Get-EnvTestServiceStatus.

10
Note: After failing to connect on NYC-XDC-001, same command is tried remotely on NYC-XDC-002.
NYC-XDC-002 is turned off for this exercise to narrow down the problem with NYC-XDC-001
controller.
8. Close Error Details window, and then close Studio.
9. Open PowerShell ISE from the taskbar.
10. Confirm that all Citrix services are in the Running state with the following command. Pay special
attention to the Citrix Environment Test Service.

Get-Service Citrix* | Where {$_.Status –ne “Running”}

The command should not return any services, as it is checking the services that are not (-ne means
not equal) in the running state.

You have confirmed that the Windows service is up and running. However, that does not mean that it
is fully functional. In order to do that, you will have to review the internal status of the services.
11. From the PowerShell ISE load all required snap-ins:

Add-PSSnapin Citrix.*

Execute the command below to find out which cmdlets are available to retrieve a status of services on
controller:

Get-Command Get-*ServiceStatus

11
12. As services are independent of each other, you have to execute the cmdlet for each one of them.
Execute the below commands, one at a time, to check each service.

Get-AcctServiceStatus;
Get-AdminServiceStatus;
Get-AnalyticsServiceStatus;
Get-AppLibServiceStatus;
Get-BrokerServiceStatus;
Get-ConfigServiceStatus;
Get-EnvTestServiceStatus;
Get-HypServiceStatus;
Get-LogServiceStatus;
Get-MonitorServiceStatus;
Get-OrchServiceStatus;
Get-ProvServiceStatus;
Get-SfServiceStatus;
Get-TrustServiceStatus;

Notice that the only failing service status is for Get-EnvTestServiceStatus. The status message
returned is DBNotFound, which suggests there is a problem with DB connection. The next step is to
retrieve the configuration of EnvTest SQL connection string.

Note: You could create a function to save time or use a ForEach loop to execute all of them.
13. As a first step, you will find the cmdlet that is used to retrieve the SQL connection string.

Get-Command Get-*EnvTest*DB*

In output, you can see four different cmdlets that could be potentially used. If you cannot decide
which one is the right one, you can use Get-Help to find details about each of them: in this case, Get-
EnvTestDBConnection is a right option. Cmdlets with Get verb are generally safe to run, as they are
executing only read-only queries.
14. From the command-line, execute the following command to get DB connection string for EnvTest
service:

Get-EnvTestDBConnection

12
Notice that the old name SQL1 is still being used, and this service has not been updated with the new
DB connection string. As a next step, you will get a working DB connection string from another service
and apply it to EnvTest service.

Note: Command may take some time to show the output.

ARCHITECT’S TIP: SQL connection strings are stored in the registry under
HKLM\Software\Citrix\XDServices. While this method can be useful, it is a less reliable method than
PowerShell cmdlets.
15. Retrieve the working DB connection string from another service. Select one of the other functional
services (not the EnvTest) and retrieve the DB connection string that is used. You can either copy the
string to the clipboard or assign it to the variable $DBConnection with the following command:

$DBConnection = Get-AcctDBConnection

The variable that is created will be used to identify the connection string ($DBConnection). By
executing the variable, you can see the content (if you want to try it, just execute $DBConnection).

All XenDesktop services that are connecting to the main SQL DB are using the same DB connection
string. Instead of manually typing the correct DB connection string, you can just copy an existing one
from another service instance.
16. Before applying this DB connection string, it is recommended to test if it works properly with the
following command:

Test-EnvTestDBConnection –DBConnection $DBConnection

ServiceStatus (property) should now report status OK. Test-*DBConnection cmdlets are used to
attempt to connect to the database without changing the current configuration and should always be
used before making any changes to the SQL connection string.
17. Clear DB connection string for EnvTest service.

Set-EnvTestDBConnection -DBConnection $Null

As a final step, update the DB connection string for service EnvTest.

Set-EnvTestDBConnection -DBConnection $DBConnection

ARCHITECT’S TIP: As a precaution against unintended changes, it is not possible to transition from
one connection to another directly. You have to clear the original connection first (by assigning $Null
value to it). This operation is mandatory and needs to be performed before you can assign new value
to the DB connection string.

13
18. Start Citrix Studio and confirm that it does not report any errors.

Note: Click Cancel, if Snap-in error appear.


19. Close the PowerShell ISE window.

Key Takeaways:
• Citrix Studio errors typically generate Error Details, which include .NET exception details as well as the
PowerShell code that triggered the error. These can be used to initiate the troubleshooting process.
• It is possible for an FMA service to be running, but not fully functional. Use the Get-<Service>Status to
determine the internal status of individual FMA services.
• Each XenDesktop service is a standalone entity. Failure of one of the services does not affect other
services.
• The database connection strings between the Site database and the FMA services are configured
individually.
• When changing a database connection string, the connection must be set to the $Null value before
changing to the new connection string.

Exercise 1-2: Validate the <service name> service


Scenario:
You are a Citrix Administrator for your company, WW Labs. The Lead Citrix Administrator wants to test the zone
functionality now available with the current release of XenApp and XenDesktop. However, before you proceed, he
asks you to verify that the FMA services are running as expected on the Delivery Controller that will remain in the
Primary Zone. Although you are working in a development environment, other members of the Citrix
Administrative team are currently using it, and the Architect wants to make sure that the Controller is functioning
as expected before moving the other Controller to a new zone.

Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator

14
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Start PowerShell from taskbar.
3. Load Citrix PowerShell snap-in by typing the below command:

ASNP Citrix*
4. Type the below command to get all the Citrix services running on the machine:

Get-Service -DisplayName *citrix*

To Measure the count, type the below command:

Get-Service -DisplayName *citrix* | measure

Note: Above commands will show all the services running on the machine where display name
contains Citrix. Same commands can be run on machines with delivery agent installed to know all the
services running on delivery agent.
5. All services register with Configuration service. To know all the registered service instances, type the
below command:

Get-ConfigRegisteredServiceInstance

15
To Measure the count, type the below command:

Get-ConfigRegisteredServiceInstance |measure

This will show 120 instances as we have two Broker Controllers and each Broker Controller has 60
service instances registered. Type the above command to know the count of registered service
instances.

Key Takeaways:
• PowerShell commands can be used to identify FMA services and to verify their status.
• “Get” PowerShell commands are typically used to retrieve information about an object.
• Registered service instances are all independent of each other. If there is more than one Delivery
Controller in the Site, additional service instances will be registered for each one.

Exercise 1-3: Create a Satellite Zone


Scenario:
You are a Citrix Administrator for your company, WW Labs. The Lead Citrix Architect tells you that it is time to
implement a Satellite Zone within the development environment, because he expects that expected environment
expansion will include placing XenApp and XenDesktop resources in an additional location. Here, the secondary
zone will technically contain components located in the same datacenter as the Primary Zone, but the Architect
wants the Citrix Administration team to become familiar with creating and managing FMA Zones before
implementing them in production.

Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator

16
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Click Start > Citrix and select Citrix Studio.

Note: If a Snap-in error appears, click Cancel.

Note: Ignore this step if studio is open from previous exercises.


3. In the left pane, expand the Configuration node and select Zones.

4. Click Close on the Zones Welcome page.

17
5. In the right pane, under Actions select Create Zone.

6. Type:
• Zone name: Secondary
• Description: Satellite Zone

18
7. If NYC-XDC-001 is selected, clear the selection.

19
Note: None of the items will be checked if the Create Zone option was selected, but if Create Zone
(with items) is selected under a specific item’s heading, that item will be automatically selected on this
screen. Either way, items can be associated with the new Zone on this screen.
8. Click Save.
9. Verify that now you see two zones, Primary (created by default) and secondary Satellite Zone (just
created).

20
Key Takeaways:
• The Primary zone is created by default during the initial creation of the XenApp and XenDesktop Site.
• Additional zones can be created via Citrix Studio. Components can be moved between zones individually,
but an empty zone can be created first without needing to move anything right away.

Exercise 1-4: Move Controller into the Satellite Zone


Scenario:
After the Satellite Zone has been created, the Citrix Architect instructs you to move one of the existing Delivery
Controllers in the Site to the new Zone. Although a Zone is not required to have a Delivery Controller within it, the
Architect wants any VDAs that are placed within the Satellite Zone to be able to register with a Controller in that
Zone when possible.

Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Click Start > Citrix and select Citrix Studio.

Note: Ignore this step if studio is open from previous exercises.


3. In the left pane, expand the Configuration node and select Zones.

21
4. Click Close on the Zones Welcome page.

5. In the center pane, select Primary Zone and expand the Delivery Controller drop-down.

6. Right-click NYC-XDC-002 and select Move Item.

7. Select Secondary Satellite Zone.

22
8. Click Yes.
9. Click Secondary Zone and verify that NYC-XDC-002 is moved from the Primary Zone.

10. Close Citrix Studio.

Key Takeaways:

• Existing XenApp and XenDesktop components can be moved between FMA Zones from Citrix Studio.
• The Site database, and at least one Delivery Controller, must be in the Primary Zone. No Controllers are
required in the Satellite Zones; however, they may be desirable to ensure good communications with
VDAs in those Zones.

Exercise 1-5: Move a Catalog into a Satellite Zone


Scenario:
23
You are a Citrix Administrator for your company, WWLabs. The Lead Citrix Architect asks you to move an existing
Windows Server 2016 machine catalog to the Satellite Zone you created in the development XenApp and
XenDesktop environment. Because the Satellite Zone is located in the same datacenter as the Primary Zone, you
do not need to move the associated Host connection, which is also used for resources, which will stay in the
Primary Zone.

Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In the previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Click Start > Citrix and select Citrix Studio.

Note: Click Cancel if a Snap-in error appears.

Note: Ignore this step if Studio is open from previous exercises.


3. Using Studio, expand Citrix Studio (NYC) and browse to Configuration > Zones.
4. Click Close on the Zone’s welcome page, if it displays.
5. In the middle pane, select Primary.
6. Expand Machine Catalog and select NYC-CAT-Existing-ServerOS catalog.

7. Right-click NYC-CAT-Existing-ServerOS and select Move Item.

8. Select Secondary Satellite Zone and click Yes.

24
9. Select Secondary Zone, expand Machine Catalog and verify NYC-CAT-Existing-ServerOS catalog has
been moved successfully.

Key Takeaways:
• Typically, all VDAs should be in the same Zone as their underlying host connections (either on-premises
hypervisors or cloud service connection).

Exercise 1-6: Auto update Policy


Scenario:
After hearing about some VDA registration issues experienced by a colleague after some Delivery Controllers were
retired from the environment, the Lead Citrix Architect instructs you to explicitly enable the auto-update of
Controllers Citrix policy setting. The setting should be configured within the Unfiltered policy so that it applies to all
Delivery Controllers in the Development Site.

25
Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Using Studio, expand Citrix Studio (NYC) and select Policies in the left pane.

Note: If Studio was closed in previous exercise, click Start > Citrix and select Citrix Studio.
3. Click Close on the Citrix Policies welcome page.

4. In the right pane, under Unfiltered select Edit Policy.

26
5. Expand the All Settings drop-down, then select Virtual Delivery Agent Settings.

6. Click Select next to Enable auto update of Controllers policy.

7. Verify Allowed is selected by default and click OK.

27
8. Click Next and verify Enable policy is checked.

9. Click Finish.
10. Click Settings tab and verify that Enable auto update of Controllers policy is present.

28
11. Close the Studio console.

Key Takeaways:
• The Enable auto update of Controllers Citrix policy setting is set to Allowed by default, but enabling it
explicitly will prevent it from being accidentally overridden.
• The Enable auto update of Controllers setting allows VDAs to periodically receive an up-to-date list of
available Delivery Controllers, facilitating the addition or removal of Delivery Controllers from the Site.

Exercise 1-7: Identifying VDA Controller Registration


Scenario:
After applying the auto-update of Controllers policy, the Citrix Architect asks you to identify the different ways that
VDA registration status can be confirmed. He wants the team to use multiple verification methods during
troubleshooting, as well as identifying a method that can be used by the Help Desk team without giving them
direct access to the VDAs or Citrix Studio.

Step Action
1. Before you begin this exercise, you will need to power on NYC-XDC-002.

Switch to the XenCenter console and right-click NYC-XDC-002 and select Start.

2. Using the Remote Desktop Connection manager, connect to NYC-DTP-001.

To log on to NYC-DTP-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
3. Right-click Start > Run, type services.msc and click OK.

29
4. Select Citrix Desktop Service and click Restart.

5. Right-click Start > Event Viewer.

30
6. In the left pane, expand Windows Logs > Application.

7. In the center pane, notice the events 1010 and 1012 are generated, showing that the Citrix Desktop
Service obtains the list of controllers and registers with one of the controllers.

31
8. Close the Event Viewer and Services consoles.
9. We can also verify the registration state of the machine in Citrix Studio.

Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
10. Click Start > Citrix and select Citrix Studio.

Note: If you receive a snap-in pop-up, please click Cancel.


11. In the left pane, click the Machine Catalogs node, then in the center pane, select the NYC-CAT-
Existing-DesktopOS catalog.

32
12. Right-click NYC-CAT-Existing-DesktopOS and select View Machines.

13. Notice that the Registration state column shows the machine is currently Registered.

14. We can also verify the registration state of the machine in the Citrix Director.

Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

Use the following credentials to make the connection:

• Username: WORKSPACELAB\Administrator
• Password: Password1
15. Start Google Chrome browser from taskbar and browse to http://localhost/director

Note: Citrix Director is already installed on NYC-FSR-001 in lab environment.


16. Log on with the below credentials:
• Username: Administrator
• Password: Password1
• Domain: Workspacelab

33
Note: Click Never if any pop-up appears to save the password for this site.
17. Click Search at the top right corner.

18. Select Machine in the Search for drop-down, type workspacelab\nyc-dtp-001 in Search for machine
and select the machine.

19. Under Machine Details section in left pane, notice the Registration State shows Registered.

20. Log Off from Director and close the browser.

34
Key Takeaways:
• Restarting the Citrix Desktop Service on the VDAs will cause them to re-register with an available VDA.
This can be useful for testing registration behavior, since corresponding registration-related events will be
generated at the top of the Windows Application event log.
• VDA registration can be confirmed via the Windows Event Logs, Studio, and Director. This allows
administrative groups with differing privileges to access this information when performing
troubleshooting.

Exercise 1-8: Add a Home Zone for a User


Scenario:
You are a Citrix Administrator for your company, WWLabs. The Lead Citrix Architect tells you that he would like to
start assigning home Zones for different user groups and applications in the XenApp and XenDesktop environment,
so users are assigned published resources that are physically closer to them. This will improve the network
connectivity to the resources and will enable the Citrix Administration team to more network-intensive HDX
settings for the users.

To start this process, the Citrix Architect tells you to designate the Primary Zone as the Home Zone for the HR
group.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-XDC-001.

To log on to NYC-XDC-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Click Start > Citrix and select Citrix Studio.

Note: Ignore this step if studio is already open from previous exercises.
3. Expand Citrix Studio (NYC) > Configuration and select Zones in the left pane.

Note: Click Close on the welcome page.


4. Select Primary Zone.

35
5. In the right pane, click Add Users To Zone.

6. Click Add. Type HR1 and select Check Names.

7. Click OK.
8. Click OK.

36
9. Verify User/User Group is added into Primary Zone. Expand User/User Group to validate HR1 is the user
added.

Key Takeaways:
• Users and user groups can be assigned a Home Zone via the Zones node of Citrix Studio.
• After a Home Zone is assigned to a user, published resources will be started from a VDA in that Zone if
possible.

Exercise 1-9: Add a Home Zone for an App


Scenario:
To test the behavior of user Home Zones and application Home Zones, the Citrix Architect asks you to assign some
pre-existing published applications to different zones:

37
• The calculator application should be assigned to the Primary Zone.
• The Notepad application should be assigned to the Secondary Zone.

In both cases, the app Home Zone should be mandatory so that the application can only be started in its assigned
Home Zone.

Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Click Start > Citrix and select Citrix Studio.

Note: Ignore this step if studio is already open from previous exercises.
3. Expand Citrix Studio (NYC) > Configuration and select Zones in the left pane.

Note: Click Close on the welcome page.


4. Select Primary Zone.

5. Click Add Applications To Zone in right pane.

6. Select Calculator and click OK.

38
7. Verify that the Application node is added to Primary Zone, containing Calculator application.

8. Select Secondary Zone.

39
9. In the right pane, select Add Applications To Zone for Secondary zone.

10. Select Notepad application and click OK.

11. Verify that the Application node is added to Secondary Zone that contains Notepad application.

40
12. Click Applications node in left pane.

13. Right-click Calculator application and select Properties.

14. On the Applications Settings page, in the left pane at the bottom, click Zone, and then select Launch
the application only in the selected zone.

41
15. Click Apply, and then click OK.
16. Right-click Notepad application and select Properties.
17. On the Application Settings page, in the left pane at the bottom, click Zone, and then select Launch
the application only in the selected zone.

18. Click Apply, and then click OK.

Key Takeaways:
• Application Home Zones can be assigned via the Zones node of Citrix Studio, or from the properties of the
application. However, the zone assignment can be made mandatory only from the application properties
window.

42
Exercise 1-10: Test Home Zone App Launch
Scenario:
Now that the application Home Zones have been configured, you must start each of them while logged in with an
HR user account to verify that each published application starts in the appropriate zone.

Step Action
1. For Zone preference settings to take place, we need to reinitiate the registration of the VDAs.

Using the Remote Desktop Connection manager, connect to NYC-SRV-001.

To log on to NYC-SRV-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Open the Services Console and restart the Citrix Desktop Service.
3. Using the Remote Desktop Connection manager, connect to NYC-SRV-002.

To log on to NYC-SRV-002, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
4. Open the Services Console and restart the Citrix Desktop Service.
5. Using the Remote Desktop Connection manager, connect to NYC-DTP-001.

To log on to NYC-DTP-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
6. Open the Services Console and restart the Citrix Desktop Service.
7. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
8. Start Internet Explorer from taskbar.
9. Browse to https://storefront.workspacelab.com/Citrix/StoreWeb.

Note: Either click Switch to username and password if Log On windows does not open or click Log on,
in case of Install Citrix Receiver to access your applications screen.
10. Enter the below credentials:
• Username: workspacelab\HR1
• Password: Password1

Click Log On.


11. Select APPS tab, click Calculator icon to start the application.
43
12. Verify that the Calculator application starts successfully.
13. Using the Remote Desktop Connection manager, connect back to NYC-XDC-001.

To log on to NYC-XDC-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
14. Click Start > Citrix and select Citrix Studio.

Note: Ignore this step if studio is already open from previous exercises.
15. Click Delivery Groups node on the Citrix Studio.

16. Right-click on the NYC-DG-Existing-ServerOS Delivery Group name, and then select View Machines.

44
17. Select the Sessions tab.

Note: Session count may not match with the Lab Environment.
18. Right-click anywhere in the center pane empty space, and then click Select Columns.

19. Scroll down and select Broker.

45
20. Click OK.
21. Verify the new session for calculator is hosted on Broker NYC-XDC-001, which is in Primary Zone.

Note: If there are multiple sessions, to figure out the current session, look at the Brokering Time
column.
22. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001.
23. Close the Calculator application that was started.
24. Now click the Notepad icon to start the application and verify it starts successfully.
25. Using Remote Desktop Connection Manager, switch back to NYC-XDC-001.
26. Click the Search node in the left pane of the Studio console.

27. In the right pane, click Refresh.

46
28. Verify that the new session for Notepad is hosted on Broker NYC-XDC-002, which is in the Secondary
zone.

Note: If it still shows NYC-XDC-001, verify that the NYC-SRV-002 is registered with NYC-XDC-002. As
Secondary Zone machine should register with Secondary Zone controller first, and if not found then
register with Primary Zone controller. Therefore, if NYC-SRV-002 were registered with Primary
controller in absence of secondary controller, you would need to reinitiate the registration when
secondary controller is back up.
29. Select an active session, then scroll down to look at the details for that session like Protocol and the
Application in use.

Note: If there are multiple sessions, use the Brokering Time column to differentiate sessions.

47
30. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001.
31. Close the Notepad application that was started.
32. Log Off from the browser and close the browser.

Key Takeaways:
• Application Home Zones for published applications have a higher priority than user Home Zones.
• Application and user Home Zones can be designated as mandatory, which will prevent the session from
starting outside of the mandatory zone. This restriction is helpful when you need to avoid the risk of
copying large profiles or data files between zones. In other words, you would rather deny a session start
than to start the session in a different zone.

48
Module 2: Workspace Environment Management
(WEM)
Overview:
The module presents the initial installation and configuration of the Workspace Environment Manager (WEM)
Infrastructure Services Broker, Database, and Administrative Console.

Before you begin:


Estimated time to complete Module 2 lab exercises: 24 minutes

Exercise 2-1: Install the Agent Host on Server OS


Scenario:
After successfully completing the installation of the Agent Host component on the Desktop OS VDA, the Citrix
Architect instructs you to repeat the process with a Server OS VDA. Because this VDA is in the same Organizational
Unit (OU) as all the other VDAs in the environment, the necessary configuration settings have already been
applied, and only the Agent Host installation wizard needs to be run.

Step Action
1. The following VMs are required before beginning the exercises for this Module; all others may be
powered down.

To power manage your VMs, switch to XenCenter, right-click on the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.

• NYC-ADS-001
• NYC-DTP-001
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-XDC-001
• NYC-XDC-002
2. Using the Remote Desktop Connection manager, connect to NYC-SRV-001.

To log on to NYC-SRV-001, right-click this machine and choose Connect server.


Note: The following credentials are used to make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1
3. Double-click Lab Resources shortcut on the desktop.

49
4. Double-click Workspace-Environment-Management-v-4-04-00.
5. Double-click Citrix Workspace Environment Management Agent v4.04.00.00 Setup.exe.

6. Click Install to install the prerequisites.

7. In the Welcome to the InstallShield Wizard for Citrix Workspace Environment Manager Agent
Host page, click Next.

50
8. Review the license agreement, if you agree then in the License Agreement page, select I accept the
terms, and click Next.

9. In the Customer Information page, click Next.


10. In the Setup Type page, verify Complete is selected and click Next.
51
11. In the Ready to Install the Program page, click Install.

12. In the InstallShield Wizard Completed page, click Finish.

52
13. Right-click Start Menu > Command Prompt (Admin).

14. Next, refresh the cache and check connectivity with the broker by running the commands below:

53
cd "c:\Program Files (x86)\Norskale\Norskale Agent Host"

AgentCacheUtility.exe -refreshcache

15. Make sure that you receive the message as Operation Completed Successfully.

16. For .NET Optimizations, type the below commands for X86 directory:

cd C:\Windows\Microsoft.NET\Framework\v4.0.30319

ngen.exe update

Note: This process may take a few minutes before the optimization completes. Please ignore if you
see any errors on the output.
17. For .NET Optimizations, type the below commands for X64 directory:

cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319

ngen.exe update

Note: This process may take few minutes before optimization completes. Please ignore if you see any
errors on the output.
18. Close the Command Prompt window, once optimization completes.
19. Close the File Explorer.

Key Takeaways:
• The installation of the Agent Host component is the same for Desktop OS and Server OS VDAs.
• The same configuration settings can be applied to both types of VDAs via GPO.

54
• .NET optimizations should be applied to Agent Hosts after an installation to ensure that the Agent .dll files
are correctly precompiled.

Exercise 2-2: Manage the VDA Machines Using WEM Console


Scenario:
Now that the WEM Agent Host has been installed on a Desktop OS VDA and a Server OS VDA, you must access the
WEM administrative console and confirm that both Agent Hosts appear in the Agents pane and confirm
synchronization status.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Click Start > Citrix > WEM Administration Console.

3. Click Connect.

4. Verify the details are as per the below screenshot and click Connect.

55
5. Click Administration workspace in the left pane.

6. Select Agents in left pane and verify that the NYC-DTP-001 and NYC-SRV-001 machines are seen in
right pane.

56
Note: If Agents are not seen, click Refresh button at the bottom of the right corner. If any specific
machine is not seen, to force the synchronization between the Agent and the Broker follow the
below steps:
• On the Agent machine:
o Open Services console and restart Norskale Agent Host Service.
o Run the synchronization commands in Command Prompt:

cd "c:\Program Files (x86)\Norskale\Norskale Agent Host"

AgentCacheUtility.exe -refreshcache

• Connect back to the broker (NYC-FSR-001), open the Services console and restart Norskale
Infrastructure Service.
• Open the WEM Administration console again, browse to Administration > Agents, and then
verify the agents are synchronized.

Verify that for both the machines Synchronization State shows green check, which means targets are
connected and synchronized with Broker.

Note: If Agents are not shown to have a green check mark, click Refresh button at the bottom of the
right corner. If still agent does not show synchronized, run the synchronization commands in the
Command Prompt of the affected machine:

cd "c:\Program Files (x86)\Norskale\Norskale Agent Host"

AgentCacheUtility.exe -refreshcache

Switch back to the WEM console on NYC-FSR-001 and click Refresh on the lower right-hand corner.

7. Close the WEM Administration console. Click Yes to exit.

Key Takeaways:
57
• An Agent Host must appear within the Agents pane of the administration console in order to successfully
synchronize with the Infrastructure Services broker. If any agent does not appear as expected, restart the
synchronization process by using AgentCacheUtility.exe.

Exercise 2-3: Identify CPU Spikes


Scenario:
You are a Citrix Administrator for your company, WWLabs. As the production XenApp and XenDesktop
environment has grown, the Citrix Administration team has begun to receive more support tickets complaining of
sluggish HDX sessions where each user action takes several seconds to complete. You notice that the tickets began
soon after a new application was published to a Delivery Group that hosts several shared applications. The
application is known to cause CPU spikes while processing certain tasks, which could affect other sessions on the
Server OS VDA.

The Citrix Architect informs you that a tool called CPU Eater is available to simulate a CPU spike, which can provide
a baseline of expected performance during a period of high CPU utilization.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-SRV-001.

To log on to NYC-SRV-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Click Lab Resources shortcut on the desktop.
3. Double-click and start CpuEater.exe.

4. On the CPU Eater page, click On.

5. Right-click taskbar and select Task Manager. Click More details and select Details tab.

Note: Everything will be slow and sluggish and opening task manager will take some time.

Note: If Task Manager stops responding and becomes very slow to work with, reboot the machine and
start the exercise again.
6. Right-click any of the headings, for example Name, Status and click Select columns.

58
7. Scroll down, select Base priority and click OK.

8. Notice that the CpuEater.exe is taking almost 100% CPU and has a Base priority as Normal.

9. Right-click Start > System. Notice that it takes 5-10 seconds to open System in a stressed environment
where CPU utilization is very high.

59
10. Close the System window.
11. Click Off on the CPU Eater application.

12. Close the CPU Eater application and close the Task Manager.

Key Takeaways:
• CPU Eater and similar tools can be used to simulate high resource utilization conditions on a VDA. This is
useful to provide a baseline of the expected HDX user experience during spikes in CPU usage.

Exercise 2-4: Configure CPU Management


Scenario:

60
You confirm that the user experience is very poor when an application uses up all the CPU available to a VDA. Next,
you must configure CPU Spikes Protection using the WEM System Optimizations settings to test whether it has a
noticeable impact on the user experience.

The WEM deployment that was installed in the development XenApp and XenDesktop environment should be
used to accomplish this.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Switch back to the WEM Administration Console.

Note: If the WEM Administration Console was closed in previous exercise, click Start > Citrix > WEM
Administration Console and click Connect. Verify the details as per below screenshot and click
Connect.

3. In the left pane, click System Optimization.

61
Note: If System Optimization workspace is not seen, close the console. Open Services console, restart
the Norskale Infrastructure Service, and then open the WEM Administration Console again.
4. In the left pane, select CPU Management.

5. Under the CPU Management Settings tab in the right pane, select Enable CPU Spikes Protection.

62
6. Click Apply.

Key Takeaways:
• The System Optimization settings within WEM can be used to optimize CPU usage on the WEM Agent
Hosts. Beyond CPU spikes protection, CPU affinity and priority can be defined at the process level.
• Memory and I/O management settings are also available, which collectively enables administrators to
have a high degree of control over how resources are used within the VDAs in a XenApp and XenDesktop
Site.
• Keep in mind that System Optimization settings will be applied to all Agents Hosts (for example, VDAs)
which are synchronized to the WEM Site. Create multiple WEM Sites if different global settings are
required for different groups of VDAs.

Exercise 2-5: Test the changes


Scenario:
Now that CPU Spikes Protection has been enabled, you must re-run the CPU Eater tool to verify what effect, if any,
it has on CPU utilization and the user experience.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-SRV-001.

To log on to NYC-SRV-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Right-click Start > Shut down or sign out > Sign out to apply the optimization you applied from the
broker.
3. Using Remote Desktop Connection Manager, connect back to NYC-SRV-001. To log on to NYC-SRV-
001, right-click this machine and choose Connect server.
4. Wait for 10-15 minutes, so that the optimizations are applied. After that click on the Lab Resources
shortcut on the desktop.
5. Double-click to start CpuEater.exe.

63
6. On CPU Eater window, click On.

7. Right-click the taskbar, select Task Manager and click the Details tab. Notice that the Base priority of
the CpuEater.exe has changed to Low.

Note: Base priority of the process might still show Medium, as there is a delay between when settings
are enabled in the console and when they are synced on the agent side. In case of service settings like
the optimization ones, the delay is 15-45 minutes.
8. After 10-15 minutes, once the priority changes to Low, right-click Start > System and notice that the
System window opens within 1-2 seconds after WEM CPU Management has been enabled.
9. Close the System, Task Manager and CPU Eater application.
10. Click Start > Shut down or sign out > Sign out.

Key Takeaways:
• The Enable CPU Spikes Protection setting will prevent all processes from taking more than a percentage of
the server's processing power by lowering their priority.

Exercise 2-6: Manage the VDA Processes


Scenario:
Now the Citrix Architect asks you to shift focus back to the WEM deployment. He asks you to validate the Process
Management feature of WEM by restricting the use of the Google Chrome browser by non-administrative users. If
successful, this feature may be used in the production environment going forward to ensure that non-
administrators cannot start unauthorized executables on the published applications and desktops.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Click Start > Citrix > WEM Administration Console.

64
Note: Ignore if the console is already open and jump to step 5.
3. Click Connect.
4. Verify the details are as per below screenshot and click Connect.

5. Click on Security in the left pane.

6. Select Process Management in the left pane.

65
Note: If Process Management node is not seen, click on the down arrow to expand the nodes.
7. In the right pane under the Process Management tab, select Enable Process Management.

8. Click the Process Blacklist tab.

66
9. Select Enable Process Blacklist and click Add.

10. Type Chrome.exe in New Process Name to Blacklist box, and then click OK.

11. Select Exclude Local Administrators.

67
12. Click Apply.
13. Connect to Remote Desktop Connection Manager and select NYC-DTP-001.
14. Right-click NYC-DTP-001 and select Disconnect server.

Note: Ignore if the desktop is already disconnected.


15. Right-click NYC-DTP-001 and select Connect server as.
16. From drop-down corresponding to Profile, select WORKSPACELAB\HR1 (File), to connect as HR1.

68
17. Click Connect.
18. Double-click the Google Chrome shortcut on the desktop.
19. You get a Restrictions message as this process has been put into blacklist on the WEM broker server.
Click OK.

Note: If the process is not blacklisted, right-click the WEM Agent icon at the bottom right corner and
click Refresh, and then click Yes to confirm.

69
There is a delay between when settings are enabled in the console and when they are synced on the
agent side. In case of service settings like the optimization ones, the delay is 15-45 minutes. In case of
session agent settings (like actions) you need to wait for an automatic or manual refresh.

To force the synchronization between the Agent and broker follow the below steps:

Right-click NYC-DTP-001 on Remote Desktop Connection Manager and select Reconnect server to
connect back as Administrator.

• Open the Services console and restart Norskale Agent Host Service.
• Run the synchronization commands in Command Prompt:

cd "c:\Program Files (x86)\Norskale\Norskale Agent Host"

AgentCacheUtility.exe -refreshcache

• Connect back to the broker (NYC-FSR-001), open the Services console and restart Norskale
Infrastructure Service.
• Open the WEM Administration console, browse to Administration > Agents and verify that
the agents are synchronized.
20. Right-click NYC-DTP-001 on Remote Desktop Connection Manager and select Reconnect server to
connect back as Administrator.

21. Double-click the Google Chrome shortcut on the desktop and verify it starts as expected, since local
administrators were excluded when chome.exe was blacklisted.
22. Close the Chrome browser.
23. Right-click Start > shut down or sign out > Sign out.

Key Takeaways:
• WEM can enforce process whitelists (block all processes except those specified) or blacklists (block all
processes specified). Local Administrators and/or specified user groups can be excluded from the lists so
that administrators perform operational and maintenance activities on the VDAs.
• Once a WEM system optimization setting is configured and applied on the administration console, the
Infrastructure Services broker will synchronize the new settings to the WEM Agent Hosts, which in this
environment, are the VDAs.

Exercise 2-7: Log on to Test the Default Environment


Scenario:

70
You are a Citrix Administrator for your company, WWLabs, an R&D firm. The CIO has mandated new IT security
standards. The standards include provisions for the XenApp and XenDesktop environment. The Active Directory
team will not provide administrative access for the Citrix administrators to directly test and implement Group
Policy Objects and Preferences that would allow the XA/XD environment to comply with the new standards.

Additionally, the current change management process would not give the Citrix team enough time to fine-tune the
settings in time for a production rollout. A colleague suggests utilizing specific WEM settings instead of using
Group Policy. The AD team agrees to allow this if it is only applied to the XA/XD environment and does not conflict
with existing Group Policy settings. The HR team has agreed to serve as the test group.

Your task is to use WEM to apply settings which prevent the HR group from performing specific actions, such as
editing the registry, accessing network settings, and viewing system settings in the Control Panel. Additionally, a
network drive will be automatically mapped for the HR group only. To start, you decide to verify the permissions
an HR user currently has within a Server OS VDA in the development XenApp and XenDesktop environment.

Step Action
1. Connect to Remote Desktop Connection Manager and select NYC-SRV-001.
2. Right-click NYC-SRV-001 and select Disconnect server.

Note: Ignore this step if NYC-SRV-001 machine is already disconnected.


3. Right-click NYC-SRV-001 and select Connect server as.
4. From drop-down corresponding to Profile select WORKSPACELAB\HR1 (File), to connect as HR1.

71
5. Click Connect.
6. Right-click Start and select Run.
7. Enter regedit, click OK and verify Registry Editor opens up successfully.

8. Close the Registry Editor window.


9. Right-click Start and select Network Connections.

72
10. Right-click Ethernet 2 and select Status.

Note: You might see the name as Ethernet or Ethernet 2 in your lab.
11. Verify that everything is correct, and then click Close. Close the Network Connections window.
12. Verify at the bottom right corner of the taskbar that current date and time are displayed.

Note: Time and date will not match with the screenshot.
13. Right-click Start and select Control Panel. Verify that it opens successfully.

73
14. Close the Control Panel.
15. Right-click NYC-SRV-001 on Remote Desktop connection manager and select Disconnect server.

Key Takeaways:
• Be sure to establish a baseline of current behavior before testing any changes to the user environment.
This can help administrators to verify the impact of any new changes.

Exercise 2-8: Configure User Environment Settings


Scenario:
You verify that non-administrative users currently have access to several system settings and tools that violate the
new IT security standards. Next, you must use WEM to configure user environment settings that will remediate the
identified areas of concern, as well as provide the network drive mapping for the HR team.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Click Start > Citrix > WEM Administration Console.

Note: Ignore if console is already open and jump to step 5.


3. Click Connect.
4. Verify the details are as per below screenshot and click Connect.

74
5. Click Policies and Profiles workspace in the left pane.

Note: If Policies and Profiles workspace is not seen, close the console. Open Services console, and
restart Norskale Infrastructure Service, and then open WEM Administration Console again.
6. In the left pane, select the Environment Settings node. Under the Start Menu tab, select the following
options:

75
Environmental Setting Management:
• Process Environment Settings
• Exclude Administrators

User Interface: Start Menu


• Hide System Clock

Click Apply.
7. Click the Desktop tab and select Hide Network Connections.

Click Apply.
8. Click the Windows Explorer tab and select Prevent Access to Registry Editing Tools.

Click Apply.
9. Click the Control Panel tab and select Hide Control Panel.

76
Click Apply.
10. In the left pane, click the Actions workspace, then select Network Drives.

11. In the bottom of the right pane, click Add.


12. Type:
• Name: Network Drive
• Description: Network Drive for HR Group
• Target Path: \\NYC-FSR-001\Resources\HDX Monitor
• Verify that the Network Drive State is Enabled.

77
13. Click the Options tab and type Network Drive in the Display Name box.

14. Click OK.


15. In the left pane, click the Filters Workspace, then select the Conditions node.

78
16. In the right pane, click Add.
17. Type:
• Name: User Group
• Description: HR User Group

Verify that the Filter Condition State is Enabled. Select Active Directory Group Match from the Filter
Condition Type drop-down and type True in Matching result.

Click OK.
18. In the left pane, select the Active Directory Objects workspace, then select the Users node.

79
19. At the bottom of the right pane, click Add.
20. Type workspacelab\HR, then click Check Names.

In the Multiple Names Found window, select the HR user group and click OK.

21. In the Select users or Groups window, click OK.


22. Select Assignments workspace in left pane. Initially the bottom half is empty. Double-click the
WORKSPACELAB\HR group to show the Actions that are available for assignment.
80
23. Select the Network Drive Action and move it from the left to the right. This assigns the Action to the
user group.

24. When you move a Network Drive to the right, you are prompted to select a drive letter. Select drive
letter M and click OK.

81
25. Verify that the Filter and Drive Letter are now listed under Network Drive.

Key Takeaways:
• Similar to System Optimization Settings, Environmental Settings are applied globally to all WEM Agent
Hosts in the WEM Site.
• Environmental Settings include many frequently used Windows lockdown settings, including hiding
administrative icons, tools, Control Panel options, and other administrative interfaces.
• Actions are used to create user resources such as network drives, application shortcuts, and printers.
• Filters contains rules and conditions, which allow you to make actions available (assign) to users. Set up
rules and conditions before assigning actions to users.

Exercise 2-9: Log on to Test the Now Configured Environment


Scenario:
After all the user environment settings are configured, you must log onto a VDA with a user account in the HR
group to verify that the settings are applying as intended.

Step Action
1. Connect to Remote Desktop Connection Manager and select NYC-SRV-001.
2. Right-click NYC-SRV-001 and select Connect server as.
3. From drop-down corresponding to Profile select WORKSPACELAB\HR1 (File), to connect as HR1.

82
4. Click Connect.
5. Right-click Citrix WEM Agent and select Refresh.

Note: On the taskbar, you may need to click on the up-arrow icon on the right-hand corner to view the
WEM agent

6. Select Yes on the Refresh Confirmation message.

83
7. Right-click Start and select Run.

8. Type regedit, then click OK.

9. Notice that you are not able to open the Registry Editor console now. Click OK on the Registry Editor
window.

10. Right-click Start and select Network Connections.

84
11. Notice that we are not able to open Network Connections anymore, hence restricting users to change
the network properties. Click OK on the Network Connections window.

12. Right-click Start and select Control Panel.


13. Click OK on the Restrictions message. Users are no longer able to access Control panel and modify the
existing settings.

14. Verify that at the bottom right corner of the taskbar you are no longer able to see the date and time
as system clock has been disabled by WEM.
15. Open File Explorer from taskbar and select This PC. Verify that the Network Drive (M:) is mapped.

85
16. Close the File Explorer window.
17. Right-click Start > Shut down or sign out > Sign out.

Key Takeaways:
• Once applied, the user environment settings display the same behavior as if they were configured via
Group Policy Objects/Preferences.

86
Module 3: StoreFront Optimization and Routing
Overview:
This module presents several StoreFront tuning, troubleshooting, and optimization topics that can be used to
enhance the way that published resources are presented and delivered to XenApp and XenDesktop users.

Before you begin:


Estimated time to complete Module 3 lab exercises: 30 minutes

Exercise 3-1: Set the Default Page Redirect


Scenario:
You are a Citrix Administrator at WWLabs. The company has a written policy to address all web site parameters
hosted on company systems. Your task is to redirect users from the current default landing page of the StoreFront
webserver to a special logon page provided by StoreFront.

Step Action
1. The following VMs are required before beginning the exercises for this Module; all others may be
powered down.

To power manage your VMs, switch to XenCenter, right-click on the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.

• NYC-ADS-001
• NYC-DTP-001
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-VNS-001
• NYC-XDC-001
• NYC-XDC-002
2. Using the Remote Desktop Connection manager, connect to NYC-STF-001.

To log on to NYC-STF-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
3. Open an Internet browser and browse to the default store address.
Using Internet Explorer browser to https://storefront.workspacelab.com.

87
Note: The site does not redirect to the Receiver for Web site, instead, it displays the default Internet
Information Services (IIS) page.
4. Start Citrix StoreFront from the Start Menu.

88
5. Click Set Default Website under Stores on the right pane of the Citrix StoreFront console.

6. On the Set Default Website wizard, select the check box for Set a Receiver for Web site as the
default page in IIS and click OK.

89
7. Start Command Prompt with elevated permissions to run an IISRESET command.

Right-click Start Menu > Command Prompt (Admin).

Enter the command IISReset and press Enter.

After the command has successfully completed, close the Command Prompt window.

Note: The IISRESET command restarts the Internet Information Services (IIS). You might need to
restart Internet Information Services (IIS) before certain configuration changes take effect or when
applications become unavailable. Restarting IIS is the same as first stopping IIS, and then starting it
again, except it is accomplished with a single command.

Restarting IIS can be done using the IIS Manager or by running IISRESET from a command-line utility.
Both methods allow you to stop, start, and restart IIS Internet Services.
8. Open an Internet browser to test your connection to the default store address and to verify the
redirect you configured works as expected.

Open Internet Explorer and browse to https://storefront.workspacelab.com/.

Note: If Internet Explorer is still open from a previous exercise, close Internet Explorer and reopen it.

90
The Receiver for Web page displays with the full URL pointing to
https://storefront.workspacelab.com/Citrix/StoreWeb/

Close Internet Explorer.

Key Takeaways:
• Microsoft IIS can be configured to automatically direct users to a default StoreFront site without users
needing to enter the full path to the store. The Microsoft URL Rewrite extension allows HTTP requests to
be redirected to HTTPS.
• If multiple StoreFront servers are used, implement the same redirection on all of them.
• If using NetScaler to load balance StoreFront, this action could also be accomplished using NetScaler
policies.

Exercise 3-2: Configure StoreFront Tuning


Scenario:
Recently, the Citrix Administration team has received multiple incident tickets as the result of employees being
frustrated with several small user experience issues.

• Employees with a single Hosted Desktop would prefer the desktop to not automatically start every time
they logon to Receiver.
• Some employees are starting Hosted Apps multiple times because they do not start instantly.
• Remote employees have to logon multiple times per day due to the idle timeouts settings on Storefront
and NetScaler Gateway.

You will address each of these user experience challenges by adjusting StoreFront and NetScaler settings.

Step Action
Extend Multi-click Timeout and Disable Auto Launch
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-STF-001.

Note: In a previous exercise, you had logged on to NYC-STF-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-STF-001, right-click
this machine and choose Connect server.
2. Launch Citrix StoreFront from the Start Menu.

91
Note: Ignore this step if StoreFront console is already open from previous exercise.
3. Click Manage Receiver for Web Sites on the right pane of the Citrix StoreFront console.

4. On the Manage Receiver for Web Sites – Store wizard, click Configure.

92
5. On the Edit Receiver for Web site - /Citrix/StoreWeb page, click Client Interface Settings.

6. Change the value of Multi-click duration to 10 seconds and verify that the Auto launch desktop check
box is cleared.

93
Click Apply, and then click OK.
7. Click Close on the Manage Receiver for Web Sites – Store wizard.

8. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-FSR-001.

Note: In a previous exercise, you had logged on to NYC-FSR-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

94
Note: If your Remote Desktop Connection session is disconnected, log on to NYC-FSR-001, right-click
this machine and choose Connect server.
9. Launch the Internet Explorer application and browse to https://storefront.workspacelab.com.

Note: Click Switch to username and password if Log On windows does not open OR
In case of Install Citrix Receiver to access your applications screen, click Log on.
10. Type the below credentials:
• Username: Workspacelab\Administrator
• Password: Password1

And click Log On.


11. Select APPS tab, click multiple times on Calculator icon to launch the application.

Note: No desktop starts to launch automatically as the value for Auto launch desktop is set to false.
Note: Application launches successfully but clicking it again within a 10 seconds period will not launch
another instance of the application.
12. Close the launched session.
Configure StoreFront and NetScaler Timeout
13. Using Remote Desktop Connection Manager switch back to NYC-STF-001.
14. Click Start > Citrix > Citrix Storefront to launch Storefront console.

Note: Ignore this step if StoreFront console is already open from previous exercise.
15. Click Manage Receiver for Web Sites in right pane.

16. Click Configure button.

95
17. Select Session Settings in left pane and increase the Session timeout to 30 Minutes.

18. Click Apply, and then click OK.


19. Click Close on the Manage Receiver for Web Sites - Store window.
20. Launch the Internet Explorer application and browse to http://192.168.10.100/ to connect to
NetScaler.
21. Log on with below credentials:
• Username: nsroot
• Password: nsroot

Note: If you see a prompt on the Internet Explorer application saying Would you like to store your
password for 192.168.10.100?, select Not for this site.
22. On the NetScaler, in the left pane, browse to NetScaler Gateway > Global Settings.

96
23. In the right pane, click Change Global Settings, select the Client Experience tab and verify the Session
Timeout (mins) box is 30 minutes to match StoreFront.

24. Scroll down and click OK.


25. Logout from NetScaler console.
26. Close the Internet Explorer.

Key Takeaways:

97
• The Multi-click Timeout values are defined in seconds and can be changed to prevent users from
accidentally launching a single application multiple times.
• By default, users with a single Hosted Desktop will have the desktop launch automatically on logon.
• The StoreFront timeout can be extended to allow users longer periods without requiring a logon.
• Typically, the NetScaler timeout is set at the same or lower than the StoreFront timeout for security
reasons.

Exercise 3-3: Use Browser Developer Tools


Scenario:
The CIO informs all teams within the IT department that all user facing interfaces must adhere to the company-
wide branding guidelines and colors. The Lead Citrix Architect asks you to adjust the StoreFront logon page to
comply with the branding standards.

You wish to change the color of the bar on the logon page, but do not know the element you need to change. You
will use Browser Developer Tools to identify and test the change before applying it to the style.css file for the
Store.

Step Action
1. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-STF-001.

Note: In a previous exercise, you had logged on to NYC-STF-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-STF-001, right-click
this machine and choose Connect server.
2. Launch the Internet Explorer application and browse to https://storefront.workspacelab.com

Note: In case of Install Citrix Receiver to access your applications screen, click Log on.
Click Allow in case of any pop-up for Citrix System’s Add-ons.
3. Hit the F12 key or select F12 Developer Tools from the Tools menu.

98
4. Select Select element underneath DOM Explorer.
Note: Ctrl + B can also be tried if the Select Element is not working.

This allows for selection on the screen of different elements of the page.
5. The first thing to modify is the transparent bar behind the logon boxes. You will change this to white.
Drag the mouse pointer over the bar as shown below.

Use Select element and highlight the bar as seen below.

6. In the right pane, notice that the styles portion populates with information about the element.

99
7. Under background-color change the color to the corporate white rgba(255,255,255,0.8).

Note: The last number is a transparency number, which we will keep at 0.8.

8. In order to save the configuration, you can right-click the style title .web-screen .content-area and
select Copy rule.

100
9. Browse to style.css file in C:\intetpub\wwwroot\Citrix\StoreWeb\custom.
10. Right-click style.css and select Edit with Notepad++.

11. Paste the CSS rule into the bottom of the style.css file.

Also, you can copy and paste the code from the StoreFront Customizations.txt under \\NYC-FSR-
001\Resources\StoreFront Design.

.web-screen .content-area {
padding: 60px 0;
background-color: #3f3643;
background-color: rgba(255,255,255,0.8);
text-align: center;
}

101
Click File > Save to save the style.css file.
12. Another WWLabs administrator has completed minor touch up changes on the font colors and
included them in the StoreFront Customizations.txt under \\NYC-FSR-001\Resources\StoreFront
Design.

Copy the code under /* Font Colors */ to the style.css file.

/* Font Colors */
.credentialform .plain {
margin-left: 0px;
color: #333132;
font-size: 20px;
font-weight: 300;
line-height: 44px;
}
.web-screen .detail-text {
color: black;
font-size: 14px;
font-weight: 300;
}

.web-screen .main-text {
color: black;
font-size: 18px;
font-weight: 300;
}

102
13. Click File and select Save. Click X to close the file.
14. Close the Internet Explorer, relaunch it and browse to https://storefront.workspacelab.com.
15. Verify that the changes are applied, and then close the Internet Explorer.

Key Takeaways:
• You can use the browser developer tools to help identify and test style changes to the StoreFront site.
• There are many parts of the StoreFront look that can be modified outside of the StoreFront console.
• Once changes are decided, copy the CSS style rule to the style.css file to make the change persistent.

Exercise 3-4: Configure NetScaler Branding


Scenario:
You realize that external employees still see the default logon page rather than the branded one. To correct this,
you will need to create a new theme on the NetScaler appliance and customize it to match WWLabs corporate
branding.

103
Step Action
Create custom NetScaler Theme.
1. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-STF-
001.

Note: In a previous exercise, you had logged on to NYC-STF-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-STF-001, right-click
this machine and choose Connect server.
2. Launch the Internet Explorer application and browse to http://192.168.10.100/ to connect to
NetScaler.
3. Log on with below credentials:
• Username: nsroot
• Password: nsroot
4. Expand NetScaler Gateway and click Portal Themes.

5. Click Add. Type WWLabs for the Theme Name, make sure X1 is selected for the Template Theme,
and click OK.

104
6. Scroll to Common Attributes, click on the drop-down list under Center Logo and select Edit, and click
Choose File.

Browse to \\NYC-FSR-001\Resources\StoreFront Design, select NSLogonbranding.png, and click


Open.

Click OK.
7. Click on the link that states Click to bind and view configured theme.

105
8. Click Bind and Preview button to view the changes. Click Continue to this website (not
recommended). Minimize the preview when done viewing.

Note: A certificate error may appear since the Preview page accesses the gateway using the IP
address instead of the FQDN.

Close the Internet Explorer preview window.


9. Click on the pencil icon to the right of Look and Feel to edit the rest of the page.

106
10. Under Common Attributes click the Help Legend link to see which attribute matches to which part of
the screen.

107
11. Click Close.
12. Under the Common Attributes section, select the drop-down list for Background Image and click on
EDIT then click on Choose File. Browse to \\NYC-FSR-001\Resources\StoreFront Design and select
blue_bg.jpg. Click Open.

Modify the Form Font Color and Form Title Font Color to #333132 to match the StoreFront
configuration.

Lastly, modify the Form Background Color to rgba(255,255,255,0.8) to match the StoreFront
configuration and select OK.

108
13. Click the link that states Click to Bind and View Configured Theme.

Click Bind and Preview to view the changes. Click Continue to this website (not recommended).

14. Close the Preview page. Click OK, and then click Done.
15. Click the Floppy disk icon on the top right of the NetScaler Management Page and click Yes to save
the running configuration.

109
16. Logout from the NetScaler console.
Verify that the new NetScaler theme is displayed correctly.
17. In Internet Explorer, browse to:
https://nsg.workspacelab.com.

Notice the page now has the same look and feel as the internal StoreFront page but with blue
background color.

Note: nsg.workspacelab.com virtual server is already created for lab environment and its DNS entry
has been created.

Close the Internet Explorer window.

Key Takeaways:
• The NetScaler Gateway logon page can easily be customized to match your internal StoreFront site with
similar customizations

110
Exercise 3-5: Configure Optimal Gateway Routing
Scenario:
You are a Citrix Administrator for your company, WWLabs. As part of the preparation to create new Zones in the
production environment, the Lead Citrix Architect asks you to test Optimal Gateway Routing in conjunction with
the Zones. Two NetScaler VPX appliances, each with a NetScaler Gateway virtual server have been pre-configured
by the NetScaler team in the development environment, to assist with this effort. The Citrix Architect tells you that
each of the NetScaler Gateways should be designated as the optimal Gateway for one of the Zones that were
created previously.

Step Action
1. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-STF-001.

Note: In a previous exercise, you had logged on to NYC-STF-001using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-STF-001, right-click
this machine and choose Connect server.
2. Click Start > Citrix > Citrix Storefront.

Note: Ignore this step if console is already open.


3. In the right pane, under Store click Manage Delivery Controllers.

4. Click Edit.

111
5. Under Advanced Settings, click Settings.

6. Click None corresponding to Zones.

Click Add.
112
7. Type Zone name as Primary and click OK.

8. Click Add, type Zone name as Secondary, and then click OK.
9. Click OK on the Delivery Controller Zone Names screen.

10. Click OK on the Configure Advanced Settings screen.

11. Click OK on the Edit Delivery Controller screen.


113
12. Click OK on the Manage Delivery Controllers-Store screen.
13. In the right pane, under Actions click Manage NetScaler Gateways.

14. Click Add.

15. Enter the following:

Display name: NSG_Primary_Zone


NetScaler Gateway URL: https://nsg.workspacelab.com

Make sure that the Authentication and HDX routing is selected for Usage or role.

114
Click Next.

Note:
When adding a Gateway, you can designate a Usage or role.
• The Gateway accessed through the active/active GSLB DNS name should be set
to Authentication and HDX routing.

• The Gateways for Optimal Routing could be set to HDX routing only. Or if test users will use
these datacenter-specific DNS names to connect to Gateways in specific datacenters, leave
them set to Authentication and HDX routing. There is no harm in leaving all of the Gateways
set to Authentication and HDX routing.
16. Click Add on Secure Ticket Authority (STA) screen, type https://nyc-xdc-001.workspacelab.com and
click OK.

17. Verify that the STA server is listed, and then click Next.
18. Enter the following:

VServer IP address: 192.168.10.102

115
Callback URL: https://nsg.workspacelab.com

Keep everything else default and click Create.

19. Click Finish on Summary screen.

116
20. Click Add on Manage NetScaler Gateways screen.
21. In the General Settings page, enter the following:

Display name: NSG_Secondary_Zone


NetScaler Gateway URL: https://nsg2.workspacelab.com

Make sure that the Authentication and HDX routing is selected for Usage or role, and then click Next
on the General Settings screen.

22. Click Add on Secure Ticket Authority screen, type https://nyc-xdc-002.workspacelab.com and click
OK.
23. Verify that the STA server is listed, and then click Next.

117
24. In the Authentication Settings page, type:

VServer IP address: 192.168.10.103


Callback URL: https://nsg2.workspacelab.com

Keep everything else default and click Create.

25. Click Finish.

118
26. Verify that both the NetScaler Gateways are added and click Close.

Note: NetScaler Gateways are pre-configured for lab environment.


27. In right pane under Store, select Manage Authentication Methods.

28. Select the Pass-through from NetScaler Gateway check box and click OK.

119
29. In right pane under Store, select Configure Remote Access Settings.

30. Select Enable Remote Access, and then select both the Gateways under NetScaler Gateway
appliances. Click OK.

120
31. In right pane under Store, select Configure Store Settings.

32. In left pane, click Optimal HDX Routing and select NSG_Primary_Zone.

121
33. Click Manage Zones. Click Add, type Primary and click OK.

Click OK.
34. Make sure that the External only check box is selected, to apply Optimal Gateway routing to only
external connections.

122
35. Select NSG_Secondary_Zone.
36. Click Manage Zones.

Click Add, type Secondary and click OK.

On the Manage Zones screen, click OK.


37. Make sure that the External only check box is selected to apply Optimal Gateway routing to only
external connections.
38. Verify that the zones are configured for both gateways. Click Apply and OK.

123
Key Takeaways:
• The Zones and NetScaler Gateway instances should be created prior to configuring Optimal Gateway
Routing.
• Under Configure Store Settings, the Optimal HDX Routing node should be used to map each Zone to its
optimal NetScaler Gateway.

Exercise 3-6: Test Optimal Gateway Testing


Scenario:
Now that Optimal Gateway Routing has been configured for the Primary and Satellite zones, you must initiate a
session from one of the NetScaler Gateways and verify that the configuration is working as expected.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Launch Internet Explorer from taskbar.
3. Browse to https://nsg2.workspacelab.com/.
124
Note: Click on Switch to user name and password if Log On windows does not open OR
In case of Install Citrix Receiver to access your applications screen, click Log on.

Note: Portal Themes were applied to nsg.workspacelab.com virtual server and not to nsg2. If required,
the same theme can be bind to nsg2 gateway server as well.
4. On NetScaler Log On page, type:

• Username: Administrator
• Password: Password1

And click Log On.


5. Select APPS tab and click Notepad application.

Note: Make sure that NYC-XDC-002 broker is up and running fine.


6. Connect to NYC-XDC-001 using Remote Desktop Connection Manager.
7. Click Start > Citrix > Citrix Studio.

Note: Ignore this step if studio is already open.


8. Click Search node in left pane and select Sessions tab in center pane.

Note: Clear the existing searches by clicking Clear Search button.


9. Verify that new session is been brokered from NYC-XDC-002 broker in Secondary Zone.

Note: Make sure that the NYC-SRV-002 is registered with NYC-XDC-002 controller and NYC-SRV-001 is
registered with NYC-XDC-001. If not registered properly, then restart the Citrix Desktop Service on
NYC-SRV-002, and then verify if it gets registered with NYC-XDC-002 broker.
10. Connect back to NYC-FSR-001.
11. Open a new tab in the Internet Explorer application and browse to http://192.168.10.100/ to connect
to NetScaler.
12. Log on with below credentials:
• Username: nsroot
• Password: nsroot

Note: In case of any pop-up to store password, select Not for this site.
13. Click NetScaler Gateway in left pane and select ICA Connections under Monitor Connections.
125
14. Verify that the recently established ICA session is seen.

Click Close.

Note: Both Virtual Servers (Gateways) are configured on the same NetScaler Server for the lab
environment. When Gateways are configured on two separate servers, you would see the ICA session
established on specific gateway server depending on the ICA session launched for specific Zone.
15. Logout from NetScaler console.
16. Close the Notepad session and close the browser.

Key Takeaways:
• Citrix Studio and the NetScaler GUI can be used to verify that a session has been established via the
appropriate Zone and Gateway.

126
Module 4: HDX and Multimedia
Overview:
This module will present several XenApp and XenDesktop settings that can be used to improve the end-user
experience while preserving datacenter resources. This will include the new Enlightened Data Transport (EDT)
transport protocol, Thinwire Compatibility 8-bit mode, Flash Redirection, and Windows Media Redirection.

Before you begin:


Estimated time to complete Module 4 lab exercises: 28 minutes

Exercise 4-1: Enlightened Data Transport (EDT)


Scenario:
You are a Citrix Administrator for your company, WWLabs. In preparation for the deployment of a satellite FMA
zone within the XenApp and XenDesktop production environment, the Lead Citrix Architect wants to try using HDX
Adaptive Transport, which selectively uses the Enlightened Data Transport (EDT) protocol, to ensure an optimized
connection regardless of network conditions. He asks you to enable a Citrix Policy so that EDT is used for all
connections to the existing Desktop OS Delivery Group.

Step Action
1. The following VMs are required before beginning the exercises for this Module, all others may be
powered down.

To power manage your VMs, switch to XenCenter, right-click on the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.

• NYC-ADS-001
• NYC-DTP-001
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-VNS-001
• NYC-XDC-001
• NYC-XDC-002
2. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
3. Right-click Start > Run. Type gpmc.msc and click OK.

127
Note: You can also open Group Policy Management Console from Server Manager > Tools > Group
Policy Management.
4. Browse to Forest: workspacelab.com > Domains > Workspacelab.com > Citrix > New York > VDA.

5. Right-click VDA and select Create a GPO in this domain and Link it here.
6. Name the New GPO as EDT and click OK.

7. Right-click the newly created GPO EDT and click Edit.


128
Note: Click OK on Group Policy Management Console message if appear.
8. In the left pane, browse to Computer Configuration > Policies > Citrix Policies.

9. In right pane, click New under Policies tab.

10. Enter the following:


Name: EDT

Click Next.
11. Type HDX in the search box to locate HDX Adaptive Transport policy.

129
12. Click Add corresponding to HDX Adaptive Transport policy.
13. Select Preferred from Value drop-down and click OK.

Note:
• Preferred – Transporting data over UDP is used when possible, with fallback to TCP.
• Diagnostic mode - This value will always transport data over UDP, and fall back to TCP is
disabled. We recommend this setting only for troubleshooting.
• Off - TCP is always used, and EDT is disabled.
14. Click Next.
15. Click Add next to Delivery Group.

130
16. Click Add on the New Delivery Group Filter screen.
17. Select NYC-DG-Existing-ServerOS from Delivery group drop-down.

Verify that the Mode is set to Allow, and that the check box for Enable this filter element is selected,
then click OK.

18. Click OK and click Next.

131
19. On the Summary page. Verify the check box for Enable this policy is selected then click Create.

20. Click X to close the Group Policy Management Editor console.


21. Click X to close the Group Policy Management console.

Key Takeaways:
• EDT is disabled by default, but can be enabled via a Citrix Policy setting.
• Diagnostic mode is the equivalent of using EDT for all network situations, and is only recommended for
troubleshooting.

132
Exercise 4-2: Test EDT
Scenario:
Now that EDT has been enabled via Citrix Policy, verify that EDT is now being used as the preferred transport
protocol for HDX sessions by initiating a session via StoreFront.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-SRV-001.

To log on to NYC-SRV-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Right-click Start and select Command Prompt (Admin).
3. Run gpupdate /force to update the policy that is recently applied.
4. Right-click Start and select Run. Type regedit to open Registry Editor.
5. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICAPolicies in left pane.

133
6. In right pane, verify that HDXoverUDP DWORD shows value 2.

7. Close Registry Editor and Command Prompt.


8. Using the Remote Desktop Connection manager, connect to NYC-SRV-002.

To log on to NYC-SRV-002, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
9. Right-click Start and select Command Prompt (Admin).

134
10. Run gpupdate /force to update the policy that is recently applied.
11. Close the Command Prompt.
12. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

Note: In a previous exercise, you had logged on to NYC-FSR-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-FSR-001, right-click
this machine and choose Connect server.
13. Launch Internet Explorer from taskbar.
14. Browse to https://storefront.workspacelab.com/.

Note: Click Switch to username and password if Log On windows does not open OR
In case of Install Citrix Receiver to access your applications screen, click Log on.

Enter the following credentials:


• Username: workspacelab\Administrator
• Password: Password1

And click Log On.


15. Click DESKTOPS tab and select NYC-DG-Existing-ServerOS to launch the desktop.
16. Once the desktop NYC-DG-Existing-ServerOS is launched, open Command Prompt and run the below

command:
netstat –a –p UDP
Confirm that the VDA is listening on UDP ports 1494 and 2598.

17. To confirm that the virtual channels are running over EDT use the CtxSession.exe command-line utility

available on the VDA.

Run the command ctxsession.exe

The output should display the session transport protocol is using UDP -> CGP -> ICA.

135
Note: The session identification number may vary in your lab.
18. Close the Command Prompt and Sign out from the desktop session.

Key Takeaways:
• The netstat command can be used to confirm that the ICA and CGP UDP ports (1494/2598) are open on
the VDA.
• Run the ctxsession.exe command-line utility from within a virtual desktop session to verify which
transport protocols are being utilized for that session.

Exercise 4-3: Configure EDT with NetScaler


Scenario:
After a few days of testing, one of your colleagues notices that while EDT is working as expected for internal HDX
sessions, it is not being used for any external sessions proxied by the NetScaler Gateway. The NetScaler
administrator tells you that Datagram Transport Layer Security (DTLS) must be enabled for any NetScaler Gateway
virtual servers where EDT should be enabled. She gives you access to a NetScaler GUI so that you can complete this
task.

Step Action
1. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-FSR-001.

Note: In a previous exercise, you had logged on to NYC-FSR-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-FSR-001, right-click
this machine and choose Connect server.
2. Start the Internet Explorer application and browse to http://192.168.10.100/ to connect to NetScaler.
136
3. Log on with the below credentials:
• Username: nsroot
• Password: nsroot
4. On the Configuration tab in the NetScaler GUI, expand NetScaler Gateway and select Virtual Servers.

5. Select nsg2.workspacelab Virtual Server and click Edit to display Basic Settings for the Virtual Server,
and then verify the state of the Datagram Transport Layer Security (DTLS) shows False.

Note: If you use EDT, Datagram Transport Layer Security (DTLS) must be enabled to encrypt the UDP
connection used by EDT. The DTLS parameter must be enabled at the Gateway VPN virtual server
level, and XenApp and XenDesktop components must be correctly upgraded and configured to
achieve encrypted traffic between the Gateway VPN virtual server and the user device.

6. Click Pencil icon next to Basic settings and click More.

137
7. Select the check box for DTLS.

Click OK.
8. Verify DTLS now shows true.

9. In the Certificates section of the VPN Virtual Server screen, click 1 Server Certificate and re-bind the
certificate for the DTLS handshake.

10. Select the certificate and click Unbind.

138
11. Click Yes to confirm.

12. Click Add Binding.


13. Select Click to select.

14. Click wildcard.workspacelab.keypair and click Select.

15. Click Bind.

139
Note: If prompted with the warning message no usable ciphers configured on the SSL vserver/server
click OK.

16. Click Close.


17. Click Continue three times and click Done.
18. Click Floppy Icon at the top to save the changes and click Yes to confirm.

19. Logout from NetScaler Console.

Key Takeaways:
• To enable EDT to be used for sessions proxied by the NetScaler Gateway, DTLS must be enabled on the
Gateway virtual server so that the EDT-based connection between the Gateway and Citrix Receiver will be
encrypted.
• After enabling DTLS, re-bind the certificate on the Gateway vServer to establish the DTLS handshake.

Exercise 4-4: Thinwire Compatibility 8-bit Mode


Scenario:
Recently, the WWLabs Citrix Administration team was contacted by the networking team, who is engaged in a
project to reduce the costs incurred by temporary, metered WAN links to mobile research units. As part of their
work, these employees access the XenApp and XenDesktop environment through a mobile device and launch a
published application to record observations and data.

Since the published application uses a relatively simple graphical interface, the network team would like to reduce
the color depth of the application so that less bandwidth is used on the metered links. You decide to test Thinwire

140
Compatibility 8-bit mode in the development XenApp and XenDesktop environment so that the research team can
determine if this solution will work for them.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Launch Citrix Studio from the Start Menu.

Note: Ignore this step if studio is already open.


3. In the Studio console, in the left pane, click Policies.

Note: If the Citrix Policies Welcome screen is displayed, then select the check box Don’t show this
again and then Close.
4. On the Policies node in Citrix Studio, click Create Policy.

141
5. On the Create Policy wizard, go to the Search box and type preferred color.

6. On the Preferred color depth for simple graphics policy, click Select.
7. On the Edit Setting wizard, select 8 bits per pixel for the Value drop-down box.

8. Click OK.
9. On the Create Policy wizard, click Next.

142
10. On the Users and Machines page, select Delivery Group and click Assign.

11. On the Assign Policy page, drop-down the Delivery Group and select NYC-DG-Existing-DesktopOS.

143
Click OK.
12. Click Next on the Users and Machines page.

13. On the Create Policy Summary page, delete the default name Policy0 and set the policy name to 8 bit
color mode and verify that the Enable policy check box is selected.
144
Click Finish.
14. Verify if the policy is listed on the Citrix Studio once it is created.

15. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator

145
• Password: Password1
16. Launch Internet Explorer from taskbar.
17. Browse to https://storefront.workspacelab.com/Citrix/StoreWeb.

Note: Click on Switch to username and password if Log On windows does not open OR
In case of Install Citrix Receiver to access your applications screen, click Log on.
18. Enter the below credentials:
• Username: workspacelab\administrator
• Password: Password1

And click Log On.


19. Select DESKTOPS and click NYC-DG-Existing-DesktopOS to launch the desktop.

Notice the colors may seem to have a bit more pixelated or mouse cursor size increased due to the 8-
bit mode. However, it is suitable for certain applications, and can ensure interactivity at lower
bandwidths.

146
Note: If you are not able to log onto the NYC-DG-Existing-DesktopOS desktop, log off any active or
disconnected sessions on NYC-DTP-001 by using the search function in Citrix Studio.
20. Right-click Start > Shut down or sign out > Sign out.

Key Takeaways:
• To enable Thinwire Compatibility 8-bit mode, Preferred color depth for simple graphics policy is used.
• Same setting can also be enabled on individual machines manually using registry key.

Exercise 4-5: Enable Flash Redirection


Scenario:
Your team has implemented Flash Redirection for all managed endpoints in order to conserve resources on the
VDAs and improve scalability. However, your colleague informs you that while shadowing a user session while
resolving an issue, he noticed that Flash Redirection did not seem to be enabled for that user. Further investigation
reveals that several users have elected to disable Flash Redirection on their managed devices.

Your task is to configure a Receiver-targeted Group Policy that will force managed endpoints to use Flash
Redirection.

Step Action
1. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-XDC-001.

Note: In a previous exercise, you had logged on to NYC-XDC-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-XDC-001, right-click
this machine and choose Connect server.
2. Copy HdxFlash-Client.admx from \\NYC-FSR-001\Resources\Receiver_ADMX_Files to
C:\Windows\PolicyDefinitions\ on NYC-XDC-001.

And

Copy HdxFlash-Client.adml from \\NYC-FSR-001\Resources\Receiver_ADMX_Files\en-US to


C:\Windows\PolicyDefinitions\en-US on NYC-XDC-001.
3. Right-click Start > Run. Type gpmc.msc and click OK.

147
4. Browse to Forest: workspacelab.com > Domains > Workspacelab.com > Citrix > New York > Servers >
FSR.

5. Right-click FSR and select Create a GPO in this domain and Link it here.
6. Name the New GPO as HDX and click OK.
7. Right-click newly created GPO HDX and click Edit.

Note: Click OK on Group Policy Management Console message if prompted.


8. Browse to Computer Configuration > Policies > Administrative Templates > HDX MediaStream Flash
Redirection-Client.

9. In right pane, double-click Enable HDX MediaStream Flash Redirection on the user device.
Select Enabled and select Always for the Use HDX MediaStream Flash Redirection drop-down.

148
10. Click Apply, and then click OK.
11. Close the Group Policy Management Editor.
12. Close the Group Policy Management console.
13. Using the Remote Desktop Connection manager, confirm that you are still connected to NYC-FSR-001.

Note: In a previous exercise, you had logged on to NYC-FSR-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-FSR-001, right-click
this machine and choose Connect server.
14. Right-click Start and select Command Prompt (Admin).
15. Type gpupdate /force.
16. Launch Internet Explorer from taskbar and browse to https://storefront.workspacelab.com.

Note: Click Switch to username and password if Log On windows does not open OR
In case of Install Citrix Receiver to access your applications screen, click Log on.
17. Enter the below credentials:

149
• Username: workspacelab\administrator
• Password: Password1

And click Log On.


18. Click DESKTOPS tab and click NYC-DG-Existing-DesktopOS to launch a desktop.

Note: If you are not able to connect to the NYC-DG-Existing-DesktopOS desktop, log off any active or
disconnected sessions on NYC-DTP-001 by using the search function in Citrix Studio.
19. Verify that the desktop launch is successful. Open Internet Explorer and browse to the flash enabled
web site:
https://helpx.adobe.com/flash-player.html

Note: If the HDX File Access window appears, click Read/write Access.

20. Double-click Lab Resources folder shortcut on the desktop, double-click HDX Monitor folder and run
setup.exe.
21. Select Open.

150
Note: As 8 bit color mode was enabled in previous exercise, color resolution is low.
22. Verify Flash redirection shows Active under Adobe Flash.

Note: Flash redirection requires Flash Actives player on the VDA machine. Internet Explorer (IE) 11
comes with Flash ActiveX by default. In addition, on the client machine you need Flash plugin to be
installed, which is installed on NYC-FSR-001 for the lab environment.
23. Close the HDX monitor and Sign out from the desktop session.

Key Takeaways:
• The Receiver ADMX template can be used to configure Group Policy settings that target Citrix Receiver
behavior on managed endpoints.
• The GPO setting Enable HDX MediaStream Flash Redirection on the user device is used to enforce desired
Flash Redirection behavior on the Receiver client.
• Managed endpoints should have the prerequisites for Flash Redirection (Flash ActiveX Player, Flash
Plugin) installed to ensure that Flash content would play when redirection is enforced.

Exercise 4-6: Test Windows Media Redirection


Scenario:
Management would like internally hosted announcement and training videos to be accessible to workers using a
Server OS hosted desktop within the XenApp and XenDesktop environment. There is no funding to purchase more
hardware to support this requirement. The Lead Citrix Architect asks you to test Windows Media Redirection to

151
determine if the feature will successfully meet management’s requirements while preserving resources on the
VDAs.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-SRV-001 or NYC-SRV-002.

Note: In a previous exercise, you had logged on using the following credentials to make the
connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-SRV-001 and NYC-
SRV-002, right-click this machine and choose Connect server.
2. Play the Windows Media Redirection video present on the desktop and note that quality of the video
is not that good, as it is using the local resources.
3. Using the Remote Desktop Connection manager, confirm you are still connected to NYC-FSR-001.

Note: In a previous exercise, you had logged on to NYC-FSR-001 using the following credentials to
make the connection:
• Username: WORKSPACELAB\Administrator
• Password: Password1

Note: If your Remote Desktop Connection session is disconnected, log on to NYC-FSR-001, right-click
this machine and choose Connect server.
4. Launch Internet Explorer from taskbar and browse to https://storefront.workspacelab.com.

Note: Click on Switch to username and password if Log On windows does not open OR
In case of Install Citrix Receiver to access your applications screen, click Log on.
5. Enter the below credentials:
• Username: workspacelab\administrator
• Password: Password1

And click Log On.


6. Click DESKTOPS tab and click NYC-DG-Existing-ServerOS to launch a desktop.

Note: If the HDX File Access window appears, click Read/write Access.

152
7. Play the Windows Media Redirection.mp4 video present on the desktop. It will now be using the
client’s resources. To confirm the redirection, double-click the Lab Resources folder shortcut on the
desktop. Double-click HDX Monitor folder and run setup.exe.

Note: Click Close on the MPC-HC codecs message if it is displayed.

8. Select Open.

153
9. Verify that the Windows Media redirection shows Active.

Note: Windows Media redirection Policy is enabled by default.

Note: Quality of video might not improve if the resources on client are not enough or network
bandwidth is less. In that case, even if the Windows Redirection is enabled, video will render back to
server side and we can see the appropriate message in the HDX monitor.

Note: The media file must be playing to see the redirection state as Active in HDX Monitor, and it may
take a few moments to update and display the Active state after you start the media player file.

Note: If the media file has completed running, then HDX monitor might not show the state properly
for Windows Media.
10. Close the HDX monitor and Sign out from the desktop session.

Key Takeaways:
• Similar to Flash redirection, Windows Media redirection redirects media files to be processed on the
endpoint, rather than on the VDAs, which can improve the user experience and preserve VDA server
scalability.
• Windows Media redirection is enabled by default, but can be configured via Citrix Policy.

154
Module 5: App Layering
Overview:
This module presents the Application Layering feature now available with XenApp and XenDesktop. You will create
Application Layers, create a customized template that uses the layers, and provision machines from the template.
Finally, you will update and delete some of the Layers, and use the Elastic Layering feature to dynamically provide
access to an Application Layer during user logon.

Before you begin:


Estimated time to complete Module 5 lab exercises: 158 minutes

Estimated time to complete Module 5 Self-Paced Bonus lab exercises: 152 minutes

Exercise 5-1: Create an App Layer with Microsoft Office


Scenario:
The Citrix Architect asks you to create an App Layer containing Microsoft Office 2016. Only Excel, Outlook and
Word will be published on this App Layer. This layer will become one of the most important App Layers, since a
large number of users within WWLabs requires it.

Note: Another Engineer on your team has previously created the OS Layer and Platform layer required for the
exercises for this module.

Note: It takes some time to create every layer in this module as the machines which are created by the ELM during
every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at the end
of the operation. The changes are saved on the .vhd file stored on the ELM.

Step Action
1. The following VMs are required before beginning the exercises for this Module; all others may be
powered down.

To power manage your VMs, switch to XenCenter, right-click on the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.

• NYC-ADS-001
• NYC-ELM-001
• NYC-FSR-001
• NYC-SQL-001
• NYC-XDC-001
• NYC-XDC-002
2. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
3. From the taskbar on the NYC-FSR-001 machine, launch Internet Explorer.

155
To access the ELM Console, open Internet Explorer and browse to:
http://192.168.10.76

Note: If you are unable to connect to the ELM console, verify that the NYC-ELM-001 virtual machine is
powered On.
4. On the login page for Citrix App Layering, type the following credentials to login:
• Username: administrator
• Password: Password1

Click Login.
5. On the Welcome To window, click Close.

156
Note: If you see the Upgrade Available prompt saying:
Version [X.Y.Z] is now available. The release notes for this version are available here.

Click Close.

6. From the Layers menu on the top left, select the App Layers tab.

7. From the Actions menu on the right, select Create App Layer.

157
8. On the Layer Details page in the Create App Layer Wizard, enter the following information:

Layer Name: MS Office


Layer Description: MS Office 2016
Version: 1
Version Description: MS Office 2016 (Excel, Outlook, Word)
Max Layer Size (GB): 10

Click the Down Arrow to continue.

158
Note: For version name, it is good to use a combination of number and date like 1.0 6-24-2017, so that
in later stage, when you add a new version, you can make it like 1.1 7-21-2017.
9. On OS layer page, verify that Windows 10 – 1 is selected.

Click the Down Arrow to continue.

Note: Another Engineer on your team has previously created the OS Layer and Platform layer required
for the exercises for this module.

10. On Prerequisite Layers, leave defaults.

159
Click the Down Arrow to continue.
11. On the Connector page, select XenServer – NYC-XenServer, and then Select Edit.

12. On the XenServer Connector page, click Storage Repository within the Virtual Machine Clone Settings.

160
13. Within the Storage Repository drop-down, select Local Storage.

Click TEST to validate the settings.

161
14. On the bottom right hand corner of the XenServer Connector portal, Click SAVE.

Then click CLOSE.

15. On the Connector page in Create App Layer Wizard, verify that the XenServer – NYC- XenServer is
selected.

162
Click the Down Arrow to continue.
16. On the Platform Layer page, leave the defaults.

Click the Down Arrow to continue.


17. Verify that the Packaging Disk Filename is set as MS office.

163
Click the Down Arrow to continue.
18. On Icon Assignment page, choose the Windows 10 icon.

Click the Down Arrow to continue.


19. On the Confirm and Complete page, review the settings and click Create Layer.

164
Note: When you have completed the Layer wizard, ELM creates a Packaging Machine in your
environment in the location defined in the Connector Configuration. The Packaging Machine is a
virtual machine where you install the software to be included in the layer. The Packaging Machine is a
temporary VM that will be deleted once the new Platform Layer has been finalized.
20. Validate the task progress.

On the task section at the bottom of the window, click the Up Arrow to pull the event viewer.

165
21. In the Tasks menu at the bottom monitor the state of the currently running task. Click information
icon for more details.

22. Monitor the task progress and wait for the status to change to Action Required. Then click the
information icon to the left of the Status field to review more details.

Click X to close the event information details.

Note: This step may take around 10-15 minutes to complete.


23. Switch to the XenCenter on Student Desktop and select the newly created Virtual Machine by the
name of MS office-YYYY-MM-DD_Time.

24. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert).

Login with the following credentials:


• Username: Admin1
• Password: Password1

Note: If prompted with a Remote Desktop Connection warning, click Cancel.


25. Using XenCenter mount the Microsoft Office installation media ISO to MS office-YYYY-MM-DD_Time.

To mount the installation media ISO, select MS office-YYYY-MM-DD_Time in the left pane of the
XenCenter. In the right pane, select the Console tab. Using the DVD Drive 1: drop-down menu, select
Office_Professional_Plus_2016_64Bit.iso
166
Note: If there are no ISOs listed in the DVD Drive 1: drop-down menu, then the Local ISO Storage
Repository (SR) that contains the ISO library may need to be re-scanned. In the left pane of XenCenter,
select the Local ISO SR XS. In the right pane, select the Storage tab and click the Rescan.

Note: If the above rescan of the Local ISO SR XS does not show the specific ISO for installation:
Office_Professional_Plus_2016_64Bit.iso, then please tell your instructor.
26. Launch the File Explorer application from the Windows Taskbar or Start Menu. On the left pane, click
This PC and double-click the red Microsoft Office logo next to CD drive under Devices and Drives.

Note: By default, when opening File Explorer on Windows 10, Quick access is selected.
27. Review the terms of the license agreement. If you agree, select the I accept the terms of this
agreement check box, and then click Continue.

167
28. On the Choose the installation you want window, Click Customize.

168
29. On the Customize how Microsoft Office programs run window, use the drop-down, per application, to
edit each application’s installation options.

For Microsoft Excel, Microsoft Outlook, and Microsoft Word, select Run all from My Computer.

For all other remaining applications, choose Not Available.

Verify the necessary application options have been selected, and then click Install Now.

169
Note: This installation takes 5-10 minutes to complete.
30. Once the installation is complete, click Close.

31. Right-click Start menu > Shut down or sign out > Restart.
170
Note: Reboot is required when we install software on any of the layers, Shutdown for Finalize option
may fail if not rebooted.
32. On the Console tab, click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
• Password: Password1
33. Using XenCenter eject the Microsoft Office installation media from MS office-YYYY-MM-DD_Time
machine.

To eject the installation media ISO, select MS office-YYYY-MM-DD_Time machine in the left pane of
XenCenter. In the right pane, select the Console tab and click Eject to remove
Office_Professional_Plus_2016_64Bit.iso from the DVD Drive 1.
34. Browse to location C:\Windows\Setup\scripts in Windows Explorer.
35. Double-click Optimize.hta.

171
36. Once the Citrix Optimization Script Builder opens up, clear the Option A which says Check to force GPO
updates.

37. On the Citrix Optimization Script Builder window, scroll down to see the option H under Citrix Desktop
Optimizations Deployed in Build Scripts, which says Activate MS Office via KMS and then select the
check box.

38. Select the option 14 in the list, which says Office Pro Plus 2016.

172
39. Scroll down and click Save Settings A-J.

Note: The way the optimizer works is that when you create the Office layer you run the Optimizer
utility, select Activate MS Office via KMS and check all the Office Apps that are included in your layer.
When you save using Save Settings A-J, this will create flag files. One flag file will be OfficeActivate.txt
which tells the kmssetup.cmd to run OfficeActivate.cmd. This will be placed in the kmsdir folder.

Note: The other flag file by name OfficeProPlus2016_KMS.txt which tells the OfficeActivate.cmd script
to include that office application when inserting the KMS key and activating office. This file will be
created in the scripts folder.
40. Click OK on the Citrix Desktop Optimizations Have Been Saved dialog box.

41. Close the Citrix Optimization Script Builder window.


42. Right-click on Office2013Windows81_PREP.cmd file under the location C:\Windows\Setup\Scripts
and select Run as administrator. The script will run quickly and not be displayed or visible to you.

173
Note: If using any OS other than win7, you need to run the Office2013Windows81_PREP.cmd in the
c:\windows\setup\scripts folder. This backs up the windows store from the layer so the scripts can
restore it on the desktops or XenApp hosts.
43. Right-click Start menu and select Command Prompt (Admin).
44. In the Command Prompt window, type each of the below commands. Press Enter after each
command.
• cd..
• cd Microsoft.Net\Framework\v4.0.30319
• ngen update

Once the above ngen update command is complete, type each of the below commands. Press Enter
after each command.

• cd..\..
• cd Framework64\v4.0.30319
• ngen update

174
Note: NGEN compiles the .NET assemblies ahead of time so that .NET applications run faster. They run
faster because they do not need to compile the assemblies at run time.

Note: Please ignore if you see any errors as only the available .NET modules will get updated when we
run the above command, and we may see some errors for few modules that are not present.
45. Close the Command Prompt window.
46. Open File Explorer and browse to location C:\Program Files\Microsoft Office\Office16 and verify that
the file OSPPREARM.exe exists.

47. Right-click Start and select Command Prompt (Admin).


48. Run the command “C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE” to rearm the
Office.

Note: If the command does not work, verify you have included the quotations.
49. Click X to close the Command Prompt.
50. Double-click Shutdown For Finalize icon on the desktop.

Note: In production environments, it is good to check and run Windows Updates in the Office Layer
before finalizing.
51. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001. Verify if Internet Explorer is
still connected to App Layers page on the ELM console.

Note: If the ELM console was previously closed, launch Internet Explorer and browse to
http://192.168.10.76. Login with the following credentials:
175
• Username: Administrator
• Password: Password1
52. Right-click MS office and select Finalize.

53. On the Script path page in Finalize Layer Wizard, click the Down Arrow.

54. On the Confirm and Complete page, click Finalize.

176
55. Validate the task progress.
Click the information icon next to the running task for more details.

56. Monitor the task progress and wait for it to complete.

Note: This step may take 4-5 minutes.

Click X to close the event information details.


57. Validate that the status of the App Layer now shows as Deployable.

177
Note: You can monitor the space available on the ELM from System > Manage Appliance.

Key Takeaways:
• The summary of this exercise is to create an App Layer which has Microsoft Office in it. OS and App Layer
has to be selected while creating a template which can be used to create the master machine for
XenDesktop site.
• The process of creating an App Layer is similar to that of creating a Platform Layer. Note that the Platform
Layer is not required to create an App Layer, as long as the application(s) being installed do not require
any components that are only present within the Platform Layer.

Exercise 5-2: Create an App Layer with PDF Reader


Scenario:
Now that the first App Layer has been successfully created, you are asked to create an additional App Layer for
Adobe PDF Reader. The Citrix Architect informs you that he would like you to eventually test this Layer with the
Elastic Layering feature to provide the app as a desktop shortcut for a customizable subset of users.

Note: It takes some time to create every layer in this module as the machines which gets created by the ELM
during every layer operation is all managed by ELM itself, and the same machine is also destroyed by the ELM at
the end of the operation. The changes are saved on the .vhd file stored on the ELM.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.
2. From the Layers menu on the top left, select the App Layers tab.

178
3. From the Actions menu on the right, select Create App Layer.

4. On the Layer Details page in the Create App Layer Wizard type the following information:

Layer Name: Adobe PDF Reader


Layer Description: Adobe PDF Reader
Version: 1
Version Description: Adobe PDF Reader
Max Layer Size (GB): 3

179
Click the Down Arrow to continue.
5. On OS layer page, verify Windows 10 – 1 is selected.

Click the Down Arrow to continue.


6. On Prerequisite Layers, leave defaults.

180
Click the Down Arrow to continue.
7. On the Connector page, select XenServer – NYC-XenServer.

Click the Down Arrow to continue.


8. On the Platform Layer, leave the defaults.

181
Click the Down Arrow to continue.
9. Verify that the Packaging Disk Filename is Adobe PDF Reader.

Click the Down Arrow to continue.


10. On Icon Assignment page, select Windows 10.

182
Click the Down Arrow to continue.
11. On the Confirm and Complete page, review the settings and click Create Layer.

Note: When you have completed the Layer wizard, ELM creates a Packaging Machine in your
environment, in the location defined in the Connector Configuration. The Packaging Machine is a
virtual machine where you install the software to be included in the layer. The Packaging Machine is a
temporary VM that will be deleted once the new Platform Layer has been finalized.
12. In the Tasks menu at the bottom monitor the state of the currently running task. Click information
icon for more details.

183
13. Monitor the task progress and wait for the status to change to Action Required.

Click X to close the event information details.

Note: This step may take around 10-15 minutes to complete.


14. Switch to the XenCenter on Student Desktop and select the newly created virtual machine by the
name of Adobe PDF Reader-YYYY-MM-DD_Time.

15. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1

Note: If prompted with a Remote Desktop Connection warning, click Cancel.


16. Browse to:
\\NYC-FSR-001\Resources\

Note: You can also double-click on the Lab Resources icon on the desktop to reach the file share.
17. Select reader11_uk_ra_install.exe, right-click and select Copy.

184
18. Click This PC on the left and browse to the C:\Temp, right-click and select Paste.
19. Right-click reader11_uk_ra_install.exe, and select Run as administrator.
20. On the Ready to Install Adobe Acrobat Reader (DC) window, click Install.

21. On the Setup Completed window, click Finish.

185
22. Right-click Start menu > Shut down or sign out > Restart.

23. On the Console tab, click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
• Password: Password1
24. Double-click Shutdown For Finalize icon on the desktop.

186
25. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001. Verify if Internet Explorer is
still connected to App Layers page on the ELM console.

Note: If the ELM console was previously closed, launch Internet Explorer and browse to
http://192.168.10.76. Login with the following credentials:
• Username: Administrator
• Password: Password1
26. Right-click Adobe PDF and select Finalize.

27. On the Script path page in Finalize Layer Wizard, click the Down Arrow.
187
28. On the Confirm and Complete page, click Finalize.

29. Validate the task progress.

Click the information icon next to the running task for more details.

30. Monitor the task progress and wait for it to complete.

188
Note: This step may take 3-4 minutes.

After the status shows done, click X to close the event information details.
31. Validate that the status of the App Layer now shows as Deployable.

Note: You can monitor the space available on the ELM from System > Manage Appliance.

Key Takeaways:
• The summary of this exercise is to create an App Layer, which has PDF Reader in it. OS and App Layer has
to be selected while creating a template, which can be used to create the master machine for XenDesktop
site.
• Multiple App Layers can be created from the same OS Layer. These Layers can be updated independently,
and can be mixed and matched to create unique images that meet specific use cases.

Exercise 5-3: Create a Template


Scenario:
All of the required Layers have been created. To proceed with integrating the Layers with the XenApp and
XenDesktop environment, you must create a layered image template that can be used to provision machines using
Machine Creation Services (MCS). The Citrix Architect asks you to ensure that the layered image template includes
the OS Layer, the Platform Layer, and the Microsoft Office 2016 App Layer.

189
Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.
2. Select the Images menu on the top left.

3. From the Actions menu on the right, select Create Template.

4. On the Name and Description page, within the Create Template Wizard, type the following
information:

Name: Win10 MCS


Description: Windows 10 with MS office

190
Select the Windows 10 icon, and then click the Down Arrow to continue.
5. On the OS Layer page, select Windows 10 – 1.

Click the Down Arrow to continue.


6. On Application Assignment page, select MS Office - 1.

191
Click the Down Arrow to continue.
7. On the Connector page, select XenServer – NYC-XenServer.

Click the Down Arrow to continue.


8. On the Platform Layer, select XenDesktop MCS – 1.

192
Click the Down Arrow to continue.
9. On Layered Image Disk page, verify the following settings:

Layered Image Disk Filename: Win 10 MCS


Layered Image Disk Size (GB): 70 (Type it manually)
Sysprep: Not Generalized
Elastic Layering: Application Layers Only

Note: The default Layerd Image Disk Size (GB) is 100 GB. You have changed the size to 70 GB to utilize
the disk space more efficiently.

193
Click the Down Arrow to continue.

Note: You are enabling Elastic Layering in this step because, we will use the same template to
demonstrate Elastic Layering in a later exercise.
10. On the Confirm and Complete page, click Create Template.

11. Verify that the Win10 MCS template is labelled as Publishable.


Right-click Win10 MCS and select Publish Layered Image.
194
12. On Confirm and Complete page on Publish Layered Image Wizard, click Publish Layered Image.

13. Validate the task progress.


Click the information icon next to the running task for more details.

195
14. Monitor the task progress and wait for it to complete.

This step may take 10-15 minutes and create a VM by the name Win10 MCS-YYYY-MM-DD_TIME on
your hypervisor. This VM will be later used as a master image for creating a XenDesktop Catalog.

Click X to close the event information details.

Note: A Layered Image is a virtual machine that Unidesk has composited from the Layers and settings
specified in an Image Template. You can publish one or more Layered Images to Citrix MCS in your
XenServer environment and add it to a catalog for provisioning systems.
15. Right-click Win10 MCS and select Properties.

196
16. Review the Layer Assignment and verify the following layers are listed:

• XenDesktop MCS
• MS Office
• Windows 10

197
Click X to close the window.
17. Switch to the XenCenter and verify a new Virtual Machine by the name Win10 MCS-YYYY-MM-
DD_TIME on your hypervisor.

18. Right-click Win10 MCS-YYYY-MM-DD_TIME and select Take a snapshot.

198
19. In the Take Snapshot dialog box, type the following information:

Name: Windows 10 for MCS


Description: Windows 10 with Xentools, VDA 7.15 and MS Office 2016 installed

Click Take Snapshot.

Key Takeaways:
• The summary of this exercise is to create a template/layered image which can be used to create the
master machine on the hypervisor. This machine can be used by XenDesktop to create a Machine Catalog.
• The template creation process is initiated from the App Layering management console, where the OS
Layer, Platform Layer, and any required App Layers are selected to be part of the template.
• The ELM uses this configuration information to create a Layered Image, which is a virtual machine that is
composited from the Layers and settings specified in an Image Template.
• You can integrate one or more Layered Images to Citrix XenApp and XenDesktop environment by
accessing them in the hypervisor used for the deployment and creating a virtual machine template from
it.

199
Exercise 5-4: Create a Machine Catalog
Scenario:
With a virtual machine template in place on the XenServer host, the Citrix Architect asks you to create a new
machine catalog within the development XenApp and XenDesktop Site, and provision a new VDA machine to it
based on the Layered Image template. You should confirm that the new VDA was created successfully and has
registered to a Delivery Controller.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-XDC-001.

Note: To log into NYC-XDC-001 we use the following credentials:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Using Studio, expand Citrix Studio (NYC) > Configuration, and then select Hosting in left pane.

Note: If Studio is not open, click Start > Citrix > Citrix Studio to open the Studio.

Note: Click Cancel on End Snap-in window if prompted.


3. Right-click Hosting and select Add Connection and Resources.

4. On the Connection page, enter your XenServer hypervisor connection resource details.

To locate your XenServer connection resource details, minimize the lab environment, return to
training.citrix.com (TCC), and click on the Launch button for the labs, which launches a small window
with some connection details.

Note: You may have to log back in with the MyCitrix credentials used to register for this course.

Take note of the XenServer hypervisor connection details and enter this information to create a
Resource Connection for the XenApp and XenDesktop Site.

• Connection type: Citrix XenServer


• Connection address: http://<XenServer IP Address>
• Username: root
• Password: <XenServer credentials password>
• Zone name: Primary
200
• Connection name: XenServer

Verify that for the Create virtual machines using option, the Studio tools (Machine Creation Services)
is selected.

Click Next.

Note: If you do not see Zone name box, please ignore.

Note: XenApp and XenDesktop equally supports all three industry standard hypervisors agnostically.
The Site wizard can connect its Resource Connection settings to Citrix XenServer, Microsoft Hyper-V,
or VMware vSphere.

5. On the Storage Management page, select Use storage local to the hypervisor, and then click Next.

201
Note: Since this is a lab environment, local storage will be used.
6. On the Storage Selection page, leave the default selections and click Next.

202
Note: For this deployment, your XenServer local storage is adequate. You have met with the Lead
Citrix Architect and agree that in the WW Labs production deployment, you will need to consider a
fast and redundant storage solution.
7. On the Network page, specify the name and the network that the future Machine Catalog machines
will use.

In the Name for these resources box, type Internal.

Select the Internal check box under the Select one or more networks for the virtual machines to use
section, and then click Next.

Note: You have been tasked to use this specific network for the Machine Catalog machines. You will
be creating and working with Machine Catalog machines in later exercises.

203
8. Verify and click Finish on the Summary page.

9. Click Machine Catalogs in left pane.

On the right pane, click Create Machine Catalog.


10. On the Introduction page, click Next to continue the Machine Catalog creation wizard.

204
11. On the Operating System page, select Desktop OS and click Next to continue the Machine Catalog
creation wizard.

Note: When selecting an operating system for the Machine Catalog we have three options:
• Server OS: The Server OS Machine Catalog provides hosted shared desktops for a large-scale
deployment of standardized Windows Server OS or Linux OS machines.
• Desktop OS: The Desktop OS Machine Catalog provides VDI desktops ideal for a variety of
different users.
• Remote PC Access: The Remote PC Access Machine Catalog provides users with remote
access to their physical office desktops, allowing them to work at any time.
12. On the Machine Management page, verify that the following options are selected:
• Machines that are power managed (for example, virtual machines or blade PCs)
• Citrix Machine Creation Services (MCS)

Click Next to continue the Machine Catalog creation wizard.

205
Note: Indicate which tool you will use to deploy machines:
• Citrix Machine Creation Services (MCS) – Uses a master image or template to create and
manage virtual machines.
o MCS is not available for physical machines.
o Machine Catalogs in cloud environments use MCS.
• Citrix Provisioning Services (PVS) – Manages target devices as a device collection. A
Provisioning Services vDisk imaged from a master target device delivers desktops and
applications.
• Another service or technology – A tool that manages machines already in the data center.
Citrix recommends you use Microsoft System Center Configuration Manager or another
third-party application to ensure that the machines in the catalog are consistent.
13. On the Desktop Experience page, select I want users to connect to a new (random) desktop each
time they log on radio button.

Click Next to continue with Machine Catalog creation.

206
Note: Unlike Server OS catalog we get multiple options to select how the desktops are handed out
with desktop OS Catalog:
• Random: A new machine is given to the user every time a connection is made from the pool
of available machines and changes done by the user are lost on reboot.
• Static: Machine is assigned to the user who logs on first on the machine. Changes are saved
depending on the option selected:
o Personal vDisk: Changes are saved on the additional disk that is attached to each
VM, when we create the catalog. Changes stored in the Personal vDisk are not
erased.
o Dedicated: Changes are saved on the differential disk and are not lost on reboots.
o Pooled Static: Changes are not saved after a reboot, but user gets the same
machine every time since the Static type is selected.
14. On the Master Image page, expand Win10 MCS-YYYY-MM-DD_TIME. Select Windows 10 for MCS,
which is the Snapshot created in the previous exercise.

Verify that 7.9 (or newer recommended, to access the latest features) is selected.

Click Next to continue the Machine Catalog creation wizard.

207
Note: MCS supports the use of both a virtual machine or a virtual machine’s Snapshot to be used as
the master machine or image to create the Machine Catalog. When using a Snapshot as the master
image, you should consider naming the Snapshot, because when the MCS process runs a snapshot is
created by Studio and a name is assigned that you cannot change.
15. On the Virtual Machines page, enter the following configuration values:
• How many virtual machines do you want to create? 1
• Total memory (MB) on each machine: 2048
• Memory allocated to cache(MB): 256
• Disk cache size(GB): 10

Click Next to continue the Machine Catalog creation wizard.

208
Note: Make sure to have enough resources on the hypervisor. If required Shut down the machines
which are not required for this exercise.
16. On the Computer Accounts page, verify that the Create new Active Directory accounts radio button is
selected.

In the drop-down next to Domain for the Active Directory location for computer accounts, make sure
workspacelab.com is selected.

Using the arrows, expand Citrix > New York > VDA > Desktops.

Select the Desktops Organizational Unit (OU).

Note: The Desktops OU is the WW Labs location designated for machines running the Virtual Delivery
Agent (VDA), used to host user desktop OS desktop resources.

In the Account naming scheme, enter NYC-DTP-###.

Verify that 0-9 is selected from the drop-down menu to the right of the naming scheme.

209
Note: If this wizard was used to create machines on an existing naming convention, then the resultant
machines from this Machine Creation Services (MCS) process would increment to the next numerical
sequence numbers available.

Click Next to continue with Machine Catalog creation.


17. On the Summary page, review configurations and enter the following information:
• Machine Catalog name: NYC-CAT-DesktopOS-Layering
• Machine Catalog description for administrators: Created from Published Layered Image:
Win10 MCS

210
Click Finish.

Note: Clicking Finish begins the MCS process in which a combination of the parameters specified in
this Machine Catalog creation wizard and the parameters of the XenApp and XenDesktop Site are
used to create complete virtual machines from the Master machine specified earlier in said wizard.
Each virtual machine created is built into a Machine Catalog, visible from Studio. Each virtual machine
created has a nearly identical build to its Master machine, with a unique SID, machine account in
Active Directory, unique MAC, and using the DHCP scope we verified in an earlier exercise so these
virtual machines have a unique IP address.

Note: With the XenServer resources allocated to this XenApp and XenDesktop POC project by the
Citrix Lead Architect, you can expect this MCS process to take an estimated 5 -10 minutes to
complete.
18. Verify that the MCS process has completed. Using Studio validate that the Machine Catalog was
created.

Click Machine Catalogs in the left pane of Studio and view the NYC-CAT-DesktopOS-Layering
Machine Catalog in the middle pane.

19. Verify that the expected virtual machine specified to be created by MCS has been successfully created
and added to the NYC-CAT-W10-DesktopOS Machine Catalog.

Using Studio, right-click the NYC-CAT-DesktopOS-Layering Machine Catalog, and select View
Machines.
Verify that NYC-DTP-002.workspacelab.com displays.
211
20. Right-click NYC-DTP-002.workspacelab.com and select Start.

Click Yes on the power on notification.

Note: Connect to XenCenter to monitor the machine, until it is powered on. It will take some time to
machine to get completely ready.
21. From the Actions menu on the right pane, click Refresh.

212
22. Verify that the machine is successfully Registered.

Note: It will take some time for machine to show registered in the console.

Key Takeaways:
• The summary of this exercise is to create a XenDesktop Machine Catalog using the master machine
created with the help of layering concept using the ELM; thereby creating machines using MCS
technology.
• The process to provision new machines using MCS is same as before because the App Layering process
was completed prior to creating the virtual machine template. The template serves as one of the
integration points between App Layering and the XenApp and XenDesktop environment.

Exercise 5-5: Create an Elastic Layer


Scenario:
After the new App Layer-based machine catalog has been created, the Citrix Architect asks you to create a
temporary Proof of Concept implementation of the Elastic Layering feature. He would like the Adobe PDF Reader
application to be available to the HR user group so that they can view .PDF files within their hosted desktops.
However, other user groups should not have access to Adobe PDF Reader. The App Layer that was previously
created for this application should be used to accomplish this.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.

Note: If logged out, connect with below credentials:


• Username: Administrator
213
• Password: Password1
2. From the Layers menu on the top left, select the App Layers tab.

3. Right-click Adobe PDF Reader App Layer and select Add Assignments.

4. On the Select Version page, verify Version 1 is selected.

214
Click the Down Arrow to continue.
5. On the Image Template Assignment page, do NOT select anything.

Click the Down Arrow to continue.

215
6. On Elastic Assignment page, select Workspacelab > Citrix > New York > Users > Operations > HR >
HR3.

Click the Down Arrow to continue.


7. On the Confirm and Complete page, click Assign Layer.

8. Validate the task progress from the task menu.

Click the information icon next to the running task for more details.
216
9. The Layer is being copied to the network share (\\NYC-FSR-001\Resources\AppLayer)

Wait for the task to complete.

Click X to close the event details.


10. Using the Remote Desktop Connection manager, right-click NYC-DTP-002 and select Connect server
as.
11. From the drop-down corresponding to Profile select WORKSPACELAB\HR3 (File), to connect as HR3.

12. Click Connect.


217
Note: It will take some time as VM is being configured.
13. Verify Acrobat Reader DC is listed as a shortcut on Desktop.

14. Right-click Start > Shut down or sign out > Shut down.

Key Takeaways:
• The summary of this exercise is to provide a specific set of users with an application access which is a hot-
add to the existing App Layer and is visible only to those users configured access with. Other users who
have access to this App Layer will not be seeing this new hot –added application and hence this is called as
an Elastic Layer.
• App Layers can be assigned as an Elastic Layer for one or more user groups via the App Layering
management console. Elastic Layers allow administrators to give each user his/her own unique set of
applications, on top of the base Layered Image used across VDAs in a machine catalog. This can drastically
reduce the number of base Layered Images that administrators need to maintain.
• The Directory Junction that was configured in an earlier exercise allows administrators to assign Elastic
Layers to groups created in Active Directory. As a leading practice, create a group in AD for each Elastic
Layer, assign that group to the Layer in the App Layering management console, and use AD to manage
who gets what layer.

Exercise 5-6: Update an App Layer


Scenario:
The Elastic Layering POC has gone well so far and is gaining buy-in from several teams within WWLabs. The
Architect has informed you that there is a need modify the MS Office App Layer. The Citrix Architect asks you to
update the MS Office App Layer adding Microsoft PowerPoint to the Office Installation. This will enable the team
to demonstrate the flexibility of the App Layering solution.

218
Note: It takes some time to create every layer in this module as the machines which get created by the ELM during
every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at the end
of the operation. The changes are saved on the .vhd file stored on the ELM.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.
2. From the Layers menu on the top left, select the App Layers tab.

3. Right-click MS Office and select Add Version.

4. In Version Details page on, within the Create Application Version Wizard, type the following details:

Version: 2
Version Description: Add PowerPoint
Max Layer Size: 5

219
Click the Down Arrow to continue.
5. On the OS Layer, verify Windows 10 – 1 is selected.

Click the Down Arrow to continue.


6. On the Prerequisite Layers page, leave defaults and click the Down Arrow to continue.

220
7. On the Connector page, select XenServer – NYC-XenServer.

Click the Down Arrow to continue.


8. On the Platform Layer page, leave defaults and click the Down Arrow to continue.

221
9. On the Packaging Disk page, verify MS Office is listed.

Click the Down Arrow to continue.


10. On the Confirm and Complete page, click Add Version.

222
11. Validate the task progress.

On the task section at the bottom of the window, click the information icon to view the details.

12. Monitor the task progress and wait for it to complete.

Note: This step may take 15-20 minutes approximately and will create a virtual machine on the
hypervisor.
13. Validate the status changes to Action Required.

223
Click X to close the task details pane.
14. Switch to the XenCenter on Student Desktop and select the newly created Virtual Machine by the
name of MS Office-YYYY-MM-DD_Time.

15. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1
16. Right-click Start Menu and select Apps and Features.

17. In the Apps & Features window scroll down and select Programs and Features.
224
Note: Programs and Features is located in the Related Settings Section.
18. On the Programs and Features window, right-click Microsoft Office Professional Plus 2016 and select
Change.

19. On the Change your Installation of Microsoft Office Professional Plus 2016, select Add or Remove
Features, and then click Continue.

225
20. On the Customize how Microsoft Office programs run window, use the drop-down, per application, to
edit each application’s installation options.

For Microsoft PowerPoint choose Run all from My Computer.

For all other remaining applications, Leave Default.

226
Verify that the necessary application options have been selected, and then click Continue.
21. Once the installation is complete, click Close.

227
22. Right-click Start > Shut down or sign out > Restart.

Note: Reboot is required when you install software on any of the layers, Shutdown for Finalize option
may fail if not rebooted.

228
23. On the Console tab click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
• Password: Password1
24. Double-click Shutdown For Finalize icon on the desktop.

Note: If prompted with the User Account Control notification window, click Yes.
25. Switch to Internet Explorer on the NYC-FSR-001 machine and confirm that you are still connected to
App Layers page on the ELM console.

Note: If logged out, connect with below credentials:


Username: Administrator
Password: Password1
26. Right-click MS Office and select Finalize.

27. On the Script path page, in Finalize Layer Wizard, click the Down Arrow.

229
28. On the Confirm and Complete page, click Finalize.

29. Validate the task progress.


Click the information icon next to the running task for more details.

30. Monitor the task progress and wait for it to complete.

230
After the status shows Done, click X to close the event information details.

Note: This step may take around 5-10 minutes to complete.


31. Validate that the status of the App Layer now shows as Deployable.

Key Takeaways:
• The summary of this exercise is to detail on how to update/add applications on to an existing App Layer
and how to create a new layer version for the App Layer.
• The process of updating an App Layer is like updating other layers. Note that either version of the OS
Layer can be selected to serve as the base for the App Layer update.
• In general, it is recommended to perform required OS updates to the OS Layer before updating any
Platform or App Layers that the OS Layer supports. This will prevent any OS update notifications from
appearing during Platform or App Layer updates.
• There is a lot of flexibility available regarding how your organization would like to use App Layers. From a
technical standpoint, up to 50 layers can go into a Layered Image. However, some organizations may wish
to include multiple applications within the same application layer if all applications in the group are
required for the same set of machines.

Exercise 5-7: Update the Machine Catalog


Scenario:
The Citrix Administrator team would like to test deploying the previously updated App Layer in the XenApp and
XenDesktop environment. The Lead Citrix Architect views this as a great opportunity to test the App Layer update
process of the App Layering deployment. Since Microsoft PowerPoint must now be present on all machines, the
Citrix Architect has asked you to update the NYC-CAT-DesktopOS-Layering machine catalog. The Catalog will use a
new master image that will be created from an updated template that you will configure on the ELM Server.

Note: It takes some time to create every layer in this module as the machines which get created by the ELM during
every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at the end
of the operation. The changes are saved on the .vhd file stored on the ELM.
231
Step Action
1. Using XenCenter, right-click NYC-DTP-002 and select Start.

Note: Skip this step if the virtual machine was already powered on.
2. Using the Remote Desktop Connection manager, connect to NYC-DTP-002.

To log on to NYC-DTP-002, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
3. Left-click Start to view the Start Menu applications.

Verify that Microsoft Excel, Outlook and Word are present. However, Microsoft PowerPoint is not.

232
4. Right-click Start > Shut down or sign out > Sign Out.

233
5. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001. Verify if Internet Explorer is
still connected to Platform Layers page on the ELM console.

Note: If the ELM console was previously closed, launch Internet Explorer and browse to
http://192.168.10.76. Login with the following credentials:
• Username: Administrator
• Password: Password1
6. Select the Images menu on the top left.

7. From the Actions menu on the right, select Create Template.

234
8. On the Name and Description page, on the Create Template Wizard type the following information:
Name: Win10 MCS V2
Description: Windows 10 with MS office (Excel, Outlook, Word and PowerPoint)

Select the Windows 10 Icon and click the Down Arrow to continue.
9. On the OS Layer page, select Windows 10 - 1.

235
Click the Down Arrow to continue.
10. On Application Assignment page, select Adobe PDF Reader - 1 and MS Office - 2. Click +, on MS
Office - 2, and verify that Version 2 is selected.

Click the Down Arrow to continue.


11. On the Connector page, select XenServer – NYC-XenServer.
236
Click the Down Arrow to continue.
12. On the Platform Layer, select XenDesktop MCS – 1.

Click the Down Arrow to continue.

237
13. On Layered Image Disk page, verify the following settings:

Layered Image Disk Filename: Win10 MCS V2


Layered Image Disk Size (GB): 70 (Type it manually)
Sysprep: Not Generalized
Elastic Layering: Application Layers Only

Note: The default Layerd Image Disk Size (GB) is 100 GB. You have changed the size to 70 GB to utilize
the disk space more efficiently.

Click the Down Arrow to continue.

Note: You are enabling Elastic Layering in this step because we will use the same template to
demonstrate Elastic Layering in a later exercise.
14. On the Confirm and Complete page, click Create Template.

238
15. Verify that the Win10 MCS V2 template is labelled as Publishable.
Right-click Win10 MCS V2 and select Publish Layered Image.

16. On Confirm and Complete page on Publish Layered Image Wizard, click Publish Layered Image.
17. Validate the task progress.

Click the information icon next to the running task for more details.

239
18. Monitor the task progress and wait for it to complete.

This step may take 10-15 minutes and will create a VM by the name Win10 MCS V2-YYYY-MM-
DD_TIME on your hypervisor. This VM will be later used as a master image for creating a XenDesktop
Catalog.

Click X to close the event information details.


19. Switch to the XenCenter and verify a new Virtual Machine by the name Win10 MCS V2-YYYY-MM-
DD_TIME on your hypervisor.

20. Right-click Win10 MCS V2-YYYY-MM-DD_TIME and select Take a snapshot.

240
21. In the Take Snapshot dialog box, type the following information:
Name: Windows 10 for MCS V2
Description: Windows 10 with Xentools, VDA 7.15, Adobe Acrobat Reader, MS Office 2016 (Excel,
Outlook, PowerPoint, and Word) installed.

Click Take Snapshot.


22. Using the Remote Desktop Connection manager, connect to NYC-XDC-001.

Note: To log into NYC-XDC-001 we use the following credentials:


• Username: WORKSPACELAB\Administrator
• Password: Password1
23. Click Start > Citrix and select Citrix Studio.

Note: Ignore this step if studio is open from previous exercises.


24. Using Studio, click Machine Catalogs on the left-hand side.
25. Right-click on NYC-CAT-DesktopOS-Layering and select Update Machines.

26. On the Master Image page, expand Win10 MCS V2-YYYY-MM-DD_TIME. Select Windows 10 for MCS
V2, which is the Snapshot created previously.

241
Click Next.
27. On the Rollout Strategy page, leave the defaults and click Next.

28. On the Summary Page, click Finish to complete the Machine Catalog update.

242
29. Wait for the Machine Catalog Update to complete.

Note: This process may take 5-10 minutes.


30. Using Studio, right-click the NYC-CAT-DesktopOS-Layering Machine Catalog and select View
Machines.

243
31. Right-click NYC-DTP-002.workspacelab.com and select Restart.

Note: If NYC-DTP-002 was turned off, please select Start to start the machine.

32. From the Actions menu on the right pane, click Refresh.
33. Verify that the machine is successfully Registered after restarting.

244
34. Using the Remote Desktop Connection manager, connect to NYC-DTP-002.

To log on to NYC-DTP-002, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
35. Left-click Start Menu to view the Start Menu applications.

Verify that Microsoft Excel, Outlook, PowerPoint and Word are present.

245
Note: If PowerPoint is not present as an available application, please restart the virtual machine and
test again.
36. On the Student Desktop, switch to XenCenter.
Right-click NYC-ELM-001 VM on the left and select Shutdown.

Note: The NYC-ELM-001 server will no longer be used for the remainder of this lab.
37. In XenCenter, right-click NYC-DTP-002 VM on the left and select Shutdown.

Key Takeaways:
• The summary of this exercise is to update an existing XenApp and XenDesktop Machine Catalogs using
App Layering.
• Updating a Machine Catalog requires that a new Master Image be created. Using App Layering, we were
able to create the updated Master Image by deploying a virtual machine from a new App Layering image
Template.

Self-Paced Bonus Exercise 5-8: Configure the ELM Server


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
246
The WWLabs Lead Citrix Architect has been reading about the Citrix App Layering feature that has been added to
XenApp and XenDesktop recently. He is interested in using App Layering for application packaging and lifecycle
management for the XenApp and XenDesktop environment, because he believes it could make these processes
more efficient, enabling the existing team to manage the expected larger amount of use cases in the future.

The Citrix Architect asks you to integrate the App Layering feature into the development XenApp and XenDesktop
environment so that the Citrix Administrators team can begin to test its functionality. To start the process, you
must install and configure the Enterprise Layer Manager (ELM) on a dedicated virtual machine.

Step Action
1. The following VMs are required before beginning the following exercises; all others may be
powered down.

To power manage your VMs, switch to XenCenter, right-click on the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.

• NYC-ADS-001
• NYC-DTP-004
• NYC-ELM-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-XDC-001
2. To conserve resources, you will need to delete virtual machines previously created in Exercise 5-4
and Exercise 5-7.

On the Student Desktop, switch to XenCenter.


Right-click Win10 MCS-YYYY-MM-DD_TIME virtual machine and select Delete VM…

3. On the Delete VM window, verify that the Win10 MCS-YYYY-MM-DD_TIME and Windows 10 for
MCS check boxes are selected.

Then click Delete.

247
Perform Steps 2 and 3 for any remaining virtual machines created on exercises 5-4 and 5-7.
4. On the Student Desktop, switch to XenCenter.
Right-click NYC-ELM-002 VM on the left pane and select Start.

Note: Ignore this step if machine was already started as per Step 1.
5. Click the Console tab for NYC-ELM-002 Virtual machine and wait for the machine to start.

248
6. Click the Console window and then press Enter. After you type the localhost login, press Enter to
then type in the password.

At the login prompt enter the following information:


• Localhost login: administrator
• Password: Unidesk1

Note: As you type the password, text is not displayed on the screen due to security reasons.
7. On the App layering appliance configuration, type P and then press Enter to change the default
password of the appliance.

Note:
S is used to show the current configuration of the appliance.
C is used to configure the network settings of the appliance.
P is used to change the appliance password.
T is used to change the time zone.
N is used to define the NTP servers.
Q is used to quit and logoff the administrator account.
8. When prompted to enter the new administrator password type Password1 and press Enter.
When prompted to confirm new administrator password type Password1 again and press Enter.

249
Press Enter to continue.
9. On the App layering appliance configuration, type C and then press Enter to configure network
settings for the appliance.
10. Enter the following information to configure the appliance:

(S)tatic or (D)ynamic networking: S and press Enter.


IP Address: 192.168.10.77 and press Enter.
Netmask: 255.255.255.0 and press Enter.
Gateway IP address [optional]: 192.168.10.1 and press Enter.
DNS 1 [optional]: 192.168.10.11 and press Enter.
DNS 2 [optional]: press Enter.
(S)save settings, (R)edo, or (Q)uit: type S and press Enter.

Note: By mistake, if you have entered any of the above details incorrectly, then please press Enter
until you see (S)ave settings, (R)edo, or (Q)uit: option and type Q so as to quit and redo the step
again.
11. Wait for the network services to restart and then press Enter to continue.
12. Type Q and press Enter.
ELM console
13. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1
14. From the taskbar on the NYC-FSR-001 machine, launch Internet Explorer.

To access the NYC-ELM-002 Console open Internet Explorer and browse to


http://192.168.10.77.
15. On the login page for Citrix App Layering, type the following credentials to login:
• Username: administrator
• Password: Unidesk1
250
Click Login.

Note: The command-line administrator account is unrelated to the Management Console


administrator account. They are different records in different authentication systems that happen
to have the same name.
16. On the Citrix License Agreement page, select the check box I accept the Terms and Conditions, and
then click Close.

251
Note: Please ignore if you do not see this page.
17. On the Setup Login Credentials dialog box, review the About Your Credentials page and click the
Down Arrow to continue.

18. On Change Passwords page, type the following information:

Management console administrator:


252
• New Password: Password1
• Confirm Password: Password1

Appliance (ELM) root user


• New Password: Password1
• Confirm Password: Password1

Appliance (ELM) configuration tool:


• New Password: Password1
• Confirm Password: Password1

Click the Down Arrow to continue.


19. On Confirm and Complete page, click Change Credentials.

20. On the Credentials Changed notification, click OK.


21. Click Close on the Welcome to notification.

253
Note: If you see the Upgrade Available prompt saying Version [X.Y.Z] is now available, click Close.

22. Select the System menu on the top.

23. On Systems page, select Settings and Configuration tab.

254
24. On the Setting and Configuration page, scroll down and click Edit for Network File Shares.

25. Type the following information:


• SMB File Share Path: \\nyc-fsr-001.workspacelab.com\AppLayer
• Username: workspacelab.com\Administrator
• Password: Password1

26. Click Test SMB File Share and validate Success message.

Click Save.
255
27. On the Setting and Configuration page, scroll down and click Edit for Security Settings.

28. For Management Console Session Timeout (minutes) box, type 60 and click Save.

29.
30. On the top of the console, select Users, then select the Directory Service tab.

31. From the Actions menu on the right, select Create Directory Junction.

32. On Connections Details page in the Create Directory Junction Dialog box, type the following
information:
• Directory Junction Name: workspacelab
• Server Address: nyc-ads-001.workspacelab.com
• Port: 389

256
33. Click Test Connection to validate the connectivity.

Click the Down Arrow to continue.


34. On the Authentication Details page, enter the following information:
• Bind Distinguished Name: workspacelab\administrator
• Bind Password: Password1
35. Click Test Authentication to verify the credentials and to validate the authentication.

257
Click the Down Arrow to continue.
36. On the Distinguished Name (DN) Details page, type the following details:
Base Distinguished Name: DC=workspacelab,DC=com

Click Test Base DN to verify Base DN is valid and click Down Arrow to continue.
37. Leave defaults on Attribute Mapping page, and click Down Arrow to continue.

258
38. Review the Confirm and Complete page and click Create Directory Junction.

39. Verify if the Directory Junction is created successfully and is reflected under Directory Service page.

Key Takeaways:
• The ELM is an appliance that co-ordinates communication and hosts the Management Console, the
administrator interface for the environment. The ELM also manages copies of all Layers.
259
• The ELM web-based management console runs on the ELM appliance, and allows you to manage the App
Layering components in your environment.
• An SMB file share is used to store copies of the Layers, the path for the share is configured using the ELM
console.
• A directory junction is a connection to a base Distinguished Name in a directory service (such as Microsoft
Active Directory). Adding a Directory Junction to the local tree allows you to assign Administrator
privileges to users that are defined in the directory service instead of in the Unidesk Management
Console.

Self-Paced Bonus Exercise 5-9: Create an OS Layer


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
After installing the ELM appliance and performing the initial configurations, the Citrix Architect asks you to create
an OS Layer-based on a Windows 10 machine in the development environment. This layer will be used as the base
for all Windows 10 templates in the development environment going forward.

Note: It takes some time to create every layer in this module as the machines which gets created by the ELM
during every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at
the end of the operation. The changes are saved on the .vhd file stored on the ELM.

Step Action
1. On the Student Desktop, switch to XenCenter.
Right-click NYC-DTP-004 VM on the left and select Start.

Note: Please ignore if the VM is already powered on.


2. Select the Console tab for NYC-DTP-004.

3. Click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) on the bottom left of the console.


4. Login using the following credentials:
• Username: Admin1
• Password: Password1

260
5. Right-click Start menu and click System.

Verify that the machine is not joined to any domain.

261
Close the System window.

Note: While creating the OS Layer the machine should not be domain joined.
6. Verify that the Citrix XenServer Windows Management Agent is installed already.

Right-click Start and select Apps and Features.

Close the Programs and Features window.

Note: Before creating an OS layer:


262
• Install Windows from ISO
• Install hypervisor tools
• Fully update Windows
7. Right-click Start menu and select Run.

8. Navigate to:
\\nyc-fsr-001.workspacelab.com\resources\AppLayerAgent

Note: If prompted, login using below credentials:


• Username: workspacelab\administrator
• Password: Password1

Click OK to submit the credentials.


9. Select only citrix_app_layering_os_machine_tools_4.5.0 installer file, right-click and select Copy.

10. Click This PC on the left and browse to the C:\ Drive.
11. Right-click and select New > Folder.

263
12. Rename the new folder to Temp.

13. Browse to C:\Temp, right-click and select Paste.


14. Right-click citrix_app_layering_os_machine_tools_4.5.0 and select Run as administrator.

264
15. On the Citrix App Layering Gold Image Tools window, leave the defaults and click Install.

16. Right-click Start menu and select Command Prompt (Admin).


17. In the Command Prompt window, type each of the below commands. Press Enter after each
command.
• cd..
• cd Microsoft.Net\Framework\v4.0.30319

265
• ngen update

Once the above ngen update command is complete, type each of the below commands. Press Enter
after each command.

• cd..\..
• cd Framework64\v4.0.30319
• ngen update

Note: NGEN compiles the .NET assemblies ahead of time so that .NET applications run faster. They run
faster because they do not need to compile the assemblies at run time.

Note: Please ignore if you see any errors as only the available .NET modules will get updated when we
run the above command, and we may see some errors for few modules that are not present.
18. Click X to close the Command Prompt.
19. Browse to location C:\Windows\Setup\Scripts.
20. Right-click SetKMSVersion.hta and select Open.

Note: This will figure out what version of Windows is running and creates a CMD file runipkato.cmd
under the location C:\Windows\Setup\scripts\kmsdir. This will activate the image when booted. ELM
will run this file when it publishes the image. The script installs the KMS Client key and activates it.
21. Confirm that the OS version is found, and then click Save Script.

266
Note: Confirm that it shows as Saved Succeeded after clicking on the Save Script.
22. Click X to close the SetKMSVersion dialog box.
23. Look for Optimize.hta under C:\Windows\Setup\Scripts.
24. Right-click Optimize.hta and select Open to launch.

25. Once the Citrix Optimization Script Builder opens up, clear the Option A that says Check to force GPO
updates.

26. Scroll down to the bottom of Citrix Optimization Script Builder and select Save File.

267
27. On the Citrix Desktop Optimizations Have Been Saved notification, click OK.
28. Click X to close the Citrix Optimization Script Builder window.
29. On File Explorer window, sort the contents of the Scripts folder with Date modified and notice a
newly created optimizations.cmd batch file.

Note: It is better to run the optimizations file on the App Layer instead of gold image or OS Layer, as it
is hard to undo any tasks performed by running this file. If we use it on an App Layer, we can always
just create a new layer with different settings.
30. On XenCenter, in left pane, right-click the virtual machine NYC-DTP-004 and then select Take a
Snapshot.

268
31. In the Take Snapshot dialog box, type the following information:
Name: OS Layer Snapshot
Description: Base Snapshot

Click Take Snapshot.

Note: It is recommended to take a snapshot before installing the Citrix App Layering Image
Preparation Utility.
32. Confirm that you are still in XenCenter, with NYC-DTP-004 selected, on the Console tab, with File
Explorer open and browse to C:\Windows\Setup\Scripts.
33. On the File Explorer window, sort the contents of the Scripts folder with Name, and scroll down to
setup_x64.exe, right-click and select Run as administrator.

269
34. On the Citrix App Layering Image Preparation Utility window, click Next for Automatic Updates.

35. On the Citrix App Layering Image Preparation Utility window, click Next.

270
36. On Specify your answer file page, leave the defaults and click Next.

37. Click Finish to exit the installer.

271
38. Close File Explorer.
39. To Shut down, right-click Start menu > Shut down or sign out > Shut down.
40. Using the Remote Desktop Connection manager, connect to NYC-FSR-001.

To log on to NYC-FSR-001, right-click this machine and choose Connect Server.

Note: The following credentials are used to make the connection:


• Username: WORKSPACELAB\Administrator
• Password: Password1.
41. Launch Internet Explorer on the NYC-FSR-001 machine and validate that you are still connected to
ELM.

Note: If logged out, connect with below credentials:


• Username: Administrator
• Password: Password1

Note: Close the Welcome page if seen.


42. Select the Layer menu on the top left and then select the OS Layers tab.

43. From the Actions menu on the right pane, select Create OS Layer.

272
44. On the Layer Details page in the Create OS Layer Wizard, type the following information:

• Layer Name: Windows 10


• Layer Description: OS Layer
• Version: 1
• Version Description: Windows 10 with XenTools
• Max Layer Size (GB): 30

Click the Down Arrow to continue.

273
Note: For version name, it is good to use a combination of number and date like 1.0 6-24-2017, so that
in later stage, when we add a new version, we can make it like 1.1 7-21-2017.
45. On Connector page, click New.

46. On the Choose a Connector Type window, select XenServer from the Type drop-down menu.

Select New.

Note: You will be redirected to a new tab to mention XenServer details.

Note: If the new tab shows an error: This page cannot be displayed, then reboot the NYC-ELM-002
appliance on XenServer and re-do the steps for this exercise. While rebooting NYC-ELM-002 VM, if it
takes longer time or gets stuck, then right-click this VM and select Force Reboot.

Note: On the new tab, click Continue to this website (Not Recommended) to ignore the certificate
warning, if warning appears.
47. On the XenServer Connector page, enter the following information:
Config Name: NYC-XenServer
274
For XenServer Configuration, type the following details:
XenServer address: <XenServer IP Address>

Note: Use the IP address of Private bond0 network of the XenServer host for this Connector. Switch
back to XenCenter and select the XenServer Host and then click the Networking tab on the middle
pane. You will see the Private bond0 IP here which has to be used.

User Name: root


Password: <XenServer credentials password>
Use Secured Communications: Clear the check box

275
Click CHECK CREDENTIALS and validate username and password is validated.

Note: To locate your XenServer connection resource details, minimize the lab environment and return
to Training.Citrix.Com (TCC) and click on the Launch button for the labs, which launches a small
window with some connection details.
You may have to log back in with the MyCitrix credentials used to register for this course.
48. For Virtual Machine Clone Settings, select the following information from drop-down:

• Virtual Machine Template: NYC-DTP-TMP


• Storage Repository: Local Storage
• Layer Disk Cache Size in GB: <Leave Blank>
• Use HTTPS for File Transfers: Clear the check box

276
Click TEST to validate the settings.

277
49. Click SAVE, and then click CLOSE.
50. On the Connector page in Create OS Layer Wizard, select XenServer – NYC- XenServer.

278
Click the Down Arrow to continue.
51. On the OS Disk Details page, click Select Virtual Machine.

Note: You will be redirected to a new tab to select the virtual machine to use for importing OS.
52. On the Specify the virtual machine to use for OS import by typing in the name or selecting it from the
list of suggested matches, click on the space below the Virtual Machine and it will give a drop-down
menu.
279
53. From the drop-down menu, select the virtual machine NYC-DTP-004.

54. Click OK at the bottom of the page.

Note: Verify that the virtual machine NYC-DTP-004 is shut down. If the machine is Powered ON, then
you will see an error like below:

55. This will return back to the Create OS Layer Wizard page, verify if the OS Machine Name and the OS
Disk Size (MB) are populated with the details as below:

Click the Down Arrow to continue.


56. On the Icon Assignment page, select Windows 10 and click the Down Arrow to continue.

280
57. On the Confirm and Complete page, click on Create Layer.

58. Validate the task progress.

On the task section at the bottom of the window, click the Up Arrow to pull the event viewer.

281
59. Click the information icon next to the running task, or double-click anywhere in the task line for more
details.

60. Monitor the task progress and wait for it to complete.


282
This step may take 10-15 minutes.
61. Validate the status changes to Done, after the OS disk is imported.

Click X to close the task details pane.


62. Verify the Windows 10 icon is now labelled as Deployable.

283
Key Takeaways:
• The summary of this exercise is to create an OS Layer, which can be used along with App Layers to create
layered image templates. The template is then used to create a layered image, which can be used for
creating a XenDesktop Machine Catalog.
• The machine used to create an OS Layer should not be joined to a domain, should have Windows, all
applicable Windows updates, and hypervisor tools installed.
• The Citrix App Layering Gold Image Tools utility contains optimization scripts, and an App Layering Image
Preparation Utility for the operating system of the machine used to create the OS Layer.

Self-Paced Bonus Exercise 5-10: Create a Platform Layer


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
After the OS Layer has been created, you can proceed to create a Platform Layer so that the Layers can be
integrated with your XenApp and XenDesktop environment. The Citrix Architect explains that this layer will contain
the VDA installation as well as joining the machine to the workspacelab.com domain so that it can serve as a
template for a Machine Creation Services (MCS) catalog within XenApp and XenDesktop.

Note: It takes some time to create every layer in this module as the machines which gets created by the ELM
during every layer operation is all managed by ELM itself, and the same machine is also destroyed by the ELM at
the end of the operation. The changes are saved on the .vhd file stored on the ELM.

Step Action

284
1. Verify you are still connected to the NYC-ELM-002 page using Internet Explorer on the NYC-FSR-001
machine.

Note: If logged out, connect with below credentials:


• Username: Administrator
• Password: Password1
2. From the Layers menu on the top left, select the Platform Layers tab.

3. From the Actions menu on the right, select Create Platform Layer.

4. On the Layer Details page in the Create Platform Layer Wizard, type the following information:

• Layer Name: XenDesktop MCS


• Layer Description: For XenDesktop MCS
• Version: 1
• Version Description: To join domain and install VDA
• Max Layer Size (GB): 5

285
Click the Down Arrow to continue.

Note: For version name, it is good to use a combination of number and date like 1.0 6-24-2017 so
that in later stage when we add a new version we can make it like 1.1 7-21-2017.

Note: Give a proper size for the Max Layer Size as the Layers are captured at a block level and use
more storage then you expect.
5. On the OS Layer page in Create Platform Layer Wizard, validate Windows 10-1 is selected.

Click the Down Arrow to continue.


286
6. On the Connector page in Create Platform Layer Wizard, select XenServer-NYC-XenServer.

Click the Down Arrow to continue.


7. On Platform Types page, select This platform layer will be used for publishing Layered Images and
select the following options from the drop-down menus:

Hypervisor: Citrix XenServer


Provisioning Service: Citrix MCS
Connection Broker: Citrix XenDesktop

Click the Down Arrow to continue.


8. On the Packaging Disk page, leave defaults and click the Down Arrow to continue.

287
9. On the Icon Assignment page, select Windows 10 and click the Down Arrow to continue.

10. On the Confirm and Complete page, review the settings and click Create Layer.

288
11. Validate the task progress.

12. Click the information icon next to the running task for more details. Monitor the task progress and
wait for it to complete.

Note: This step may take approximately 10-15 minutes.

289
13. Wait for the status to change to Action Required.

Note: At this time the Platform Layer Icon: XenDesktop MCS is in Editing state.
14. Switch to the XenCenter on Student Desktop and you will see a new Virtual Machine created with a
name that looks like XenDesktop MCS-YYYY-MM-DD_Time. Select the new VM in XenCenter.

15. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1

Note: Please wait for the updates to finish if they are in progress, and then logon.
16. Right-click Start menu and click System.

290
17. In the Settings > About window scroll down to Related Settings and click System Info.

18. In the Systems window, verify that the machine is not joined to a domain. Rather, it is a part of a
workgroup.

291
Click Change settings in the System window.

19. In the System Properties dialog box, click Change.

20. In the Computer Name/Domain Changes dialog box, select the Domain radio button and type
workspacelab.com.

292
Click OK.
21. In Windows Security dialog box, type the following credentials:
• Username: administrator
• Password: Password1

Click OK.
22. On the Computer Name/Domain Changes notification window, click OK.

On the restart notification, click OK again.


Click Close on System Properties dialog box.
23. Click Restart Now on Microsoft Windows notification to reboot the virtual machine.

293
24. Wait for the Virtual Machine to reboot.
In the Console tab click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials
by choosing Other user:
• Username: workspacelab\Administrator
• Password: Password1

Note: It might take few minutes to login, while the desktop is configured. You can use both Domain
Administrator as well as local administrator. By logging in as local administrator, you do not create
the domain user profile on the layer. The installation works fine as local administrator.
25. Right-click Start menu and click System.

26. In the Settings > About window scroll down to Related Settings and click System Info.

294
27. Verify that the machine is joined to the workspacelab.com domain and Windows is activated.

Close the System window.

Note: This machine will be used as a Master to create a Machine Catalog. To enable all machines in
this Machine Catalog to join the domain, we have to ensure that this Master is already joined to the

295
domain. We configure the registry the way it needs to be when we use it in MCS, the registry
changes will stick.
28. Now that we have verified configurations for this VM, we will install the Virtual Delivery Agent so
that it can communicate and register with the Delivery Controller.

Using XenCenter to mount the XenApp and XenDesktop installation media ISO to this machine.

To mount the installation media ISO, select XenDesktop MCS-YYYY-MM-DD in the left pane of the
XenCenter. In the right pane, select the Console tab. Using the DVD Drive 1: drop-down menu and
select XenApp_and_XenDesktop_7_15_1000.iso.

Note: If there are no ISOs listed in the DVD Drive 1: drop-down menu, then the Local ISO Storage
Repository (SR) that contains the ISO library may need to be re-scanned. In the left pane of
XenCenter select the Local ISO SR XS. In the right pane select the Storage tab and click on the Rescan
button.

Note: If the above rescan of the Local ISO SR XS does not show the specific ISO for installation:
XenApp_and_XenDesktop_7_15_1000.iso, then please tell your instructor.
29. Right-click Start Menu and launch the File Explorer application. On the left pane, click This PC and
double-click the green Citrix logo next to CD drive under Devices and Drives.

Note: By default, when opening File Explorer on Windows 10, Quick access is selected.

296
Note: If the above screen does not launch from double-clicking the green Citrix logo next to CD drive
under Devices and Drives, then double-click on the AutoSelect.exe file.
30. On the Deliver applications and desktops to any user, anywhere, on any device screen, click Start
next to the XenDesktop option.

Note: XenApp and XenDesktop share infrastructure components. Choosing to click on the Start
option for XenApp will present the same components for install. The difference is in the title at the
top of the next screen.
31. The wizard will now display all possible installation options that are compatible with the Operating
System of the machine that you are on. Select Virtual Delivery Agent for Windows Desktop OS.

297
Note: Click Yes, if you are prompted with User Access Control screen.
32. Verify Create a Master Image is selected and click Next.

Note: Master is a term used to reference a machine that will be used as a base to create other
machines nearly identical to the Master. You will be tasked to use this Master machine in a future
exercise for this type of machine creation.
33. On the HDX 3D Pro page, leave the default No, install VDA in standard mode, and click Next.
298
Note: HDX 3D Pro optimizes the performance of graphics-intensive programs and media-rich
applications. The XenServer hypervisor host used in this environment does not have the hardware
requirements for 3D graphics.
34. On the Core Components page, the Virtual Delivery Agent is marked as Required. This is the software
that was chosen from the main XenDesktop installer menu. Click Next to continue the Virtual
Delivery Agent installation wizard.

299
Note: You could choose to de-select Citrix Receiver here, but for this lab we are installing it on the
VDA.
35. On Additional Components screen, clear Citrix Personalization for App-V-VDA, Citrix Appdisk /
Personal disk and select the rest of the components. Click Next.

36. On the Delivery Controller page, under Configuration confirm the drop-down menu is set to Do it
manually.

300
In the Controller address box, enter NYC-XDC-001.workspacelab.com.

Click Test connection. If the test is successful, as indicated by a green check mark to the right of the
controller address box, click Add.

Click Next to continue the Virtual Delivery Agent installation wizard.

Note: This Controller address step in the Virtual Delivery Agent (VDA) installation wizard saves the
Controller address into the registry of the Master that we are installing the VDA on. This is important,
because as mentioned above, all machines created from this Master will be nearly identical, which
means all machines will have the same registry entry that can be used by the VDA to register with
and find the Controller.
37. On the Features page, verify that the following four options are selected, if not then select the below
options:
• Optimize performance
• Use Windows Remote Assistance
• Use Real-Time Audio Transport for audio
• Framehawk

301
Click Next to continue the Virtual Delivery Agent installation wizard.
38. On the Firewall page, verify the Automatically option is selected for configuring the firewall rules.
Click Next.

Note: If the Automatically option is greyed out, then please cancel the wizard, log off and log back in
as Workspacelab\administrator as mentioned in Step 27.
39. On the Summary page, review and confirm the configurations.

302
Click Install. The installation will take a few minutes.
40. After install, on the call home screen, select I do not want to participate in Call Home and click Next.

41. When the installation is complete, verify that the Restart machine option is selected and click Finish.
Wait as the VM reboots.

42. Wait for the Virtual Machine to reboot.


In the Console tab, click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Workspacelab\Administrator
• Password: Password1
43. Using XenCenter eject the XenApp and XenDesktop installation media.
303
To eject the installation media ISO, select XenDesktop MCS-YYYY-MM-DD in the left pane of
XenCenter. In the right pane, select the Console tab and click Eject to remove
XenApp_and_XenDesktop_7_15_1000.iso from the DVD Drive 1.

Note: The Eject option can be difficult to see. It is an underlined word to the right side of the DVD
Drive 1 drop-down menu.
44. On the Add Account window for Citrix Receiver, select Do not show this window automatically at
logon and click Close.

Note: Please ignore this step if you do not see this Citrix Receiver prompt.
45. Left-click Start menu and type CMD.

46. Under Best Match, right-click the Command Prompt and select Run as administrator.

304
47. In the Command Prompt, type the below command:
gpupdate /force

Note: Please wait for the command to run completely and then proceed with the next step.

Note: We do a group policy update in this step as we uncheck the option Check to force GPO updates
during the machine build in the Citrix Optimization Script Builder on the OS Layer. It also helps to
avoid any OS rearm issues while creating machines using XenDesktop Machine Catalog in the
upcoming exercise.
48. Close the Command Prompt window.
49. Double-click the Shutdown For Finalize icon on the desktop.

Note: Click Yes, if you are prompted with User Access Control screen.
50. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001. Verify if Internet Explorer
is still connected to Platform Layers page on the ELM console.

305
Note: If the ELM console was previously closed, launch Internet Explorer and browse to:
http://192.168.10.77

Login with the following credentials:


• Username: Administrator
• Password: Password1
51. Right-click XenDesktop MCS and select Finalize.

52. On the Finalize Layer Wizard, click Finalize.

306
53. Validate the task progress.

On the task section at the bottom of the window, click the Up Arrow to pull the event viewer.

54. Click the information icon next to the running task for more details.

55. Monitor the task progress and wait for it to complete.

Note: This step may take 5-10 minutes.

Click X to close the event information details.


56. Validate that the status of the Platform layer now shows as Deployable.

307
Note: Once the Platform layer is finalized, the Virtual Machine created on hypervisor is destroyed
and the layer is saved in the ELM. You can monitor the space available on the ELM from System >
Manage Appliance.

Key Takeaways:
• The summary of this exercise is to join the machine to the domain and to install the VDA component, so
as create a platform layer which can be used for XenDesktop.
• The App Layering management console is used to begin the process of creating a Platform Layer. In this
stage, the OS Layer that was previously created is selected as the base for the Platform Layer.
• Connectors are the interfaces to host environments where layers are created and images are published.
For example, in this exercise a XenServer Connector was created. The type of platform connector
determines the information required to create a specific Connector Configuration.
• The Connector can create a temporary packaging machine based on the selected OS Layer to use for the
Platform Layer configurations.
• To integrate with XenApp and XenDesktop, a Platform layer should be created with the VDA installation
and membership in the Active Directory domain where the XenApp and XenDesktop environment is
located. These settings would be applicable to all machines within a Machine Catalog.
• After all needed changes are completed, the temporary packaging machine is shut down, and the layer
creation process is finalized. Once the Platform layer is completed and deployable, the packaging machine
is destroyed and the layer is saved in the ELM. You can monitor the space available on the ELM from
System>Manage Appliance.

308
Self-Paced Bonus Exercise 5-11: Create an App Layer with
WinSCP
Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
The Citrix Architect asks you to create an App Layer containing WinScp, which will become one of the most
important App Layers, since it is required by a large number of users within WWLabs. The OS Layer created in the
previous steps should be used to create this Layer.

Note: It takes some time to create every layer in this module as the machines which gets created by the ELM
during every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at
the end of the operation. The changes are saved on the .vhd file stored on the ELM.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.

Note: If logged out, connect with below credentials:


• Username: Administrator
• Password: Password1
2. From the Layers menu on the top left, select the App Layers tab.

3. From the Actions menu on the right, select Create App Layer.

309
4. On the Layer Details page in the Create App Layer Wizard, type the following information:

• Layer Name: WinScp


• Layer Description: WinScp
• Version: 1
• Version Description: WinScp
• Max Layer Size (GB): 2

310
Click the Down Arrow to continue.

Note: For version name, it is good to use a combination of number and date like 1.0 6-24-2017. So
that in later stage, when we add a new version, we can make it like 1.1 7-21-2017.
5. On OS layer page, verify Windows 10 – 1 is selected.

Click the Down Arrow to continue.


6. On Prerequisite Layers, leave defaults.

311
Click the Down Arrow to continue.
7. On the Connector page, select XenServer – NYC-XenServer.

Click the Down Arrow to continue.


8. On the Platform Layer, leave the defaults.

312
Click the Down Arrow to continue.
9. Verify the Packaging Disk Filename is WinSCP.

Click the Down Arrow to continue.


10. On Icon Assignment page, select Windows 10.

313
Click the Down Arrow to continue.
11. On the Confirm and Complete page, review the settings and click Create Layer.

Note: When you have completed the Layer wizard, ELM creates a Packaging Machine in your
environment in the location defined in the Connector Configuration. The Packaging Machine is a
virtual machine where you install the software to be included in the layer. The Packaging Machine is a
temporary VM that will be deleted once the new Platform Layer has been finalized.
12. In the Tasks menu at the bottom monitor the state of the currently running task. Click information
icon for more details.

314
13. Monitor the task progress and wait for the status to change to Action Required.

Click X to close the event information details.

Note: This step may take around 10-15 minutes to complete.


14. Switch to the XenCenter on Student Desktop and select the newly created Virtual Machine by the
name of WinSCP-YYYY-MM-DD_Time.

15. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1
16. Right-click the Start menu, select Run.
17. Type \\nyc-fsr-001.workspacelab.com\resources\ and click OK.

18. Scroll down and select WinSCP-5.11.1-Setup.exe.


315
Right-click and select Copy.

19. Click This PC on the left and browse to the C:\temp, right-click and select Paste.
20. Right-click WinSCP-5.11.1-Setup.exe and select Run as administrator.
21. On the License Agreement Page, click Accept >.

22. On the Setup Type page, click Next.

316
23. On the Initial User Settings page, click Next.

24. On the Ready to Install page, click Install.

317
25. On the Completing the WinSCP Setup Wizard, clear Launch WinSCP and clear Open Getting started
page.

Click Finish.

26. Right-click Start menu > Shut down or sign out > Restart.

318
Note: Reboot is required when we install software on any of the layers, Shutdown for Finalize option
may fail if not rebooted.
27. On the Console tab click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
• Password: Password1
28. Double-click Shutdown For Finalize icon on the desktop.

29. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001. Verify if Internet Explorer is
still connected to App Layers page on the NYC-ELM-002 console.

Note: If the ELM console was previously closed, launch Internet Explorer and browse to
http://192.168.10.77. Login with the following credentials:
• Username: Administrator
• Password: Password1
30. Right-click WinSCP and select Finalize.

319
31. On the Script Path page in Finalize Layer Wizard, click the Down Arrow.

32. On the Confirm and Complete page, click Finalize.

320
33. Validate the task progress.
Click the information icon next to the running task for more details.

34. Monitor the task progress and wait for it to complete.

Note: This step may take 4-5 minutes.

Click X to close the event information details.


35. Validate that the status of the App Layer now shows as Deployable.

321
Note: You can monitor the space available on the ELM from System > Manage Appliance.

Key Takeaways:
• The summary of this exercise is to create an App Layer which has WinSCP in it. OS and App Layer has to be
selected while creating a template, which can be used to create the master machine for XenDesktop site.
• The process of creating an App Layer is similar to that of creating a Platform Layer. Note that the Platform
Layer that was created in the previous exercise is not required to create an App Layer, as long as the
application(s) being installed do not require any components that are only present within the Platform
Layer.

Self-Paced Bonus Exercise 5-12: Create an App Layer with


NotePad++
Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
Now that the first App Layer has been successfully created, you are asked to create an additional App Layer for
NotePad++. The Citrix Architect informs you that he would like you to eventually test this Layer with the Elastic
Layering feature to provide the app as a desktop shortcut for a customizable subset of users.

Note: It takes some time to create every layer in this module as the machines which gets created by the ELM
during every layer operation is all managed by ELM itself and the same machine is also destroyed by the ELM at
the end of the operation and the changes are saved on the .vhd file stored on the ELM.

Step Action
1. Verify you are still connected to the NYC-ELM-002 page using Internet Explorer on the NYC-FSR-001
machine.
2. From the Layers menu on the top left, select the App Layers tab.

322
3. From the Actions menu on the right, select Create App Layer.

4. On the Layer Details page in the Create App Layer Wizard type the following information:
• Layer Name: NotePad++
• Layer Description: NotePad++
• Version: 1
• Version Description: NotePad++
• Max Layer Size (GB): 2

323
Click the Down Arrow to continue.
5. On OS layer page, verify Windows 10 – 1 is selected.

Click the Down Arrow to continue.


6. On Prerequisite Layers, leave defaults.

324
Click the Down Arrow to continue.
7. On the Connector page, select XenServer – NYC-XenServer.

Click the Down Arrow to continue.


8. On the Platform Layer, leave the defaults.

325
Click the Down Arrow to continue.
9. Verify that the Packaging Disk Filename is NotePad++.

Click the Down Arrow to continue.


10. On Icon Assignment page, select Windows 10.

326
Click the Down Arrow to continue.
11. On the Confirm and Complete page, review the settings and click Create Layer.

Note: When you have completed the Layer wizard, ELM creates a Packaging Machine in your
environment, in the location defined in the Connector Configuration. The Packaging Machine is a
virtual machine where you install the software to be included in the layer. The Packaging Machine is a
temporary VM that will be deleted once the new Platform Layer has been finalized.
327
12. In the Tasks menu at the bottom monitor the state of the currently running task. Click information
icon for more details.

13. Monitor the task progress and wait for the status to change to Action Required.

Click X to close the event information details.

Note: This step may take around 5-10 minutes to complete.


14. Switch to the XenCenter on Student Desktop and select the newly created virtual machine by the
name of NotePad++-YYYY-MM-DD_Time.

15. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1
16. Browse to \\nyc-fsr-001.workspacelab.com\resources\.
17. Scroll down and select npp.7.3.Installer.exe for notepad ++.
Right-click and select Copy.

328
18. Click This PC on the left and browse to the C:\temp, right-click and select Paste.
19. Right-click npp.7.3.Installer.exe and select Run as administrator.
20. On the Installer Language window, click OK.

Click Next on Welcome to Notepad++ v7.3 Setup window.

329
21. Review the License Agreement page and if you agree then, click I Agree.

22. On Choose Install Location page, leave defaults and click Next.

330
23. On Choose Components page, clear Auto-Updater check box and click Next.

24. On the Choose Components page, leave defaults and click Install.

331
25. Clear Run Notepad++ v7.3 check box.

Click Finish.

Close the File Explorer window.


26. Right-click Start > Shut down or sign out > Restart.

332
27. On the Console tab click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
• Password: Password1
28. Double-click Shutdown For Finalize icon on the desktop.

Note: Click Yes, if you are prompted with User Access Control screen.
29. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001. Verify if Internet Explorer is
still connected to App Layers page on the NYC-ELM-002 console.

Note: If the ELM console was previously closed, launch Internet Explorer and browse to
http://192.168.10.77. Login with the following credentials:
• Username: Administrator
• Password: Password1
30. Right-click NotePad++ and select Finalize.

333
31. On the Script Path page in Finalize Layer Wizard, click the Down Arrow.

32. On the Confirm and Complete page, click Finalize.

334
33. Validate the task progress.
Click the information icon next to the running task for more details.

34. Monitor the task progress and wait for it to complete.

This step may take 3-4 minutes.


After the status shows Done, click X to close the event information details.
35. Validate that the status of the App Layer now shows as Deployable.

335
Note: You can monitor the space available on the ELM from System > Manage Appliance.

Key Takeaways:
• The summary of this exercise is to create an App Layer, which has NotePad++ in it. OS and App Layer has
to be selected while creating a template, which can be used to create the master machine for XenDesktop
site.
• Multiple App Layers can be created from the same OS Layer. These Layers can be updated independently,
and can be mixed and matched to create unique images that met specific use cases.

Self-Paced Bonus Exercise 5-13: Create a Template.


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
All of the required Layers have been created. To proceed with integrating the Layers with the XenApp and
XenDesktop environment, you must create a layered image template that can be used to provision machines using
Machine Creation Services (MCS). The Citrix Architect asks you to ensure that the layered image template includes
the OS Layer, the Platform Layer, and the WinSCP App Layer.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.
2. Select the Images menu on the top left.

336
3. From the Actions menu on the right, select Create Template.

4. On the Name and Description page, on the Create Template Wizard type the following information:

Name: Windows10 MCS


Description: Windows 10 with WinSCP

Select the Windows 10 icon and click the Down Arrow to continue.
5. On the OS Layer page, verify that Windows 10 – 1 is selected.

337
Click the Down Arrow to continue.
6. On Application Assignment page, select WinSCP.

Click the Down Arrow to continue.


7. On the Connector page, select XenServer – NYC-XenServer.

338
Click the Down Arrow to continue.
8. On the Platform Layer, select XenDesktop MCS – 1.

Click the Down Arrow to continue.

339
9. On Layered Image Disk page, verify the following settings:

• Layered Image Disk Filename: Windows 10 MCS


• Layered Image Disk Size (GB): 60 (Type it manually)
• Sysprep: Not Generalized
• Elastic Layering: Application Layers Only

Note: The default Layerd Image Disk Size (GB) is 100 GB. You have changed the size to 60 GB to utilize
the disk space more efficiently.

Click the Down Arrow to continue.

Note: You are enabling Elastic Layering on this step because you will be using the same template to
demonstrate Elastic Layering in a later exercise.
10. On the Confirm and Complete page, click Create Template.

340
11. Verify the Win10 MCS template is labelled as Publishable.
Right-click Windows10 MCS and select Publish Layered Image.

12. On Confirm and Complete page on Publish Layered Image Wizard, click Publish Layered Image.

341
13. Validate the task progress.
Click the information icon next to the running task for more details.

14. Monitor the task progress and wait for it to complete.

This step may take 10-15 minutes and create a VM by the name Windows10 MCS-YYYY-MM-
DD_TIME on your hypervisor. This VM will be later used as a master image for creating a XenDesktop
Catalog.

342
Click X to close the event information details.

Note: A Layered Image is a virtual machine that Unidesk has composited from the Layers and settings
specified in an Image Template. You can publish one or more Layered Images to Citrix MCS in your
XenServer environment and add it to a catalog for provisioning systems.
15. Review the Layer Assignment under the Properties of the template and verify the following layers are
listed:
• XenDesktop MCS
• WinSCP
• Windows 10

Click X to close the window.


16. Switch to the XenCenter and verify a new Virtual Machine by the name Windows10 MCS-YYYY-MM-
DD_TIME on your hypervisor.

17. Right-click Windows10 MCS-YYYY-MM-DD_TIME and select Take a Snapshot.

343
18. In the Take Snapshot dialog box, type the following information:

Name: Windows 10 for MCS


Description: Windows 10 with Xentools, VDA 7.15 and WinSCP installed.

Click Take Snapshot.

Key Takeaways:
• The summary of this exercise is to create a template/layered image, which can be used to create the
master machine on the hypervisor. This machine can be used by XenDesktop to create a Machine Catalog.
• The template creation process is initiated from the App Layering management console, where the OS
Layer, Platform Layer, and any required App Layers are selected to be part of the template.
• The ELM uses this configuration information to create a Layered Image, which is a virtual machine that is
composited from the Layers and settings specified in an Image Template.
• You can integrate one or more Layered Images to Citrix XenApp and XenDesktop environment by
accessing them in the hypervisor used for the deployment and creating a virtual machine template from
it.

344
Self-Paced Bonus Exercise 5-14: Create a Machine Catalog.
Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
With a virtual machine template in place on the XenServer host, the Citrix Architect asks you to create a new
machine catalog within the development XenApp and XenDesktop Site, and provision a new VDA machine to it
based on the Layered Image template. You should confirm that the new VDA was created successfully and has
registered to a Delivery Controller.

Step Action
1. Using the Remote Desktop Connection manager, connect to NYC-XDC-001.

Note: To log into NYC-XDC-001 we use the following credentials:


• Username: WORKSPACELAB\Administrator
• Password: Password1
2. Using Studio, right-click Machine Catalogs and select Create Machine Catalog.

3. On the Introduction page, click Next to continue the Machine Catalog creation wizard.
4. On the Operating System page, select Desktop OS and click Next to continue the Machine Catalog
creation wizard.

345
Note: When selecting an operating system for the Machine Catalog we have three options:
• Server OS: The Server OS Machine Catalog provides hosted shared desktops for a large-scale
deployment of standardized Windows Server OS or Linux OS machines.
• Desktop OS: The Desktop OS Machine Catalog provides VDI desktops ideal for a variety of
different users.
• Remote PC Access: The Remote PC Access Machine Catalog provides users with remote
access to their physical office desktops, allowing them to work at any time.
5. On the Machine Management page, verify that the following options are selected:
• Machines that are power managed (for example, virtual machines or blade PCs)
• Citrix Machine Creation Services (MCS)

Click Next to continue the Machine Catalog creation wizard.

346
Note: Indicate which tool you will use to deploy machines:
• Citrix Machine Creation Services (MCS) – Uses a master image or template to create and
manage virtual machines.
o MCS is not available for physical machines.
o Machine Catalogs in cloud environments use MCS.
• Citrix Provisioning Services (PVS) – Manages target devices as a device collection. A
Provisioning Services vDisk imaged from a master target device delivers desktops and
applications.
• Another service or technology – A tool that manages machines already in the data center.
Citrix recommends you use Microsoft System Center Configuration Manager or another
third-party application to ensure that the machines in the catalog are consistent.
6. On the Desktop Experience page, select I want users to connect to a new (random) desktop each
time they log on radio button.

Click Next to continue with Machine Catalog creation.

347
Note: Unlike Server OS catalog we get multiple options to select how the desktops are handed out
with desktop OS Catalog:
• Random: A new machine is given to the user every time a connection is made from the pool
of available machines and changes done by the user are lost on reboot.
• Static: Machine is assigned to the user who logs on first on the machine. Changes are saved
depending on the option selected:
o Personal vDisk: Changes are saved on the additional disk that is attached to each
VM, when we create the catalog. Changes stored in the Personal vDisk are not
erased.
o Dedicated: Changes are saved on the differential disk and are not lost on reboots.
o Pooled Static: Changes are not saved after a reboot, but user gets the same
machine every time since the Static type is selected.
7. On the Master Image page, expand Windows10 MCS-YYYY-MM-DD_TIME. Select Windows 10 for
MCS, which is the Snapshot created in the previous exercise.

Verify that 7.9 (or newer recommended, to access the latest features) is selected.

Click Next to continue the Machine Catalog creation wizard.

348
Note: MCS supports the use of both a virtual machine or a virtual machine’s Snapshot to be used as
the master machine or image to create the Machine Catalog. When using a Snapshot as the master
image, you should consider naming the Snapshot, because when the MCS process runs a snapshot is
created by Studio and a name is assigned that you cannot change.
8. On the Virtual Machines page, enter the following configuration values:
• How many virtual machines do you want to create? 1
• Total memory (MB) on each machine: 2048
• Memory allocated to cache(MB): 256
• Disk cache size(GB): 10

Click Next to continue the Machine Catalog creation wizard.

349
Note: Make sure to have enough resources on the hypervisor. If required Shut down the machines
which are not required for this exercise.
9. On the Computer Accounts page, verify the Create new Active Directory accounts radio button is
selected.

In the drop-down next to Domain for the Active Directory location for computer accounts, make sure
workspacelab.com is selected.

Using the arrows, expand Citrix > New York > VDA > Desktops.

Select the Desktops Organizational Unit (OU).

Note: The Desktops OU is the WW Labs location designated for machines running the Virtual Delivery
Agent (VDA), used to host user desktop OS desktop resources.

In the Account naming scheme, enter NYC-DTP-###.

Verify that 0-9 is selected from the drop-down menu to the right of the naming scheme.

350
Note: If this wizard was used to create machines on an existing naming convention, then the resultant
machines from this Machine Creation Services (MCS) process would increment to the next numerical
sequence numbers available.

Click Next to continue with Machine Catalog creation.


10. On the Summary page, review configurations and enter the following information:
• Machine Catalog name: NYC-CAT-DesktopOS-Layering-V2
• Machine Catalog description for administrators: Created from Published Layered Image:
Windows10 MCS

351
Click Finish.

Note: Clicking Finish begins the MCS process in which a combination of the parameters specified in
this Machine Catalog creation wizard and the parameters of the XenApp and XenDesktop Site are
used to create complete virtual machines from the Master machine specified earlier in said wizard.
Each virtual machine created is built into a Machine Catalog, visible from Studio. Each virtual machine
created has a nearly identical build to its Master machine, with a unique SID, machine account in
Active Directory, unique MAC, and using the DHCP scope we verified in an earlier exercise so these
virtual machines have a unique IP address.

Note: With the XenServer resources allocated to this XenApp and XenDesktop POC project by the
Citrix Lead Architect, we can expect this MCS process to take an estimated 5 -10 minutes to complete.
11. Verify that the MCS process has completed. Using Studio validate that the Machine Catalog was
created.

Click Machine Catalogs in the left pane of Studio and view the NYC-CAT-DesktopOS-Layering-V2
Machine Catalog in the middle pane.

352
12. Verify that the expected virtual machine specified to be created by MCS has been successfully created
and added to the NYC-CAT-W10-DesktopOS Machine Catalog.

Using Studio, right-click the NYC-CAT-DesktopOS-Layering-V2 Machine Catalog, and select View
Machines.

Verify that NYC-DTP-003.workspacelab.com displays.

13. Right-click NYC-DTP-003 workspacelab.com and select Start.

353
Click Yes on the power on notification.

Note: Connect to XenCenter to monitor the machine, until it is powered on. It will take some time to
machine to get completely ready.
14. From the Actions menu on the right pane, click Refresh.

15. Verify that the machine is successfully Registered.

Note: It will take some time for machine to show registered in the console.

Key Takeaways:
• The summary of this exercise is to create a XenDesktop Machine Catalog using the master machine
created with the help of layering concept using the ELM; thereby creating machines using MCS
technology.
354
• The process to provision new machines using MCS is same as before because the App Layering process
was completed prior to creating the virtual machine template. The template serves as one of the
integration points between App Layering and the XenApp and XenDesktop environment.

Self-Paced Bonus Exercise 5-15: Create an Elastic Layer


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
After the new App Layer-based machine catalog has been created, the Citrix Architect asks you to create a
temporary Proof of Concept implementation of the Elastic Layering feature. He would like the NotePad++
application to be available to the HR user group so that they edit text files within their hosted desktops. However,
other user groups should not have access to NotePad++ application. The App Layer that was previously created for
this application should be used to accomplish this.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.

Note: If logged out, connect with below credentials:


• Username: Administrator
• Password: Password1
2. From the Layers menu on the top left, select the App Layers tab.

3. Right-click NotePad++ App Layer and select Add Assignments.

355
4. On the Select Version page, verify Version 1 is selected.

Click the Down Arrow to continue.


356
5. On the Image Template Assignment page, do not select anything.

Click the Down Arrow to continue.


6. On Elastic Assignment page, select Workspacelab > Citrix > New York > Users > Operations > HR >
HR3.

357
Click the Down Arrow to continue.
7. On the Confirm and Complete page, click Assign Layer.

8. Validate the task progress from the Task menu.

Click the information icon next to the running task for more details.
9. The Layer is being copied to the network share (\\NYC-FSR-001\Resources\AppLayer).

Wait for the task to complete.


Click X to close the event details.

358
10. Using the Remote Desktop Connection manager, right-click NYC-DTP-003 and select Connect server
as.
11. From drop-down, corresponding to Profile select WORKSPACELAB\HR3 (File), to connect as HR3.
12. Click Connect.

Note: It will take some time as VM is being configured.


13. Click Start, verify that NotePad++ is listed as an available application in the start menu.

14. Right-click Start > Shut down or sign out > Shut down.

Key Takeaways:
• The summary of this exercise is to provide a specific set of users with an application access which is a hot-
add to the existing App Layer and is visible only to those users configured access with. Other users who
have access to this App Layer will not be seeing this new hot –added application and hence this is called as
an Elastic Layer.
• App Layers can be assigned as an Elastic Layer for one or more user groups via the App Layering
management console. Elastic Layers allow administrators to give each user his/her own unique set of
applications, on top of the base Layered Image used across VDAs in a machine catalog. This can drastically
reduce the number of base Layered Images that administrators need to maintain.
• The Directory Junction that was configured in an earlier exercise allows administrators to assign Elastic
Layers to groups created in Active Directory. As a leading practice, create a group in AD for each Elastic
359
Layer, assign that group to the Layer in the App Layering management console, and use AD to manage
who gets what layer.

Self-Paced Bonus Exercise 5-16: Update an OS Layer


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
The Citrix Administrator team learns that a new standardized printer model will be deployed throughout the
company and must be supported on all end-user facing systems. The Lead Citrix Architect views this as a great
opportunity to test the layer update process of the App Layering deployment. Since the new printers must be
supported on all machines, the Citrix Architect asks you to add the corresponding printer driver to the OS Layer
that was previously created, so it can eventually be tested within the development XenApp and XenDesktop
environment.

Note: It takes some time to create every layer in this module as the machines which get created by the ELM during
every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at the end
of the operation; the changes are saved on the .vhd file stored on the ELM.

Step Action
1. Verify that you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001
machine.
2. From the Layers menu on the top left, select the OS Layers tab.

3. Right-click Windows 10 and select Add Versions.

360
4. In Version Details page on, the Create OS Version Wizard type the following details:

• Version: 2
• Version Description: Adding Printer Drivers
• Max Layer Size (GB): 50

Click the Down Arrow to continue.


5. On the Connector page, select XenServer – NYC-XenServer.

361
Click the Down Arrow to continue.
6. On the Packaging Disk, verify that Packaging Disk Filename is labelled as Windows 10.

Click the Down Arrow to continue.


7. On the Confirm and Complete page, click Create Version.

362
8. Validate the task progress.

On the Tasks section at the bottom of the window, click the information icon to view the details.

9. Monitor the task progress and wait for it to complete.

Note: This step may take 5-10 minutes approximately and will create a virtual machine on the
hypervisor.
10. Validate the status changes to Action Required.

363
Note: This step takes 10-15 minutes.

Click X to close the task details pane.


11. Switch to the XenCenter console on the Student Desktop and select the newly created Virtual
Machine by the name of Windows 10-YYYY-MM-DD_TIME.

12. This virtual machine will be powered on by itself.

Note: Right-click the virtual machine and select Start only if this VM does not boot by itself.
13. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1
14. Right-click Start menu and select Run.
15. Type Control Printers and click OK.

16. Click Add a printer.

364
17. In the Add a device dialog box, click The printer that I want isn’t listed.

18. On the Add Printer page, select Add a local printer or network printer with manual settings and click
Next.

365
19. Verify that the radio button Use an existing port is selected.

Click Next to continue.


20. Select Brother as Manufacturer and Brother Color Leg Type1 Class Driver as Printers.

366
Click Next to continue.
21. Select Use the driver that is currently installed (recommended).

Click Next.
22. Verify the printer name is labelled as Brother Color Leg Type1 Class Driver.

367
Click Next to continue.
23. In Printer Sharing page, select the Do not share this printer radio button.

Click Next.
24. Click Finish.

368
25. Click X to close the Devices and Printers window.

Right-click Start > select Shut down or Sign out > Restart.
26. Wait for the reboot to complete.
On the Console tab, click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
• Password: Password1
27. Double-click Shutdown For Finalize icon on the desktop.

28. If prompted with the User Account Control notification window, click Yes.

369
29. Switch back to Internet Explorer on NYC-FSR-001 machine and validate you are still connected ELM
web console.
30. On the OS Layer in the Layers menu, right-click on Windows 10 and select Finalize.

31. On the Confirm and Complete page, click Finalize.

370
32. Validate the task progress.
Click the information icon next to the running task for more details.

33. Monitor the task progress and wait for it to complete.

Note: This step may take 10-15 minutes.

Click X to close the event information details.


34. Validate that the status of the OS Layer now shows as Deployable.

371
Key Takeaways:
• The summary of this exercise is to update an existing OS layer to make any changes which is required, like
adding a printer driver, install Service Pack/updates to any of the OS components, etc.
• OS Layer updates are initiated from the App Layering management console. The ELM uses a versioning
process to perform layer updates.
• Similar to layer creation, ELM creates a temporary VM on the attached hypervisor host where the updates
can be made to the OS Layer. After the changes have been finalized, the ELM converts the VM into a new
version of the layer.

Self-Paced Bonus Exercise 5-17: Update an App Layer


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
The Elastic Layering PoC has gone well so far and is gaining buy-in from several teams within WWLabs. The Citrix
Architect asks you to update the Notepad++ App Layer by installing XenCenter to it. This will enable the team to
demonstrate the flexibility of the App Layering solution.

Note: It takes some time to create every layer in this module as the machines which get created by the ELM during
every layer operation are all managed by ELM itself, and the same machine is also destroyed by the ELM at the end
of the operation, and the changes are saved on the .vhd file stored on the ELM.

Step Action
1. Verify you are still connected to the ELM page using Internet Explorer on the NYC-FSR-001 machine.
2. From the Layers menu on the top left, select the App Layers tab.

372
3. Right-click NotePad++ and select Add Version.

4. In Version Details page on, the Create Application Version Wizard type the following details:
• Version: 2
• Version Description: Add XenCenter
• Max Layer Size: 3

373
Click the Down Arrow to continue.
5. On the OS Layer, select Version 2.

Click the Down Arrow to continue.


6. On the Prerequisite Layers page, leave defaults and click the Down Arrow to continue.

374
7. On the Connector page, select XenServer – NYC-XenServer.

Click the Down Arrow to continue.


8. On the Platform Layer page, leave defaults and click the Down Arrow to continue.

375
9. On the Packaging Disk page, verify NotePad++ is labelled.

Click the Down Arrow to continue.


10. On the Confirm and Complete page, click Add Version.

376
11. Validate the task progress.

On the task section at the bottom of the window, click the information icon to view the details.

12. Monitor the task progress and wait for it to complete.

Note: This step may take 15-20 minutes approximately and will create a virtual machine on the
hypervisor.
13. Validate the status changes to Action Required.

377
Click X to close the task details pane.
14. Switch to the XenCenter on Student Desktop and select the newly created Virtual Machine by the
name of NotePad++-YYYY-MM-DD_Time.

15. Select the Console tab and click Send Ctrl+Alt+Del (Ctrl+Alt+Insert). Login with the following
credentials:
• Username: Admin1
• Password: Password1
16. Right-click the Start menu, select Run.
17. Type \\nyc-fsr-001.workspacelab.com\resources\ and click OK.

18. Scroll down and select XenCenterSetup.exe.


Right-click and select Copy.

378
19. Click This PC on the left and browse to the C:\temp, right-click and select Paste.
20. Right-click XenCenterSetup.exe and select Run as administrator.
21. On the Welcome to the Citrix XenCenter Setup Wizard page, click Next.

22. On the Custom Setup page, select the All Users radion botton and click Next.

379
23. On the Ready to install Citrix XenCenter page, leave defaults and click Install.

24. On the Completed the Citrix XenCenter Setup Wizard page, click Finish.

380
25. Right-click Start > Shut down or sign out > Restart.

Note: Reboot is required when we install software on any of the layers, Shutdown for Finalize option
may fail if not rebooted.
26. On the Console tab click Send Ctrl+Alt+Del (Ctrl+Alt+Insert) and login with the following credentials:
• Username: Admin1
381
• Password: Password1
27. Double-click Shutdown For Finalize icon on the desktop.

Note: If prompted with the User Account Control notification window, click Yes.
28. Switch to Internet Explorer on the NYC-FSR-001 machine and confirm that you are still connected to
App Layers page on the ELM console.

Note: If logged out, connect with below credentials:


• Username: Administrator
• Password: Password1
29. Right-click NotePad++ and select Finalize.

30. On the Script Path page, in Finalize Layer Wizard, click the Down Arrow.

382
31. On the Confirm and Complete page, click Finalize.

32. Validate the task progress.


Click the information icon next to the running task for more details.

33. Monitor the task progress and wait for it to complete.

383
After the status shows done, click X to close the event information details.

Note: This step may take around 5-10 minutes to complete.


34. Validate that the status of the App Layer now shows as Deployable.

Key Takeaways:
• The summary of this exercise is to detail on how to update/add applications on to an existing App Layer
and how to create a new layer version for the App Layer.
• The process of updating an App Layer is like updating other layers. Note that either version of the OS
Layer can be selected to serve as the base for the App Layer update.
• In general, it is recommended to perform required OS updates to the OS Layer before updating any
Platform or App Layers that the OS Layer supports. This will prevent any OS update notifications from
appearing during Platform or App Layer updates.
• There is a lot of flexibility available regarding how your organization would like to use App Layers. From a
technical standpoint, up to 50 layers can go into a Layered Image. However, some organizations may wish
to include multiple applications within the same application layer if all applications in the group are
required for the same set of machines.

Self-Paced Bonus Exercise 5-18: Delete an App Layer


Self-Paced Bonus Exercises are optional. No class time is allotted to complete Self-Paced Bonus Exercises, but
students are encouraged to utilize any free time during the course or outside of the course to complete them. No
regular course exercises are dependent on the Self-Paced Bonus Exercises.

Scenario:
The Elastic Layering Proof of Concept has been a success, and the Citrix Architect tells you that he is planning for
App Layering to be added to the production XenApp and XenDesktop environment soon. However, he has received
a notification from the Storage Team that the SMB share used to store the layers is reaching its modest storage
limit. The Citrix Architect instructs you to delete both versions of the Adobe PDF Reader App Layer since the PoC
period has ended and they will no longer be needed.

Step Action
1. Verify you are still connected to the NYC-ELM-002 page using Internet Explorer on the NYC-FSR-001
machine.
2. From the Layers menu on the top left, select the App Layers tab.

384
3. Right-click NotePad++ and select Delete Versions.

4. In the Version Selection page, on the Delete Layer Wizard select version 2.

385
Click the Down Arrow to continue.

Note: The option to Delete Layer is greyed out becaue it is assigned to a user and an OS Layer.
Currently you can only delete a version.
5. On Confirm and Complete page, click Delete Versions.

6. Right-click NotePad++ and select Remove Assignments.

386
7. In the Image Template Assignment page, on Remove Layer Assignment window, select the Windows 10
MCS and click the Down Arrow to continue.

8. On the Elastic Assignment page, select HR3 user.

387
Click the Down Arrow to continue.
9. On the Confirm and Complete page, review the configuration and click Remove Assignments.

10. Right-click NotePad++ and select Delete Versions.

388
11. In the Version Selection page, on Delete Layer Wizard, verify the Delete Layer option is selected.

Click the Down Arrow to continue.


12. On the Confirm and Complete page, click Delete Versions.

389
13. Monitor the progress in the Tasks section at the bottom.

Click the information icon for more details.


14. Verify that the NotePad++ App Layer is sucessfully deleted.

Click X to close the event details.

Key Takeaways:
• Summary of this exercise is to detail on how to delete an App Layer version and the App Layer.
• Each version of a layer can be deleted individually. Alternatively, all versions of a Layer can be deleted
simultaneously if needed.
• Before an App Layer version can be deleted, you must remove any active Elastic Layer assignments it has.

390

You might also like