Citrix Cloud Testing on Amazon EC2 M4


Citrix Cloud on AWS

I was recently afforded the unique opportunity to collaborate on a project to test capacity out of a Citrix XenApp on AWS deployment. The goal of the project was to independently determine the maximum user density for a few different EC2 instance types running XenApp 7.14.

EC2 instances are on-demand and elastic hosted server resources. Which means that they are provisioned dynamically within a pool of available resources, and with an OS you deploy ontop. Amazon provides a variety of templates to easily install Windows, Linux or your other favorite OS. EC2 instances are broken down into a few varieties. They are optimized for storage, memory, compute or graphics. The designation before the name of the instances illustrates their configuration. G3 indicates graphics optimized instance third generation.

The other difference between instance type is the cost. If you are provisioning a 2vCPU 4GB of RAM machine the price per hour would be significantly less than that of a 16vCPU 64GB of RAM machine.

1st

This would allow the customer to match the exact machine size to the purpose of their deployment, and optimize the amount of money they were spending on their hosted application solution.

Utilizing Login VSI’s virtual users I ran a predetermined user count against a Citrix XenApp deployment managed from Citrix Cloud.

For this blog, I will only discuss one data point, and the Citrix Cloud configuration on AWS. We have a significant amount of results, and we will make those available on www.loginvsi.com/blog.

For those of you not familiar Citrix Cloud is providing Citrix capabilities traditionally delivered on premise through a HTML web based user experience therefore installing a receiver is no longer required.

Some of the key components as they move into their cloud forward offerings are StoreFront / Netscaler and Studio.

2nd

StoreFront and NetScaler are completely managed now through a web page. This completely removes the administrator’s responsibilities of configuring hardware / software solutions for Citrix. You simply fire this up, attach it via their “Citrix Cloud Connector” and configure to start deploying your desktops or apps. It works completely flawlessly.

Studio is managed through the connector as well, and provides the Citrix HTML 5 receiver for management access through the Citrix Cloud web portal.

During my time working with it, it proved to be very flexible, easy to configure and reliable for all testing. I would recommend this to any administrator looking at future proofing their Citrix deployments. It is truly ready for market.

Some images below of the management interface:Some images below of the management interface:

There will be a management icon within your Citrix Cloud Dashboard. Select “XenApp and XenDesktop Service” “manage”

3rd

You will then go to the management interface for XenApp / XenDesktop; you have two options Creation and Delivery. Creation – Studio / Delivery – StoreFront / NetScaler:

4th

Management interface for Studio. Notice the Citrix Receiver icon in the middle. Studio is provided through the Citrix HTML 5 receiver. Interesting touch.

5th

Management for Citrix NetScaler / StoreFront:

6th

AWS Configuration for demonstration purposes:

7th

Color coded

8th

Delivery group configuration:

9th

11th

There is only one XenApp host in each delivery group. This is to determine the maximum amount of users for one M4.

2XLarge instance backing the XenApp host. We are delivering Office 2016 applications, and the standard set of VSI Knowledge worker actions.

It is very easy to change the instance type in EC2. You simply select the “Instance” and change the “Instance Type” through the context menu.AWS_Change_Instance_Types

There are a variety of different configuration, which allows you to really get the most out of the testing. If you are aiming for user density numbers you can size it exactly. This allows you to pay for EXACTLY what you need as opposed to over provisioning. This will help drive the cost of VDI / SBC deployments down ultimately, and increase end user experience quality.

If you are sizing your images with Login VSI and backing them up with EC2 AWS instances you are getting an optimal user experience exactly sized right for your needs.

Information on instances:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html

VSI Results

12th

Testing Configuration

For our testing purpose we provisioned a m4.2xlarge machine on EC2. This instance has a machine profile of 8 vCPU and 32 GB of memory. This is either running a XENO E5-2686 or 2676. Mostly a general use machine which is balanced.

Our testing configuration was 50 test users over the course of 48 minutes. We utilized the industry standard Knowledge Workload. This mostly presents a large portion of the VDI / SBC user base. Office application and standard office applications like Adobe Reader.

 

Application start times are all over the place for the most part, but staying for the most part under 12 seconds. Which would be reasonable for the users. Login process takes under 16 seconds even under VSI Max settings.

 

What does the backend look like?

16th

When the CPU is at 100% the VSIMax is being reached within the user session. This means the numbers are indicating the bottleneck to be the CPU provisioned for the M4.2Xlarge instance which is approximately.

Wrap-up

Seeing is believing and after testing it I can confirm that Amazon EC2 is ready for the prime time. We were able to support 42 concurrent users on a M4.2Xlarge and we were able to have a continuous level of excellent user experience while doing so.

Amazon is ready to supplement your traditional on premise solutions with readily available and quickly scalable resources in the cloud. Using Citrix Cloud services you can very easily scale your delivery out to support your user base as it dynamically changes.

Using VSI you can validate your configurations with support your users and put a check box next to user experience.

Using these three solutions you can future proof your company, and deliver on a promise of value & experience

Finally, if you are looking for some testing for your deployment please reach out to me here or b.martynowicz@loginvsi.com.

As always stay tuned for more results.

Advertisements

The curious case of NetScaler access with error message ” The Connection to “Desktop” failed with status (Unknown client error 1110)”


I was pulled into to look at a problem for one of our customers with their Netscalers which stopped the user connections intermittently throwing a very “helpful” error message ” the connection to the desktop failed with status (unknown client error 1110).

The customer description was “it only started to happen a few weeks ago and these days its quite impossible to land a successful connection from the outside of our corporate network”

I managed to get a couple of screenshots of error messages from the users and they appeared like below. When queried, the internal access via Storefront is working fine.

image001

Looking at the error message, there are a multitude of reasons why you would get that and i am outlining the common areas to look in such cases.

  • Check if the Root certificates and intermediate certificates are available on the client devices. If frequently patched, the client will most probably have the latest and update Root CA’s from various public CAs. Check the IE’s / Other browsers’ certificate store to verify the Root and Intermediate CA SSL certs
  • If using non-IE browsers for connectivity, switch over to IE to see if it connects. IE is the safest bet when it comes to connectivity to Citrix environments.
  • Check for SSL ciphers attached to the NetScaler Gateway vServer. If high security ciphers are used, this issue may occur. relax the cipher suites to see if that makes a difference. Again, if cipher suites are an issue, the issue will occur every single time when you connect and not sporadically.
  • Check the STAs on the NetScaler and ensure that it matches with the STAs configured on the  WI/Storefront. This is one of the most important setting to check and probably the first one to check if the issue occurs only sporadically. There is a high possibility of an STA mismatch as it turned out to be in my case.
  • Check the FW from the NetScaler to the VDA – As the title says ensure that the Citrix ports to the VDA are open from the Netscaler

Citrix XenApp – Long logon times and potential fixes


Long login times are something that we have been hearing from time to time working with Citrix XenApp /XenDesktop environments. I have had a similar issue recently for one of my deployments with XenApp 7.5 on Windows Server 2012 R2 workloads. My logon times averaged around 30 seconds which is not bad at all. I still wanted to make it better and my target was to bring it under 15 seconds 🙂

Below are a few things that you can do to reduce the logon times. Please note that this is not a comprehensive list so feel free to comment below with your findings on this post so that i can update it and make the list better.

If you have Citrix Director in your environment, that would be the first place to look. It gives you in-depth details on where the profile load takes longer so that you can focus on those areas first.

I had Citrix Director in the environment and looking at it, Interactive Session seems to take a major chunk of the overall login time.

  1. Anti-Virus – This is one item that is overlooked often so ensure that you have set the required exclusions for your AV product. I would even go head and recommend turning OFF Real-time scanning for MCS/PVS created images as they are only read only. Please ensure that you run Real-time scanning on the network shares that hosts the profiles/home folders and also on the Write Cache location in case of PVS images.
  2. Enable Legacy Graphics Mode –This is a Citrix policy and enabling this is found to increase the logon speed. This is Adaptive Display First Generation which is good on older operating systems like Windows Server 2008 R2. Not recommended to be enabled in Windows Server 2012 R2 as it is found to cause some/all applications to fail consistently or randomly. In short, apply this setting with caution if your workloads are Windows Server 2012 R2 / Windows 8.x
  3. Remove CD-ROM drives from your virtual Citrix servers – May sound silly but having a CD-Drive on the server is found to increase the logon time.
  4. Active Setup – My suggestion is to check the Active Setup on the Citrix servers. I use SysInternals Autoruns tool to disable (not delete) the unwanted Active Setup keys under Installed components for HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components  as well.
  5. Autoruns This is a brilliant tool from SysInternals and throws a lot of light into what runs when a user logs in to a Windows Server. Run this and disable all that is not required for your environment.
  6. Internet Explorer – Uncheck In Internet Explorer Options Advanced -> Security,  disable “Check for publisher´s certificate revocation” and “Check for Server Certificate Revocation
  7. DisableStatus registry – Again apply this fix with caution as this is found to introduce the blue login screen(Windows GINA) when accessing applications which is not ideal. http://support.citrix.com/article/CTX135782 . Some have reported to have reduce the login times by doing this.
  8. Citrix UPM Profile Streaming – Profile Streaming is sometimes found to adversely affect the logon times especially when McAfee is used. Turn OFF UPM Profile Streaming completely to see if it makes any difference.
  9. Themes Key in Active Setup – Remove the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}. Make sure that the key is removed for the user profile as well under HKCU
  10. Receiver version – Use the latest stable version of Receiver on the client devices. Running the latest version on the server side will help in launching published application quickly.
  11. Drive Mappings – It could either be via logon scripts or via GPPs. Citrix Director can easily show you if this is the case so that you can focus on the right area from the beginning itself.
  12. Printer Mappings – Same as drive mappings. the GPPs should be set to move on if it errors and not wait for it and time out.
  13. Group Policy Processing errors – Look in the EventViewer for any potential policy processing errors and fix them.
  14. Default delay of 5-10 seconds for VDAs based on Windows 8.x and Server 2012 – Microsoft introduced a delay of 5-10 secs for operating systems starting from Windows 8 and hence this does apply to Server 2012 OSes as well. To remove the delay, add the registry value StartupDelayInMSec (REG_DWORD) to 0 in HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Serialize   (You can add the key “Serialize” if not present already). This will greatly reduce the “interactive logon” delays
  15. Last but not the least (this should have been higher up in the order), check the size of user profiles and find out what is causing the profile bloat. In most cases, publishing Google Chrome and Firefox is one of the most common causes of large profile sizes. It is recommended to exclude the whole of \AppData\Local\Google\Chrome and just have the per-requisite files/ folder synchronized using UPM policy. I would start with the below synchronization list for Chrome
AppData\Local\Google\Chrome\User Data\First Run
AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preferences

You can find more about Chrome and Firefox exclusion and synchronization policies here

16. Enable the Microsoft policy “Set maximum wait time for the network if a user has a roaming user profile or remote home directory” and set the value to 0. The policy could be found under Computer Configuration – Policies – Administrative Templates – System – User Profiles

17. Check the Citrix KB here – http://support.citrix.com/article/CTX133595/

In my case it turned out to be the Active setup key for Themes and the CD-ROM – made a difference of ~ 12 seconds

There is another fantastic article out there on XenAppBlog

That’s an interesting read as well. i will continue to update the post as I find out more and please feel free to post your comments below.

Citrix Receiver Error – Could Not start app – There was a problem contacting “Store” – SOLVED


Time for another article, this time on the Native Receiver issue which gave me a lot of pain, was resolved by tweaking a simple setting.

We had users reporting issues connecting to the Storefront store using native Receiver. The Receiver version was 4.1 running on Windows 8.1. The issue was random and a lot of times, the issue resolved itself after a  few tries.

The exact error message was below

Capture46

 

One of the workaround for us was to get the users to connect to the Storefront via a web browser and that worked flawlessly.

 

The issue was later identified with the Internet Explorer proxy settings – the users reported issues had a different proxy server set due to some other special access requirements and hence gave the errors every now and then. In my case, the issue was the proxy server entry highlighted in red box.

Capture47

There could be other reasons why this error message occurs – Storefront connectivity, Storefront services issues etc but remember to check this as well and it might save you a lot of time.