Get me outta here!

Citrixology

by Lal Mohan

Menu

Skip to content
  • About Me
  • Citrix
    • Citrix Cloud
    • NetScaler
    • WEM & UPM
    • XenApp & XenDesktop
    • Citrix Storefront
  • WVD
  • VMware
    • Workspace One

Tag Archives: How to guide WEM

Installing and Configuring Citrix Workspace Environment Manager (WEM) in a Citrix Environment

March 11, 2020 by Lal Mohan

I have done numerous Citrix Workspace Environment Manager (WEM) deployments in the past but never did I think about once doing a blog post on it yet. So, we are doing it this time. For the uninformed, Citrix WEM is a resource management and user persona management tool and is a must-have in every Citrix environment for the following reasons.

  • It’s FREE for all the Enterprise and Platinum customers that have a valid Citrix Customer Success Services (CSS) agreement.
  • It’s super impressive if you have applications that consumes large amounts of memory, which most of the modern apps are.

Refer here if you want to look at what you get with different Citrix licenses https://www.citrix.com/en-au/products/citrix-virtual-apps-and-desktops/feature-matrix.html?_ga=2.163129148.1481679903.1582674361-19471628.1580160671

Overview

WEM has the following simplified architecture (courtesy of Citrix.com)

Workspace Environment Management architecture diagram

There are 3 key pieces for a WEM deployment

  • Infrastructure Services – It is the brain of the whole solution. It helps synchronizing the agent and admin console with the SQL server and Active Directory. This role CANNOT be installed on a Domain Controller and Desktop Delivery Controller according to Citrix.
  • Administration Console – Console is used to configure and manage WEM. This could be installed on any standard Windows machine.
  • Agent – The Workspace Environment Management agent connects to the Workspace Environment Management infrastructure services and is responsible for enforcing the settings you configure by using the administration console. The agent can either be deployed on VDAs or on physical Windows devices (for Transformer use cases). It can be installed on a Windows client (to manage client environments) or on a Windows Server (to manage server environments, or to manage published desktops and applications).

Installation

Pre-Requisites

  • domain service account
  • sysadmin access for the service account on the SQL server(s)
  • an AD group that contains all the WEM admins in the organization
  • Add the service account to local administrator group on the WEM servers

Install WEM Infrastructure Services

Download the installer binaries and run the .exe for Infrastructure Services

Click Install

Click Next


Accept the EULA

Enter the Customer and Organization Name

Click Next

Click Install

Click Finish. The database management utility will start

Click Create Database

The database creation wizard will start.

Click Next

Tick the box for “Use Integrated Connection” if the account that has been used is a sysadmin on the SQL server. if that’s not the case, use another account that has sysadmin rights

Click Next

  • Add the WEM Administrator AD group
  • select the domain service account. This is the broker service account under which the Infra services will be run
  • set a password for the SQL vuemUser

Click Next

You get the database information summary as below

Click OK

Click Finish

Close the Database Management Utility


WEM Infrastructure Services Configuration

On the server where WEM is installed, run the WEM Infrastructure Service Configuration Utility as an administrator.

On the Database settings tab, enter the Database server name and Database Name that was created in the previous step

If there is a failover server, give the secondary SQL server name and instance

On the Network settings tab, leave everything as default

On the Advanced Settings tab, enter the Infrastructure Service account and the vuemUser SQL password.

Enable the Performance Tuning – Tick that

Decide if you want to enable Google Analytics or not

Enable Scheduled Database Maintenance as below

On the Licensing Tab, tick the box for Global license Server override

Click Save Configuration

This will restart the broker service

Click Yes

Close the WEM Infrastructure Service Configuration utility.

Click Yes

Ensure that the Infrastructure service account has full permissions to the DBSync folder. The installation of the Infrastructure service role should set this up correctly but if that isn’t the case, ensure that the permissions are setup like the below. Else, your WEM upgrades will most likely fail in the future.

If you have multiple WEM infrastructure services servers and you are planning to load balance them, you will need to set up a Kerberos SPN. Follow the command below to set it. Service account name is the account used for WEM Infrastructure Service. No need to add the domain name before the service account name

setspn -U -S Norskale/BrokerService [serviceaccountname]

Run the Citrix Workspace Environment Management Infrastructure Services Setup on the rest of the WEM servers.

Once the installation is complete, do NOT run the Database Management Utility but run the WEM Infrastructure Service Configuration utility instead.

Setup the Kerberos SPN (it is case sensitive so be mindful of how you use the service account on the previous servers)

Citrix WEM Console Install

Run the console install on the WEM servers or any other server of your choice

Accept the EULA

Enter the Customer Name and Organization and Click Next

Select Complete and click Next

Click Install

Click Finish

WEM Agent Install

Once the Infra services and console is installed, you can now install WEM agents on the machines that you need to manage via WEM. In our case, they are Citrix VDAs themselves.

Run the installer binaries for Citrix Workspace Environment Management Agent Setup

Click Install


Click Next

Click Next

Select On-Premises deployment

Select Skip Configuration. These settings will be pushed down via GPOs.

Click Next

You can choose to leave the WEM Cache on the C drive but when using PVS or MCS , its is often good practice to move the cache folder to the persistent drives. I have selected to use the MCS Write Cache disk in the example above.

Click Next

Click Install

Click Finish

Click Close

WEM Initial Configuration

Once the console and WEM services roles are installed, a Configuration Set is required to be created so that it could be applied to the machines that you intend to. They are previously called Sites so don’t freak out if you are used to that terminology in the past.

If you already have a backup of the Configuration set, you can now browse to that and select it and import it.

Else, create a new Configuration set

Click Create

Give it a Name and a description

Click OK

Now it’s time to import default recommended settings. You can find them in the WEM download package.

Click Restore

Restore Wizard will open

Select Settings

Click Next

Click Next

Click Browse and pick the Default Recommended Settings

Click OK

Check all the boxes as shown in the picture below

Click Next

Click Restore Settings

Say Yes to the warning above

Wait until the restore is finished

Click Finish

To add the agents in WEM console, Click “Active Directory Objects” and then click Machines

Under Actions pane at the bottom, select Add Object

Pick the computer account that you want the policies to be pushed using the WEM agent. You can also choose to add the whole OU to make things a bit more automated.

The basic config is now there. Now if you want to get a bit more deeper into the WEM or understand the concepts a bit more, please feel free to read the blog I wrote a while ago. It has explanations and best practices that you can follow for your environment and customize it according to your needs. It is a good read, I promise!

https://lalmohan.co.nz/2018/08/15/citrix-workspace-environment-manager-wem-baseline-policies-and-best-practices/

Spread the love:

  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Reddit
  • Email
  • Print
  • Pocket
  • Tumblr

Like this:

Like Loading...
Citrix Virtual Apps Citrix Virtual Apps and Desktops Citrix Virtual Desktops CVAD Profile Management User Profile Management XenApp XenDesktop XenDesktop 7 Citrix WEMCitrix Workspace Environment ManagerHow to Citrix WEMHow to guide WEMNorskaleStep by step guide for WEM installWEM Install and configureWorkspace Environment Manager 1 Comment

Post navigation

Translate this blog

Recent Posts

  • Implement Rate Limiting on NetScalers (Citrix ADCs)
  • Integrate Azure MFA with NetScaler Gateway for Two-Factor Authentication
  • Microsoft Windows Virtual Desktops (WVD) or Citrix – The Big Question answered!
  • Desktop Restart – Citrix Storefront Power Management
  • Citrix Machine Creation Services (MCS) – Primer For On-Prem Vs Azure

RSS Citrix Blogs

  • Help your remote contact center agents keep customers happy
  • Citrix Endpoint Management earns new Android Enterprise verification
  • Improve your security posture with Security Advisory in Citrix ADM service
  • See why Citrix is one of the Fortune 100 Best Companies to Work For
  • How partners can pioneer the future of work with Wrike and Citrix – Part 1
  • Enhance your scaling capabilities in Google Cloud
  • Doing well means being well
  • Women @ Work: Making an impact, strengthening others
  • The Click-Down: Episode 5 — Mergers and acquisitions (plus tech updates!)
  • Protecting your login pages from account takeover attacks

RSS Google Cloud Platform

  • Reclaim time and talent with AppSheet Automation
  • The new Google Cloud region in Warsaw is open
  • Optimizing object storage costs in Google Cloud: location and classes
  • What’s new with Google Cloud
  • Broadcom improves customer threat protection with flexible data management
  • Continuous migration to Cloud SQL for terabyte-scale databases with minimal downtime
  • Schools turn to Google Cloud to help re-open campuses
  • Introducing Cloud CISO perspectives
  • Reigniting the "Recommended for Google Workspace" program
  • Introducing SAP Integration with Cloud Data Fusion

RSS Trending

  • How to allow remote users to enroll smartcard certificates on a YubiKey over an HDX session for certificate lifecycle management using Citrix Virtual Apps and Desktops Service
  • FIDO Alliance Authenticate conference session recap on Citrix Workspace strong authentication with FIDO2
  • A deep dive into the Citrix HDX FIDO2 and Windows Hello optimized virtual channel with virtual desktops and apps using USB, NFC, BLE, and built-in authenticators
  • Using Windows Hello FIDO2 capability with web browsers, Microsoft WVD, Teams, and native Windows apps for passwordless logins using your fingerprint or face
  • How to use Azure AD Conditional Access to add a Terms of Use EULA to Citrix Workspace, Microsoft WVD, Office 365, and SaaS apps
  • How to report on Microsoft Authenticator password-less phone sign-in & FIDO2 security key usage using Azure AD & Azure Monitor Log Analytics
  • How to use FIDO2 security keys remotely inside a virtual desktop session hundreds of miles away using Citrix HDX USB redirection and Microsoft Azure AD
  • Work from home reality and making positive IT decisions in response to the COVID-19 Coronavirus pandemic
  • How to use Microsoft WVD, Windows 10 multi-session, FSLogix, & MSIX app attach to build an Azure-powered virtual desktop experience
  • Driving Modern Passwordless Authentication: Citrix Workspace and Microsoft Azure Active Directory

RSS VMware EUC Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS Citrix Guru

  • A look at the upcoming Citrix Identity Platform improvements in Citrix Cloud
  • TOP 10 upcoming features in Citrix Cloud [2019]
  • Citrix Managed Desktops Service is a glimpse into the future of Citrix Cloud services
  • I’ve tested Nutanix Xi Frame and it is…
  • Everything you need to know about WVD, Windows 10 EVD and Citrix
  • EUC Masters Retreat 2019: the conference you want to attend
  • Renewed as Citrix Technology Professional (CTP) for 2019
  • First words from the 2019 Citrix Technology Professionals
  • LTSR vs. CR: Citrix wants customers off LTSR
  • Ultimate Citrix App Layering Guide 2019

RSS Microsoft Azure Blog

  • Empowering operators on their cloud migration journey
  • Digital event: 5 reasons to attend Azure Storage Day
  • The blueprint to securely solve the elusive zero-touch provisioning of IoT devices at scale
  • Microsoft powers transformation at NVIDIA GTC—GPU technology conference
  • Build secure manufacturing operations with nesting capabilities for Azure IoT Edge
  • Insights and best practices to run business-critical applications on Azure
  • What I Wish I Knew: Manufacturing leaders offer firsthand IoT adoption advice
  • Leverage enterprise-scale reference implementations for your cloud adoption
  • Deepen the value chain for geospatial earth imagery on cloud using Azure Orbital
  • Cloud Services (extended support) is generally available, migration tool in preview

RSS Amazon AWS

  • Amazon CodeGuru Reviewer Updates: New Predictable Pricing Model Up To 90% Lower and Python Support Moves to GA
  • Reduce Unwanted Traffic on Your Website with New AWS WAF Bot Control
  • How to Get Started with Amazon Route 53 Resolver DNS Firewall for Amazon VPC
  • CloudWatch Metric Streams – Send AWS Metrics to Partners and to Your Apps in Real Time
  • Troubleshoot Boot and Networking Issues with New EC2 Serial Console
  • Red Hat OpenShift Service on AWS Now GA
  • Introducing Amazon S3 Object Lambda – Use Your Code to Process Data as It Is Being Retrieved from S3
  • IAM Access Analyzer Update – Policy Validation
  • New Amazon EC2 X2gd Instances – Graviton2 Power for Memory-Intensive Workloads
  • AWS Fault Injection Simulator – Use Controlled Experiments to Boost Resilience

Blog Stats

  • 500,298 hits

Archives

Create a website or blog at WordPress.com
Cancel

 
Loading Comments...
Comment
    ×
    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Cookie Policy
    %d bloggers like this: