Get me outta here!

Citrixology

by Lal Mohan

Menu

Skip to content
  • About Me
  • Citrix
    • Citrix Cloud
    • NetScaler
    • WEM & UPM
    • XenApp & XenDesktop
    • Citrix Storefront
  • WVD
  • VMware
    • Workspace One

Tag Archives: Step by step guide for WEM install

Installing and Configuring Citrix Workspace Environment Manager (WEM) in a Citrix Environment

March 11, 2020 by Lal Mohan

I have done numerous Citrix Workspace Environment Manager (WEM) deployments in the past but never did I think about once doing a blog post on it yet. So, we are doing it this time. For the uninformed, Citrix WEM is a resource management and user persona management tool and is a must-have in every Citrix environment for the following reasons.

  • It’s FREE for all the Enterprise and Platinum customers that have a valid Citrix Customer Success Services (CSS) agreement.
  • It’s super impressive if you have applications that consumes large amounts of memory, which most of the modern apps are.

Refer here if you want to look at what you get with different Citrix licenses https://www.citrix.com/en-au/products/citrix-virtual-apps-and-desktops/feature-matrix.html?_ga=2.163129148.1481679903.1582674361-19471628.1580160671

Overview

WEM has the following simplified architecture (courtesy of Citrix.com)

Workspace Environment Management architecture diagram

There are 3 key pieces for a WEM deployment

  • Infrastructure Services – It is the brain of the whole solution. It helps synchronizing the agent and admin console with the SQL server and Active Directory. This role CANNOT be installed on a Domain Controller and Desktop Delivery Controller according to Citrix.
  • Administration Console – Console is used to configure and manage WEM. This could be installed on any standard Windows machine.
  • Agent – The Workspace Environment Management agent connects to the Workspace Environment Management infrastructure services and is responsible for enforcing the settings you configure by using the administration console. The agent can either be deployed on VDAs or on physical Windows devices (for Transformer use cases). It can be installed on a Windows client (to manage client environments) or on a Windows Server (to manage server environments, or to manage published desktops and applications).

Installation

Pre-Requisites

  • domain service account
  • sysadmin access for the service account on the SQL server(s)
  • an AD group that contains all the WEM admins in the organization
  • Add the service account to local administrator group on the WEM servers

Install WEM Infrastructure Services

Download the installer binaries and run the .exe for Infrastructure Services

Click Install

Click Next


Accept the EULA

Enter the Customer and Organization Name

Click Next

Click Install

Click Finish. The database management utility will start

Click Create Database

The database creation wizard will start.

Click Next

Tick the box for “Use Integrated Connection” if the account that has been used is a sysadmin on the SQL server. if that’s not the case, use another account that has sysadmin rights

Click Next

  • Add the WEM Administrator AD group
  • select the domain service account. This is the broker service account under which the Infra services will be run
  • set a password for the SQL vuemUser

Click Next

You get the database information summary as below

Click OK

Click Finish

Close the Database Management Utility


WEM Infrastructure Services Configuration

On the server where WEM is installed, run the WEM Infrastructure Service Configuration Utility as an administrator.

On the Database settings tab, enter the Database server name and Database Name that was created in the previous step

If there is a failover server, give the secondary SQL server name and instance

On the Network settings tab, leave everything as default

On the Advanced Settings tab, enter the Infrastructure Service account and the vuemUser SQL password.

Enable the Performance Tuning – Tick that

Decide if you want to enable Google Analytics or not

Enable Scheduled Database Maintenance as below

On the Licensing Tab, tick the box for Global license Server override

Click Save Configuration

This will restart the broker service

Click Yes

Close the WEM Infrastructure Service Configuration utility.

Click Yes

Ensure that the Infrastructure service account has full permissions to the DBSync folder. The installation of the Infrastructure service role should set this up correctly but if that isn’t the case, ensure that the permissions are setup like the below. Else, your WEM upgrades will most likely fail in the future.

If you have multiple WEM infrastructure services servers and you are planning to load balance them, you will need to set up a Kerberos SPN. Follow the command below to set it. Service account name is the account used for WEM Infrastructure Service. No need to add the domain name before the service account name

setspn -U -S Norskale/BrokerService [serviceaccountname]

Run the Citrix Workspace Environment Management Infrastructure Services Setup on the rest of the WEM servers.

Once the installation is complete, do NOT run the Database Management Utility but run the WEM Infrastructure Service Configuration utility instead.

Setup the Kerberos SPN (it is case sensitive so be mindful of how you use the service account on the previous servers)

Citrix WEM Console Install

Run the console install on the WEM servers or any other server of your choice

Accept the EULA

Enter the Customer Name and Organization and Click Next

Select Complete and click Next

Click Install

Click Finish

WEM Agent Install

Once the Infra services and console is installed, you can now install WEM agents on the machines that you need to manage via WEM. In our case, they are Citrix VDAs themselves.

Run the installer binaries for Citrix Workspace Environment Management Agent Setup

Click Install


Click Next

Click Next

Select On-Premises deployment

Select Skip Configuration. These settings will be pushed down via GPOs.

Click Next

You can choose to leave the WEM Cache on the C drive but when using PVS or MCS , its is often good practice to move the cache folder to the persistent drives. I have selected to use the MCS Write Cache disk in the example above.

Click Next

Click Install

Click Finish

Click Close

WEM Initial Configuration

Once the console and WEM services roles are installed, a Configuration Set is required to be created so that it could be applied to the machines that you intend to. They are previously called Sites so don’t freak out if you are used to that terminology in the past.

If you already have a backup of the Configuration set, you can now browse to that and select it and import it.

Else, create a new Configuration set

Click Create

Give it a Name and a description

Click OK

Now it’s time to import default recommended settings. You can find them in the WEM download package.

Click Restore

Restore Wizard will open

Select Settings

Click Next

Click Next

Click Browse and pick the Default Recommended Settings

Click OK

Check all the boxes as shown in the picture below

Click Next

Click Restore Settings

Say Yes to the warning above

Wait until the restore is finished

Click Finish

To add the agents in WEM console, Click “Active Directory Objects” and then click Machines

Under Actions pane at the bottom, select Add Object

Pick the computer account that you want the policies to be pushed using the WEM agent. You can also choose to add the whole OU to make things a bit more automated.

The basic config is now there. Now if you want to get a bit more deeper into the WEM or understand the concepts a bit more, please feel free to read the blog I wrote a while ago. It has explanations and best practices that you can follow for your environment and customize it according to your needs. It is a good read, I promise!

https://lalmohan.co.nz/2018/08/15/citrix-workspace-environment-manager-wem-baseline-policies-and-best-practices/

Spread the love:

  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Reddit
  • Email
  • Print
  • Pocket
  • Tumblr

Like this:

Like Loading...
Citrix Virtual Apps Citrix Virtual Apps and Desktops Citrix Virtual Desktops CVAD Profile Management User Profile Management XenApp XenDesktop XenDesktop 7 Citrix WEMCitrix Workspace Environment ManagerHow to Citrix WEMHow to guide WEMNorskaleStep by step guide for WEM installWEM Install and configureWorkspace Environment Manager 1 Comment

Post navigation

Translate this blog

Recent Posts

  • Integrate Azure MFA with NetScaler Gateway for Two-Factor Authentication
  • Microsoft Windows Virtual Desktops (WVD) or Citrix – The Big Question answered!
  • Desktop Restart – Citrix Storefront Power Management
  • Citrix Machine Creation Services (MCS) – Primer For On-Prem Vs Azure
  • Microsoft DirectAccess breaks Citrix/XenApp application launches – Fix

RSS Citrix Blogs

  • Citrix announces preview of identity provider integrations using SAML 2.0
  • Leverage Citrix Workspace app for Windows on ARM64 devices
  • Citrix Deployment Builder: Simplifying Citrix cloud-native deployments
  • New human-centered change resources to help you and your employees succeed
  • Citrix ADCs earn accolades for secure hybrid access with Azure identity
  • Citrix Workspace and Wrike empower IT for a better employee experience
  • What’s new with Citrix Workspace – February 2021
  • Citrix Support and Services earns 5th straight TSIA certification
  • Secure your DNS infrastructure with Citrix ADC
  • What’s new with the Citrix Knowledge Center – February 2021

RSS Google Cloud Platform

  • Peer reviewed 'allow' and 'deny' software installation decisions to enable scalable protection
  • Reducing risk through credit card fraud detection
  • What’s new with Google Cloud
  • Inventory management with BigQuery and Cloud Run
  • Managing cloud firewalls at scale with new Hierarchical Firewall Policies
  • Automating smartphone manufacturing with Visual Inspection AI
  • How to build a serverless real-time credit card fraud detection solution
  • Back by popular demand: Google Cloud products in 4 words or less (2021 edition)
  • Google Cloud Born-Digital Summit: Inspiring the next generation of technology leaders
  • All together now: Bringing your GKE logs to the Cloud Console

RSS Trending

  • A deep dive into the Citrix HDX FIDO2 and Windows Hello optimized virtual channel with virtual desktops and apps using USB, NFC, BLE, and built-in authenticators
  • Using Windows Hello FIDO2 capability with web browsers, Microsoft WVD, Teams, and native Windows apps for passwordless logins using your fingerprint or face
  • How to use Azure AD Conditional Access to add a Terms of Use EULA to Citrix Workspace, Microsoft WVD, Office 365, and SaaS apps
  • How to report on Microsoft Authenticator password-less phone sign-in & FIDO2 security key usage using Azure AD & Azure Monitor Log Analytics
  • How to use FIDO2 security keys remotely inside a virtual desktop session hundreds of miles away using Citrix HDX USB redirection and Microsoft Azure AD
  • Work from home reality and making positive IT decisions in response to the COVID-19 Coronavirus pandemic
  • How to use Microsoft WVD, Windows 10 multi-session, FSLogix, & MSIX app attach to build an Azure-powered virtual desktop experience
  • Driving Modern Passwordless Authentication: Citrix Workspace and Microsoft Azure Active Directory
  • Why Windows Hello for Business, Microsoft Authenticator, and FIDO2 are not a suggestion, but a requirement for your Azure AD powered enterprise – PART 2
  • Understanding the passwordless authentication renaissance and how to plan your Microsoft Windows based organization for this change – PART 1

RSS VMware EUC Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS Citrix Guru

  • A look at the upcoming Citrix Identity Platform improvements in Citrix Cloud
  • TOP 10 upcoming features in Citrix Cloud [2019]
  • Citrix Managed Desktops Service is a glimpse into the future of Citrix Cloud services
  • I’ve tested Nutanix Xi Frame and it is…
  • Everything you need to know about WVD, Windows 10 EVD and Citrix
  • EUC Masters Retreat 2019: the conference you want to attend
  • Renewed as Citrix Technology Professional (CTP) for 2019
  • First words from the 2019 Citrix Technology Professionals
  • LTSR vs. CR: Citrix wants customers off LTSR
  • Ultimate Citrix App Layering Guide 2019

RSS Microsoft Azure Blog

  • Apply AI to your most critical business needs with new Azure AI capabilities
  • Accelerate IT innovation with new Windows Server on Azure updates
  • Improving agility, performance, and resilience with new Azure infrastructure capabilities
  • Connecting customers and businesses with Azure Communication Services and Microsoft Teams
  • Innovate across hybrid and multicloud with new Azure Arc capabilities
  • Azure Percept: Edge intelligence from silicon to service
  • Harness the power of data with Azure Data and AI
  • Demystifying cloud economics
  • E-commerce on Azure increases security with Payment Card Industry Three-Domain Secure compliance
  • Azure Cost Management and Billing updates – February 2021

RSS Amazon AWS

  • AWS Asia Pacific (Osaka) Region Now Open to All, with Three AZs and More Services
  • AWS DeepRacer League’s 2021 Season Launches With New Open and Pro Divisions
  • Amplify Flutter is Now Generally Available: Build Beautiful Cross-Platform Apps
  • New – Amazon Elastic Block Store Local Snapshots on AWS Outposts
  • AWS PrivateLink for Amazon S3 is Now Generally Available
  • New – Multiple Private Marketplace Catalogs
  • Amazon Lex Introduces an Enhanced Console Experience and New V2 APIs
  • New – AWS Transfer Family support for Amazon Elastic File System
  • Amazon Location – Add Maps and Location Awareness to Your Applications
  • New –  FreeRTOS Long Term Support to Provide Years of Feature Stability

Blog Stats

  • 487,330 hits

Archives

Create a website or blog at WordPress.com
Cancel

 
Loading Comments...
Comment
    ×
    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Cookie Policy
    %d bloggers like this: