PoC Guide: Deploying Citrix DaaS and Amazon WorkSpaces Core using Terraform PoC Guide: Deploying Citrix DaaS and Amazon WorkSpaces Core using Terraform Overview AWS WorkSpaces Core is a managed virtual desktop infrastructure designed to work with third-party VDI solutions such as Citrix DaaS. It is the compute layer of AWS workloads that the Citrix DaaS control plane can help orchestrate and manage to deliver HDX-optimized apps anywhere. AWS WorkSpaces Core and Citrix improve cost savings, simplify cloud management, and provide a superior user...

Citrix Integration with Nutanix Prism Central The Citrix integration with Nutanix Prism Central on AHV makes it easier for Citrix Administrators to manage Citrix workloads on Nutanix's hybrid multi-cloud environments. With this new integration, Citrix's capabilities work directly with Nutanix Prism Central hybrid and multi-cloud environments, including on-premises AHV, NC2 on Azure, and NC2 on AWS. Find out more in this Citrix Tech Insight! Citrix_TechInsight_NutanixPlugin.mp4

Image Management - A new way of deploying Machine Catalogs and reducing Master Image Complexity Overview Citrix Machine Creation Services (MCS) has seen many advancements since its inception in XenDesktop 5.0, and the team continues to innovate within Citrix Virtual Apps and Desktops product line. With the Image Management functionality, MCS separates the mastering phase from the overall provisioning workflow. You can prepare various MCS-Image versions (aka Prepared Images) from a single Master image and use it across multiple, different MCS-based Machine Catalogs,...

Deployment Guide: Using Terraform for Daily Administrative Operations Deployment Guide: Using Terraform for Daily Administrative Operations This guide focuses on daily administrative operations using Terraform after the initial deployment: Keeping the .tfstate file safe Importing an existing Infrastructure into Terraform Checking an Infrastructure for changes after the initial deployment Checking the Endpoint App settings (Workspace App, Enterprise Browser) for changes after the initial deployment Changing...

PoC Guide: Integrating Windows 365 Cloud PCs with Citrix Session Recording Service This Proof-of-Concept Guide provides the steps to integrate Windows 365 Cloud PCs with Citrix Session Recording Service. The following is covered in this guide: Deploy Citrix Session Recording resources to Azure subscription Deploy Citrix Session Recording Agent to Windows 365 Cloud PCs Configure Citrix Session Recording policies Replay a recording with Citrix Session Recording Player Requirements and Prerequisites Citrix...

Machine Profiles: Simplifying Provisioning in Hybrid Multi-Cloud Environments Overview Machine profile is a feature available to Citrix administrators who use Machine Creation Services (MCS) to provision machines in Citrix Virtual Apps and Desktops and Citrix DaaS environments. This article will cover the key reasons for using a machine profile and the steps necessary to configure machine profiles in your environment. This includes how to deploy via: Web Studio through Recommendations New Machine Catalog creation...

Citrix Virtual Apps and Desktops Overview Citrix Virtual Apps and Desktops is a virtualization solution that provides access to applications and desktops security from anywhere on any device independent of the device’s operating system and interface. It also allows administrators to centrally manage application and desktop access via a web console for resources deployed on-premises or in a public cloud. This proof of concept (POC) guide provides the steps to create a Citrix Virtual Apps and Desktops deployment to...

Detecting and Mitigating Password Spraying Attacks on NetScaler Gateway Understanding Password Spraying Attacks Password spraying attacks continue to increase, with major security vendors reporting significant rises throughout 2024. Unlike traditional brute force attacks that try many passwords against a single account, password spraying attempts to avoid detection through various techniques: Using leaked credentials from the dark web. Generating synthetic usernames based on company naming patterns. Distributing attempts across thousands...

Automated Monitoring of Cloud Connector Health and Metrics Overview This Tech Paper focuses on automated monitoring of already deployed Cloud Connectors in a Citrix DaaS Resource Location using REST-API calls, PowerShell scripts, and a self-written .NET application. REST API calls are the most flexible way to trigger health checks on the Cloud Connectors and retrieve records of past health events. The Advanced HealthData API provides a detailed time series of metrics and connectivity data from all services running on the Cloud Connectors....

Horizon to Citrix Migration: What to Know Overview Migrating from Omnissa Horizon to the Citrix Platform requires detailed planning and execution. Though both technologies allow users to access virtual desktops and apps, it is necessary to understand their differences and respective architectures. Both Omnissa and Citrix deliver applications and desktops to users, but they employ different technologies to achieve this. Omnissa supports various remoting protocols, including Blast Extreme, PCoIP, and RDP, offering flexibility...

Networking SSL/TLS Best Practices (Q1 2025 Edition) Overview This Tech Paper aims to convey what someone skilled in NetScaler would configure as a generic implementation to receive an A+ grade at Qualys SSL Labs. Qualys SSL Labs performs a robust series of tests and provides a scorecard that you can use to improve your configuration. The scan is free and only takes about a minute to complete. While an A+ at SSL Labs is a useful benchmark, it may not be suitable for every environment. Organizations should weigh the benefits of...

Key Exchange in SSL/TLS: Understanding RSA, Diffie-Hellman, and Elliptic Curves Overview When you connect to a secure website, your browser and the server must establish an encrypted connection to exchange data. Many will say this connection is "protected with the server's certificate," but this oversimplifies what's happening. Certificates are crucial in authenticating the server and enabling key exchange, but they’re just one piece of the puzzle. Modern websites depend on seamless yet robust encryption to ensure data security. Understanding how key exchanges...

Citrix Strong Network We welcome Strong Network to the Citrix Platform family. Strong Network Tech Zone content will be coming soon. Please visit the Strong Network home page for information and resources.

Managing Timeout Settings Across Citrix Components for Optimized User Experience and Security Overview This article provides a comprehensive guide for End User Computing (EUC) administrators on configuring and managing timeout settings across Citrix components, including NetScaler, StoreFront, Citrix Identity Platform, and third-party Identity Providers (IDPs). Since multiple components manage session and timeout policies independently, configuring these settings optimally is crucial for delivering a secure, seamless user experience. Admins can leverage Citrix's timeout...

Citrix NetScaler Cheat Sheet Overview This cheat sheet for Citrix NetScaler provides a comprehensive list of commands and their functions for system status, service management, network configuration, high availability, authentication, SSL certificates, backup, traffic analysis, connectivity testing, and system resources. Key commands and functions include: System Status: Commands to check system uptime, CPU, memory, SSL utilization, hardware, firmware, licenses, current time, operating modes, and feature status....

POC Guide: Citrix Session Remote Start POC Guide - Citrix Session Remote Start.pdf Overview Session Remote Start offers APIs that allow trusted third-party services to enumerate, launch, and log off Citrix sessions. It enables unattended logins triggered by events such as building badge scans and reduces delays in time-intensive environments. Optional login scripts can disconnect sessions after logon, keeping them available for users to reconnect as needed. With seamless integration into existing Citrix components,...

Implementing DISA STIGs for Citrix Environments Overview This tech paper is designed to provide the most up-to-date configurations and exemptions that we have tested. This is meant to be a helpful guide and NOT a definitive solution for STIG implementation or a guarantee to pass an audit. We plan to update this tech document frequently with the release of new products, DISA STIGs, and lessons learned from the field. If you’re a US Government DoD IT engineer, then you’re undoubtedly familiar with the Secure Technical...

Citrix Cheat Sheet - DISA STIGs in Citrix Virtual Apps and Desktops Environments Citrix Cheat Sheets - DISA STIG.pdf The Citrix Cheat Sheet - DISA STIGs in Citrix Virtual Apps and Desktop environments points out some of the standard STIG settings that might be giving you trouble, as well as a few pointers and tips. If you have already finished implementing STIGs, this is a good list to lead you to a setting that might be breaking your environment. If you haven’t implemented STIG settings yet, cheat sheet will give you a good head start on what to look for and may...

Citrix Federated Authentication Service POC Guide - Citrix FAS.pdf Overview Citrix Federated Authentication Service (FAS) is a privileged component designed to integrate with Active Directory Certificate Services. It dynamically issues certificates for users, allowing them to log on to an Active Directory environment as if they had a smart card. This allows StoreFront to use a broader range of authentication options, such as Security Assertion Markup Language (SAML) assertions. SAML is commonly used as an alternative...

Migrating Citrix DaaS from Single Tenant to Multitenant Introduction This document provides guidance for Citrix Service Providers (CSPs) to migrate a customer from an existing standalone single-tenant Citrix DaaS service to a CSP multitenant service. A CSP admin can follow the steps detailed in the document to complete the migration process. When a CSP transitions an existing single-tenant DaaS Customer to the partner’s multitenant service for centralized management and greater economy of scale, a parallel deployment for the customer in...

NetScaler Credential Protection: A Comprehensive Technical Analysis Executive Summary This paper provides a comprehensive technical analysis of credential protection within NetScaler environments. It examines the evolution from static encryption keys to the modern Key Encryption Key (KEK) system that automatically generates unique encryption materials for each deployment. NetScaler distinguishes between two credential types with different security requirements: recoverable service passwords that use AES-256-CBC encryption with KEK and non-recoverable...

Using Citrix Automation with Terraform and Ansible to deploy Citrix DaaS on Microsoft Azure (2025 Update) Using Citrix Automation with Terraform and Ansible to deploy Citrix DaaS on Microsoft Azure (2025 Update) Overview This guide provides an overview of using Terraform and Ansible to create a complete Citrix DaaS deployment on Microsoft Azure. At the end of the process, you will have created: A new Citrix Cloud Resource Location (RL) on Azure (optional) A Shared Image Gallery (SIG) on Azure A Shared Master Image Definition and a shared Master Image...

Installing and Configuring Ansible, Terraform, and Packer for Citrix Infrastructure-as-Code-based Environments Installing and Configuring Ansible, Terraform, and Packer for Citrix Infrastructure-as-Code-based Environments Overview This guide provides an overview of using Ansible, Terraform, and Packer to deploy Infrastructure-as-Code-based environments. We will install all the prerequisites and IaC frameworks needed on one Virtual Machine to ensure smooth communication between Ansible, Terraform, and Packer. Our standard installation of an IaC-VM also has Docker installed. However, the...

Multi-Domain Federated Authentication Service (FAS) Architecture Tech Paper_Multi-Domain Federated Authentication Service (FAS) Architecture.pdf Overview Many public and private organizations are integrating Citrix solutions into Active Directory infrastructures in multi-forest scenarios, typically to separate user objects from resources. In addition to this deployment type, many companies are moving toward SAML-based authentication to improve security, as it offers more flexibility and granular authentication policies. SAML could be a...

Security Recommendations When Deploying XenServer Overview This tech paper helps you design security for a virtualized XenServer environment. It includes general best practices as well as information about the following: Protecting XenServer networks and storage Installing and deploying XenServer securely Configuring virtual machines Securing virtualized storage The recommendations and guidance in this document are not intended to be exhaustive. Unless needed for clarity, this document does not provide...

XenServer Reference Architectures XenServer for Citrix Workloads - Provides a blueprint for deploying XenServer to run Citrix workloads suitable for enterprise-sized deployments that can scale from a few hundred to a few thousand VDAs. Deployment Guides VMware to XenServer Migration Guide - Provides high-level steps and tools for migrating Citrix workloads and infrastructure components from VMware to XenServer. Tech Papers Security Recommendations When Deploying XenServer -...

VMware to XenServer Migration Guide Overview Multiple scenarios and tools exist for migrating your Citrix workloads and infrastructure components from VMware to XenServer. The best combination of methods or tools will depend on what you are migrating. This guide is meant to offer high-level steps. It is not meant to be a step-by-step guide of every task. This guide should be used along-side Citrix and XenServer product documentation for full prerequisites, system requirements, planning, tasks, etc. We recommend testing...

XenServer for Citrix Workloads Overview This document serves as a blueprint for deploying XenServer to run Citrix workloads for the most common commercial-sized deployment that can scale from a few hundred to a few thousand VDAs. Whether using Citrix Virtual Apps and Desktops or Citrix DaaS, this reference architecture is valid. Enterprise-sized deployments may have additional considerations that are not covered in this reference architecture. Use XenServer product documentation alongside this document. Blueprint...

Unicon Unicon provides a Secure, Lean Operating System and Management Tool for Virtual Desktop Endpoints. With its eLux OS and Scout management system, Unicon’s software is highly suitable for on-premises and cloud use cases, consisting of endpoints like thin clients, desktop PCs, and laptops. Deployment Guides

eLux 7 2503 VM on XenServer eLux OS is a secure, lightweight, hardened operating system designed for Citrix environments. Combined with Scout, it provides a centralized solution for efficiently managing all endpoints in your enterprise. eLux enhances security, reduces operational costs, and supports hybrid and cloud-based workspaces. Ideal for VDI and DaaS scenarios, eLux ensures a reliable and consistent user experience. The eLux 7 2503 release supports eLux 7 as a virtual machine on XenServer (formerly Citrix...