Learn about major components in Citrix architecture and its role. Also, understand how the User to connect VDI.
As we all are used to working from home, we know how our organization restricts their employee to work in a secure manner irrespective of where are they. Citrix plays a major role to make life easy for organizations and keep its show running in any situation. Citrix is a popular tool that provides VDI (Virtual Desktop Infrastructure) to work from anywhere. They are experts in application and desktop virtualization, dedicated and shared VDI offerings, and accessing through a thick and thin client. You can install workload on-premise, and Azure/GCP cloud.
Today we are going to discuss the major components in Citrix architecture and the role of individual components. Additionally, we will learn about User VDI access flow.
The diagram below shows Citrix components and their connectivity.
1. NetScaler Gateway
This works as a load balancer and supports SSL offload. As the name suggests, it facilitates access to Citrix resources in your environment. It also supports MFA (Multifactor Authentication).
It works as a web UI. User VDI access request is accepted by StoreFront and sent to the delivery controller for processing. Once it receives details from the Delivery controller, it sends them back to the user. It also manages stores of virtual desktops and virtual applications.
3. Delivery Controller
It is the heart of Citrix Architecture, as it communicates with all components and acts as a connection broker.
4. SQL Server
It stores VDI configuration and user-session information
5. Active Directory
It is used for authentication and authorization.
DNS is used for name resolution.
It provides a self-service GUI interface through which you can configure the Desktop and Application.
Director is a Citrix-provided web monitoring tool that enables IT support to monitor the environment.
9. License Server
It provides a desktop license to VDI and also manages Citrix product licenses.
10. Provisioning Server
When any new request comes for VDI, the delivery controller sends information to the provisioning server and it provides a new VDI.
This dynamically allocates IP to VDI. When the provisioning server spins up a new VDI, free IP will be assigned via DHCP.
It is a virtualized layer where VDI will be provisioned. It can be Xen, VMware, or Hyper-V.
13. VDA (Virtual Delivery Agent)
The VDA enables the virtual or physical machine of the site to register with the Controller, which allows the machine and the resources it is hosting to be made available to users.
Opening Communication Ports Between Components
During setup, you need to open communication ports between components. Below are the major ones to remember.
- NetScaler Gateway: 80/443
- StoreFront UI: 80
- Delivery controller: 80
- Citrix License server: 2700/7279
- Provisioning server: 6910-6930
- Microsoft SQL database: 1433
- Active Directory: 389/636
- DNS: 53
How the User Gets VDI
If your organization provides Citrix VDI, you must be wondering how Citrix allocates VDI to you without any manual intervention. When you log off and log in again, you get the same session that you were in earlier. We will learn how the user gets VDI.
Overall there are three stages that occur when users access a (shared/dedicated) desktop or (shared) application. I will explain each stage in detail here.
1. User Login Stage
When the user accesses NetScaler gateway URL, a web form will be presented to him. The user puts his credential in, and NetScaler shares this info to Active Directory to authenticate the user. Once the user is authenticated, the request will be forwarded to the storefront. Now storefront needs info about which desktop or application is assigned to this user hence it checks with the delivery controller. At this stage, the delivery controller reaches to Active directory to get group membership of users. Based on that, it connects with SQL DB and gets info about which desktop or application is allocated to the user. The delivery controller converts the data into XML format and shares it with a storefront. StoreFront read an XML file and publishes a desktop or application to the user.
2. VDI Access Stage
When the user clicks on the desktop, the request goes to the storefront via NetScaler. StoreFront asks the delivery controller where the desktop is hosted. The delivery controller already has information on VDI. Normally, VDI installs on hypervisors like Xen, VMware, or Hyper-V. It generates a ticket and stores information of VDI like ticket number, IP address, hostname, etc. This ticket has been shared with StoreFront. It reads the info in the ticket and creates an ICA (Independent Computing Architecture) file and shares it with the user. At this point, an ICA file gets downloaded automatically on the user’s personal desktop.
3. VDI Launch
When the user clicks on the ICA file, it starts spinning, and the request again goes to NetScaler Gateway. However, this time NetScaler directly contacts the delivery controller and informs that the user is ready to access VDI. The delivery controller checks the ticket again and gives an IP address to NetScaler to connect to VDI. Once the session is established, the delivery controller connects with the license server and checks whether VDI has a correct license or not, as well as applies a session policy on VDI.
This is how the user gets VDI allocated by the system.
I hope this information has been helpful in order to know Citrix’s environment better.