Quick tour of Citrix StoreFront 3.5.
We covered the release of StoreFront 3.5 this week by Citrix. Today I’d like to review the install/upgrade process and the new features available in this version.
What’s new in StoreFront 3.5
- Store centric UI architecture – authentication and Receiver for Web settings are organized around stores to simplify navigation for multi-store deployments.
- Enable different authentication settings for different stores.
- Self Password management
- Configure delegation of authentication to XenApp/XenDesktop farms/sites.
- Configure multi-site high availability.
- Configure optimal NetScaler Gateway routing.
- Set a Receiver for Web site as the default page for the IIS Website.
- Background broker health-check.
- Configure many other settings previously done with web.config.
- New PowerShell SDK
- TLS 1.2 supported
- Windows Server 2008 R2 SP1 and higher
- 1 vCPU (4 vCPU recommanded)
- 2 GB ram (4GB recommended)
- Microsoft IIS and .NET 4.5
Source: StoreFront 3.5 requirements
Download StoreFront 3.5
But first, you need to download the new binaries.
You can find the links to download Citrix StoreFront 3.5 on the following page: Download XenApp/XenDesktop 7.8, StoreFront 3.5, PVS 7.8 and AppDNA 7.8 (Links are located at the end of the article)
Upgrade StoreFront 3.x to StoreFront 184.108.40.206
Make sure to backup your StoreFront servers and configuration before the upgrade.
It is not necessary to stop IIS services.
Configuration stored in the custom folder will remain after the upgrade.
Connect to your primary StoreFront server, and execute StoreFront-x64.exe.
You need to repeat this operation on all your StoreFront servers or the following message will be displayed:
When all the servers are upgraded, open the StoreFront console.
StoreFront 3.5 new administration console
The console has been improved by Citrix in this release. It is now possible to change a lot of settings directly in the console instead of having to play with the configuration files.
Configure Base URL
This option is still present in this version.
Set a Receiver for Web site as the default page for the IIS Website.
This will update the web.config of the IIS server:
<httpRedirect enabled="true" destination="http://storefront.citrixguru.lab/Citrix/CitrixGuruStoreWeb" childOnly="True" />
Microsoft IIS will automatically redirect to this website.
Configure Delivery Controller
You can now configure new settings for delivery controllers:
- All failed bypass duration: time in minutes for which a delivery controller is considered offline after all its servers fail to respond (default 0)
- Bypass duration: time in minutes for which a single server is excluded after it fails to respond (default 60)
- Maximum failed servers per request: number of max failed servers for a Farm (default 0 – unlimited).
- Ticket time to live: time in secs for which a ticket is valid (XA 6.5 and earlier) (default 60)
- Zones: zones associated with the delivery controller
Configure Unified Experience
By default Unified Experience is enabled in StoreFront 3.0, and the new StoreFront 3 UI is displayed.
If upgraded from 2.x, this option is disabled and the Green bubbles UI is displayed.
Configure Authentication Methods
The configuration of the authentication methods have been revamped.
Note: Trust XML request must be configured in order to use Pass-through authentication.
All settings are now available on the right of each method.
You can still configure trusted domains.
You can now allow users to manage their passwords (it was previously available in Citrix Web Interface).
You can delegation authentication to AD or Delivery Controllers.
If you plan to use StoreFront 3 in the DMZ, the servers still need to be in an AD domain (not necessary the same as your delivery controllers). In that case, you’d need to configure XML password validation instead of AD password validation ( see XML delegation in StoreFront 3.5).
Users can unlock their Active Directory accounts or reset their passwords via StoreFront.
You need to have XenApp 6.5 in your Store because it works with the Citrix Single Sign-On Service shipped with XenApp 6.5 until a new SSPR Service for XenApp/XenDesktop 7.x is available.
Configure Receiver for Web
The Web Site settings for the receiver have also been updated.
You can disable the Receiver X1 experience and revert to the green bubbles theme.
Or you can customize the new X1 UI with your own logos and colors. Unfortunately, you still need to play with the code to change others settings. I wish Citrix would have add new options here.
App groups are still available.
You can create application groups based on the application names, keywords, etc.
The display is really nice and clean.
You can also configure the authentication methods for this particular website.
Add resource shortcuts.
Configure the detection of the receiver (most annoying thing in the world).
I recommend to disable this setting and deploy the Citrix Receiver with SCCM on your LAN. For WAN users, I recommend to add a link to receiver.citrix.com on your homepage in order to let your users deal with the installation.
Configure the session settings.
- Server communication attempts: number of attempts to contact the StoreFront server
- Communication timeout duration: time after the StoreFront is considered unreachable
- Session timeout: after logon, inactive users are disconnected after a specified time
- Sign-in timeout: timeout on the logon page if no activity
Before it was mandatory to do the changes in the configuration files but now it is available in the UI,
Workspace Control can now be configured in the UI as well.
- Logoff action: None/Disconnect/Terminate
- Workspace control
- Enable: Enable/Disable workspace control
- Automatically reconnect: reconnect automatically all disconnected sessions at logon
- Show reconnect: display the reconnect button on the website
- Show disconnect: disaply the disconnect button on the website
Client interface settings
Same for Client interface settings.
- Auto launch desktop: Enable/Disable the auto launch of desktops
- Show desktop viewer: Show/Hide the receiver bar
- Enable Receiver configuration: Enable/Disable activate option
- Multi-click duration: avoid the start of multiple apps if the user clicks multiple times in few secs
- Enable fiddler tracing: trace traffic between the receiver and the StoreFront servers. Loopback communication must be disabled (default OFF)
- Enable folder view: display folders (default ON)
- Enable loopback communication: enable communication between Citrix Receiver and StoreFront servers using the loopback adapter (Default ON)
- Enable protocol handler: enable client detection on Chrome (Default ON)
- Enable strict transport security: enforce HTTPS (default OFF)
- ICA file cache expiry: number of secs for which an ICA file is cached in memory (default 90s)
- Icon resolution: resolution of the icons on the website (default 128)
- Loopback port when using HTTP: (default 80)
- Prompt for untrusted shortcuts: prompt users for permission to launch untrusted apps
- Protocol handler skip double-hop check: (default OFF)
- Resource details: app display configuration Default/Full (default Default)
- Strict transport security policy duration: duration of the strict transport policy (default 90days)
You also have Advanced settings available in the UI.
PN Agent is still supported.
Subscriptions (Favorites) can be disabled or enabled.
Enable or Disable Kerberos delegation (you need to configuration the computer object in AD to be able to use Kerberos for authentication)
Zones are available since XenDesktop 7.7.
Optimal HDX routing is a new feature of StoreFront 3.5. It allows you to route HDX connections or/and authentication based on the zones or the delivery controllers. So you can use gateway in the same geographical location.
I am very excited by this feature as It allows us to have one global StoreFront infrastructure for multi-site configuration and still use local NetScaler gateways to connect to applications.
Integrate with Citrix Online
- Advertise Store: the store is presented to the users during the discovery
- Hide Store: the store is not presented. Need to type the StoreFront URL or use a provioning file.
- Allow resolution type: type of address to request from the server DNS/DNS port/IPV4/ IPV4 port/Dot/Dot port/URI/No change (default DNS)
- Allow font smoothing: improve font display in HDX sessions (default ON)
- Allow session reconnect: allow HDX sessions to be reconnected (default ON)
- Allow special folder redirection: configure special folder redirection (default OFF)
- Background health-check pooling period: when the health-check pooling is configured (default every 1min)
- Connection timeout duration: number of secs before timing out a response from a DDC (default 30)
- Connection timeout: number of secs to wait before establishing the communication with a DDC (default 6)
- Enable enhanced enumeration: Enable parallel enumeration (default ON)
- Enable socket pooling: Use pool of sockets when communicating with a DDC (default OFF)
- Filter resources by excluded keywords: You can only display resources that don’t match keywords
- Filter resources by included keywords: You can only display resources that match keywords
- Filer resources by type: You can only display resources by type
- Maximum concurrent enumerations: number of parallel enumerations (default 0 – No limit)
- Maximum farms for concurrent enumeration: the maximum of delivery controllers before enumerations are performed in parallel (default 3)
- Override ICA Client name: rewrite the client name (default OFF)
- Require token consistency: enforce consistency between the gateway used to authenticate and the gateway used to connect to the store (default ON)
- Server communication attempts: the number of attempts to communicate with a DDC before marking them unavailable (default 1)
- Show Desktop Viewer for legacy clients: fix problems where the Desktop View is not displayed (default OFF)
You can use this feature to create .cr (Citrix Receiver file). This will automatically configure the Citrix Receiver of your users with the selected Store(s).
Note: you need to send this file to your users.
Add a new StoreFront store
The creation of a new StoreFront store has been slightly revamped. See below.
You can now configure the store to be the default IIS website.
With multi-servers StoreFront farm, you need to propagate changes to all servers.
You can do that manually but the easiest way to do that is to use the Propagate changes feature of StoreFront 3.
Remember to always do your changes on the primary StoreFront server.
Go to Server Group, select Propagate Changes.
You need to have the following configuration for the propagation to work.
- NT Service\CitrixClusterService
- NT Service\CitrixConfigurationReplication
StoreFront 3.5 is what StoreFront 3.0 should have been. Most options are now available in the GUI. New features like HDX routing or background health-check are greatly appreciated.
I am also preparing an article on the new StoreFront 3.5 PowerShell SDK. Stay tuned !