Citrix StoreFront 3.5 Overview

Quick tour of Citrix StoreFront 3.5. 

We covered the release of StoreFront 3.5 this week by Citrix. Today I’d like to review the install/upgrade process and the new features available in this version.

What’s new in StoreFront 3.5

• Store centric UI architecture – authentication and Receiver for Web settings are organized around stores to simplify navigation for multi-store deployments.
• Enable different authentication settings for different stores.
• Self Password management 
• Configure delegation of authentication to XenApp/XenDesktop farms/sites.
• Configure multi-site high availability.
• Configure optimal NetScaler Gateway routing.
• Set a Receiver for Web site as the default page for the IIS Website.
• Background broker health-check.
• Configure many other settings previously done with web.config.
• New PowerShell SDK
• TLS 1.2 supported

Source: Citrix Blog / Announcement

Requirements

• Windows Server 2008 R2 SP1 and higher
• 1 vCPU (4 vCPU recommanded)
• 2 GB ram (4GB recommended)
• Microsoft IIS and .NET 4.5

Source: StoreFront 3.5 requirements

Download StoreFront 3.5

But first, you need to download the new binaries.

You can find the links to download Citrix StoreFront 3.5 on the following page: Download XenApp/XenDesktop 7.8, StoreFront 3.5, PVS 7.8 and AppDNA 7.8 (Links are located at the end of the article)

Upgrade StoreFront 3.x to StoreFront 3.5.0.23

Make sure to backup your StoreFront servers and configuration before the upgrade.

It is not necessary to stop IIS services.

Configuration stored in the custom folder will remain after the upgrade. 

Connect to your primary StoreFront server, and execute StoreFront-x64.exe.

You need to repeat this operation on all your StoreFront servers or the following message will be displayed:

When all the servers are upgraded, open the StoreFront console.

StoreFront 3.5 new administration console

The console has been improved by Citrix in this release. It is now possible to change a lot of settings directly in the console instead of having to play with the configuration files.

Configure Base URL

This option is still present in this version.

Default website

Set a Receiver for Web site as the default page for the IIS Website.

This will update the web.config of the IIS server:

 

Microsoft IIS will automatically redirect to this website.

 

Configure Delivery Controller

You can now configure new settings for delivery controllers:

• All failed bypass duration: time in minutes for which a delivery controller is considered offline after all its servers fail to respond (default 0)
• Bypass duration: time in minutes for which a single server is excluded after it fails to respond (default 60)
• Maximum failed servers per request: number of max failed servers for a Farm (default 0 – unlimited).
• Ticket time to live: time in secs for which a ticket is valid (XA 6.5 and earlier) (default 60)
• Zones: zones associated with the delivery controller

Configure Unified Experience

By default Unified Experience is enabled in StoreFront 3.0, and the new StoreFront 3 UI is displayed.

If upgraded from 2.x, this option is disabled and the Green bubbles UI is displayed.

Configure Authentication Methods

The configuration of the authentication methods have been revamped.

Note: Trust XML request must be configured in order to use Pass-through authentication. 

All settings are now available on the right of each method.

Trusted domains

You can still configure trusted domains.

Password options

You can now allow users to manage their passwords (it was previously available in Citrix Web Interface).

Password validation

You can delegation authentication to AD or Delivery Controllers.

If you plan to use StoreFront 3 in the DMZ, the servers still need to be in an AD domain (not necessary the same as your delivery controllers). In that case, you’d need to configure XML password validation instead of AD password validation ( see XML delegation in StoreFront 3.5).

Account Self-Service

Users can unlock their Active Directory accounts or reset their passwords via StoreFront.

You need to have XenApp 6.5 in your Store because it works with the Citrix Single Sign-On Service shipped with XenApp 6.5 until a new SSPR Service for XenApp/XenDesktop 7.x is available.

Configure Receiver for Web

The Web Site settings for the receiver have also been updated.

Receiver Experience

You can disable the Receiver X1 experience and revert to the green bubbles theme.

Customize Appearance

Or you can customize the new X1 UI with your own logos and colors. Unfortunately, you still need to play with the code to change others settings. I wish Citrix would have add new options here.

App groups

App groups are still available.

You can create application groups based on the application names, keywords, etc.

The display is really nice and clean.

Authentication methods

You can also configure the authentication methods for this particular website.

Shortcuts

Add resource shortcuts.

Client detection

Configure the detection of the receiver (most annoying thing in the world).

I recommend to disable this setting and deploy the Citrix Receiver with SCCM on your LAN. For WAN users, I recommend to add a link to receiver.citrix.com on your homepage in order to let your users deal with the installation.

Session settings

Configure the session settings.

• Server communication attempts: number of attempts to contact the StoreFront server
• Communication timeout duration: time after the StoreFront is considered unreachable
• Session timeout: after logon, inactive users are disconnected after a specified time
• Sign-in timeout: timeout on the logon page if no activity

Before it was mandatory to do the changes in the configuration files but now it is available in the UI,

Workspace control

Workspace Control can now be configured in the UI as well.

• Logoff action: None/Disconnect/Terminate
• Workspace control
  • Enable: Enable/Disable workspace control
  • Automatically reconnect: reconnect automatically all disconnected sessions at logon
  • Show reconnect: display the reconnect button on the website
  • Show disconnect: disaply the disconnect button on the website

Client interface settings

Same for Client interface settings.

• Auto launch desktop: Enable/Disable the auto launch of desktops
• Show desktop viewer: Show/Hide the receiver bar
• Enable Receiver configuration: Enable/Disable activate option
• Multi-click duration: avoid the start of multiple apps if the user clicks multiple times in few secs

Advanced settings

• Enable fiddler tracing: trace traffic between the receiver and the StoreFront servers. Loopback communication must be disabled (default OFF)
• Enable folder view: display folders (default ON)
• Enable loopback communication: enable communication between Citrix Receiver and StoreFront servers using the loopback adapter (Default ON)
• Enable protocol handler: enable client detection on Chrome (Default ON)
• Enable strict transport security: enforce HTTPS (default OFF)
• ICA file cache expiry: number of secs for which an ICA file is cached in memory (default 90s)
• Icon resolution: resolution of the icons on the website (default 128)
• Loopback port when using HTTP: (default 80)
• Prompt for untrusted shortcuts: prompt users for permission to launch untrusted apps
• Protocol handler skip double-hop check: (default OFF)
• Resource details: app display configuration Default/Full (default Default)
• Strict transport security policy duration: duration of the strict transport policy (default 90days)

You also have Advanced settings available in the UI.

PN Agent

PN Agent is still supported.

Configure store

Subscriptions

Subscriptions (Favorites) can be disabled or enabled.

Kerberos delegation

Enable or Disable Kerberos delegation (you need to configuration the computer object in AD to be able to use Kerberos for authentication)

HDX routing

Zones are available since XenDesktop 7.7.

Optimal HDX routing is a new feature of StoreFront 3.5. It allows you to route HDX connections or/and authentication based on the zones or the delivery controllers. So you can use gateway in the same geographical location.

I am very excited by this feature as It allows us to have one global StoreFront infrastructure for multi-site configuration and still use local NetScaler gateways to connect to applications.

Integrate with Citrix Online

useless

Advertise Store

• Advertise Store: the store is presented to the users during the discovery
• Hide Store: the store is not presented. Need to type the StoreFront URL or use a provioning file.

Advanced settings

• Allow resolution type: type of address to request from the server DNS/DNS port/IPV4/ IPV4 port/Dot/Dot port/URI/No change (default DNS)
• Allow font smoothing: improve font display in HDX sessions (default ON)
• Allow session reconnect: allow HDX sessions to be reconnected (default ON)
• Allow special folder redirection: configure special folder redirection (default OFF)
• Background health-check pooling period: when the health-check pooling is configured (default every 1min)
• Connection timeout duration: number of secs before timing out a response from a DDC (default 30)
• Connection timeout: number of secs to wait before establishing the communication with a DDC (default 6)
• Enable enhanced enumeration: Enable parallel enumeration (default ON)
• Enable socket pooling: Use pool of sockets when communicating with a DDC (default OFF)
• Filter resources by excluded keywords: You can only display resources that don’t match keywords
• Filter resources by included keywords: You can only display resources that match keywords
• Filer resources by type: You can only display resources by type
• Maximum concurrent enumerations: number of parallel enumerations (default 0 – No limit)
• Maximum farms for concurrent enumeration: the maximum of delivery controllers before enumerations are performed in parallel (default 3)
• Override ICA Client name: rewrite the client name (default OFF)
• Require token consistency: enforce consistency between the gateway used to authenticate and the gateway used to connect to the store (default ON)
• Server communication attempts: the number of attempts to communicate with a DDC before marking them unavailable (default 1)
• Show Desktop Viewer for legacy clients: fix problems where the Desktop View is not displayed (default OFF)

Provisioning File

You can use this feature to create .cr (Citrix Receiver file). This will automatically configure the Citrix Receiver of your users with the selected Store(s).

Note: you need to send this file to your users.

Add a new StoreFront store

The creation of a new StoreFront store has been slightly revamped. See below.

You can now configure the store to be the default IIS website.

Changes propagation

With multi-servers StoreFront farm, you need to propagate changes to all servers.

You can do that manually but the easiest way to do that is to use the Propagate changes feature of StoreFront 3.

Remember to always do your changes on the primary StoreFront server.

Go to Server Group, select Propagate Changes.

You need to have the following configuration for the propagation to work.

• NT Service\CitrixClusterService
• NT Service\CitrixConfigurationReplication

StoreFront 3.5 is what StoreFront 3.0 should have been. Most options are now available in the GUI. New features like HDX routing or background health-check are greatly appreciated.

I am also preparing an article on the new StoreFront 3.5 PowerShell SDK. Stay tuned !