Monthly Archives: December 2017

So why choose Citrix over Microsoft RDS?

A question came a couple of days ago, to do a refresh on this blogpost since this is a topic that appears frequently on Twitter from time to time so therefore I decided to do a rewrite of this blogpost.  So why should we choose Citrix over Microsoft RDS? Isn’t RDS good enough in many circumstances? and has Citrix out-played its role in the application/desktop delivery marked?  Not yet… So this questions has also appeard in my head many times over the last year, what is an RDS customer missing out on compared to XenDesktop? So therefore I decided to write this blogpost showing the different features which IS not included in RDS and an architectual overview of the different solutions and strenghts to both of them. NOTE: However I’m not interested in discussing the pricing here, I’m a technologist and therefore this is mostly going to be a feature matrix show-off

Architecture Overview

Microsoft RDS has become alot better over the years, especially with the 2012 release and actually having central management in Server Manager, but alot of the architecture is still the same. Also that we can now have the Connection broker in Active/Active deployment as lon as we have a SQL server (Note: 2016 TP5 now supports Azure Database for that part) External access is being driven by the Remote Desktop Gateway (Which is a web service to forward proxy TCP and UDP traffic to the actual servers / vdi sessions) and we also have the web interface role where users can get applications and desktop and allow them to start remote connection.

image

But still the remote desktop application which is built-into the operating system still does not have a good integration with a RDS deployment to show “buisness applications” and with Microsoft pushing alot to Azure they should have a better integration there to show buisness applications and web applications from the same kind of portal.

From a management perspective as I mentioned still done using Server Manager (Which is a GUI addon to PowerShell where also alot is done, but server manager is still kinda clunky for larger deployments and also it does not give any good insight in how a session is being handled or such, you would require to have System Center or digg into events logs or third party tools to get more information. But we can now centrally provision the different roles directly from Server Manager and the same with application publishing which makes things alot easier!

Microsoft is coming with RDmi as well most likely next year, which will also introduce a easier way to deliver RDP using App Services in Azure which allows us to host services such as RDmi Gateway, web, connection broker and diagnostics in Azure and place our RDSH servers anywhere with most likely using some form of connector between local servers and Azure Web Apps  (Quite similar to what Citrix is doing with Citrix Cloud and Cloud Connectors as well)

image

Also Microsoft has released Honolulu which is a modern take on server manager which is based upon HTML5 and has support for extensions where RDmi will be supported when it is released.

image

Citrix has adopted the FMA architecture from the previous XenDesktop versions, but the architecture might still resemble RDS. NOTE: That the overview is quite simplified but this is because I will dig into the features later in the blog. With Citrix we have more moving parts. Yet a bit simplified. With RDS I would need a load balancer for my Gateways and Web Interface servers. With Citrix in larger deployments you have NetScaler which can serve as an Proxy server and load balance the requires Citrix services as well. Also with Citrix we have a better management solution using Desktop Studio, which also allows for easy integration with other platforms and also simple image management using MCS  plus that we have Director as well which can be used for troubleshooting and monitoring of the Citrix infrastructure as well and can also be used to troubleshoot and do define end-user support.

image

The Protocol

So in most cases, and what I often see as well is HOW GOOD IS THE PROTOCOL? Again and again I’ve seen many people state that RDS is as good as Citrix ICA, but again ill just post this picture and let it state the obvious. You need facts!

Luckily I’ve done my research on this part.

While RDP as mostly a one-trick pony which we can do some adjustments in Group Policy to adjust the bandwidth usage or using regular QoS, it is still quite limited to the networking stack of the Windows NDIS architecture, which is not really adjustable. NOTE: That with Windows Server 2016 most traffic is being redirected trough the UDP port, but it is difficult to define what kind of remoting channel should use in terms of KB/s

(ThinWire vs Framehawk vs RDP) https://msandbu.wordpress.com/2015/11/06/putting-thinwire-and-framehawk-to-the-test/
Now with Citrix we can have different protocols depends on the use-case, for instance me and a good friend of mine, did an Citrix session over a 1800 MS latency connection using ThinWire+ and it worked pretty well, while RDP didn’t work that well, on another hand we tried Framehawk on a 20% packet loss connection where it worked fine and RDP didn’t work at ALL.

But again this shows that we have different protocols that we can use for different use-cases, or different flavours if you will. 

clip_image002

Another trick to it is that in most cases, XenDesktop is deployed behind a NetScaler Gateway, which has loads of options to customize TCP settings at more granular level then we could ever do in Windows without messing in Registry in some cases. So is RDP a good enough protocol for end-users? Sure it is! but remember a couple of things

  • Mobile users access using a crappy Hotel Wifi (Latency, packet loss)
  • Roaming users on 3G/4G connection (TCP retransmissions, packet loss)
  • Users with HIGH requirements in terms of performance (Consuming alot of bandwidth)
  • Connections without using UDP (Firewall requirements)
  • Multimedia requirements (3D, CAD applications)

With these types of end-users, Citrix has the better options also now with Adaptive Transport.

UPDATE: Now by default, Citrix has released EDT which by default uses UDP as the transport mechanism  ( you can see a bit more about protocol benchmarking here –> http://msandbu.org/xendesktop-edt-over-netscaler-benchmarking/ ) which performs alot better then regular TCP is most scenarioes.  You can also see a comparison of HDX versus RDP here as well –> https://bramwolfs.com/2017/11/29/a-comparison-between-display-protocols-and-codecs/ note that RDP operates at 4:4:4

Also as of late Citrix now also supports H.265 (Which is the successor to 2.64 –> https://docs.citrix.com/en-us/receiver/windows/current-release/about.html, note however that this requires a physical GPU server side)

Image management

Image management is the top crown, being able to easily update images and roll-out the changes when updates are needed in a timely fashion without causing to much downtime / maintance.

With RDS there is no straight forward solution do to image management. Yes RDS has single-image management but this is mainly for VDI setups running on Hyper-V which is now the supported solution for it. But a downside to this is that it requires Hyper-V in order to be able to do this using Server Manager. It is still not shown yet how this will be affected with RDmi, but against Azure it is possible to do ARM based templates to deploy RDS servers automatically.

Citrix on the other hand has many more options in terms of management OS image management. For instance Citrix has Machine Creation Services which is a Storage way to handle OS provisioning and changes to virtual machines, which I described in my other post on MCS and Shadow Clones ( https://msandbu.wordpress.com/2016/05/13/nutanix-citrix-better-together-with-shadow-clones/ )

image

Also Citrix has Provisioning Services, which allows Images to be distributed / streamed using the network. So virtual machines and physical machines can be configured with PXE boot and stream and operating system down and store in RAM. Doing updates to the image just requires an reboot.

Another thing to think about here is the hypervisor support, where in most cases PXE supports both physical and virtual. MCS is dependant on doing API calls to the Hypervisor layer, but it already has support for

  • * VMware
  • * XenServer
  • * Hyper-v w SCVMM
  • * Azure (With native support for most of the azure components)
  • * Amazon EC2
  • * Cloudplatform
  • * Nutanix

Other features that Citrix has:
* Cloud based services available now (Services such as Citrix Cloud, XenApp Essentials, XenDesktop Essentials)

  • * RemotePC (This golden gem which allows a physical computer to be accessed remotely using the same Citrix infrastructure) just need to install an VDA agent and publish it and can then be accessed using Citrix * Receiver. Even thou if Microsoft has RDP built into each OS there is not central management of it and there is no support to add these to the gateway builtin, each user has to remember the IP and FQDN in case.
  • * App-V and Configuration Manager integration and management (Citrix actually has App-V management capabilities directly from Studio, they also have an integration pack with Configuration Manager which allows for use of WoL for RemotePC for instance. It can also leverage the Configuration Manager integration do to application distirbution and direct publishing for that leverage Configuration Manager heavily
  • * App Layering which allows us to do application and user layers (based upon Unidesk)
  • * WEM – Workspace Enviroment Manager to allow more in-depth policy control and system resource management.
  • * NetScaler Insight – To allow better insight on the HDX channel to see how the traffic flow is distributed between screen, printer, audio, video for instance.
    * Smart Tools – Allows us too use for instance smart scale which works flawlessly in Cloud Settings to stop/start XenApp hosts based upon a schedule http://msandbu.org/citrix-smartscale-and-microsoft-azure/
  • * VM hosted application (allows us to publish applications which for under some scenariones can only be installed on a client computer)
  • * Linux support (Citrix can also deliver virtual desktops or dedicated virtual desktops from Linux using the same infrastructure)
  • * Full 3D support (Microsoft still has alot of limitations here using RemoteFX vGPU, and it can also support DDI using Hyper-V also on Azure) but Citrix has multiple solutions for instance to do vGPU from NVidia or do GPU-passtrough directly from XenServer, VMware or even AHV.
  • * Full VPN and endpoint analysis using NetScaler Gateway (NetScaler Gateway using Smart Access has alot of different options to do endpoint analysis using OPSWAT before clients are allowed access to a Citrix enviroment.
    * Integration with Citrix NetScaler and Intune to deliver Conditional Access – Many are adopting EMS with Intune for MDM which now supports Citrix deployment and access via NetScaler and Azure AD integration
  • * Skype for Buisness HDX optimization pack (Allows to offload Skype audio and video directly to an endpoint from the servers)
  • * Universal Print Services (Allows for easier management of print drivers)
  • * System Center Operations Manager management packs (Part of the Comtrade deal which allows platinum customers to use management packs from ComTrade to get a full overview of the Citrix infrastructure. Citrix now also provides OMS modules to leverage OMS to do monitoring of Citrix enviroments as well
  • * More granluar control using Citrix Policies (Which allows us to define more settings on Flash redirection, Sound quality, bandwidth QoS and much more)
  • * Browser content redirection
  • * HTML5 based access (Storefront supports HTML 5 based access, which opens up for Chromebook access, Microsoft is still developing their HTML 5 web front-end)
  • * Hell of a lot better management and insight using Director!
  • * Local App Access (Allows us to “present” locally installed applications into a remote session)
  • * Better Group policy filtering (based upon where resources are connecting from and using Smart Access filters from NetScaler)
  • * Performance optimization (Using for instance PVS and Write Cache to RAM with Overflow to Disk you don’t have to be restrained to the resources on the backend infrastructure, but allows for a better user experience
  • * Zone based deployment which allows users to be redirected to their closest datacenter based upon RTT
  • Mix of different OS-versions, with Citrix we have an VDA agent that can be used on different OS versions and be managed from the same infrastructure while Microsoft has limited management for each OS version.
  • * SAML based authentication to provide SSO directly to a Citrix enviroment.

NOTE: Did I forget a crucial feature or something in partciular please let me know!

One of the things however I do feel that Microsoft is doing right now is with Project Honolulu and developing a more HTML5 / REST based UI to make server management easier, so I sure hope that Citrix is also moving in that direction as well.

Summary

So why choose Citrix over Microsoft RDS? Well to be honest Citrix has a lot of feature which makes it more enterprise friendly.

  • Easier management and monitoring capabilities
  • Better image-management and broad hypervisor/cloud support + Performance Optimization
  • Better protocol which is multi-purpose (ThinWire, EDT, Adaptive Transport, etc)
  • Broader support for other ecosystem (Linux, HTML5 Chromebooks)
  • NetScaler (Optimized TCP, Smart Access, Load balancing)
  • GPU support for different workloads
  • Remote PC support
  • Collabaration support with Skype for Buisness
  • Zone based deployment
  • Layering capabilities (Personlization and Application)

But it is also no denying that RDS works in most cases and it all comes down to requirements of the business, but the most important fact in any type of app delivery platform is that it provides the best possible end-user experience.

So to sum it up, you can have a Toyota Yaris which can get you from A to B just fine or you can have a garage filled with different cars depending on requirements with bunch of different features which makes the driver experience better, because that is what matters in the end… End-user experience!

Review – Goliath application availability monitor

One of the issues with a RDS/Citrix/Horizon enviroment is actually capturing how the experience feels like for an end-user and being able to detect and see how the end-user sees the logon process. Most monitoring tools today focus on the performance on the terminal servers looking at CPU/Memory and storage available or looking at services that are actually running using service monitoring tools like System Center Operations Manager and so on. The issue with these is that they are infrastructure focused which of course is an important aspect but we also need to look at the end-user layer as well. This is something that Goliath have worked closely on with the release of Application Availability Monitor, which allows us to do monitor of enduser applications and desktop using realtime logon test as an end-user from different locations. They also provide visibility into all applications and desktops being launched, with reports and drilldown analytics detailing whether logons succeeded, failed, or where slow.

They also provide screenshots of each process to make it easier for helpdesk to determine where the issue lies.

The architecture is pretty product is pretty simple, it consists of the Goliath Availabilty server which stores and maintance state of the connectivity and stores the result in a SQL Server database which can either be locally installed as part of the goliath server or using a remote setup NOTE: If you download the trial from their website the product will by default install with SQL Express embedded with the installation. We also have the availability agents which actually performs the tests against the different enviroment regardless if it is Microsoft RDS, Citrix XenDesktop or Horizon View.

image

Of course depending on what kind of enviroment you want to do testing against there are some small differences on what we need to configure on the endpoint and configure the enviroment we want it to test against. So we define a schedule to check application availablity from each of our enviroments, and Goliath will do a step by step interaction and take screenshots to determine where any type of error might occur. For instance in this example below we can see that my resource Administrative Desktop is suddenly not available.

image

The test is based upon a schedule which I have defined and which agent it is run from. Here we can see an example from where a desktop is not available but all other components are available and are working hence what we see in the availability analysis. In a scenario where there are issues further in the session you will get a screenshot which shows where the issues lies.

Citrix-Epic-Login-Monitoring

So using Application Availability Monitor from Goliath it can allow us to get a clearer image of how the enviroment is doing but not just by monitoring individual services and processes, but actually combining this with a simulated end-user logon process to see where the process stops.

Accessing Azure Advisor using REST API

One of the cool still faily new services in Azure is the Azure Advisor feature. Azure Advisor is a service which provides insight into your subscription based upon high-availability, cost, performance or security (which is using Azure Security Center)

image

Using the UI (Portal) You can also download recommendations either using Excel or using PDF as well. However logging into each of these portal if you have multiple customers is a bit time consuming.

Luckily Azure Advisor is also accessable using the REST API, which can easily be scripted combined with Azure CLI from any linux host.

In order to use if you first need to send a POST command which will generate the recommendations, which I’m been using curl to achive

This script need two variables which is subscription and token (which is a service principal in Azure AD)

#Define variables
subscription=subscriptionid
token=$(az account get-access-token –output tsv | cut -f1)

#Generate Recommendations

curl -v –silent –request POST‘ ‘’
–url ‘https://management.azure.com/subscriptions/${subscription}/providers/Microsoft.Advisor/generateRecommendations?api-version=2017-03-31’ \
–header ‘authorization: Bearer $token’ \
–header ‘cache-control: no-cache’ \
-d “Content-Lenght: 0” -d “Accept: application/json” –stderr – | grep x-ms-request-id | cut -d “:” -f2 | sed ‘s: ::g’

#Get result from query

sec=https://management.azure.com/subscriptions/${subscription}/providers/microsoft.Security/tasks?api-version=2015-06-01-preview
# Getting Azure Security Center feedback
curl –request GET \
–url “$sec” \
–header “authorization: Bearer $token” \
–header ‘cache-control: no-cache’ | json_pp

This will return all recommendations are JSON based text which which is being image

defined using json_pp allows us to much easier parse it as JSON text and much easier allows us to parse each recommendation as a service ticket and allow the service desk to follow-up on each recommendations that is being returned.