XenApp and other things Xen

Tag Archives: xenapp

Citrix antivirus recommendations for XenApp

http://support.citrix.com/article/CTX127030  (it also contains links to provisioning services and edgesight)

Of note:

  • Scan on write events or only when files are modified. It should be noted that this configuration is typically regarded as a high security risk by most antivirus vendors. In high-security environments, organizations should consider scanning on both read and write events to protect against threats that target memory, such as Conficker variants.
  • Scan local drives or disable network scanning. This assumes all remote locations, which might include file servers that host user profiles and redirected folders, are being monitored by antivirus and data integrity solutions.
  • Exclude the pagefile(s) from being scanned.
  • Exclude the Print Spooler directory from being scanned.
  • Exclude specific files and folders within the \Program Files\Citrix directory that are accessed heavily or modified frequently. For example, the Local Host Cache (imalhc.mdb) and Application Streaming offline database (RadeOffline.mdb) files might need to be excluded from the \Independent Management Architecture sub-directory. The local Resource Manager Summary Database file (RMLocalDatabase.mdb) might also need to be excluded from the \Citrix Resource Manager\LocalDB sub-directory. If Application Streaming is used, the \RadeCache and \Deploy folders might need to be excluded as well. While entire directories can be excluded, it should be noted that this is not considered a best practice by most antivirus vendors. In high-security environments, organizations should consider excluding specific files using exact names, such as ‘imalhc.mdb’. If exact file names cannot be used, Citrix recommends using wildcard exclusions to limit the attack surface area.
  • Remove any unnecessary antivirus related entries from the Run key (HKLM\Software\Microsoft\Windows\Current Version\Run).
  • If pass-through authentication is being used, for example in a XenDesktop or Shared Hosted desktop scenario, exclude the XenApp Online Plug-in bitmap cache directory (typically %AppData%\ICAClient\Cache).

Citrix optimisations for Windows 2008 R2 server with XenApp 6/6.5

Citrix consulting have put together a large list of tweaks to help speed up and remove some hassles from Windows 2008 R2 with XenApp


Xenapp 6.5 out

This is pretty old news by now, but some of the features are over here:

– improvements to HDX: this means more types of flash content can be rendered locally, and hopefully cache a bit better. Of course you still need to be running a Windows based client to make use of these optimisations. Terminals, such as the Wyse S10 do not make use of it due to the limited client.

– Multi-stream ICA: this is  a big one. ICA can now be split out into 4 distinct streams

Very High  High Medium Low
Audio ThinWire/DX Command Remoting MediaStream (Windows Media and Flash) Printing
Seamless USB Redirection COM Port Mapping
MSFT TS Licensing Clipboard LPT Port Mapping
SmartCard Redirection Client Drive Mapping Legacy OEM Virtual Channels
Control Virtual Channel
End User Experience Monitoring

This means if you didn’t have a Citrix Branch repeater you didn’t have many (if any) options for splitting up the various channels within an ICA stream for QoS.

So if I ran QoS on my network links, i could only push ICA up the priority list, but then it would effect ALL ICA channels, including printing.

Now, admins can split it out and put printing where it belongs, looowww down the list.

More information here on multi-stream

Citrix pnagent command line switches

Spotted this over here, the switches are:

/Terminate Closes out PNAgent and any open sessions
/terminatewait  Closes out PNAgent and any open sessions
/Configurl  /param:URL  (useful if you haven’t set up the client as part of the install)
/qlaunch  (syntax example   C:\Program Files\Citrix\ICA Client> pnagent.exe /Qlaunch “Farm1:Calc”)
NOTE: this list has been depreciated with the later versions of Citrix Receiver 3.3. Those switches can be found here
To configure via command line for PNagent and Receiver 3.3 enterprise have a look here

Language bar – how to get rid of it

This thing serves very little purpose in our environment other than to consume system resources..

Found this article here that has a handy .adm template you can use to remove it in all it’s forms (user template).