At a recent CUGC (Citrix User Group Community) event in Dublin I delivered a presentation on best practices for optimizing and managing Citrix Workloads – both for on prem & cloud environments.
The following is a summary of the recommended 12 steps required to deliver the optimum performance of Citrix workloads and how to effectively manage them.
Step #1 – Provision it (Choose your Provisioning methodology)
Whether you choose MCS (Machine Creation Services) or PVS (Provisioning Services) to deliver your workloads – provisioning and updating your machine catalogs from gold image templates simplifies the deployment process and let’s you quickly update your provisioned workloads from a single image template.
With MCS, the storage layer does the work, it’s quicker to deploy but rollback of image updates is a little trickier than PVS.
With PVS, the network layer does the work, it requires setup of PVS back end infrastructure, image rollback is easier and is now fully supported on Microsoft Azure. Most organizations already know their preferred provisioning methodology but if you’re not sure – there is a useful flowchart to help you decide.
Step #2 – Optimize it (Run Citrix Optimizer)
Citrix optimizer optimizes user environments for better performance. It runs a quick scan the base OS and then applies template-based optimization recommendations. You can optimize in two ways:
- Use built-in templates to perform optimizations. To do so, select a template applicable to the operating system.
- Alternatively, create your own customized templates with specific optimizations you want and then add the templates to Workspace Environment Management (WEM).
Run Citrix Optimizer on your gold image VM and apply the optimization recommendations before provisioning any workloads to ensure your VDA/VDI machines will perform optimally.
Step #3 – Seal it (BIS-F Sealer Script)
Base Image Script Framework is a free tool for sealing and personalizing your Windows Images using a vendor best practices way. Download and install BIS-F on the gold image OS and configure your desired settings via local group policy from ADMX template copied into C:\Windows\PolicyDefinitions.
There are a number of Microsoft, Anti-virus, Citrix Optimizations and more to configure. For example you can use the script to redirect the page file, event logs, WEM cache to a persistent drive for non-persistent workloads.
Run the sealer script each time you have finished updating the gold image VM, prior to updating the machine catalog.
Step #4 – Configure the Write Cache
For non-persistent desktops – configure a Write Cache for persistent storage of event logs, AV definition files, page file redirection etc., & improved desktop performance by redirecting the MCSIO cache to a persistent drive.
Write cache allows you to save the differential writes for persistent items in the Windows configuration. Data is written to the write cache instead of the base image itself – improving overall I/O performance.
- PVS – recommended setting: Cache on device RAM with overflow on hard disk
- MCS – configure the Write Cache during machine catalog creation and using BIS-F script
Note – some additional settings below to configure when creating a machine catalog in Azure:
Step #5 – Deploy FSLogix
FSLogix enhances and enables user profiles in Windows remote computing environments allowing you to roam user data between remote session hosts. In CVAD environments you can typically configure the following containers:
- O365 container – cache your office settings and data such as cached Outlook email in an O365 .vhdx container which is attached to and merged with the local OS on user logon.
It allows Outlook to run in offline cached mode, as well as caching Teams & OneDrive data.
- Profile container – replace the traditional Citrix UPM (user profile management) configured with Citrix policies or Group policy writing a profile to a network file share with an FSLogix Profile container – attached to the workload at user logon. This eliminates slower logon times caused by profile bloat and delays in copying user profile data across the network.
It’s free to install and use, depending on your Microsoft licensing eligibility and easily configurable through group policy.
Step #6 – Optimize Microsoft Teams
The perceived performance of your Citrix Desktop will most likely live or die by the performance of Microsoft Teams (if used by your organisation).
There are many detailed blog posts on how best to deploy & configure MS Teams in Citrix environments, most notably by CTP James Rankin. Some of the basics required to optimize:
- You must use the Teams machine wide installer on your gold image / workloads
- For on prem Citrix environments to avail of HDX Optimization of Teams traffic you will need Citrix farm version LTSR 1912 or higher, VDA 1906.2 or higher installed on your workloads and Workspace app 1907 or higher installed on your client devices
- The FSLogix O365 container will help cache your Teams data
- If using Citrix UPM – you will need to add a lot of exclusions to your UPM policy to ensure there is no significant profile bloat from using MS Teams
- Consider disabling Teams auto-start on logon to protect performance of the OS
Step #7 – Configure OneDrive
To automate and simplify how your end users use OneDrive within the Citrix Desktop – configure OneDrive settings for all users via GPO.
Other points to note / consider:
- You’ll need the OneDrive machine-based installer (similar to MS Teams) for non-persistent Server VDA workloads
- You can silently move or prompt users to move common folders such as Desktop, Documents and Pictures to their OneDrive folder)
- You can include the OneDrive cache data in the O365 FSLogix container – allowing fast load of all OneDrive data on user login and minimal time required for OneDrive synchronization.
Step #8 – Size it (Size matters)
The amount of RAM & CPU you assign to each workload will be very important in determining the overall performance of the published desktop – whether it be dedicated end user VDI, Server VDA or AVD (Windows 10 multi-session OS). For shared desktop – extensive testing will be required to determine the sweet spot in terms of assigned compute resources vs optimum number of users per desktops.
Tools such as Login Enterprise / Login VSI are excellent for helping right size your production environment. Login VSI is the industry-standard in benchmark and load testing for the end-user computing and application markets, including VDI and server-based computing.
With Application load testing and Capacity Load testing built in – you can accurately predict the future performance of the desktop – without extensive user acceptance testing. The only downside if that Login Enterprise does not come cheap – so it’s most likely a non- runner for those smaller Citrix deployment projects.
Step #9 – WEM (Workspace Environment Management)
The primary performance gain can be achieved through the intelligent resource management. The WEM service monitors & analyses user and app behaviour in real time and intelligently adjusts RAM, CPU and I/O. You can also replace logon scripts and preferences and settings normally configured within GPOs – by having them implemented through the WEM agent.
The advantages are you can increase user density per workload if intelligently optimizing the compute resources, and easily update and manage system preferences for different working sets (i.e., groups of VDAs) through the WEM Admin console.
Step #10 – Monitor It
An effective EUC monitoring tool (such as ControlUp, eG Innovations) will be a game changer when it comes to real time monitoring and identification of performance issues in your environment.
Citrix Director, while undoubtedly a useful starting point in problem diagnosis, provides limited visibility in the root cause of performance issues. My own favourite – ControlUp provides tools that will greatly enhance your environment monitoring & performance tuning:
- Real-time monitoring (Real-Time DX)
- Historical Analysis (Insights)
Real-Time DX collects metrics, logs and config data across the compute, storage, network and service layers of an environment and will help you quickly identify the performance pain points in your environment – whether it be a single workload running slowly, a single user session with a hung process, a hypervisor host with performance issues, network latency, storage array issues etc.
ControlUp Insights gives your team the information they need to plan effectively, optimize resources, and monitor the health of your systems. It can provide sizing recommendations for your provisioned workloads – whether they be under resources or over resourced. It will also give you long term historical insights into your overall infrastructure performance.
Step #11 – Secure It
Security will need to be at the forefront of your mind in any Citrix Virtual Apps and Desktops deployment. The topic of securing your CVAD deployment could constitue many detailed blog posts all of their own but some of the notable items to consider include:
- MFA (Multi- Factor Authentication). Whether integrating the Citrix Cloud Gateway Service with an Identity provider such as Azure AD or integrating your on-prem Citrix ADC (NetScaler) with one of the many RADIUS 2FA solutions available – you really have no excuse for not putting MFA in place for your CVAD deployment
- For CVAD deployments integrated with Azure AD – you will need to deploy and configure Citrix FAS (Federated Authentication Services) in your CVAD environment
- For public remote access URLs configured on a Citrix ADC -check the security rating of your remote access URL on ssllabs.com. The aim should be to achieve an A+ rating for your URL.
- Citrix Policies – used for restrictions on data copy / cut & paste operations in and out of users sessions, allowing or prohibiting client device mappings, session recording, session watermarking etc.
- Network separation – break workloads / components down into subnets that are logically separated – can reduce the impact of an attached if your environment is compromised. For example, in many Azure CVAD deployments – workloads are placed in a FrontEnd subnet, while all infrastructure components such as Cloud Connectors, FAS servers, file shares etc, are placed in a BackEnd subnet on a different IP range.
Step #12 – AutoScale it
Especially important for Citrix Cloud CVAD deployments where workloads are hosted in a public cloud – such as Azure, AWS or GCP – AutoScale will proactively power manage your machines while balancing cost and user experience.
Ensure availability and control costs by powering machines with load-based or schedule-based power management, or a combination of both – all easily managed through the Citrix Cloud Delivery Group settings GUI.
As AutoScale is only available with Citrix Virtual Apps and Desktop Service in Citrix Cloud, automated power management for workloads for on premise farms proves a little more challenging to configure. But there are some community tools like PowerScale from Leee Jeffries which aims to automate many of the features for on premise workload management which disappeared when Citrix SmartScale was deprecated.
These 12 steps are not a definitive list by any means and I’m sure there are additional optimizations that other engineers in the field do on a day to day basis. I’ve touched very lightly on all of the above topics and in the coming weeks plan to do more detailed blog posts on some of the more complicated topics such as Configuring the Write Cache etc. But if anyone needs immediate advice or has a query on any of the above items – be sure to leave a comment or reach out.