Open main menu

Changes

Citrix Receiver configuration

6,829 bytes removed, 21:18, 23 January 2020
Printing
* Go directly into one published resource, e.g. a fullscreen desktop
* Present a choice to users for multiple available resources, e.g. published applications
* Use [[Mozilla_Firefox | Firefox ]] or Chromium web browsers and log in via browser
* Use the "selfservice" GUI to provide a browser-like experience
== Browser-based login ==
If you want to log in via browser, create a [[Connection | connection]], use either [[Mozilla_Firefox | Firefox ]] or Chromium, and point it to your Citrix URL. You will notice that you have the "Citrix Workspace App"
On most modern PCs a browser is a good choice, and NoTouch cleans out the environment after the browser is closed. On older systems or the Raspberry Pi you may find a browser solely for the purpose of logging in uses too many resources, though.
== Citrix Workspace App ==
In most cases a [[Connection | connection ]] of type '''Citrix/StoreFrontWorkspace App''' and a Citrix URL as connection target are enough to successfully run a Citrix client.
"Citrix/StoreFrontWorkspace App", the mode of choice for using NoTouch with both StoreFronton- premise and PNAcloud-based sitesCitrix deployments, including Citrix Workspace. It can be used to either run one resource (absolutely seamless to the end user) or show a menu where users can choose from - at your option!
If you want to connect to sites using the older PNA protocol or any earlier Citrix products, please visit [[Legacy_Citrix_configuration | Legacy Citrix configuration]]Note: Before version 2.40.4680 (i.e. end of 2018), the '''Citrix Workspace App''' connection mode was called '''Citrix/StoreFront'''
=== Creating a StoreFront connection ===
Setting up a connection to a Citrix StoreFront portal is really easy. Follow these simple steps:
# Create a connection
# Set its <code>Connection Mode</code> parameter to "Citrix Workspace App" (older versions call this "Citrix/StoreFront")
# Set the Citrix StoreFront URL into the <code>Connection Target</code> parameter
#* Use the real StoreFront API URL, typically like /Citrix/Store (as opposed to the user/web browser URL that ends in /StoreWeb)
#* You can also use the <code>Citrix URL</code> parameter of the Citrix options instead of <code>Connection Target</code> - both parameters work equally well
# Make sure the client has access to all necessary [[Certificates]]. StoreFront is SSL-only, it is mandatory to install proper root certificates!
NoTouch will display a chooser if more than one published resources are available (otherwise, if it is only one, it will launch that without further questioning). If you want to go directly into one resource, please read below.
 
Note: The Citrix Workspace App will display a choice between different stores. That is especially common if going through a NetScaler that bundles multiple stores. To avoid that, you must set up your URLs that it goes to one store. It is really all depending on the URL and the server configuration.
=== Starting directly into a specific application or desktop ===
There are two parameters, both need to be enabled for USB forwarding to work (yes, the default is that both are on):
* "'''Citrix USB forwarder'''" in the "Services" section* "'''Generic USB forwarding'''" in the ICA parameters section of the actual connection.
The Citrix USB forwarder is a system service, thus it can be configured from the "Services" parameters, not the Citrix ICA connection parameters. The startup behavior is controlled by the parameter named "'''Citrix USB forwarder'''" parameter. It has these options:
* "with Citrix connection". This is the default. Start the Citrix USB forwarder only if there is a Citrix connection configured.
* "on". Start the Citrix USB forwarder after system boot.
Futhermore, you can allow or deny specific devices by using the "'''Allow devices'''" and "'''Deny devices'''" parameters in the "Services"/"Citrix USB" parameters. These parameters directly modify Citrix' usb.conf file and thus accept the original Citrix syntax only [1]. Multiple stanzas, each one describing one device, stanzas separated by commas, can be added to either of these parameters. A stanza consists of tags that in turn have the form TAG=VALUE. Acceptable tags are:
* '''VID''' Vendor ID from the device descriptor
Please see the original Citrix documentation for more information [2]. Changes to these parameters need a reboot to become active.
 
=Browser Content Redirection (BCR)=
Browser Content Redirection (BCR) is a Citrix feature to use the local, client CPU to render certain webpages instead of the VDA side. In other words, instead of the VDA side rendering the whole page, a Workspace-App-side rendering engine will be started and instructed to fetch the web content from the URL, render it locally and draw it into the browser window "over" the rest of the Citrix session.
 
On the NoTouch side, BCR needs to be switched on with the "Browser Content Redirection" parameter under the Citrix options - set it to "on". On the Citrix side, you'll have to deal with
 
*certain Citrix policies,
*browser plugin installation,
*URL whitelisting (only whitelisted URLs will be redirected).
 
More information can be found here: [https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/browser-content-redirection.html Browser Content Redirection] and [https://support.citrix.com/article/CTX230052 Troubleshoot Browser Content Redirection].
 
Needless to say, all required components for BCR are part of NComputing NoTouch OS. You do not need to worry about installing GStreamer, WebKitGtk+, CEF etc.
 
To use BCR with multimedia content on the EX400 (x64) thin client, you will need the Fluendo codec pack. As of WSA 19.06, Citrix can not simply work with "only free codecs". See below for a more detailed explanation on the codec question.
 
==Codes==
A codec in this context is a program to playback a certain kind of video or audio stream. NComputing NoTouch OS only includes codecs that are free from any patent license fees. We understand many people don't care but we do. If you download any kind of desktop Linux and then additionally install these patented codecs such as AAC or H.264, you are at risk of being sued, at least in a commercial environment. That said, please don't report bugs to NComputing that sound like "It works on Ubuntu, I just installed all these codecs...". The proper way is to purchase the Fluendo codecs, which are high-performing and properly licensed codecs on Linux. This codec is relatively inexpensive and gives you legal safety as well as the highest performance. Note: This only applies to software. If your system has hardware decoders and the drivers can make use of them, the royalties are already being paid for by the HW manufacturer.
 
Typical free codecs are VP8, VP9, AV1, Theora (video), and Opus, FLAC, MP3 (audio). Yes, MP3 is now patent-free since the last patent expired in mid-2017. Typical codecs that require licensing are AAC (audio), MPEG-2, H.264, and HEVC/H.265, again, unless your hardware has such codecs built-in.
 
==RX-HDX (based on Raspberry Pi platform)==
Browser Content Redirection on the Raspberry Pi 3 does work in principle but is unsupported by NComputing as there are a few caveats. The Pi implementation, as of mid-2019, uses CEF (Chrome Extension Framework) as opposed to WebkitGtk+ which is actually the more modern approach. However,
 
The software is still very early and may not work in all circumstances (please direct support questions to Citrix)
It does not work conceptually with a full-screen H.264 encoded session, obviously
It will degrade performance because the Pi 3's CPU is not made for rendering complete web pages
The Raspberry Pi 4 with its improved CPU power changes the game - As the Raspberry Pi 4 emerges, both Citrix and NComputing are working together on next-generation BCR capabilities.
= HDX and Multimedia support =
From within the "HDX/Multimedia" parameter section (a subsection of Citrix "ICA" parameters), several aspects of multimedia support of the ICA/HDX protocol can be configured.
===HDX MediaStream Flash Redirection===
Flash redirection is enabled by default. Please note that the list of software requirements on the server side is long and the list of supported software modules such as browsers is very short. You may have to adapt your VDI environment to meet Citrix requirements.
After making these modifications you need to restart IE on VDA.
===HDX RealTime Webcam Video Compression===
HDX RealTime Webcam Video Compression needs audio input to be enabled both on client and server to work. NoTouch typically has audio input ("microphone in") disabled by default, so you have to turn this on. Besides that, no extra switch is necessary to enable HDX RealTime Webcam Video Compression, but there's still an extra switch to force the redirection, "HDX RealTime webcam video compression".
=== HDX RealTime Media Engine (RTME) ===
The Citrix HDX RealTime Media Engine (RTME) is the client-side component of the Citrix HDX RealTime Optimization Pack for Skype for Business. To enable Skype for Business experience, both client side and server side need to be properly configured.
On the client side, the both [https://www.ncomputing.com/products/RX-series/RX-HDX RX-HDX ] and [https://www.ncomputing.com/products/EX-series/EX400 EX400] thin client comes clients come with RTME integration (firmware version 2.40.2670 and above). By default, the HDX RealTime Media Engine is disabled and must be enabled for the Citrix connection to optimize the Skype for Business experience. This can be done in Connection -> Citrix -> HDX/Multimedia settings by setting the “HDX Realtime Media Engine (Skype for Business)” parameter to “on” (see screenshot below).
<br>
Once the HDX RealTime Optimization Pack is setup, the audio and video devices connected to the RX-HDX thin client are enumerated locally by RTME (i.e. not redirected from the client to the VDA). The Audio and video settings can be modified directly from Skype for Business setting menu.
<br>
<br>
 ===HDX 3D Pro GPU/H.264 acceleration===
HDX 3D Pro GPU/H.264 acceleration is enabled by default. Switch it off by setting the "HDX 3D Pro GPU/H.264 acceleration" parameter to off.
http://support.citrix.com/article/CTX131501
===HDX Mediastream Windows Media Redirection===
NoTouch includes GStreamer, as required by Citrix Receiver to support Mediastream Windows Media Redirection [4].
==Printing==
Printing works fine with Citrix in NoTouch. Please consult our [[Printer_configuration|Printer configuration ]] page.
=Smartcard support=
==Citrix considerations==
Citrix has a lot of options, some combinations may have strange effects. Most people are fine with the defaults, in fact Stratodesk , NComputing recommends to change something only when a) necessary and b) advised to do so. Stratodesk can not provide support for Citrix installation, be sure to have a Citrix professional at hand when troubleshooting.
More detailed information can be found in Citrix Receiver for Linux 13.4 eDocs - you can skip the part about installation and integration, since this is already done in NoTouch.
Also please check out the Citrix Receiver Feature Matrix.
 
In case something does not work as expected, always open a Citrix support case before contacting NComputing.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
== Multimonitor/Dualscreen operation ==
 
The Citrix Receiver will take advantage of [[Multimonitor|multiple monitors]] automatically and it will report screen geometry to the server. Please make sure Multimonitor support works, more information can be found here: [[Multimonitor|Multimonitor operation with NoTouch]]
 
Two parameters influence the dualmonitor/multimonitor behavior - the effects of these parameters are entirely up to Citrix and may change with different versions of the Citrix client:
* Use screens (span)
** Default. This is the default. All monitors are available will be used if present.
** All. Force using all monitors.
** No setting. NoTouch will not set this parameter at all when launching the Citrix client.
** Custom. The values from the "Custom span parameter" will be taken.
* Custom span parameter (only if "Use screens" is set to custom. The following excerpt is from the Citrix manual:
-span [h[[o][a|mon1[,m2[,m3,m4]]] Set monitor spanning of full-screen sessions.
 
Most people will be fine with default settings, both in single- and in dual-monitor setups.
 
== HTTPS/SSL and certificates ==
 
If you use private certificates, you must add your own certificate - please refer to the [[Certificates|documentation on certificates]].
 
The Citrix Receiver for Linux does not have any switch to simply ignore the certificate check. That means you can not just turn the checks off. This is a Citrix limitation.
 
== USB forwarding ==
 
By default, USB forwarding is switched to on and USB devices will be forwarded to the server automatically. So called HIDs (human interface devices, such as keyboards, mice, but also mouse-emulating devices like digital dictation foot pedals) will not be forwarded, but rather handled locally and brought to the VDI desktop as keystrokes and mouse movements.
 
There are two parameters, both need to be enabled for USB forwarding to work (yes, the default is that both are on):
* "'''Citrix USB forwarder'''" in the "Services" section
* "'''Generic USB forwarding'''" in the ICA parameters section of the actual connection.
 
The Citrix USB forwarder is a system service, thus it can be configured from the "Services" parameters, not the Citrix ICA connection parameters. The startup behavior is controlled by the parameter named "'''Citrix USB forwarder'''" parameter. It has these options:
* "with Citrix connection". This is the default. Start the Citrix USB forwarder only if there is a Citrix connection configured.
* "off". Do not start the Citrix USB forwarder.
* "on". Start the Citrix USB forwarder after system boot.
 
Futhermore, you can allow or deny specific devices by using the "'''Allow devices'''" and "'''Deny devices'''" parameters in the "Services"/"Citrix USB" parameters. These parameters directly modify Citrix' usb.conf file and thus accept the original Citrix syntax only [http://support.citrix.com/proddocs/topic/receiver-linux-13-0/linux-usb-remoting.html]. Multiple stanzas, each one describing one device, stanzas separated by commas, can be added to either of these parameters. A stanza consists of tags that in turn have the form TAG=VALUE. Acceptable tags are:
* VID Vendor ID from the device descriptor
* REL Release ID from the device descriptor
* PID Product ID from the device descriptor
*Class Class from either the device descriptor or an interface descriptor
* SubClass SubClass from either the device descriptor or an interface descriptor
* Prot Protocol from either the device descriptor or an interface descriptor
 
Valid examples for either of the two parameters are:
* VID=1460 PID=0008
* Class=07 SubClass=06
 
The Information page of the local configuration application will present information about USB devices to you - this is the place how you can find out the VID or PID, for instance. Command line afficionados will prefer the lsusb command, preferably in lsusb -v form.
 
Please see the original Citrix documentation for more information [http://support.citrix.com/proddocs/topic/receiver-linux-13-0/linux-usb-remoting.html]. Changes to these parameters need a reboot to become active.
 
== HDX and Multimedia support ==
 
From within the "HDX/Multimedia" parameter section (a subsection of Citrix "ICA" parameters), several aspects of multimedia support of the ICA/HDX protocol can be configured.
 
=== HDX RealTime Webcam Video Compression ===
 
HDX RealTime Webcam Video Compression needs audio input to be enabled both on client and server to work. NoTouch typically has audio input ("microphone in") disabled by default, so you have to turn this on. Besides that, no extra switch is necessary to enable HDX RealTime Webcam Video Compression, but there's still an extra switch to force the redirection, "HDX RealTime webcam video compression".
 
=== HDX 3D Pro GPU/H.264 acceleration ===
 
HDX 3D Pro GPU/H.264 acceleration is enabled by default. Switch it off by setting the "HDX 3D Pro GPU/H.264 acceleration" parameter to off.
 
If there are any issues regarding the session's resolution while HDX 3D Pro is active, please have a look at the following article:
 
http://support.citrix.com/article/CTX131501
 
== Expired passwords ==
 
The Citrix Receiver for Linux has a feature to allow users to enter a new password should theirs have expired. This has to be done before actually logging in, so it requires a special mechanism. Again, this functionality provided by the Citrix Receiver, it just needs to be configured properly - set these two parameter in the Citrix parameters correctly:
* '''Kerberos KDC Server (Domain Controller Name)'''. This needs to be a DNS host name or IP address of the Domain Controller. Please make sure the name is resolvable by DNS (i.e. not just a Windows/WINS name) - a simply test is to ping the name from the Console of a NoTouch system or any other non-Windows system such as a Mac.
* '''Kerberos KDC Realm (Domain Name)'''. Set this to the domain name of your AD domain.
 
Keep in mind that NoTouch systems are not members of the AD domain - this is the reason why you have to supply to these parameters to NoTouch, which in turn passes them on directly to the Citrix Receiver.
 
== Smartcard support ==
 
Citrix can forward smartcard readers and use these for login purposes. U.S. Federal customers will enjoy the CAC card support. In that case, do not forward the smartcard reader with generic USB forwarding. Configure smartcard support according to these instructions:
 
# Switch on the "Smartcard service (PCSCD)" in the "Services" options
#* In most cases the default settings for the Smartcard driver parameter will be fine. Some readers need the Omnikey setting, not only Omnikey readers. You may have to experiment with that or contact support.
# Set the "Smartcard login" parameter in the Citrix parameters to "on"
 
Note: For XenDesktop, do not attempt to use the generic USB forwarding mechanism to forward the smartcard reader (it won't be default, you would have to play with the settings). The downside is that then you can't use the reader for login purpose. It would work to forward a reader into the session only (ie without login) if that is what you want.
 
== Advanced configuration ==
 
NoTouch comes with reasonable default values and should accomodate all Citrix options that are used by 99% of the people. However sometimes even deeper configuration accesses are necessary. NoTouch comes with an easy-to-use method of modifying Citrix INI files: [[Citrix Receiver configuration files]]
 
Furthermore, you can totally rewrite the files that are used to generate the Citrix configuration, which would work by the [[Templates|template mechanism]].
 
== Selecting the Citrix Receiver version ==
 
Most NoTouch images have at least two Citrix Receiver versions included. Yes, you read that correctly, two different versions of the Citrix product, so you can select the one that fits your use case better. By default, the newer client will be used. At the time of writing, the 13.8 Receiver is the latest Citrix Linux receiver incorporated in the RX-HDX thin client.
 
To switch to an alternative version of the Citrix Receiver, use the "Client version (if present)" parameter in the Citrix options. You may have to scroll down a bit to find it, it is pretty far down below.
 
== Proxy settings ==
 
The Citrix Receiver can connect via a proxy server. While these parameter may seem obvious, it is important to note that from OS 2.40.1310 on the Citrix Receiver will inherit the [[Mozilla Firefox#Proxy settings|Firefox proxy settings]] of the same connection, if you switch the "Use Firefox proxy settings" parameter to on. This will inherit exactly your NoTouch settings that you made in the "Firefox" parameters.
 
Certainly you can configure the proxy settings directly and even specify to inherit from the [[Network#Proxy settings|system-level proxy settings]]. Here are the parameters in more detail:
* '''Use Firefox proxy settings'''. If set to on, all parameters below will be ignored and the Firefox configuration parameters of the same connection will be evaluated.
* '''Proxy type'''. Master switch denoting the kind of proxy configuration used:
** No setting. Do not mention anything about proxy in the Citrix configuration files.
** None. No proxy is to be used.
** System settings. The [[Network#Proxy settings|system-level proxy settings]] will be used.
** Auto config (Script). The system will download a .pac file from the "Proxy autoconfig URL" and evaluate it.
** Secure Host. Think of this as the "manual configuration". The system will use the "Proxy hostname" parameter and the "proxy bypass list".
** SOCKS. Uses the "proxy hostname" as a SOCKS proxy.
* '''Proxy hostname'''. Hostname:port combination of the proxy server to be used. It must be configured to accept HTTPS traffic.
* '''Proxy bypass list'''. A comma-separated list of hostnames and IP addresses that Receiver will always contact directly.
* '''Proxy autoconfig URL'''. A URL to the .pac file providing proxy auto-configuration, if the Proxy type parameter is set to "Auto config (Script)".
* '''Fallback to direct if no autoconfig received'''. In case the autoconfig URL (see above) can not be reached, Receiver will connect directly. This can be useful if people are traveling.
 
== Citrix considerations ==
 
Citrix has a lot of options, some combinations may have strange effects. Most people are fine with the defaults, in fact NComputing recommends to change something only when a) necessary and b) advised to do so. NComputing can not provide support for Citrix installation, be sure to have a Citrix professional at hand when troubleshooting.
 
More detailed information can be found in [http://docs.citrix.com/en-us/receiver/linux/13-4.html Citrix Receiver for Linux 13.4 eDocs] - you can skip the part about installation and integration, since this is already done in NoTouch.
 
Also please check out the [https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-receiver-feature-matrix.pdf Citrix Receiver Feature Matrix].
 
 
In case something does not work as expected, always open a Citrix support case before contacting NComputing.
[[Category:Server connections]] [[Category:NoTouch OS]]