Jump to content
Welcome to our new Citrix community!
  • 0

On 2203 LTSR CU1 right now - is it safe to update only VDAs to CU3, leave other components at CU1 for now?


zheise996

Question

Hello,

 

I upgraded my entire 1912 LTSR environment to 2203 CU1 last autumn (CU1 was the newest available at the time) and it was quite a time consuming experience. I'm building some new base images now and was debating what version of the VDA to install on them - the newest 2203 CU3, or because the rest of the environment is still on CU1 components, do these new VDAs also need to be on CU1 in order to be in a Supported Configuration to Citrix?

 

In general, I'm not sure what baseline components as listed on the big list need to be the same version. Like, could I upgrade Director as well to CU3? That was quite easy to get from 1912 to 2203. The time consuming ones to upgrade last autumn were of course Storefront and Delivery Controllers. I'd like to hold off on upgrading them entirely until the next LTSR which I assume will come next spring.

 

Thanks for any advice anyone could provide - I'm pretty new at this.

Link to comment

5 answers to this question

Recommended Posts

  • 0

Hello Zach,

 

On the Citrix Upgrade steps diagram it it shows that VDA are  upgraded before Controllers. It also shows that you can upgrade VDA later when upgrading master image.

On my own experience, there should be no issue to upgrade to the VDA to CU3 and leave the rest of the infrastructure to CU1. When I upgrade only the VDA I usualy upgrade Session Recording server as well.

Anyway, in cas of doubt, you can easly test it.

 

  • Like 1
Link to comment
  • 1

CU updates only contain bug fixes. It will be best to stick to CU1 if you are not facing any issues with the build.

 

 

On 6/10/2023 at 3:05 AM, zheise996 said:

Hello,

 

I upgraded my entire 1912 LTSR environment to 2203 CU1 last autumn (CU1 was the newest available at the time) and it was quite a time consuming experience. I'm building some new base images now and was debating what version of the VDA to install on them - the newest 2203 CU3, or because the rest of the environment is still on CU1 components, do these new VDAs also need to be on CU1 in order to be in a Supported Configuration to Citrix?

 

In general, I'm not sure what baseline components as listed on the big list need to be the same version. Like, could I upgrade Director as well to CU3? That was quite easy to get from 1912 to 2203. The time consuming ones to upgrade last autumn were of course Storefront and Delivery Controllers. I'd like to hold off on upgrading them entirely until the next LTSR which I assume will come next spring.

 

Thanks for any advice anyone could provide - I'm pretty new at this.

  • Like 1
Link to comment
  • 0

Hi Prateek - I am recalling back in February of this year, there was a CVE listed here, that had the solution for it to be to update to 2203 CU2 or later version to fix the vulnerability. You are right; if the VDA only had bug fixes, I would not be as interested, but my bosses are asking to me to reduce security vulnerabilities wherever I could. So I thought that maybe now I could update the VDA version on my servers to CU3.

 

Quote:

Quote

What Customers Should Do

Recent versions of Citrix Virtual Apps and Desktops contain fixes for this vulnerability: 

Citrix Virtual Apps and Desktops 2212 and later versions 

Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates

Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates

Citrix strongly recommends that customers upgrade to a version of Virtual Apps and Desktops that contains the fixes as soon as possible.  

 

So, is it okay to update the VDAs to 2203 CU3, but not update the other components? Thank you!

Link to comment
  • 0

Just today a new Alert came out - https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490  - saying that the issue is fixed in CU3 VDA. So, please, still looking for confirmation that I am okay to update my VDA on my virtual machines to CU3 in a new base image, but leave the rest of my citrix infrastructure - delivery controllers, storefront - at CU1? yes? no?

Link to comment
  • 0
On 6/19/2023 at 12:27 AM, MBi said:

Hello Zach,

 

On the Citrix Upgrade steps diagram it it shows that VDA are  upgraded before Controllers. It also shows that you can upgrade VDA later when upgrading master image.

On my own experience, there should be no issue to upgrade to the VDA to CU3 and leave the rest of the infrastructure to CU1. When I upgrade only the VDA I usualy upgrade Session Recording server as well.

Anyway, in cas of doubt, you can easly test it.

 

I ended up starting a ticket/case with Citrix in which they confirmed the same thing you said, and mentioned this link in particular - at first they said the VDA should not be upgraded unless I was having problems, but then I pointed out that numerous CVE security issues are fixed between CU1 and CU3 and then they changed to saying that upgrading the VDA should be okay.

 

Quote: "As per your question, you can actually run CU3 VDAs in citrix environment, without needing to upgrade the rest of  storefront servers, delivery controller to CU3."

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...