Jump to content

Tyd Ros

Legacy Group
  • Posts

    19
  • Joined

  • Last visited

Posts posted by Tyd Ros

  1. On 1/17/2024 at 11:05 PM, James Kindon said:

    A standard Cloud connection flow does this assuming you are using the Gateway Service:

     

    Citrix Workspace handles Authentication and Resource Enumeration -> The user launches a desktop -> The connection is tunneled via the Gateway Service -> through the Cloud Connector -> To the VDA

     

    If you turn on Rendezvous Protocol, the following occurs:

     

    Citrix Workspace handles Authentication and Resource Enumeration -> The user launches a desktop -> The connection is tunneled via the Gateway Service directly to the VDA. The Cloud Connector is no longer in the connection path. The VDA reaches out to the Gateway Service on 443 to make this happen

     

    Direct Workload Connection changes things again:

     

    Citrix Workspace handles Authentication and Resource Enumeration -> The user launches a desktop -> IF the network where the user lives has been defined as a network location in Citrix Cloud AND that location has direct line of sight to the VDA -> The Gateway Service is bypassed entirely, and the user connects straight to the VDA

     

    This makes it very similar to a traditional storefront flow on-prem. You now have a single connection from endpoint to VDA

     

    HDX Direct is the future of Direct Workload Connection, it will effectively do the same thing, but you will not need to define network locations for the behavior to occur. It uses the Gateway Service to establish a connection, and then learns if there is a direct connection to the VDA possible. There are certs and other info passed around along with some use of STUN etc to make this secure a bit more robust

     

    Thanks @James Kindon!! Of course you of all people comes here and lays down a such a great response!!

  2. Hello all,

     

    I am having trouble wrapping my  head around HDX direct, Direct Workload, and Rendezvous. Anyone have a tip to crack my thick skull. 

     

    All of these technologies appear to be  ways to direct traffic to the most direct route to your VDAs or Citrix gateway bypassing unnecessary traffic paths?  It seems like Direct workload and HDX direct  are similar by but HDX direct has more features.   How is rendezvous different then those two.

     

    Also, can you use rendezvous with HDX Direct or Direct workload>

     

     

    Can someone explain these as I have read the articles a few times and im not getting it.   Thanks!

  3. Hello all,

     

    Does anyone have any tips for installing Windows Defender for endpoint on shared 2019 desktop machines? (published full desktop)  I see allot of articles for non persistent tips like this: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/configuring-microsoft-defender-antivirus-for-non-persistent-vdi/ba-p/1489633

     

    However, we are using persistent profiles with FSlogix.

     

    For example, it sounds like you have to simply  onboard it manually with a script from the defender web site (since you cant enroll a server in intune), and then set your exclusions as you normally would. 

     

    Since Defender appears to be user based how does one not have a user use up all of there devices (limit of 5) when bouncing between servers that have defender?

     

    Thanks!

  4. Hello, Workspace app 20.02.05

     

    Macbook plus two monitors. Which equals 3 monitors.

     

    When you choose  "all displays in full screen mode" with the above setup the mouse stops working.

     

    However, if you have a MacBook plus one monitor (Total two monitors) the mouse works.

     

    I have read that others can have 3 monitors so that doesn't appear to be a limitation. 

     

    Any idea why the mouse wont work?

     

    Thanks

     

  5. Here is another oddity.

     

    The sound from the zoom call gets redirected to the local machine as it should, however you cant control the sound with in your published desktop.

     

    You have to minimize your published desktop to get to the local machines sound control adjust it, then get back in citrix.

     

  6. On 4/14/2020 at 1:51 PM, Andrew Gresbach1709152664 said:

    Well sort of.......in our tests with windows clients and setting that key to a 0 brings back the sharing button but it only shares in a teams call sort of way (no give take).     If i do the same on my mac client (same session). i get the normal sharing and give take options.   however if i share with someone on a windows client w/ workspace i'm unable to use the dropdown to give them control.....if i do the same w/ a person using an html5 session all works fine

     

    so it seems something isolated to just windows clients for some reason w/ the 1912 vda (not 100% is the 1912 is playing a part but given how this thread started i'm betting it does)

     

    and even stranger is on a windows client if i have that key set to 1 the desktop sharing is gone completely .....is that specific behavior the microsoft bug that was referenced? just so i'm keeping track of whats "expected" now and what isnt

     

    Its not a bug and not a 1912 issue, this is expected. I think you may be missing the point made above. 

     

    In your test with the reg key you are enabling and disabling HDX.  When you disable HDX you are disabling optimizations and removing the browser limitations that HDX uses. Because of that it shows the screenshare.

     

    When you enable HDX optimization you are optimizing but adhering to the limitations of the browser.  Think of it as turning the teams full app into a browser under the hood and then letting citrix redirect it with browser protocols.

     

    That's why the MAC machine and HTML5 show the share (there is no HDX support) , and why windows with the workspace app shows the share if you disable HDX.

     

    Your inconsistent results for windows clients in the beginning were probably due to teams not starting HDX optimized. I find the HDX optimization flakey. Sometimes it will optimize some times it wont. (Whole other problem)

     

     

    • Like 1
  7. Hello all,

     

    Two questions.

     

    1. The VDI teams installer was made to help reduce bloat among other things. This is done by moving the installer that is normally in each users appdata into to c:\program Files(x86)\Teams and installs the program into c:\program files(x86)\Microsoft\teams. So far my research is showing that if you delete the "previous" folder out of the  non teams version that you get the same space savings as the VDI version.  The normal version has more features for the same space. (Plus there is a bug with 2016\2019 shared desktops and the json files)

     

     

    2. I have been scouring for exclusions to add to Fslogix or UPM to reduce bloat. (Those not using a profile manager can use this list as a redirection template) Please take a look, have you had any problems with using these? Do you have any others to add?

     

    VDI version exclusions

    <Exclude Copy=“0”>AppData\Local\SquirrelTemp</Exclude>

    <Exclude Copy=“0">AppData\Local\Microsoft\Teams\Current\Locales</Exclude>

    <Exclude Copy=“0”>AppData\Local\Microsoft\Teams\Packages\SquirrelTemp</Exclude>

    <Exclude Copy=“0">AppData\Local\Microsoft\Teams\current\resources\locales</Exclude>

    <Exclude Copy=“0”>AppData\Local\Microsoft\Teams\Current\Locales</Exclude>

    <Exclude Copy=“0">AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage</Exclude>

    <Exclude Copy=“0”>AppData\Roaming\Microsoft\Teams\Application Cache</Exclude>

    <Exclude Copy=“0">AppData\Roaming\Microsoft\Teams\Cache</Exclude>

    <Exclude Copy=“0”>AppData\Roaming\Microsoft Teams\Logs</Exclude>

    <Exclude Copy=“0”>AppData\Roaming\Microsoft\Teams\media-stack</Exclude>

    Exclude Roaming/Microsoft/Teams/*.txt

     

    Normal exe version all of the above exclusions plus

    AppData\Local\Microsoft\Teams\Previous

    I haven't tested but this previous dir appears to just be a copy of last teams version that is saved after an auto update. Anyone delete this dir to save 250Mb of space.

     

     

    What are you Xenapp CVAD users using?  The VDI or the normal Teams installer?

     

     

  8. 9 minutes ago, Koenraad Willems said:

    Hi,

     

    This is covered by the service "Windows Search", which is disabled by default on Server 2016 by the way.

    Most best practices guides recommend to disable Windows Search/Cortana anyway.

    Have a look at this VDI optimisation script:

    https://github.com/cluberti/VDI/blob/master/ConfigAsVDI.ps1

     

    Best,

     

    Koenraad

     

     

    I thought that the SearchProtocolHost.exe was the process for windows searching.   As far as disabling it, sure it can help performance but when you are using say FSlogix\ office containers you want to enable it to give users the searching that they want like in Outlook.  I dont think disabling search is a best practice anymore based on users needs and that profile apps out today (fslogix) . Now if Cortina and search are seperate processes (SearchProtocolHost.exe and SearchUI.exe) that would be great

  9. Hello all,

     

    Has anyone tried to disable the SearchUI process in 2016 server? (We publish full desktops)  Id love to grab back about 50Mb of ram per user but am afraid it will have negative consequences.    From what it appears SearchUI is cortina and is not exaclty windows search or office search. Is that correct?

     

    Thanks

     

  10. Can someone tell me two things.

     

    1. How does one move away from Citrix UPM profiles and migrate them to a local windows 10 machine?  We are removing about 15 users away from citrx and Citrix UPM,

     

    2. If i have 2008 UPM profiles and a user logs into 2016 there profile will be upgraded and the only thing is that they cant go back to 2008. (which is fine) thanks

     

  11. Hello all, 

     

    I set up a reverse proxy on NS to for the purpose to secure an mobile devie app to an  IIS server conected to the domain on the internal network.  

     

    Just setting up the traffic to connect this seems to basic for security.  

     

    What else should be done to secure it? I have read about using AAA to only allow people to connect to it after they authenticate to the domain.  I also read about how some find the minimal traffic that needed for the app and the IIS server to work and limit all other traffic.  How would one do that?

     

    Any other tips? It feels like Im not using the Netscaler all the way that i can be.

     

    Thank you !

  12. Just tested this also, if trying to access data to local resource with auto mapped drive in the format of "Local Disk (C: on Client)" it is painfully slow but if I manually map the drive to drive letter then i can access and copy files over at very reassonable speed. I really hope their is a fix out there for this asap.

     

    Did you ever find a fix? We have the same prob

×
×
  • Create New...