Linux Apps and Desktops delivered by Citrix Virtual Apps and Desktops

There are tons of great free Linux applications available today, but since most users aren’t using Linux on their devices this whole parallel universe of hidden gems isn’t that easy to discover and to add to the personal toolbox. But wait, there is Citrix Virtual Apps and Desktops (formerly known as Citrix XenApp and XenDesktop) to jump in. In this article I will show you how to publish virtual apps and desktops from a Linux operating system. As a small additional giveaway I will also explain how to add support for Citrix Federated Authentication Service (FAS) in an existing Citrix Virtual Apps and Desktop (CVAD) deployment.

Advertisements

There are tons of great free Linux applications available today, but since most users aren’t using Linux on their devices this whole parallel universe of hidden gems isn’t that easy to discover and to add to the personal toolbox. But wait, there is Citrix Virtual Apps and Desktops (formerly known as Citrix XenApp and XenDesktop) to jump in. In this article I will show you how to publish virtual apps and desktops from a Linux operating system. As a small additional giveaway I will also explain how to add support for Citrix Federated Authentication Service (FAS) in an existing Citrix Virtual Apps and Desktop (CVAD) deployment.

I have to admit that I am absolutely no Linux expert and when I tested this setup some years ago, it was really cumbersome to configure all the prerequisites and dependencies on a Linux OS, followed by installing and configuring the Linux Virtual Delivery Agent, just to discover the supported features were quite limited and not yet production ready for my deployment. The awesome Carl Webster (accidental Citrix admin and Citrix CTP) has a blog post dating back from 2016 (Implementing Red Hat Enterprise Linux 7 and CentOS7 Linux with Citrix XenDesktop 7.11) showing what a painful journey this was in the past:

“Citrix really needs to make this Linux VDA documentation more understandable for those who may want or need to test it for their business who, like me, may know nothing about Linux other than how to spell the name. […] Citrix really needs someone to actually step through their documentation and see what a PITA it is to use what they write. […] What is the point of all the manual steps? I thought those Linux people were supposed to excel in scripting and automation. If I cannot (yet) use MCS or PVS with the Linux VDA, how the heck do you do all these manual steps on hundreds of Linux desktops to get them ready for XenDesktop?”

Well, two years later it’s time to give it another try with the newest release of Citrix Virtual Apps and Desktops 7 1808 and the new Linux Virtual Delivery Agent 1808. And guess what? Things have changed a lot for the better. Lets move on and see how the setup looks today.

linux_apps
Delivering Linux Virtual Apps

The Linux Virtual Delivery Agent (Linux VDA) enables the hosted shared desktop model for delivering Linux virtual desktops and it enables app publishing for delivering Linux virtual apps. End users may access these virtual apps and desktops from any Citrix Workspace app or it’s predecessor Citrix Receiver – anywhere, from any device.

System requirements

The Linux VDA component is an entitlement for Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop) customers with Advanced or Premium (former Enterprise or Platinum) Editions.

The Linux VDA supports the following Linux distribution:

  • SUSE Linux Enterprise (Desktop / Server 12 Service Pack 3)
  • Red Hat Enterprise Linux (Workstation / Server 6.8, 6.9, 7.4, 7.5)
  • CentOS Linux (6.8, 6.9, 7.4, 7.5)
  • Ubuntu Linux (Desktop / Server 16.04)

Supported host platforms and virtualization environments:

  • XenServer
  • VMware ESX and ESXi
  • Microsoft Hyper-V
  • Nutanix AHV
  • Microsoft Azure Resource Manager
  • Amazon Web Services (AWS)
  • Bare metal hosting is also supported

The Linux VDA supports the following Active Directory integration packages or products:

  • Samba Winbind
  • Quest Authentication Services v4.1 or later
  • Centrify DirectControl
  • SSSD

HDX 3D Pro is supported on XenServer, VMware ESX and ESXi and Nutanix AHV with NVIDIA GTX750Ti and NVIDIA GRID K2 (GPU pass-through only) and NVIDIA Tesla M10, M60, P40 (pass-through and vGPU).

For my setup I used CentOS 7.5, running on Nutanix AHV without GPU. For the Active Directory integration I chose Samba Winbind. My Citrix Virtual Apps and Desktops backend deployment is on version 7 1808. XenDesktop 7.6 and earlier versions require changes to support the Linux VDA. For those versions, a hotfix or update script is required.

Installation overview

Installing the Linux Virtual Delivery Agent (VDA) follows the same general steps for all supported Linux distributions. On a high level overview this are the steps you need to perform:

  1. Prepare for installation
  2. Prepare Linux virtual machine (VM) for your hypervisor
  3. Add / join the Linux virtual machine (VM) to your Windows domain
  4. Install the Linux VDA
  5. Configure the Linux VDA
  6. Create the machine catalog in Citrix Virtual Apps or Citrix Virtual Desktops
  7. Create the delivery group in Citrix Virtual Apps or Citrix Virtual Desktops

With the release 7.13 of Citrix Virtual Delivery Agent for Linuxa new installation feature called Easy install has been introduced . This feature helps you setting up a running environment of the Linux VDA by installing the necessary packages and customizing the configuration files automatically. I strongly encourage you to go this path, it definitely will spare you a lot of time, stress and nerves by automating steps 3 to 5.

Step by step instructions

Assuming you have already installed your CentOS Linux virtual machine and you are ready to deploy and configure the Linux VDA, this are your next steps:

  1. Download the suitable Citrix Virtual Delivery Agent 1808 from here. Make sure to choose the correct version, depending on your Linux distribution.

    download_linux_vda
    Download Citrix Linux Virtual Delivery Agent 1808
  2. Prepare configuration information and the Linux machine, collect the following configuration information needed for easy install
    1. Host name – Host name of the machine on which the Linux VDA is to be installed.
    2. IP address of the Domain Name Server (DNS)
    3. IP address or FQDN of the Network Time Protocol Server (NTP)
    4. Domain Name – The NetBIOS name of the domain
    5. Realm Name – The Kerberos realm name, usually the Domain FQDN in uppercase
    6. FQDN of the Active Directory Domain – Fully qualified DNS domain name
    7. Domain admin user and password with appropriate rights to join the active directory domain
    8. FQDN of at least one Desktop Delivery Controller (DDC), better a space-separated list of Delivery Controller Fully Qualified Domain Names (FQDNs) to use for registering with a Delivery Controller.
    9. The Linux VDA queries DNS to discover LDAP servers (Domain Controllers). If DNS cannot provide LDAP service records, you can provide a space-separated list of LDAP FQDNs with LDAP port. For example, dc1.mycompany.com:389.
    10. The Federated Authentication Service (FAS) servers are configured through AD Group Policy. Because the Linux VDA does not support AD Group Policy, you can provide a semicolon-separated list of FAS servers instead. The sequence must be the same as configured in AD Group Policy.
  3. Install Hypervisor tools (XenServer Tools, Nutanix Guest Tools, etc.) on your Linux virtual machine
  4. Download or copy the Linux Virtual Delivery Agent (VDA) package from step 1 to your Linux virtual machine
  5. Launch the installation of the Linux Virtual Delivery Agent (VDA) package from a terminal session
    sudo yum -y localinstall LinuxVDA-1808.el7_x.rpm
  6. Configure the running environment by using the ctxinstall.sh script. Run the script in interactive mode to do a manual configuration and type the relevant parameter at each prompt.
    sudo /opt/Citrix/VDA/sbin/ctxinstall.sh
  7. Disable SELinux by making the following change to /etc/selinux/config
    SELINUX=disabled
  8. Download the root CA certificate of the certificate authority you have configured for your Citrix Federated Authentication Service to the VM.
  9. Convert the CA certificate from DER file (.crt, .cer, .der) to PEM
    sudo openssl x509 -inform der -in root.cer -out root.pem
  10. Install the converted root CA certificate to the openssl directory
    sudo cp root.pem /etc/pki/CA/certs/
  11. Run the following script to configure FAS parameters. Choose the correct Active Directory integration method (Winbind) and then type the correct path of the root CA certificate (/etc/pki/CA/certs/root.pem)
    sudo /opt/Citrix/VDA/sbin/ctxfascfg.sh
  12. Reboot the virtual Linux machine
Use Machine Creation Services (MCS) to create Linux VMs

Starting with the 7.18 release, you can use Citrix Machine Creation Services (MCS) to create Linux VMs. To use MCS to create Linux VMs, prepare a master image on your hypervisor. This process entails installing the VDA on the template VM and performing certain additional configuration tasks.

  1. Enable the EPEL repository to install ntfs-3g for CentOS 7
    sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  2. Set up the runtime environment. Based on your needs, change variables in /var/xdl/mcs/mcs.conf before running deploymcs.sh. The mcs.conf configuration file contains variables for setting MCS and the Linux VDA. dns: Sets the DNS IP address. AD_INTEGRATION: Sets Winbind or SSSD.
  3. Create the master image by running the deploymcs.sh script.
    /opt/Citrix/VDA/sbin/deploymcs.sh
  4. Shut down the template VM and create a snapshot.
  5. In Citrix Studio, create a Machine Catalog and specify the number of VMs to create in the catalog.
  6. In Citrix Studio, create a Delivery Group and specify which users can use those machines and the applications and desktops available to those users.
linux_desktop
Virtual Linux Desktop

That’s it – you just have published your virtual Linux apps and desktops and can launch them in the same manner as your published virtual Windows apps and desktops, including the possibility to use your existing Citrix Federated Authentication setup.

With the release of the easy install feature Citrix made the deployment process of Linux VDAs a lot simpler than it was before and with the addition of new features like FAS support and Machine Creation Services, Linux VDAs are finally ready for production.

One thought on “Linux Apps and Desktops delivered by Citrix Virtual Apps and Desktops”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s