Citrix Policies Best Practices for XenApp 6.5 and XenDesktop 5.6

I’ve seen this issue time and again. As a CTP and a CCI, I talk with many customers and one thing I focus on in the XenApp 6.5 and XenDesktop 5.6 training classes is Citrix Policies. On the web you’ll find several articles such as the XenApp and Desktop Policy Planning Guide and the XenDesktop and XenApp Best Practices Reference Guide. These guides are great, but also looking at the built in templates provided by Citrix can do wonders for you’re environment. Therefore it’s important to take the time to understand the Citrix Policies, as you can improve user experience and better session control. This is not a discussion on where to manage the settings from, you choose either between setting these Policies in Citrix AppCenter / Citrix Studio or in GPMC.

We also use the same policies in our Demo Center, and this article is based on our setting that we have succsefull implemented into it, so that the customers that try the various scenarios get a good experience.

If you are having issues related to XenApp 6.5 AppCenter Console Policies Are Not Visible, please read the following CTX article from Citrix -> https://support.citrix.com/article/CTX134601

Also, to get a complete overview of the different XenDesktop policies, and what they do please take a look at the following edocs article from Citrix. https://support.citrix.com/proddocs/topic/xendesktop-rho/cds-policies-rules-quick-ref-rho.html

The policies below are from a collection from the Citrix guides mentioned above, and some are gathered from experience.

The following ICA/HDX protocol tuning options should be evaluated to optimize bandwidth consumption and virtual desktop resource utilization:

  • Disable “View window contents while dragging”
  • Enable “Windows Media Redirection”
  • Enable “Flash acceleration” with client side content fetching
  • Enable “Audio over UDP Real-Time Transport”. Please note that this configuration requires Audio quality to be set to “Medium – optimized for speech”
  • Set “Progressive compression level” to “Low” or any higher value
  • Enable “Extra Color Compression” in very low bandwidth scenarios. Please note that the “Extra Color Compression Threshold” should be configured to an appropriate value.
  • Enable “Lossy compression” for image compression or “Heavyweight compression” in case image quality loss is not acceptable (more CPU intensive)

For more information, please refer to the Citrix Knowledgebase Article CTX131859 – Best Practices and Recommendations for Citrix Receiver 3 and HDX Technology with XenDesktop 5.x

New Policy Settings for XenDesktop 5.6 Feature Pack 1

New Policy Settings
XenDesktop includes the following new policy settings:

Setting ICA > Mobile Experience Automatic keyboard display

  • Launch touch-optimized desktop
  • Remote the combo box

ICA > Printing Printer assignments

ICA > Printing > Universal Print Server Universal Print Server enable

  • Universal Print Server print data stream (CGP) port
  • Universal Print Server web service (HTTP/SOAP) port
  • Universal Print Server print stream input bandwidth limit (kpbs)

 

XenApp / XenDesktop Baseline User Policy:
Apply this policy as your baseline to all users connecting to your XenApp farm.

A key difference from previous version of XenDesktop is that from XenDesktop 5.6 Flash Redirection and other basic user experience policies are enabled by default via Citrix XenDesktop policy configurations. But, look into the policy options provided to get more control of the behavior of Flash and other Media related content, including Flash intelligent fallback as well as whitelist and blacklist capabilities. When configured, Flash Intelligent Fallback will automatically revert to server-side rendering in scenarios where client-side rendering would provide a poor end-user experience. When using intelligent fallback, there is no interruption or failure in the loading of the web page or the Flash application.

Here are the recommended Flash settings in Citrix HDX Policy.

ICA->Adobe Flash Delivery->Flash Redirection

Flash acceleration – Enabled

Flash default behavior – Enable Flash Redirection

Flash event logging – Enabled

Flash intelligent fallback – Enabled

Flash latency threshold – 30 milliseconds

 

ICA->Desktop UI

Desktop wallpaper – Allowed

Menu animation – Allowed

View window contents while dragging – prohibited

 

ICA->Audio

Audio Plug N Play – Allow

Audio quality – Medium

Client audio redirection – Allow

Client microphone redirection – Prohibit

 

ICA->Port Redirection

Auto connect client COM ports – Disable

Auto connect client LPT ports – Disable

Client COM port redirection – Disable

Client LPT port redirection – Disable

 

ICA->File Redirection

Client floppy drives – Prohibit

Client optical drives – Prohibit

Host to client redirection Disable

Read-only client drive access – Disable

Use asynchronous writes – Enabled

 

ICA->Printing

Client printer redirection – Allow

Default printer – Set to client’s main printer

Printer auto creation log preference – Errors

Wait for printers to be created (desktop) – Disabled

 

ICA->Printing->Client Printers

Auto-create client printers – Default printer only

Auto-generate generic universal driver – Disabled

Client printer names – Standard names

Direct connections to print servers – enabled

Retained and restored client printers – Allowed

 

ICA->Printing->Drivers

Automatic installation of in-bo printer drivers – Disabled

Universal driver usage – Use Universal Printing only if requested driver is unavailable

 

ICA->Printing->Universal Printing

Universal printing EMF processing mode – Spool to printer

Universal printing image compression limit – Best Quality

Universal printing optimization defaults – Standard Quality

Caching of embedded images

Caching of embedded fonts

Universal printing preview preference – Use for auto-generated and generic

 

ICA->Session Limits

Linger Disconnect Timer Interval – 5 Minutes

Linger Terminate Timer Interval – 10 Minutes

Pre-Launch Disconnect Timer Interval – 15 Minutes

Pre-Launch Terminate Timer Interval – 30 Minutes

 

ICA->Shadowing

Log shadow attempts – Allow

Notify user of pending shadow connections – Allow

Users who can shadow other users – Defined by security

 

ICA->Time Zone Control

Estimate local time for legacy clients – Enable

Use local time of client – Use Client time zone

 

ICA->TWAIN devices

Client TWAIN device redirection – Enabled

TWAIN compression level – low

 

ICA->Visual Display->Moving Images

Moving Image Compression – Enabled

Server Session Settings

Session importance – Normal

Single Sign-on – Disabled

 

XenApp Baseline Computer Policy Setting.

Apply this policy as your “baseline” to all Servers in your XenApp farm.

 

ICA

ICA listener connection timeout – 120000 ms

ICA listener port number – 1494

 

ICA->Auto Client Reconnect

Auto client reconnect – Allow

Auto client reconnect authentication Not required Require

Auto client reconnect logging Disabled

 

ICA->End User Monitoring ( Not required, but a good feature to enable!)

ICA round trip calculation – Enable

ICA round trip calculations for idle connections – Disable

 

ICA->Graphics

Display memory limit 32768 KB

Display mode degrade preference – Degrade Color Depth First

Dynamic Windows preview – Enabled

Image caching – Enabled

Maimum allowed color depth 32 bit

Notify user when display mode is degraded – Disabled

Queuing and tossing – Enabled

 

ICA->Graphics Caching

Persistent Cache Threshold – 3000000 Kbps

 

ICA->Session Reliability

Session reliability connections – Prohibited

 

ICA Shadowing

Shadowing – Allow 

 

ICA->Keep Alive

ICA keep alive timeout – 60 seconds

ICA keep alives – Enabled

 

ICA->Multimedia

Windows Media Redirection – Allowed

 

Licensing

License server host name – License Server name ( I recommend using FQDN!)

License server port – 27000 ( change it to another port if you want to )

Server Settings

DNS address resolution – Enabled

Full icon caching – enabled

 

Server Settings->Health Monitoring and Recovery

Health Monitoring – Enabled

Health Monitoring tests – Use Defaults (please configure as you see fit.)

 

Server Settings->Memory/CPU

CPU Management server lever – preferential load balancing

Memory optimization – Enabled

Memory optimization interval – enabled

 

Server Settings->Reboot Behaviour

Reboot logon disable time – Choose a value to suit your clients

Reboot Schedule frequency – Choose a value to suit your clients

Reboot Schedule start date – Reboot Schedule Choose first day of the reboot

Reboot Schedule time – Choose time to restart server

Reboot warning interval – Choose interval which the users are notified about pending restart

Reboot warning users – enabled

Scheduled Reboots – enabled

 

XML Service

Trust XML requests – enabled

XML server port – 8080

 

XenApp WAN – For users connecting from outside/External User Policy.

 Apply this policy for users working from branch offices or remote locations with low bandwidth and/or high latency connections.

 

ICA->Adobe Flash Delivery->Flash Redirection

Flash acceleration – Enabled

 

ICA->Audio

Audio quality – Medium (in the event of extreme latency conditions, you might want to also try setting it to Low)

 

ICA->Client Sensors->Location

Allow applications to use the physical locations of the client device – allowed (Android Tablet / iPad/iPhone Devices) This feature also includes Windows 8 in Citrix Avalon Excalibur Tech Preview.

 ICA\Desktop UI

Desktop wallpaper – prohibited

Menu animation – prohibited

View window contents while dragging – prohibited

 

ICA->File Redirection

Use asynchronous writes – Enabled

 

ICA->Mobile Experience (Please not that there is a Mobility Pack from Citrix available also)

Automatic Keyboard Display – Enabled (Tablet Devices)

Launch touch-optimized desktop – Enabled (Tablet Devices)

Remote the combo box – Enabled (Tablet Devices)

 

ICA->Printing Wait for printers to be created (desktop) – Disabled ( In some cases you need to enable this one for certain applications, but the overall rule is TO DISABLE it! )

 

ICA->Printing->Universal Printing

Universal printing optimization defaults – Standard Quality

Caching of embedded images

Caching of embedded fonts

 

ICA->TWAIN devices

Client TWAIN device redirection – Disabled

 

ICA->Visual Display

Max Frames per Second – 15 FPS ( If you want to tweak this to a higher frame rate per second, then please do, but to get the best user experience for users over a WAN connection leave it to this recommended setting)

 

ICA->Visual Display->Still Images

Extra Color Compression – Enabled

Extra Color Compression Threshold – 8192 kbps

Lossy compression level – High

Lossy compression level threshold value – Unlimited

 

These Policies best practise settings applie to XenDesktop 5.5 and newer and XenApp 6.5 and newer. Please note that some Policies have changed names from older version of XD and XA.

{loadposition content_starwind600}