We all know that Citrix XenApp and XenDesktop are both well established within larger enterprises. Smaller companies however, also often rely on Citrix (using XenApp mostly) to securely deliver their applications and/or desktops to their end-users. Today I would like to focus on how to deliver XenApp hosted applications and desktops while minimizing costs and maximizing both performance and manageability. Note that this is not going to be a Microsoft RDSH vs. Citrix debate, instead I will assume that XenApp licenses are already in-place.
Why these companies use XenApp doesn’t really matter, neither does the fact that they run their workloads on-premises, they just do. What is important is that most customers want to leverage the added benefits of their XenApp deployments without having to invest heavily in additional hard and software, which is usually needed to get your environment up and running. Want secure access? Implement a NetScaler. HA? Deploy multiple Delivery Controllers, StoreFront servers, SQL Always-on, multiple Worker VDAs etc. This also means additional Windows Server licenses, multiple SQL licenses, a (or multiple) virtual (VPX) or physical NetScaler (MPX) appliance(s) and so on. All this adds up, especially since XenApp (concurrent) licenses on their own aren’t that cheap to begin with.
One is none, two is one
I think we are all familiar with this phrase, right? Preferably you always deploy two Delivery Controllers, two StoreFront servers, SQL HA in the form of Always-on, multiple NetScaler’s, multiple Worker VDAs (RDSH) etc. per Site, or Zone even.
While I ‘preach’ the same to most of my customers, especially in larger environments running business critical workloads, there are exceptions as well, it all depends. Let me elaborate a bit more on this.
A lot of companies run light to medium workloads, and while there might be one or two ‘business critical’ applications in there, often it won’t be too big of a deal if these become unavailable for let’s say 30 minutes or so. Something which could happen when the Central Site Database goes offline, for example, since no new user sessions, or reconnects will be possible. It might frustrate some users, sure, but they’ll live. The same applies to secure remote access, while this may be considered as a highly critical service to some, it might be a nice to have for others, meaning a single NetScaler will do just fine. In short, it’s all about company policies, and these will, or can differ greatly as I’m sure you all know.
When it comes to the central Site Database, ask yourself these questions:
Although hard to predict – what are the chances that the FMA database will fail?
What will be the impact on the ‘business’ and my users if it does, really?
How long will it take me to restore the database or to rebuilt the database server? Depending on the issue.
Is it worth the investment of multiple machines, including multiple Microsoft Server and SQL licenses.
In many cases the impact will be a lot less then you might think. And let’s also not forget that, as of version 7.6 we have Connection Leasing and that a new and improved version of the well known Local Host Cache is already on its way (next version of XA/XD, hopefully). And while these services are meant to supplement SQL HA, especially Connection Leasing, they do a decent job (most of the time anyway) in keeping your users active and your business up and running when the DB becomes unresponsive/ unreachable for whatever reason.
Let’s go over some of the options, shall we?
All products and technologies mentioned apply to both physical and virtual setups, unless specified otherwise.
To start, why not go with SQL Express?! It is free, supported and available by default (though you will still have to select it) when installing and setting up your (first) Delivery Controller. It has a few restrictions like no HA, for example, but it should do just fine for smaller Sites. Even when MCS is used for server provisioning. There are way’s to get SQL Express set up in an HA fashion as well, however, it is not supported.
And while we are at it, let’s throw in a virtual NetScaler (VPX) Express edition as well. Again, it is free, supported and offers the exact same capabilities (including HA) as the MPX and VPX ‘paid for’ appliances, with a few exceptions. Just as with the SQL Express edition it has some limitations but it will do a more then decent job in most cases. For the purpose of this article I’ll assume one NetScaler will be sufficient, saving some additional resources.
Already announced at Synergy in May 2016 – the NetScaler HDX Proxy – could also be potentially helpful. It will replace the well known, and loved by many NetScaler Secure Gateway and supports up to 500 users in total.
What about multiple Delivery Controllers, StoreFront servers and Worker VDAs? Here we would like to have two of each. However, this doesn’t necessarily mean that we need to use a separate machine for each, no!
After installing your Delivery Controllers, install StoreFront on there as well. Not that uncommon, right? But why stop there?
As mentioned, when setting up and installing your (first) Delivery Controller, the SQL Express Database will also be optional, go ahead and install it as well. Think were done? Not quite.
– Did you know that you can install the Virtual Delivery Agent (VDA) on the same machine as your Delivery Controller, StoreFront server and SQL Express database? That it will function without any issues and that this setup is fully supported by Citrix? Well, you can, it will and it is!
Looking for a free Hypervisor? Go with XenServer. This will include support for virtual GPU’s and the latest Intel Iris Pro drivers. Perhaps for future purposes.
Want to give Hyperconvergence a try? Try the Nutanix Community edition. In a (small) production environment? It might seem a bit unorthodox, but I would dare to give it a try. Start small and see how it treats you. And while you’re add it, you can leverage the 100% free Acropolis Hypervisor as well. Though here you might want to double check on the ‘supported’ part as stated in the title :)
Workload provisioning? Use MCS, it’s build right into Studio / the FMA and you don’t need a separate infrastructure. Here I assume you will use virtual machines for the above mentioned setup.
– Just because nobody is doing it or talking about it, doesn’t mean it can’t be done or that it is a wrong approach. Questionable in some cases, sure – just explore your options.
Even with the XenApp Advanced edition (cheapest version) comes the Citrix User Profile Manager, which combined with standard GPO’s can be used to manage your user’s profiles and personal settings. It also includes the ability to distribute App-V applications to your XenApp servers at no additional costs. The App-V use-rights will be covered by your RDSH CALs.
For ongoing administration and monitoring both Studio and Director will do (more than) fine and are included at no additional costs as well. Even better, install both onto the same machine(s) as well.
Client connection software will be available in the form of Citrix Receiver, which together with the ICA / HDX (3D Pro) protocol capabilities, including technologies like Framehawk and Thinwire will make sure that your users will always have the best connection possible, location and device independent.
What about client endpoint devices? Have you heard about the HDX ready Pi’s? They are about to hit the market and are free as well. Well, they will sell for less than 100$, which is basically the same thing. Ok, since you will probably need 40 to 50 devices they will cost you some money, but it’s as close to free as you can possibly get when it comes to Citrix (HDX) ready thin client devices. For now, offloading isn’t possible and you can only use one (HD) monitor but this will change over time. While this may hold back some companies, there are still plenty of use cases where the Pi will shine. Broken? Just replace it, it will be up and running in seconds. Oh, and did I mention that both management and support are included as well?
Printing? no problem. Citrix offers its Universal Print Server (UPS), which as of version 7.9 (included in Advanced / cheapest edition as well) can be load balanced using multiple print servers. As apposed to the earlier mentioned components and technologies, the UPS is the exception here and will need to be installed on a separate file/print server machine.
From a licensing perspective you will need to invest in Windows Server Operating System licenses, in smaller environments the Standard Server edition will be sufficient, especially since we’re only virtualising a couple of machines (with Server Enterprise licenses you can virtualise an unlimited number of machines per host, but they come at a much higher price). Windows Server CAL’s will be needed on a per user basis, RDSH CALs, either per User or Device, and finally XenApp (concurrent) licenses when not part of XenDesktop.
Now if you want to safe some serious money and still do multi user apps and desktops – throw out XenApp altogether and go with ‘plain’ Microsoft RDS instead – but you didn’t hear that from me. The list price for 50 users will be around 18,500$ dollars alone. Of course you will also lose a whole bunch of the abovementioned features and added benefits that Citrix XenApp/XenDesktop brings to the table, but that would be a judgement call and goes beyond the scope of this article.
Resume
Using some, or perhaps all of the options I mentioned throughout this post will save you some serious money on both hard and software, while still maintaining a fast performing and supported environment which is easy to manage and maintain. And when I say supported, I mean supported, though this will depend on your support agreements / contracts that you have with Citrix, because like most things in life nothing comes completely free. Then again, this applies to all vendors / products out there and isn’t specific to Citrix.
In a traditional, or standard approach you would probably consolidate your Delivery Controllers and your StoreFront servers onto two separate machines (meaning two machines with both the DC and SF role installed), given it is a small production environment. You would have at least two or more Worker VDAs and a separate, or multiple SQL servers for HA purposes. In addition, you might also have one or two (HA) VPX or MPX NetScaler’s deployed.
While the above doesn’t influence the number of XenApp, RDS and MS Server CAL’s, it does influence the total number of virtual and/or physical machines including the necessary Server OS platform licenses. And of course you will also have to purchase at least one NetScaler VPX license and one or multiple SQL licenses.
If you go with the so-called single machine approach you will definitely safe on licenses, however, your machines, two in the example below, will need to be equipped with a bit more memory, CPU power and perhaps some additional (SSD) disk space, but this probably won’t set you back to much on the grant scheme of things. And while lossing any form of high availability, a true single server setup is also possible. This way you would safe another Windows Server license, including some additional (virtual) machine hardware.
Let’s do a more direct comparison for a relatively small organization. I won’t put an exact number on it since the definition of ‘small’ differs greatly per continent, country or region even. To be clear, it is assumed that all base infrastructural components, like Active Directory, DNS, DHCP, file / print servers, license server etc. are already in place.
As you can see, by leveraging some of the free components available and consolidating them onto a single machine, you’ll drastically safe on both licenses as well (virtual) hardware costs while still maintaining an HA setup on most levels. Need HA for secure remote access? Throw in another VPX Express NetScaler. As before I won’t put a price tag on it since for the Windows Server licenses alone I came across three different prize quotes, and I’m sure the same applies to most of the other components / licenses as well.
Again, I’m aware this isn’t a setup which will be happily welcomed by everybody (all eggs in one basket and all that) and that’s fine. If not for production purposes, at least consider it for test, acceptation and/or lab setup scenarios.
A thank you to Martin Zugec for clearing up one or two points throughout this post.
What do you think?