Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
1
Note: See the Citrix XenApp Comparative Feature Matrix for information
about which features are supported in the XenApp editions.
8 Citrix Application Streaming Guide
Application isolation
All streamed applications run within isolation environments that keep the
applications from interfering with others running on the same client. The isolation
environment is specific for the application and user session, regardless of whether
the user streams to the local client or virtualizes the streamed application from a
server. The specific data files of the application, such as INI files and registry
keys, are all isolated and maintained centrally for the streamed application.
Application caching
Application files can be cached on the client to allow faster access the next time
the application is launched. Before an application runs, cached files are updated
automatically if there is a newer version on the file server. Note that application
caching is strictly for performance reasons; there is no requirement to have the
application cached for the application to run.
Wide range of target environments
Nearly any modern Windows platform can host a streamed application.
Specifically, supported operating systems include Windows XP Professional,
Windows 2003, and Windows Vista. With dual mode streaming, target
environments are increased to include all supported XenApp clients.
Dual mode streaming
Configure XenApp to stream software to client devices; otherwise, virtualize
from a XenApp server. If launching a streamed application fails on the client
device, XenApp seamlessly streams the application to the server and virtualizes
the application on the client device from XenApp.
Easy delivery of applications to farm servers
When publishing applications in a server farm, choose to virtualize applications
from XenApp, which can simplify application delivery. Instead of installing
applications on your farm servers, you stream them to XenApp from a central file
share. Update the application in the central location, and you update the
application on all the farm servers.
Consistent end-user experience
Icons for applications that can be accessed through the server appear next to other
application icons that the user is accustomed to either within the Web Interface,
Citrix XenApp (the new name for Program Neighborhood Agent), or on the
desktop. The user does not have to know where and how the application is
executing.
Offline access
Once delivered, applications are available to the user while disconnected from the
network.
10 Citrix Application Streaming Guide
Components Overview
The components related to a server farm that make streamed applications
available can be separated into four categories. Each of these functional areas
consists of software running on one or more workstations or servers. Each of
these functional areas presents a unique set of tasks for the administrator:
1. Licensing. Consists of the license server and License Management
Console. Use the License Management Console to manage licensing. To
install Citrix Licensing, follow the instructions in the Getting Started with
Citrix Licensing Guide (CTX109108).
For more information about licensing application streaming and offline
access, see Application Streaming Licensing Explained (CTX112636).
2. Administration (server farm). Consists of the following components:
• Farm servers.
• IMA database.
• The Web Interface.
• Access Management Console. Use the Access Management Console
to configure and manage the server delivery and to publish streamed
applications.
3. Streaming Profiler. Creates and maintains streaming application profiles.
4. XenApp Plugin for Streamed Apps and optional XenApp Plugin for
Hosted Apps.The XenApp Plugin for Hosted Apps enumerates available
applications for the user. The XenApp Plugin for Streamed Apps finds the
target that matches the configuration of the client device, sets up an
isolation environment in which the application runs, and streams the
application files on demand.
If streaming to the client desktop fails, the XenApp Plugin for Streamed
Apps running on XenApp can virtualize the application on the client
device. Alternatively, opt to always stream applications to a XenApp server
instead of desktops and have XenApp virtualize applications on client
devices that have the XenApp Plugins for both Hosted and Streamed Apps
installed. This eases delivery of applications to servers in your farm.
For known issues and workarounds in this product release, see the Readme for
Citrix XenApp 5.0.
For known issues and workarounds in the XenApp Plugin for Streamed Apps, see
the Readme for Citrix XenApp Plugins for Hosted Apps and Streamed Apps.
12 Citrix Application Streaming Guide
This diagram shows the components that make up each of these four functional
areas and a general summary of the types of tasks administrators must perform.
The components that support client-side virtualization include the XenApp server, Citrix
Licensing, Streaming Profiler workstation, file servers, Web Interface, and XenApp Plugins
for Hosted and Streamed Apps.
1 Overview of Client-Side Application Virtualization 13
Streaming Profiler
You use the Streaming Profiler to profile applications that can stream to client
devices. Use the profiler to create several targets within an application profile that
can match all the platforms of your users. This strategy creates a single profile
that can accommodate a variety of user platforms. The profiler can also update
applications in the profile and provide other resources that you find your users
need.
Related topics:
“Creating Application Profiles” on page 15
“Creating a Profile and its Initial Target” on page 26
Related topics:
“Managing the XenApp Plugin for Streamed Apps” on page 97
“To configure users for offline access permission” on page 80
“To enable an application for offline access” on page 84
14 Citrix Application Streaming Guide
2
Refer to the following topics to install the Streaming Profiler and create and
modify application profiles:
• “Application Profiling Overview” on page 16
• “Preparing a Workstation for Profiling Applications” on page 22
• “Creating a Profile and its Initial Target” on page 26
• “Editing Profile Information and Properties” on page 38
• “Modifying Profiles” on page 46
• “Modifying Targets” on page 50
• “Overview of Isolation Environment Rules” on page 55
• “Managing Isolation Environment Rules for a Target” on page 60
• “Profile Contents on the Server” on page 63
In addition, refer to these documents on the Citrix Knowledge Center:
• For information about the internals of application streaming, see http://
support.citrix.com/article/CTX110303
• For information about enhancing the security of application streaming, see
http://support.citrix.com/article/CTX110304
• For best practices for profiling, see http://support.citrix.com/article/
CTX114664
• Alternatively, select your product version of XenApp on the support Web
site, click the Technotes tab, and then click Application Streaming
Note: The Streaming Profiler SDK offers a set of COM objects and .NET
interfaces that give Citrix customers, distributors, and partners a programmatic
interface into the profiler. For information, download the SDK and Readme from
the Citrix Developer Network Web site at http://community.citrix.com/.
16 Citrix Application Streaming Guide
Related topics:
“Profiles” on page 16
“Targets” on page 18
“Service Pack Level” on page 19
“System Drive Letter” on page 20
“Operating System Language” on page 20
“Inter-Isolation Communication” on page 21
Profiles
Applications packaged for streaming using the Citrix Streaming Profiler are
called profiles. You create a profile by recording the installation of applications
on an independent computer using the profiler utility. The profiler bundles files
and configuration settings in what becomes the application profile. A profile
contains one or more targets and the metadata needed to stream the profiled
applications.
A profile can contain a single application or suite of applications. For example,
profile Microsoft Word by itself, or profile the entire Microsoft Office suite in a
single profile.
Depending on the environment of your users, you have the option to profile
prerequisites, such as Java Runtime Environment, with the profiled application.
In some cases, you might find it necessary to profile certain applications together
to ensure functionality among applications or to apply a range of compatibility
settings to ensure profiled applications launch and run successfully.
2 Creating Application Profiles 17
Using the profiler, you configure applications to run in one or more target
environments based on particular operating systems and language configurations,
such as:
• Windows Server 2003 with Service Pack 1 - English
• Windows Server 2003 with Service Pack 1 - German
• Windows Server 2003 with Service Pack 1 - Japanese
• Windows Server 2003 with Service Pack 1 - Spanish
• Windows XP Professional with Service Pack 3- English
The range of target environments an application can be configured to run in
depends, in part, on the type of application being profiled, the profiler operating
system, and organizational needs.
For example, some commercial applications are capable of running on multiple
operating systems and languages, while others, such as custom applications,
might be capable of running only on a particular target operating system and
language.
Applications that require packaging for a variety of environments can be
contained within a single profile. Individual targets within a profile represent one
or more user environments. After you publish the application on a XenApp
server, when a user runs a streamed application, the XenApp Plugin for Streamed
Apps, the new name for the Streaming Client, which is running on client devices,
automatically chooses the correct target that matches the configuration of the
client device.
Important: Before you install the profiler, refer to the Installation Checklist for
Citrix XenApp for the supported platforms and system prerequisites.
After you create a profile, publish the application for streaming using the Access
Management Console.
Related topics:
“To install the profiler” on page 23
“To start the profiler” on page 24
“To create a profile and target” on page 28
“To publish an application for streaming” on page 69
18 Citrix Application Streaming Guide
Targets
A target is a collection of disk files, registry data, and other information used to
represent an application isolation environment. In addition, each target denotes a
combination of operating system, service pack level, system drive letter, and
language. Applications can be profiled for each combination of these values to
support separate targets; for example: Microsoft Vista for all service packs, drive
letter C, and English.
There can be multiple executables inside a target including multiple applications
that normally receive an entry on the Start menu. As an example, “Microsoft
Office” is a profile and “Microsoft Word” is an application inside that profile. A
profile can support multiple targets where the target is a separate installation of
the profile-level software targeted for execution on a specific version of the
operating system or language. For example, create one target for Windows Vista
and another target for Windows Server 2008.
Client devices select targets for execution based on the computer configuration
you specify while creating the target. By default, a target matches the operating
system and configuration of the profiling workstation, but you can select different
operating systems as well. For guidelines about selecting operating systems, see
“Preparing a Workstation for Profiling Applications” on page 22.
In addition, refer to the following information about other selection criteria:
• “Service Pack Level” on page 19
• “System Drive Letter” on page 20
• “Operating System Language” on page 20
• “Inter-Isolation Communication” on page 21
You use the profiler to set criteria for each target in a profile. One or more
administrators can run the profiler multiple times and from different packaging
environments to achieve a complete set of differentiating targets. For many
common scenarios, a single installation image supports a variety of client
systems, which simplifies profile creation.
The criteria associated with each target is stored in a profile manifest, a .profile
file, stored with the profile files.
The only requirement from the profiler regarding targets is that overlapping
definitions are not permitted: only one target in a profile can be a correct match
for any client system at application launch.
2 Creating Application Profiles 19
An administrator can update a profile and target at any time without affecting
already active executions on client devices. The cost for this support is that file-
server disk space is consumed to maintain old versions. The profiler provides no
facility to delete old versions of targets. Instead, manually delete old versions of
targets to reclaim server-side disk space. When deleting targets, it is the
responsibility of the administrator to ensure that the deleted versions are
sufficiently old that no users are employing the target.
For the list of supported operating systems for the XenApp Plugin for Streamed
Apps, see the Installation Checklist for Citrix XenApp. By design, future
operating systems are not supported, and the execution environment refuses to
execute an application if the client device is on an unsupported operating system.
Inter-Isolation Communication
Inter-isolation communication is a feature that links individual profiles so that
applications in separate profiles can communicate with each other when launched
on the client device. You can also use this feature if a streamed application fails
because it needs data from another streamed application, but cannot detect it
because both are running in isolation environments.
You can create two types of profiles that provide inter-isolation communication:
• An associated profile does not include any additional installation. You link
existing profiles and set their hierarchy so that they can communicate when
launched on the client device. For example, if you profile Microsoft
Outlook and Adobe Reader in individual, simple profiles, the applications
operate independently, but Outlook is not aware of the streamed Adobe
Reader and therefore cannot call the application in the simple profile to
open the .PDF attachment. By associating these two profiles, Outlook and
the Reader can interact as users expect, even though the individual
applications are profiled separately. This happens because they are now
aware of each other and can interact as though they are profiled together.
• A dependent profile includes the installation of an application that depends
on the presence of one or more other applications before its installation is
complete. While you create the profile, to simulate this dependency, the
existing profiles that you select are temporarily downloaded from the file
server during the profiling process to establish the hierarchy and isolation
rules that are used at runtime. You then install the application that is
dependent on them. For example, you might include simple profiles with
Office 2007 and Microsoft Dynamics in this profile before you install a
.NET application that depends on them. That way, when users launch the
.NET application, Office and Dynamics are also launched on the client
device.
When you create a profile enabled for inter-isolation communication,
applications launch on the client device and remain isolated from the system and
from other isolated applications, but they can interact with each other.
The advantage of inter-isolation communication is that applications can be
maintained separately and updates are included automatically in all the linked
profiles in which the profile is included. This feature saves time for the
administration of the profile set.
22 Citrix Application Streaming Guide
When you create a dependent profile, the additional properties added to any of the
individual profiles in the linked profile are enabled for all the individual profiles.
These properties include custom rules, pre-launch or post-exit scripts, and pre-
launch analysis. When users stream applications from the inter-isolation
communication profile, the combined properties of all the linked profiles execute
in hierarchical order, from the lowest profile to the highest profile as listed in the
profiling wizard and Linked Profiles property page.
However, if you create an associated profile, without installing a new application,
additional properties are not available. You can add properties only to profiles
that have installed applications.
Related topics:
“To set up inter-isolation communication” on page 36
“To create a profile and target” on page 28
Related topics:
“Service Pack Level” on page 19
“System Drive Letter” on page 20
“Operating System Language” on page 20
“To set user profile security” on page 25
“To disable and enable profile signing” on page 26
Important: Before you install the profiler, refer to the Installation Checklist for
Citrix XenApp for the supported platforms and system prerequisites.
1. Insert the installation media into the workstation you want to use to profile
applications.
2. To install the profiler, in the autorun window, choose XenApp Utilities,
then Install Citrix Streaming Profiler for Windows.
3. Choose a language for the installer interface and complete the installation
wizard.
4. After installation, restart the workstation.
Related topics:
“To set user profile security” on page 25
“To disable and enable profile signing” on page 26
Related topics:
“To sign a profile” on page 45
Related topics:
“Planning a Profile” on page 27
“To create a profile and target” on page 28
“To install multiple applications through Advanced Install” on page 31
“To install Internet Explorer plug-ins” on page 32
“To include files and folders in a target” on page 32
“To include registry settings” on page 33
“To run an application in the profiler” on page 35
“To select applications for listing in the profile” on page 35
“To set up inter-isolation communication” on page 36
2 Creating Application Profiles 27
Planning a Profile
Using the profiler, create a profile that consists of targets that offer any of the
following resources:
• Applications
• Internet Explorer plug-ins
• Folders and files
• Registry settings
Consider setting inter-isolation communication among targets and profiles.
Profiling a standard application in a target is called a quick install. Profiling
multiple applications in a target is called an advanced install.
With both quick and advanced installs, you specify the following criteria for the
client devices to match:
• Operating system and, optionally, service pack
• System drive letter
• Language
In addition to target criteria, some options affect the entire profile:
• Digitally sign the profile
• Have strict or relaxed security settings
After planning how to deliver your applications, review the basic steps for
creating a profile or target.
Related topics:
“To check for launch prerequisites” on page 42
Note: For subsequent targets, to ensure the current target you are
adding does not conflict with other targets in the profile, click Check
for Target Conflicts. See “To resolve target conflicts” on page 47.
• Quick Install. Select this option if you are installing only one
application and it has an installation program, such as setup.msi or
.exe (selected by default and recommended for normal installations).
• Advanced Install. Select this option only if you are installing
Internet Explorer plug-ins, editing registry settings, installing an
application manually, or installing from multiple installers.
For additional instructions about continuing profile creation with an
advanced install, see “To install multiple applications through
Advanced Install” on page 31.
8. On the Choose Installer page, click Browse to choose an executable file or
a script you run to install the application in the current target. In this step
you are just choosing the installer, not running it. If needed, enter required
command-line arguments. See “To add command-line parameters” on page
34.
9. On the Run Installer page, ensure the installation program and command-
line parameters are correct.
Best Practice: Check Perform virtual restart so that after the application
installer finishes, the profiler simulates a restart. Some applications do not
complete the installation until the computer is restarted. When you click
Next, instead of restarting your profiler workstation, the profiler simulates
a system restart.
Use advanced installations to select resources, including files, folders,
registry settings, and Internet Explorer and plug-ins to add to the profile.
Click Launch Installer. Wait until the installer program launches on the
workstation. For large applications, this can take several minutes. Then
complete the installer program for the application. The destination path
shown in the installer does not matter because the application is installed in
the profile, so accept the default location.
When the application is fully launched and configured on the workstation,
close the application and click Next in the profiling wizard. After the
virtual restart completes, the application is ready to run.
10. On the Run Application page, select and run the application. See “To run
an application in the profiler” on page 35. Close the application before
clicking Next in the profiling wizard.
Best Practice: Run applications once to ensure that you complete all
needed initializations before delivering the application to users. For
example, you might have to enter a product serial number or license key.
11. On the Select Application page, view the list of applications discovered in
the current target. Use the buttons to modify the list of applications that you
2 Creating Application Profiles 31
want to publish later using the Access Management Console. See “To select
applications for listing in the profile” on page 35.
12. On the Sign Profile page, sign the profile with a digital signature, if
needed. See “To sign a profile” on page 45.
13. Click Finish to build the profile. Before clicking Finish, you have the
opportunity to review profile information and edit profile and target
settings.
14. When the wizard closes, save the profile by typing the UNC path to the file
share. Note that a subfolder is created with a name that matches the profile
name.
Prior to saving a profile, an administrator must create a file share with the
“everyone” group assigned READ access and the “administrators” group
assigned WRITE access.
For example, if you enter the following path:
\\citrixserver\profiles
The following Save To storage location appears, based on the values of UNC
Path and Profile Name:
\\citrixserver\profiles\<Profile Name>\<Profile Name>.profile
on the profiler workstation, but might not be on the client device. See
“To include files and folders in a target” on page 32.
• To customize the registry as viewed by the client device, choose Edit
registry. See “To include registry settings” on page 33.
Each of these options provides you with the opportunity to return to this
screen and install additional applications.
2. After installing all the applications you want to include, choose Continue
with none of the above, which enables you to finish creating the target.
Related topics:
“To create a profile and target” on page 28
B. In the Select files list, select the files you want to include in the target
and click the arrow to add them to the Current files lists.
C. Use the buttons at the bottom of the Current files list to create new
folders, rename files and folders, or delete files and folders in the
Current files list.
4. After you include all the files and folders the application requires, simulate
a system restart by checking Perform virtual restart (recommended).
5. Click Finish Installations and click Next.
6. On the Run Application page, click Add (do not select the Run option).
7. In the Open dialog box, enter a shortcut name and browse to the executable
name that you want to run, but make sure to stay within the Device\C
folder. Do not browse to the source location; the path is connected
automatically.
8. Finish the profile, save it to the file share, and publish the profile in the
Access Management Console.
Caution: Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall your operating system. Citrix cannot guarantee that
problems resulting from the incorrect use of Registry Editor can be solved. Use
Registry Editor at your own risk.
Important: Refer to the Installation Checklist for Citrix XenApp for system
requirements on client devices if you plan to deliver profiles with inter-isolation
communication.
When the client runs a profile enabled for inter-isolation communication, the
user-level settings that are stored on that client device by an application in one of
the individual profiles are ignored, and the user-level settings of the application
start fresh as if the application is being launched for the first time. To change this
behavior, write a pre-launch script to migrate settings from specific applications
whenever the linked profile is executed on the client device.
Related topics:
“Inter-Isolation Communication” on page 21
“To create a profile and target” on page 28
“To invoke pre-launch and post-exit scripts for a profile” on page 44
Related topics:
“To edit the profile name, description, or location” on page 40
“To view details about applications in a profile” on page 40
“To view File Type Associations set in a profile” on page 41
2 Creating Application Profiles 39
Note that the version number displayed here is not the same as the target version
number. The version number displayed here is set by the application installer.
Alternatively, click Find Application if the application is missing from the
target.
To modify the remainder of the properties, update the target in which the
application is installed.
Environment
4. Type the value name. The following is an example:
TEMP
5. To select the matching registry type for the prerequisite you are choosing,
use the Type pull-down menu:
• String value (REG_SZ)
• Binary value (REG_BINARY)
• DWORD value (REG_DWORD)
• Multi-string value (REG_MULTI_SZ)
• Expandable string value (REG_EXPAND_SZ)
• QWORD value
When you select a type, the list updates to reflect the registry entries.
In addition to the default file extensions, add new file extensions, if needed, by
adding them on the profiling workstation in the system variable PATHEXT. After
you add them, they are read from the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment in the PATHEXT element.
For example, if you must copy dynamic files each time a user launches a certain
application, create a VB Script or batch file that copies those files or runs a utility
each time the application starts and exits.
After you add pre-launch and post-exit scripts, use the Pre-launch and Post-exit
Scripts page to delete or change the order in which the client runs the scripts. The
client runs scripts in the order they are listed.
After you click OK and save the profile to the file share, all new invocations of
applications in the targets invoke the pre-launch or post-exit scripts in the way
you specified.
To sign a profile
Application streaming to desktops can use digital signatures to authenticate the
origin and integrity of profiles signed by a trusted publisher. The signed profile
applies to all applications and files contained in the profile. Applications from
signed profiles are checked by clients that have a trust list installed and can
authenticate the code-signed certificate against the trust list. When signing is
enabled, the client checks the integrity of each file as it is cached.
After you install and configure your code-signing certificates, sign profiles
through the New Profile, New Target, and Update Target wizards. To view or
modify the signature settings for the profile, from the Tools menu, select Sign
Profile.
To sign a profile, you need a code-signing certificate on the profiler workstation
and a Certificate Trust List certificate for client certificate verification. Also, you
must know the password for the certificate you are using to sign.
• To sign the profile using a certificate residing on the drive, choose Sign
using key from selectable file and browse and select your certificate file
• To sign the profile using the code-signing certificate installed on your
profiler workstation, choose Sign using locally installed certificate
Signing a linked profile created for inter-isolation communication does not sign
the individual profiles automatically. Instead, each linked profile must be signed
separately.
Remove a signature from a signed profile at any time by opening the profile, and
from the Tools menu, select Unsign Profile.
46 Citrix Application Streaming Guide
Additionally, to set a default signature setting for profiles and skip this page in
future profiling, see “To disable and enable profile signing” on page 26.
Modifying Profiles
After you create an initial profile and target, use the profiler to modify and
maintain the profile. For example, to make applications available to clients, add
targets to a profile that match additional and unique combinations of target
criteria. An example is adding separate targets for English, French, German, and
Japanese language-based operating systems.
Related topics:
“To add a target to a profile” on page 46
“To resolve target conflicts” on page 47
“To delete a folder from a profile” on page 48
“To delete a target from a profile” on page 49
“To resolve invalid shortcuts” on page 49
When selecting the service pack supported by the target, use the Supported
Service Pack Levels pull-down menu to choose a rule for considering the
service pack level. Then, type the number representing the service pack
level in the applicable field for Minimum Level, Maximum Level, Exact
Level, or, if for a range, Minimum Level and Maximum Level.
If the new target overlaps with other targets in the profile, a message box
appears showing the target conflict. For more information, see “To resolve
target conflicts” on page 47.
4. Choose an installation option according to the type of application or
number of applications you want to install in a target.
• If you want to add a single application to a target without adding any
additional files, folders, or registry entries, choose Quick Install.
Quick install does not offer you the opportunity to repeat the
installation procedure.
• If you want to add multiple applications to a target or add Internet
Explorer plug-ins, files and folders, or registry settings to the target,
choose Advanced Install. Advanced install provides the opportunity
to repeat the installation procedure as many times as needed to add a
variety of multiple applications to a target.
For instructions about continuing profile creation, see “To create a profile and
target” on page 28. For an advanced install, see “To install multiple applications
through Advanced Install” on page 31.
Important: Files that exist on the profiler workstation's hard drive are not
installed in targets.
50 Citrix Application Streaming Guide
Even if the profiler workstation appears clean and has no installed applications
other than the profiler, sometimes essential programs like antivirus software
include other program installations. In addition, some uninstallers do not remove
all program files from the hard drive.
What should you do?
• If the missing application is not needed for your publishing, do nothing.
Click OK and proceed.
• If the missing application is one that you intend to publish, cancel the
wizard, exit the profiler, and remove the existing files from the profiler
workstation. Then repeat the profiling operation.
Modifying Targets
If users experience problems running applications in a profile, edit the target
properties to resolve some of those problems. To view the targets, with the profile
open in the Profiler, select the target and from the Edit menu, select Target
Properties.
Targets have the following properties:
• General. Contains name and description, as well as the operating systems,
languages, boot drive, version, location, and creation and modification
dates of the current target.
• Applications. Contains names and version numbers of applications
installed in the target, as well as the paths to the application executables,
and whether or not the applications are available in all the other targets in
the profile.
• Target Operating System and Language. Specifies the clients that can
run applications installed in the target.
• Rules. Governs how the isolation environment functions when running an
application on the client.
• Pre-launch Analysis. Ensures the existence of required applications on the
client desktop and required registry entries in the client isolation
environment, before streaming the applications in the target. If the check
box to Use Profile settings is selected, the settings are identical to those in
Profile Properties.
• Pre-launch and Post-exit Scripts. Specifies the scripts to run prior to and
following the execution of applications in the target. If the check box to Use
Profile settings is selected, the settings are identical to those in Profile
Properties.
2 Creating Application Profiles 51
Related topics:
“To edit the target name and description” on page 51
“To modify the application properties in the target” on page 51
“To modify the operating system and language properties of a target” on page 52
“To set pre-launch analysis for a target” on page 53
“To specify scripts other than the default for the current profile” on page 53
“To update a target” on page 53
“To remove an old version of an updated target” on page 54
Related topics:
“To check for launch prerequisites” on page 42
Related topics:
“To invoke pre-launch and post-exit scripts for a profile” on page 44
To update a target
To upgrade an application within a target or add applications to a target, use the
profiler to update a target.
When you update a target, the profiler increments the version number and saves
the target as a new file in the profile.
To provide uninterrupted service to your users, the profiler maintains multiple
versions of each target. After you save the profile, clients use the most recent
version of the target for new application executions. Application executions that
are in progress continue to use the version of the target that was current when the
applications were invoked. This enables you to update targets without forcing
your users to exit the applications and restart. The next time the users run the
application, they run the newest version in the target.
54 Citrix Application Streaming Guide
After saving an updated profile, do not use the profiler to delete or modify
previous versions of an updated target.
1. In the left pane of the profiler, with the profile open, select the target whose
application you want to update.
2. From the Edit menu, choose Update/Install Application.
3. Choose an installation option according to the type of application or
number of applications you want to install in a target.
• If you want to update a single application in a target or add a single
application to a target without adding any additional files, folders, or
registry entries, choose Quick Install. See “To create a profile and
target” on page 28.
• If you want to add multiple applications in a target or add Internet
Explorer plug-ins, files and folders, or registry settings to the target,
choose Advanced Install.See “To install multiple applications
through Advanced Install” on page 31
After you update the target, save the updated profile in the original location. The
next time client devices connect, they stream the updated profile.
If client devices have a previous version of the cabinet file stored in the cache
(such as applications enabled for offline access), the streaming service uses a
technique called differential synchronization to open the cached cabinet file on
the client and compare it with the updated cabinet file in the profile. The service
updates only the changed files and removes outdated files from the cabinet file in
the cache. This feature reduces the time and bandwidth needed to update
applications on the client.
2. In the right pane, on the Information tab, note the path to your updated
CAB file.
The trailing integers of the CAB file name represent the target version
number. For example, the version of the following file is “2”:
\\hostname\fileshare\Profile Name\720edd68-0972-49e6-aa00-
80974eb81d5b_2.cab
To choose CAB files that are obsolete, identify the ones that have trailing
integers of the least value.
3. Use Windows Explorer to delete the obsolete CAB file from the profile on
your file share.
Related topics:
“To delete a target from a profile” on page 49
Related topics:
“Types of Isolation Environment Rules” on page 55
“Prioritization of Rules” on page 57
“Restrictions and Limitations for Rules” on page 57
“Using Environment Variables to Construct Rules” on page 58
Isolate Rules
When clients create a new isolation environment, its default behavior is to isolate
everything with a few exceptions. When an application requests access to a
system resource (such as a file, registry, or named object), a per-user version of
the file or key is created as required. This default behavior relieves most
application conflicts and allows applications to run correctly.
56 Citrix Application Streaming Guide
Isolation rules ensure that per-user level versions of files and keys are created.
This creates an individual copy of each resource that a particular user accesses.
Add this rule to ensure that there is one copy of a resource per isolation
environment. For example, create a rule that isolates the registry hive,
HKEY_LOCAL_MACHINE\SOFTWARE\classes, when you install Microsoft
Office. Because each user does not require a separate version of this hive, create a
rule that isolates this particular registry hive for the isolation environment.
Ignore Rules
Use the rules engine to define “holes” in the isolation environment so that an
application can write to the underlying system. Such rules are called Ignore rules.
There are instances when an application inside an isolation environment needs to
share data with an application outside the isolation environment. For example, in
a scenario where users can print to network printers available within a streamed
to client session, these printers are created automatically when the user connects
to a published application.
Redirect Rules
A Redirect rule redirects an application request for a file or registry key to a
specified location. For example, if an application creates the file, c:\temp\data.txt,
this rule can redirect those files to c:\guidtemp\%USERNAME%, regardless of
the user.
For example, if UserA runs the application in an isolation environment,
c:\temp\data.txt is created in c:\guidtemp\UserA\data.txt.
In this example, the administrator might choose to clean up the \temp directory
each time the system starts up. By redirecting all access of c:\temp directory to
c:\guidtemp on a per-user basis, the administrator can clean up the temporary data
easily at startup.
2 Creating Application Profiles 57
Prioritization of Rules
A rule for an isolation environment is based on a specific location: either a file
path or a registry key path.
Rules are matched by the most specific path to the resource being accessed. A
rule applies to the object (file, registry, or named object) specified and all the
children of the specified object, unless a more specific rule exists.
For instance, if you create the following rules:
• An Ignore rule for the file path:
C:\Documents and Settings\%USERNAME%
Every file and directory created under C:\Documents and
Settings\%USERNAME% is created in the system location because you
specified, through the Ignore rule, that this directory location is not isolated.
If an application opens the file C:\Documents and
Settings\%USERNAME%\ ApplicationData\CompanyA\foo.txt, the Ignore
rule for C:\Documents and Settings\%USERNAME% applies.
• A per user isolation rule for:
C:\Documents and Settings\%USERNAME%\Windows
This rule isolates the per-user Windows directory, C:\Documents and
Settings\%USERNAME%\Windows. If an application opens
C:\Documents and Settings\%USERNAME%\Windows\Win.ini, the
isolate per-user rule for C:\Documents and Settings\Windows applies.
Important: Do not use the wildcard in a rule that applies to a file system
or registry key. By definition, the rule applies to all the children of a path
name.
58 Citrix Application Streaming Guide
• File system rules can apply to either files or directories. Create a rule to
alter the behavior of individual files or of directories and all of the files
within them. For example, you might have a Redirect rule for
C:\temp\fileA.txt, as well as one for C:\temp\subdir1.
• Rules that specify a registry object apply only to registry keys. They do
not apply to registry values.
• Rules for an isolation environment are interpreted at run time. Any
modifications to existing rules are interpreted the next time you launch an
application associated with, or installed in, an isolation environment. If you
are executing an isolated application and modify the rule definitions, these
changes do not affect running applications. The modified rules are
interpreted and take effect the next time the application is executed.
• A rule must be specified in terms of a full directory or key level.
Matches are performed on the full name of a given hierarchy level. For
example, if you create a Redirect rule for C:\temp\file, the rule applies only
to a file or directory called c:\temp\file. The rule does not apply to any files
or directories that have c:\temp\file as part of their name. For example, this
rule does not apply to the file C:\temp\fileA.txt, the directory
c:\temp\filledWithFiles\, or any files under that directory. The same
principle applies for the file system, registry, and named objects (with the
exception of wildcards and named object rules).
Environment variables can also quickly check where certain paths are within a
script. For example, to find out what the file system installation root for an
isolation environment is, use AIE_FSINSTALLROOT.
All environment variables for isolation environments are prefixed with AIE_.
When you create a new isolation environment, a number of default rules apply.
These default rules use the environment variables listed in the following table to
make the rules universally applicable. To view the default rules for application
isolation environments, refer to the list in the Rules wizard.
Note: Exercise caution when using backslash characters (\) with these
environment variables. Ensure that you insert a backslash (\) after an environment
variable before adding additional path information; for example,
AIE_USERAPPLICATIONDATA\MyData\Mine.
The Rules list shows the existing rules for the target and for each rule identifies:
• Arbitrary name for the rule
• Action, which is the isolation environment rule that is being called
• Object on which the action performs
The Rule Description box at the bottom shows the command represented by the
currently selected rule.
To edit the set of rules, use the Add, Copy, Modify, and Delete buttons.
Related topics:
“Overview of Isolation Environment Rules” on page 55
“To use the New Rule wizard to create a rule” on page 61
“To copy a rule” on page 62
“To modify a rule” on page 62
“To delete a rule” on page 62
3. If necessary, modify the default name of the rule. By default, the New Rule
wizard creates a rule name consisting of the name of the action and the
name of the object.
To copy a rule
To copy a rule in the currently defined set of rules, from the Rules tab of Target
Properties, select the rule and then click Copy. The copy operation adds the
copied rule to the top of the list of rule set members. Use the property also to
modify the name, action, or object of the rule.
To modify a rule
To modify a rule in the currently defined set of rules, from the Rules tab of
Target Properties, select the rule and click Modify. Use the New Rule wizard to
define the new rule. Modifying a rule lets you modify the action and objects, but
not the object type.
1. Select the action.
2. On the Select Objects page, add or modify objects.
If the selected action is Ignore, Isolate, or Strictly Isolate:
• If Files and Folders is the object type, use the file browser to select
the files and folders on which you want the rule to operate
• If Registry Entries is the object type, use the Choose Registry
Entry dialog box to select a hive and type a key on which you want
the rule to operate
• If Named Objects is the object type, use the Choose Named Object
dialog box to type the name of the object on which you want the rule
to operate
If the selected action is Redirect, specify the source path, registry entry, or
named object and its destination.
3. If necessary, modify the name of the rule.
To delete a rule
To delete a rule from the currently defined set of rules, from the Rules page of the
Target Properties, select the rule and click Delete.
2 Creating Application Profiles 63
Related topics:
“Manifest File” on page 64
“Targets” on page 64
“Digital Signature” on page 65
“Icons” on page 65
“Scripts” on page 65
64 Citrix Application Streaming Guide
Manifest File
The manifest (.profile) is the top file in the data structure that defines a profile.
The manifest file is an XML-formatted text file that describes a profile. Manifest
files have the file extension .profile.
The information in a manifest file includes:
• Description
• Create date
• Modify date
• User profile security (Boolean)
• Scripts
• File type association
• Internet Explorer application (Boolean)
• Applications
• Targets
The manifest file of a profile created for inter-isolation communication includes
references to the subprofiles and may or may not have targets listed in the
manifest file.
Targets
Each target consists of a cabinet file (CAB file) representing a compressed
subdirectory structure within the profile structure.
Target CAB file names are based on the target GUID and version. The association
to a user level concept, such as “MS Office,” comes from the profile manifest.
Each time a target is created, it is assigned a GUID so it can be uniquely
identified and independently cached on the client device. The GUID is used to set
the name of the isolation environment so that no two different installations of the
same named target occupy the same location in the execution system cache. The
directory used to store the isolation environment on the client device also
includes the version number of the target. In this way, when you update a target,
client devices are assured that the execution InstallRoot accurately reflects the
install root of the target you defined. For speed, the client device locally updates
the internal file cache when a target version is updated rather than reloading from
the server.
2 Creating Application Profiles 65
Digital Signature
You have the option of digitally signing the contents of a profile. The manifest
file indicates if the profile is signed, and when signed, the manifest file is digitally
signed to sign the entire profile. The hashes for all files in a target are stored in a
single file, Hashes.txt.
The same process is conducted for all of the profile level files. The SHA 1 of the
Hashes.txt file at the profile level is stored in the manifest, and the SHA 1 of each
target in the profile is stored in the manifest. Because the manifest file is digitally
signed, the SHA 1 of each file listed in each Hashes.txt file can be authenticated.
Icons
To keep the manifest file size small, the binary data that represents the application
icons is stored in a separate file called icondata.bin. The profiler stores all icons
for the installed application. When you publish the streamed application, you
have the option to change the icon by choosing among the set of icons that the
application installed or other icons that you prefer.
Scripts
You specify when the XenApp Plugin for Streamed Apps executes scripts
associated with a profile or target:
• Before the client executes the first application from a profile
• After the client terminates the last application from a profile
Intermediate applications executed from a profile do not invoke pre-launch or
post-exit scripts.
Scripts are commonly .CMD files, but can be any file executable by Windows.
You create pre-launch and post-exit scripts independent of the profiler and add
them to the profile using the profiler, including these settings:
• A disk file that is executed
• Arguments for the executable
• A Boolean value indicating whether or not the script is enabled
66 Citrix Application Streaming Guide
After creating a script, use the profiler to add the script to a target.When you add
a script to a target, the profiler copies the script file to the profile. The profiler
also retains the original file name of the script.
If an .EXE script requires a .DLL file, add a script for the .DLL file and disable it.
The .DLL file is available for the script to load, but the client does not run the
disabled .DLL. For example, use this technique to add a signed .DLL to the
profile even though it is not executed.
3
After you create profiles for streaming applications using the Streaming Profiler,
you make them available to users by publishing the applications. The Publish
Application wizard in the Access Management Console guides you through the
process of selecting the streaming options.
Read the following topics to become more familiar with the options available for
application streaming:
• “Publishing Streamed Applications” on page 67
• “Selecting the Delivery Method for Streamed Applications” on page 73
• “Configuring Offline Access to Applications Streamed to Desktop” on page
78
• “Setting Streamed Application Properties” on page 86
Important: For users to stream applications through a Web Interface site using
an Internet Explorer or Firefox browser, you must add the site to the Trusted sites
list in Internet Explorer.
3 Managing Streamed Applications 69
For information about managing application types on Web Interface sites, see the
Web Interface Administrator’s Guide.
After you ensure all of these tasks are complete, publish the application on
XenApp to stream to a server.
Important: Before you begin, refer to Getting Started with Citrix XenApp to
review the new and discontinued features for publishing applications on XenApp
for Windows Server 2008.
Additionally, refer to the Installation Checklist for Citrix XenApp for supported
platforms and system prerequisites.
1. Under the XenApp node of the Access Management Console, expand the
farm to which you want to publish an application.
2. Select the Applications node and from the Common Tasks pane, choose
New > Folder. Create a folder for the application you are publishing.
3. Select the folder you created and from the Common Tasks pane, choose
New > Publish application.
4. In the Publish Application wizard, on the Name page, provide a display
name (maximum 256 characters) and application description. The name
appears on clients devices when users access the application and on the
Access Management Console for the farm applications. Note that all
applications enabled for offline access must have unique names across all
farms.
5. On the Type page:
• Select Application.
• Select the delivery method. For more information, see “Selecting the
Delivery Method for Streamed Applications” on page 73.
6. On the Location page:
• Browse to the application profile on the file share where the .profile
file is stored or type the UNC path to the .profile file; for example:
\\citrixserver\profiles\Adobe Reader\Adobe Reader.profile.
• After you select a profile, the application drop-down list is populated
with the applications in the profile.
70 Citrix Application Streaming Guide
• From the drop-down list, select the application to publish. For more
information, see “To configure locations of profiled applications for
publishing” on page 77.
For information about creating alternate profiles for specific IP
ranges, see “To configure alternate profiles” on page 91.
7. On the Servers page, add the servers on which the published application
runs when accessed by an ICA connection. For more information, see “To
configure locations of servers for published applications” on page 78.
8. For applications configured to stream to clients only, the wizard continues
with the Offline Access page on which you specify whether or not users
can run the published application in offline mode.
For more information about this option, see “Configuring Offline Access to
Applications Streamed to Desktop” on page 78.
If you enable the application for offline access:
• Specify how you want the plugin to cache the necessary application
files on the client device: at logon or at launch. For more information,
see “To enable an application for offline access” on page 84.
• Click Configure Offline Access Users to open the farm property for
Offline Access > Users and create the Configured users list of users
and groups that have permission to run enabled applications in offline
mode. Alternatively, configure this list later in the farm properties.
For more information, see “To configure users for offline access
permission” on page 80.
9. On the Users page, create the Configured users list for users or groups
who have access to the application. For more information, see “To
configure users for streamed applications” on page 88.
10. On the Shortcut presentation page, select the icon for the application and
choose how the application is enumerated on the client device. For more
information, see “To configure shortcuts” on page 89.
3 Managing Streamed Applications 71
11. On the Publish immediately page, choose whether or not to make the
published application immediately available to users.
• By default, the published application is available when you click
Finish
• To prevent users from accessing the application until you manually
enable it through application properties, select Disable application
initially
12. To view and select advanced options, check Configure advanced
application settings now. Note that the available options depend on your
delivery type. Alternatively, modify the advanced settings later using the
application properties described in the following topics:
• “To configure access controlled by the Access Gateway” on page 90.
• “To associate published applications with file types” on page 91.
• “To configure alternate profiles” on page 91.
• “To reduce user privileges for a streamed application” on page 92
• “To configure application limits” on page 92
• “To specify client options” on page 93
• “To configure application appearance” on page 95
When you finish, published applications (unless disabled) are available for users.
9. Finish the remaining pages of the wizard. The application is ready to stream
to the client device using the HTTP delivery method.
To stream from an HTTPS address from Windows Server 2008 additional
configuration is required on the Web server. An appropriate Web Server
Certificate must be already installed:
1. From IIS, edit the Bindings for the Web Site.
2. In the Site Bindings dialog, click Add.
3. Under Type, choose https.
4. For SSL certificate, choose the installed Web Server Certificate.
5. Using the example above, browse to https://WebServer/webProfiles on
the Web server, which must be a member of the domain and have the root
certificate installed.
To stream from an HTTPS address from Windows Server 2003, install a Web
Server Certificate from a domain certificate authority:
1. From IIS, open Properties for the virtual Web site.
2. Click the Directory Security tab.
3. Under Server Communications, click Server Certificate.
4. Complete the Web Server Certificate wizard, and using the example above,
browse to https://WebServer/webProfiles on the Web server, which must
be a member of the domain and have the root certificate installed.
Related topics:
“To select a streaming delivery method” on page 74
74 Citrix Application Streaming Guide
This table describes the default delivery of each application type and the results
of setting the policy. The policy overrides the delivery protocol for applications
that are published as “streamed to client.”
Important: For installed applications, select the server where the published
application is installed. For streamed-to-server applications, select the server to
which the profiled application will stream and execute.
• The Servers list displays the servers that belong to the farm. Initially, all
servers in the farm appear. Use a filter to display only servers running a
particular operating system or Citrix version.
Note: If you apply a filter (in the Select Servers dialog box), the filter
settings remain in effect each time the Publish Application wizard is run
until the filter is removed or changed.
• Use the Import from file option to import an application server list file
(*.asl). You export the server list of a previously published application and
then import this settings file when creating a new published application.
If you modify your servers for a published application, some users may not be in
a trusted domain for that server. If you receive an error message when trying to
modify configured servers for a published application, duplicate the application
and then modify the servers and users lists of the new application.
The offline access feature is available only for applications that you publish as
Streamed to client or Streamed if possible, otherwise accessed from a server.
To enable the offline access feature, configure the following settings using the
Access Management Console:
• Configure the farm-wide properties for offline access.
• “To configure users for offline access permission” on page 80
• “To set the license period for offline users” on page 83
• Configure the application properties for offline access. For information, see
the following topics:
• “To enable an application for offline access” on page 84
• “To configure users for streamed applications” on page 88
Users who have offline access permission for the farm and permission to access
the published application must launch the application through Citrix XenApp to
use the offline access feature.
The XenApp Plugin for Streamed Apps caches each streamed application on the
hard drive of the client workstation. After the application is cached, the user can
disconnect from the network or server and continue to run the application in
offline mode for the period of time specified in the license.
You do not need to do any additional configuration in the streaming profiler to
create application profiles or targets with applications that can be accessed
offline. Save the profiles to a network file share normally so they are available for
publishing using the Access Management Console.
Administrators must create a list of users who have offline access permission.
This list can be completed during publishing or later in the farm properties. Users
or groups listed in this farm property (and who are also configured for the
application) have permission to run offline-enabled applications in offline mode.
Users or groups on this list use an offline license to launch applications regardless
of whether they are online or offline.
80 Citrix Application Streaming Guide
Note: You must also add the users to the configured users list for the
applications that they can access offline. Users who are configured for the
application in this wizard, but who are not added to the configured users list for
offline access in the farm, can access the application online but not offline.
Note: This option has several limitations. You can browse only
account authorities and select users and groups who are accessible
from the computer running the Access Management Console. In
addition, you might initially select users and groups outside the trust
intersection of the farm that causes errors later. Other limitations
include the inability to add NDS users and groups and Citrix built-in
users.
When you click OK, the list of user accounts is added to the Configured
Accounts list. Changes take effect the next time the user launches the application.
Alternatively, as you publish and configure applications in the Publish
Applications wizard, on the Users page of the wizard, click Configure Offline
Access Users. This action opens the farm property.
Related topics:
“Indirect Membership to the Offline Access User List” on page 82
“To set the license period for offline users” on page 83
“To enable an application for offline access” on page 84
“To configure users for streamed applications” on page 88
82 Citrix Application Streaming Guide
A user who is in the application user list and is also a member of a group that has offline
access permission, indirectly has offline access to the application.
Specify subgroups of larger groups for indirect access. For example:
• Group A contains Subgroups B and C
• Users of Subgroup B have farm-wide permission for offline access
• Group A has permission for access to the application
With this grouping, only members of Group B can access the application offline
or online (even though Group B is not explicitly added to the application user
list), while Group C can access the application only when online.
3 Managing Streamed Applications 83
Users in subgroups have their own access permissions as well as the indirect access
permissions of any groups or subgroups to which they belong.
3. Set the license period. The license period, 21 days by default, can range
from 2 to 365 days. This number specifies the number of days that users can
run the application both online and offline before they have to renew the
license.
To configure licenses, administrators can use the License Management Console
or command-line tools. They must also ensure they have a sufficient number of
licenses to support the total number of users with offline access permission. For
more information, see the Getting Started with Citrix Licensing Guide.
Tip: If, later, some operation in the application fails offline due to a missing
component, it will fail while connected as well. The solution is to ensure that you
package all the necessary components by thoroughly testing the package.
The server fully caches applications enabled for offline access on client
workstations; the entire application is sent to client workstations while the user is
online so that the user can launch the application offline and have full
functionality of the application. By default, applications are cached when a user
logs on.
3 Managing Streamed Applications 85
Related topics:
“To view or modify properties for an application” on page 86
“To name and describe the application” on page 86
“To specify the application and location” on page 87
“To configure users for streamed applications” on page 88
“To configure shortcuts” on page 89
“To configure access controlled by the Access Gateway” on page 90
“To associate published applications with file types” on page 91
“To configure alternate profiles” on page 91
“To configure application limits” on page 92
“To configure application appearance” on page 95
“To reduce user privileges for a streamed application” on page 92
Set the name and description as you publish in the Publish Application wizard, or
later from the Basic Properties page. Choose Name to view or modify the
following options:
• Display name appears in the Access Management Console
• Application name appears to end-users
• Application description
The console updates the application name for the renamed application. If a
duplicate Application Name is found in the farm, a four-digit hexadecimal
number is appended to the original string. If the character limit is reached and
duplicated, the console replaces the end characters with four-digit hexadecimal
numbers, starting from the right.
Related topics:
“To add command-line parameters” on page 34
88 Citrix Application Streaming Guide
Note: As a best practice, use groups for unique roles to categorize and assign
permissions to large numbers of users. An application published to one group of
1,000 users requires the validation of only one object for all 1,000 users. That
same application published to 1,000 individual user accounts requires the
validation of 1,000 objects.
1. Select Allow only configured users (not selected by default). This option
does not appear for applications enabled for offline access.
2. Use the Select directory type drop-down box to select either Citrix User
Selector or Operating System User Selector.
3. Click Add.
If you selected Citrix User Selector, complete the following tasks in the
Select Users or Groups dialog box:
• Select your account authority from the Look in drop-down list. The
drop-down list contains all trusted account authorities configured on
the servers in the farm. These include Novell Directory Services
(NDS) trees, Windows NT domains, Active Directory domains, and
local servers. (NDS trees appear only if previously configured.)
When you select an account authority, the user accounts that are part
of the selected authority appear in the window below the drop-down
list. By default, only user groups appear.
• Select Show users to display all user names in the selected domain.
This option displays every user in the selected domain. For NDS,
alias objects also appear. The user accounts you select are listed in
Configured users.
Tip: Instead of selecting names from the list, type them in a text
box. To do this, click Add List of Names and use semicolons (;) to
separate names.
Note: This option has several limitations. You can browse only account
authorities and select users and groups that are accessible from the
computer running the Access Management Console. In addition, you might
initially select users and groups outside the trust intersection of the farm,
which causes errors later. Other limitations include the inability to add NDS
users and groups.
The list of user accounts is added to the Configured Accounts list. Changes take
effect the next time the user launches the application.
To configure shortcuts
Configure or modify the application shortcut presented to client devices on the
Shortcut presentation page of the Application Publishing wizard or by selecting
Modify application properties > Modify all properties > Basic > Shortcut
presentation.
1. To select a new icon for the application, click Change icon and use the
options on the window.
2. To organize applications within folders on the client device, under Client
application folder, enter a folder name for this application. When users
view their Citrix XenApp applications, this application appears in the
folder you entered.
3. To specify the placement of the application shortcut, in the Application
shortcut placement section, select one or more of these options:
• Add to the client’s Start menu. Creates a shortcut to this application
in the user’s local Start menu. A folder appears in the first pane of the
Start menu in the location you select:
• Place under Programs folder. This option creates a shortcut
under the Programs folder of the local Start menu. If a folder
structure is specified in the Start Menu Folder text box, the
folder structure is created within the local Programs folder.
• Start menu folder. The location of the shortcut within the Start
menu (or Programs folder, if selected). For example, to have
the application appear under a folder called “Reports,” enter
Reports. For more than one level of folders, separate each
folder name with a backslash; for example,
“Reports\HR\survey.” If no folder structure is specified, the
application is available from the top level of the Start menu.
90 Citrix Application Streaming Guide
Important: To use this feature, set your servers that receive XML requests to
trust those requests.
Important: Before you select this option, test the application with a limited
access configuration. Some applications expect users to have elevated privileges
and might fail to operate correctly when launched by users with a least-privileged
user account.
If you select Minimum requirement under the Encryption list box, plugins can
connect to the published application only if they are communicating using the
specified level of encryption or higher. After you set this encryption level on the
server, any plugins connecting with that server must connect at that encryption
level or higher. This means the following:
• If you do not select the Minimum requirement check box, the Program
Neighborhood connections to the server are encrypted at the level that you
set in Program Neighborhood. If the two encryption levels on the server and
in Program Neighborhood do not match, you can still connect. The
encryption settings you specify in Program Neighborhood override the
encryption level set for the application.
• If you select the Minimum requirement check box, the Program
Neighborhood connections to the server must be encrypted at the same
level that you set on the server or the server refuses the transmission and the
session is dropped.
If a plugin is running on a 64-bit computer, only basic encryption is supported. In
this situation, setting a level of encryption higher than Basic and selecting the
minimum requirements check box prevents plugins from connecting.
Specify plugin audio options through the Client options page of the Publish
Application wizard, or from the Action menu, select Modify application
properties > Modify all properties > Advanced > Client options.
• Select Client audio options:
Enable legacy audio. Select this option to allow audio support for
applications to which SpeedScreen Multimedia Acceleration does not
apply.
• Enable SSL and TLS protocols. This option requests the use of the
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols for plugins connecting to the published application.
• Encryption. Select an RC5 encryption level for the ICA connection.
• In the Printing section, select or clear Start this application without
waiting for client printers to be created.
Selecting this option can allow the plugin to connect faster. However, if you
select this option, the printers may take a few seconds to be created; do not
select this option for applications that print to the printer immediately after
being launched.
Overview
The XenApp Plugin for Streamed Apps is the component of the application
streaming feature that provides client-side application virtualization. After you or
users install the plugin on their client devices, it runs as a service in the
background, invisible to users, to provide the streaming functionality and access
published resources.
Before installing or configuring the plugin, administrators should know the
following information:
• The server farm to which client devices connect
• The operating systems on the client devices
When you publish profiled applications for streaming, the method you select
determines the type of additional components your users need to access the
applications.
Either of the following combinations is available with the application streaming
feature:
98 Citrix Application Streaming Guide
XenApp Plugin for Streamed Apps and XenApp Plugin for Hosted Apps.
Install both the client-side and server-side plugins on client devices to make
available the full set of application streaming features. Installing both the
XenApp Plugin for Streamed Apps with the XenApp Plugin for Hosted Apps
enables you to enumerate published applications in the desktop Start menu and
create shortcuts on the desktop. Use this combination to stream applications
directly to client desktops. In addition to desktop integration, XenApp Plugin for
Hosted Apps also enables users to go offline with published applications.
XenApp Plugin for Hosted Apps is centrally administered and configured in the
Access Management Console using a site created in association with a site for the
server running the Web Interface. For information about installing and
configuring the XenApp Plugin for Hosted Apps, see the XenApp Plugin for
Hosted Apps Administrator’s Guide.
XenApp Plugin for Streamed Apps with a Web browser. Install the XenApp
Plugin for Streamed Apps by itself on the client device, and the user can access
published applications through a Web browser using the Web Interface site you
create. For this access method, only the XenApp Plugin for Streamed Apps is
required on the client device. Note that offline access to applications and desktop
integration are not available when using this access method.
Related topics:
“Access Method” on page 99
“Plugin Management and Administration” on page 99
4 Managing the XenApp Plugin for Streamed Apps 99
Access Method
The XenApp Plugin for Streamed Apps runs as a service on the client device to
invoke applications the user selects and applications enumerated by XenApp
Plugin for Hosted Apps or the Web Interface site.
The plugin does not require user configuration and does not have a user interface.
After installation and restarting the computer, the plugin runs in the background
and, except for error and status messages, is not visible to your users.
When users stream a profiled application to their computer, the plugin finds the
correct profile target for the client device, creates an isolation environment on the
client device, and streams to the client device the necessary files for the
application to run within the isolation environment.
Features such as streaming to client devices, offline access, and desktop
integration are available only if you install the XenApp Plugins for both Hosted
and Streamed Apps.
Related topics:
“To install the XenApp Plugin for Streamed Apps” on page 100
“To configure the XenApp Plugin for Streamed Apps” on page 100
“To deploy the XenApp Plugin for Streamed Apps” on page 101
100 Citrix Application Streaming Guide
Important: Before you install the plugin, refer to the Installation Checklist for
Citrix XenApp for the supported platforms and system prerequisites.
After installation, restart the computer to start the streaming services and ensure
that other applications and plugins detect the streaming plugin.
For best results, use the Windows uninstall program to remove any previous
version of the streaming client. Close all running programs before starting the
installer.
1. From the installation media, navigate to Clients > Streaming and run
XenAppStreaming.exe.
2. If the installer detects an installed version, the installer can upgrade or
repair the installation.
3. Choose the language in which you want the plugin installer to run. (In this
step, you are choosing the language for the installer, not the language of the
plugin.)
4. After the Welcome screen, accept the license agreement and continue with
the installation wizard.
5. After you finish the installation, restart the computer.
After installing the plugin and restarting the client device, the Citrix Streaming
Service starts automatically and runs in the background as the user
Ctx_StreamingSvc.
Restarting the client device also ensures that other applications and plugins detect
the streaming plugin.
Before caching files, the plugin checks the size of this cache. If the cache size
exceeds a maximum limit, the plugin removes streamed application files from the
cache until its size is smaller than the limit. The plugin removes streamed
application files starting with the one that was least recently used.
The default cache size limit is 1000MB (1GB) or 5% of total disk space,
whichever is larger.
To change the default cache location or the default maximum cache size, use the
ClientCache tool that you run on the client device where the plugin is installed.
To start the tool, run the following program:
%PROGRAMFILES%\Citrix\Streaming Client\ClientCache.exe
Running ClientCache.exe on the computer on which the XenApp Plugin for
Streamed Apps is installed enables you to change the location of the cache and
the maximum cache size. Entries you make using clientcache.exe are stored in the
registry and become the new defaults.
The following are some guidelines for changing these defaults:
Client cache directory. The cache location you specify must be on a local drive
and can be on a volume other than the main volume.
Maximum client cache size. When specifying a cache size, use an integer
representing the cache size in megabytes. For example, the following represents
two gigabytes: 2000.
The maximum size of the cache is restricted to the size of the local drive.
Changes you make using client cache take effect the next time you start the plugin
or restart the Citrix Streaming Service.
Related topics:
“To install the XenApp Plugin for Streamed Apps using command-line
parameters” on page 102
“To configure an .MSI package using transforms” on page 104
“To deploy the XenApp Plugin for Streamed Apps to client devices through
Active Directory” on page 104
102 Citrix Application Streaming Guide
Related topics:
“To install the XenApp Plugin for Streamed Apps using command-line
parameters” on page 102
“To configure an .MSI package using transforms” on page 104
“To deploy the XenApp Plugin for Streamed Apps to client devices through
Active Directory” on page 104
“To deploy applications to client devices” on page 106
“To clear the streamed application cache on client devices” on page 107
where appname is the name of the application and profilename is the name
of the profile as listed using the radedeploy /enum command, either a
.profile or.rad file. Profile names with embedded spaces should be quoted,
such as deploy:“my profile”.
3. Set your options as needed, including the following parameters:
• /enum enumerates the applications currently deployed on the client
device.
• /deploy adds the profiled application on the client device.
• /delete removes the profiled application from the client device.
• -m monitors the deployment until complete.
• -p deletes the application profile from the client device. Note that this
command also removes any other applications deployed on the client
device from this application profile.
4. Repeat for other applications, as needed.
4 Managing the XenApp Plugin for Streamed Apps 107
Note: Before using the RadeCache command, make sure that the application
programs and processes are terminated on the client device. For large applications
such as Microsoft Office, this can take up to 10 minutes.
1. On the computer where you want to clear the cache, type the following at a
command prompt:
radecache [-i] [-if] [-ir] [-u] [-uf] [–ur]
[/flush:GUID]
radecache [/flushall]
radecache [/?]
where GUID is the unique GUID for the application streamed to client
devices. GUIDs must not include spaces.
2. Set your options as needed, including the following parameters:
• /? displays the syntax for the utility and information about the options
of the utility
• -i clears the registry and files in the install root
• -if clears only files in the install root
• -ir clears only the registry in the install root
• -u clears the registry and files in the user root
• -uf clears only the files in the user root
• -ur clears only the registry in the user root
• /flushall clears the registry and files in both the install root and user
root for all streamed applications
108 Citrix Application Streaming Guide
A applications
accessed from a server 74
access alternate application profiles 91
connection types 90 associate with file types 91
offline 70, 78, 84 cache status 85
accessed from a server application 74 change application location 87
Active Directory 104 change name and description 86
administrator accounts 92 configure limits 92
advanced installation 30–31 configure shortcuts 89
alternate application profiles 91 delivery method 73–74
application importance 92 installing into target 30
application limits 92 modify properties 86
application properties modifying properties 51
access connection types 90 policy for delivery method 75
caching method 84 profiling overview 17
configure users for access 70 publishing wizard 69
indirect access 82 reduce user privileges 92
offline access 70, 78 running in the profiler 35
application streaming selecting for listing in the profile 35
benefits 8 setting properties 86
streamed if possible, otherwise accessed from
server 74
type 73
viewing details 40
architecture diagram 12
B
benefits of application streaming 8
C
caching methods
at application launch 85
pre-cache at log on 85
Citrix Access Gateway
connection types 90
trust relationships 90
Citrix Access Management Console
discovery 69
110 Citrix Application Streaming Guide
N profiles
adding a target 46
new features 10 adding default post-exit scripts 44
new rule wizard 61 adding default pre-launch scripts 44
Novell Directory Services (NDS) support alternate profiles 91
preferred tree 80 configure limits 92
contents on the file server 63
O creating 28
disabling and enabling signing 26
offline access
editing properties 38
caching methods 84
initializing 26
configuring 78
invoking pre-launch and post-exit scripts 44
enabling applications 84
overview 16
indirect membership 82
planning 27
license period 84
post-exit scripts 44
license type 83
pre-launch scripts 44
users 79, 81
prerequisites 42
operating systems
selecting applications 35
language 20
setting preferences 24
overview
signing 45
client-side virtualization 97
viewing details of applications 40
overviews
viewing file type associations 41
application profiling 17
viewing information 39
Citrix Streaming Profiler 16
viewing properties 38
profiles 16
publishing applications
procedures 67
P
plugin Q
configuration 100
quick installation 30
installation 99
post-exit scripts
for a profile 44 R
for a target 53 radecache 107
pre-deploying applications to clients devices 106 radedeploy 106
preferential load balancing redirect rules 56
application importance 92 reduce user privileges 92
pre-launch analysis 42 registry settings
for a target 53 customized 33
pre-launch analysis for a target 53 resources, installing multiple 31
pre-launch scripts reviewing profile information and re-editing 31
for a profile 44 rules
for profiles 44 adding 61
or a target 53 copying 62
prerequisites defaults for isolation environments 59
applications 43 deleting 62
binary files 43 environment variables to construct rule 58
profiles 42 ignore 56
registry entries 43 modify rule wizard 62
profiler prioritization 57
supported operating systems 17 redirect 56
restrictions 57
112 Citrix Application Streaming Guide
S U
service pack level 19 users
session importance 92 least-privileged accounts 92
silent installation of plugin 102 offline 79, 81
stream to client 68 profile security settings 25, 41
stream to server 68
streamed if possible, otherwise virtualize from XenApp
74
V
streaming profiler 11, 13, 16 view details
installing 23–24 applications in profiles 40
running an application 35
strictly isolate rules 56 W
system drive letter 20
Web access
HTTP protocol support 71
T wizards
targets 18 application publishing 69
adding to a profile 46
creating 26 X
deleting from a profile 49
XenApp Plugin for Hosted Apps 98
deleting old version 54
XenApp Plugin for Streamed Apps 11, 13, 97–98
editing properties 50
deploy 101
including files and folders 32
initializing 26
installing an application 30
installing multiple resources 31
invoking pre-launch and post-exit scripts 53
isolation environment rules 60
modifying language properties 52
modifying name and description 51
modifying the operating system 52
multiple resources 31
post-exit scripts 53
pre-launch analysis 53
pre-launch scripts 53
specifying scripts 53
supported operating systems 19
updating 53
viewing information 50
viewing properties 50
transform
configuring MSI packages 104
trust client 77
trust relationships
Citrix Access Gateway 90