章鱼体验思杰第二天：

How typical deployments work典型的部署是怎么工作的
A XenApp and XenDesktop Site is made up of machines with dedicated roles that allow for scalability, high availability, and
failover, and provide a solution that is secure by design. A XenApp or XenDesktop Site consists of VDA-installed servers and

desktop machines, and the Delivery Controller, which manages access.

XenApp and XenDesktop Site是由专用角色的机器所组成，并且具备可伸缩性，高可用和容错，并通过安全设计的解决方案。XenApp and XenDesktop Site由安装了VDA的服务器和桌面机器、管理连接的分发控制器组成。

The VDA enables users to connect to desktops and applications. It is installed on server or desktop machines in the data
center for most delivery methods, but it can also be installed on physical PCs for Remote PC Access.
The Controller is made up of independent Windows services that manage resources, applications, and desktops, and
optimize and balance user connections. Each Site has one or more Controllers, and because sessions are dependent on
latency, bandwidth, and network reliability, all Controllers ideally should be on the same LAN.
Users never directly access the Controller. The VDA serves as an intermediary between users and the Controller. When users
log on to the Site using StoreFront, their credentials are passed through to the Broker Service on the Controller, which
obtains their profiles and available resources based on the policies set for them.
VDA让用户们可以去连接到桌面和应用程序。它被安装在服务器或者桌面机器，但是它也会由于要远程PC连接被安装在物理PC。

Controller由独立的Windows services 组成，它管理着资源，应用，桌面，优化均衡用户会话连接。每个Site有一个或者多个Controllers，并且因为会话依赖于延迟，贷款和网络的可靠性，所有的Controllers 理论上地应该在同一个LAN.

用户从不直接地连接Controller。VDA在用户与Controller之间提供了一个中间人。当用户登录使用StoreFront到SIte，它们的证书会被通往去Controller的Broker Service，这个包含了它们的profiles和它们的基于策略集的可用资源。

How user connections are handled用户会话连接如何处理
To start a XenApp or XenDesktop session, the user connects either through Citrix Receiver, which is installed on the user's
device, or a StoreFront Citrix Receiver for Web site.

开始一个会话，用户连接既要通过思杰接收器（它被安装在用户设备上），也要经过StoreFront 思杰接收器到Web Site

The user selects the physical or virtual desktop or virtual application that is needed.

用户选择物理或虚拟桌面或者虚拟应用程序

The user's credentials move through this pathway to access the Controller, which determines which resources are needed
by communicating with a Broker Service. Citrix recommends that administrators place an SSL certificate on StoreFront to
encrypt the credentials coming from Citrix Receiver.
用户证书的移动是通过这个路径连接到Controller，这就决定了联系Broker Service是需要它的资源的。思杰建议管理员放置一个SSL证书在StoreFront去加密来自司机接收器的证书。

The Broker Service determines which desktops and applications the user is allowed to access.

Broker Service决定那个桌面和应用程序给谁用

After the credentials are verified, information about available applications or desktops is sent back to the user through the
StoreFront-Citrix Receiver pathway. When the user selects applications or desktops from this list, that information goes
back down the pathway to the Controller, which determines the proper VDA to host the specific applications or desktop.
The Controller sends a message to the VDA with the user's credentials, and then sends all the data about the user and the
connection to the VDA. The VDA accepts the connection and sends the information back through the same pathways to
Citrix Receiver. A set of required parameters is collected on StoreFront. These parameters are then sent to Citrix Receiver,
either as part of the Receiver-StoreFront protocol conversation, or converted to an Independent Computing Architecture
(ICA) file and downloaded. As long as the Site was properly set up, the credentials remain encrypted throughout this
process.

在证书被验证过后，应用程序或者桌面确定是可用的这个通知信息会发送回用户，走的是StoreFront-Citrix Receiver这条路径。当用户从这个列表选择应用程序或桌面，通知信息走回那路径给到Controller，这就决定了相关的VDA去hostapplications or desktop。

Controller 发送带有用户证书的信息到VDA，然后并发送所有有关用户和连接会话信息到VDA。VDA接收这个连接会话并通过走同样的路径发送通知信息给到思杰接收器。请求的属性集合被StoreFront上收集。这些属性稍后会被发送到思杰接收器，既作为Receiver-StoreFront 协议会话的一部分，也被转换到一个ICA文件并被下载。只要Site 被正确配置，证书始终保持着加密状态。

The ICA file is copied to the user's device and establishes a direct connection between the device and the ICA stack running
on the VDA. This connection bypasses the management infrastructure (Citrix Receiver, StoreFront, and Controller).
The connection between Citrix Receiver and the VDA uses the Citrix Gateway Protocol (CGP). If a connection is lost, the
Session Reliability feature enables the user to reconnect to the VDA rather than having to relaunch through the
management infrastructure. Session Reliability can be enabled or disabled in Citrix policies.
After the client connects to the VDA, the VDA notifies the Controller that the user is logged on, and the Controller sends
this information to the Site database and starts logging data in the Monitoring database.
ICA文件被复制到用户设备并在设备与ICA stack （跑在VDA上）之间建立了一个直接连接。这个连接绕开了管理架构(Citrix Receiver, StoreFront, and Controller)。

这个游离在思杰接收器和VDA之间的连接使用了CGP网关协议。如果一个连接丢失了，Session Reliability特性使用户有能力重新连接到这个VDA而不是通过管理架构的重新启动。Session Reliability在思杰策略中可以被开启与关闭。

在一个客户端连接了VDA之后，VDA通知Controller：用户已经登录了，接着Controller发送这个通知到Site的数据库并启动登录数据的记录。

How data access works数据连接是怎么工作的

Every XenApp or XenDesktop session produces data that IT can access through Studio or Director. Using Studio,
administrators can access real-time data from the Broker Agent to better manage sites. Director accesses to the same
real-time data plus historical data stored in the Monitoring database, as well as HDX data from NetScaler Gateway for
help-desk support and troubleshooting

每个XenApp or XenDesktop会话产生的数据，IT人员可以通过Studio或者Director来连接。使用Studio，管理员可以连接从Broker Agent的实时数据去到更好地管理 sites。Direcotr连接同样这个存储于Monitoring数据库里头的实时数据加上历史数据，来自NetScaler Gateway的HDX数据也是给桌面支持与排错

Within the Controller, the Broker Service reports session data for every session on the machine providing real-time data. The
Monitor Service also tracks the real-time data and stores it as historical data in the Monitoring database.
Studio communicates only with the Broker Service; therefore, it accesses only to real-time data. Director communicates
with the Broker Service (through a plugin in the Broker Agent) to access the Site database.
Director can also access NetScaler Gateway to get information on the HDX data.

游离在Controller, the Broker Service之间的报告会话数据提供了实时数据。Monitor Service 也追踪实时数据和保存它作为历史数据到Monitoring 数据库。Studio 仅仅来联系Broker Service；因此，它仅仅连接实时数据。Director 联系Broker Service （通过一个在Broker Agent的插件）去连接Site数据库。

Director也会连接NetScaler Gateway 去从HDX数据上获取通知信息。

Deliver desktops and applications: Machine Catalogs,
Delivery Groups, and Application Groups分发桌面和应用程序：机器目录，分发组，和应用程序组
You set up the machines that will deliver applications and desktops with Machine Catalogs. Then, you create Delivery
Groups that specify the applications and desktops that will be available (using some or all of the machines in the catalogs),
and which users can access them.

你准备这个将要分发应用程序和桌面的机器，这个机器带有Machine Catalogs。然后，你创建了分发组，这个分发组会定义可用的应用程序和桌面（在目中使用一些或者全部机器），并且用户可以连接是那个它们。

Machine Catalogs
Machine Catalogs are collections of virtual or physical machines that you manage as a single entity. These machines, and
the application or virtual desktops on them, are the resources you provide to your users. All the machines in a catalog have
the same operating system and the same VDA installed. They also have the same applications or virtual desktops.
Typically, you create a master image and use it to create identical VMs in the catalog. For VMs you can specify the
provisioning method for the machines in that catalog: Citrix tools (PVS or MCS) or other tools. Alternatively, you can use
your own existing images. In that case, you must manage target devices on an individual basis or collectively using thirdparty electronic software distribution (ESD) tools.

Machine Catalogs是一组虚拟机或者物理机的集合，你可以管理它就像个简单的实体机。这些机器，以及在这台机器上的应用程序和虚拟桌面，都是你提供给用户的资源。在目录中的所有的机器有相同的OS和已安装相同的VDA。它们也有一样的应用程序或者虚拟桌面。

通常地，在catalog，你创建了一个主image并使用它去创建完全一样的VMs。对VMs，在catalog中你可以定义供应的方法：Citrix tools (PVS or MCS) or other tools。或者，你可以用你自己的images。在这种情况下，你必须在独立的基础上管理目标设备或者共同地使用第三方软件工具

Valid machine types are:验证机器类型：

Server OS machines: Virtual or physical machines based on a server operating system used for delivering XenApp
published apps, also known as server-based hosted applications, and XenApp published desktops, also known as serverhosted desktops. These machines allow multiple users to connect to them at one time.
Desktop OS machines: Virtual or physical machines based on a desktop operating system used for delivering VDI
desktops (desktops running desktop operating systems that can be fully personalized, depending on the options you
choose), and VM-hosted apps (applications from desktop operating systems) and hosted physical desktops. Only one
user at a time can connect each of these desktops.
Remote PC Access: Enables remote users to access their physical office PCs from any device running Citrix Receiver. The
office PCs are managed through the XenDesktop deployment, and require user devices to be specified in a whitelist.
For more information, see the Create Machine Catalogsarticle.
服务器：虚拟机或者物理机基于服务器OS用来分发XenApp的app（就是应用虚拟化），并且XenApp也发布桌面。。。

桌面系统：VDI

远程PC连接：

Delivery Groups分发组
Delivery Groups specify which users can access which applications and/or desktops on which machines. Delivery Groups
contain machines from your Machine Catalogs, and Active Directory users who have access to your Site. It often makes
sense to assign users to your Delivery Groups by their Active Directory group because both Active Directory groups and
Delivery Groups are ways of grouping users with similar requirements.

分发组定义用户可以来连接到哪个机器上的桌面或者应用程序。分发组包含来自你Machine Catalogs的所有机器和连接上你的Site的AD域用户。它一般通过他们的AD域组分配用户到你的分发组，因为AD域组和分发组都是把用户编组。

Each Delivery Group can contain machines from more than one Machine Catalog, and each catalog can contribute
machines to more than one Delivery Group, but each individual machine can only belong to one Delivery Group at a time.
You define which resources users in the Delivery Group can access. For example, if you want to deliver different applications
to different users, one way to do this is to install all the applications you want to deliver on the master image for one
Machine Catalog and create enough machines in that catalog to distribute among several Delivery Groups. Then you
configure each Delivery Group to deliver a different subset of the applications installed on the machines.
For more information, see the Create Delivery Groupsarticle.

每个分发组可以包含多个Machine Catalog的机器，并且每个catalog可以贡献机器到多个分发组，但是每个独立的机器在同一时间仅仅可以属于某个分发组。

你要定义在分发组里头的用户可以连接哪个资源。例如，如果你想要分发不同的应用程序到不同用户，一种方式是安装你要的应用程序在主image到一个Machine Catalog 并在catalog创建足够多的机器去分发到各自的分发组。然后你配置每个分发组去分发不同的安装在机器上的不同应用程序的子集。

Application Groups应用程序组
Application Groups provide application management and resource control advantages over using more Delivery Groups.
Using the tag restriction feature, you can use your existing machines for more than one publishing task, saving the costs
associated with deployment and managing additional machines. A tag restriction can be thought of as subdividing (or
partitioning) the machines in a Delivery Group. Application Groups can also be helpful when isolating and troubleshooting a
subset of machines in a Delivery Group.

应用程序组在更多的分发组上边提供了应用程序管理和资源控制的优点。使用这个tag 限定特性，你可以使用已存在的机器有更多的分配到的任务，节省相关部署方面和管理额外机器产生的花销。tag 限定可以视作为在分发组里头的机器的进一步细分。应用程序组在隔离和排错方面也是很有帮助的。

For more information, see theCreate Application Groups article.

Active Directory（不译）
May 22, 2017
Active Directory is required for authentication and authorization. The Kerberos infrastructure in Active Directory is used to
guarantee the authenticity and confidentiality of communications with the Delivery Controllers. For information about
Kerberos, see the Microsoft documentation.
The System requirements article lists the supported functional levels for the forest and domain. To use Policy Modeling, the
domain controller must be running on Windows Server 2003 to Windows Server 2012 R2; this does not affect the domain
functional level.
This product supports:
Deployments in which the user accounts and computer accounts exist in domains in a single Active Directory forest. User
and computer accounts can exist in arbitrary domains within a single forest. All domain functional levels and forest
functional levels are supported in this type of deployment.
Deployments in which user accounts exist in an Active Directory forest that is different from the Active Directory forest
containing the computer accounts of the controllers and virtual desktops. In this type of deployment, the domains
containing the Controller and virtual desktop computer accounts must trust the domains containing user accounts.
Forest trusts or external trusts can be used. All domain functional levels and forest functional levels are supported in this
type of deployment.
Deployments in which the computer accounts for Controllers exist in an Active Directory forest that is different from
one or more additional Active Directory forests that contain the computer accounts of the virtual desktops. In this type
of deployment a bi-directional trust must exist between the domains containing the Controller computer accounts and
all domains containing the virtual desktop computer accounts. In this type of deployment, all domains containing
Controller or virtual desktop computer accounts must be at "Windows 2000 native" functional level or higher. All forest
functional levels are supported.
Writable domain controllers. Read-only domain controllers are not supported.
Optionally, Virtual Delivery Agents (VDAs) can use information published in Active Directory to determine which Controllers
they can register with (discovery). This method is supported primarily for backward compatibility, and is available only if the
VDAs are in the same Active Directory forest as the Controllers. For information about this discovery method see the
Delivery Controllers article and CTX118976.
Tip: Do not change the computer name or the domain membership of a Controller after the Site is configured.
Deploy in a multiple Active Directory forest environment
Note: This information applies to minimum version XenDesktop 7.1 and XenApp 7.5. It does not apply to earlier versions of
XenDesktop or XenApp.
In an Active Directory environment with multiple forests, if one-way or two-way trusts are in place you can use DNS
forwarders for name lookup and registration. To allow the appropriate Active Directory users to create computer accounts,
use the Delegation of Control wizard. Refer to Microsoft documentation for more information about this wizard.
No reverse DNS zones are necessary in the DNS infrastructure if appropriate DNS forwarders are in place between forests.
The SupportMultipleForest key is necessary if the VDA and Controller are in separate forests, regardless of whether the
Active Directory and NetBios names are different. The SupportMultipleForest key is only necessary on the VDA. Use the
following information to add the registry key:
https://docs.citrix.com © 1999-2017 Citrix Systems, Inc. All rights reserved. p.51
Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall your operating system.
Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor
at your own risk. Be sure to back up the registry before you edit it.
HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\SupportMultipleForest
Name: SupportMultipleForest
Type: REG_DWORD
Data: 0x00000001 (1)
You might need reverse DNS configuration if your DNS namespace is different than that of Active Directory.
If external trusts are in place during setup, the ListOfSIDs registry key is required. The ListOfSIDs registry key is also
necessary if the Active Directory FQDN is different than the DNS FQDN or if the domain containing the Domain Controller
has a different Netbios name than the Active Directory FQDN. To add the registry key, use the following information:
For a 32-bit or 64-bit VDA, locate the registry key
HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfSIDs
Name: ListOfSIDs
Type: REG_SZ
Data: Security Identifier (SID) of the Controllers
When external trusts are in place, make the following changes on the VDA:
1. Locate the file <ProgramFiles>\Citrix\Virtual Desktop Agent\brokeragentconfig.exe.config.
2. Make a backup copy of the file.
3. Open the file in a text editing program such as Notepad.
4. Locate the text allowNtlm="false" and change the text to allowNtlm="true".
5. Save the file.
After adding the ListOfSIDs registry key and editing the brokeragent.exe.config file, restart the Citrix Desktop Service to
apply the changes.
The following table lists the supported trust types:
Trust type TransitivityDirection Supported in this releaseParent and childTransitiveTwo-wayYesTree-rootTransitiveTwo-wayYesExternalNontransitiveOne-way or two-wayYesForestTransitiveOne-way or two-wayYesShortcutTransitiveOne-way or two-wayYesRealmTransitive or nontransitiveOne-way or two-wayNo
For more information about complex Active Directory environments, seeCTX134971

Databases数据库
May 22, 2017
A XenApp or XenDesktop Site uses three SQL Server databases:三种SQL Server数据库
Site: (also known as Site Configuration) stores the running Site configuration, plus the current session state and
connection information.
Configuration Logging: (also known as Logging) stores information about Site configuration changes and
administrative activities. This database is used when the Configuring Logging feature is enabled (default = enabled).
Monitoring: stores data used by Director, such as session and connection information.
Each Delivery Controller communicates with the Site database; Windows authentication is required between the Controller
and the databases. A Controller can be unplugged or turned off without affecting other Controllers in the Site. This means,
however, that the Site database forms a single point of failure. If the database server fails, existing connections continue
to function until a user either logs off or disconnects. New connections cannot be established if the database server is
unavailable, except in certain cases when connection leasing is configured.
Citrix recommends that you back up the databases regularly so that you can restore from the backup if the database
server fails. The backup strategy for each database may differ. For instructions, seeCTX135207.
If your Site contains more than one zone, the Site database should always be in the primary zone. Controllers in every zone
communicate with that database.

High availability高可用
There are several high availability solutions to consider for ensuring automatic failover:
AlwaysOn Availability Groups: This enterprise-level high availability and disaster recovery solution introduced in SQL
Server 2012 enables you to maximize availability for one or more databases. AlwaysOn Availability Groups requires that
the SQL Server instances reside on Windows Server Failover Clustering (WSFC) nodes. For more information, see
http://msdn.microsoft.com/en-us/library/hh510230.
SQL Server database mirroring: Mirroring the database ensures that, should you lose the active database server, an
automatic failover process happens in a matter of seconds, so that users are generally unaffected. This method is more
expensive than other solutions because full SQL Server licenses are required on each database server; you cannot use
SQL Server Express edition in a mirrored environment.
SQL clustering: The Microsoft SQL clustering technology can be used to automatically allow one server to take over
the tasks and responsibilities of another server that has failed. However, setting up this solution is more complicated, and
the automatic failover process is typically slower than alternatives such as SQL mirroring.
Using the hypervisor's high availability features:With this method, you deploy the database as a virtual machine
and use your hypervisor's high availability features. This solution is less expensive than mirroring because it uses your
existing hypervisor software and you can also use SQL Server Express edition. However, the automatic failover process is
slower, as it can take time for a new machine to start for the database, which may interrupt the service to users.
Note: Installing a Controller on a node in an SQL clustering or SQL mirroring installation is not supported.
The Local Host Cache feature supplements the SQL Server high availability best practices by enabling users to connect and
reconnect to applications and desktops even when the Site database is not available. For more information, see theLocal
https://docs.citrix.com © 1999-2017 Citrix Systems, Inc. All rights reserved. p.53
Host Cache article.
If all Controllers in a Site fail, you can configure the VDAs to operate in high availability mode so that users can continue to
access and use their desktops and applications. In high availability mode, the VDA accepts direct ICA connections from
users, rather than connections brokered by the Controller. This feature should be used only on the rare occasion when
communication with all Controllers fails; it is not an alternative to other high availability solutions. For more information, see
CTX 127564.


Install database software安装数据库软件
By default, SQL Server Express edition is installed when you install the first Delivery Controller if another SQL Server instance
is not detected on that server. That default action is generally sufficient for proof of concept or pilot deployments;
however, SQL Server Express does not support Microsoft high availability features.

一般，如果其他SQL Server 实例没被检测到，SQL Server Express版本当你安装第一个分发控制器就被安装。这默认的动作一般都是足以提供给实验性的环境；但是SQL Server Express不支持微软高可用的特性。

The default installation uses the default Windows service accounts and permissions. See the Microsoft documentation for
details of these defaults, including the addition of Windows service accounts to the sysadmin role. The Controller uses the
Network Service account in this configuration. The Controller does not require any additional SQL Server roles or
permissions.

默认的安装使用的是默认的Windows service 用户和权限。包括Windows service账户的添加到系统管理员角色。在配置过程中，Controller使用Network Service账户。Controller不需要任何额外的SQL Server 角色或者权限。

If required, you can selectHide instance for the database instance. When configuring the address of the database in
Studio, enter the instance's static port number, rather than its name. See the Microsoft documentation for details about
hiding an instance of SQL Server Database Engine.

如果有需要，你可以选择Hide实例给数据库实例。当在Studio中配置数据库的地址时候，输入实例静态的端口号而不是它的名称。

Most production deployments, and any deployment that uses Microsoft high availability features, should use supported
non-Express editions of SQL Server installed on machines other than the server where the first Controller is installed. The
System requirements article lists the supported SQL Server versions. The databases can reside on one or more machines.
Ensure the SQL Server software is installed before creating a Site. You don't have to create the database, but if you do, it
must be empty. Configuring Microsoft high availability technologies is also recommended.
Use Windows Update to keep SQL Server up-to-date.
很多生产环境的部署和任何部署使用了微软高可用特性，我们应该去安装非Express版本的SQL Server在机器上，这不同于第一个Controller安装在server上。系统要求文字列出可支持的SQL Server版本。这个数据库可以坐落在一个或者多个机器上。确保在创建一个Site之前安装了SQL Server软件。你不是非得创建这个数据，但是如果你做了，你必须留空。微软高可用技术是推荐配置的。

打开Windows的更新去保持SQL Server最新

Set up the databases from the Site creation wizard

从Site的创建向导设置数据库

Specify the database names and addresses (location) on theDatabases page in the Site creation wizard; see Database
address formats below. To avoid potential errors when Director queries the Monitor Service, do not use whitespace in the
name of the Monitoring database.

在数据库界面定义数据的名称和地址；参阅接下来的数据库地址格式。为了避免当Director执行Monitor Service发生潜在的错误，不要使用空格键作为命名。

TheDatabases page offers two options for setting up the databases: automatic and using scripts. Generally, you can use
the automatic option if you (the Studio user and Citrix administrator) have the required database privileges; see Permissions
required to set up databases below.
You can change the location of a database later, after you create the Site; see Change database locations below.
To configure a Site to use a mirror database, complete the following and then proceed with the automatic or scripted
setup procedures.
1. Install the SQL Server software on two servers, A and B.
2. On Server A, create the database intended to be used as the principal. Back up the database on Server A and then copy
it to server B.
3. On Server B, restore the backup file.
4. Start mirroring on server A.
Tip: To verify mirroring after creating the Site, run the PowerShell cmdletget-configdbconnection to ensure that the
Failover Partner has been set in the connection string to the mirror.
If you later add, move, or remove a Delivery Controller in a mirrored database environment, see the Delivery Controllers
article.
Automatic setup
If you have the required database privileges, select the "Create and set up databases from Studio" option on the
Databases page of the Site creation wizard, and then provide the names and addresses of the principal databases.
If a database exists at an address you specify, it must be empty. If databases don't exist at a specified address, you are
informed that a database cannot be found, and then asked if you want the database to be created for you. When you
confirm that action, Studio automatically creates the databases, and then applies the initialization scripts for the principal
and replica databases.
Scripted setup脚本设置
If you do not have the required database privileges, someone with those permissions must help, such as a database
administrator. Here's the sequence:
1. In the Site creation wizard, select the Generate scriptsoption. This action generates six scripts: two for each of the
three databases (one for each principal database and another for each replica). You can indicate where to store the
scripts.
2. Give those scripts to your database administrator. The Site creation wizard stops automatically at this point; you'll be
prompted when you return later to continue the Site creation.
The database administrator then creates the databases. Each database should have the following characteristics:
Use a collation that ends with "_CI_AS_KS". Citrix recommends using a collation that ends with "_100_CI_AS_KS".
For optimum performance, enable the SQL Server Read-Committed Snapshot. For details, seeCTX 137161.
High availability features should be configured, if desired.
To configure mirroring, first set the database to use the full recovery model (simple model is the default). Back up the
principal database to a file and copy it to the mirror server. On the mirror database, restore the backup file to the mirror
server. Then, start mirroring on the principal server.
The database administrator uses the SQLCMD command-line utility or SQL Server Management Studio in SQLCMD mode
to run each of the xxx_Replica.sql scripts on the high availability SQL Server database instances (if high availability is
configured), and then run each of the xxx_Principal.sql scripts on the principal SQL Server database instances. See the
Microsoft documentation for SQLCMD details.
When all the scripts complete successfully, the database administrator gives the Citrix administrator the three principal
database addresses.
In Studio, you are prompted to continue the Site creation, and are returned to theDatabases page. Enter the addresses. If
any of the servers hosting a database cannot be contacted, an error message is displayed.

Permissions required to set up databases
You must be a local administrator and a domain user to create and initialize the databases (or change the database
location). You must also have certain SQL Server permissions. The following permissions can be explicitly configured or
acquired by Active Directory group membership. If your Studio user credentials do not include these permissions, you are
prompted for SQL Server user credentials.
Operation Purpose Server role Database roleCreate a databaseCreate a suitable empty databasedbcreatorCreate a schema Create all service-specific schemas and add the
first Controller to the Sitesecurityadmin * db_ownerAdd a Controller Add a Controller (other than the first) to the
Sitesecurityadmin * db_ownerAdd a Controller (mirror
server)Add a Controller login to the database server
currently in the mirror role of a mirrored
databasesecurityadmin *Update a schema Apply schema updates or hotfixesdb_owner
* While technically more restrictive, in practice, the securityadmin server role should be treated as equivalent to the
sysadmin server role.
When using Studio to perform these operations, the user account must be a member of the sysadmin server role.
Database address formats
You can specify a database address in one of the following forms:
ServerName
ServerName\InstanceName
ServerName,PortNumber
For an AlwaysOn Availability Group, specify the group's listener in the location field.
Change database locations
After you create a Site, you can change the location of the databases. When you change the location of a database:
https://docs.citrix.com © 1999-2017 Citrix Systems, Inc. All rights reserved. p.56
The data in the previous database is not imported to the new database.
Logs cannot be aggregated from both databases when retrieving logs.
The first log entry in the new database indicates that a database change occurred, but it does not identify the previous
database.
You cannot change the location of the Configuration Logging database when mandatory logging is enabled.
To change the location of a database:
1. Ensure a supported version of Microsoft SQL Server is installed on the server where you want the database to reside.
Set up high availability features as needed.
2. Select Configuration in the Studio navigation pane.
3. Select the database for which you want to specify a new location and then selectChange Database in the Actions
pane.
4. Specify the new location and the database name.
5. If you want Studio to create the database and you have the appropriate permissions, clickOK. When prompted, clickOK,
and then Studio creates the database automatically. Studio attempts to access the database using your credentials; if
that fails, you are prompted for the database user's credentials. Studio then uploads the database schema to the
database. The credentials are retained only for the database creation time frame.
6. If you do not want Studio to create the database, or you do not have sufficient permissions, clickGenerate script. The
generated scripts include instructions for manually creating the database and a mirror database, if needed. Before
uploading the schema, ensure that the database is empty and that at least one user has permission to access and
change the database.
For more information
Articles in the Advanced Conceptssection contain the most technical and in-depth articles from across the Citrix teams. For
example:
The Design collection contains an article about a database sizing tool.
The Implementation and Configuration collections contains guidance for sizing the Site databaseand configuring
connection strings when using SQL Server high availability solutions.

Delivery methods 分发的方法
May 22, 2017
It’s challenging to meet the needs of every user with one virtualization deployment. XenApp and XenDesktop allow
administrators to customize the user experience with a variety of methods sometimes referred to as FlexCast models.
This collection of delivery methods — each with its own advantages and disadvantages — provide the best user experience
in any use-case scenario.

在一个虚拟化部署中，很难迎合每个用户的需求。XenApp and XenDesktop允许管理员通过大量的方法去自定义用户体验

分发方法的集合--有利有弊--提供最佳的用户体验

Mobilize Windows applications on mobile devices在手机设备调动窗口应用程序
Touch-screen devices, such as tablets and smartphones, are now standard in mobility. These devices can cause problems
when running Windows-based applications that typically utilize full-size screens and rely on right-click inputs for full
functionality.

触摸屏设备，例如平板和智能手机，都是很标准的。当在运行基于窗口的应用程序时候，这些设备会导致一些问题：全屏问题，右击问题

XenApp with Citrix Receiver offers a secure solution that allows mobile-device users access to all the functionality in their
Windows-based apps without the cost of rewriting those apps for native mobile platforms.

带有思杰接收器的XenApp提供了一个安全解决方案，允许手机设备用户连接到所有它们基于窗口的APP，而且不用他们在手机平台上再改写一些动作。

The XenApp published apps delivery method utilizes HDX Mobile technology that solves the problems associated with
mobilizing Windows applications. This method allows Windows applications to be refactored for a touch experience while
maintaining features such as multitouch gestures, native menu controls, camera, and GPS functions. Many touch features
are available natively in XenApp and XenDesktop and do not require any application source code changes to activate.

XenApp发布apps 的发布方法 优化了HDX手机技术，解决了关于调动窗口的应用程序的问题。当在保持特性例如多点手势，本地菜单控制，摄像头，GPS功能，这个方法为了触摸体验允许窗口应用程序被重构。在XenApp and XenDesktop 中，许多触摸特性是可以用的并且不需要任何应用程序源码改动。

These features include:
Automatic display of the keyboard when an editable field has the focus
Larger picker control to replace Windows combo box control
Multitouch gestures, such as pinch and zoom
Inertia-sensed scrolling
Touchpad or direct-cursor navigation
Reduce PC refresh costs
Upgrading physical machines is a daunting task many businesses face every three to five years, especially if the business
needs to maintain the most up-to-date operating systems and applications. Growing businesses also face daunting
overhead costs of adding new machines to their network.
The VDI Personal vDisk delivery method provides fully personalized desktop operating systems to single users on any
machine or thin client using server resources. Administrators can create virtual machines whose resources — such as
processing, memory, and storage — are stored in the network’s data center.
This can extend the life of older machines, keep software up to date, and minimize downtime during upgrades.
Secure access to virtual apps and desktops for contractors and partners
Network security is an ever-growing problem, especially when working with contractors, partners, and other third-party
contingent workers who need access to a company’s apps and data. The workers may also need loaner laptops or other
devices, which cause additional cost concerns.
Data, applications, and desktops are stored behind the firewall of the secure network with XenDesktop and XenApp, so the
only thing the end user transmits is user-device inputs and outputs, such as keystrokes, mouse clicks, audio, and screen

updates. By maintaining these resources in a data center, XenDesktop and XenApp offer a more secure remote access
solution than using the typical SSL VPN.
With a VDI with Personal vDisk deployment, administrators can utilize thin clients or users’ personal devices by creating a
virtual machine on a network server and providing a single-user desktop operating system. This allows IT to maintain
security with third-party workers without the need of purchasing expensive equipment.
Accelerate Migration
When switching to a new operating system, IT can face the challenge of delivering legacy and incompatible applications.
With virtual-machine-hosted apps, users can run older applications through Citrix Receiver on the upgraded virtual machine
without any compatibility issues. This allows IT additional time to resolve and test application compatibility issues, ease
users into the transition, and make help desk calls more efficient.
Additional benefit for using XenDesktop during migration include:
Reducing complexity for desktops
Improving IT’s control
Enhancing end-user flexibility in terms of device usage and workspace location
Enable designers and engineers by virtualizing professional 3-D graphics apps
Many design firms and manufacturing companies rely heavily on professional 3-D graphics applications. These companies
face financial strain from the costs of powerful hardware to support this type of software and also logistic problems that
come with the sharing of large design files via FTP, email, and similar ad hoc methods.
XenDesktop’s hosted physical desktop delivery method provides a single desktop image to workstations and blade servers
without the need of hypervisors to run graphic-intensive 3-D applications on a native operating system.
All files are saved in a central data center within the network, so sharing large design files to other users in the network is
faster and more secure because the files are not being transferred from one workstation to another.
Transform call centers
Businesses that need large-scale call centers face the difficult challenge of maintaining adequate staffing for peak periods
while not overprovisioning machines during less busy hours.
The Pooled VDI delivery method provides multiple users access to a standardized desktop dynamically at a minimal cost
when provisioning a large number of users. The pooled machines are allocated on a per-session, first-come, first-served
basis.
There is less day-to-day management of these virtual machines because any change made during the session is discarded
when the user logs off. This also increases security.
The XenApp hosted desktops delivery method is another viable option for transforming call centers. This method hosts
multiple user desktops on a single server-based operating system.
This is a more cost-efficient method than Pooled VDI, but with XenApp hosted desktops, users are restricted from installing
applications, changing system settings, and restarting the server.
XenApp published apps and desktops
May 22, 2017
Use server OS machines to deliver XenApp published apps and published desktops.
Use case
You want inexpensive server-based delivery to minimize the cost of delivering applications to a large number of users,
while providing a secure, high-definition user experience.
Your users perform well-defined tasks and do not require personalization or offline access to applications. Users may
include task workers such as call center operators and retail workers, or users that share workstations.
Application types: any application.
Benefits and considerations
Manageable and scalable solution within your datacenter.
Most cost effective application delivery solution.
Hosted applications are managed centrally and users cannot modify the application, providing a user experience that is
consistent, safe, and reliable.
Users must be online to access their applications.
User experience
User requests one or more applications from StoreFront, their Start menu, or a URL you provide to them.
Applications are delivered virtually and display seamlessly in high definition on user devices.
Depending on profile settings, user changes are saved when the user's application session ends. Otherwise, the changes
are deleted.
Process, host , and deliver applications
Application processing takes place on hosting machines, rather than on the user devices. The hosting machine can be a
physical or a virtual machine.
Applications and desktops reside on a server OS machine.
Machines become available through Machine Catalogs.
Machines from Machine Catalogs are organized into Delivery Groups that deliver the same set of applications to groups
of users.
Server OS machines support Delivery Groups that host either desktops or applications, or both.
Session management and assignment
Server OS machines run multiple sessions from a single machine to deliver multiple applications and desktops to multiple,
simultaneously connected users. Each user requires a single session from which they can run all their hosted applications.
For example, a user logs on and requests an application. One session on that machine becomes unavailable to other
users. A second user logs on and requests an application which that machine hosts. A second session on the same
machine is now unavailable. If both users request additional applications, no additional sessions are required because a
user can run multiple application using the same session. If two more users log on and request desktops, and two
sessions are available on that same machine, that single machine is now using four sessions to host four different
users.
https://docs.citrix.com © 1999-2017 Citrix Systems, Inc. All rights reserved. p.60
Within the Delivery Group to which a user is assigned, a machine on the least loaded server is selected. A machine with
session availability is randomly assigned to deliver applications to a user when that user logs on.
To deliver XenApp published apps and desktops:
1. Install the applications you want to deliver on a master image running a supported Windows server OS.
2. Create a Machine Catalog for this master image or update an existing catalog with the master image.
3. Create a Delivery Group to deliver the applications and desktops to users. If you are delivering applications, select those
you want to deliver.
See the installation and configuration articles for details
VM hosted apps
May 22, 2017
Use Desktop OS machines to deliver VM hosted applications
Use Case
You want a client-based application delivery solution that is secure, provides centralized management, and supports a
large number of users per host server (or hypervisor), while providing users with applications that display seamlessly in
high-definition.
Your users are internal, external contractors, third-party collaborators, and other provisional team members. Your users
do not require offline access to hosted applications.
Application types: Applications that might not work well with other applications or might interact with the operation
system, such as Microsoft .NET framework. These types of applications are ideal for hosting on virtual machines.
Benefits and considerations
Applications and desktops on the master image are securely managed, hosted, and run on machines within your
datacenter, providing a more cost effective application delivery solution.
On log on, users can be randomly assigned to a machine within a Delivery Group that is configured to host the same
application. You can also statically assign a single machine to deliver an application to a single user each time that user
logs on. Statically assigned machines allow users to install and manage their own applications on the virtual machine.
Running multiple sessions is not supported on desktop OS machines. Therefore, each user consumes a single machine
within a Delivery Group when they log on, and users must be online to access their applications.
This method may increase the amount of server resources for processing applications and increase the amount of
storage for users' personal vDisks.
User experience
The same seamless application experience as hosting shared applications on Server OS machines.
Process, host , and deliver applications
The same as server OS machines except they are virtual desktop OS machines.
Session management and assignment
Desktop OS machines run a single desktop session from a single machine. When accessing applications only, a single user
can use multiple applications (and is not limited to a single application) because the operating system sees each
application as a new session.
Within a Delivery Group, when users log on they can access either a statically assigned machine (each time the user logs
on to the same machine), or a randomly assigned machine that is selected based on session availability.
To deliver VM hosted apps:
1. Install the applications you want to deliver on a master image running a supported Windows desktop OS.
2. Create a Machine Catalog for this master image or update an existing catalog with the master image.
3. When defining the desktop experience for the machine catalog, decide whether you want users to connect to a new
VM each time they log in or connect to the same machine each time they log in.
4. Create a Delivery Group to deliver the application to users.
https://docs.citrix.com © 1999-2017 Citrix Systems, Inc. All rights reserved. p.62
5. From the list of application installed, select the application you want to deliver.
See the installation and configuration articles for details