The basics of FMA - the XenDesktop^? architecture

FMA is the first architecture from Citrix that has been designed for XenDesktop. Citrix has chosen to develop the new FMA version on the Microsoft .Net framework. Also, Citrix played an important role in choosing the relational database for storing the static configuration and the dynamic management information. Citrix FMA is fully based on the Microsoft SQL relational database and its built-in enterprise capabilities. This choice of Microsoft's native application development technologies has become the greatest strength for implementing a flexible and robust FMA. It has also made it easier to automate and integrate them through scripting for tasks, such as automation and reporting.

FMA also supports interoperability and modular management across the various Citrix technologies. FMA is a key player in the Project Avalon roadmap for supporting FlexCast, delivering models with open architecture, and supporting the Cloud infrastructures.

Here, we'll learn about the key features of FMA and discuss all of its components and their inter-workings in detail. We will also define the new concepts and terminologies of FMA.

Concepts and terminologies

The following are the different concepts and terminologies that are used in FMA:

• A delivery site: A delivery site is a top level entity that includes all the components of a XenDesktop deployment in a single geographical location. It serves as an administrative boundary for the XenDesktop deployment. These sites offer applications and desktops to groups of users. In FMA, a domain environment is a prerequisite for deploying a site.
• Host: A host is a server class hardware computer dedicated entirely to running the hypervisor for hosting the virtual machines. These virtual machines are used for hosting applications and desktops in XenDesktop. XenDesktop includes the XenServer hypervisor, and it also supports the other hypervisors, such as Microsoft Hyper-V with SCVMM or VMware vSphere. A host is neither required for providing Remote PC access nor for using PVS instead of MCS.
• A master image: It is a virtual hard disk that is pre-installed and configured with the Windows operating system, applications, the virtual delivery agent, and the other customizations. It is used by the provisioning methods for creating virtual desktops or the applications that need to be delivered to the users. The master image is created and stored on a hypervisor. It is usually joined to the domain and set to use DHCP. A master image can host either the Windows desktop OS or the Server OS with the appropriate VDA software. Depending on the FlexCast model, the user changes (users' environment settings/configuration) made to the desktops are either saved or discarded when the user logs off. It simplifies deploying changes to the desktops or the applications for all the user groups by updating the master image.
• The provisioning method: The provisioning method is a mechanism which automatically creates a specified number of virtual machines on the configured host system's resources from a pre-defined master image. Currently, there are two technologies by Citrix that perform VM provisioning. They are Machine Creation Services (MCS) and Provisioning Services (PVS). PVS is available as a separate technology, while MCS is integrated into FMA. FMA also supports delivering the VMs that are provisioned by alternate means or that are created manually.
• Machine type: It is a specification that brings the flexibility of choosing the different types of machines, which can be delivered to end users. Currently, FMA supports three types of machines, which include the Windows Desktop OS, the Windows Server OS, and the Remote PC Access. This specification represents the FlexCast Technology, which indicates delivering the different types of resources through FMA.
• Machine catalog: The machine catalog is a single manageable entity, which specifies a collection of similar physical or virtual machines. The machines in a catalog have common specifications, including the operating system and the applications along with the VDA installed on them, the naming convention for respective AD computer accounts, the master image, the type of the machine and the provisioning method. Thus, all the machines in a catalog will be identical and they will deliver the same applications or the virtual desktop to the users.
• Delivery group: The delivery group is the entity through which a collection of users, with similar requirements, are given access to a common group of resources through machine catalogs. The delivery group links a collection of AD users to the machines from machine catalogs. A delivery group can deliver the users' applications, desktops, or both.
• Delivery type: The delivery type is a specification of the delivery group. It is similar to what the machine type is for the machine catalog. It specifies the type of resource that is to be delivered to the users. A delivered resource can be one of desktops only, applications only, or desktops & applications.
• Delivering applications: XenDesktop ships the XenApp as one of its core strengths for delivering applications to virtual desktops. Applications that are available on the master image and the applications that are virtualized by using App-V can be delivered to the users. XenDesktop lets you install the desktop applications on the desktop OS and then deliver them. You can also deliver the applications that are installed on a server OS similar to the hosted shared desktop model. This extends the scope of FlexCast to delivering the applications as well.
• Delegated administrators: The FMA features a very fine grained control in designing the administrative access needed for the various roles across enterprise IT departments. It comes with a set of pre-defined roles, which can be used for providing respective access. Using the custom role, you can define what permissions that role should hold on certain objects by specifying a scope.
• Policies: Policies let you centrally and automatically manage the settings and the configurations of the XenDesktop resources. They form a large part of the operational management of the XenDesktop environments as the settings and configurations need to be updated. Citrix has integrated its policies with the Windows group policies technology. You can manage XenDesktop policies from both XenDesktop as well as Windows group policies.
• Configuration logging: This is yet another enterprise feature that lets the administrators track the changes made to the XenDesktop configuration. By default, its data is logged into the site database and it can be configured such that it uses a separate database at any time.

The components of FMA

FMA includes various technologies that have been developed as well as acquired or merged by Citrix. The technologies involved in accomplishing its respective tasks are combined together to form a component in FMA. The FMA components are conveniently classified into two modes:

• Based on essence: They are classified into the core and the additional components. In this section, we will see all the components that fall in this classification.
• Based on the administration scope: They are classified into the server side components and the client side components. In this classification, all the components except the receiver fall under the server side components.

Core components

The following is a quick description of the FMA core components:

• Delivery controller: It is the server that centrally manages the XenDesktop site. The delivery controller communicates with the database and runs several services that manage the hypervisor resources, the user authentication and access, the broker between the user requests and their virtual desktops and applications, monitoring, and the shutting down of virtual desktops when needed, and so on. At least one delivery controller is installed on a site.
• Database: It is a Microsoft SQL server that stores the static configuration and the ever -changing data of the site components status. This database can be accessed by the controller and all the services that make up the controller. There needs to be at least one database in a site that is accessible by the controller.
• Studio: It is the management console that is made available for the XenDesktop administrators for configuring and managing the sites. It's a consolidated console that provides the features required for the administration of the desktops and the application deliveries. The Studio is typically installed on the delivery controller servers. Using Studio, you can manage your hosts, track your licenses, create and assign the resources to the user's groups, configure the policies, manage the user's sessions, and so on.
• License server: It stores the licenses of all of the Citrix products and allocates the licenses to each user's session requests from the controller. At least, one license server is needed for storing and managing the licenses. It consumes relatively less computing resources.
• Hypervisor: It has been defined in the previous section. It is referred to as the host.
• Machine Creation Services: It is one of the VM provisioning technologies. MCS includes a collection of services which automatically creates virtual machines (either servers or desktops) from a master image on demand. MCS uses the snapshot copying for creating new VMs as clones. MCS is a newly built technology by Citrix. It was introduced along with FMA and it is fully integrated and administered through Studio.
• Virtual Delivery Agent: The VDA is installed on each physical or virtual machine on the site that you want to make available to the users. VDAs are available for the Windows desktop OS and the Windows server OS. The VDA for the Server OS is designed from scratch for dynamic provisioning with MCS and PVS. It has a smaller footprint as it consists of the components that are needed for delivering the hosting sessions. It has been made such that it is multi-user aware, unlike the desktop OS systems that are single-user aware. It communicates only with the delivery controllers, and it does not need to access the site's database or the license server directly. It enables the machine to register with the controller, which in turn, allows the machine and the resources it is hosting to be made available to the users. The VDAs establish and manage the connection between the machine and the user's device, verify the license file with the controller, and apply whatever policies have been configured to the session. The VDA communicates the session information to the broker service in the controller through the broker agent included in the VDA. XenApp and XenDesktop include VDAs for the Windows server and the desktop OS. VDAs for the Windows server operating systems let multiple users connect to the server simultaneously. VDAs for the Windows desktops let only one user connect to the desktop at a time.
• StoreFront: It is an IIS web application that lets you create stores of desktops and applications that the users can access over the web. It handles user authentication to the delivery site hosting the resources and communicates with delivery controller to route the user requests. The users can access their applications, desktops, or any other allocated resources at the Site. It provides the self-service access to the users for all the resources that are made available by the administrator for them.
• Director and EdgeSight: Director is a web-based portal that lets the support/helpdesk teams access the real-time status update information from the delivery agents, which helps in troubleshooting the issues proactively. Director includes the Citrix monitoring software called EdgeSight, which forms an integral component. The integrated EdgeSight features include performance management for health and capacity assurance, and historical trending and network analysis. The EdgeSight features in Director are currently limited to the Platinum license of XenDesktop. Director brings up-to-date real time data from the agents and historical data from the site's database. It features more detailed network level debugging information from the HDX insight from NetScaler. The NetScaler HDX insight feature is available only to the Enterprise or Platinum license users of NetScaler 10.1 and above. By default, Director is installed as a web site on the delivery controller. Helpdesk and support teams can access the Director website by using the supported browsers on their desktop systems. It can connect to and monitor multiple XenDesktop sites. It lets you view and interact with the user sessions for providing remote support.
• Receiver: It is the only client side component of FMA and is installed on user devices. The usable features of a receiver depends on the OS the receiver is installed on. Using a receiver on supported Windows desktop systems, users can access the complete features of the XenDesktop resources and their integration with the client device. Users can access their assigned applications, desktops, Remote PCs, web sites, and any other resources. Receiver software is a universal client built for virtually any device including desktops, smart phones, tablets and so on. For devices that can't install a receiver, a new receiver for HTML5 provides connection through HTML5-compatible web browsers.

Additional components

The following is a quick description of the FMA additional components:

• Citrix AppDNA: It is an optional component, which can be integrated with XenDesktop for automated application migration. AppDNA analyzes the application portfolio in terms of criteria, such as the determination of conflicts, compatibility, and then it provides remediation steps. AppDNA analyzes the application portfolio for the accurate determination of conflicts, compatibility, and remediation steps. It's currently only available for the XenDesktop Platinum edition users.
• Provisioning Services: PVS is an independent solution acquired by Citrix. Before FMA, PVS was used for provisioning the VMs on-demand and it is still supported by FMA. It can be integrated with both the XenApp and the XenDesktop technologies. Provisioning services employs streaming of the master image to the user device and it can be run on hard disk-less devices as well. In addition to provisioning the VMs on the hypervisors, it can also be used for streaming OS to the physical machines. When PVS is used as a provisioning method, the delivery controller communicates with PVS for the VM provisioning.
• NetScaler Gateway: It is a networking device to let the users access the resources from the external world, which is outside of your corporate intranet firewall. NetScaler can help in securing the external connections through SSL. It's available as a physical appliance and as a virtual appliance (VPX). It's usually deployed in DMZ to provide a secure access through the firewall. It requires a separate license from Citrix.
• Citrix CloudBridge: It is an acceleration solution used for delivering optimized virtual desktop performance to the users in remote/branch offices over WAN, so that they experience LAN-like performance. It was formerly called Citrix Branch Repeater or WANScaler. CloudBridge intelligently prioritizes the virtual channels of the different parts of the user experience. It's available as a physical appliance as well as a virtual appliance. The XenDesktop Platinum license includes the VPX version of CloudBridge.

A pictorial representation of the XenDesktop FMA components is shown here:

The features of FMA

The following is a detailed explanation of the features of FMA:

• Business driven enterprise capabilities: We have already covered these at the beginning of this chapter, under the Key Features of XenDesktop architecture for businesses section.
• Intuitive user experience: It instantly delivers fresh desktops to the users with their personal settings and applications on any device. The integrated application delivery ensures the availability of the business and the productivity applications to the users at anytime. A user profile layer ensures retaining the user preferences and applies them to virtual desktops and to the applications every time. This makes the experience consistent and seamless for the users across any device.
• The HDX performance and the multimedia support: The Citrix HDX technology intelligently calculates and optimizes the virtual channels according to the network changes at runtime. This best optimizes the display and boosts the performance of the overall sessions delivered to the users over any network, including the low-bandwidth and the high-latency WAN connections. The HDX leverages the server-side compute resources and thus, delivers a high multimedia performance to end users, regardless of the capabilities of their device. The HDX bundles many technologies that deliver a high definition experience and the local peripheral support over the high latency and the low bandwidth networks. It includes technologies such as the HDX MediaStream, the HDX Flash Redirection, the HDX Plug-n-Play Multi-Monitor, the HDX Plug-n-Play USB Support, and so on. It enhances the multimedia experience, which is richer than that of the local device performance. Users can reconnect to their disconnected virtual desktops and resume working across the devices.
• The integrated on-demand applications by XenApp: With the unified architecture, XenDesktop now, by default, supports the publishing of the applications that are available on the master image. Furthermore, the built-in integration of the XenApp capabilities for delivering the virtual applications on-demand makes it possible to separate the applications from the virtual desktop layer. This separation of the applications from the virtual desktop increases the virtual desktop's density and provides it with greater flexibility in the deployment and management of applications to the virtual desktops.
• The FlexCast delivery options: With FMA, it not only supports the virtual desktop delivery, but it also supports delivering the other resources access, such as the virtual applications, and the Remote PC access. It has been designed for supporting the flexibility of managing the desktops, the applications, the user profiles, the user data, and so on.
• Open architecture: The FMA supports integration with the various on-premise hypervisor hosts as well as with the Cloud computer resources. It is not restricted to specific hypervisor software, but rather it supports all the leading hypervisors, including Citrix XenServer, the Windows Server 2008 Hyper-V with SCVMM, and the VMware vSphere. This lets businesses to either leverage their existing investments on on-premise hypervisors or cloudify their deployment by using the public Cloud providers. It also supports building on the hybrid resources that include both on-premise as well as Cloud resources. This lets your deployment easily scale out or scale in by just adding more host resources to support the additional user load.
• The simplified desktop image management: Use of the master desktop image in the data center makes it possible to instantly deliver up-to-date fully configured desktops to the users. The application deployments, patch management, and maintenance efforts are drastically reduced as it involves making changes only to the master image, and then updating the virtual desktops to pick up on those changes. This drastically reduces the desktop support and storage costs, by almost 90 percent.
• Integrated provisioning: The FMA includes MCS as the integrated provisioning method, which simplifies and makes XenDesktop implementation drastically faster. This lets enterprises not to worry about setting up and integrating PVS if they don't already have it. MCS in FMA is available out-of-the-box without needing any additional setup. Using MCS also reduces troubleshooting and support issues.
• Controlled and secured data access: FMA lets you configure the centralized control policies and it tightly integrates with Active Directory for user authentication. By default, the FMA network protocol, ICA, securely delivers the virtual desktop through only screen updates, mouse clicks, and key strokes over the network to the authorized users. The high performance standard encryption is used for delivering the desktops by using the SSL integration, for the users using the internal and external networks. Multi-factor authentication is also supported through the smart card integrations.
• Simplified upgrade and maintenance of the controller servers: FMA with its worker and agent model, supports the co-existence of the different versions of the XenApp and the XenDesktop controller servers within the same site. This has been a great benefit for the enterprises in working with their Windows server platforms and the XenDesktop product updates. This has been made possible with the delivery agent developed consisting of only the broker agent components.
• SDK for easy integration: As FMA is developed completely in .Net, it exposes the interfaces (API) for automation and the extension of the overall solution. This reduces the development efforts of building the products around the FMA XenDesktop and the XenApp technologies. Along with .Net interaction, Citrix has made a PowerShell SDK for the IT administrative tasks automation. This helps in improving the monitoring and the automation of the manual tasks.
• Lower total cost of the ownership: FMA with FlexCast delivery and support for MCS and PVS provisioning technologies drastically reduces the overall cost of the entire desktop lifecycle management. It lowers the device/hardware maintenance, power/energy consumption, cooling requirements, software maintenance, storage requirements, migrations to newer operating systems, and so on. It also reduces the overall IT staff and it ensures high availability of the business applications for greater productivity.

Terminology change from the IMA to the latest FMA

Here is a quick mapping of the terminology change from the IMA to the latest FMA. This mapping would come in handy for the administrators of the previous versions of XenDesktop, which are based on the IMA. It also enables the IMA-based XenApp administrators in getting familiar with the equivalent terms of the XenDesktop environment: