Moving XenApp/ XenDesktop to Citrix Cloud

Citrix Cloud is variety of services and opportunities for your company to grow and approach your digital workspace in a new way . I can’t possibly cover all aspects of Citrix Cloud but I will give a brief introduction. in this blog I will focus on moving your excising XenApp/ XenDesktop environment to the Citrix Cloud. Why should you do it? And what are some things to keep in mind?

If you carefully look through all marketing and the overload of information available on the internet, Citrix Cloud is basically your Control Layer hosted by Citrix instead of having the components on-premises. With literally a few clicks of a mouse you trade your on-premises Delivery Controllers for Cloud Connectors, point them to the Citrix Cloud and you “migrated your company to the Cloud”. It takes this little effort to be the coolest guy at the company’s 80’s themes beach party barbecue.From a technical point of view moving to Citrix Cloud is as easy as Super Mario Bros. World 1-1 to 1-4 on the NES. But please think ahead and don’t rush it, because the princess is in another castle.


What is Citrix Cloud?

Not often is the meaning of an IT buzzword so much up for debate as “Cloud”. Every vendor and every organization gives a different meaning to the term Cloud Computing. The first thing that comes to mind with the word cloud is a Public Cloud provider such as Microsoft Azure, Amazon Webservice and Google Cloud.
To set the record straight, Citrix Cloud is NOT a public cloud. Citrix Cloud cannot be used as an Infrastructure as a Service (IaaS) or a Platform as a Service (PaaS). Citrix Cloud is a Software as a Service (SaaS) only. Citrix Cloud integrates with any device, any app on any location (any cloud). It doesn’t matter where your data or infrastructure is located (public cloud, private cloud or on-premises). Citrix Cloud can interact with all resources. This makes it highly flexible and prevents a vendor lock-in.


If we talk about technical components, the first step to bring your company to the Citrix Cloud is to build a minimum of two Cloud Connectors and point them to new Delivery Controllers (DDC’s) in the Citrix Cloud. You can phase out your on-premises DDC’s and SQL database. Moving your StoreFont and/or Netscaler appliance to Citrix Cloud is optional. Once you have moved to the Citrix Cloud you manage your entire environment from the cloud. The Citrix Studio and Director are integrated in the cloud as a published MMC console that is accessible through the HTML 5 receiver client. The purple lines in the image above indicate the difference in log-on methods for internal and external users. The image is a simplified view of concerned components.
Citrix Cloud is designed to deliver Citrix services simple, fast and secure so you can be adaptable to changes. Services that are available today are:

  • Workspace Services (Workspaces)
  • XenApp Services (Virtual Apps)
  • XenDesktop Services (Desktops)
  • XenMobile Services (Unified Endpoint Management)
  • ShareFile Services (Content Collaboration)
  • NetScaler Services (GW, ADC, WAF, SD-WAN)
  • Analytics Services (Security Performance)
  • Smart Tools (Health check, autoscaling)

The license required depends on the services you would like to use. You can purchase the whole Citrix Workspace Service suite, but you could also start with only the Secure Browser to safely guide your user to the internet or to control access to third party SaaS applications. You can check the full licensing model here.

Why Citrix Cloud?

The IT-manager will say that you have to go to the cloud. But no, you don’t have to. If there is not a legitimate reason to gain some sort of business advantage, then you don’t have to go anywhere. But Citrix Cloud just might give you those advantages with their hybrid approach to Cloud Computing.

You don’t have to manage the hardware or maintain the software of the components in the cloud. It is a new way of managing your workspace where your main focus is your golden image. Citrix takes care of all updates and deploys updates cloud first. You always run the latest version of software in the cloud. You can choose to be among the first movers when an update is released or to be among the lasts customers to update. Everything will be updated eventually. If an error occurs you will be migrated back to a stable platform until the error is resolved.  The components are high available be default and Global Site Load Balancing (GSLB) is a standard functionality within Citrix Cloud.
Citrix aims at an availability of 99.9% in any 30 day calendar period for Cloud Services.

The connection from and to the cloud is secured. You do not have a VPN connection because all traffic is secured over HTTPS, port 443. Data in transit uses TLS 1.2 with the strongest cipher suites. So you don’t have to worry about security for data-in-transit. Citrix Cloud only holds metadata while the sensitive data remains in the resource location. The cloud connectors on-premises work behind NATs and HTTP proxies and Citrix Cloud does not require a Public IP address.

Citrix Cloud gives you great insides in your Citrix environment with Smart Tools. This toolkit provides more information and control over your workload then you would have on-premises and can even reduce costs.

Smart Tools consists of 4 competent:

  • Smart Build (Deploy and configure environments through blueprints);
  • Smart Scale (Reduce costs of workloads in public clouds);
  • Smart Check (Health checks);
  • Smart Migrate (XenApp 6.x to XenApp and XenDesktop 7.x migration tool);


Citrix Insight Services will eventually disappear and it’s functionality will be taken over by Smart Check. Through Smart Scale you can manage power settings of virtual machines in a public cloud so when not in use they can be turned off. This reduces costs and makes your workload easier to manage. I think that the Smart Tools suite can really add value to your Citrix environment and maybe this toolkit can convince organizations to take the first steps to the cloud.

I think more and more services will be delivered exclusively from the cloud like the way ShareFile (Citrix Content Collaboration) is designed now. I expect to see this trend in a new release of XenMobile (Citrix Endpoint Management) as well. I’m thrilled to see more Cloud development with the upcoming releases of the Citrix Workspace App. With this development XenApp/ XenDesktop is no longer the heart of the product suite. Everything will be based round on the integrated workspace. Exciting times ahead!


There are some things to keep in mind if you are thinking about moving to Citrix Cloud. Some things are just takeaways that I find worthy of noticing, while others even may be showstoppers for some companies now. But keep in mind, we are just at the beginning of the Cloud journey. There is a lot of interesting stuff heading our way.

First of all I would like to advise to take your time and carefully plan your journey to the cloud. Only migrate components to the cloud if you see some kind of advantage and if it doesn’t have a negative effect on your current workload performance and user experience. A phased approach to a hybrid cloud is the best way to start.

If you move to Citrix Cloud you will be faced with an important first choice. Where do you want to welcome and authenticate your users? In other words, where do you place your StoreFont and NetScaler appliance (your Access layer)? There are multiple options: Within Citrix Cloud, On-premises or a public or private cloud provider. It all depends on the location of the users. To guaranty to best performance you would like to place these components close to your users. If you have users working all over the globe then placing the entire Access layer within Citrix Cloud is an excellent idea. If your user community is concentrated in one place, it is best to keep your Access layer on-premises to realize an acceptable latency and an excellent user experience. Please note that the NetScaler service is only available in the US and not yet in the EMEA at this time.

Citrix introduces the term Workspace Experience. Workspace Experience is a multi-tenant access platform in Citrix Cloud which replaces the single tenant Cloud StoreFront. Basically it is the migration of your on-premises StoreFront to Citrix Cloud. With this feature you can (slightly) customize the user interface, the URL and the external connectivity. In my opinion Workspace Experience today falls short to an on-premises StoreFront because of the limited options for Two-factor authentication, customization options and identity store. And the look and feel of your external entrance could change overnight due to an update in the cloud. That is something I find undesirable.


Workspace Experience

On-premises StoreFront

Zero Effort


Automatic Updates


Citrix Managed


UI Customization



Receiver Deployment



Multiple Stores


Support for Two-factor Authentication

Azure AD MFA


Local Password Processing


Supports Session Reliability



Anonymous Access


Federated Authentication

Azure AD


Thin Client Support


Support for Single Sign On


With the Netscaler Service only available in the US and the limitations of StoreFront in the Citrix Cloud I would advise to place the Access layer on-premises any time for organizations outside of the US.

As I discussed previously, you do not have to manage the components in the Citrix Cloud. This mean that there is less work to be done for employees to keep the infrastructure up to date. This sounds like the ideal situation but there are some odds and ends to it. You cannot create a custom maintenance window. Components can update over night, so keep that in mind when creating an alerting mechanism for employees that work stand-by shifts. Citrix will take care of the updates and the necessary fail overs, so there is no reason to give your employees unnecessary sleep deprivation. Keeping them up at night is a job for their children, not for unnecessary notifications from Citrix Cloud.
There is no troubleshooting. When an error should occur you just create a ticket to Citrix and wait. While my experience with Citrix and their support is great, it’s against my better judgment to wait while there are technical difficulties.

There is slightly less functionality in the management tools (Director and Studio) in the cloud and there is no logging available. I can see that the absence of a logging functionality is hard to accept for some organizations. Another flaw is that while monitoring user sessions in Director you can see exactly what programs they are running and which websites they are viewing. Within an on-premises located Director this feature can be turned off, but this cannot be done in the Cloud.

Besides pointing your VDA’s to the cloud connectors instead of the on premises DDC’s there are some other interesting things from a technical perspective.
Citrix Cloud has multi domain support. You can support your on-premises domain as well as a domain in an public cloud simultaneously. Multiple resources are referred to as zones in Citrix Cloud.

As far as provisioning goes, PVS is not supported in the cloud. But don’t panic. Your existing PVS environment works seamlessly with Citrix Cloud, as long as you keep PVS and your license server on-premises. It only concerns PVS in a public cloud. Not all resources can handle MCS though. Although Citrix is publicly teaming up with Google, Google Cloud is not (yet) supported from an MCS or hosting integration perspective. However VDA’s can be deployed without image and power management.
Slowly MCS is taking the crown for provisioning. Keep in mind that you eventually end up with MCS anyway if you’re running PVS now. Citrix Cloud is just one step ahead to not be fully compatible with PVS. Personal vDisk and AppDisk is not supported in Citrix Cloud. Citrix Workspace Environment Manager (WEM) and AppDNA are also on-premises only products.

With an on-premises configuration the DDC operates as a Secure Ticket Authority (STA) for external ICA connections. With Citrix Cloud your Cloud Connector automatically takes over that functionality.
You could consider to set up Local Host Cache but the VDA’s will only look for a local copy of the database on the Cloud Connectors when the connection to the Citrix Cloud fails. This means that your internet connection is out and you have to question yourself if a modern workspace is still functional without internet connection because of the many SaaS application these days. In this scenario SD-WAN could be a solution, but I will save that for another blog.

Final Thoughts

Moving your exciting XenApp/ XenDesktop environment to the cloud is a piece of cake. Using XenApp and XenDesktop service is entering the cloud in phases.
You have the opportunity to quickly connection to the cloud which enables great monitoring tools and easy maintenance. An optional step two is to move the Access layer to Citrix Cloud. The ultimate step is to host the rest of your Citrix infrastructure with a third party Cloud provider. The beauty of it all is that these steps are not mandatory. You design your own way of Cloud Computing. I think that this hybrid design of Citrix Cloud appeals to a lot of companies. You decide which components you would like to move to the cloud and where you place your workload. You decide the scale and pace of the journey to the cloud, which (maybe) eventually is inevitable. Citrix Cloud enables you to use a phased approach to move components to either the Citrix Cloud or a Public Cloud until eventually your whole IT infrastructure is migrated to the cloud (if preferred of course).
Before you take the necessary steps you have to carefully plan your actions and determine how Citrix Cloud could be of any advantage to your company. I believe that one way or another it will be.

So if we go back to the Super Mario Bros. metaphor: It is a long but, exciting and fun journey and along the various phases you’ll encounter some empty castles. But eventually you will end up finding Princess Peach and live happily ever after.

Until you accept a new quest that is. In IT there is always another world to be selected 😉

Leave a Reply

Your email address will not be published. Required fields are marked *