Director WMI proxy plug-in explained

/, XenDesktop/Director WMI proxy plug-in explained

Director WMI proxy plug-in explained

Share this post

Director WMI proxy plug-in has been introduced in XenDesktop 7.0, to address and solve all problems related to communication method between the Director and VDA used in Director 2.1 and earlier. WMI proxy plug-in is installed as a part of the Broker Agent in VDA. In the communication process all requests from Director are routed through Delivery Controller to the WMI proxy plugin running on the VDA. The same secure channel is used to send responses from WMI proxy plug-in to the Director. Implementation of a new WMI proxy plug-in is a essential change because it introduces new features making our life much easier.

The most important changes include:

  • WinRM is not used – the main advantage of new solution is that there is no need to configure WinRM for Director to retrieve the data from the VDA. All Director requests are send to and manage by Delivery Controler. All WMI queries are run locally on the VDA by WMI proxy plug-in and required details are send back to the Delivery Controller. Director does not need to open any WinRM ports on the VDA and this eliminates all problems related to communication between the Director and VDAs through WinRM.
  • Delegated Administration support – in Direictor 7.x, the communication is routed through Delivery Controller. As delivery Controller is responsible for sending the request to VDA and can verify user permissions on the request before forwarding it to the VDA. The requests will be forwarded to VDA only if the required permission is set.
WinRM will need to be configured for Director to work with VDA earlier than XenDesktop 7 (legacy VDA). In order to support these legacy VDAs, Director will fall back to the WinRM calls to query the required data.

Communication flow

The communication flow is shown in Figure 1 below


Figure 1


Communication method in Director 2.1 and earlier

In Director 2.1 and earlier, the information requests were performed in direct communication between the Director and VDA using Windows Remote Management (WinRM). WinRM is the implementation of Microsoft of the WS-Management protocol and enables remote monitoring using a firewall friendly SOAP-based protocol.

The most common problems reported by users are the following:

  • Director machines need to be able to establish WinRM (WMI over http) connections to VDAs. Director also needed to open WMI over http communication port and add firewall exception on the VDA.
  • The VDAs have no knowledge of Delegated Administration and no way to manage the access to the WMI classes other than the Microsoft provided mechanism.
  • WMI security permissions are not very granular, so opening parts of the WMI functionality exposes a large functional area to the Director administrators.

For more information on WinRM Configuration and Troubleshooting see CTX125243


By | 2016-12-18T19:21:32+00:00 December 2nd, 2014|XenApp, XenDesktop|0 Comments

About the Author:

I’m a Citrix Architect with 17 years experience in Microsoft and Citrix infrastructure. I have been working with Citrix since Metaframe 1.8 and my primary focus is on Server, Desktop and Application virtualisation with a preference for Citrix products. I’m an enthusiast of Citrix XenDesktop and Provisioning Server.

Leave A Comment

To protect our website from spam. * Time limit is exhausted. Please reload the CAPTCHA.