XenDesktop Remote PC Access allows designated users to remotely access their office PCs through a secure connection.Using this feature an end user can log on remotely to the physical Windows PC located in the office from virtually anywhere. The Citrix XenDesktop Virtual Delivery Agent (VDA) on the office PC enables it to register with the Delivery Controller and manages the HDX connection between the machine and end user client devices. The Citrix Receiver running on the client device provides access to all of the applications and data on the office PC.
How does it work ?
The process begins when a user initiates a Remote PC connection by selecting a desktop from within Web Interface or Cloud Gateway. Next the controller handles necessary communications with the infrastructure to broker a Remote PC connection with the user and the specified office computer. Once a connection is established the desktop will automatically display on the remote device. See the Remote PC Access Life Scene Video.
Remote PC infrastructure
The architecture for Remote PC is made up of several main components: the XenDesktop Controller, Virtual Desktop Agent (VDA), Citrix Receiver, and the physical office computer. These components interact with each other to deliver remote connections between end users and their office computers.
XenDesktop Controller
The controller handles multiple roles for a XenDesktop site. These roles include managing internal communications with Web Interface, license validation with a license server, and applying session policies. Since all these responsibilities are handled by a controller it is recommended there be at least two controllers per site. Having multiple controllers ensures high availability of the site functionality should one of controllers become unavailable.
Virtual Desktop Agent
The Virtual Desktop Agent (VDA) is the agent, installed on the office computer, that the controller uses to verify the device’s status.
Citrix Receiver
Citrix Receiver must be installed on the endpoint device to facilitate connections to the office computer. Citrix Receiver is a software client that handles the communications between the end user and the Citrix infrastructure. Remote PC requires the most current version of Receiver, in order to function.
Office Computer
The office computer is the device located back in the office that remote users will connect to using Remote PC. These computers are typically accessed locally when an employee is in the office and then uses Remote PC to connect back to when remote. To support a Remote PC connection the office computer must have the Citrix VDA for XenDesktop installed and have a hard wired network connection. Wireless connections are not supported by Remote PC and the office computer must be a member of an Active Directory domain.
When Remote PC can be used ?
Top Ten Use Cases for Remote PC Access in XenDesktop:
- You are a “Citrix admin” and publish an application from MetaFrame/Presentation Server/XenApp, which allows a user to type in their desktop IP Address or machine name, then the user painstakingly authenticates again. This connection is then using the MF/PS/XA server as a protocol transition proxy server.
- You are a “network services admin” and create VPN tunnels (clientless or not), to allow remote desktop applications to traverse the secure connection into the DMZ. After the authentication for the VPN, users then create their own links to machines internally, and you have to apply Network Access Controls to ensure they are not connecting to any PC, then policies to ensure various virtual channels are restricted – most likely duplicate controls from your existing Citrix app deployment. You also have to ensure pre-authentication scans are valid, and in some cases require certain OS patch levels to maintain a secure perimeter from virus’ and malware.
- You are intrigued by VDI, or HVD’s in the datacenter but have some time to go before the user community has been transitioned. Deploy Remote PC Access now, and their connection experience never changes once the image has been migrated into the datacenter.
- You do not plan on migrating to datacenter VDI or HVD’s, and so have plans for PC refresh. Your connection model for remote access to PC’s still has the challenges of supporting VPN’s and ensuring the best experience alongside your Citrix app infrastructure. See the Remote PC Access Demo
- You have invested in XenApp and want to unify physical remote desktops with the same user experience, plus use the controls and monitoring of your existing HDX infrastructure; SmartAccess, Edgesight, and HDX Insight.
- You own XenDesktop and are looking for new and exciting ways to leverage your FlexCast licenses more broadly and reduce costs across the IT department by collapsing desktop access infrastructure.
- You are looking to reduce network bandwidth and increase the user experience for remote desktop access by enabling Local App Access and leveraging it to constrain commercial web content and applications to the home PC, while business web content and application are preserved within the remote session – all painted within the same virtual desktop session visually. See the Remote PC Access and Local App Access video.
- You have plans for PC refresh, but want a revolutionized image delivery model provided by XenClient. Integrating Remote PC Access into the base central image, gives you an advantage of having a superior remote desktop experience when physically away from the locally virtualized image, increasing ROI of those assets.
- You are intrigued by XenMobile and also want to integrate physical remote desktop access alongside your SaaS and remote applications, providing the same remoting user experience and network security infrastructure without the extra DMZ overhead and management/expense of 3rd party protocol add-ins.
- You have a security policy that restricts BYO in the sense that VPNs must be established due to virus’, malware, and IP theft prevention. Using Receiver, Netscaler Gateway and HDX policies you overcome these threats by retaining the intellectual property at the desktop and never supporting a VPN for the virus/malware to potentially spread.
New funcionality implemented in Remote PC Access in XenDesktop 7
In addition to exisitng functionality the following features have been intoduces in XenDesktop 7:
- Automated administration of Remote PC Access fully integrated into the core functionality of the XenDesktop Delivery Controller and Studio
- Desktop Studio Site Creation Option
- Distinct Desktop Studio Catalog
- Flexible Catalogs mapping to Machines\OUs and Users\Groups
- Broad 3rd Party Credential Provider Support
- Windows 8 Desktops support
- Enhancements for MS Lync
- GPU Remoting of DirectX Apps
- GPU Transcoding of Windows Media Redirection
- XenClient Project Thunder preview
- SmartAccess to Traditional Computing and XenClient Enterprise Images with Netscaler Gateway
Note: Automated administration integrated into Delivery Controller and Studio replaces the XML configuration file and PowerShell scripts used by Remote PC Access in XenDesktop 5.6 FP1.
Deployment considerations:
- When installing the VDA, consider whether to enable Windows Remote Assistance (by specifying /enable_remote_assistance). This option allows help desk teams using Director to view and interact with a user’s sessions via Remote Assistance.
- Each office PC must be domain-joined with a wired network connection.
- Windows 7 Aero is not a requirement on the office PC, but is supported.
- To improve accessibility and deliver the best connection experience, the laptop power saving options should be configured to those of desktop PC. For example:
- Disable the Hibernate feature.
- Disable the Sleep feature.
- Set the close lid action to Do Nothing.
- Set the press the power button action to Shut Down.
- Disable video card energy saving features.
- Disable network interface card energy saving features.
- Disable battery saving technologies.
- Not supported for Remote PC Access devices:
- Docking and undocking the laptop.
- KVM switches or other components that can disconnect a session.
- Hybrid PCs (including All-in-One and NVIDIA Optimus laptops and PCs).
- Multiple users with remote access to the same office PC see the same icon in Receiver. When any user remotely logs on to the PC, that resource is marked unavailable to other users.
Security
Remote PC Access implements the following security features:
- Smart cards are supported only for remote access to physical office PCs running Windows 7 or Windows 8; smart cards are not supported for office PCs running Windows XP
- When a remote session connects, the office PC’s monitor appears as blank.
- Remote PC access redirects all keyboard and mouse input to the remote session, except CTRL+ALT+DEL and USB-enabled smart cards and biometric devices.
- SmoothRoaming is supported for a single user only.
- When a user has a remote session connected to an office PC, only that user can resume local access of the office PC. To resume local access, the user presses Ctrl-Alt-Del on the local PC and then log in with the same credentials used by the remote session. The user can also resume local access by inserting a smart card or leveraging biometrics, if your system has appropriate third-party Credential Provider integration. Note: This default behavior can be overridden by enabling Fast User Switching via Group Policy Objects (GPOs) or by editing the registry.
- By default, remote PC access supports automatic assignment of multiple users to a VDA. In XenDesktop 5.6 Feature Pack 1, administrators could override this behavior using the RemotePCAccess.ps1 PowerShell script. This release uses a registry entry to allow or prohibit multiple automatic remote PC assignments; this setting applies to the entire site.
Leave A Comment