Citrix offers two products to deliver hosted resources to users: XenApp and XenDesktop. Although the products share great similarities (and since v7.x the underlying architecture is now common, FMA rather than IMA), have their unique characteristics.
What product do you need? When and why? In this article I’m trying to help you make this decision based on a decision tree.
During the course of this article I’m assuming you’re designing a XenApp / XenDesktop 7.x environment, however the principal is equal for XenApp 6.x and XenDesktop 5.x.
Let’s start with a common misconception, applications versus desktops. It’s easy to think that if you want to provide access to hosted applications to your users you must use XenApp and if you want provide access to hosted desktops you can only use XenDesktop. I guess we can partly blame Citrix for that as well since they do advocate a similar message, have a look on their corporate website (see highlighted in red) .
The primary focus of XenApp is (and always has been) applications and for XenDesktop the primary focus is desktops. However, both products can provide access to hosted applications and desktops, just in a different way. I wrote about this earlier in the article “You don’t need XenDesktop for a virtual desktop“.
The major difference between XenApp and XenDesktop is the execution environment. Where XenDesktop provides access to hosted resources for a single user on a Windows client machine like Windows 7 or 8, XenApp provides access to hosted resources for multiple users on a Windows server machine. like Windows Server 2008R2 or 2012. So users on a machine running XenApp share all resources like CPU, GPU, memory, disk, etc. where users on a machine running XenDesktop get their own (private) CPU, GPU. memory, disk, etc. (not considering virtualization). Because XenApp shares resources, multiple users can use (multiple) applications at the same time, as opposed to XenDesktop where one only one user can run (multiple) applications at the same. Andrew Wood explains the between the difference between the two in the article VDI vs RDSH: Squabbling Siblings or Embattled Enemies?
|Execution environment||Multiple users||Single user|
|Windows operating system||Server OS||Client OS|
Let’s talk about the terminology used, just to avoid confusion. I won’t use the terms SBC or VDI, in my opinion they contribute to the confusion around this already complex matter. I’ve discussed this in my virtual desktop word bingo article and concluded that we’re probably better of using the following terms, in relation to XenApp / XenDesktop:
|Application||Hosted Shared Application||Hosted Private Application|
|Desktop||Hosted Shared Desktop||Hosted Private Desktop|
As of version 7.x, XenDesktop and XenApp both share the same Flexcast Management Architecture (FMA) and as such can be easily mixed and managed using one central management console, Studio. In fact, XenDesktop versions 7 and 7.1 combine both products into one, leaving the good old IMA behind. Just recently Citrix announced the release of XenApp and XenDesktop 7.5 (due in March this year) again as separate products. However, they’re sharing the same underlying architecture. Older environments (XenApp 6.x and XenDesktop 5.x) can coexist as well but needs to be managed separately, they can share the same license server.
Licenses can be shared if the XenApp and XenDesktop machines share the same license server. This means that if you’re in a hosted desktop (XA/XD) and connect to a hosted application (XA/XD) from another machine, you require only one license. Important to mention is that the license type and edition on both machines needs to be equal (so two servers running XenApp Enterprise share a license but one server with XenApp Enterprise and another with XenDesktop Platinum won’t). If you want to view the used user / device license I recommend the free UDadmin GUI by Bram Wolfs. Not only does it show the used licenses it also enable you to release claimed license easily.
Do you want to offer a mixed environment?
The real question is, do you want to mix two delivery methods and offer them to the same user? Especially when you’re nesting sessions you could end up with some complex scenario’s, offering a mix of functional and technical challenges. However, depending on your (delivery) strategy a mixed environment could be viable.
Citrix created an informative video explaining the value of Citrix XenApp and XenDesktop with FlexCast (source: YouTube).
I’ve created two decision trees:
- From the users perspective: what does you user need?
- From an application perspective: what does your application need?
You can download the PDF here XenApp or XenDesktop - Decision Tree.pdf.
The criteria in the decision tree are explained in the paragraph below.
The decision for XenApp or XenDesktop depends on a number of criteria which are shown in the decision tree. The criteria are not written in stone, as always the term “it depends” applies. I’ve written a short description for each criteria to help you interpret the criteria.
Note: Some of the criteria can be mitigated using third party tools.
|Needs to install software||Does the user need to install software on the hosted machine? Then it’s most likely the software makes system wide changes that could affect other users on the same machine. To avoid one user from impacting another user it’s recommended to provide users with their own machines.
Note To make system wide changes the user requires administrative privileges,.
|Needs to install (kernel) drivers||Basically the same as with previous criteria, but it’s unlikely that third party software can mitigate this for kernel drivers. Kernel drivers need to load before a user is logged on. However, user drivers (like printer drivers) can be installed by any users (unless that’s blocked), also on a hosted shared machine (XenApp).
Note: To make system wide changes the user requires administrative privileges,.
|Full USB capabilities required?||Citrix XenApp supports portable USB devices with HDX Plug-n-Play. The supported USB device types are limited because changes to the machine cannot be made on a shared machine. If broader USB device support is required XenDesktop offers generic USB redirection.|
|Requires administrative privileges?||If the user requires administrative privileges, for instance to make system wide changes, it’s likely you want to provide the users its own machine. A user that can make system wide changes could potentially affect other users on the same machine.
Third party: There’s software available that can dynamically inject administrative privileges (a taken) in processes that meet a certain criteria. As a result there’s no need to make the member of the Administrators group preventing system wide changes from all other processes. For instance RES Workspace Manager (feature: Dynamic Privileges) or AppSense Environment Manager (feature: User Right Manager).
|Vendor support for server OS?||If you depend on the support of the application vendor you need to ensure it supports running the application on a server operating system (XenApp). If they say No “We only support desktop operating systems” you need to use XenDesktop
Note: You could apply the “version lie” shim to hide you’re running on a server OS
If your application is very resource intensive (for example because it assumes all resource are at his disposal) it could consume resources that another user needs. The foundation of hosted shared machines running Citrix XenApp is Microsoft Remote Desktop Services (RDS), enabling the machine to be shared by multiple users. It contains a scheduler that gives each process a fair share of resources but provides to any process that asks (and if you shout you get more). Of course you can reduce the user count per hosted shared machine (XenApp).
RDSH: The Remote Desktop Session Host (RDSH) role of Windows Server 2008R2/2012 provides features to mitigate for some resource intensive applications. The granularity is, compared to some third party software, not that detailed.
Third party: There’s third party software available that can share resources more fair, for instance between users or sessions. Besides sharing more “fair” some software can also limit the available resources per processes, preventing them from saturating the system.For instance Andrew Morgan’s ThreadLocker or AppSense Performance Manager.
|1:1 relation between user and IP?||Some client-server software require the user to have it’s own IP address for bi-directional communication (for instance some Java Web Start applications). This software can’t be used on machines that share their IP address with multiple users: hosted shared (XenApp). In this situation each users needs to receive their own IP address. Since “Virtual IP” is no longer part of XenApp 7.x a hosted private machine is needed (XenDesktop).
Note: Since Windows Server 2008R2 Microsoft offers “Remote Desktop IP virtualization” which – in essence – does the same as Virtual IP did.
|1:1 relation between user and computer?||In some situation a 1:1 relation between the user and the computer is required. There are security principals that dictate that certain users are bound to the same machine. For instance with functional accounts: where they log on is restricted to a (short) list of machines. In these scenario’s a hosted private machine is probably the most convenient solution.|
|Compatible with multiuser environment?||Some software is not compatible with a multiuser environment because the software has a 1:1 relation between the machine and the user. When another user launches the application a conflict occurs. Especially older software assume they’re the only one on the machine and use machine-specific resources for configuration / data / license purposes. When applications use folders like C:\Windows / C:\Program Files or HKEY_LOCAL_MACHINE (HKLM) for user specific settings, a hosted private machine (XenDesktop) won’t cause any problems.
Note: To make system wide changes the user requires administrative privileges,.
Note: You could apply shims to address application compatibility issues. They’re commonly used by Microsoft (on their own software ) but not always easy to implement. A detailed explanation about shims can be read in the Microsoft TechNet article Managing Shims in an Enterprise.
If your applications require a GPU for 3D graphics the decision tree can’t help you, there are too many dependencies and the seems like everyday a new solution is provided. What’s good to know that both XenApp and XenDesktop have “GPU virtualization” solutions enabling 3D workloads. A good starting point is the Centrally deliver graphics-intensive 3D apps page on the XenDesktop products page. To read about the most recent developments in this area read the Citrix Blogs with hdx 3d pro tag.
The decision tree helps you choose the right product but does not consider alternative solutions like Remote PC or “1-on-1 Server VDI“.
Citrix has another product in their portfolio to offer remote access to a desktop system: Remote PC. Remote PC allows an end user to log on remotely to the physical PC in his or her office from virtually anywhere. It is part of XenDesktop’s FlexCast delivery technology.
A creative solution to overcome the requirement for a VDA license (which apples when you’re offering access to a hosted private system running a Windows client OS) and to overcome the limitation of the Microsoft SPLA license (as hosting provider you’re not allowed to provide a hosted Client OS).Instead of sharing the resources of a server (XenApp) with multiple users a single user is assigned per server. This eliminates most of the challenges you might had, except for the server OS support. On the financial side this has limited benefits, numerous articles are written about it (Server VDI is here! – citrix.com and XenDesktop Single User Server VDI – basvankaam.com).
I’d like to thank the following people who where kind enough to review the article an give me valuable feedback (in random order): Helge Klein, Andrew Wood, Bas van Kaam, Barry Schiffer and Kees Baggerman.
Did the decision tree help? Do you have any remark or update?
Let me know in the comments.