Citrix Virtual Apps and Desktops (CVAD) / Citrix DaaS Comprehensive Cheatsheet

1. Architecture Overview

Citrix DaaS (Cloud) vs On-Premises Deployment

Note: Citrix is now part of Cloud Software Group. Licensing has consolidated under the Citrix Platform / Universal Subscription model; perpetual + Customer Success Services (CSS) renewals were retired during the 2024 transition.

2. Installation and Initial Configuration

Prerequisites (CVAD 2402 LTSR / current CR)

• Windows Server 2019, 2022, or 2025 (Server Core supported for Delivery Controller, StoreFront, License Server, Director)
• .NET Framework 4.8 (or later, where required by component)
• Microsoft SQL Server 2019 or 2022 (Standard/Enterprise; Express only for evaluation)
• TLS 1.2+ enforced (TLS 1.0/1.1 deprecated)
• Minimum hardware (Delivery Controller):
  • 4 vCPU
  • 16 GB RAM
  • 100 GB disk

Installation Steps

1. Download the latest CVAD ISO from the Citrix download portal (or deploy Cloud Connectors for DaaS).
2. Run the installer with administrative privileges.
3. Select components:
   • Delivery Controller
   • SQL Server database (or point to an existing instance)
   • Web Studio (the modern web-based replacement for the legacy MMC Citrix Studio, default since 2308)
   • Director
   • License Server / StoreFront as needed

PowerShell Installation Example

1
2
3
4
5
# Silent installation (CVAD core components)
Start-Process ".\XenDesktopServerSetup.exe" `
  -ArgumentList "/components controller,webstudio,director,licenseserver,storefront /configure_firewall /quiet /noreboot" `
  -Wait

3. Site Setup and Resource Locations

Creating a Site

1. Open Web Studio (https://<controller>/Citrix/WebStudio) or DaaS console in Citrix Cloud.
2. Connect to a Delivery Controller / Cloud Connector resource location.
3. Configure initial site settings (databases: Site, Monitoring, Configuration Logging).
4. Define resource locations (hypervisors / public cloud connections).

PowerShell Site Configuration

1
2
3
4
5
6
7
8
9
10
# Load Citrix SDK snap-ins (on-prem)
Add-PSSnapin Citrix*

# Create a new site
New-XDSite -SiteName "PrimaryDataCenter" `
           -DatabaseServer "SQL01\CITRIX" `
           -SiteDatabaseName "CitrixSite" `
           -LoggingDatabaseName "CitrixLogging" `
           -MonitorDatabaseName "CitrixMonitor"

4. Machine Catalog Creation and Management

Machine Catalog Types

• Single-session OS (formerly "Desktop OS") — static or random
• Multi-session OS (formerly "Server OS") — RDSH-based
• Remote PC Access
• Provisioning method: MCS, MCS with Image Management (Image Portability Service), or Citrix Provisioning (PVS)

Creating a Machine Catalog

1. In Web Studio, go to Machine Catalogs → Create Machine Catalog.
2. Choose OS type and provisioning method (MCS/PVS/Manual).
3. Select the master image / snapshot and identity type (AD, Hybrid Azure AD, Azure AD-joined, Workgroup).
4. Configure VM size, disk type, write-back cache, and Azure/AWS/GCP hosting unit.

PowerShell Machine Catalog Creation (MCS)

1
2
3
4
5
6
7
8
New-ProvScheme `
    -ProvisioningSchemeName "Win11-Sales" `
    -HostingUnitName "AzureHosting" `
    -IdentityPoolName "SalesPool" `
    -MasterImageVM "XDHyp:\HostingUnits\AzureHosting\Win11-Master.snapshot" `
    -VMCpuCount 4 -VMMemoryMB 8192 `
    -CleanOnBoot

5. Delivery Group Configuration

Key Configuration Parameters

• User/device assignment (AD groups, Azure AD groups via Cloud)
• Session reconnection, prelaunch, and lingering
• Access policies (SmartAccess / Adaptive Access via NetScaler / Secure Private Access)
• Autoscale power management (cloud and on-prem)

PowerShell Delivery Group Setup

1
2
3
4
5
6
7
New-BrokerDesktopGroup `
    -Name "Sales-Desktops" `
    -Description "Virtual Desktops for Sales Team" `
    -DesktopKind Random `
    -SessionSupport SingleSession `
    -DeliveryType DesktopsAndApps

6. Application Publishing and Management

Application Delivery Methods

• Published (seamless) applications
• Published desktops
• App Protection policies (anti-keylogging / anti-screen-capture) — licensed add-on
• App Layering (Citrix App Layering) for image composition

Publishing an Application

1. In Web Studio, open Applications → Add applications.
2. Choose an existing delivery group or create one.
3. Configure command line, working directory, icon, file type association, and visibility.

PowerShell Application Publishing

1
2
3
4
5
6
New-BrokerApplication `
    -Name "Microsoft Word" `
    -ApplicationType HostedOnDesktop `
    -CommandLineExecutable "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" `
    -DesktopGroup "Sales-Desktops"

7. Desktop Virtualization Setup

Desktop Hosting Options

• On-premises VDI (vSphere, Hyper-V, Nutanix AHV, XenServer/Citrix Hypervisor)
• Public cloud (Azure, AWS, GCP) — including Azure VMware Solution and Google Cloud VMware Engine
• Hybrid / multi-cloud via Citrix DaaS
• Windows 365 / Azure Virtual Desktop integration via the HDX Plus for AVD/W365 offering

Desktop Creation Workflow

1. Prepare master image (Citrix Optimizer recommended).
2. Create machine catalog (MCS or PVS).
3. Configure delivery group and entitlements.
4. Apply policies and Autoscale schedules.

8. User and Group Management

Authentication Methods

• Active Directory (on-prem)
• Azure AD / Entra ID and Hybrid Azure AD join
• SAML 2.0 / OIDC
• FIDO2, Windows Hello for Business, smart cards
• Adaptive Authentication (NetScaler-based, available via Citrix Cloud)

PowerShell User Management

1
2
3
4
# Add an AD group to a delivery group
Add-BrokerUser -Name "DOMAIN\Sales-Users" `
               -DesktopGroup "Sales-Desktops"

9. Policies and Settings Configuration

Key Policy Areas

• ICA/HDX connection settings
• Session limits and idle timeouts
• Bandwidth and EDT (Enlightened Data Transport) tuning
• Printer, USB, drive, and clipboard redirection
• App Protection and Session Watermarking

Creating a Policy

1. In Web Studio, open Policies → Create Policy.
2. Select settings and configure values.
3. Assign filters (Delivery Group, Tag, User, Client IP, Access Control).
4. Set priority — lower numbers win.

Note: Many policies can also be managed via Active Directory Group Policy with the Citrix admx/adml templates.

10. StoreFront Configuration

StoreFront Components

• Stores and authentication services
• Authentication methods (User name/password, Domain pass-through, smart card, SAML, Citrix Gateway)
• Workspace for Web / Workspace app
• Subscription store synchronization and load balancing
• Workspace experience (Citrix Cloud) for DaaS deployments

PowerShell StoreFront Setup

1
2
3
4
Import-Module Citrix.StoreFront
$store = Get-STFStoreService -SiteId 1 -VirtualPath "/Citrix/Store"
Set-STFAuthenticationServiceProtocol -Name "ExplicitForms" -Enabled $true

11. Citrix Workspace App Deployment

Deployment Strategies

• MSI / MSIX installation (Windows, macOS, Linux, ChromeOS, iOS/iPadOS, Android)
• Microsoft Intune / Configuration Manager / Jamf
• Group Policy / Workspace app admx templates
• Self-service from Workspace / StoreFront
• Citrix Workspace app for HTML5 (browser-based, zero install)

Receiver has been retired; only Citrix Workspace app is supported.

12. HDX Technology Optimization

Performance Optimization Techniques

• Adaptive Transport with EDT (UDP-based, falls back to TCP)
• Adaptive throughput and adaptive display V2/V3 (H.264, H.265/HEVC, AV1 where supported)
• Session reliability and auto client reconnect
• Browser Content Redirection and Teams 2.x / Zoom / Webex optimization
• GPU acceleration (NVIDIA vGPU, AMD MxGPU, Intel Flex) and graphics tuning

13. Load Balancing and High Availability

HA Configuration Options

• NetScaler ADC / NetScaler Gateway for ICA proxy, GSLB, and load balancing
• Multiple Delivery Controllers / Cloud Connectors per resource location
• Zones (Primary + Satellite) for branch resiliency
• SQL Server Always On Availability Groups for site databases
• Local Host Cache (LHC) for outage tolerance when the database is unreachable

14. Monitoring and Performance Tuning

Monitoring Tools

• Citrix Director (on-prem and embedded into DaaS as Monitor)
• Citrix Analytics for Performance and for Security (cloud)
• Windows Performance Monitor counters (Citrix-specific)
• ODATA Monitor API for custom dashboards
• Session Recording (now policy-driven and storable in Azure)

15. Session Management

Session Control Features

• Reconnection, prelaunch, and lingering
• Session shadowing (via Director / Configure with Windows Remote Assistance or Citrix's built-in shadowing)
• Autoscale to power-manage machines based on schedule and load index
• App Protection and Watermarking per session

PowerShell Session Management

1
2
3
4
5
# Log off idle sessions older than 1 hour
Get-BrokerSession |
  Where-Object { $_.SessionState -eq "Active" -and $_.IdleDuration -gt [TimeSpan]"01:00:00" } |
  Stop-BrokerSession -Force

16. Printing and Peripheral Management

Printing Options

• Citrix Universal Print Driver (UPD) and Universal Print Server (UPS)
• Client printer mapping and auto-creation
• Session printers via policy
• USB and composite USB device redirection (with allow/deny lists)
• Generic USB redirection vs optimized channels (audio, video, smart card)

17. Security Features

Security Best Practices

• TLS 1.2/1.3 for all components; deprecate TLS 1.0/1.1
• App Protection (anti-keylogging, anti-screen-capture)
• Session Recording with tamper-evident storage
• Secure Private Access (ZTNA) for SaaS, web, and TCP/UDP apps
• Adaptive Authentication and Adaptive Access (device posture, geolocation, risk score)
• Least-privilege Citrix admin roles and scopes; integrate with Entra ID PIM

18. PowerShell Automation

Essential PowerShell Modules / Snap-ins

• Citrix.Broker.Admin.V2
• Citrix.MachineCreation.Admin.V2
• Citrix.ADIdentity.Admin.V2
• Citrix.Configuration.Admin.V2
• Citrix.Host.Admin.V2
• For Citrix DaaS / Cloud: the Remote PowerShell SDK and the Citrix DaaS REST APIs (preferred for automation, CI/CD, and Terraform).
• Official Citrix Terraform provider (citrix/citrix) for IaC management of catalogs, delivery groups, policies, and hosting.

19. Troubleshooting Common Issues

Diagnostic Commands

1
2
3
4
5
6
7
8
9
10
11
12
# Delivery Controller health
Get-BrokerController
Get-BrokerSite | Select-Object Name, LocalHostCacheEnabled, DefaultMinutesBeforeLogonRetry

# Validate a provisioning scheme
Test-ProvScheme -ProvisioningSchemeUid $schemeUID

# Check Local Host Cache state
Get-BrokerController | Select-Object DNSName, State, DesktopsRegistered

# CDF tracing (replace the legacy CDFControl with built-in cdfcontrol.exe / CDFMonitor)

Other helpful tools: Citrix Health Assistant, Citrix Optimizer, Citrix Diagnostic Facility (CDF), and Director's Probe Agent.

20. Migration and Upgrade Strategies

Upgrade Considerations

• Stay on a supported LTSR (current: 2402 LTSR, with CU releases) or follow the Current Release cadence.
• Use the Automated Configuration Tool (Citrix.AutoConfig) to migrate site configuration to Citrix DaaS.
• Image Portability Service to move workloads between hypervisors / clouds.
• Run Upgrade Readiness checks; back up Site DB, GPOs, and StoreFront configuration before upgrading.
• Plan rolling upgrades of Delivery Controllers/Cloud Connectors, then VDAs, then StoreFront/NetScaler.

21. Licensing and Cost Optimization

Licensing Models

• Citrix Platform License (formerly Citrix Universal Subscription) — unified entitlement covering DaaS, on-prem CVAD, NetScaler ADC, Endpoint Management, Secure Private Access, and Analytics (entitlements vary by edition: Universal Hybrid Multi-Cloud, Universal Premium, etc.).
• Per-user / per-device subscription (concurrent licensing for new purchases has been retired).
• Hybrid Rights enable on-prem CVAD customers to consume Citrix DaaS at no additional cost during the entitlement term.
• Optimize spend with Autoscale, right-sized VM SKUs, Azure/AWS reserved instances or savings plans, and consolidating to multi-session OS where possible.

Note: Citrix products evolve quickly under Cloud Software Group. Always consult the official Citrix Tech Zone, product documentation (docs.citrix.com), and the Citrix Lifecycle Milestones page for the most current versions, supported platforms, and end-of-life dates.