Centralized control and the need for mobility are usually at opposite ends of the enterprise spectrum. Ideally, IT would be able to centrally control and manage end users laptops, ultrabooks, and tablets. However, in disconnected or poorly connected conditions makes constant end user productivity a difficult goal to achieve. That’s where Citrix XenClient fits in. XenClient uses a combination of client virtualization with Citrix’s FlexCast technology to deliver a completely managed, fully-functional desktop experience to the end user regardless of the state of the user's network connection. In what is undoubtedly the longest running product review that I’ve ever done, I had an in-depth look at the Citrix’s XenClient as it evolved over two releases from XenClient Enterprise 4.5 to XenClient Enterprise 5.1.
XenClient Enterprise is not a VDI type of solution where the processing is done on the server in the data center. Instead, it's based on desktop virtualization; the desktop processing is performed by the local system. There are no network dependencies and the mobile device can work in either connected or disconnected mode. XenClient has two primary components:
- XenClient Enterprise Engine—The XenClient Enterprise Engine is a type-1 Xen client hypervisor, which means the hypervisor runs on bare metal, enabling the engine to provide very high levels of performance. The XenClient Enterprise Engine is installed on the x86 devices that you want to manage.
- XenClient Synchronizer—XenClient Synchronizer enables devices with XenClient Engine to download centrally managed virtual desktops and run them locally on the device. The Synchronizer allows the administrator to define security policies, it can disable lost or stolen devices, and it also centrally backs up user data over a secure connection when the user is connected and can restore a user's virtual desktop on any XenClient-based device
You can see an overview of the architecture used by Citrix XenClient in Figure 1.
The XenClient Enterprise Engine provides local execution of VM desktops directly on x86 hardware. Unlike server-based hypervisors like Hyper-V or vSphere, the XenClient hypervisor is designed to run on an end user device and supports high performance graphics, multiple USB devices, and wireless connectivity. XenClient also enables Mac integration through the use of DesktopPlayer. DesktopPlayer is a type-2 hypervisor (which means it runs on top of the Mac OS). The administrator can use the XenClient Synchronizer to manage images that run on both the PC-based XenClient Enterprise Client and the DesktopPlayer for Mac.
The XenClient Synchronizer provides central management for XenClient desktops. It uses a SQL Server Express database to keep track of users, groups, VMs, software, polices, and events. The XenClient Synchronizer can maintain a local repository of users and groups or it can integrate with Active Directory. Users can create policies that control things like the XenClient desktop functionality, backup interval, device lockout interval, and USB filtering.
Maintaining a minimum number golden client images is one of the challenges that IT faces when centrally managing desktops. The fewer images that IT needs to maintain, the easier the task of managing desktops at scale is. However, end users usually want the ability to customize the desktop as well as install their own applications. XenClient supports several types of desktop image management:
- Shared Image Mode—Provides a single system image that reverts back to its original state when the user reboots. All user changes are discarded. This takes the least amount of storage and management.
- Custom Image Mode—Provides multiple custom system images for users. All user changes persist across reboots. This requires the most storage and management.
- Shared Image Mode with Personal vDisk (PvD) Integration—Enables administrators to maintain a single golden image across all users. This mode provides end users with a customizable user VHD, as well as an application VHD that enables users to customize their desktops and install custom applications. These customizations persist across reboots. XenClient’s PvD mode lets administrators install applications for individual users or groups of clients using AD Group Policies Objects. This mode requires more storage than the Shared Image Mode, but less than the Custom Image Mode.
The XenClient Synchronizer allows IT admins to deploy a single golden image to thousands of PCs. It also automatically backs up desktops and secures them with an encrypted local virtual machine with automated backup and remote kill. You can find out more about the XenClient Enterprise’s management in the XenClient Management section below.
Citrix states that the XenClient Synchronizer requires at least a 2 GHz Intel Xeon Dual Core processor. It also requires a minimum of 6 GB RAM but 8 GB RAM is recommended, as well as at least a 200 GB 10K RPM disk drive and at least one 1 Gbps Ethernet NIC. The Synchronizer can run on a physical server or a virtualized machine but its complete feature set, such as the ability to run VMs, is only available when it’s running on a Hyper-V server. It requires either Windows Server 2008 R2 or Windows Server 2012. Windows Server 2012 is required if you run the Synchronizer in a VM.
The XenClient Enterprise Engine has modest requirements and most of today’s laptops, ultrabooks, and tablets like the Surface Pro can easily meet them. The XenClient Enterprise Client requires an Intel or AMD dual-core processor with Intel-VT (VT-x) or AMD-V hardware virtualization technology with a minimum of 2 GB RAM. Citrix recommends 4 GB of RAM. They also recommend a minimum of 60 GB free disk space. However, the actual requirements can be more running if the device is running multiple operating systems. Citrix also recommends Intel graphics but it can use other graphics as well. Citrix maintains a XenClient compatibility list that you can use to check your systems for compatibility at Citrix Ready Xchange Marketplace. To see the devices that are compatible with XenClient choose the “By Solution” option. Then select “Desktop Solutions” and “Desktop” and click “Find Products”.
The XenClient Enterprise Client can be installed from media or from a USB drive. You have a couple of options for setting up the XenClient. You can make the XenClient hypervisor hidden so that the device essentially looks just like a normal Windows device to the end user, or you can display the XenClient launcher, which provides options for running VMs and configuring the device. A floating dock provides options for running the Citrix Receiver, the RDP Client and Google Chrome. You can see the XenClient Enterprise Client launcher in Figure 2.
The available VMs that have been assigned to the client appear in the middle of the screen. These VMs appear automatically after they are assigned by the XenClient Synchronizer or when they are created locally. As you might expect, clicking on the VM icon launches the VM and the desktop is displayed on the device. Clicking on the icons at the bottom allows you to manage the device. You can use these icons to set up the network configuration and assign users to the device. Hovering the mouse in the upper middle portion of the screen displays the dock.
You can create desktop VMs, users, groups and policies by using the Synchronizer. The Synchronizer is managed using the web-based management console in that you can see in Figure 3. The navigation panel that you can see on the left allows you manage VMs, users, groups, policies, and the software library. The action pane on the right provides a group of options for each of the different navigation items.
Creating and deploying new virtual machines with XenClient is a piece of cake. You first copy your desktop installation ISO image or a VHD file into the C:\Program Files\Citrix\Synchronizer\FileImport directory. Next, you use select the Software Library pane and click the Import link to import the image. Once the installation image has been imported, you select the Virtual Machine pane, then the Create option from the Action pane. This action starts the Create a Virtual Machine wizard. The wizard prompts you to enter the name of VM, the type of guest OS, and then select the appropriate ISO image from your Software Library. Next, you select the image mode where you choose from a Shared image, a PvD image, or a Custom image. After the VM is created, you must then start it to complete the installation of the guest OS. After the guest OS installation has been completed, you can then publish the VM and assign it to your users. When the VM is assigned to a user, the synchronizer will automatically propagate the VM to the device associated with the user.
I found XenClient to be very easily managed. You can provision or patch thousands of devices with a single click. You can push out upgrades to the XenClient devices from the synchronizer. XenClient also offers a number of layers of security. There is full VM isolation and full disk encryption using AES 256. The fact that the VM is periodically backed up by the Synchronizer enables you to quickly restore a corrupted or malware-infected desktop to an earlier point in time. At the device level, administrators have the ability to setup device expiration as well as lockout and remote kill the device either manually or by using policies.
Virtualizing and Mobilizing the Enterprise
XenClient Enterprise 5.1 makes centralized management of mobile devices easy. Its local client hypervisor handled disconnected and poorly-connected scenarios flawlessly. The Synchronizer enables you to easily deploy new desktops and to manage desktop images. Users can easily migrate to new devices within minutes. Policy controls and role-based management makes it easy to manage large number of users and devices. It is well suited for managing shared PC images for kiosks, labs, and training facilities. Citrix claims that XenClient can result in a 70% reduction of PC management costs. There were a couple of areas that I would have liked to see improved, however; it would've been good if XenClient allowed multiple users per device or multiple users per laptop, and I found the documentation could have been clearer about the steps required to publish VMs.
Citrix licenses XenClient Enterprise 5.1 per device per user. Licenses for 10, 20, or 30 users/devices cost $1070, $2140, and $3210, respectively. If you’re an existing Citrix XenDesktop Enterprise or Platinum customer, then XenClient Enterprise is included in your license at no extra charge. You can also download a fully functional Citrix XenClient Enterprise demo that’s limited to 10 users from the Citrix site XenClient page.