Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet

Tokenbased Citrix VDA registration

Over the past few months, Citrix has made significant investments to make the Virtual Desktop Agents (VDAs) independent of Windows domains. This was particularly important for Linux and Mac systems, and for some time now, it has been possible to provision non-domain-joined VDIs in Azure using Citrix tools. New in version 2407, available for the first time as a Tech Preview, is the ability to integrate Windows machines provisioned through other methods using a token, without requiring a domain, Delivery Controller, or Cloud Connector.

During the VDA installation, instead of specifying a Delivery Controller (DDC), the token can be directly provided:

(Important: The token itself, not the path to the token file, must be specified. This will maybe in future changed to provide a token File).
Instructions from Citrix: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-vdas.html#step-7-delivery-controller-addresses

The token must be generated first in the Citrix DaaS Console on the appropriate machine catalog where the VDA is to be integrated, via right-click:



It has to be a machine catalog with the Provisioning Method on the Setting Manual.
A single token can be used to deploy up to 100 VDAs, and the token is valid for a maximum of 14 days.

The installation steps are also described in the “Review the enrollment steps” section.

I used this new feature to integrate Azure AVD VMs created via pipeline into Citrix, which I had previously used through AVD. Now, I essentially have a VDI that I can broker and connect to traditionally via Microsoft, but also through Citrix. You may ask yourself why someone want to have the whole Citrix brokering stuff, but not using the Citrix provisioning method for Azure (MCS), this can have different reason, possibly because someone want to use an automated IaaS pipeline with bicep and have control over the provisioning / building of the infrastructure, or other obstacles to not using the Citrix techniques to build VMs. I can’t say more here, I just see a way to make things different and gain more control but still use the advantage of the Citrix techniques in brokering and the ICA protocol.

Since my machines are only in Azure AD, it is important that I configured the delivery group to set the LogonType to AzureAD. I accomplished this with the command:
Set-BrokerDesktopGroup <DeliveryGroupName> -MachineLogonType AzureAD

Additionally, if I still want to access the machine without Citrix, I need to add my user to the Direct Connection Access group. Otherwise, when connecting without Citrix, I will receive the following error:

These are my first experiences with the new token-based VDA rollout. Naturally, these steps must be automated for a business environment when using the token, whereas in my hands-on experiment, everything was done manually through the graphical interface. If you are experimenting with this, please keep in mind that’s a TechPreview and not yet GA.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.