Tokenbased Citrix VDA registration
Over the past few months, Citrix has made significant investments to make the Virtual Desktop Agents (VDAs) independent of Windows domains. This was particularly important for Linux and Mac systems, and for some time now, it has been possible to provision non-domain-joined VDIs in Azure using Citrix tools. New in version 2407, available for the first time as a Tech Preview, is the ability to integrate Windows machines provisioned through other methods using a token, without requiring a domain, Delivery Controller, or Cloud Connector.
During the VDA installation, instead of specifying a Delivery Controller (DDC), the token can be directly provided:
(Important: The token itself, not the path to the token file, must be specified. This will maybe in future changed to provide a token File).
Instructions from Citrix: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-vdas.html#step-7-delivery-controller-addresses
The token must be generated first in the Citrix DaaS Console on the appropriate machine catalog where the VDA is to be integrated, via right-click:
It has to be a machine catalog with the Provisioning Method on the Setting Manual.
A single token can be used to deploy up to 100 VDAs, and the token is valid for a maximum of 14 days.
The installation steps are also described in the “Review the enrollment steps” section.
I used this new feature to integrate Azure AVD VMs created via pipeline into Citrix, which I had previously used through AVD. Now, I essentially have a VDI that I can broker and connect to traditionally via Microsoft, but also through Citrix. You may ask yourself why someone want to have the whole Citrix brokering stuff, but not using the Citrix provisioning method for Azure (MCS), this can have different reason, possibly because someone want to use an automated IaaS pipeline with bicep and have control over the provisioning / building of the infrastructure, or other obstacles to not using the Citrix techniques to build VMs. I can’t say more here, I just see a way to make things different and gain more control but still use the advantage of the Citrix techniques in brokering and the ICA protocol.
Since my machines are only in Azure AD, it is important that I configured the delivery group to set the LogonType to AzureAD. I accomplished this with the command:
Set-BrokerDesktopGroup <DeliveryGroupName> -MachineLogonType AzureAD
Additionally, if I still want to access the machine without Citrix, I need to add my user to the Direct Connection Access group. Otherwise, when connecting without Citrix, I will receive the following error:
These are my first experiences with the new token-based VDA rollout. Naturally, these steps must be automated for a business environment when using the token, whereas in my hands-on experiment, everything was done manually through the graphical interface. If you are experimenting with this, please keep in mind that’s a TechPreview and not yet GA.
Why I love my Meta Rayban
I was at an IT conference in Barcelona last week. Not only did I learn a lot, reconnect with old friends, and meet new people, but I also brought back inspiration and good memories. Additionally, I had the chance to test the Meta Ray-Ban, which is not yet available in Switzerland, thanks to my Danish friend Thomas Poppelgaard. At the airport Ray-Ban store, I got myself a pair of Ray-Ban Meta glasses, and I must say, I am fascinated. Moreover, I made my first extended vlog, which is available in “Swiss English” and Bernese German:
And Swiss German:
Citrix Workspace App 2307 and FIDO2 Keys
I was delighted when I started testing the new Citrix Workspace App 2307 (still in beta phase) and noticed that Citrix had improved the behavior of the FIDO2 key in the Workspace App for Mac. Previously, handling FIDO keys on macOS was limited, while it was better implemented on Windows. The release notes of the new Workspace App indeed indicated that work had been done on FIDO implementations in this release:
Source: https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/ear.html (21.7.23)
Previously, under Mac, I simply mapped my USB YubiKey into the session and used it that way. However, this is no longer necessary. The function is now queried and passed through on the Mac. When a FIDO key is requested, I see the Mac prompt to enter the password.
I own several YubiKeys, each with multiple passkey identities — one for private use and one for business. However, I’ve noticed that the new feature with one of my keys is causing issues. The problem is that it doesn’t prompt me to choose which identity I want to use within the Citrix session. One key always picks the “correct” business identity, but with the other YubiKey, the system attempts to log me into corporate resources using my Gmail address.
Apparently, the development here is not yet 100% correct and complete. Therefore, after a conversation with Citrix, I learned the command to deactivate this new feature. Until I can use the passkey identity—given that I have multiple identities on the key—I’ll have to wait and loop my USB YubiKey back into the Citrix session through USB passthrough.
If you encounter the same problem, you can deactivate the FIDO feature with this command in the Mac Terminal:
defaults write com.citrix.receiver.nomas Fido2Enabled -bool NO
Update 28.8.23 Citrix reacted fast!
From Citrix Workspace App Version 2308 it’s possible to use multiple Idendities on one FIDO2 Key and choose in the OS inside the VDA Maschine which one should be used.
Another step towards virtual reality in daily work Quest Pro – 1: Hands On with Immersed
This post is the first in a series of articles I’m doing on my current experiments with my new Meta Quest Pro. I’ve been excited about virtual reality for a few years now, and I’m always looking for ways to use it in everyday work, especially with a focus on end user computing so that any normal office worker can use it. So my idea to replace real screens with virtual ones and make any place in the world an office, no matter how little space you have. My first post on this blog was 4 years ago, where I tried to work on a remote desktop with my first 3DoF VR glasses, the Oculus Go, using the Citrix Workspace app. After that, I also explored the virtual worlds with the successor models Quest 1 and Quest 2. In the meantime, a lot has happened and I have been in possession of a Quest Pro for a few days now. This VR headset is now the headset for professional use according to Meta, the parent company of Facebook which acquired Oculus back in 2014.
Not everyone has access to a virtual desktop environment, be it VDIs or DaaS, whether Microsoft with Windows 365 or AVD or Citrix with their solutions, which I encounter in my daily work. Actually, it is a bit too crass to work on a virtual desktop in a virtual world, a bit too much “inception” – that’s why we start here with the possibility to simply use the VR headset as a virtual screen. There are already various solutions for this, Meta itself pushes their Horizon Workrooms, in the following video I tested an alternative solution with the free app “Immersed”. See for yourself, a video says more than words and pictures:
In this scenario I have a normal work day, as I’m always multitasking I’m working on my connected company virtual desktop and I’m also learning new things about Citrix in a Youtube HowTo video. I need a coffee and I can go in my kitchen and brew one without stopping watching the how to video.
Yes, this video shows some personal details about my flat and living situation … some chaos on my dining table and an open bathroom … sorry about that … but that how real live is …
Links and explanations:
3DoF: This term means three dimensions of freedom, with this kind of VR headset you can look around, you have a virtual work around you but you can’t move in it. More about difference between 3DoF and 6DoF you will easily find when you use Google.
MetaQuest Pro: https://www.meta.com/ch/en/quest/quest-pro/
Immersed: https://immersed.com/ works also on other Platforms than Meta Quest!
Immersed Meta Quest Link: https://www.oculus.com/experiences/app/2849273531812512
YouTube Video which I’m watching in this Demo: Tech Insight – Citrix Virtual Apps and Desktops Service
If you’re thinking about getting a Quest yourself, use my referral link to get a $30 software voucher: https://www.oculus.com/referrals/link/sachat1981 By the way, the Quest 2 costs a third of the Pro and you can use Immersed with it too.
Long-term experience
Prologue
Today, everyone is crying out for long-term studies, which is more of a challenge in these short-lived times. In the age of agile development of many products, no one really knows how what we buy today can be used in the mid-term future.
In this somewhat different article on my blog, I am now trying to write a “rudimentary long-term” report. This blog post is not about virtualized applications, Smart-Home, or virtual reality. No, in this blog post I will dedicate myself to another topic that I have been dealing with for a little more than 6 years. It’s about the topic of electric mobility. More precisely, my personal experiences after 5,5 years and 150’000 kilometers (93750 miles) with a pure electric car. I think this is my first post that addresses a somewhat broader audience than my previous articles, which were more interesting for IT experts, “nerds” and smart home hobbyists.
Currently, this topic seems to be very well received and the media is full of lurid headlines about Tesla and other battery electric vehicles. There are already many “EV sympathizers” and just as many electric car haters. There are a lot of false statements circulating and a lot of people parroting.
In this article, I will not cover all these so lurid topics. I will not write about topics like ecology or sustainability of electric cars. I do have an opinion, but I could only cite countless existing studies which are credible to me. Furthermore, I have not done any practical research in this area myself. I’ve wasted too much time discussing these issues over the last 6 years, and I’m frankly tired of it. But here I like to refer to the “Mythbuster Elektromobilität” (in German) by Martin Rotta: http://www.mythbuster.ch. If someone wants to discuss these very controversial topics with me, let’s do it face to face and with facts as well as the necessary respect. I will ignore comments under this article on these topics.
How did it come about that I ordered an electric car?
I had the idea in mid-June 2015 that I would like to test drive a Tesla. At that time I had a Škoda Octavia station wagon with which I was quite happy. A car had to be suitable for everyday use and a bit sporty for me. Further, I had the need to be able to drive with the car also into the vacation. Also I had the need for my hobby, the Scuba diving in Swiss lakes, to transport 2-3 scuba gear. On June 30th I made my first test drive with a Tesla Model S P85. This experience was quite impactful, it was an iPad on wheels with incredible driving fun. An electric car converts the instructions with the pedal without any delay. Since my Škoda was dying, I had too many repairs, then I did a second test drive with a Tesla S85D on July 21, and then finally I ordered a Tesla Model S 70D.
There was only the Model S to order from Tesla and the smallest battery with 70 kWh has blown my budget least high. The D stands for Dual, i.e. 4-wheel drive, this was mandatory in my opinion because my commute led over the Frienisberg which was not really cleared in winter from time to time.
As options, I ordered the air suspension and the rear-facing child seats. On P for performance, a larger battery and the premium package with electric tailgate, front fog lights, ambient lighting, etc. I have waived.
Then the time had come, I became a Tesla driver
On December 30, 2015, I was allowed to pick up my Model S in Möhlin. Although the Tesla Service Center in Bern opened in January 2016, I didn’t want to wait any longer.
This is customer service
However, I came into contact with the Tesla service center in Bern in January 2016. The charging port, equivalent to a gas cap on a car with a combustion engine, did not close properly. It gave an error message on the onboard computer, although it was closed. After I asked in the “Tesla Fahrer und Freunde Forum” for a tip to solve this problem (https://tff-forum.de/t/fehlermeldung-chargeport-offen/9268), a friendly lady from Tesla Bern called me. She told me in her role as a service advisor, if I had time to drink a coffee in the lounge, that they would fix the problem within 15 minutes. So it was then also.
Tesla in everyday life
The first few months with my Tesla were rather unspectacular, though I’ve never enjoyed a car so much. I’m really not a car nut, but I was happy about my commute every morning. Vacation trips were a highlight, every charging station I had to photograph and post on social media 🙈 . When I went to Krk, Croatia for vacation in the summer of 2016, I thought I needed to do some planning. Which Supercharger will I use, can I charge in the destination, etc.? During the trip, I realized that I worried too much, with a Tesla it just works thanks to the Supercharger network. Even more so today than 5 years ago. Today I use it for planning long-distance driving (>600Km) https://abetterrouteplanner.com but only because of the trip optimization and not because it would not work otherwise.
Service
I bought a maintenance service subscription for 1850 CHF for the first 4 maintenance service appointments, up to 80,000 km, which I would no longer do today. Every 20,000 km, a regular maintenance Service is not necessary for an electric car and not mandatory for Tesla to maintain the manufacturer’s warranty. Mostly the car was just checked, the batteries in the key fob (CR2032) were changed and the windshield wiper blades were replaced. Currently, Tesla recommends changing the cabin filter every 3 years, checking the brake fluid every 2 years, and replacing it if necessary. Be aware, my information that a service every 20’000 is not necessary is my personal opinion. I recommend that you make up your own mind and include the manufacturer’s recommendation in forming your opinion. Tesla has more information on service at https://www.tesla.com/support/car-maintenance.
In Switzerland, a good and recommendable alternative to the maintenance service at Tesla, especially after the warranty period by Tesla is, in my opinion, Remo Iseli, former working for Tesla, later Reego Basel und now in Seon with Teslabor (https://teslabor.ch). Remo does excellent, customer-oriented work.
Very shortly before the warranty period was over the 12V battery, which supplies the onboard entertainment system and the conventional onboard electronics, has told me with a message on the onboard computer that it no longer wants to work and must be replaced.
I also found out at the 80’000 maintenance service (50’000 miles) that one of the brakes is no longer ok. The brake was “rotten” due to moisture and too little use, so a brake pad had to be replaced. Since then, I always take care to break properly after driving in wet weather and after washing the car, instead of recuperating so that they dry a bit due to the frictional heat. The 12v battery was replaced under warranty. Brake service and replacement of the one brake pad I had to take over 580.- CHF myself.
In December 2018, I rudely “kissed” a curb on a slippery road. Since the Model S is really heavy, and I was driving somewhat briskly and the impact thus occurred at about 35 km/h (22 mph), the extent of the damage was severe. Some parts in the front area had to be replaced. This was extremely annoying since it was already the second comprehensive damage in which I had to participate in a deductible of 1000.-. But the worst thing here was my customer experience. The repair took only 3-4 days, but the wait time for the parts was very long. I was without a car for a total of 9 weeks. Tesla did not inform me about the whole time how to proceed. There was no replacement car.
So if I had to chart my Tesla experience now on Gartner’s hype cycle, here we are now at the bottom here in the Valley of Disappointments.
Warranty extension
With the above-mentioned damages, I also first became aware that Tesla in Switzerland charges an hourly rate of 210.- CHF for work, which is rather high for an auto repair shop. Reego is here with 160.- CHF (as of July 2021) far below.
To cushion further nasty surprises and their financial impact, I have in July 2019 a 2-year warranty extension for 3200.- CHF concluded with Car Garantie via Garage Gubler.
In 2019, I upgraded the car to be compatible with the European standard for fast charging called “CCS”.
Another repair was due in the summer of 2020 because the eMMC chip went bye-bye. A Tesla children’s disease that affects, so to speak, all older cars from Tesla. More information about this here: https://insideevs.com/news/376037/tesla-mcu-emmc-memory-issue/
In 2021, I had still some minor repairs like a problem with the parking brake, the trunk lock, and the driver’s door handle.
Tesla makes minor repairs at one’s home or workplace with Ranger Service.
Furthermore, a major maintenance service at Reego revealed some minor damages, which also was repaired by Reego. There were 2 wishbones and problems with the steering geometry, also a childhood disease of the first 120,000 units of the Tesla Model S.
Battery (TLDR: no fear of degeneration)
To know how healthy the battery of my Model S is, Remo from reego Service read out the battery for me.
I now know that I still have a nominal capacity of 63.8 kWh.
Important! The battery of electric cars does not degrade linearly, most battery degeneration occurs in the first months of operation.
I can live with that just fine. I try to keep my Tesla always in the range between 20% and 80% when it is standing, which is supposed to be best for the lithium-ion cells according to different studies. If you don’t stick to this and often charge above 100% or drop deep below 15%, Tesla’s onboard computer will tell you to change your charging behavior.
The battery in my Tesla has an 8-year warranty with no mileage limit, and the same goes for the powertrain, i.e. the engine and transmission.
Software
For me, there are 2 reasons that still speak for Tesla being ahead. One is the charging network with the Supercharger for long distances, which I will discuss later. The other is the software. Similar to a smartphone, the software of a Tesla gets better and better after delivery. The updates of the onboard computer come over-the-air via Wifi or rarely over the mobile network on the car. Although my “old-timer hardware” no longer gets all the new features, improvements are constantly coming free of charge.
You can see the latest improvements and history through 2019 here:
https://www.notateslaapp.com/software-updates/history/
Charging network (TLDR: Range anxiety is a foreign word for Tesla drivers).
Tesla has faced the chicken-and-egg problem in electric mobility from the very beginning, dedicated itself to building a fast-charging network in addition to building its cars. This is known as the Supercharger network. This fast charger network is intended for long-distance travel and, as of today, charges at up to 250 KW are possible as long the car can take this power amount. The network of fast-charging stations, which are directly visible in the Tesla navigation system and are automatically integrated into the route planning, is growing exponentially. This is clearly visible at https://supercharge.info/charts.
So far, I have charged at almost 40 different Superchargers throughout Europe. In 5.5 years, I have never experienced a Supercharger being out of operation for technical reasons. So far, I have had to wait 2x because all the slots were occupied for about 500 charging processes.
Tesla’s “normal speed” charging stations, which can be found at hotels, amusement parks, campgrounds, restaurants, etc., and which Tesla calls “Destination Charger”, have been open to all car brands since the beginning. Here Tesla kept to the standard from the beginning. Every Tesla in Europe can also be charged at a normal Type2 charger.
The announcement by Elon Musk, the Tesla CEO, that other cars will soon be able to charge at the Tesla Supercharger is completely new. Since the launch of the Model 3 in Europe, the Superchargers have also been equipped with the CCS plug.
Cost overview (TLDR: tires are the most expensive)
I have written down all the costs I had to spend for maintenance, repairs, consumables like tires and accessories in a spreadsheet. All figures are in Swiss francs (CHF).
Here are a few important additions:
- As a “Tesla Early Adopter” I received Lifetime Free Supercharging from Tesla, further you can still charge many places for free. Therefore, the figure for electricity purchase is very low at 1658.- CHF. The Tesla S 70D consumes about 20 kWh per 100 km and 1 kWh costs about 0.23 swiss francs here. So if I had paid each kWh itself, we would talk about electricity costs over 150,000 Km of 6,900 CHF.
Fun fact: If you have a look at battery report above, you can see that I charged 20’578 kWh DC and 14’591 AC. No, I’m not nicely calculating this numbers, but every time you drive down a hill the car regenerate energy which goes into the DC charging counts.
- Cost savings on road taxes I have not included, these are different from canton to canton. In Bern, I had the first 2 years 50% discount.
- As unforeseen are the 2x deductible of the hull damage listed. These would not be mandatory 🙂
- The warranty extension was not worth it, too little was broken on the car during the warranty time. Nevertheless, it let me sleep more peacefully.
- The maintenance service subscription over 1850.- I would not buy today, but pay for the maintenance services themselves as needed.
- With the tires, I could make 2x a bargain and buy almost new 19″ summer tires from someone.
What next?
Now it was announced that from September the Model Y (Made in China) can be delivered to Switzerland. This is actually the car I would like to have as the successor to my Model S. However, from an economic point of view, it makes more sense to drive my Model S for a while longer, which is what I have in mind now. With the old nose cone (pre-facelift) I almost feel like a Tesla veteran 🙂 I may upgrade the onboard computer to also enjoy some of the new features that are delivered via software updates. At the moment I have a real range of 342 km in summer, which is enough for 95% of my trips. In addition, I have with this car lifelong free fast charging at the Supercharger. Back to the Gartner Hype Cycle, I see myself now on the plateau of productivity.
Would I buy a Tesla again and why?
In my eyes, Tesla is still a nose ahead, although I also quite like vehicles like the Škoda Eniaq, the VW ID4, or the Mustang Mach-E and would possibly risk a test drive. In terms of software updates, however, I still see Tesla way ahead. Also, the Tesla Supercharger charging network speaks for Tesla, here is exciting what happens now when Tesla opens the Supercharger network for all-electric cars. Above all, I’m wondering about the pricing policy here. Some fast-charging networks charge exorbitant prices for charging.
I hope you enjoyed my article about electric cars and Tesla. If you have a specific question, do not be hesitated to write me a comment below. Take care, a test drive of an electric car could be dangerous because you might want to change your car afterward. But if you really want to know if an electric car is something for you, I recommend not only a normal test drive, I recommend renting an electric car for a few days. If you live in Switzerland, I can recommend the company Tesla4All or EV4All.
Referral Links
Of course, I have various referral links where you can benefit when you buy a Tesla or Online services for any EV:
Use my referral link to buy a Tesla product and get discounts and other exclusive benefits: https://www.tesla.com/referral/sacha3162
For the logging service TeslaFi: You can test TeslaFi 1 month for free with this link:https://www.teslafi.com/signup.php?referred=1monthfreefromsacha
If you want to test AbetterRoutePlanner, it’s free, if you want to use Premium, this link will give you 30 days for free: https://abetterrouteplanner.com/premium/?referral=OHZNSWLI
I have not received any incentive benefits or monetary compensation from Tesla, Reego Services, or Tesla4All / EV4All for my text. My recommendations are based on my honest and my own experiences.
Citrix CVAD and MTU Discovery
Update November 2022:
Martin Latteier wrote me that Citrix introduces a new feature which addresses the issue. Fact is, on certain cable connections with DS-Lite (IPv6 only) the MTU discovery with EDT did not work properly, because the cable modem did not process the “DF flag”, which caused the MTU discovery to detect a too high MTU, the datagrams had to be fragmented and the performance was bad. The solution was to switch off EDT on the client side or to change the MTU discovery to a static MTU (edtMSS=13xx).
If you set this flag the issue should be solved:
Update January 2022:
Only update the default.ica how it’s described below, referencing to https://support.citrix.com/article/CTX231821 if you also are using Citrix Workspace App for Mac in Version 2201 or later!
Recently I saw an increased number of issues by connecting to Citrix virtual desktops and apps. Desktops were connected from private devices over a Citrix ADC (aka Netscaler) but virtual apps were connected from our internal network from different branch offices.
I wrote a blog article some weeks ago: Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT
Our first workaround for this issue was to disable the UDP based EDT protocol which is now the default for Citrix Virtual Apps and Desktops. But this is not really our intended solution because all the benefits of EDT get lost, so we just did it on client-side with a reg hack, but so we have to identify all the clients with issues. (see the recent blog article)
Further analysis of this issue showed that the root cause of this issue is on the MTU, which means the Maximum Transmission Unit or simplified said Package size.
I found out that our branch offices has a smaller MTU than 1500 what is the default, the reason is a crypto-tunnel which is configured to all our branches. So there will be a fragmentation of the packages, in some cases the fragmentation causes problems because the payload is no more enough that a session launch will work. It looks like EDT is much more sensible on that than the classic ICA protocol on TCP.
Solution 1: How to configure MSS when using EDT on networks with non-standard MTU
In the recent blog article, I called Citrix “please fix that” but they already started on this at this point. In this article, you can see how to configure EDT for non-standard MTUs https://support.citrix.com/article/CTX231821 e.g. put the MTU to 1480 with the default.ica
The disadvantage of this solution is that the MTU is lowered for all connections, also it’s needed to figure out which MTU fits best. The benefit of this solution that it works on every platform with the exception of Android.
Solution 2: enable MTU Discovery
An even smarter option Citrix introduces on the background with CVAD 19.12, this is MTU Discovery for EDT. This feature gives the possibility to have the best MTU for each session. MTU discovery is not a invention by Citrix, just new on EDT. You can read more about MTU discovery here:
https://en.wikipedia.org/wiki/Path_MTU_Discovery
I tried to visualize these 3 scenarios:
standard, MTU set to 1500
The default is that MTU of 1500 bytes are sent, if the MTU on the path is somewhere smaller the package gets fragmented, what is not a big issue but in real life we see that it can be a problem.
MTU reduced to 1380 bytes according to the mentioned Citrix article
(Change in default.ica on StoreFront)
Now packaged of 1380 bytes are transmitted.
– Is the possible MTU somewhere on the path smaller than 1380, the packages are still fragmented. Example on this picture, the BYOD client from the Internet.
– Also, the MTU is lowered when not needed, in this example the Client in the HQ
+ This solution works on all platforms except Android.
MTU with MTU Discovery (Registry Setting on VDA)
+ The MTU is figured out optimal and individually for every session. First, the Session will start with 1024 bytes and the MTU will be increased during the Session.
– Needs Citrix Workspace App for Windows 19.11 or newer.
– If the connection goes over an ADC its a minimum required version 13.0.52.24 or 12.1.56.22. If you are on a lower version the MTU perhaps remains on 1024 bytes!
You can check your EDT MTU with this command:
ctxsession -v
MTU Discovery is today not active as a default, you need to activate it on the VDA with a Registry Key, the VDA must be at minimum 19.12, details here: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/adaptive-transport.html#edt-mtu-discovery
Update 5.6.2020 – Combine solutions 1 and 2 and have the best config!
For our case, we have separated Storefront Servers for access via ADC, so I decided to implement a solution with the best of both worlds… I set the MTU in the default.ica to 1300 and I enable MTU Discovery – so Apple macOS can use the setting from the default.ica and Windows computers have the optimal value with MTU discovery
Technical:
on VDA, add this DWORD: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\icawd
Name: MtuDiscovery
Type: DWORD
Data: 00000001
default.ica, add this lines:
OutBufLength=1300
udtMSS=1300
edtMSS=1300
If MTU Discovery is active, means enabled and accessed from a Citrix Workplace App the MTU Discovery override the value set in the default.ica, what is very helpful!
How do you configure MTU on your Citrix with EDT environment? Leave a comment!
Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT
Some weeks ago first Incidents reached my team with the problem description that Users having a problem accessing their pooled Windows 10 desktops trough Citrix ADC (aka Netscaler).
I noticed that all affected users have one thing in common, they all have UPC Cablecom as an Internet Provider. As soon they connect their device to another internet connection, for instance to the Wifi hotspot created with their mobile phone all works fine.
Further troubleshooting steps showed that if I publish a dedicated VDI with disabled EDT also all works fine. If you don’t know what EDT is, Google EDT and Citrix 🙂
Usually, EDT is enabled and uses UDP for communication if the port is open and it’s possible. Otherwise, it should fall back to TCP. It seems to fall back just works if the ports are closed.
Now my problem is, I can’t disable EDT for all pooled VDI as we have some users who really need it. I also won’t give all the users dedicated desktops.
Luckily Julian Jakob gave me the hint to disable EDT on client-side. This is the best workaround.
Guidance for the User
(Because of BYOD the user needs to do that … )
On Windows it’s just a Registry key which the users have to create:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\UDT]
"HDXoverUDP"="Off"
On a Mac this command should be typed in the terminal:
defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO
On iOS devices you can disable EDT in the Workpace App:
Settings => Advanced => Adaptive Transport Settings => EDT (set on inactive)
Please Citrix fix that! All that I want is a fall back to TCP if UDP is not working, I don’t care if the port is closed or if it’s another issue. If EDT doesn’t work don’t use it. For users, this manual config on the client-side is not just annoying, some are not able to do it.
Update 26.5.2020
- If you have a non-standard MTU, see this article: https://support.citrix.com/article/CTX231821
- Background why this is happening, it seems UPC uses CarrierGradeNAT * and its a problem with IPv4/IPv6 Encapsulation, at the end there is too little payload available (MTU issue). Kudos to Markus Löffler for this hint and the link.
- Citrix has introduced in the background a feature called MTU Discovery. It’s not yet officially announced but it’s in the documentation since 1912: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/adaptive-transport.html#edt-mtu-discovery maybe this also can help solving this issue. I was not yet able to test.
* Explanation in German: https://www.elektronik-kompendium.de/sites/net/2010221.htm
Update 4.6.2020
I’ve enabled MTUDiscovery and it really looks promising, please be aware that MTU Discovery currently is just for the WorkspaceApp for Windows available. (CWA 19.12 an newer)
No Computer, no wires – a very short Oculus Quest Review
This blog article is slightly different from all others. As you can imagine tech is for me always fun, even when it’s from my professional life as a System engineer for virtualization. But this article is only about fun, with no professional aspects … today …
More than a year ago, I posted the article about using the Oculus Go VR headset to access Citrix virtual Desktop session: http://blog.sachathomet.ch/2018/11/25/virtual-virtual-workplace-or-my-first-vr-experience-with-citrix-and-oculus-go/
Yesterday I created a short video for my friends to let dem understand what I mean when I tell them that I gambled in VR instead of a morning workout 🙂
Here you can see what a VR Player sees and how awkward this looks from outside:
The reason why Oculus Quest is the breakthrough for VR?
Price and easy as pie technology:
The Oculus Quest gives you access to the world of virtual reality for less than 500.- Swiss francs (about 500.- US $), and you don’t need a high-performance gaming Computer. In contrary to the predecessor Oculus Go the Quest is not limited to one point in the room where you stand or sit, you have real 6DoF. 6DoF means you can move across a room, you have Six Dimensions of Freedom. Other existing VR Headsets need for that a permanent Setup in the room with “Lighthouses” that the Headset knows where you are. The Quest has only 4 integrated cameras and will build the virtual Guardian with those. Before you start to play you define your field when you are running to the edge of the field during the game you can see that as a grid.
More recordings here on YouTube Playlist: https://www.youtube.com/playlist?list=PLDX-0d_gd9OdXmL24Aj-c2ZtA0plOqzXG
Virtual bank accounts – FinTech compairson
Some weeks ago, I created my first FinTech blog post about using ApplePay without an expensive Credit card instead of using a Revolut card.
Now I try to share a bit more my experiences with different virtual bank accounts I’ve tested. If you have read the other blog post you have maybe seen in the comments that I was asked about Boon. I’ve used Boon already some years ago and I also had the chance to test TransferWise more than a year ago. Last days I gave the Neon-free and ZAK a chance, this was the first two Swiss virtual bank account I’ve found.
I’m not working for a bank and so I can give now with my current standpoint my view and insights as a normal customer.
First I have not focused about fees, more about functionality and created the following table:
Boon | Revolut | Transfer Wise |
Neon (Hypothekarbank Lenzburg) |
ZAK (Bank Cler) |
|
---|---|---|---|---|---|
physical Card | No | Yes | Yes | Yes | Yes |
virtual Card | Yes | Yes | No | No | No |
Disposal Card | No | Yes, only Premium |
No | No | No |
ApplePay | Yes | Yes | Yes | Yes | Yes |
Instant Card Freeze in App |
N/A | Yes | Yes | No | No |
Instant Info by Transaction | Yes | Yes | Yes | Only SMS | No |
Advanced Payment Security |
N/A | Yes, Location Based, ATM, Contactless, Magnetic stripe (Swipe), Online Transactions |
Yes, ATM, Chip&Pin, Contactless, Magnetic stripe (Swipe), Online Transactions |
No | No |
Payer authentication (e.g. 3D Secure) |
N/A | Yes | ? | ? | ? |
Location of the Company | UK | UK | UK | CH | CH |
There are also other virtual banks like e.g. N26, but honestly I had not the time to test all what is currently existing. Also my insights are a snapshot in time snapshot in time from now July 2019. New features are coming fast and things are gonna changing every week.
Now I can say Revolut has the most comprehensive offer! But I have some friends here in Switzerland which don’t trust to a foreign bank and they are sceptical about the worker conditions in this company.
Everyone needs to do his own choice, the world is changing and the disruption of the classic banks has started. I’m sure that this is not only good for the Country I’m living in, but I really hope that it has it’s good sides for the consumer of banking services.
If you have any questions to the virtual bank account’s I’ve tested feel free to add a comment to this blog post. If you have your own experience and want to share, a comment is also appreciated!
If you want to sign-up for Revolut, ZAK or Neon, feel free to use my invitation Link and get some perks.
Revolut: Sign-up with my link and get a physical card for free as soon you topped up 10.- and used your card.
ZAK: Ask me for an invitation and get 50.- CHF
Neon: Use my invite code BTNN4F and get 10.- CHF
updated 2.2.21
Machine Catalog with overflow
The idea for the concept behind this blog post was born during a lunch break in summer 2018 when in Switzerland the temperature was pretty high and my colleague Stefan Moser and I had the idea to go swimming in the Aare river instead have a proper lunch. This is a good example of how leaving the Office can facilitate creativity! During our walk upstream, Stefan explained to me that he thinks we need to give vGPU also to normal Office Worker users as long we have enough capacity.
Beginning of 2018 we equipped our virtual desktop infrastructure with Nvidia Tesla M10 GPUs after we’ve done some tests and figured out that only in this way we can get the same high user experience like with a powerful physical laptop computer. We purchased 4 new VMware Hosts with each 2 Tesla M10 GPUs, this is good enough to equip 256 VDIs with an M10-B Profile, which is recommended with Windows 10 and 2 screens.
This means our challenge was having 250 pooled non-persistent VDIs with only 100 vGPUs, that’s the amount of vGPUs we don’t need for the dedicated VDIs with special GPU needs. The idea was also to use vGPU-VDIs as long we have and then switch to the cheap GPU-less desktop.
The implementation of this solution is pretty simple if you know the Power of Tags in a Citrix Virtual Desktop environment.
Recipe:
The script is running as a scheduled Task e.g. every 5 minutes and opens and close the overflow pool.
Of course, depending on the Logon storm you need to consider how often the script is running and how many spare desktops you keep before you close the pool (VDI Offset, $FreeMachineThreshold in the Script).
Other use cases:
This script is not only useable to overflow a GPU/Non-GPU workload, but it can also be used in the various scenarios.
Just some examples:
– different hardware types, first the new cool servers than the old hardware.
– existing On-Prem resources before pay-per-use cloud resources
– Catalog in the same location before in a remote location (without any Citrix zones)
The script is available on GitHub:
https://github.com/sacha81/MachineCatalogOverflow
FAQ:
Q: Are Tags also working when you are using Citrix Cloud?
A: Yes They are. (Thanks @bjoernmue for this info)