Recently, Citrix published the first ever official reference architecture guide for Citrix RemotePC an often overlooked and under-utilized feature in the Virtual Apps and Desktop product stack.
What is it?
Basically, you install a Workstation version of the Citrix VDA on your physical PC and can then access it remotely through Storefront or Workspace. You reap the benefits of remoting into your physical PC through an encrypted HDX session with all of the benefits the protocol has to offer. When there is a network issue, your desktop should stay up with the Citrix reconnection dialog. If there’s a momentary blip, you may not even notice due to the way HDX handles such events. It supports multiple monitors and in my opinion, it’s awesome!
How to get Started
Getting started is pretty easy. You’ll want to download the VDA Workstation Core Setup from the Citrix downloads page.
Installing the VDA on a physical workstation can vary depending on the hardware you are using and what you run on the machines, for example, there can be driver conflicts, the install can trigger Bitlocker, so you may want to pause Bitlocker during the install too and ensure you test the VDA across any and all laptop and desktop models your users currently use.
The install will require you to provide a list of Delivery Controllers. The VDA does require a reboot, so you may suppress and allow that to happen manually or force the reboot. E.g.
<VDAWorkstationCoreSetup.exe> /quiet /controllers “DeliveryController01.rorymon.com DeliveryController02.rorymon.com DeliveryController03.rorymon.com“ /enable_hdx_ports /noreboot
In fact, in some cases, I have noticed certain workstations required a second reboot before successfully accepting a session.
In Citrix Studio, you’ll want to create a Machine Catalog for RemotePC.
When doing so, you’ll obviously want to select Remote PC Access option in the setup dialog.
You should add the OUs that your RemotePC user’s machines will be in. These will likely be your regular Computers OUs whatever those may be or if you decide to create a new OU for RemotePC (not likely) you can add that OU and just ensure your machines with the VDA installed are in the correct OU as part of your deployment.
Once you’ve got your RemotePC Machine Catalog, you can add computers manually and assign them to users OR the machines will get added automatically and assigned automatically once a user logs in directly at the physical PC.
Note: If a user gets the VDA installed but doesn’t login and then goes home expecting to be able to access the desktop, they won’t be able to as the PC hasn’t been associated\assigned to them yet. Your Help Desk would have to assign the PC to them and possibly restart the PC before they can access it.
Overall, the setup is easy!
When comparing with a straight up RDP session to a desktop or possibly a VMware Horizon Direct Access session, I feel like the user experience is richer with Citrix RemotePC. The desktop session scales very well and the resolution auto adjusts pretty quickly as you adjust the size of the desktop.
As a rough example and it’s hard to tell since it’s relatively seamless but here I have my RemotePC session across 3 monitors running off my Macbook Pro. (I have been using Citrix XenDesktop Virtual Desktops, Horizon Virtual Desktops and my RemotePC on dual monitors and sometimes on a single wide curved monitor which has been interesting. I may blog a comparison soon.)
You can see the black menu with the white down arrow in the top left monitor.
This drop down is a quick way to get into your connected devices, preferences, disconnect your session and send a Ctrl-Alt-Del.
RemotePC is so Damn Useful
The obvious use case for RemotePC is to simply provide remote access for users to get to their physical PC in the office when working remote. Alternatively, you could give them a virtual desktop with Citrix XenDesktop or VMware Horizon or whatever solution you use or you could publish a Shared Desktop running on a Server OS on-premises or Windows 10 running in Azure BUT those do not suit every use case or every budget.
For example, in some organizations that have a VDI. They end up spinning up desktop pools for developers and power users that require more memory than the typical task worker needs, as well as possibly more CPU and sometimes they may even require GPU. Specs you likely won’t provide to everyone. Depending on the scale required for these power users it may not make financial sense or even administrative sense to have a pool with beefy desktops that are silo’d from the others. RemotePC is a great option!
You could just provide access to their existing beefy desktops remotely. A quick win.
In some cases, organizations publish RDP icons through XenApp or Horizon Apps to provide access to jump VMs or to purpose built desktops. For example, in the medical field some departments run specialized software on a few desktops that a designated for on-call Doctors who may need to access them late at night to analyze readings when called upon. They may use RDP but why would you publish RDP and pay for RDS CALs just to get to a desktop? You can just use RemotePC!
If you don’t have virtual desktops at all today and don’t have the budget or desire to deploy them but have some users who need access to their physical desktops. RemotePC fit that need too and if your users work well already on their desktops when in the office and they like them, they will love RemotePC.
Sure, maybe they work off a laptop and use VPN but personally, I think VPN sucks and should be used sparingly. Even with popular AlwaysOn VPNs managing those devices when remote often can be challenging, policies may not apply correctly, login scripts may fail and VPN is not very secure, particularly if the organization provides VPN access on personal devices.
From a security perspective, HDX is a relatively secure protocol. Also, by design, only the authenticated user in Workspace or Storefront can log into the RemotePC. You can use some Citrix Policies to help manage it and as a Citrix customer, if you are entitled to Citrix Workspace Environment Management, you can deploy that to your physical workstations being used for RemotePC to really make it shine and secure.
If you are considering checking out RemotePC. You should check out the brand new RemotePC reference architecture document.
UPDATE: A common challenge with RemotePC is that some users accidentally shutdown their machines and then call the help desk because they can’t access it anymore. You can solve that easily if you have WakeOnLAN enabled on your desktops, in fact if you also have ControlUp you can use WakeOnLAN with a simple right click action BUT many organizations do not allow WakeOnLAN for security reasons. Another solution is using the great WOLMesh tool created by the awesome Andrew Morgan. This does not use the WOL broadcast, it uses a REST API.
If you find yourself needing to deploy the VDA in a hurry and can’t rely on users to login to their desktops to auto-assign themselves their PC, there is a great Citrix script to bulk assign PCs to users by using a CSV file to import. Getting a PCs primary user is pretty simply by using data from SCCM or even MBAM.