With the release of Citrix XenDesktop 7, Citrix also released Citrix StoreFront 2.0. One of the biggest improvements is that StoreFront does not use a Microsoft SQL database anymore! This simplifies the installation because you no longer need to run the database setup scripts. Also the HTML5 HDX Receiver is now fully integrated into StoreFront and is no separate installation anymore.
This guide describes the step-step installation of Citrix StoreFront 2.0, how to configure the StoreFront server, including secure connection over HTTPS, IIS default site redirection, HTML5 HDX fallback receiver and Remote Access with NetScaler Access Gateway.
For the secure connection over HTTPS you need to install a server certificate (described in this guide), make sure you have Active Directory Certificate Servers with the Certification Authority and the Certification Authority Web Enrollment roles installed in your environment. Also make sure the root CA is installed on every client and StoreFront server.
Installing Citrix StoreFront 2.0
Start the setup, select I accept the terms of this license agreement and click Next
The administration console will now start automatically. To enable a secure connection over HTTPS, it is important to first install the server certificate before configuring StoreFront.
Installing a Server Certificate
When using more than one StoreFront servers in your environment, make sure you have a DNS Host (A) record created pointing to the StoreFront load balancer address. It’s important to use that name for the server certificate.
Open the Internet Information Services (IIS) Manager and open Server Certificates
On the right side of the window click Create Certificate Request
Fill in the requested information. By Common name fill in the StoreFront load balancer address, for this case I use “storefront.hobo.lan”.
Select Microsoft RSA SChannel Cryptographic Provider and a 2048 bit length.
Save the request to a text file and click Finish
Open Internet Explorer and browse to http://<your Certification Authority server/certsrv
Click on Request a certificate
Click on advanced certificate request
Click on Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
Open the saved request file, select all text and copy the text into the Save Request field. Select Web Server as Certificate Template and click Submit
Select Base 64 encoded and click Download certificate to download the certificate file.
Go back to the Internet Information Services (IIS) Manager and click Complete Certificate Request
Browse to the certification file, enter a Friendly name, and select Personal as certificate store. Click OK
On the left side of the window, select Default Web Site, on the right side, click Bindings
Select HTTPS as Type and select the StoreFront SSL certificate. Click OK
Configuring Citrix StoreFront 2.0
In the next part I will setup the Store and configure the basic settings including adding the NetScaler, edit the authentication methods, configuring trusted domains and manage password options.
Open the StoreFront management console and click on Create a new deployment
The Base URL is filled in automatically, click Next
Enter a Store name (anything you like) and click Next
Fill in the requested information about the Delivery Controller you want to add and click OK
If you want to add more Delivery Controllers click Add again, otherwise click Next
Now you can add the NetScaler Gateway. This step is optional, if you do not have a NetScaler configured in your environment you can select None. For this blog I will add my NetScaler, so I select Full VPN tunnel and click on Add
Fill in the requested information for the NetScaler. The NetScaler Gateway URL is “HTTPS://<domainname>/Citrx/<storename>Web”. The Subnet IP address is optional and can be left blank. Click Next
Enter the STA of you Delivery controller and click OK
On the left side click Authentication, on the right side click Add/Remove Methods
Select what is applicable and click OK
Click on Configure Trusted Domains
When configuring a Trusted Domain, the user does not need to enter the domain name at logon. Configure what is applicable and click OK.
Click on Manage Password Options
Select what is applicable and click OK
IIS Default site redirection
In the Citrix StoreFront management console there is no option to set the StoreFront Receiver for Web URL to the server default website like the old Citrix Web Interface (WI). Without configuring Default site redirection, a user always needs to enter the full StoreFront Receiver for Web URL, including the “/Citrix/<storename>Web. A good way to configure this is within the Internet Information Services (IIS) Manager.
Open the Internet Information Services (IIS) Manager. On the left side browse to the Default Web Site. On the right side double click HTTP Redirect
Select Redirect requests to this destination and add your StoreFront Receiver for Web Site URL. Select Redirect all request to exact destination and Only redirect requests to content in this directory. Click Apply on the button in the top right corner.
Now when a user enters the default web site URL he will be redirected to the StoreFront Receiver for Web URL.
Enable the HTML5 HDX fallback receiver
This cool feature is now fully integrated within StoreFront 2.0, you only have to enable it within the StoreFront management console.
On the left side click on Receiver for Web, on the left side click on Deploy Citrix Receiver
Select Use Receiver for HTML5 if local install fails, this will first check if a local Receiver is available and if not, the webinterface will give the option to download and install it. If the installation fails or the users logs in without installing it, the webinterface falls back to the Receiver for HTML5.
Or, select Always use Receiver for HTML5, now the web interface will always use Receiver for HTML5, it will not check for a local installed version and it will not give the option to download it at logon.
If you connect to the StoreFront webinterface trough the NetScaler these steps are enough to let the HTML5 receiver work. But if you connect local to the StoreFront webinterface you have to apply the following Citrix Computer Policies to your XenApp and/or XenDesktop servers first;
WebSockets Connections – Allowed
WebSockets port number – 8008 (default)
WebSockets trusted origin server list – *
When using Mozilla Firefox users must set network.websocket.allowInsecureFromHTTPS to True in the about:config
You can now logon to the Citrix StoreFront webinterface and start your published applications and desktops.
If the HTML5 Receiver is configured well, a Windows 8 Published desktop will open in a new browser tab as shown in the picture above, how cool is that? 😉