In this blog post, I’m going to talk about a Citrix cloud feature you might have heard of, but not implemented. It’s called Direct workload connect:
In this post, I will review how to get it working, and most important of all , how to measure the impact of implementing the feature using numbers. I will use simple / free tools to show the impact: Citrix Connection Quality Indicator and a single PowerShell script from ControlUP contributor Guy Leech
The story. I had a client in March of 2022 who went ‘all-in’ with Citrix Cloud for their control/access layer. As part of the work, they had requested to review the best means to route traffic intelligently based on internal / external users using Citrix Cloud workspace/gateway. To be honest, I slept on both V1 / V2 of ‘Citrix Rendezvous‘, as well as ‘Citrix workload connect’ when they were respectively announced over the past few years. Rendezvous I thought had something to do with Apple ‘bonjour’, so, in my mind, I though it was related to optimizing audio/video steams that ride on HDX? Kind of correct! However, what if you want to reduce the time your internal users spend waiting on the below screen? Will rendezvous help reduce your normal Citrix Cloud session brokering of 5-13 seconds? After much testing and one slack post , I confirmed it will not:
While we work from home a lot more these days, many of us are back in the office, and want to full speed access to the virtual resources we were using from home
The steps to set up the ‘Citrix direct workload connection’ are easy enough. In fact, my man Eric Trond had an enthusiastic post from last year on the topic with a related script which I used for my first crack @ it. In the above post, he described a huge ICA RTT reduction following implementing it. Eric is in Brazil, his Cloud Instance was in the states. He was able to reduce his ICA RTT from 769 MS to 17 MS. MAN! That’s great. His results are provided by the free tool ‘Citrix Connection Quality Indicator’ should be on all your Citrix VDAs
To start, let’s capture some BEFORE examples, in this way, we can measure the before/after impact of enabling the direct workload connection feature.
We will do this in 3 steps:
1st: Follow this ControlUP article to set all the required GPO settings to enable audit logging so that you can run their powerful ‘analyze logon duration’ script. YES, there’s a lot of settings that you might not have set before, NO, don’t skip any of them
2nd: download the Control up analyze logon script to the VDA you’ll be using for testing, for me, i’m keeping this script in a local folder on any golden images I deploy. If you don’t want to do a PVS/MCS update just to have the script on the c:\ drive, you can just copy it over for the duration of your non-persistent session, you are using non-persistent machines for your clients, right? :p
3rd: install Citrix Connection quality indicator on your target VM, as above, you should have this in your golden image already, it’s free / very useful. If not, you can RDP to your target VM with an admin account and install it, you’d then need to configure the related GPO to enable it.
Once CQI is installed, copy over the related ADML / ADMX to your AD from here: C:\Program Files (x86)\Citrix\Connection Quality Indicator\Configuration
….to your PolicyDefinitionsFolder on your AD. Don’t have a central policy store? Create one via the following MS KB:
With the above 3 steps completed, logon to your VDA via Citrix cloud as you normally would. Open CQI to collect the ICA RTT, take a screenshot and save your desktop / Onenote / wiki / etc
I’ve gone though this exercise 3 times now, one on my lab, twice for clients, here’s one of the results BEFORE enabling the ‘Citrix direct workload connection’. It’s not terrible, but considering the connection is being made from a PC from within the same internal network where the datacenter VDAs reside, it’s not great
Next, you will want to capture additional metrics via the ControlUP analyze logon duration script you downloaded in step 2. Once logged on fully to your VDA session , open Powershell as admin, and CD to the directory where you downloaded the analyze_logonduration.ps1 script
Run the script against the session you logged on to VDA via ICA in the following format:
Record your results! Here, we have 14.9 seconds of brokering time, yikes, that’s almost enough time to call your significant other and tell them you’ll be late coming home, because your VDA logon was slow! 😂🤣
With your results saved (don’t forget!), you can follow the Citrix guide for the required steps to enable workspace direct connect on your Citrix Cloud instance
You will need to setup network locations for all the public IP (egress) points for your office(s), for the client I setup last week, there were just two, you could have lots. You’d only want to add the entries for locations where internal office workers are connecting to Citrix resources via Citrix cloud. Once the locations are set, it’s time to test!
For troubleshooting, it’s a good idea to Follow this KB from Citrix to enable workspace app ICA logging for the currently logged in user on the internal network PC you want to test on
With the above logging in place, let’s repeat your VDA logon tests
Logon to Citrix Cloud again, open the ICA logging file you set via the above Citrix KB for enabling workspace app ICA logging. Within the ICA log file, CTRL-F to ‘address=’, you should see the address appear as the name of the VM you’re connecting to. Here’s a snap of a working direct workload ICA connection:
If it’s NOT working, and you took the long route to your internal VDA via Citrix Cloud, you’ll see the familiar STA ticket reference in the ‘address’ field. This is a clear indication of 🐒🐵biznuzz. It happened to me when I was first testing this on my lab, I had set an incorrect public IP / subnet re-check your network location and re-test to resolve monkey business
Now, back to benchmarking. If it works, you should see MUCH less time on this screen
But what is ‘less’? it’s relative, let’s re-run our tests and capture some AFTER metrics
Start with CQI. Oooh boy, what do we have here? ICA RTT @ 2 MS / latency of 1 ms! We are off to a great start!
Next, time to fire up the ControlUP analyze logon duration script again!
What do we have here? From 14.9 seconds to 2.4 seconds from the time you clicked launch to actual session launch. An 83% reduction! SNAP. Pat your self on the back, you’ve made a measurable impact to your internal Citrix Cloud users
That’s more like it. You ever see the bills for the new hosting hardware that runs your VMs? I sometimes do, they aren’t cheap. Giving your internal Citrix Cloud users the fastest possible logon times will make it easier for mgmt to justify ‘going to the cloud’ when the annual renewal comes up
Thank you for reading and have a great day 😁