Gold Software Installer 2016 (Software Pack 2016)
Bok Mull
You can create gold images from Sophos protection software. This process is supported on Windows computers and servers, if you're using the thin installer and up-to-date versions of the core agents. You need the following versions:
When using virtual machines in a Virtual Desktop Infrastructure (VDI), you can create new virtual machines from a gold image. The gold image acts as a template for your virtual machines. You must ensure that each new virtual machine has a different identity from the device being used as the gold image.
You can create gold images from Endpoint Protection or Server Protection to create new virtual machines. Follow these instructions to install Endpoint Protection or Server Protection on a gold image so that every instance of a virtual machine that runs from that single gold image gets its own unique identity. We register these virtual machines as devices in Sophos Central Admin. You can then manage them in Sophos Central Admin.
You only need to run this command once to configure the software to treat this device as a gold image. If you have an existing gold image device that doesn't use this process, run this command on the device so that it starts using it.
SophosSetup.exe --goldimage --devicegroup=Virtual creates a gold image with all your licensed products installed. We add any devices cloned from it to a group called "Virtual" in Sophos Central Admin.
When you start a virtual machine, we use a change to the device name to determine whether you're starting a new clone. If a name change has occurred the existing Sophos configuration is cleaned, and we register a new device in Sophos Central Admin. We treat this clone as a unique device.
We wait two minutes, by default, after you start the gold image device before communication with Sophos Central happens. This avoids creating duplicate devices, if changing the identity of a new clone is taking longer than expected.
This process only works if all clones are created from the gold image, not from other clones. If any clones aren't created from the gold image, use the manual or scripted process for creating new clones. See Avoid duplicate identities when installing on a gold image.
The new Microsoft Teams 2.1 is now generally available for VDA. This Microsoft Teams version is compatible with Citrix Microsoft Teams Optimization using WebRTC (VDI 1.0). This requires a new registry configuration setting in the VDA to enable the new Microsoft Teams to access the Citrix virtual channel.To enable Microsoft Teams 2.1 optimization, configure the following registry key in the VDA:
Citrix delivers optimization for desktop-based Microsoft Teams using Citrix Virtual Apps and Desktops and Citrix Workspace app. By default, we bundle all the necessary components into the Citrix Workspace app and the Virtual Delivery Agent (VDA).
Our optimization for Microsoft Teams includes VDA-side HDX services and an API to interface with the Microsoft Teams hosted app to receive commands. These components open a control virtual channel (CTXMTOP) to the Citrix Workspace app-side media engine. The endpoint decodes and provides the multimedia locally, moving the Citrix Workspace app window back into the hosted Microsoft Teams app.
We recommend that you follow the Microsoft Teams machine-wide installation guidelines. Avoid using the .exe installer that installs Microsoft Teams in AppData. Instead, install in C:\Program Files (x86)\Microsoft\Teams by using the ALLUSER=1 flag from the command line.
This example also uses the ALLUSERS=1 parameter. When you set this parameter, the Microsoft Teams Machine-Wide Installer appears in Programs and Features in the Control Panel. Also, in Apps & features in Windows Settings for all users of the computer. All users can then uninstall Microsoft Teams if they have administrator credentials.
Suppose you have a Windows 10 dedicated persistent VDI environment. You want the Microsoft Teams application to auto-update and prefer Microsoft Teams to install per-user under Appdata/Local. In this case, use the .exe installer or the MSI without ALLUSER=1.
Citrix recommends installing the VDA before installing Microsoft Teams in the golden image. This installation order is needed for the ALLUSER=1 flag to take effect. If you installed Microsoft Teams in the virtual machine before installing the VDA, uninstall and reinstall Microsoft Teams.
When you roam from a local session to an HDX session and if Microsoft Teams is kept open and running on the background, you must exit and relaunch Microsoft Teams to optimize with HDX correctly.Conversely, if you use Microsoft Teams remotely via an optimized HDX session, disconnect the HDX session and reconnect to the same Windows session locally at the device. When working from the office, you must relaunch Microsoft Teams so it can correctly detect the Remote PC Access state (HDX or local). Because Microsoft Teams can only assess VDI mode at app launch time, and not while it is already running on the background. Without a restart, Microsoft Teams might fail to load features like pop-out Windows, Breakout Rooms, or meeting reactions.
If using Citrix App Layering to manage VDA and Microsoft Teams installations in different layers, you must create a registry key on Windows VDAs before installing Microsoft Teams with the ALLUSER=1 flag from the command line. For more information, see the Optimization for Microsoft Teams with Citrix App Layering section under Multimedia.
The best practice recommendations are based on the use-case scenarios.Using Microsoft Teams with a non-persistent setup requires a profile caching manager for efficient Microsoft Teams runtime data synchronization. With a profile caching manager, the appropriate user-specific information is cached during the user session. For example, the user-specific information includes user data, profile, and settings. Synchronize the data in these two folders:
Exclude the files and directories from the Microsoft Teams caching folder as described in the Microsoft documentation. This action helps you to reduce the user caching size to further optimize your non-persistent setup.
You can disable Microsoft Teams optimization by updating the value of the VDWEBRTC field to Off in the /opt/Citrix/ICAClient/config/module.ini file. The default is VDWEBRTC=On. After the update is completed, restart the Session. (Root permission is required).
The Citrix Viewer app requires access to macOS Security and Privacy preferences for screen sharing to work. Users configure this preference in Apple menu > System preferences > Security & Privacy > Privacy tab > Screen recording and select Citrix Viewer.
This section provides recommendations and guidance to estimate how many users or virtual machines (VMs) can be supported on a single physical host. This is commonly referred to as Citrix Virtual Apps and Desktops Single Server Scalability (SSS). In the context of Citrix Virtual Apps (CVA) or session virtualization, it is also commonly known as user density. The idea is to find out how many users or VMs can be ran on a single piece of hardware running a major hypervisor.
This section includes guidance to estimate SSS. The guidance is high level and might not necessarily be specific to your unique situation or environment. The only way to truly understand Citrix Virtual Apps and Desktops SSS is to use a scalability or load testing tool such as Login VSI. Citrix recommends using this guidance and these simple rules to quickly estimate SSS only. However, Citrix recommends using Login VSI or the load testing tool of your choice to validate results, especially before purchasing hardware or making any financial decisions.
To enable optimization for Microsoft Teams, use the Manage console policy described in the Microsoft Teams redirection policy. This policy is ON by default. In addition to this policy being enabled, HDX checks to verify that the version of the Citrix Workspace app is at least the minimum required version. If you enabled the policy and the Citrix Workspace app version is supported, HKEY_CURRENT_USER\Software\Citrix\HDXMediaStream\MSTeamsRedirSupport is set to 1 automatically on the VDA. Microsoft Teams reads the key to load in VDI mode.
So the network health between the peer and the Microsoft 365 cloud determines the performance of the call. Refer to Microsoft 365 network connectivity principles for detailed guidelines around network planning.
We recommend evaluating your environment to identify any risks and requirements that can influence your overall cloud voice and video deployment.Use the Skype for Business Network Assessment Tool to test if your network is ready for Microsoft Teams. For support information, see Support.
The WebRTC media engine in the Workspace app (HdxRtcEngine.exe) uses the Secure Real-time Transport Protocol (SRTP) for multimedia streams that are offloaded to the client. SRTP provides confidentiality and authentication to RTP. For this feature, symmetric keys (negotiated with DTLS) are used to encrypt media and control messages using the AES encryption cipher.
About performance, encoding is more expensive than decoding for CPU use at the client machine. You can hardcode the maximum encoding resolution in the Citrix Workspace app for Linux and Windows. See Encoder performance estimator and Optimization for Microsoft Teams.
If you configure an explicit proxy server in the VDA and route connections to localhost through a proxy, redirection fails. To configure the proxy correctly, you must select the Bypass proxy servers for local address setting in Internet Options > Connections > LAN Settings > Proxy Servers and bypass 127.0.0.1:9002.
When possible, the HDX WebRTC media engine in the Citrix Workspace app (HdxRtcEngine.exe) tries to establish a direct network Secure Real-time Transport Protocol (SRTP) connection over User Datagram Protocol (UDP) in a peer-to-peer call. If the UDP high ports are blocked, the media engine falls back to TCP/TLS 443.
b1e95dc632