In the name of security, Google may have made Chrome an even larger burden for virtual workspaces. The change to the latest version of the browser will start rendering each page in its own memory and process space. This is good for security (think Spectre) … But a nightmare for virtual workspaces, especially Server OS VDA (XenApp).
What to do?
Fare the well, XenApp 6.5. Talk about an amazing run! But alas, the product is no more… I’ll break this all down in a moment and what it means for you if you still find yourself running any XenApp version except 7.6 LTSR, 7.15 LTSR or 7.14 to 7.18. June 30th was a big day for Citrix, yet it passed with barely any fanfare. I thought maybe I’d do something about that!
(information current as of July 9th, 2018)
So you’ve done a nice job cleaning up your VDA. You’ve optimized, removed extra user profiles and even ran cleanmgr to cleanup your system’s 2 GB+ of old updates. You deploy the image… and get a message that you’ve been logged on with a Temporary Profile. A look at the Event Logs leads you to Event 1511. Here’s what’s going on in most cases.
So you want to secure the XML traffic going from StoreFront to your Controllers (Brokers)… I think that’s a good decision!
In many enterprise level deployments I encounter the following are true:
- They want to Secure XML – the transaction between StoreFront and the Controllers that contains user information. It’s obscured over plaintext but SSL is always better!
- They DO NOT have IIS installed on the Controllers (as in, no Director or StoreFront roles installed) to keep services isolated and lower the attack surface.