Citrix announces XenDesktop 5. Here's our full analysis & what you need to know.

Last week at Citrix Synergy 2010 Berlin, Citrix surprised everyone by announcing XenDesktop 5, the latest iteration of their main desktop virtualization product suite which will ship by the end of the year. XenDesktop 5 actually has quite a few changes which we'll dig into.

Last week at Citrix Synergy 2010 Berlin, Citrix surprised everyone by announcing XenDesktop 5, the latest iteration of their main desktop virtualization product suite which will ship by the end of the year. XenDesktop 5 actually has quite a few changes which we'll dig into. But if you're just looking for a quick-list of the highlights:

  • Totally rebuilt internal management architecture. XenDesktop 5 is NOT based on IMA.
  • Integration of Web & SaaS apps to the Receiver and management platform
  • Brand-new administrative console called "Desktop Studio"
  • Brand-new web-based helpdesk / admin console called "Desktop Director"
  • New HDX printing engine
  • Completely new & simplified installation process
  • XenClient

XenDesktop 5 comes fast on the heels of XenDesktop 4 Service Pack 1 which was just released in August and included several secret (yet important) new features. For those who've seen XenDesktop roadmaps in the past, XenDesktop 5 is the codename "Rhone" release.

New internal management architecture that's NOT based on IMA

Citrix introduced their IMA management architecture back in 2001 as part of MetaFrame XP. IMA was the umbrella term for the management & configuration database and the Windows services that ran the entire MetaFrame farm. Since XenDesktop was an offshoot of MetaFrame, prior versions of XenDesktop were also based on IMA. Unfortunately IMA was never designed for the way that XenDesktop is used, (tens of thousands of nodes, huge configuration databases, etc.).

So a few years ago Citrix decided to completely re-architect the underlying management structure to replace IMA, and the results of those efforts are available in XenDesktop 5. (By the way, I'm writing this article from the Russian Citrix User Group meeting in Moscow, which I'm attending with Citrix's desktop CTO Harry Labana. I asked Harry, "What's the name for the new management infrastructure that's replacing IMA?" He replied, "I have no idea. Internally we called it 'Storm.'" Ok then! So we'll call this thing "Storm" for now too.)

Storm architect Ken Bell blogged about some of the details on which unfortunately is about all that we know publicly at this time. (Neither XenDesktop 5 nor its documentation is currently available for download, even as beta.) Among the highlights of the new Storm infrastructure:

  • The database moves to a "normal" relational database (that can leverage all the cool features of SQL Server). Previous IMA implemented a flat encrypted LDAP-like database.
  • As much as possible is written in .NET.
  • Delivery controllers are stateless, with all configuration & management data stored in SQL.
  • Everything is done through PowerShell, meaning you can script/automate everything. (And the management consoles expose the underlying PowerShell commands for all actions, making it easy for you to get started.)

Brand-new administrative console called "Desktop Studio"

There's a redesigned & brand-new administrative console called "Desktop Studio," which is where architects will build, test, deploy, and roll back images. (I'm not clear whether this is also the console that's used to configure the XenDesktop environment or whether it's just for working with desktop images and clients.)

Desktop Studio is completely focused around the number of steps required for admins to do their various tasks. Citrix actually hired someone to sit with real-life XenDesktop admins and to watch what they did and what took them the most time.

Brand-new web-based helpdesk console called "Desktop Director"

On one hand, lots of people have complained that Citrix XenDesktop has too many consoles. But the real problem was not that there were too many consoles--it was that the consoles were based on different products that made up XenDesktop, rather than the different tasks that various admins performed.

For example, an argument could be made that a system architect who configures the XenDesktop storage configuration should use a different console than a helpdesk admin who just shadows users and resets sessions. And that's exactly that approach that Citrix is taking in XenDesktop 5. Citrix created a new web-based management console called the "Desktop Director" specifically designed for the lower-level day-to-day tasks that helpdesk admins, application owners, and operations folks might need. The Desktop Director web console lets them view real-time status, restart sessions, send messages, shadow, etc.

It's important to point out that this new console does NOT change the administrative security at all. Citrix has had delegated administration for years. Creating these new consoles is just about giving the right tools to the right people in the right form. For more on the director console, check out this blog post.

Brand-new installation process

Those who've watched our Geek Week: VDI Challenge videos know that Citrix XenDesktop 4 does NOT have a simple installation process. (I also wrote about this when I compared the product installation process to the "Pepsi Challenge.") XenDesktop 5 will change that all. Citrix claims that as long as you have requisite components up and running (AD, DHCP, etc.), then XenDesktop 5 can be installed in just a few minutes. Of course we haven't been able to test this yet, but we're hoping it's as great as they say!

Client ("Citrix Receiver") Improvements

As you're probably aware by now, Citrix is renaming all their clients to "Citrix Receiver." Even though the version of the Citrix Receiver is not necessarily 100% tied to a specific version of the back-end host, there are a number of improvements to the client that we'll see soon, including:

Improved printing engine (Project Laser)

One of the "Nitro" technologies from Citrix is "Project Laser," which will be available in the 12.1 Receiver for Windows connecting to XenDesktop 5. The main feature of Project Laser is image compression and redundant data removal for client print jobs. Citrix claims these two changes alone can account for up to a 95% reduction in the size of a print job. Another feature of Laser is that printer connections are reflected in HDX session in real time (instead of just at login), so if you connect to a WiFi printer from your laptop client then it will be made available right away in your XenDesktop session without having to logout and login. (And if you're also simultaneously connected to a XenApp session, the new printer will be made available there too.) Check out Citrix product manager Derek Thorslund's blog about Laser for more info.

Color improvements

The Citrix receiver now supports 32-bit color and a new feature called "dynamic color compression" which changes the something (dunno what? color depth maybe? lossy compression factor?) dynamically based on network conditions.


The XenVault plug-in has been added to the client to provide a secure area to store data and cached objects for streamed apps (as long as your client is Windows 7).

Citrix Dazzle is no longer a stand-along product

It's been three years since Citrix initially announced their "plug-in" architecture plan for the Citrix Receiver clients. Fine. No Prob. But then they release Dazzle as its own client? Ummm helloo? Fortunately that's now behind us, as Dazzle is now a standard Receiver plug-in (called something like the "Enterprise App Store Plug-in").

Integration with Web & SaaS apps

Another major new feature of XenDesktop 5 and the new Citrix Receivers is the ability to integrate with and provide applications from the web and SaaS providers. (The demo Citrix showed looked a lot like VMware's Project Horizon, and in fact Citrix employee Calvin Hsu made a veiled reference to this when he wrote "Windows, web and SaaS apps, all from one self-service, secured interface, and it's here this quarter - not somewhere over the horizon.")

This will be achieved via something Citrix is calling "OpenCloud Access," which is an extension to Citrix "OpenCloud." I'm not 100% sure what this is, but the press release describes OpenCloud Access via the following:

Citrix OpenCloud Access leverages a network-based approach that coordinates credentials and makes a user’s identity borderless.  It gives easy single sign-on access to all popular SaaS applications (such as GoToMeeting®, NetSuite, Salesforce, etc.), enterprise web applications on hosted IaaS or private cloud platforms, and internal web and Windows applications – just as if they were any other enterprise application. Access and privilege management tasks for the IT administrator are greatly simplified by eliminating the need to individually manage multiple islands of identities spread across a growing number of external applications. The new OpenCloud Access solution is also integrated with Citrix Receiver™, giving Citrix desktop virtualization customers a single universal client to securely access any supported app or desktop resource, on any device.

Much like VMware got their core SSO capabilities for Horizon from their acquisition of Tricipher, Citrix's technology is coming from Apere. (Although it's unclear whether they've just licensed it or they're acquiring them outright.) As you might remember, I called VMware's Project Horizon "super awesome," and I expect the same of Citrix. The only thing I'm confused about right now is that OpenCloud Access appears to require NetScaler, so I'll need to dig more into that over the next few weeks. More to come here for sure...


I wrote about XenClient last week in a article called "Citrix releases XenClient 1.0, their client hypervisor. Don't waste your time. It's not ready." I guess it goes without saying that a lot of Citrix employees wanted to talk to me about that last week at Synergy. Fortunately I was able to sit down with Peter Blum, the XenClient product manager, and Ian Pratt, a Citrix VP of Special Projects and co-creator of the Xen hypervisor to discuss where XenClient is today and where it's going. After after two hours of conversation and over 5,000 words of notes, I can happily say that we'll have an awesome article later this week about XenClient's. So stay tuned!

And one non-feature: No support for XenServer 5.6 FP1 IntelliCache

Last week Citrix also announced the "Cowley" release of XenServer. One of the new features is called "IntelliCache," which is a way to increase VM density by smartly sharing and caching disk volumes locally which are accessed via a NAS. (I talked to Ian Pratt about this too. Look for a more detailed article about it next week.) IntelliCache seems like it will be amazing, HOWEVER, Citrix XenDesktop 5 will not support it initially. Instead we'll be waiting until the first update in 2011. By the way, don't confuse the XenServer "IntelliCache" with the "HDX IntelliCache" WAN optimization. They are two different things from two different groups that unfortunately have the same name! :(

So what's this all mean?

First and foremost, the administrative and installation experience of XenDesktop 4 and earlier was horrible, so streamlining and updating all of that is crucial and will be huge for Citrix once XenDesktop 5 comes out. 2011 is going to be a huge year for new folks entering our space, and stuff like this helps a lot.

Second, the whole IMA infrastructure was so old and creaky that a lot of people felt nervous deploying huge XenDesktop farms, so the new "Storm" infrastructure is also going to be huge. Of course right now storm is only part of XenDesktop--XenApp is still based on IMA. We can assume that Citrix is also working on porting XenApp to storm, and while they're at it they might as well integrate XenApp into XenDesktop properly (like they should have done in the first place) instead of this current "two-product-one-SKU" fiasco. Actually if Citrix can pull this all off with a single product (not a single SKU, but a single product), that would be huge. Any desktop. Local or remote. Shared or single. App or desktop. Windows or web... Yeah.. THERE'S where FlexCast becomes a real thing and not just a marketing term.

Third, the web app / SaaS integration thing is huge (which as I said I'll cover next week), but I want to include that here for completeness.

So at this point all we can do is hurry up and wait. XenDesktop 5 is not yet available, and we still have a lot of questions. (Like "What's the upgrade process going to look like with the completely new architecture?") We'll dig into as much of this as we can as soon as we can, but in the meantime, what are your thoughts and questions?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

>I'm not 100% sure what this is


OpenCloud Access is an optional (separately sold) module for NetScaler Platinum which is designed to seamlessly authenticate users to their SaaS applications, by intercepting HTTP traffic related to authentication from the user to the website (cloud service, sic).

It effectively uses HTTP injection to authenticate the user seamlessly.

In order to achieve that, there are options for the authentication - either applications which support SAML, OpenID or ADFS, or by prompting the user to submit credentials, and then storing them on-disk on the appliance... With that comes the obvious concerns. I believe the 'password cache' can be stored on another appliance on the LAN if your NetScalers are in the DMZ.

It's due to be available in Q4 and will be priced at US$50,000 per appliance.




And a comment - I think the move to transactional SQL as the replacement for IMA is brilliant. Most of us who have been through the mill with 'The Datastore' and IMA over the years will not cry at the funeral.

However, I am concerned about SQL availability/reliance. How long will it be until we've got offline database support/local host cache?




@Andy, for the OpenCloud Access working via intercepted HTTP connections.. I was talking to Rick Dehlinger about that tonight (he's also in Moscow with us), and he pointed out that that would mean all web traffic has to be proxied through a NetScaler. No problem for internal users, but does this mean that roaming users outside the firewall would have to brose the web (or at least access their SaaS apps) routed through their company's NetScaler?



That's right - that's one of the concerns we had when it was presented; in order to be of any real use the NetScaler would obviously have to be out in the DMZ or on the internet and hence the concern about the 'honey pot' credential store.

Obviously the idea is that the user clicks on the SaaS app icon in their Receiver (where they have obviously authenticated) is then directed to the NetScaler rather than, for example, just hitting in their browser - so it's relatively seamless from their perspective.

I believe that one of the potential ideas is for the NetScaler only to intercept/inject/proxy the authentication process, not necessarily all of the site traffic - a little like DSR mode in NetScaler load balancing, where a connection is returned directly rather than back from the server to the client.

As a result of this proxy arrangement, there's also the concern Alex D and shared - that a user who is switched-on enough not to click on '' may well be concerned about the strange URL hash that the OpenCloud Access uses when redirecting the connection through the NS, and instead hit the site directly, bypassing the authentication method and not using receiver - but I guess this is an education issue, or potentially something which may be configurable.




"a little like DSR mode in NetScaler load balancing, where a connection is returned directly rather than back from the server to the client."

> Sorry, It's early - that should obviously have said:

a little like DSR mode in NetScaler load balancing, where a connection is returned directly from the server to the client rather than back to the client through the NetScaler.



Do you mean that the announced SSO (Identity federation?) feature of the upcoming Receiver (Dazzle) is based on an existing module for NetSscaler?

In your comment you stated:  

“OpenCloud Access is an optional (separately sold) module for NetScaler Platinum which is designed to seamlessly authenticate users to their SaaS applications, by intercepting HTTP traffic related to authentication from the user to the website (cloud service, sic).”

Is the announced SSO just a Citrix license bundling of  the “Apres + Citrix VPX Solutions” ? -

I have browsed around the Apres site but I’m none the wiser what the existing Appres+Citrix solution really is not how exactly the Apres solution really works.  As a non-security guy I guess it’s likely that I simply do not understand any of the so called whitepapers at Apres? Or is it that they indeed are very lacking on implementation details?

Anyway,  I see nowhere the mention of NetScaler?

Andy, would you please give some further details? Right now I’m pretty clueless :(


Hi Kimmo

Yes, my understanding is that the demonstration of identity federation was based on a combination of theCitrix Receiver SSO Plugin (Password Manager) and the Citrix OpenCloud Access (the NetScaler-proxied HTTP injection technology I described above.)

The OpenCloud Access module for NetScaler Platinum is due out Q4 I believe, so it's not available yet, but it will be a separately chargeable module.

In all honesty I had never heard of Apere until I read about it in Brian's article above, so I have no idea whether OCA is an implementation of Apere, or Citrix have acquired them, or whether it's separate technology.


Thanks for the clarification Andy!

Your understanding seems to make a lot sense, especially when the OpeCloud Access module is a future technology that aligns with the release of XenDesktop 5 later this year.

Neither have I heard any mention of Apres aside from Brian (shortly) mentioning it in the article above.

@Brian do you have any further information on this?


Regarding Apere, I heard from multiple Citrix employees that the technology for the SaaS SSO stuff was from Apere. And they mentioned it openly when I asked at Synergy last week, but I haven't heard anything more since then.


I watched sections of the keynote from Synergy Berlin and caught something at the end of the XenDesktop 5 announcement that confused me.

Right after doing a wrap-up of the new features, there is a slide that says

"One License - concurrent user, per user, or per device, choice"

I've posted a couple of screengrabs from the video here:

I haven't seen any other discussion of the licensing model for XD5 changing to include a concurrent user option, but I thought that was the big deal with XD4 - that Citrix dropped concurrent and only offered per user or per device.


@Mike, XenDesktop has always had a concurrent user option, but just for the "VDI edition" which is only for online hosted VDI desktops. (i.e. no OS Streaming and no app streaming to local desktops.. and presumably no management of XenClient.)

And if you think about it this makes sense.. I mean how do you deal with the concept of "concurrency" when the stuff you're delivering can be used offline?

So Citrix offers concurrency if you buy an edition of XenDesktop that is online only, and then the per named user or per client device for everything else. (And actually those last two options are also available for the VDI edition too.)


I'd say you deal with concurrency in offline XenDesktop scenarios in the same way they deal with it in offline XenApp scenarios.

If they can license XenApp to me and let me burn a concurrent license to allow a user to take a streamed offline copy of Office with him on a plane, they can do the same thing with XenDesktop, no?

I see now the VDI-only product is what they mean in that slide, but it's ironic that they throw the word "choice" in there.  Sure, I have the choice of concurrent licensing, as long as I choose the product that doesn't meat my needs.


Remember that if you don't like it, you can always use Quest vWorkspace or VMware View. Thankfully we don't live in a one-vender world anymore!


If View could meet my needs, I'd be able to get by with concurrent VDI-only XenDesktop.

Which leaves vWorkspace.  And they're definitely a possibility; in fact we should be doing a vWorkspace POC soon.  My concerns with Quest are mainly on the Mac support and its maturity compared to Citrix.

'Course, Citrix will license XenDesktop Platinum concurrently, if you're big enough or you say the right magic words.  I know for a fact they're doing it for at least one university, and their install base isn't what you'd call huge.


Citrix baffles us sometimes.

Has anyone been able to find a "XenDestop Admin Guide or Installation Guide?" I have looke don the DVDs and all over the Citrix web site but there is none to be found. The e-docs are really incomplete.

I am tryng to understand this. You can buy Xendesktop licenses but Citrix does not write the Admin Guide.

I hope I am missing something here.

I think this is part of what AppDetective is talking about. Will Citrix support us by giving us the information we need?

On the other hand: The Provisioning Server Installation and Admin guides are really good.


We have looked and view and Xendesktop.  As a Vmware customer with lots of Vmware servers, we liked the product except for one (actually 2) huge exceptions.  (1) The install & Documentation is HORRIBLE.  (But that will be fixed they say..).. (2) The idea of moving the storage from Vmware attached to a SAN to a Windows Server sitting on NTFS OVER THE NETWORK seems like a bad move.  If Xendesktop would give us a workable option to be able to manage the deployment of hundreds of machines using shared disk images (prov server) but keep it on VMware Servers, we would be sold.  Their only solution is to create each one idiviually on the vmserver.  No thanks.  Sure I know the Xenserver..Blah Blah, but that boat sailed years ago..we are a VMware shop as are a signigicant number of the potential customers.  Make the change to allow shared images to be provisioned on a Vmware box (with attached SAN), not Boot/run OVER THE NETWORK into a VM on vmware with a disk on a windows box.  The whole design is not that efficient and is not enterprise scalable without putting much more money into seperate network resources, resources we dont need for the View product.  Do I think Xendesktop is better - mostly, but this whole design of Prov Server is not efficient for a in place VMware environment.  No Citrix, I dont want to create private networks for your storage - I have that its called a SAN attached to my VM servers.

Oh - and please fix/improve the documentation - getting old guys.  So much potential with so little clear technical leadership to wrap it all together.


Please Please Please combine the XenDesktop Farm datastore with the Provisioning Server Farm Datastore. We do not want to have to manage multiple datastores and multiple systems and multiple consoles.