Citrix Synergy 2014 Review

My preview of Citrix Synergy 2014 a few weeks back highlighted the ever growing focus on mobility and data sharing that was certain to be a big topic this year. Following on from the purchases of Zenprise and ShareFile, Citrix have finally got to grips with integrating these products into the brand and with NetScaler and XenApp/Desktop – which have also seen several enhancements. So off to LA on a long Virgin Atlantic flight for a few days.

The first day keynote from CEO Mark Templeton was a stirring opening. Some great use cases for Citrix Cloud services (BT) and AutoDesk winning the heralded Innovation award. “Autodesk??” you say.. “The 3D CAD people?”  Yes Sir! That’s the one.



Above, Citrix CEO Mark Templeton

An emotional speech at times, with Mr Templeton due to stand down this year – there were certainly a few teary eyes among the crowd. His successor may not have been announced just yet, but his parting words “Leave it better than you found it” will certainly be remembered.

The main Expo hall had plenty to see and do with many great products from numerous partners. We spent a good bit of time at the CA Nimsoft stand and got a great demo of their monitoring tools for XenApp and XenDesktop.


A welcome product update due in Q3 is the latest Citrix Receiver X1. For anyone using Worx Home for XenMobile – this is will integrate the on-boarding and corporate app store features of app Controller with a built in Citrix Receiver client. No more having to configure two clients, one with dummy settings to avoid the prompts etc. 


Other new features include easy branding for your app store. This was previously very tricky to do on StoreFront with hardly any on mobile devices. The new X1 will allow you to add corporate logo and colour schemes to your heart’s desire.

“Big News”

Another key announcement was Citrix Workspace Suite. This suite bundles XenDesktop, XenApp, XenMobile and ShareFile into one customer license for $450 per user. This is said to represent a saving of some 70% on purchasing the individual products. That’s a lot of product for your $ or £.

Back to mobility. Several really nice tools will be out soon for mobile devices including Worx Desktop which connects back to your PC and gives seamless access to documents. Worx Notes, a simple note taking utility that will give you access to save a quick note back to ShareFile or your corporate folders. ShareFile has shipped over 1,000,000 licenses in the past year and can now hook into GoToMeeting and other cloud storage services.

XenDesktop and XenApp have had some major enhancements to HDX with the addition of Adaptive H.264 encoding, double the speed frame refreshing on 3G connections, a reported 100% increase in bandwidth efficiency across a WAN for video quality and 10x reduced bit rate for HD video on low speed connections. Citrix certainly are not taking the foot of the gas on the virtual desktop front.

Putting all this together in a cloud infrastructure sounds daunting – or great fun if you’re a techie! To help with all that hosting Citrix now have WorkSpace Services. You can start from the bottom and use an automated tool called “Design and Automation” to build it all. Ideally a platform for service providers – it sure looks impressive on the demo.

Of course to access all of this you need the Citrix Receiver and apart from the X1 release, new HTLM5, MAC and Chrome book versions are able to provide even better user experience with added support for USB3, flash, webcams and  Microsoft Lync enhancements for Linux and iOS devices.

There’s lots more over on Citrix TV and YouTube   – for now, here are a few links to the key topics and announcements.


AutoDesk Innovation Winner:

Receiver on Chrome:

Receiver X1:

ShareFile update:

Workspace Suite:

Works Desktop:

What’s New in XenDesktop and Xenapp:

WorkSpace Services – Design and Automation:

Securing Mobile Devices – Use Case:

How to – Cert requests on NetScaler for CAG

When setting up a virtual CAG on NetScaler – you can apply a certificate in a couple of different ways.

One option is to use IIS and request the certificate, return the request from the vendor and then use openssl on the IIS server, to convert the IIS to .PEM format.

Another option is to use the NetScaler admin tools to generate the request. To do this, you first must have your NetScaler license applied.

When requesting a cert from the NetScaler you have to generate a private key file. This is attached in the code of the cert request file, and then used to verify the source when you re-import.

You can also use a wildcard certificate. This is likely to be one that is used in other web servers so it’s important you know the private key password so you can import. You may also have to carry out the openssl conversion on IIS server before you can use on the NetScaler.

NetScaler can of course host multiple CAG vm, and act as a proxy for other internal sites –as well as perform SSL of loading for secure site traffic – so you could have more than one certificate on NetScaler.

I’m going to create my certificate request on the NetScaler using the admin gui.

  • Go to Traffic Management and SSL – look for Create RSA Key
  • This prompts for filename – which is held on the NetScaler file system.
  • Give the file a name, a bit size – usually 2048 and then format – PEM and Encoding DES.
  • Enter a passphrase and then confirm this – make sure you record it or use a familiar phrase.
  • You can check the location of the file using Manage Certificates – which lists the folder location of the certificate and key files.
  • Next, generate the certificate request using Create CSR.
  • In the next screen, enter the details of the cert request as shown here.
  • Give the cert request a name – and Browse to the key file.
  • Enter the passphrase, and fill in the Distinguished Name Fields.

Make sure that the cert or domain name you are requesting is actually associated with the company.

This can cause issues if the company name is not precise – so worth checking the domain in a whois lookup.

Also make sure you enter the fields marked “*” – an error will prompt you if you miss any. Also, before going to site – do the cert request at least a week in advance – it can take several days to get certs approved by some vendors in relation to government organisations for example.

When confirmed, click OK – then go into Manage Certificates to locate the request.

At this stage, you will need to either download the file OR select View and copy the text.

Your request is now ready to be submitted to a certificate authority.

On return, download the certificate and.

You should also apply the intermediate certificate chain and link it to your main cert.

To do this, get the intermediate cert from the vendor, and save to local folder.

  • Click on Install and browse to the folder – give the intermediate cert a name eg DaddyBundle, and click on Create then Close.
  • In the main cert screen – you can then right click on main CAG cert and select Link – then select the DaddyBundle.
  •  Click ok
  • You can now assign the ssl cert to your virtual CAG.

The process is pretty easy once you do it a few times, so do practice it before you go to site or get stuck with a support call.


Generate SSL Cert Request

Converting CAG pfx to PEM

OpenSSL Commands

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

When converting from IIS – you need to import on the IIS server you generated the request from  – otherwise export with key will fail.

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Backing up NetScaler

NetScaler stores its configuration in a file called “ns.conf” stored in the unix file system.

It would be good practice to take a copy of this file before any major work, version upgrades or migration of the virtual appliances to another data centre for example.

You can back up the config in two ways:

· Using the Generate Support File wizard in the GUI – I mostly use this for sending support files to Citrix.

· Using ftp or secure FTP tools like WinScp or Bitvise

I prefer to use WinSCP/Bitvise and usually install this on the Web Interface or Storefront server.

Method 1

Login to your NetScaler through the management gui.


Go to System, Diagnostics and click on Generate Support File

Click on Run, takes a minute to run. You can then click on Download to export a unix tar file

And also save the config to a text file.

image image

Click download to get the .tar file.


Click on Select to select the recent version


Select a suitable path for the backup and click on Download.


Method 2

The 2nd method, and one I prefer to use is through a Windows based ftp/secure Ftp tool


Login to the NetScaler IP with the nsroot other admin account.


This then presents you with an explorer interface into the NetScaler file system,

and of course my local PC.

Browse to a suitable location on the left pane, and then browse on the right to find the /nsconfig folder – drag the ns.conf over to the right.

**Other files called ns.conf.0 are the previous versions, which you may rename to ns.conf if required to get back to previous settings.