One of the last steps to configure XenDesktop is to setup Citrix StoreFront. What is StoreFront? StoreFront is basically the web tier in a three tiered architecture (StoreFront, Desktop Controller, SQL database). It’s more than just a pretty face. Citrix Receiver directly talks to StoreFront, even if you never use your browser.
StoreFront 2.0, included in XenDesktop 7, no longer requires a separate database. There is a built-in replication engine that syncs the config between multiple StoreFront servers. That’s great for a DMZ configuration, and just one less database to worry about.
StoreFront is also now a complete replacement for the legacy Web Interface (WI), which is no longer installed and is deprecated in XD7. StoreFront is the only way to interface to your XenDesktop farm. There are various optional StoreFront settings you can tweak, but I’ll skip those here since the goal is just a quick PoC.
XenDesktop 7 Series
Part 1: Role Installation
Part 2: Configure Desktop Studio Site
Part 3: Install VDA
Part 4: Create Machine Catalog
Part 5: Configure StoreFront
Part 6: Create Delivery Group
Part 7: Receiver Configuration
Part 8: Install Server VDA
Part 9: Create Server Machine Catalog
Part 10: Create Application Delivery Group
Citrix StoreFront Configuration
1. First we need to configure IIS to use an SSL certificate. StoreFront is built on IIS, and pre-configuring the SSL certificate saves a step when we create the StoreFront. No special certificate properties are required for StoreFront. You can use any valid server authentication SSL certificate, be it from a Microsoft CA or trusted CA. Add a HTTPS binding to the IIS Default Web Site.
If you are using a load balancer then you should use a certificate with the StoreFront VIP FQDN (e.g. StoreFront.contoso.com). I suggest rebooting the server after the certificate is assigned so that all of the Citrix services recognize and bind to the certificate (or should).
2. Now that IIS is secure, go back into Desktop Studio and open the Citrix StoreFront node. For me a store got automatically created, so I deleted it and will show you the manual steps. Click on the Stores node and in the right pane click on Create Store.
3. When the wizard starts enter a store name. I’m not feeling creative tonight, so I called mine Store.
4. Now we need to add the delivery controllers that StoreFront will interface with. Here you can add multiple farms, and a mixture of XenDesktop, XenApp, and other Citrix products. I’ve successful used StoreFront with both XenDesktop 5.6 and 7.0 farms at the same time. If you are load balancing your desktop controllers you can enter the VIP FQDN here. It would be nice if Citrix added a “Test” button here to validate the controllers were valid. That could help with troubleshooting if the store was empty when you tested it.
5. StoreFront also interfaces very nicely with the NetScaler AccessGateway. So here you can configure how users will be accessing the XenDesktop infrastructure. AccessGateway is out of scope for this series, so I’ll skip that step and finish the wizard.
6. Once the store is created it will give you the web browser URL that you can use to access it. Now during my PoC install StoreFront didn’t recognize my SSL certificate, even though IIS was using it. Plus, you may need to customize the URL for a loadbalanced FQDN. This is easily accomplished via a powershell command. Citrix: Please put this in the GUI, and warn about SSL issues during the StoreFront creation.
Also take note that to access StoreFront from a web browser you must append “Web” to the store URL, as the URL shows below. Don’t try going to /Citrix/Store as that won’t work.
7. To change the StoreFront base URL you can go to the Server Group node and in the right pane select Change Base URL. Here I changed the URL to use HTTPS. If you are using a load balancer for StoreFront you could change the FQDN to the VIP.
8. Back in the StoreFront console, after refreshing, you can see that the service is using HTTPS.
9. One quick tweak to make authentication easier is to set a default domain. This way the user doesn’t have to enter a domain when authenticating to the StoreFront web site. Locate the Authentication node, then in the right pane click on Configure Trusted Domains.
And that’s pretty much it to get an operational StoreFront. If you open your browser and go to the full web store URL you should get a green bubbly Citrix receiver page.
In Part 6 we configure a delivery group, which defines what users can access our VDI resources.