Citrix Architecture

Submitted by jbredehoeft on Fri, 12/30/2011 - 14:41

The first thing about Citrix Architecture is to understand the ICA protocol. ICA is a presentation-layer protocol on the OSI-layer (6). ICA is a very thin protocol and is optimized for the WAN with high latencies, it works over SSL and is bandwidth optimized and supports QoS.

Since this is OSI-Layer 6, what does ICA do for optimization. The ICA packet contains the following headers: Frame Head, Reliable, Encryption, Compression, Command, Command Data, Frame Trail. The command is the only required information.

  • Frame Head - frames stream-oriented TP data.
  • Reliable - error detection & recovery
  • Encryption - manages encrypted data within ICA
  • Compression - indicates if this is compressed.
  • Command - (Required) Beginning of the ICA protocol data.
  • Command Data - Data bytes. This can be different virtual channels.
  • Frame Trail - framing asynchronous TP data.

Within ICA are virtual channels for KVM, printing, audio, Drive Mapping, Clipboard, Seamless windows, etc. that can be encapsulated. You can have a max of 32 virtual channels. RDP channels are different. Each channel has a counter-point on the server. These channels sit on top of the ICA Winstation Driver, on top of Protocol driver, on Transport Driver.

IMA (Independent Management Architecture)

Provides a centralized framework for server to server communications. This is install on all XenApp servers by default. This is over port 2512. This is not the same as ICA, this is for server to server communications.

Architectural Components

  • Farms
  • Servers.
    • XenApp Server
    • Web Interface / Secure Gateway / NetScaler (appliance in DMZ, like a proxy server)
    • License Server
    • Provisioning Services
  • Licensing (RDS licenses, Citrix Licenses)
  • Data Collector (elevated Application Server, and may be isolated and not serving users in large environments)
  • Data Store (Database for configuration information) / Local Host Cache (this is a minimal/subset of the Data Store database in case of failure)
  • Hosted Applications (on server) / Streamed Applications (on end point device)
  • Worker Groups (servers are siloed based on application, this is a collection of servers that can be managed together)
  • Zones (Geographically group servers. IE, California, Denver, New York, London)

Keep zone communication local. Have the Data Collector communicate to different zones. You can either allow the Data Collector to be designated by automatic election or you can designate a server to be the Data Collector.


  • TCP 1494 -- Main ICA protocol
  • TCP 2598 -- ICA with MS Session Reliability
  • TCP 2512 -- IMA Communication
  • TCP 2513 -- XenApp Advanced Console (Management/Administration) communication from management server to application servers.
  • UDP 1604 -- TCP Browsing
  • TCP 80 -- XML Service Port
  • TCP 443 -- SSL Communications
  • TCP 8082 -- License Management Console
  • TCO 27000 -- License Port

Additional XenApp 6 Components

  • Load Manager
  • Resource Manager (EdgeSight) - CPU, Memory, Disk utilization
  • Access Gateway (VPX-Virtual, MPX-Physical)
  • XenApp Provider (Monitoring Plugin for SCOM, MOM, etc.)
  • Delivery Services Console (DSC) - Management of Servers.
  • License Administration Console (LAC) - License Management
  • Citrix Plug-ins - clients for a lot of devices. Hosted Applications, Streamed Applications, Web, Java, Receiver.