Remote PC Access – For Office Workers


Within Citrix Virtual Apps and Desktops, there has been a hidden gem called Remote PC Access.

For many people who commute to work, they sit in the same chair in front of the same PC. In it’s simplest terms, Remote PC Access simple moves that chair away from the PC.

This simplified architecture shows what this looks like, with Citrix Gateway sitting between the firewalls, allowing remote users access to internal resources:

remote-pc-access_office-workers

To make this work, each PC that needs to be accessed remotely must include the Virtual Delivery Agent (VDA).  There are ways to get this VDA.

  • Full VDA: Within the ISO (\x64\XenDesktop Setup\XenDesktopVDASetup.exe), there is the full VDA. If this is used, it must include the “/remotepc” command line parameter. This simply prevents certain features, which are not needed in a Remote PC Access deployment, from getting installed.
  • Remote PC Access VDA: Within the ISO, there is a VDA specific for Remote PC Access called “\x64\XenDesktop Setup\XenDesktopRemotePCSetup.exe”. This executable is the same as the first one except no command line parameters are required, making for an easier installation process.

Assignments

Once installed, one of the biggest questions when it comes to Remote PC Access is how are users assigned to the correct PC? It is not extremely helpful if you are sent to your coworker’s PC, unless your coworker is Chuck Norris.

Remote PC Access includes an automatic assignment routine.  Once the VDA gets installed, when the next user locally logs onto the PC, the VDA creates an assignment for that user to the PC. This information gets stored within the Citrix Virtual Apps and Desktops data store.  When the user tries to access the environment remotely, the assignment directs the user to the correct PC.

Policies

The most important thing when it comes to Remote PC Access is power management.  It is true that Remote PC Access can implement Wake-on-LAN functionality, but this requires Microsoft Endpoint Config Manager (previously called Systems Center Config Manager). If you don’t have this or don’t want to use it, the physical PCs MUST remain powered on.

Let me say that again, because it is super important: the physical PC MUST remain powered on.

There are ways to help keep a PC powered on:

  1. GPO: Create a GPO, enable this setting and assign it to users: User Configuration – Administrative Templates – Start Menu and Taskbar – Remove and prevent access to the shutdown command.
  2. BIOS: In the unlikely event of a power failure, the PC will be off. But when the power comes back on, we need those PCs to auto-start.  Some BIOS settings allow the PC to automatically power on after a power failure.  This should be enabled.

4 thoughts on “Remote PC Access – For Office Workers”

  1. How do we overcome the need for a firewall rule for every PC on campus? With our Citrix servers, we use common vlans, but that wouldn’t work for us with 20,000 PCs.

    Like

  2. The PC’s need to have a route to the Broker / Controller to register, and commonly the Broker / Controller and Storefront are behind one or both firewalls with the Gateway. The Gateway brokers the connection, so this probably doesn’t need new firewall rules on a per-PC basis. Your Citrix SE can help with additional information.

    Like

  3. Any idea for fine-tuning of remote pc access on Citrix???
    Since the user is using his remote PC with Citrix and connected the Citrix storefront URL through a third-party VPN.
    Citrix infrastructure in on-premise.
    Remote PC is having 3D graphical applications installed in it and user wants high definition experience.

    FYI – the endpoint is having 10 Mbps dedicated bandwidth

    Like

  4. a customer that needs to deploy remote PC, while he is having Cisco ISE that is assigning the IP to the user machine after the user logins and verify his identity. In that case the machine won’t be visible as VDA until the user logins , while the user won’t be able to login until the machine has IP assigned, any recommendation or thought how to overcome this situation?

    Like

Leave a Reply to William Kennon Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.