Table of Contents
Workspace Environment Management optimizes Citrix workers for the best possible performance (user density, logon time and application response time).
WEM is subject to the Current Release Lifecycle (Additional Component) and therefore there is no LTSR version of WEM available.
To use WEM, you must have an active Customer Success Services (CSS) for one of the following licenses:
- Citrix Virtual Apps Advanced
- Citrix Virtual Apps Premium
- Citrix Virtual Apps and Desktops Advanced
- Citrix Virtual Apps and Desktops Premium
- Citrix Workspace Premium
- Citrix Workspace Premium Plus
Technical Overview
Workspace Environment Management (WEM) is based on the following architecture:
Infrastructure Services
The Infrastructure Services Server (WEM Broker) must be installed on a multi-session OS. This synchronizes the various back-end components (SQL Server and Active Directory) with the front-end components (Administration Console and Agent). One WEM Broker can manage up to 3000 user sessions.
The Infrastructure Services component is not allowed to be installed on a domain controller.
Administration Console
The Administration Console can be installed on a single-session or multi-session OS and connects to the WEM Broker. The Administration Console is used to configure the WEM environment (e.g. assign resources and policies, authorize users, etc.).
Agent
The agent is installed on the worker (single-session or multi-session OS) and connects to the WEM Broker (Transformer feature is supported on single-session OS only). This sets the settings on the worker, that have been configured through the Administration Console. The agent can also be deployed on a physical Windows endpoint to implement the WEM settings there.
The agent cannot be installed on the WEM Broker (installation error).
SQL Server Database
An installation of Microsoft SQL Server 2012 or higher is required. WEM requires sysadmin access to the SQL Server instance to create the database and read / write access to the database to use it. During database creation, Workspace Environment Management creates a SQL login (vuemUser) and then adds a database user mapping to that login. The user is automatically granted read / write access to the database.
Microsoft Active Directory Server
Workspace Environment Management requires read access to Active Directory to propagate the configured settings to users.
WEM has the following limitations related to Active Directory Trusts:
- External Trust Relationships are not supported by WEM
- WEM also does not support one-way forest trust relationships between forests
- Instead, other relationship types must be used, such as Forest-Trust Relationships
Requirements
Infrastructure Services
Supported operating systems:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Minimum hardware (for up to 3,000 users):
- 4 vCPUs
- 8 GB RAM
- 80 GB Disk space
Antivirus Exclusion:
- Norskale Broker Service.exe
- Norskale Broker Service Configuration Utility.exe
- Norskale Database Management Utility.exe
Administration Console
Supported operating systems:
- Windows 10 Version 1607 and newer (32-Bit and 64-Bit)
- Windows 11 (32-Bit and 64-Bit)
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Minimum hardware:
- Dual Core Processor
- 2 GB RAM
- 40 MB Disk space (100 MB during installation)
Agent
Supported operating systems:
- Windows 7 SP1 Professional, Enterprise and Ultimate Editions (32-Bit and 64-Bit)
- Windows 8.1 Professional and Enterprise Editions (32-Bit and 64-Bit)
- Windows 10 Version 1607 and newer (32-Bit and 64-Bit)
- Windows 11 (32-Bit and 64-Bit)
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Minimum hardware:
- 20 MB RAM Consumption
- 40 MB Disk space(100 MB during installation)
- Citrix.Wem.Agent.Service.exe
- Citrix.Wem.Agent.LogonService.exe
- VUEMUIAgent.exe
- Agent Log Parser.exe
- AgentCacheUtility.exe
- AppsMgmtUtil.exe
- PrnsMgmtUtil.exe
- VUEMAppCmd.exe
- VUEMAppCmdDbg.exe
- VUEMAppHide.exe
- VUEMCmdAgent.exe
- VUEMMaintMsg.exe
- VUEMRSAV.exe
Port overview
| Source | Destination | Type | Port | Details |
|---|---|---|---|---|
| Infrastructure service | Agent host | TCP | 49752 | “Agent port”. Listening port on the agent host that receives instructions from the infrastructure service. |
| Administration console | Infrastructure service | TCP | 8284 | “Administration port”. Port on which the administration console connects to the infrastructure service. |
| Agent | Infrastructure service | TCP | 8286 | “Agent service port”. Port on which the agent connects to the infrastructure server. |
| Agent cache synchronization process | Infrastructure service | TCP | 8285 | “Cache synchronization port”. Applicable to Workspace Environment Management 1909 and earlier; replaced by Cached data synchronization port in Workspace Environment Management 1912 and later. Port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server. |
| Agent cache synchronization process | Infrastructure service | TCP | 8288 | “Cached data synchronization port”. Applicable to Workspace Environment Management 1912 and later; replaces Cache synchronization port of Workspace Environment Management 1909 and earlier. Port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server. |
| Infrastructure service | Citrix License Server | TCP | 27000 | “Citrix License Server port”. The port on which the Citrix License Server is listening and to which the infrastructure service then connects to validate licensing. |
| Infrastructure service | Citrix License Server | TCP | 7279 | The port used by the dedicated Citrix component (daemon) in the Citrix License Server to validate licensing. |
| Monitoring service | Infrastructure service | TCP | 8287 | “WEM monitoring port”. Listening port on the infrastructure server used by the monitoring service. (Not yet implemented.) |
Upgrade path to Version 2012
The following in-place upgrade scenarios are supported:
| From | To | In-place upgrade supported |
|---|---|---|
| 4.6 and older | 4.7 | Yes |
| 4.6 and older | 1808 or newer | No (Intermediate step to 4.7 is required) |
| 4.7 | 1808 or newer | Yes |
Installation
- Check your license server for the correct Citrix version (Advanced or Premium) and a Customer Success Service that has not yet expired
- Download and extract the new WEM package
Citrix Infrastructure Server
- On the WEM Broker, run and install the extracted Citrix Workspace Environment Management Infrastructure Services Setup.exe
- In the installation menu, click Next until Setup Type
- Select Complete and finish the installation
Citrix WEM Database
- Then run the Database Management Utility tool to create the WEM database
- Now click on Create Database
- Enter the existing login data for the SQL Server in the following windows
- Possibly store an alternative account for the connection. Otherwise, the currently logged in user will be created to connect to the SQL Server and create the database.
If the logged-in user does not have sufficient rights, alternative credentials can be stored here. Deselect the item “Use integrated connection (Windows credentials)” and then enter them.
- Defines the initial administrators under VUEM Administrators
- Under Database Security you can define which user will be used for the later communication between SQL and WEM.
If “Use Windows authentication for infrastructure service database connection” is selected, the default user (vuemUser) is not used for the connection, but the one stored there. With “Set vuemUser SQL User account password” the password for the vuemUser can be set. This is required for a SQL Server Always On availability group.
- Check the settings and start the procedure with Create Database
- Confirm the creation of the database
- After the successful creation of the database, the configuration must be checked via the WEM Infrastructure Service Configuration Utility.
- Under Database Settings the stored database data can be checked and corrected.
- In the Network Settings tab, you can see the ports currently in use. This should be left in the default.
- In Advanced Settings the user for the connection between WEM and SQL Server can also be defined (Enable Windows account impersonation). Note that this user needs local administration rights on the WEM infrastructure server and must be db_owner in the SQL database for the WEM DB. The password for the vuemUser chosen during the DB creation must also be stored under “Set vuemUser SQL user account password“.
- In Database Maintenance, database housekeeping should be enabled under Enable scheduled database maintenance
- Check the Licensing and the Database Settings tab
- Click Save Configuration and restart the Broker service
Citrix WEM Agent
The following points should be considered before installing the WEM Agent software:
- Ensure that no user is logged in on the target device anymore
- The version of the WEM Infrastructure Server must be equal to or greater than that of the WEM Agent
- Start the Citrix Workspace Environment Management Agent Setup.exe file on the target device.
- Confirm the License Agreement with the checkbox and start with the click on Install
- Click Next in the following window
- Note the changed path here (No Norskale mention)
- Since WEM version 1909 there is only one agent for on-premises and cloud, so select your Deployment Type here
- Now define your infrastructure server and ports for on-premises deployment
- For cloud environments, the cloud connector must be entered here
- Then define the alternative cache location (PVS & MCS deployments) & a delay for Published Apps via VUEMAppCmd
- Confirm the settings in this window with Install
- After the installation, the new agent should appear in the Administration Console
Troubleshooting
If the cache is not stored by the WEM Agent on the persistent disk of the worker, it must be refreshed at every start. This can be done either by Script (Scheduled Task) or by BIS-F.
WEM Tools
With the WEM Agent, several cool tools are installed along with it, which are not really well documented.
The path for these tools is on the worker:
C:\Program Files (x86)\Citrix\Workspace Environment Management Agent\
Agent Log Parser
The Agent Log Parser (Agent Log Parser.exe) is my favorite tool for checking the WEM log files created under the user profile.
Hereby one has the possibility to define different filters for the log files, e.g. to filter all entries concerning the application assignment.
The log file is also indexed and it shows how often each event type (Event, Exception or Warning) occurs.
Agent Cache Utility
Agent Cache Utility (AgentCacheUtility.exe) is not a GUI tool, but it can be used to refresh the WEM Agent cache via shell. The above mentioned script also uses this tool.
|
1 |
AgentCacheUtility.exe -refreshcache |
Agent Configuration Utility
The Agent Configuration Utility (AgentConfigurationUtility.exe), which is also not a GUI tool, can be used to change the local agent to communicate with another WEM broker.
|
1 2 3 4 5 |
AgentConfigurationUtility.exe switch -o --server <server name> --agentport <port number> --syncport <port number> AgentConfigurationUtility.exe switch -o --server <server name> AgentConfigurationUtility.exe switch --usegpo -o |
Apps Management Utility
The Apps Management Utility (AppsMgmtUtil.exe) is a GUI with which the user can independently place icons (desktop, start menu, etc.). With this he can also place applications that are assigned to the user, but where the admin has not initially placed the icon anywhere.
If you right-click on the WEM Agent, you can access this tool via Manage Applications.
However, this must be allowed to the user (Allow Users to Manage Applications) via WEM Administration Console (Advanced Settings / UI Agent Personalization).
Printers Management Utility
The counterpart for the printer assignment is the Printers Management Utility (PrnsMgmtUtil.exe), with which the user can easily assign provided printers and independently select a default printer.
If you right-click on the WEM Agent, you can access this tool via Manage Printers.
However, this must be allowed to the user (Allow Users to Manage Printers) via WEM Administration Console (Advanced Settings / UI Agent Personalization).
Reset Actions Utility
With the Reset Actions Utility (ResetActionsUtil.exe) the user can independently reset his assigned actions (e.g. Applications. Registry Values or Environment Settings).
However, this must be allowed to the user (Allow Users to Reset Actions) via WEM Administration Console (Advanced Settings / UI Agent Personalization).
VUEMAppCMD
VUEMAppCMD (VUEMAppCmd.exe) can be used to ensure that a published application is not started until the complete environment has already been loaded.
Suppose an application requires a specific drive, variable, or other environment setting before launching so that it start cleanly. Basically, VUEMAppCMD wait exactly for WEM to finish processing and then start the application.
Resultant Actions Viewer
The Resultant Actions Viewer (VUEMRSAV.exe) can be used to check which WEM settings and actions have been assigned (as well as the responsible filters). Furthermore it shows what was excluded and why.
Under the Logs tab, the Citrix WEM Agent.log file from the respective user profile is evaluated.
The “Debug Mode” button can be used to activate debug logging in the respective session without having to activate it globally.