Installing Workspace Environment Management

Workspace Environment Management optimizes Citrix workers for the best possible performance (user density, logon time and application response time).

WEM is subject to the Current Release Lifecycle (Additional Component) and therefore there is no LTSR version of WEM available.

To use WEM, you must have an active Customer Success Services (CSS) for one of the following licenses:

  • Citrix Virtual Apps Advanced
  • Citrix Virtual Apps Premium
  • Citrix Virtual Apps and Desktops Advanced
  • Citrix Virtual Apps and Desktops Premium
  • Citrix Workspace Premium
  • Citrix Workspace Premium Plus

Technical Overview

Workspace Environment Management (WEM) is based on the following architecture:

WEM architecture

Infrastructure Services

The Infrastructure Services Server (WEM Broker) must be installed on a multi-session OS. This synchronizes the various back-end components (SQL Server and Active Directory) with the front-end components (Administration Console and Agent). One WEM Broker can manage up to 3000 user sessions.

The Infrastructure Services component is not allowed to be installed on a domain controller.

Administration Console

The Administration Console can be installed on a single-session or multi-session OS and connects to the WEM Broker. The Administration Console is used to configure the WEM environment (e.g. assign resources and policies, authorize users, etc.).

Agent

The agent is installed on the worker (single-session or multi-session OS) and connects to the WEM Broker (Transformer feature is supported on single-session OS only). This sets the settings on the worker, that have been configured through the Administration Console. The agent can also be deployed on a physical Windows endpoint to implement the WEM settings there.

The agent cannot be installed on the WEM Broker (installation error).

SQL Server Database

An installation of Microsoft SQL Server 2012 or higher is required. WEM requires sysadmin access to the SQL Server instance to create the database and read / write access to the database to use it. During database creation, Workspace Environment Management creates a SQL login (vuemUser) and then adds a database user mapping to that login. The user is automatically granted read / write access to the database.

Microsoft Active Directory Server

Workspace Environment Management requires read access to Active Directory to propagate the configured settings to users.

WEM has the following limitations related to Active Directory Trusts:

  • External Trust Relationships are not supported by WEM
  • WEM also does not support one-way forest trust relationships between forests
  • Instead, other relationship types must be used, such as Forest-Trust Relationships

Requirements

Infrastructure Services

Supported operating systems:

  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

Minimum hardware (for up to 3,000 users):

  • 4 vCPUs
  • 8 GB RAM
  • 80 GB Disk space

Antivirus Exclusion:

  • Norskale Broker Service.exe
  • Norskale Broker Service Configuration Utility.exe
  • Norskale Database Management Utility.exe

Administration Console

Supported operating systems:

  • Windows 10 Version 1607 and newer (32-Bit and 64-Bit)
  • Windows 11 (32-Bit and 64-Bit)
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

Minimum hardware:

  • Dual Core Processor
  • 2 GB RAM
  • 40 MB Disk space (100 MB during installation)

Agent

Supported operating systems:

  • Windows 7 SP1 Professional, Enterprise and Ultimate Editions (32-Bit and 64-Bit)
  • Windows 8.1 Professional and Enterprise Editions (32-Bit and 64-Bit)
  • Windows 10 Version 1607 and newer (32-Bit and 64-Bit)
  • Windows 11 (32-Bit and 64-Bit)
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

Minimum hardware:

  • 20 MB RAM Consumption
  • 40 MB Disk space(100 MB during installation)

Antivirus Exclusion:

  • Citrix.Wem.Agent.Service.exe
  • Citrix.Wem.Agent.LogonService.exe
  • VUEMUIAgent.exe
  • Agent Log Parser.exe
  • AgentCacheUtility.exe
  • AppsMgmtUtil.exe
  • PrnsMgmtUtil.exe
  • VUEMAppCmd.exe
  • VUEMAppCmdDbg.exe
  • VUEMAppHide.exe
  • VUEMCmdAgent.exe
  • VUEMMaintMsg.exe
  • VUEMRSAV.exe

Port overview

SourceDestinationTypePortDetails
Infrastructure serviceAgent hostTCP49752“Agent port”. Listening port on the agent host that receives instructions from the infrastructure service.
Administration consoleInfrastructure serviceTCP8284“Administration port”. Port on which the administration console connects to the infrastructure service.
AgentInfrastructure serviceTCP8286“Agent service port”. Port on which the agent connects to the infrastructure server.
Agent cache synchronization processInfrastructure serviceTCP8285“Cache synchronization port”. Applicable to Workspace Environment Management 1909 and earlier; replaced by Cached data synchronization port in Workspace Environment Management 1912 and later. Port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server.
Agent cache synchronization processInfrastructure serviceTCP8288“Cached data synchronization port”. Applicable to Workspace Environment Management 1912 and later; replaces Cache synchronization port of Workspace Environment Management 1909 and earlier. Port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server.
Infrastructure serviceCitrix License ServerTCP27000“Citrix License Server port”. The port on which the Citrix License Server is listening and to which the infrastructure service then connects to validate licensing.
Infrastructure serviceCitrix License ServerTCP7279The port used by the dedicated Citrix component (daemon) in the Citrix License Server to validate licensing.
Monitoring serviceInfrastructure serviceTCP8287“WEM monitoring port”. Listening port on the infrastructure server used by the monitoring service. (Not yet implemented.)

Upgrade path to Version 2012

The following in-place upgrade scenarios are supported:

FromToIn-place upgrade supported
4.6 and older4.7Yes
4.6 and older1808 or newerNo (Intermediate step to 4.7 is required)
4.71808 or newerYes

Installation

  • Check your license server for the correct Citrix version (Advanced or Premium) and a Customer Success Service that has not yet expired
  • Download and extract the new WEM package
Workspace Environment Management 2206

Citrix Infrastructure Server

  • On the WEM Broker, run and install the extracted Citrix Workspace Environment Management Infrastructure Services Setup.exe
WEM 2206 Files
  • In the installation menu, click Next until Setup Type
WEM Infrastructure Services
  • Select Complete and finish the installation
Citrix Workspace Environment Management Infrastructure Services

Citrix WEM Database

  • Then run the Database Management Utility tool to create the WEM database
  • Now click on Create Database
WEM Database Management Utility
  • Enter the existing login data for the SQL Server in the following windows
Database Creation Wizard
  • Possibly store an alternative account for the connection. Otherwise, the currently logged in user will be created to connect to the SQL Server and create the database.

    If the logged-in user does not have sufficient rights, alternative credentials can be stored here. Deselect the item “Use integrated connection (Windows credentials)” and then enter them.
Database Server Credentials
  • Defines the initial administrators under VUEM Administrators
  • Under Database Security you can define which user will be used for the later communication between SQL and WEM.

    If “Use Windows authentication for infrastructure service database connection” is selected, the default user (vuemUser) is not used for the connection, but the one stored there. With “Set vuemUser SQL User account password” the password for the vuemUser can be set. This is required for a SQL Server Always On availability group.
VUEM Administrators Database Security
  • Check the settings and start the procedure with Create Database
Database Information Summary
  • Confirm the creation of the database
Database created successfully!
  • After the successful creation of the database, the configuration must be checked via the WEM Infrastructure Service Configuration Utility.
  • Under Database Settings the stored database data can be checked and corrected.
WEM Infrastructure Service Configuration Database Settings
  • In the Network Settings tab, you can see the ports currently in use. This should be left in the default.
WEM Infrastructure Service Configuration Network Settings
  • In Advanced Settings the user for the connection between WEM and SQL Server can also be defined (Enable Windows account impersonation). Note that this user needs local administration rights on the WEM infrastructure server and must be db_owner in the SQL database for the WEM DB. The password for the vuemUser chosen during the DB creation must also be stored under “Set vuemUser SQL user account password“.
WEM Infrastructure Service Configuration Advanced Settings
  • In Database Maintenance, database housekeeping should be enabled under Enable scheduled database maintenance
WEM Infrastructure Service Database Maintenance
  • Check the Licensing and the Database Settings tab
WEM Infrastructure Service Configuration Licensing
  • Click Save Configuration and restart the Broker service
Broker Service Restart

Citrix WEM Agent

The following points should be considered before installing the WEM Agent software:

  1. Ensure that no user is logged in on the target device anymore
  2. The version of the WEM Infrastructure Server must be equal to or greater than that of the WEM Agent
  • Start the Citrix Workspace Environment Management Agent Setup.exe file on the target device.
WEM Files 2206
  • Confirm the License Agreement with the checkbox and start with the click on Install
Citrix Workspace Environment Management Agent
  • Click Next in the following window
Citrix Workspace Environment Management Agent Setup Wizard
  • Note the changed path here (No Norskale mention)
Citrix Workspace Environment Management Agent Destination Folder
  • Since WEM version 1909 there is only one agent for on-premises and cloud, so select your Deployment Type here
Citrix Workspace Environment Management Agent Deployment Type
  • Now define your infrastructure server and ports for on-premises deployment
Citrix Workspace Environment Management Agent Configure the Infrastructure Service
  • For cloud environments, the cloud connector must be entered here
Citrix Workspace Environment Management Agent Configure Citrix Cloud Connectors
  • Then define the alternative cache location (PVS & MCS deployments) & a delay for Published Apps via VUEMAppCmd
Advanced Settings
  • Confirm the settings in this window with Install
Ready to install Citrix Workspace Environment Management Agent
  • After the installation, the new agent should appear in the Administration Console
Citrix Workspace Environment Management Agent Installation Successfully Completed

Troubleshooting

If the cache is not stored by the WEM Agent on the persistent disk of the worker, it must be refreshed at every start. This can be done either by Script (Scheduled Task) or by BIS-F.

BIs-F Configure the WEM Agent Startup Cache Option

WEM Tools

With the WEM Agent, several cool tools are installed along with it, which are not really well documented.

The path for these tools is on the worker:

C:\Program Files (x86)\Citrix\Workspace Environment Management Agent\

C:\Program Files (x86)\Citrix\Workspace Environment Management Agent

Agent Log Parser

The Agent Log Parser (Agent Log Parser.exe) is my favorite tool for checking the WEM log files created under the user profile.

WEM Logs

Hereby one has the possibility to define different filters for the log files, e.g. to filter all entries concerning the application assignment.

WEM Agent Log Parser Log Filtering

The log file is also indexed and it shows how often each event type (Event, Exception or Warning) occurs.

Agent Log Parser

Agent Cache Utility

Agent Cache Utility (AgentCacheUtility.exe) is not a GUI tool, but it can be used to refresh the WEM Agent cache via shell. The above mentioned script also uses this tool.

AgentCacheUtility.exe

Agent Configuration Utility

The Agent Configuration Utility (AgentConfigurationUtility.exe), which is also not a GUI tool, can be used to change the local agent to communicate with another WEM broker.

Agent Configuration Utility

Apps Management Utility

The Apps Management Utility (AppsMgmtUtil.exe) is a GUI with which the user can independently place icons (desktop, start menu, etc.). With this he can also place applications that are assigned to the user, but where the admin has not initially placed the icon anywhere.

Manage Applications

If you right-click on the WEM Agent, you can access this tool via Manage Applications.

Manage Applications

However, this must be allowed to the user (Allow Users to Manage Applications) via WEM Administration Console (Advanced Settings / UI Agent Personalization).

Advanced Settings / UI Agent Personalization

Printers Management Utility

The counterpart for the printer assignment is the Printers Management Utility (PrnsMgmtUtil.exe), with which the user can easily assign provided printers and independently select a default printer.

PrnsMgmtUtil.exe

If you right-click on the WEM Agent, you can access this tool via Manage Printers.

Manage Printers

However, this must be allowed to the user (Allow Users to Manage Printers) via WEM Administration Console (Advanced Settings / UI Agent Personalization).

Advanced Settings / UI Agent Personalization

Reset Actions Utility

With the Reset Actions Utility (ResetActionsUtil.exe) the user can independently reset his assigned actions (e.g. Applications. Registry Values or Environment Settings).

ResetActionsUtil.exe

However, this must be allowed to the user (Allow Users to Reset Actions) via WEM Administration Console (Advanced Settings / UI Agent Personalization).

Advanced Settings / UI Agent Personalization

VUEMAppCMD

VUEMAppCMD (VUEMAppCmd.exe) can be used to ensure that a published application is not started until the complete environment has already been loaded.

Suppose an application requires a specific drive, variable, or other environment setting before launching so that it start cleanly. Basically, VUEMAppCMD wait exactly for WEM to finish processing and then start the application.

VUEMAppCMD

Resultant Actions Viewer

The Resultant Actions Viewer (VUEMRSAV.exe) can be used to check which WEM settings and actions have been assigned (as well as the responsible filters). Furthermore it shows what was excluded and why.

Resultant Actions Viewer

Under the Logs tab, the Citrix WEM Agent.log file from the respective user profile is evaluated.

The “Debug Mode” button can be used to activate debug logging in the respective session without having to activate it globally.

Leave a Reply

Your email address will not be published. Required fields are marked *

* I consent to having this website store my submitted information so they can respond to my inquiry.