Connecting Thinstation Linux 5.1 Diskless Clients to a Citrix XenApp Farm

This material was compiled to describe the sequence of actions for turning obsolete computer equipment into full-fledged terminal diskless clients loaded over the network. There is enough such information on the Internet now, and although it is aimed at solving the same problem, still, basically, there is a description of Remote Desktop (RDP) connections, less often VMWare View. Here, as you can guess from the name, everything that is needed to connect a Thinstation Linux based diskless client to the Citrix XenApp 6 server farm will be described. This article is not a step-by-step instruction and is not intended for beginners.

Image and configuration download server

To download images over the network, DHCP and TFTP servers are required. The boot server can be deployed on Linux and on Windows, practically I used the configuration on Linux, so the emphasis here will be on this option, nevertheless, it can all be successfully configured on Windows as well. The process of installing and configuring a DHCP and TFTP server is trivial, but we will need to specify additional parameters.

For dhcpd, the following lines are required in dhcpd.conf:
filename "pxelinux.0";
next-server X.X.X.X;
where XXXX is the IP address of the TFTP server where our Thinstation Linux images will be hosted.

For DHCP under Windows Server, you need to add options 067 and 066 with the values ​​that were given above for dhcpd. As for the TFTP server, under Windows there is tftpd32, it can work as a service, and has all the necessary functions. Under Linux, xinetd, which is available in many distributions, is perfect.

Configuration file /etc/xinetd.d/tftp:
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
As you can see from the above file, everything available for download, images and Thinstation Linux configuration files will be located in our / tftpboot directory.

Preparing Citrix XenApp to Connect Citrix Clients to Linux

Installing and configuring a Citrix XenApp server farm is beyond the scope of this article; it is understood that the farm already exists and is running. For Thinstation Linux citrix clients to successfully connect to the farm, the following configuration changes are required:
  • Publish the desktop as an application (let's call it Desktop) and add to it all the farm servers on which you plan to start users.
  • Set the Desktop Launches user policy to Allowed state. You can enable the Desktop Launches policy not globally for the entire farm, but only on the farm servers on which our Desktop application is published. To do this, on each such server you need to open the local group policy editor (gpedit.msc) and then in the user configuration, enable the Desktop Launches policy in Citrix Policies.

In addition to configuration changes, it is not superfluous to take into account the following:
  • Citrix Web Interface, Citrix Secure Gateway (as well as Access Gateway, Netscaler, etc.) are not involved in the connection of our diskless clients. The brokers for the connection are the servers specified in the Thinstation Linux configuration ( You can make all servers brokers, or you can assign this role to separate, less loaded servers.
  • The Linux Citrix client does not support Session Reliability and connects via standard XML (TCP / 80 or TCP / 8080 depending on the configuration) + ICA TCP / 1494, or via SSL Relay (TCP / 443 by default).
  • The Linux Citrix client does not support connection priorities for worker groups, i.e. no specially configured Load Balancing Policies will work.

Build and configure a Thinstation Linux boot image

Download the latest release of Thinstation Linux, and prepare for assembly. The commands are executed from root, it is understood that the environment for building Thinstation Linux is loaded and will work in / thinstation:
cd /
git clone --depth 1 git://
cd thinstation
cd /thinstation/build

Next, we edit the configuration files build.conf and thinstation.conf.buildtime according to our requirements. In the future, you can fine-tune everything, make different configurations for different hardware, remove everything superfluous to minimize the image size, etc., but for a start it is better to do everything as simple as possible to avoid errors due to additional complications. Therefore, I will only mention important parameters that need to be uncommented in build.conf, modules can be ignored, because this is our first test assembly without optimizations, so we will build an image with all the modules:

package xorg7-vesa
package ica
package sshd

param rootpasswd <пароль рута>
param basepath .
param icaencryption true

thinstation.conf.buildtime, which comes by default in the Thinstation Linux distribution, is better to copy to a separate file, and create a new one with the following contents:
NET_TIME_SERVER=<ваш NTP сервер, FQDN-имя или IP-адрес>
Do not forget to specify your NTP server.

Download the linuxx86_12.1.0.203066.tar.gz file from here:
and put it in / thinstation / downloads. The build script of Thinstation Linux can also download what you need during the build process, I'm just used to using my distributions.

We start image assembly:
cd /thinstation
cd build
./build --allmodules
During the assembly process, the installation of the citrix client will begin, which will ask questions, the answers to them will be given there by the Thinstation Linux build script.

At the end of the build process, go to the directory / thinstation / build / packages / ica / opt / Citrix / ICAClient / config and fix the file appsrv.ini.tpl. By default, the citrix client installed in Thinstation Linux can only connect to the specified XenApp server, which does not meet our requirements. We need to connect to the application published on the XenApp server farm, this ensures greater reliability and fault tolerance of the solution. The client is not tied to a specific server, and when connected, the broker switches the client to the least loaded server of the farm. It goes without saying that in this case the servers should be identical in configuration and users should have roaming profiles configured correctly, but this is a separate issue.

Let's bring appsrv.ini.tpl to the following form:
WinStationDriver=ICA 3.0
If SSL Relay is configured on your XenApp farm and you want to protect your connections with SSL, copy the root certificate file from your CA to / thinstation / build / packages / ica / opt / Citrix / ICAClient / keystore / cacerts. The certificate file should be in pem format, it worked for me right away in this format, maybe another one will work, I haven’t tried it.

Again we start image assembly:
cd /thinstation
cd build
./build --allmodules

After the assembly is completed, the files we need will appear in the / thinstation / build / boot-images / pxe directory. Copy the contents of / thinstation / build / boot-images / pxe to / tftpboot.

Create,,, thinstation.hosts: in / tftpboot
Be sure to include the full FQDNs of the XenApp farm broker servers. You can specify many of these servers by increasing the number at the end of the HttpBrowserAddress X parameter . The real maximum is unknown to me, it definitely works with ten. It also implies that the XML service is configured on port 8080, correct this parameter if you have a different port. If SSL Relay is configured on your XenApp farm and you want to protect your connections with SSL, set ICA_BROWSER_PROTOCOL = HTTPSonSSL.

# Hostname	MAC		Resolution	Mouse_settings	Session
thinstation1	001122334455	1280@60		mouse		desktop
The entries “thinstation1”, “001122334455”, “1280 @ 60”, “mouse”, “desktop” indicate that the host with the mac address 001122334455 needs to be named thinstation1 and apply the settings specified in the files 1280 @ 60, and, respectively. In the same way, you can make different settings files with different resolutions, mouse sensitivity settings and connections to different resources.

Diskless client preparation

System requirements: network card with support for downloading via the PXE LAN BOOTROM network and 512Mb RAM. If you fine-tune the image for iron, exclude everything superfluous, and if the computer has a motherboard with integrated video, then configure the RAM reservation in the BIOS for video memory less (2-8MB), then you can shrink 256Mb as well, but I would recommend having would be 320Mb.
Of the settings, the main thing that is required is to enable network boot in the BIOS, and the BIOS should have the correct time, otherwise there may be problems with the SSL connection (certificate validity period errors).

What is the result and how does it look

The goal was to make the diskless client work as close as possible to the local computer, so there are no additional shells, the citrix client starts immediately, and connects to the XenApp farm according to the configuration. At the end of the download, the user immediately sees the Windows login screen:

Thank you for attention.

Also popular now: