citrix-infrastructure-design

This skill provides guidance for designing and architecting Citrix infrastructure, including component sizing, high availability patterns, multi-site deployments, and disaster recovery planning.

Single-Site Architecture

Components:

• 2+ Delivery Controllers (N+1 redundancy)
• SQL Server (AlwaysOn or mirroring)
• StoreFront server group (2-5 servers)
• NetScaler ADC HA pair
• Hypervisor cluster

Use Cases:

• Small to medium deployments
• Single geographic location
• Simpler management requirements

Multi-Site Architecture

Components per site:

• Local Delivery Controllers
• Local StoreFront servers
• Local database replica
• Zone configuration in single site

Cross-site components:

• GSLB for user routing
• Database replication
• Image management strategy

Use Cases:

• Geographic distribution
• DR requirements
• Regional performance needs

Citrix Cloud Hybrid

Citrix Cloud (managed):

• Delivery Controllers
• Site database
• Studio/Director
• Licensing
• Gateway Service

Customer managed:

• Cloud Connectors (2+ per location)
• VDAs and applications
• Hypervisor/cloud infrastructure
• Active Directory

Benefits:

• Reduced infrastructure
• Automatic updates
• Built-in redundancy

Delivery Controllers

| VDAs | Controllers | vCPU | Memory | Notes |

|------|-------------|------|--------|-------|

| <500 | 2 | 4 | 8 GB | Minimum HA |

| 500-2500 | 2 | 4 | 8 GB | Standard |

| 2500-5000 | 3 | 8 | 16 GB | Medium |

| 5000-10000 | 4 | 8 | 16 GB | Large |

| 10000+ | 5+ | 8 | 16 GB | Enterprise |

Placement:

• Anti-affinity rules across hosts
• Different failure domains
• Separate from other workloads

SQL Database

| VDAs | SQL Tier | IOPS | Notes |

|------|----------|------|-------|

| <1000 | Standard | 500 | SQL Express possible |

| 1000-3000 | Standard | 1000 | Dedicated SQL |

| 3000-5000 | Enterprise | 2000 | AlwaysOn |

| 5000+ | Enterprise | 3000+ | AlwaysOn AG |

Database sizing:

• Site DB: 500 MB - 2 GB
• Logging DB: Grows based on retention
• Monitoring DB: Grows based on retention

VDA Sizing

Single-Session (VDI):

| Workload | vCPU | Memory | Storage IOPS |

|----------|------|--------|--------------|

| Task Worker | 2 | 4 GB | 20-30 |

| Knowledge Worker | 2-4 | 6-8 GB | 40-60 |

| Power User | 4-6 | 8-16 GB | 80-100 |

Multi-Session (RDSH):

| Users/Server | vCPU | Memory | Storage IOPS |

|--------------|------|--------|--------------|

| 10-15 | 8 | 32 GB | 100-150 |

| 15-25 | 12 | 48 GB | 150-200 |

| 25-40 | 16 | 64 GB | 200-300 |

Storage Considerations

MCS Requirements:

• Identity disk: 16 MB per VM (fixed)
• Difference disk: 10-40 GB (grows with writes)
• Write cache: 10-20 GB SSD/NVMe recommended

IOPS Guidelines:

• Boot storm: 50-100 IOPS per VM (brief)
• Steady state: 5-30 IOPS per VM
• Use MCS I/O with RAM cache to reduce storage load

Controller Redundancy

```powershell

# Local Host Cache provides outage protection

# Minimum 2 controllers per site

# Controllers share site database

# Automatic failover to LHC during outage

```

LHC Capabilities:

• VDA registration
• Session brokering
• Power management
• Some policy application

LHC Limitations:

• No new configurations
• No monitoring data
• Limited reporting

Database HA

SQL AlwaysOn Availability Groups (Recommended):

• Synchronous replication within site
• Automatic failover
• Multiple readable secondaries

SQL Mirroring:

• Simpler setup
• Single secondary
• Manual or automatic failover

Connection String:

```

Server=SQLListener.domain.com;Database=CitrixSite;

MultiSubnetFailover=True;Integrated Security=True

```

StoreFront HA

• Server group with 2-5 members
• Sub-40ms latency required
• Configuration auto-synchronized
• Load balanced via NetScaler or NLB

NetScaler HA

• Active/Passive or Active/Active
• Synchronous configuration
• Virtual MAC for seamless failover
• Health monitoring for backend services

VLAN Segmentation

| VLAN | Purpose | Access |

|------|---------|--------|

| Management | Controllers, SQL, Admin | Restricted |

| VDA | Desktop/App servers | User access |

| DMZ | Gateway, StoreFront external | Internet |

| Storage | SAN/NAS traffic | Infrastructure |

Firewall Requirements

User to StoreFront:

• 443/TCP (HTTPS)

StoreFront to Controller:

• 80/TCP (HTTP)
• 443/TCP (HTTPS)

User to VDA (internal):

• 1494/TCP (ICA)
• 2598/TCP (Session Reliability)
• 443/TCP (TLS)

VDA to Controller:

• 80/TCP (Registration)
• 443/TCP (Secure registration)

Bandwidth Planning

| Session Type | Bandwidth |

|-------------|-----------|

| Task worker | 50-150 Kbps |

| Office apps | 150-250 Kbps |

| Web/email | 250-500 Kbps |

| Graphics | 1-3 Mbps |

| Video | 2-5 Mbps |

RTO/RPO Objectives

| Tier | RTO | RPO | Strategy |

|------|-----|-----|----------|

| 1 | <1 hr | Near-zero | Active/Active |

| 2 | 1-4 hr | <1 hr | Warm standby |

| 3 | 4-24 hr | <4 hr | Cold standby |

Active/Active Design

• Controllers at both sites
• GSLB routes users to nearest site
• Real-time database replication
• Both sites handle production load
• Automatic failover

Active/Passive Design

• Secondary site in standby
• Asynchronous replication acceptable
• Manual or automated failover
• Lower cost than active/active
• Longer RTO

DR Considerations

Non-persistent VDI advantages:

• No VM replication needed
• Rapid provisioning at DR site
• Only master images replicated
• Lower storage costs

Key data to replicate:

• Site database
• Master images
• User profiles (if persistent)
• Application data

Scalability

1. Design for growth - Size for 3-5 year projection
2. Use zones - Separate workloads by zone
3. Catalog organization - Group by OS, workload, location
4. Delivery group strategy - Align with user groups

Performance

1. MCS I/O - Use RAM cache with disk overflow
2. Storage tiering - SSD for write cache, HDD for read
3. Network optimization - EDT, Multi-Stream ICA
4. Profile optimization - Streaming, exclusions

Security

1. Segmentation - Isolate management plane
2. Encryption - TLS for all communications
3. MFA - Required for external access
4. Least privilege - RBAC for administration

Operations

1. Monitoring - Director, SCOM, third-party
2. Alerting - Proactive threshold alerts
3. Automation - PowerShell for routine tasks
4. Documentation - Architecture, runbooks, DR

For detailed design guidance, see:

• citrix-knowledge/domain-knowledge/comprehensive-citrix-knowledge.md
• citrix-knowledge/architecture/ for design patterns
• citrix-knowledge/templates/ for documentation templates