Citrix Architecture – On Premises

When Citrix released XenApp and XenDesktop 7.x, they also changed the architecture. I version 6.5 and earlier, the architecture was called IMA or Independent Management Architecture. This article will describe the new Citrix architecture, also called FMA.


Citrix Architecture FMA
Citrix Architecture FMA – Click to enlarge

The FMA architecture is buildup of five layers:

  • User Layer
  • Access Layer
  • Resource Layer
  • Control Layer
  • Hardware Layer

I will go through of these layers and explain what each layer contains and how these layers communicate with one another. I will recommend that you look at the overview at the same as your are reading the following.

User Layer

This is where you have your users, end points and this is where you will find the Citrix Receiver. Everything that has to do with the end user. The Citrix Receiver connects to the Netscaler in the Access Layer by using SSL (port 443). A public signed certificate is needed to create this connection.

Access Layer

This layer contains the components that the user needs to access their apps and data. Netscaler Gateway is one the components. This is needed for creating secure access. The user is connecting from Citrix Receiver to Netscaler Gateway using a secure connection. When the user is logged in, apps are being presented from the Storefront. Netscaler and Storefront communicate with HTTP or HTTPS.

Control Layer

You will find all your tools to control your XenApp / XenDesktop solution in this layer. Here is a list of the components:

  • Studio – Managing apps and users.
  • Director – Overview of performance.
  • License Server – All Citrix products use a central license server for all your Citrix licenses.
  • Active Directory – Your Microsoft directory service.
  • SQL Database – XenApp and XenDesktop needs a database to store all settings and resources.

The last component is the delivery controller. Some also call it the broker. When the user is requesting a resource, the delivery controller locates the resource from database. After that, it sets up a connection between the VDA on the resource and the Receiver through the Netscaler. Once that is done, all traffic goes from the Receiver to the Netscaler to the VDA and back. The Storefront communicates with the delivery controller on port 80 and 443.

Resource Layer

As the name says, this is where you have all your resources for your users. Everything from:

  • Pooled Desktops
  • Dedicated Desktops
  • Applications

In other words. All your VDAs. When a user request an application or a desktop, this is where it is being launched. The VDA communicates with the delivery controller on port 80 or 443. Once the session is launched, the VDA communicates with Netscaler on port 80 or 443.

Hardware Layer

All the layers that we just talked about needs hardware. As you can see on the overview, the hardware is underneath all the other layers. The hardware layer is where you have you physical servers and your hypervisor.

Wrap Up

This is how the Citrix Architecture is build up. At least when we talk about on premises. If you have any questions about this, please write a comment or send a message using the contact form.

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *