VDI-in-a-Box 5.1: Client Side Printing (CTX134348)
Printing with Citrix VDI-in-a-Box
Requirements for completing the task. This includes specific knowledge and/or hardware and software requirements:
• VDI-in-a-Box 5.1 (or later) grid
• Citrix Universal Print Server 1.0 (or later)
• At least one network or local printer, depending on use case.
• Windows 2008R2 Server with domain and printing services, depending on use case.
This document is intended to provide information regarding different printing concepts with VDI-in-a-Box. We will cover the different methods of installing print drivers in the virtual desktops, printer redirection, and location-based printing. Depending on the deployment environment, checking one box can configure printing, or it can be more complicated where different printers and drivers need to be used.
This section describes the simplest method available: enabling printer redirection. Enabling this feature will connect all the printers available on the client device into the virtual desktop. This works for all types of printers including local, network, or even wireless. Since these printers are already configured on the client device there is no need to configure or install drivers on the virtual desktops.
Printer Redirection is a great feature but does not resolve all customer’s needs, hence the need for other types of printing options described in this document. In many cases there will be thin clients, mobile devices, or personal computers that do not have the ability to use required printers. An administrator can always combine the Printer Redirection method with any of the other methods described later in this document.
How to configure Printer Redirection in VDI-in-a-Box:
This section describes the two methods available to use print drivers within VDI-in-a-Box: The Citrix Universal Print Server (Citrix UPS) or vendor/native print drivers. Depending on how HDX print policies are configured it is possible to use a combination of native drivers and Citrix UPS. This might be necessary when Citrix UPS is used by a majority of printers, while some specialty printers may require native print drivers. Any combination of these print drivers can be used with the deployment methods described later in this document.
Citrix Universal Print Server
The Citrix UPS can be used to reduce print driver clutter and to improve bandwidth consumption during print jobs. This allows for a single “generic” driver called the Citrix Universal Print Driver to be used on the VDI-in-a-Box virtual desktops. With the exception of some specialty printers, this solution will work with almost all printers (local, network, wireless). Citrix UPS has several components that work together to accomplish this:
• Citrix UPS Server running on a Windows Server with the Print and Document Services role.
• Citrix HDX Group Policy Management running on a Windows domain controller.
• Citrix UPS Client agent running on the VDI-in-a-Box golden image(s).
Please reference http://support.citrix.com/proddocs/topic/technologies/ps-printing-universal-network.html for specific installation instructions. These may change with updates to the Citrix UPS product but we will discuss the basic workflow to get it working with VDI-in-a-Box. The instructions below assume the same Windows 2008R2 Server will be used to be a domain controller and print server:
1. Download the latest Citrix UPS package from http://citrix.com.
2. Unzip the contents and place on a network share for easy access.
3. Install the Citrix HDX Group Policy Management package onto the Windows 2008R2 Server.
4. Install the Citrix UPS Server package onto the same Windows 2008R2 Server. This will also enable the Printing and Document Services role.
5. Create or Edit a VDI-in-a-Box golden image.
6. Log into the draft image as an administrator.
7. Connect to the network share to access the Citrix UPS package.
8. Install the Citrix UPS Client package onto the desktop.
9. Log out of the golden image.
10. Configure a Citrix HDX Printing Group Policy.
11. Test and publish the golden image.
Complete the following steps if the Citrix Print Manager service does not start on the VDI-in-a-Box desktops after being published. This can be verified by logging into a desktop, opening services.msc, and confirming the Citrix Print Manager Service is started. The following instructions will use Windows Task Scheduler to start the Citrix Print Manager service on the desktops, but Group Policy and logon scripts can be used instead.
12. Edit the golden image.
13. Log into the draft image using as an administrator.
14. Create a new batch file containing the file command:
net start cpsvc
15. Save the batch file into a location such as the C: drive (not in the administrator’s profile).
16. Open Windows Task Scheduler.
17. Create a New Task and give it a name such as Citrix Print Service.
a. General Tab: For Security options change the User or Group to include all domain users and to run whether user is logged on or not. Select the correct operating system in the Configure for dropdown menu.
b. Triggers Tab: Select the option to begin the task at startup.
c. Action Tab: Select the option to start a program. Click Browse and select the batch file created in the earlier step.
18. Save the Citrix Print Service Task.
19. Save/Publish the Golden Image and verify the task runs as scheduled.
20. Once logged into a published desktop, open services.msc from the Windows Start menu and confirm the Citrix Print Manager Service is started.
This method is typically used if the Citrix UPS is not used or if there is a specialty printing device which the Citrix universal print driver does not work with. If the only option is to install the vendor drivers it would be done in the same manner as on physical computer. Another reason for native vendor drivers is when deploying VDI-in-a-Box in workgroup mode and no Active Directory exists in the environment. This will work with local, network, and wireless printers.
In most cases to reduce the need for end-user interaction, it is possible to install the print drivers on the VDI-in-a-Box golden image. If using a print server it is also possible to deploy the drivers (discussed later in this document) from the server. In a print server scenario it is not necessary to always install the drivers in the golden image as the drivers will be installed during user sessions when a printer is connected. However, this can consume additional bandwidth and there could be permission issues if the user is not able to install software/drivers onto the virtual desktop.
The primary benefit of installing vendor-specific drivers is full support and functionality of printer features. There are some printers that have advanced functionality that may not work if using a generic driver, thus, the vendor driver should be used instead. It is recommended to stay with Citrix UPS and only fallback to native drivers if certain printing functionality is desired.
There are several methods available to assign printers to specific computers or users in Active Directory. The methods described in this document usually require a Windows Server with the Print and Documents Services role in combination with any sort of print driver (vendor or Citrix Universal Printing) and HDX Group Policy Management.
Location-Based Printing, also known as Proximity printing, allows an administrator to ease the burden of printer deployments in VDI. In many cases the user will need to access a different printer, typically based on the client’s physical location or possibly Active Directory membership. 3rd party print management software can also handle location-based printing but will not be discussed in this document.
Windows Server Printer Deployments
Active Directory and Group Policy allow administrators to configure location-based printing without the need for 3rd party solutions. The methods described in this document may not work well in all environments but administrators can take this information and apply it using other means. There are two basic requirements for deploying printers using these methods: (1) Windows Server domain controller, (2) Windows Server with Print and Documents Services role. These roles do not have to reside on the same Windows Server but there is not technical limitation preventing one from doing so.
The first step is to decide what type of drivers to use for the VDI-in-a-Box virtual desktops. Review the Print Drivers section earlier in this document to decide if vendor drivers or the Citrix Universal Print Service will be a better choice. In most cases it is recommended to use Citrix UPS to reduce print driver clutter and reduce bandwidth consumption when print jobs are in progress. The steps describes in this section will be the same regardless of the type of print driver one decides to use.
The next step in the process is deciding how printers will be assigned. If all VDI-in-a-Box golden images are joined to the same OU within Active Directory, most likely you will filter printing policies based on group membership. For the time being, OU assignments are configured at the golden image level within VDI-in-a-Box. Until this is changed to the template level, an administrator would be required to create a new golden image for each OU if filtering policies based on this requirement. This is not sustainable until VDI-in-a-Box allows OU assignment to be at the template level instead.
For smaller VDI-in-a-Box deployments it might make sense to filter group policy based on OU. For example, take a customer who has 3 distinct user types requiring 3 golden images (each image having vastly difference types of installed applications). The VDI-in-a-Box administrator can create a parent called VDI-Desktops, and 3 child OUs such as Finance, Sales, Engineering. The 3 golden images would be joined to the respective OU’s within Active Directory and printing group policies can be assigned to each OU.
For most VDI-in-a-Box deployments it is easier to assign printing group policies on group membership. In many cases there might only be a single (or a few) golden images, all joined to the same OU. The administrator can create a GPO for each set of printers to be used by specific groups of users. This is a good solution when network printers are already deployed by location based on group membership. An example would when printers are deployed by department because those users typically sit near each other. In such a case the administrator would create a GPO with an assigned printer and then filter it based on group membership. This way each member of the group will have access to the printer(s) from the VDI-in-a-Box virtual desktop.
The following section describes a VDI-in-a-Box deployment where Windows Server 2008R2 is used as a domain controller and print server. The Citrix Universal Print Server has been installed and configured to reduce print driver clutter, and the administrator has decided to deploy network printers to the virtual desktops based on Active Directory group membership. Each department already has their own network printer(s) configured on the Windows Server using the Printer and Documents Services role.
1. Create an OU called VDI-Desktops. The DN is OU=VDI-Desktops,DC=company,DC=com.
2. Install the Citrix Universal Print Server components onto the Windows Server. This includes the HDX Group Policy Management component.
3. Install and configure VDI-in-a-Box with one golden image.
• Install the Citrix Universal Print Server Client agent.
• Prepare the image and join it to the VDI-Desktops OU.
4. Create templates for the three departments that will use ViaB desktops. Ensure the Printer Redirection item is disabled.
• Finance Desktop template.
• Marketing Desktop template.
• Inside Sales Desktop template.
5. Open Group Policy Management Editor on the domain controller.
6. Create a new GPO assigned to the VDI-Desktops OU and configure Citrix policy to use the Citrix Universal Print Server. Please refer to specific instructions found in the Citrix UPS section of this document.
7. Create a new GPO for each department in the VDI-Desktops OU and use a naming convention that is easy to understand, such as Finance – Citrix Printers.
8. Select each departmental printing GPO and adjust the Security Filtering to only include the respective groups. For example, remove Authenticated Users and add the Finance Security Group to the Finance – Citrix Printers GPO. Do this for all the departments.
9. Open the Print Management tool on the Windows Server.
10. Drill down to the Print Servers > Server Name > Printers section.
11. Right-click the printer used by the Finance department and select Deploy with Group Policy.
12. Click Browse in the Group Policy Object > GPO name section and select the Finance – Citrix Printer GPO found in the VDI-Desktops OU.
13. Select the option to deploy this printer to computers this GPO applies to and click Add.
14. Click OK and repeat steps 11-13 for each department.
15. Spin up desktops for each VDI-in-a-Box template.
16. Log into each of the departmental desktops to confirm the printer(s) have been installed and can be used by printing a test page.
This example can be used as a basis if such policies do not already exist, but can be altered to fit the needs of any particular environment. Aside from the Citrix HDX Printing GPO describes later in this document, deploying prints via Active Directory is one of the best methods available. It allows for central management of all network printers and the ability to make policy changes without much effort.
Assigning printers based on group or computer membership can be more reliable than basing the policies on client IP addresses. Why? Let’s say an organization only has one subnet for client devices and is using DHCP without reservations. The client IP addresses will change consistently so it will not be possibly to apply policies based on client IP addresses. Assigning printers based on client IP address is most useful if using Static IP addresses, segmented DHCP scopes (or Static/reserved IP addresses) for specific locations or departments, or in kiosk-type situations. In most cases a library or school lab will have static IP addresses for the client, thus it is possible to assign these types of policies.
Windows Logon Scripts
It is possible to write custom logon scripts to connect network printers based on client location. This document does not describe the type of script to use as this will greatly vary amongst deployments. VDI-in-a-Box writes the client device IP address into the registry, allowing an administrator to use a script to assign a network printer based on this registry key. This solution can be used with most typical network print server deployments or the Citrix Universal Print Server.
The client IP address is written to the following registry location:
The data field for endPointAddress can be extracted and used by a script. An example would be a school with Computer Science and Biology labs where students are able to bring their own laptops. Each lab has its own DHCP scope, allowing the administrator to write a script that assigns the Computer Science network printer to VDI-in-a-Box desktops only when students are connected from the Computer Science network. The same will happen for the Biology lab, even if a student disconnects from the Computer Science lab and reconnects to the VDI-in-a-Box desktop from the Biology lab.
Citrix HDX Printing Group Policies
VDI-in-a-Box does not currently support the HDX polices to assign default printers, session printers, or assign printers based on client IP address. Other policies, including Citrix Universal Print Server polices, are supported by VDI-in-a-Box.
Additional background or reference information not previously described goes here.
Include the following disclaimer if this article contains changes to code that are not supported by Citrix:
The above mentioned sample code is provided to you AS IS with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.