I’m excited to introduce you to the StoreFront 3.1 Tech Preview, which is available for download here (your Citrix login is required).

The main features for this Tech Preview include a new Administration Console and a new Administration PowerShell SDK. These will make StoreFront administration much easier.

In the past, we’d gotten lots of feedback that the existing StoreFront Administration Console is not adequate for many deployment scenarios, making it necessary for administrators to have to resolve to run PowerShell commands or edit web.config. Also, it couldn’t be configured with different authentication settings for different stores is a big obstacle for many organizations.

We’ve been working hard in the last year to address all these concerns. The new Administration Console and Administration PowerShell SDK are the result of the team’s hard work. We expect that with the new Administration Console, most of administrators will not need to run PowerShell commands or edit configuration files.

Please raise any questions and/or provide us with your feedback using our discussion forum.

Store Centric Conceptual Model

When you open the new Administration Console, you will notice that all the configuration settings are now organized around stores.

Settings you once found in the Authentication node and Receiver for Web node in previous releases of StoreFront are now available as the Manage Authentication Methods action and the Manage Receiver for Web Sites action within the Store node in the bottom-right pane. These tasks are now store specific. That is, the settings configured in these tasks are related to the selected store.

Settings located in the NetScaler Gateways node and in Beacons node in previous releases of StoreFront are now configurable via the Manage NetScaler Gateways action and the Manage Beacons action in the top-right pane, which are applicable cross all stores.


Why did we make these changes?

First, StoreFront 3.1 supports different authentication settings for different stores, which introduces multiple authentication services to a StoreFront deployment. There is a 1-to-N mapping between the authentication service and stores. There is also a 1-to-N mapping between the store and Receiver for Web sites.

Without changing the UI architecture, introducing multiple authentication services into the UI would make it more difficult to understand the associations between different services. Also, our usability studies have suggested that organizing the UI around stores fit better with administrators’ conceptual model as administrators often think about setting up different stores for different purposes or for different organizations and treat authentication and web access as properties of a store.

Store Dedicated Authentication Settings

As mentioned above, the Administration Console prior to this release only supports a single Authentication Service for a StoreFront deployment. That means all stores in the deployment have to share the same authentication settings.

In the new Administration Console, you are given a choice of using a  shared or dedicated Authentication Service when you create a store. By default, a new Authentication Service is created for a new store. If you want the store being created to share authentication settings with another store, you can select the checkbox Use a Shared Authentication Service and then select the store(s) you would like to share authentication settings with from the dropdown menu. This setting is not available when you are creating the first store.

create-store dedicate auth

After a store is created, you can change whether to share authentication settings with other stores or not. Select the store you would like to change and select the Manage Authentication Methods action. Then select the Advanced menu in the pop-up dialog followed by selecting Shared authentication service settings from the dropdown menu. Another dialog is popped up for you to make the change.



Delegating Authentications to XenApp/XenDesktop Farms/Sites

Delegating authentications to XenApp/XenDesktop farms/sites was introduced in StoreFront 3.0. However, it was configurable via PowerShell only. You can now configure this feature using the Administration Console. To do this, select the Store you would like to change and select the Manage Authentication Methods action. In the pop-up dialog, select the Settings dropdown menu associated with User name and password and then select Configure password validation.



Select Delivery Controllers in the dropdown menu and a dialog will pop up for you to specify XenApp/XenDesktop brokers to be used to authenticate users.

Policy for Password Expiry Warning

You can now configure policy for password expiry warning using the Administration Console. Select the Store you would like to change and select the Manage Authentication Methods action. In the pop-up dialog, select the Settings dropdown menu associated with User name and password and then select Manage Password Options.


A dialog is popped up for you to configure whether to allow users to change their password. If you allow user to change their password at any time, you can also configure the policy for password expiry warning.


Highly Available Multi-Site Store Configuration

Highly available multi-site store configuration is a very powerful feature to set up StoreFront to aggregate multiple XenApp/XenDesktop farms/sites for load balancing, failover, disaster recovery and user mapping. This used to be only configurable via editing the web.config file. We have now introduced UI support to configure most the common use cases: user farm mapping and single aggregation group.

To set up multi-site aggregation in the Administration Console, select the store you want to configure and select the Manage Delivery Controllers action. If you have more than one farms/sites configured, the Configure button in the User Mapping and Multi-Site Aggregation Configuration section is enabled as illustrated below.

Select the Configure button, a new dialog is popped up for you to choose whether you want to set up user mapping or resource aggregations.
If you select Maps users to controllers you will be provided with dialogs to specify user groups and delivery controllers. If your users are from the same domain hosting the StoreFront server, you can select user groups from Active Directory. Otherwise, you have to specify SIDs manually.
If you select Aggregate resources, you will be provided with a dialog to choose what farms/sites you want to aggregate i.e. group resources with the same name and path into a single icon for your users.

Optimal Gateway Routing

Optimal gateway routing enables you to route HDX connections to different XenApp/XenDesktop farms/sites via different NetScaler Gateway. UI support for configuring this feature is added to the new Administration Console. To configure optimal gateway routing, select the store you would like to configure and then select the Configure Store Settings action in the right pane. In the pop-up dialog, select Optimal HDX Routing as shown below.

Select the gateway you would like to use and click Manage Delivery Controllers. Another dialog will pop up for you to select the farms/sites you would like to route HDX traffics via the selected gateway.

Store Advanced Settings

Advanced settings related to a store are grouped together and available to configure in the Advanced Settings section of the Configure Store Settings screen.


You may have noticed that there is an Advanced Settings section on the Edit Delivery Controller dialog as shown below.
Click the Settings button will bring up a new dialog for you to configure farm/site specific advanced settings.


Default Receiver for Web Site

StoreFront 3.1 supports setting a Receiver for Web site as the default site for your StoreFront deployment so that users only need to enter the base URL, e.g. https://sf.acme.com to the browser in order to access the specified Receiver for Web site. This can be done at the store creation time in the following screen.

You can also set up or change the default site after store creation. Simply select the Set IIS Default Website action at the top-right pane. You will be presented with a dialog to configure this feature.

Additional Receiver for Web Configuration

Many additional settings related to Receiver for Web are now configurable using the Administration Console . Select the Store you want to configure and then select the Manage Receiver for Web Sites action. Select the site you want to change and click the Configure button. A pop-up dialog is presented for you modify configuration for the site as illustrated below.


Select Session Settings to configure various timeout values.


Select Workspace Control to modify session reconnection, disconnection and logoff behaviours.


Other settings are available from the Advanced  Settings section.


In addition, the Deploy Citrix Receiver section is extended to allow you to upload Receiver installation packages to StoreFront server if you would like your users to download Receivers from the Receiver for Web site.


Administration PowerShell SDK

StoreFront 3.1 provides a new Administration PowerShell SDK. Documentation for this SDK is available to download here. You can perform the same tasks as you would with the Administration Console, together with tasks you cannot do with the console alone. Cmdlets in the new SDK are focussed on administration tasks and grouped around StoreFront deployment-wide configration, Stores, Authentication and Receiver for Web.


New cmdlets are prefixed with STF. for example:

# Install the required StoreFront components
Add-STFDeployment <a href="https://storefront.mycompany.com/">https://storefront.mycompany.com</a> -Confirm:$false

# Add an Authentication service with a store related IIS virtual path
$authentication = Add-STFAuthenticationService "/Citrix/AuthenticationStore"

# Add a Store that uses the new Authentication service configured to publish the supplied XenDesktop servers
$store = Add-STFStoreService -VirtualPath "/Citrix/Store" -AuthenticationService $authentication -FarmName "XenDesktopFarm" '
-FarmType XenDesktop -Servers "XDEUA","XDEUB"

# Add a Receiver for Web site so users can access the applications and desktops in the published in the Store
$receiver = Add-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb" -StoreService $store

The SDK also provides high-level scripts that enable you to script and automate StoreFront deployments. You can tailor the high-level examples to your particular requirements.

Existing PowerShell cmdlets, prefixed with DS are still supported for business continuity. However, they will be deprecated and will eventually be removed in the future.