Interoperability Citrix Provisioning Services Lead image: © henrischmit, 123RF
© henrischmit, 123RF

Citrix Provisioning Services reviewed


If you manage many identical computers on a server farm, you don't want to patch every single machine separately just to install a security update. Citrix Provisioning Services 5.0 offers a convenient alternative. By Timo Dreger

The key idea behind Citrix Provisioning Services [1] is to stream a single disk image to a group of servers. Thus, you can centrally update or patch the image, and all servers will receive the changes without having to manage them individually. This image also defines the role played by the server. If you deploy a web server image, the machine becomes a web server; if you transfer a database server image, you add a database server, and so on.

You can distribute standardized desktops in the same way, thus supporting dynamic load balancing, wherein each server on a farm can replace its entire application stack after a simple reboot. Because the hardware is no longer rigidly linked to a specific function, which it alone is capable of executing, the whole setup needs fewer machines. Servers deployed in this way do not need local disks, except for caching. One side effect is that you can restore every single machine to a defined, safe state simply by reloading the image.

Feature Overview

To establish a streaming service of this kind, you'll need a snapshot of a sample installation with the operating system and application stack (golden master). The snapshot is stored on a virtual disk, which Citrix calls a vDisk. vDisks can reside on a provisioning server, file server, or storage network (iSCSI, SAN, NAS, CIFS).

Computers that receive and use the image are target devices in streaming services terminology. They need to be configured to boot off the network and communicate with a provisioning server, from which they load a boot file that specifies where the vDisk intended for them is located and which they then mount for the remainder of the boot process. The target device accesses the vDisk like a local disk and loads the required data from it as needed. This approach requires less network bandwidth than transferring the entire image from the outset.

If you intend to use the HA function, which is recommended in larger environments, you will want to store the virtual hard disk (VHD) file with the vDisk on some kind of shared storage so that all the provisioning servers involved in the process can access it.

Alternatively, you can store the same VHD file locally on multiple provisioning servers. This approach gives you the benefit of maximizing failure safety and improving performance, but you'll need to copy the vDisk file to each provisioning server whenever a change is made to keep the files consistent.

You can install the provisioning server on Windows 2003 SP2 or Windows 2008 – either 32 bit or 64 bit. The target device can use any client or server operating system by Microsoft (as of XP and Server 2003) and some Linux distributions.


The individual streaming service components are organized in a hierarchy (Figure 1). At the lowest level, you'll find the target devices referred to previously; they can also be grouped in device collections, which are typically managed by a single administrator and located at a single site or on a single subnet.

The architecture of Citrix Provisioning Services.
Figure 1: The architecture of Citrix Provisioning Services.

Each target device can only belong to a single collection. The provisioning servers sit one level higher. The device collections served by a provisioning server together form a site that can also include print servers and shared storage and to which groups of users can be assigned. Multiple sites form a farm as the highest level organizational unit. All the sites on a farm share a Microsoft SQL database and a Citrix license server. High-availability options also reside at farm level. If the company has a Xen App or XenDesktop farm, you can use the existing SQL and license servers.


Some basic preconditions must exist before you can install the provisioning service on the network. Citrix comes with its own TFTP server, but you can use your own server if you prefer. Additionally, you need a DHCP server to assign IP addresses to the target devices at boot time; the targets then use this address to open a connection to the streaming service. You still need the DHCP server, even if your boot from CD because only the boot image comes from the CD – the operating system is streamed. Installing the provisioning services themselves is easy thanks to the wizard. The target device runs a special hard disk drive, which presents the virtual disk shared across the network as a local medium to the operating system. A proprietary protocol similar to iSCSI is used; however, the vendor claims the proprietary protocol is more efficient and has better error tolerance. If the network connection fails during operation, the target device freezes rather than crashing. To avoid collisions between streaming traffic and normal network traffic, it makes sense to set up a separate subnet or VLAN for the connection between the target devices and the provisioning server, just as on an iSCSI SAN.

Configuring the Provisioning Services

After installing the provisioning services and repairing the infrastructure, you can continue with the configuration at the Provisioning Services Console (Figure 2). The vDisk can be operated in the private image, standard image, or difference image mode.

The Citrix Provisioning Service Console listing the sites, servers, and collections belonging to a farm.
Figure 2: The Citrix Provisioning Service Console listing the sites, servers, and collections belonging to a farm.

As an administrator, you would use the private image mode to implement changes to the vDisk. In this mode, only one target device has read/write access to the vDisk file.

In standard image mode, multiple target devices have read access to the vDisk. In this mode, you additionally need to select a cache type. In production, the safest and best performing solution is to place the cache on a local disk. In this case, all write requests to the local cache are discarded when the system reboots, thus reverting any changes. This mode is thus perfect for terminal servers, because it gives the users a freshly installed system after each reboot.

Differential mode falls somewhere between the other two. The cache is kept after a reboot and not discarded until the administrator publishes a new version of the vDisk. Thus, you don't lose antivirus signature updates every time you reboot. In standard mode, you would need to update your antivirus signatures every time you reboot, or you would need to install the signatures in private mode to make them persistent.

If you need to stream a system that you have virtualized using Hyper-V, you can use the existing VHD file for this purpose. Various tools let you convert virtual or physical systems to VHD files. And, of course, you can create and install a completely new system in a VHD file if you choose.


If you need to provision many identical servers on your network, you will find that Citrix Provisioning Services can take a great deal of administrative work off your plate. Updates or installations of new software only need to be applied to the single golden master, rather than to each individual server. Additionally, you gain a simple option for restoring the original status if you create a backup of the corresponding vDisk.

Citrix Provisioning Services also lets you assign one of many standardized tasks to any physical or virtual system simply by providing the matching vDisk. This allows for dynamic load balancing and for more efficient use of the available hardware.