Understanding XenDesktop Login Performance

Editor’s note: This post was originally written for the Blue Medora blog. You can check out the original here.

For most of us, logging in is a daily routine. We log into everything from personal games like Fortnite to work websites. But before we get to those steps, we often first have to log into one more thing: our desktop.

It used to be that to get to your desktop, you had to be sitting in front of it. But with the help of application and desktop virtualization solutions from vendors like Citrix, we’ve long since said goodbye to those requirements. For almost 20 years, I’ve recommended deploying Citrix to application owners wanting to give users remote access to their desktops and applications.

For those users, remote access is a great benefit. But for an IT administrator, it means potential headaches, from complaints about the network being down to Citrix not working.

It’s Simple and Complex

To the user, remote access is simple. All they do is input their username and password, click “log in,” and presto! But to the IT administrator, remote access is complex, from firewalls and load balancers to authentication and connectivity. There’s so much that happens beyond the screen to fulfill that user’s login attempt.

This is especially the case with a Citrix XenDesktop implementation. With XenDesktop, your users have access to a virtual desktop infrastructure (VDI) that connects them to a remote desktop on a VM in your network. As the administrator, you need help managing and troubleshooting this infrastructure. Because let’s face it: problems happen, right?

On top of that, users expect things to be fast. And an important success item is how quickly they can log in and access their desktop.

So the login process for your XenDesktop infrastructure is a big deal. Slow logins are bad. My goal is to show you how to avoid them or to fix them quickly when they do happen.

The Challenge With XenDesktop Login

The XenDesktop login process is quite complex. What the user sees as three or four steps—username, password, domain, login—actually involves a complicated sequence of several steps.

To the user, it can take a few seconds to reach their desktop remotely. But the actual execution involves the Citrix Receiver, desktop delivery controller (DDC), domain controller, VDI hosting infrastructure, and more.

In total, the whole process involves about 13 steps to complete, often with many substeps. Communication occurs between many components—some of which you may not have any control over, like a user’s ISP.

You do your best to manage all this stuff. But you know Murphy’s Law always steps in. Slow logins will happen. So you’ll need to not only have overall monitoring but to also pay special attention to login monitoring.

The Fix for Login Performance

With the steps involved during a XenDesktop login, you need a solution to help you identify when there’s a login problem and what’s causing it. To do that, you need visibility into the Citrix infrastructure, and the only way to do that is through monitoring.

OK, great! So monitoring gives you the data. But what do you do with it?

Here are three things I recommend you look at when monitoring XenDesktop to assess login performance:

1. Get No Glitch in the Metrics

Like practically every infrastructure product, XenDesktop gathers metrics to help you see how the product is performing. You want to monitor for as many metrics as you can support, but you especially want to track those related to the login process.

Through metrics data collection, you may identify the following common causes of slow logins:

  • The DDC takes a long time to broker the connection between the user and the virtual delivery agent (VDA) installed on the host.
  • The user’s profile takes too long for the session host to load.
  • The group policy takes longer than expected to authenticate the user.

When these happen, you might ask yourself questions like

  • Is the connection between the DDC and the host slower than usual?
  • Has the user’s profile grown in size because it’s a roaming profile?
  • Are too many group policies defined?

Questions like these are answered by making sure you’re monitoring and getting statistics for the metrics that can reveal data about login duration. Having a monitoring tool that can collect and display these metrics will help you identify login performance issues. I recommend putting together a list of all the metrics you want to collect for the login process.

2. Be Chairman of Dashboard Creations

Now that you have a list of all the metrics to look at, you need a good way to view the data. It’s always nice to have numbers in front of you, but we humans can be very visual creatures. A dashboard that tells you with RAG (red, amber, green) grid views whether a particular component is having problems is much more appealing to look at.

A dashboard is a common way for monitoring tools to quickly show how particular components and resources of your infrastructure are operating. You should opt for dashboards that offer an at-a-glance view of how your overall XenDesktop infrastructure is performing.

But to get RAG views on how login performance is doing, you’ll likely need to create some custom dashboards or add widgets to existing dashboards. As part of this step, you’ll need to specify some thresholds. For example, if the typical time it takes for the DDC to broker a connection is around 0.1 seconds, set a threshold that turns the RAG status to “red” if that time is exceeded. You should set similar thresholds for the time it takes profiles to load, the time it takes LDAP queries to be completed, and any other login metrics on your list.

Some monitoring tools can set dynamic thresholds, which will make your job a bit easier. In either case, creating a dashboard that displays all the metrics for the login process will help you to more quickly identify performance issues when they happen.

These dashboards can also tell you when there was an issue in the past you may have recently uncovered. With a dashboard and the tool’s reporting capabilities, you’d have the opportunity to go back and look for trends using graphs. You should create widgets in your dashboards that will show you how user logins have been for the past month or so. This will give you an idea of where things are trending. And once you know the trend, you can plan for when login performance may be severely affected.

3. Stop Red Alerts

Using dashboards is great for your XenDesktop login performance today and possibly in the future, based on the trends. But that’s only good when things don’t go wrong. And we know they always do.

Do you have time to sit in front of your dashboard all day and watch for it to turn amber or red? No. You have other things to do.

What you need is to be notified in case something unexpected happens. So the next thing to consider is setting up your monitoring tool for proper alerting.

Getting notified when unexpected events happen during the XenDesktop login process is an important part of keeping your users happy. Things happen. There could be a sudden influx of new users using XenDesktop. Or there could be an increase in the number of users accessing your XenDesktop infrastructure from home due to weather. You never know.

So when setting up an alert, I always recommend using your dashboards to see where performance has been and where it seems to be trending. Again, some tools can help set dynamic thresholds, which makes this easier. I also suggest setting up alerts for the things that are symptoms of a potential problem, not necessarily the cause of problems. That way, you’re being proactive.

In either case, do a test run with your alerts, because the last thing you want is a 2 a.m. wake-up call that turns out to be a false positive.

So test your alerts, and when things seem OK and you’re getting positive notifications about login problems, put them into action to prevent any further login performance degradation for your users.

Knowing Isn’t Necessarily Understanding

Now you know what to do about your XenDesktop login performance. First, you know you need to use a monitoring tool to collect metric data. Second, you know you should create new or edit existing dashboards that will help you see whether or when there are performance issues. Third, you know you need to create alerts to notify you of unexpected performance degradation in login time.

But knowing isn’t the same as understanding.

To understand, you need to put this into practice. You must take these steps I’ve outlined, get a monitoring tool (or, if you already have one, use it), pick your login metrics, create your dashboards, and set up your alerts. Only with the practice of doing these things will you understand.

So go understand XenDesktop login performance, and enjoy fewer IT headaches in your future.