Introduction
This document describes the optimizations placed in Cisco WAAS for Citrix. Cisco WAAS 4.5.1 introduced optimization for the Citrix HDX technology, including the ICA protocol, without any requirement for administrative actions to disable the native encryption and compression offered by Citrix XenDesktop and XenApp. Using supported access to the ICA protocol, Cisco WAAS supports optimization for the native ICA encryption:128-bit RC5 encryption, 56-bit RC5 encryption, 40-bit RC5 encryption, Basic encryption, SSL encryption, Administratively-uncompressed and unencrypted Citrix ICA.
Citrix Optimization
Up to 70% traffic-reduction is possible. You must configure the citrix server and client as follows:
Procedure for disabling Compression on Citrix Presentation Server 4.5 & ICA Client 10.x
Citrix is optimized by WAAS regardless of the configuration of the Citrix server and client. Additional performance improvements can be gained by disabling client compression and setting encryption to “RC5 (128bit) logon only”. Note that “Basic” encryption is still applied!
To enable low encryption on the Citrix Presentation Server Console 4.5:
- Open Citrix Management Console for Presentation Server (found in the Start menu)
- In the left pane, select (serverfarm) > “Policies”
- Then, right click "Policies" and select "Create a new policy"
- Double-click the policy to edit
- In the policy window left pane click “Security” > “Encryption”
- Double-click the “SecureICA encryption” option to edit
- In the policy window click "Enabled" and set encryption to "RC5 (128bit) logon only"
- Then, click "Apply" and click "OK"
To disable compression in the Citrix Program Neighborhood console:
- Open Citrix Program Neighborhood console (found in the Start menu)
- Locate the “Application Set Manager”, right-click, and select "application set settings"
- On “Connection” choose a connection type either LAN or WAN
- Then, in the properties dialog box, click the "Default Options" tab
- Uncheck the box next to "Use data compression"
- Set encryption level “128 Bit for Login Only”
- Then, click "apply" and click "Ok"
Note: It is not possible to disable data compression for both WAN & LAN!
To disable compression in the ICA Client Template file:
- Open and edit the “default.ica” file located in C:\Inetpub\wwwroot\Citrix\PNAgent\conf
- If a line exists that begins with "Compress=", change the line to show "Compress=Off". - Otherwise, add a line that says "Compress=Off"
- If a line exists that begins with "EncryptionLevelSession=", change the line to show "EncryptionLevelSession=EncRC5-0".
- Otherwise, add a line that says "EncryptionLevelSession=EncRC5-0".
- Restart any open connections.
On the Client workstation amend the following 2 ini files:
- Locate “appsrv.ini” located in C:\Program Files\Citrix\ICA Client\
- If it does not already exist add a line that says “Compress=Off”
- Locate pn.ini located in C:\Program Files\Citrix\ICA Client\
- If it does not already exist add a line that says “Compress=Off” and “MaximumCompression=Off”
Edit the following registry settings on the client workstation and the Citrix Server:
- From the Start menu locate “Run” and type “regedit”
- Using the directory listings in the left pane locate the following file: HKLM\Software\Citrix\ICA\Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP
- Add a new String Value to the TCP/IP Folder by ‘right-clicking’ the right pane and select “New” > “String Value”
- Enter the details as follows:
Value: Compress
Data: Compress
- The type should be listed as REG_SZ
- Close the window and restart the client and server.
Related Information
Optimizing HTTPS traffic with SSLAO on WAAS 4.1.3 and above
Common WAAS/WCCP issues on interactions with Security Devices
