Virtual applications are not only very useful, but they are also very
cool. A company I work with uses virtual apps in a Citrix XenApp environment for
secure access to production systems and to establish a centrally-managed
standard interface for users which will remain unaffected by local workstation
changes, updates or problems. For instance, a certain financial site requires a
very specific Java version, so the application used to connect to the site is
virtualized and presented (also known as published) to users. The server
running that application has the correct Java level and it is set not to
auto-update. This ensures users can reliably access the site from any system
now or later, no matter what java updates they may have on their machines (or
regardless of whether their machines have Java at all).

Why would you want to run Chrome as a virtual application?

If you’re using Citrix XenApp, it can be useful to provide Chrome to
your users for several reasons:

  • Testing of new or older Chrome
    versions, add-ons, security settings and other variables
  • Access to sites which work best on a
    particular version or with a specific add-on
  • Access to a restricted network with
    internal sites that are off-limits to user workstations
  • Ability to benefit from Chrome features
    like bookmark, add-on or setting synchronization
  • Obtaining and installing the correct
    version of Chrome

The consumer version of Chrome won’t work well in a centrally managed
virtual environment, since it tries to install in the local “AppData”
folder on a per-user basis. You will need the enterprise version of Chrome
which will install in the local Program Files folder instead:

Access the Chrome for
Business page for administrators
. (Figure
A
)

Figure A

Click “Download Chrome MSI.” The following box will appear. (Figure B)

Figure B

You can uncheck “Set Google Chrome as my default browser” if
you like, and then click “Accept and Install.” You will be provided
the option to save the GoogleChromeStandaloneEnterprise.msi file to your hard
drive or a network share. Choose the appropriate location then save the file.

At your XenApp server, locate the GoogleChromeStandaloneEnterprise.msi
file. Double-click it and choose “Run.” It will conduct a silent
install, then Chrome will appear under c:\program
files\Google\Chrome\Application on a 32-bit server or c:\program files
(x86)\Google\Chrome\Application on a 64-bit machine.

Publishing the Chrome application

Launch either the Delivery Services Console or Citrix AppCenter
(depending on your XenApp version; the first is for 6.0 and the second for 6.5)
on your XenApp server. In the example, (Figure
C
) I’m running a Citrix XenApp 6.5 server.

Figure C

Right click “Applications” and choose “Publish
Application” (You could also locate the application in a subfolder if
applicable). (Figure D)

Figure D

Click Next. (Figure E)

Figure E

Enter the display name (e.g. “Google Chrome”) and the Application
description if desired, and then click Next. (Figure F)

Figure F

You will want to set Chrome as a published application accessed from a
server. It’s also possible to publish it to a server desktop and/or stream it
to a client, but this method is the easiest and most direct for many scenarios.
Leave the defaults above and click Next. (Figure
G
)

Figure G

Avoid the pothole

Now here’s where I help you avoid a serious pothole. There is a known issue with Chrome in
Citrix which involves performance/response problems that can inhibit the
browser. The application must be configured to start with some specific
switches to alleviate this problem.

If your XenApp server is 32-bit, enter the following string in the
Command line:

"C:\program files (x86)\Google\Chrome\Application\chrome.exe" –allow-no-sandbox-job –disable-gpu

If your XenApp server is 64-bit, enter the following string in the
Command line:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –allow-no-sandbox-job –disable-gpu

Note: those
quotation marks are essential for this to work properly so make sure they are
included!

The “–allow-no-sandbox-job” switch allows Chrome to run in a
low privilege sandbox. The “List of Chromium
Command Line Switches
” specifically states this “enables the
sandboxed processes to run without a job object assigned to them. This flag is
required to allow Chrome to run in RemoteApps or Citrix. This flag can reduce
the security of the sandboxed processes and allow them to do certain API calls
like shut down Windows or access the clipboard. Also we lose the chance to kill
some processes until the outer job that owns them finishes.”

This setting could represent a security concern, so it’s important to
evaluate whether you want this in a production network with Internet access
where malware might be a factor. I would advise caution and the employing
additional measures if possible, such as restricting the URLs to which users
can connect and making sure they have limited rights on the server (which
should be the case by default). If this app runs on a segregated internal
network the risk is lower.

The “disable-gpu” switch turns off GPU hardware acceleration
to help ensure Chrome works smoothly in the Citrix environment. If users
experience issues with this published version of Chrome you may also try adding
“–disable-accelerated-compositing” to the end of the “Command
line” string.

To get more advanced, you could use a string similar to the following to
add extra options such as the URL to launch at startup and where to store user
data:

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://[URL to launch at startup]/ –allow-no-sandbox-job –disable-gpu –user-data-dir=\\[Fileserver]\[Roaming profiles share]\%USERNAME%\Chrome

For instance, if you wanted to launch prodserver.company.com when Chrome
starts and you have a network share called \\fileserver\profiles$ with
individual profiles stored there by user name you would type in:

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://[URL to launch at startup]/ –allow-no-sandbox-job –disable-gpu –user-data-dir=\\[Fileserver]\[Roaming profiles share]\%USERNAME%\Chrome

(the “%USERNAME%” variable will work for any user with a
profile folder located in this path; it should be substituted for the actual
user name since you want this to apply to multiple individuals)

Set the working directory to either C:\Program
Files\Google\Chrome\Application or C:\Program Files
(x86)\Google\Chrome\Application depending on whether you have a 32-bit or
64-bit server – in this case the quotation marks should NOT be included since
they will not be accepted by the program. (Figure
H
)

Click Next.

Figure H

You’ll need to specify which XenApp server(s) to run Chrome on. Pick the
appropriate server(s) or worker groups (if applicable), but make sure to
install the Chrome for Business application on all relevant systems.

Click Next when ready to proceed. (Figure
I
)

Figure I

Specify the users you want to permit (or allow anonymous users if anyone
should be able to access the program) and click Next. (Figure J)

Figure J

Depending on your Citrix environment, you may want to publish the
application to a certain Client application folder, add it to the Start menu or
place a shortcut on the desktop. These options are your call.

Click Next. You will come to the final screen, as shown in Figure K.

Figure K

If you want to disable the application initially you can do so (though I
personally prefer to publish apps when I’m ready to use them). The “Configure
advanced application settings now” option will allow you to set access
controls/filters, file types to associate with Chrome, application limits,
client options such as audio and encryption, and application appearance.

Once you click “Finish” you’re ready to test Chrome!

Testing the published application

Fire up your local browser and access your XenApp URL. (Figure L)

Figure L

Proceed to log in and you should see the new Chrome icon. (Figure M)

Figure M

Open the “Google Chrome” icon and the application will open
via your local Citrix Receiver executable (most Citrix environments will prompt
you to install this if it is not present, but you can also get
it here
). (Figure N)

Figure N

In the above example I used my own sample start page and configured
Chrome to start at “prodserver.company.com,” which does not exist in
my environment.

Some factors to consider

The examples above are based on Chrome 29; Chrome 24 is the minimum
version which should be used in this endeavor.

Proxy settings, where applicable, should be based on the server defaults
for Internet Explorer, but users may have to customize some other settings upon
launching Chrome for the first time, such as whether to make it the default
browser. If user profiles are being stored across multiple Citrix sessions they
should only have to configure new settings once.

User data is stored on the XenApp server under “C:\Users\[username]\AppData\Local\Google\Chrome\User
Data” – if you remove this profile (or user profiles aren’t kept) then the
user’s Chrome settings will have to be configured every time they use the
application.

If your XenApp server is part of an Active Directory domain you can
follow the guidelines in my article “Set up the Chrome
for Business browser in your organization using Group Policies
” to
configure Chrome for your users. If it is not on a domain or is excluded from
group policy use for security purposes, you can reference another article I
wrote on the topic titled “Set up the Chrome
for Business browser in your organization using a Master Preferences file
.”  If your Citrix users will be logging into
Google Apps with this published Chrome browser, “Set up the Chrome
for Business browser using the Google Apps Admin Console
” might be
worth a read.

The necessary Chrome switches outlined above may not be necessary as
further releases of Chrome are developed. As always, test whenever possible and
keep abreast of updates involving Chrome and Citrix.