Publishing Chrome in a Citrix virtualized environment

Learn the steps involved when publishing Chrome as a virtualized application for Citrix XenApp users.

Virtual applications are not only very useful, but they are also very cool. A company I work with uses virtual apps in a Citrix XenApp environment for secure access to production systems and to establish a centrally-managed standard interface for users which will remain unaffected by local workstation changes, updates or problems. For instance, a certain financial site requires a very specific Java version, so the application used to connect to the site is virtualized and presented (also known as published) to users. The server running that application has the correct Java level and it is set not to auto-update. This ensures users can reliably access the site from any system now or later, no matter what java updates they may have on their machines (or regardless of whether their machines have Java at all).

Why would you want to run Chrome as a virtual application?

If you're using Citrix XenApp, it can be useful to provide Chrome to your users for several reasons:

  • Testing of new or older Chrome versions, add-ons, security settings and other variables
  • Access to sites which work best on a particular version or with a specific add-on
  • Access to a restricted network with internal sites that are off-limits to user workstations
  • Ability to benefit from Chrome features like bookmark, add-on or setting synchronization
  • Obtaining and installing the correct version of Chrome

The consumer version of Chrome won't work well in a centrally managed virtual environment, since it tries to install in the local "AppData" folder on a per-user basis. You will need the enterprise version of Chrome which will install in the local Program Files folder instead:

Access the Chrome for Business page for administrators. (Figure A)

Figure A


Click "Download Chrome MSI." The following box will appear. (Figure B)

Figure B


You can uncheck "Set Google Chrome as my default browser" if you like, and then click "Accept and Install." You will be provided the option to save the GoogleChromeStandaloneEnterprise.msi file to your hard drive or a network share. Choose the appropriate location then save the file.

At your XenApp server, locate the GoogleChromeStandaloneEnterprise.msi file. Double-click it and choose "Run." It will conduct a silent install, then Chrome will appear under c:\program files\Google\Chrome\Application on a 32-bit server or c:\program files (x86)\Google\Chrome\Application on a 64-bit machine.

Publishing the Chrome application

Launch either the Delivery Services Console or Citrix AppCenter (depending on your XenApp version; the first is for 6.0 and the second for 6.5) on your XenApp server. In the example, (Figure C) I'm running a Citrix XenApp 6.5 server.

Figure C


Right click "Applications" and choose "Publish Application" (You could also locate the application in a subfolder if applicable). (Figure D)

Figure D


Click Next. (Figure E)

Figure E


Enter the display name (e.g. "Google Chrome") and the Application description if desired, and then click Next. (Figure F)

Figure F


You will want to set Chrome as a published application accessed from a server. It's also possible to publish it to a server desktop and/or stream it to a client, but this method is the easiest and most direct for many scenarios. Leave the defaults above and click Next. (Figure G)

Figure G


Avoid the pothole

Now here's where I help you avoid a serious pothole. There is a known issue with Chrome in Citrix which involves performance/response problems that can inhibit the browser. The application must be configured to start with some specific switches to alleviate this problem.

If your XenApp server is 32-bit, enter the following string in the Command line:

"C:\program files (x86)\Google\Chrome\Application\chrome.exe" --allow-no-sandbox-job --disable-gpu

If your XenApp server is 64-bit, enter the following string in the Command line:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-no-sandbox-job --disable-gpu

Note: those quotation marks are essential for this to work properly so make sure they are included!

The "--allow-no-sandbox-job" switch allows Chrome to run in a low privilege sandbox. The "List of Chromium Command Line Switches" specifically states this "enables the sandboxed processes to run without a job object assigned to them. This flag is required to allow Chrome to run in RemoteApps or Citrix. This flag can reduce the security of the sandboxed processes and allow them to do certain API calls like shut down Windows or access the clipboard. Also we lose the chance to kill some processes until the outer job that owns them finishes."

This setting could represent a security concern, so it's important to evaluate whether you want this in a production network with Internet access where malware might be a factor. I would advise caution and the employing additional measures if possible, such as restricting the URLs to which users can connect and making sure they have limited rights on the server (which should be the case by default). If this app runs on a segregated internal network the risk is lower.

The "disable-gpu" switch turns off GPU hardware acceleration to help ensure Chrome works smoothly in the Citrix environment. If users experience issues with this published version of Chrome you may also try adding "--disable-accelerated-compositing" to the end of the "Command line" string.

To get more advanced, you could use a string similar to the following to add extra options such as the URL to launch at startup and where to store user data:

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://[URL to launch at startup]/ --allow-no-sandbox-job --disable-gpu --user-data-dir=\\[Fileserver]\[Roaming profiles share]\%USERNAME%\Chrome

For instance, if you wanted to launch when Chrome starts and you have a network share called \\fileserver\profiles$ with individual profiles stored there by user name you would type in:

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://[URL to launch at startup]/ --allow-no-sandbox-job --disable-gpu --user-data-dir=\\[Fileserver]\[Roaming profiles share]\%USERNAME%\Chrome

(the "%USERNAME%" variable will work for any user with a profile folder located in this path; it should be substituted for the actual user name since you want this to apply to multiple individuals)

Set the working directory to either C:\Program Files\Google\Chrome\Application or C:\Program Files (x86)\Google\Chrome\Application depending on whether you have a 32-bit or 64-bit server – in this case the quotation marks should NOT be included since they will not be accepted by the program. (Figure H)

Click Next.

Figure H


You'll need to specify which XenApp server(s) to run Chrome on. Pick the appropriate server(s) or worker groups (if applicable), but make sure to install the Chrome for Business application on all relevant systems.

Click Next when ready to proceed. (Figure I)

Figure I


Specify the users you want to permit (or allow anonymous users if anyone should be able to access the program) and click Next. (Figure J)

Figure J


Depending on your Citrix environment, you may want to publish the application to a certain Client application folder, add it to the Start menu or place a shortcut on the desktop. These options are your call.

Click Next. You will come to the final screen, as shown in Figure K.

Figure K


If you want to disable the application initially you can do so (though I personally prefer to publish apps when I'm ready to use them). The "Configure advanced application settings now" option will allow you to set access controls/filters, file types to associate with Chrome, application limits, client options such as audio and encryption, and application appearance.

Once you click "Finish" you're ready to test Chrome!

Testing the published application

Fire up your local browser and access your XenApp URL. (Figure L)

Figure L


Proceed to log in and you should see the new Chrome icon. (Figure M)

Figure M


Open the "Google Chrome" icon and the application will open via your local Citrix Receiver executable (most Citrix environments will prompt you to install this if it is not present, but you can also get it here). (Figure N)

Figure N


In the above example I used my own sample start page and configured Chrome to start at "," which does not exist in my environment.

Some factors to consider

The examples above are based on Chrome 29; Chrome 24 is the minimum version which should be used in this endeavor.

Proxy settings, where applicable, should be based on the server defaults for Internet Explorer, but users may have to customize some other settings upon launching Chrome for the first time, such as whether to make it the default browser. If user profiles are being stored across multiple Citrix sessions they should only have to configure new settings once.

User data is stored on the XenApp server under "C:\Users\[username]\AppData\Local\Google\Chrome\User Data" - if you remove this profile (or user profiles aren't kept) then the user's Chrome settings will have to be configured every time they use the application.

If your XenApp server is part of an Active Directory domain you can follow the guidelines in my article "Set up the Chrome for Business browser in your organization using Group Policies" to configure Chrome for your users. If it is not on a domain or is excluded from group policy use for security purposes, you can reference another article I wrote on the topic titled "Set up the Chrome for Business browser in your organization using a Master Preferences file."  If your Citrix users will be logging into Google Apps with this published Chrome browser, "Set up the Chrome for Business browser using the Google Apps Admin Console" might be worth a read.

The necessary Chrome switches outlined above may not be necessary as further releases of Chrome are developed. As always, test whenever possible and keep abreast of updates involving Chrome and Citrix.