Use Citrix Receiver to access your applications and desktops. Detect Receiver If you do not want to detect/install Citrix Receiver you can use the light version, with fewer features, in your browser. The app was announced to play the role of the focal point of the end-user Citrix Workspace experience. It is the successor of Citrix Receiver, a software used primarily for connecting users to.

Citrix Receiver is client software that is required to access applications and full desktops hosted on Citrix servers from a remote client device. This tool provides access to Citrix Virtual Apps (formerly Citrix XenApp)/Citrix Virtual Apps and Desktop (formerly Citrix XenDesktop) installations from different types of client devices including iPhone, BlackBerry, Mac OS X, iPad, Windows, Linux, Windows Mobile, Android, Google Chromebook, thin clients, and embedded operating systems.

“Citrix Receiver” works with the HDX protocol built on top of the ICA protocol. The ICA protocol sends keyboard and mouse input to the remote server and receives screenshot updates on the client device. The Receiver handles this traffic. HDX protocol extends this procedure by providing a high definition experience of Windows applications to users working on many of the most well-known devices. Citrix Receiver is available for different operating systems. When you visit the Citrix Receiver download page, it automatically detects the OS and prompts you with the correct client software to download. Citrix Receiver connects remote client devices to Citrix Virtual Apps (formerly Citrix XenApp), Citrix Virtual Apps and Desktop (formerly Citrix XenDesktop), Citrix Access Gateway, XenVault Secure Storage, and other Citrix services.

Challenges with Citrix Receiver

As with every Citrix component, Citrix Receiver has gone through multiple changes. It was previously known as ICA Client. Before the release of Receiver, there were multiple client software components such as Secure Access Gateway Client, ICA Client, and Password Manager Client. Configuration and management of multiple products and components were a big challenge. Later, Citrix changed these components into plug-ins and combined them into one product called Citrix Receiver 1.0. With the release of Citrix 3.0, this product was split into Receiver Updater and Receiver Insider. It was again changed to Citrix Receiver Enterprise. The current product, Citrix Receiver, is now a suite of components, including the online web plug-in and self-service plug-in. The combination of plug-ins varies with the client’s form factor and specifications.

While there are no performance issues with the Citrix Receiver, the presence of multiple products and components is confusing. Citrix Virtual Apps (formerly Citrix XenApp) is available in different editions with different pricing and feature sets. Citrix Virtual Apps and Desktop (formerly Citrix XenDesktop) is also available in three editions. Customers have to scour through multiple products and features. Moreover, configuring these components is complicated and time-consuming. Citrix software also comes with a high price tag, and not many businesses can afford it.

Citrix receiver security vulnerabilities

There are many challenges with the Citrix receiver, and its security vulnerabilities make a major part of it.

A vulnerability (CVE-2019-11634) identified in the Citrix Workspace app and Receiver for Windows might potentially allow attackers to read or write the client’s local drives, allowing and enabling code execution on the client device. The reason for this is that the vulnerability results in the local drive access preferences not being enforced.

This vulnerability affects all versions of the Citrix Workspace app for Windows and Receiver for Windows and has only been fixed in Citrix Workspace app version 1904 or later. As for the Receiver for windows, it has only been fixed from 4.9 CU6 version 4.9.6001.

The mitigating factor Citrix puts forward to deal with this issue is to upgrade to the latest Citrix Workspace app for Windows and Receiver for Windows. It is safe to state that this is not always possible. Hence, as an alternative, Citrix mentions that applying the Client Selective Trust Policy via GPO is the only best way to limit the exploitability.

But that’s not all.

In June 2020, Citrix identified two critical vulnerabilities code-named “CVE-2020-13884” and “CVE-2020-13885”. These vulnerabilities affect all the supported versions of Citrix Receiver for Windows and Citrix Workspace app for Windows (before version 1912). When triggered, they affect the processing of the file “citrix.exe,” leading to privilege escalations.

Just as is the previous case with “CVE-2019-11634”, Citrix advised its customers to upgrade their Citrix Receivers. In this instance, Citrix recommends users to upgrade Citrix Receivers to the Citrix Workspace app. Citrix recommends users to upgrade to Citrix Receiver 4.9.9002 for Windows LTSR Cumulative Update 9 or later if they are still using Citrix Receiver 4.9 for Windows LTSR.

Citrix Receiver is deprecated

Although you can still download and use Citrix Receiver, it’s no longer recommended. That’s because, since August 2018, Citrix already introduced a new client software named Citrix Workspace app. Citrix Workspace, which has all the capabilities of Citrix Receiver, is supposed replace Receiver and is backward compatible with older Citrix infrastructure.

Despite still being available for download, Citrix Receiver no longer receives patches and updates. So, if you continue using it, you’re bound to encounter several issues along the way. For example, you won’t be able to connect to Citrix Cloud, which requires at least TLS 1.2 to secure its connections. Citrix Receiver only supports TLS 1.0 and 1.1.

The presence of both Citrix Receiver and Citrix Workspace is causing a lot of confusion among Citrix users, especially those who have grown accustomed to Citrix Receiver and are still using it in their endpoint devices. Parallels RAS avoids this confusion by maintaining a single client software — Parallels Client.

The Parallels Client simplifies application delivery

Parallels Client is a simple tool that lets you access centrally hosted resources from any device, anytime, and from any network. It is free to download and use. It uses SSL and second-level authentication, which means resources are securely transferred through the network. It works with every type of OS and platform, including iOS, Android, Windows Mobile, Linux, Mac, and Google Chromebooks. The Parallels Client leverages the Microsoft RemoteFX protocol to deliver a high definition user experience to remote clients. Parallels Client is the best alternative to the costly HDX protocol suite of technologies.

Parallels Remote Application Server (RAS) is a single package containing all virtualization components. Moreover, essential components such as printer redirection and load balancing come auto-configured by default. It is simple and easy to deploy and use. It eliminates the challenges of managing multiple products, upgrade issues, and configuration complexities. Most importantly, it is inexpensive, with the lowest overall TCO when compared with Citrix and VMware products.

Parallels RAS makes the migration process more comfortable with a free migration tool that automates most of Citrix Virtual Apps (formerly Citrix XenApp) use case scenarios. The migration tool extracts settings from Citrix XenApp 6.x into a file that can be imported from Parallels RAS Console.

Read more about Citrix Alternative || Download the Citrix Migration White Paper

References

Understanding Citrix Receiver | thomaskoetzing.de

The Citrix ICA file explained and demystified | ingmarverheij.com

Citrix Receiver definition | searchvirtualdesktop.techtarget.com

Citrix Systems | en.wikipedia.org

Citrix Alternative | https://www.parallels.com/citrix-alternative/