Product documentation

Linux Virtual Delivery Agent

View PDF

What’s new

April 28, 2025

Contributed by:

What’s new in 2503

Support for RHEL 9.5, Rocky Linux 9.5 and Debian 12.9

The Linux VDA now supports the following Linux distributions:

RHEL 9.5
Rocky Linux 9.5
Debian 12.9

For more information about supported Linux distributions, see System requirements.

Non-domain-joined Linux VDA is extended to On-prem CVAD deployment by using MCS provisioning

Previously, non-domain-joined Linux VDAs were available only for Citrix DaaS deployments. Now, with MCS provisioning technology, they can be extended to on-prem CVAD deployments. This feature is effective from CVAD 2411 and Linux VDA 2411 onwards. For more details, see Create non-domain-joined Linux VDAs using MCS.

Extended MATE desktop support

The Linux VDA now supports the MATE desktop environment on all supported Red Hat Enterprise Linux (RHEL) 9.x and Rocky Linux 9.x distributions. For more information, see System requirements.

Rootless Xorg is now disabled by default

Red Hat has addressed the CVE-2024-31083 security vulnerability that affects Xorg servers. For more information, see Rootless Xorg.

Secure HDX is now generally available

You can encrypt ICA sessions end-to-end between the Citrix Workspace app (client) and the VDA (session host).

The end-to-end encryption (E2EE) feature allows no intermediate network elements including the Citrix Gateway to decrypt the ICA traffic. It uplifts the secure posture of your environment and is easy to configure and manage. For more information, see Secure HDX.

HDX Direct

When accessing Citrix-delivered resources, HDX Direct allows both internal and external client devices to establish a secure direct connection with the session host if direct communication is possible. For more information, see HDX Direct for Linux.

WebSocket support for communication between domain-joined VDAs and Delivery Controllers

This feature allows you to set up WebSocket communication between domain-joined VDAs and Delivery Controllers, offering an alternative to Windows Communication Foundation (WCF).

For more information, see WebSocket communication between VDAs and Delivery Controllers.

The Linux VDA now gives you control over how users log in when not using Single Sign-On (SSO). You can customize the login experience by choosing which authentication methods are displayed. Previously, the non-SSO login screen always showed both password and smart card authentication in a drop-down list. Now, you can configure the Linux VDA to offer:

Password authentication only
Smart card authentication only
Combination of password and smart card authentication, with either option presented by default.

You can easily customize the login method by adjusting the following registry setting on the VDA:

System\CurrentControlSet\Control\Citrix\login\NSSOLogonType

For more information, see Customize login screen.

The login experience for seamless apps when SSO is disabled has been greatly improved. Previously, users experienced long logon times upon app launch and a poorly sized, full-screen login window. Now, a proportionally sized login box appears promptly in the center of the screen, dynamically adjusting to fit the available window space.

Enhanced user authentication

The Linux VDA now supports users with multiple User Principal Names (UPNs). By querying LDAP with the user SID, the system can correctly identify and authenticate users with multiple UPNs associated with their account. This enhancement provides a more flexible, reliable, and user-friendly login experience for Linux VDA users.

Secondary authentication for FAS SSO failures

The Linux VDA now provides enhanced login resilience by offering a secondary authentication method specifically when Federated Authentication Service (FAS) SSO fails. Previously, if FAS SSO encountered issues, users were unable to authenticate, leading to session launch failures. With this feature, if FAS SSO encounters issues, users are prompted to manually enter their credentials for password authentication. To enable the feature, run the following command:

create -k "HKLM\System\CurrentControlSet\Control\Citrix\AccessControl\Login\Global" -t "REG_DWORD" -v "SecondaryAuthEnabled" -d "0x00000001" --force
 

For more information, see Enable secondary authentication for FAS SSO failures.

Desktop lock on smart card removal

This release introduces a security enhancement that automatically locks the desktop when a signed-in user removes their smart card from the reader during an active session. This enhancement can be achieved through the following registry setting on the VDA:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\LocalPolicies\SecurityOptions

For more information, Smart card removal settings.

JUMBO_ICONS support

The Linux VDA now supports JUMBO_ICONS. This enhancement ensures that seamless published app sessions display correctly with the proper high-resolution icons on Citrix Workspace app for Mac clients.

Loss tolerant mode for audio is now enabled by default

For more information, see Audio features.

Support for loss tolerant mode for graphics

Loss tolerant mode is thoroughly reworked to ensure that the session remains interactive when packet loss is detected. For more information, see Loss tolerant mode for graphics.

Intelligent Build to Lossless feature

Intelligent Build to Lossless is an enhancement of our existing Build to Lossless feature, designed to deliver a smarter, more efficient experience. With Intelligent Build to Lossless, administrators no longer need to manually configure Build to Lossless, and is automatically applied dynamically in the session on monitors that require it. When the need subsides, Thinwire seamlessly disables it, reverting to regular encoding for optimal performance. This feature is applicable only with a GPU (HDX 3D Pro). To use this feature, the Use video codec for compression setting must be Use when preferred (default), and Visual quality must NOT be Always lossless.

Clipboard synchronization enhancement

This release introduces a clipboard buffering feature to improve clipboard synchronization between the client and the VDA session. Previously, selecting text within the VDA session could overwrite clipboard data copied on the client, preventing users from pasting that data into the VDA. This issue occurs when the PRIMARY selection update mode is set to either ‘Selection changes are updated on both the client and host’ or ‘Client selection changes are not updated on the host’. This issue has been resolved.

The clipboard buffering feature is disabled by default. To enable it, run the following command within the VDA session:

/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\VirtualChannels\Clipboard\ClipboardSelection" -t "REG_DWORD" -v "BufferData" -d "0x00000001" --force
 

Note:

This feature applies to text and BMP data only. File copy functionality is not affected.

Enhanced mouse and trackpad support

We’ve improved handling of raw mouse events for smoother trackpad scrolling and better compatibility with mouse side buttons across various client devices.

Simplified VDA upgrades (preview)

Previously, upgrading VDAs required full manual intervention. Version 2503 simplifies VDA upgrades for DaaS deployments by introducing the VDA Upgrade Agent. Upgrades from version 2503 onward can later be performed directly from a shared or local file path. For more information, see VDA upgrades.

What’s new in earlier releases

For new features included in the releases that shipped after the 1912 LTSR through the 2411 CR, see What’s new history.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

What’s new

April 28, 2025

Contributed by:

What’s new

What’s new in 2503

Support for RHEL 9.5, Rocky Linux 9.5 and Debian 12.9

Non-domain-joined Linux VDA is extended to On-prem CVAD deployment by using MCS provisioning

Extended MATE desktop support

Rootless Xorg is now disabled by default

Secure HDX is now generally available

HDX Direct

WebSocket support for communication between domain-joined VDAs and Delivery Controllers

Customizable login methods

Improved seamless app non-SSO login

Enhanced user authentication

Secondary authentication for FAS SSO failures

Desktop lock on smart card removal

JUMBO_ICONS support

Loss tolerant mode for audio is now enabled by default

Support for loss tolerant mode for graphics

Intelligent Build to Lossless feature

Clipboard synchronization enhancement

Enhanced mouse and trackpad support

Simplified VDA upgrades (preview)

What’s new in earlier releases

In this article