Framehawk – Why, When and How

Recently I held session at  Citrix User Group conference in Norway regarding Framehawk. That resulted in a blogpost where I described my thoughts and experiences of testing the technology.

The feedback from that post inspired Marius Sandbu (@msandbu) and me to do a co-written blog where we take a look at the resource usage between the Framehawk and Thinwire Compatibility Mode
That post will be up in a few days time.

After my session at the cruise-ship, I was asked by some of the attendees if I could write a post with some of the info I had presented, mainly regarding installation and limitations as of today.

So, without further ado;

Framehawk is as described earlier a new protocol in the HDX stack that does marvels when we are having a connection with packet loss, something Thinwire cannot handle so well.
An important part to note is that we are depending on good bandwith when using this technology, at least a 4-5Mbps connection + 150Kbps per user. (Compared to Thinwire which has a recommendation of 1,5Mbps and 150Kbps per user

To read more about the Framehawk technology I recommend the following blog posts by Derek Thorslund and Mayunk Jain:

Framehawk came out to the public with XenDesktop Feature Pack 2 as a standalone implementation , and with the release of Feature pack 3 it was supported in the VDA.

With XenDesktop 5.6 and XenApp 6.5 we used optimization technologies as Progressive display, Adaptive Display and Aero Redirection.

With XenDesktop we can now also use Legacy thinwire. Thinwire Advance (H.264), Thinwire Compatibility Mode, DCR and Framehawk.

All these possibilities gives us an the tools we need to meet the most scenarios and challenges, and still deliver a good user experience for a remote user.

The problem for the admin is to know when to use what. Citrix has this great table where we can compare them.


Basically is Framehawk at its peak when we have packet loss with or without latency, but it needs bandwidth!
So in most cases will Thinwire Plus (Thinwire Compatibilty Mode, A loved child has many names) be better to use since it needs less bandwidth, uses less CPU and has the best compatibility, meaning it works on all endpoints, requires nothing except receiver.


To be able to use this feature we need to download FP3 from Citrix downloads and install the following components

Server hosting Citrix Director

  • New version of Director to show information regarding Framehawk
  • WMIProxy (so the director can retrieve information from the VDAs)
Delivery Controller
  • Citrix Group Policy Management 7.6.300 (to be able to enable Framehawk through policies)
  • Powershell modules
XenApp / Desktops
  • New VDA for Servers and Desktops




We get the following new policies when we have installed Citrix Group Policy management on the Delivery Controller


We can now enable Framehawk and, if needed, change the ports it gonna use (Default UDP 3224 – 3324)

Netscaler support

As of  NetScaler Gateway 11.0-62.10 we finally have support for external users (which imho is where we find the use cases)

To enable this we need to do the following;

The first thing we need to do is activating DTLS on the virtual server. (DTLS is for UDP what SSL is for TCP)


This should be reflected in the overview under Basic Settings


We now need to rebind the Server Certificate so it will be valid for DTLS
Click Server certificates and choose unbind.



Click close and verify that there is no server certificate bound and the state of the virtual server is down.


Click Server Certificates once again and choose the same certificate you had bound earlier and bind it again.



You will get the following error message which you safely can ignore (according to citrix article CTX135519)


Verify that the State is up and that you have a Server Certificate bound to the Virtual Server


If you are planning to use Framehawk with iOS you have to add the following parameter in default.ica



We can monitor the sessions in Director and verifying if Framehawk is in use or not by go to the details apge in the session and scroll down to the HDX overview and click on Framehawk.

Here we are looking for two values

  • Provider should show V3D3 (for desktops) or 4 (for XenApp sessions)
  • Connected should show True

If it isn’t so you need to conform that the right ports are open in the firewalls.
You can use a fee tool called iPerf to do so since telnet is not able to check UDP ports.

The following picture shows which ports are used when using Framehawk or Thinwire:



There are still “a few” improvements needed when it comes to Netscaler support


  • Netscaler Gateway
  • Netscaler Gateway with GSLB

Not Supported:

  • Netscaler Gatewya with Unified Gateway
  • HDX Insight
  • Netscaler Gateway in IPv6 mode
  • Multiple STA on Netscaler Gateway
  • Netscaler Gateway in HA
  • Netscaler Gateway Clustering
  • Netscaler in Double Hop
Other things to take into considerations;
  • Multi monitor is not supported (will fall back to Thinwire)
  • 4K displays is not supported (will fall back to Thinwire)
  • Maximum resolution is 2048 x 2048
  • Netscaler session may crash after prolonged use
  • If both Legacy Mode and Framehawk is enabled, the following will happen
    • Desktop OS : Framehawk will be used
    • Server OS:     Legacy Mode will be used
That is all I have for now and thank you for reading! :)
The sources used to create this presentation is listed below.











No comments yet.

Leave a Comment

Blue Captcha Image