Nowadays there is a rising need for most call centers across the world to allow their agents to work from home. This is a matter not only of workplace flexibility policies, but also and more importantly, providing the right technical tools to achieve a seamless and effective transition to a remote model.


Many different driving factors can lead corporations into this direction, for example a global pandemic like the one the world is currently suffering due to Covid-19. Regardless of the cause, it is critical for companies to be prepared for these scenarios that require fast response to allow employees to work from home. In addition to this, it is important not only to provide employees or agents with solutions that enable working from home, but also to do so with a secure and reliable connection to their applications, and if possible, providing more than one access point such that agents have access with fault tolerant links from home. There is an important challenge for this scenario: agents working from home usually establish phone calls to assist customers. Most of them use VoIP applications which of course are highly susceptible to the quality of the link used for communication.


Citrix SD-WAN Standard Edition (SE – Virtual WAN) could be the solution that call centers seek for this use case: ensuring that a virtual WAN can be established between the agent’s home and the company’s data center. Citrix SD-WAN not only works by delivering the possibility of using two or more internet links simultaneously, but it´s also very useful when classifying the traffic that flows through these links (virtual path), using well-known QoS capabilities, giving preferential treatment to voice traffic. This solution is even more powerful if the company has deployed Citrix Virtual Apps and Desktops (CVAD), so that agents have access to a VDI platform where they have their voice application installed. Citrix SD-WAN recognizes the CVAD traffic (ICA protocol) and enforces policies such as duplicating voice traffic so that it uses more than one link simultaneously.


These guidelines intend to be useful for call centers that have already deployed CVAD and want to provide agents with secure access to the VoIP application (VDI) from home, providing the satisfactory voice quality expected for their support calls.




The following is a list of products, infrastructure and resources recommended to provide a solution of this nature. It is assumed that the company already has a virtualized voice solution through CVAD and that the agents use thin clients/PCs at their workstations:


  • Citrix XenApp and XenDesktop or Citrix Virtual Apps and Desktops (7.17/7 v1808 or higher is ideal), to provide the virtualized VoIP application.

  • Citrix Gateway/Citrix ADC (latest build of release 12.1 is recommended), for encrypted user authentication.

  • Citrix SD-WAN SE (version 10.2.6 is recommended), for Virtual WAN and Application QoS.

  • Thin clients (from vendors such as HP, Dell and IGEL), Personal Computers, or laptops; as the end-user terminal to access virtualized environments.

  • For Windows endpoints: Citrix Workspace app (1808) or Citrix Receiver (4.10)

  • For Mac endpoints: Citrix Workspace app (1808) or Citrix Receiver for Mac (12.8)

  • ISP LTE SIM cards, to allow a second Internet access at home.


The proposed solution utilizes Citrix Virtual Apps and Desktop Infrastructure and SD-WAN to ensure high-quality network connectivity for resilient voice communications. One of the benefits expected is that a critical VoIP application can run inside a virtual desktop without degradation of voice quality, which should be achieved by combining the Virtual Desktop Infrastructure with the SD-WAN capabilities.


It is expected that home users will have their existing home Internet and a new LTE link, which would be aggregated (Virtual WAN) through the SD-WAN LTE appliance. The following is a list of SD-WAN appliance options supporting LTE SIM cards (for home use):


  • 110-LTE-WiFi-SE.

  • 210-LTE-SE.


The following is a list of SD-WAN appliance options for data center use:


  • 6100 SE (ultra-high performance for very busy data centers).

  • 5100 SE (high performance for busy data centers).

  • 4100 SE (high performance for busy data centers).

  • 2100 SE (medium performance for data centers).





The proposed solution integrates the use of thin clients/PCs/laptops, Citrix SD-WAN SE LTE (home/client), Citrix Gateway, Citrix SD-WAN SE (data center/MCN) and Citrix Virtual Apps and Desktops.


The following steps describe the communication process and the role of each component.


The agent at home will connect from a terminal to a specific URL (i.e., via browser or the Citrix Workspace app (WSA). This URL will be represented by a Citrix Gateway virtual server (at the data center) which will request user credentials for authentication (Citrix Gateway is capable of doing Multi-Factor Authentication – MFA, if needed). Once authentication is completed, the Gateway passes credentials to StoreFront for Single-Sign On (SSO) and StoreFront could be configured to use the Gateway for authentication only, StoreFront presents the applications and desktops and then the agent is able to launch the VoIP application from the virtual desktop. In this scenario the ICA session is created directly from the user terminal to the CVAD server (the Gateway wouldn´t be used for subsequent traffic).


An important process was intentionally omitted from the description above, as it deserves a higher level of detail. Before the user is able to access the Citrix Gateway logon page, the following needs to happen: the Citrix SD-WAN Master Control Node (MCN at data center) will establish a tunnel to the SD-WAN client (home), creating a virtual WAN containing several individual paths (the number depends on the amount of Internet links available). The purpose of having more than one Internet link at home is to provide fault tolerance: if one link is lost during a call, SD-WAN will maintain the call and this should be transparent for the agent and customer. In this scenario it is ideal to configure SD-WAN to duplicate paths for voice traffic and configure application QoS. The traffic flowing through the tunnel will be encrypted by SD-WAN and the voice traffic will receive QoS depending on the configured policies.  Ideally, the option used for treating voice traffic is based on the Multi-Stream Single-Port ICA feature of Citrix SD-WAN and CVAD, but there are other options such as Multi-Stream Multi-Port, UDP Audio, and HDX EDT. The optimal choice for each company will depend on the existing CVAD environment and other specific parameters (i.e. using Windows vs Linux WSA).


The following diagram depicts a proposed topology using Citrix SD-WAN:


Proposed topology using Citrix SD-WAN
Proposed topology using Citrix SD-WAN


Of course, the architecture diagram might change for each company case.



The following are some potential risks that should be considered for a future SD-WAN deployment:


  • There might be no control of home bandwidth usage since agents will be using the existing home Internet link for personal purposes as well as the connection to the data center.

  • The total bandwidth available at the data center and its usage is critical. The existing Internet link(s) could be in use for general Internet traffic at the data center. It might be beneficial to acquire a new additional internet link(s) at the data center, exclusively for the SD-WAN traffic.



The following links can be used for further details of each technology:


  1. SD-WAN Multi-Stream Single-Port AutoQoS:

  2. SD-WAN Application QoS:

  3. CVAD Audio Features:

  4. Configure Group Policy to enable audio settings for receiver

  5. ICA Multi-Stream Virtual Channel assignment:

  6. How to Configure HDX Enlightened Data Transport Protocol:

Leave a Reply

Your email address will not be published. Required fields are marked *