Last month we released the Power and capacity management tech preview for XenApp. If you're using server-side application virtualization and delivery with XenApp, then you'll want to check it out. We've put out a couple of blog posts (1 | 2), a demo, and a couple of videos on it including a XenApp Expert Series video and audio episode with Sridhar Mullapudi (Product Manager). We also have a new episode coming up in July with Juliano Maldaner (the Architect). What's more, both of these rock stars are getting together to do a TechTalk on this same topic.

The TechTalk is going to cover the features, functions and components of Power and capacity management and the guys will also talk about how to deploy it for virtual server infrastructures or physical machines using Wake on LAN. They'll even provide some tips on using this technology to help with migrations.

The great thing about this vs. the other content we've created already is that there's a Q&A at the end so if you're interested in the technology, now's the time to ask your questions.

Stay Updated! Follow XenApp... XenApp on Twitter | XenApp TV-Radio | XenApp Tech Previews

XenApp Expert Series - Profile Management Part 1 - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest research and technology news on XenApp application virtualization. Host Vinny Sosa (@vinnysosa) interviews Citrix Product Manager Dave Wagner on the Profile Management feature of Citrix XenApp and XenDesktop and why this is key technology in the application and desktop virtualization stack. This is part 1 of 2 where we will bring Dave and/or another expert in to dive deeper into Profile Management. Episode 2, Season 1.

ADDITIONAL BACKGROUND: My intro would have been funnier but I totally screwed. I have a strict one take policy one the show though so it stayed as is. Dave is a great character. He has been with Citrix for 8 years 6 months 15 days and 7 hours by the start of this recording. While here, he has managed a number of products including Access Essentials, MetaFrame for UNIX, Conferencing Manager, MetaFrame x64, Desktop Broker/Server, Password Manager, Profile management, Web Interface, and the Linux Client. He doesn't have a Twitter account (yet!). He says he's still too busy jumping on the JAVA/Linux Desktops/Webify Everything bandwagons. After which he needs to jump on the Facebook bandwagon. He loves photography followed closely by video games ... xBox addict at the moment but that usually shifts around every few months. Why? He says he likes video games primarily because it annoys everyone else to think that it's a total waste of his time. Join us for this interesting episode with David Wagner.

Listen to this episode | Listen to the previous episode

Follow XenApp on Twitter

Download XenApp technology previews

XenApp Expert Series - Profile Management Part 1 - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest research and technology news on XenApp application virtualization. Host Vinny Sosa (@vinnysosa) interviews Citrix Product Manager Dave Wagner on the Profile Management feature of Citrix XenApp and XenDesktop and why this is key technology in the application and desktop virtualization stack. This is part 1 of 2 where we will bring Dave and/or another expert in to dive deeper into Profile Management. Episode 2, Season 1.

ADDITIONAL BACKGROUND: My intro would have been funnier but I totally screwed. I have a strict one take policy one the show though so it stayed as is. Dave is a great character. He has been with Citrix for 8 years 6 months 15 days and 7 hours by the start of this recording. While here, he has managed a number of products including Access Essentials, MetaFrame for UNIX, Conferencing Manager, MetaFrame x64, Desktop Broker/Server, Password Manager, Profile management, Web Interface, and the Linux Client. He doesn't have a Twitter account (yet!). He says he's still too busy jumping on the JAVA/Linux Desktops/Webify Everything bandwagons. After which he needs to jump on the Facebook bandwagon. He loves photography followed closely by video games ... xBox addict at the moment but that usually shifts around every few months. Why? He says he likes video games primarily because it annoys everyone else to think that it's a total waste of his time. Join us for this interesting episode with David Wagner.

View this Episode and Subscribe to the XenApp Expert Series

Follow XenApp on Twitter

Download XenApp technology previews

1. In the left pane of the Advanced Configuration tool, select Policies.
2. From the Contents tab, select the policy you want to apply.
3. From the Actions menu, select Policy > Apply this policy to.
4. In the Policy Filters dialog box, select Client Name.
5. Select Filter based on client name.
6. Select Add to add specific client names. Type Xen_iPhone* and enter. Make sure Allow is selected in the Client Name filters window.

Here are some example of things you can change, control and optimize for iPhone users:

• Remove Visual Effect like wallpaper
• Control session limits (e.g. virtual channel controls for clipboard, sound, com, display, etc.)
• Control client devices (Audio, drives, ports, etc.)
• Control encryption
• Assign a service level 

Now, bear in mind... I haven't played with this extensively so some of these settings may not even affect the iPhone user simply because the feature is not available for Receiver for iPhone (e.g. some SpeedScreen/HDX settings). It doesn't hurt to turn some of these off though and experiment. And the ultimate of course is controlling encryption and security settings. Also, once we release our next rev of the Receiver for iPhone which will have improved support for Access Gateway, I am hoping it will allow the assignment of policies based on Access Gateway connections. So at that point you can filter applications for iPhone users as well as control the experience they have with applications when they connect to a XenApp server.

KEWL!

XenApp on Twitter | XenApp TV-Radio | XenApp Tech Previews

This is a tech talk that will be taking place on July 9, 2009. One of our propeller heads will be geeking out on how Citrix ICA (a key feature of Citrix HDX Broadcast) and the CGP protocol function. The discussion, from what I hear, is also going to dissect ICA packets and include best practices for ICA acceleration that will make your overall network traffic more efficient. One of the things I'm particularly interested in hearing about is why single session bandwidth testing isn't accurate.

~snip

In this TechTalk, you'll learn about:

*ICA protocol overview

*ICA bandwidth requirements and testing recommendations

*How Common Gateway Protocol (CGP) relates to ICA

*ICA Performance across the WAN with and without Citrix Repeater

Registration Info

Date: Thursday, July 9, 2009
Time: 1:00pm Eastern/10:00am Pacific
Register for "Decoding the Mysteries of ICA" 

Other Information

XenApp on Twitter | XenApp TV-Radio | XenApp Tech Previews

Hey everyone.

If you know me, then you know my mother. She's the receptionist here at Citrix HQ. I told her about Twitter a few weeks ago and she started an account of her own. She gets the weirdest calls and oddest requests while at answering calls. So, I told her that might be fun to share on Twitter. She's definitely a Citrix personality. You'll want to follow her for a laugh every now and then at @citrixreception.

BTW... you might know Nina. She typically runs the Citrix Store at Synergy, iForum, you name it. Of course, only in the U.S. Drop her a line at twitter. Her latest post is about an employee calling her to ask if the zip code is the same for their building which is right next door to ours. Hilarious!

Enjoy!

Vinny Sosa

XenApp Expert Series - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest news on XenApp application virtualization. Host Vinny Sosa (@vinnysosa) interviews XenApp Product Manager Sridhar Mullapudi (@sridharcitrix) on the new technology preview for Power and Capacity Management and why the technology is such a boone for customers. Episode 1, Season 1.

Listen to this Episode

Follow XenApp on Twitter

Download XenApp technology previews

View the Demo of Power and Capacity Management Install, Configuration, and Function

XenApp Expert Series - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest news on XenApp application virtualization. Host Vinny Sosa (@vinnysosa) interviews XenApp Product Manager Sridhar Mullapudi (@sridharcitrix) on the new technology preview for Power and Capacity Management and why the technology is such a boone for customers. Episode 1, Season 1.

View this Episode and Subscribe to the XenApp Expert Series

Follow XenApp on Twitter

Download XenApp technology previews

View the Demo of Power and Capacity Management Install, Configuration, and Function

We are pleased to announce the availability of the XenApp Beta and Technology Preview center on Citrix.com. It's a simple area that you can visit regularly to access the latest Beta and Technology Preview software available for Citrix XenApp.

Accessing the software may require a MyCitrix login. Each technology preview may have different guidelines, support mechanisms, and documentation so be sure to visit each linked page for more information. Please let us know if this page is useful and how we can improve it.

Hear about XenApp Technology Preview Announcements via the following resources:

• XenApp product home page- http://citrix.com/xenapp
• XenApp Tech Preview center- http://citrix.com/xenapp/techpreviews
• XenApp in Twitter- http://twitter.com/xenappjunkie
• XenApp Blogs- http://citrix.com/xenapp/blogs

Thanks!

Sincerely,

The Citrix XenApp Product Team

Follow the XenApp Product Management and Product Marketing teams on Follow XenApp on Twitter.

For anyone interested in keeping in touch, please feel free to follow me on Twitter at @vinnysosa.

Stay tuned!

Vinny Sosa

When I was an SE in Southern California back in the day, I had a toolkit that I always referred to for specific things. If you know me from those days, you knew that my biggest tool was the wtsuprn.ini file that I had created to map printers in NT 4.0 and Windows 2000 to the correct drivers on user devices. I was addicted to amassing as many mappings as humanly possible. But I had other things too - for example, a set of utilities that I would use to help troubleshoot applications that I wanted to install on XenApp servers. Well, I was talking to a customer today and it made me think back to those days and consider what my application validation toolkit would look like today.
First and foremost, my number one prescription for any application is application virtualization. This, in my experience, has offered the highest level of application compatibility with the least effort. Basically, what this entails is using the profiler tool in XenApp to package your applications. You create a single package that targets multiple operating systems. What's cool about this is that you can include registry keys, scripts, files, and anything else that you want into the application package. Examples might include a specific version of a system DLL that the application requires but which makes other applications fail. You would just isolate the file in the application package and it is made available to the application during run-time without overwriting the system DLL on the target device. Another great benefit of application virtualization is local and offline application delivery. I can essentially deliver apps to servers much faster but also to PC's and even for use while users are disconnected. This is ALWAYS my first step at delivering any application with XenApp... even those that I know will install directly without a problem.

Alas, application virtualization isn't a silver bullet for everyone. Maybe your vendor won't support it and that's a problem for you. Or maybe the application uses a service that can't be isolated. Well, in that case you might need to use a hybrid approach. You have three choices (I've listed them below in order of my preference).

1. Profile the app and stream it (we've already talked about that)
2. Install the service onto target machines and virtualize the application components (basically profile the app and stream it. It will be able to communicate with the installed service on the target device at run-time)
3. Install the application (this is the traditional method of delivery to XenApp servers)

If you have to go with 2 or 3, then you might need tools to help coerce some "poorly written" applications into working in a multi-user environment. Here is my list of utilities and resources that I would use to give customers and partners advice or to troubleshoot the applications myself. Some are resource lists, others are built into XenApp, others are available as free/shareware or for purchase. If you have a tool that you use, add it to this list as a comment. Let's build a list of resources together.

I hope this core list helps you. If you've got other tools, by all means... please list them below as comments and give us a little information about them. Also, I'm interested in knowing how many of you are using application virtualization and profile management. To that end, I'd appreciate if you could complete the quick poll's below. Here's to the community.

UPDATE: You may also wish to check out the TechTalkthat Dan Feller is doing on Application Validation.

Vinny Sosa

On May 5th, Citrix released Receiver for iPhone 1.0 at Synergy in Las Vegas. Receiver for iPhone is a wonderful testament to the HDX experience we're moving towards. The engineering team involved (winks and nods to Steve Parry, Gus Pinto, Ruiguo Yang, et al) graciously accepted a literal barrage of feedback, input, direction changes, and general user griping about usability for this app. The result is a testament to what's possible when you consider the form factor when porting software to different OS's and adjust to suit. In that same vain, and in conjunction with the Receiver for iPhone, Citrix also released two features called Doc Finder and App Viewer.

Doc Finder

App Viewer

In addition to Doc Finder is another really cool feature called App Viewer. The idea behind App Viewer is simple - make the browser invisible. Contrary to what you might think, many, many customers publish web applications for delivery via XenApp. There are a number of reasons for this but that's another blog post. In any case, publishing web apps to small form factor devices like the iPhone wastes a lot of precious real-estate for browser controls and fields that are built for PC's. For example, a user of a published web app from the iPhone doesn't need the URL bar or the window title bar of Internet Explorer... they just need the page. Plus, if you've created a lightweight page for the web app that is customized for SFF users, they probably don't even need scroll bars. This is where app viewer comes in. It's just a web browser with no controls, fields, buttons, scroll bars, etc. To help you understand it more, think about it this way. There are a lot of apps on the iPhone that are actually web pages. They use the Safari browser but it is invisible. Bank of America is one such application. It's a web page but you wouldn't know because of the way it's presented to you. App Viewer makes this possible for applications that are hosted on XenApp. Essentially, App Viewer preserves the experience that users are already familiar with when they access locally installed web apps on their iPhone. Even better is that App Viewer can be used to deliver hosted web applications running on XenApp to Windows Mobile devices as well. In fact, you can use it with any form factor. It's completely configurable. All you need to do is make sure you have an appropriate application interface for the form factors you want to support.

I'm tellin' ya, the engineering guys that worked on this did a great job thinking outside of the box. If you want to check these features out, visit citrix.com/iPhone for more information.

As you can probably imagine, life in a fast-paced technology company like Citrix can be a little hectic, especially around product launch time and around events like Citrix Synergy. Now picture this...

I'm at Citrix Synergy watching the keynote and all of a sudden I start getting e-mails from Citrites in the audience and back at headquarters who are looking for more information on connecting back to headquarters using our shiny new Citrix Receiver for iPhone. Now, I know that I posted a short document on the step by step process for doing this in our environment.  The problem is that the document was missing a critical piece in it (my fault) and I needed to update it immediately. The show was at the MGM Grand (a huge sprawling hotel in Las Vegas) and my room was pretty far away so it would have taken me 15 minutes to get to my room, 10 minutes to update the doc, and another 15 minutes to get back. I would have missed 40 minutes of the keynote. I had no connectivity from the keynote area except using 3G with my iPhone. What better time to put our new stuff to the test.

So... I logged into our Access Gateway via the Receiver for iPhone and used my domain credentials and RSA token to login and get a list of my apps. I tap Doc Finder, open my instruction doc and edit it using a full version of Microsoft Office. No big deal... just had to add a couple of lines of text. I save it off and then go back to my app list and open Internet Explorer. From there, I visit my Sharepoint site and upload the document. I even manage to make a couple of updates to the web page where it's posted before I sign off and 'reply to all' that the solution has been posted and problem fixed. 

It took me 15 minutes to do it and I didn't miss a single second of opening keynote at Synergy. Sure... you could argue that I needed the exercise and should have walked back to my room but the opening keynote speaker was amazing and I'm happy I didn't go. The Receiver for iPhone allowed me to get my job done in a pinch to keep other employees productive. Now that's value you can take to the bank.

What was my experience like? I imagine there were lots of folks using the Receiver from the keynote over 3G and I was experiencing some sluggish performance but not enough to make the experience unusable. I think we still have a little bit of work to do on click/tap accuracy because there were a couple of times where I had trouble positioning the cursor (it could have also been Sharepoint. On memory, I can't remember where to place the blame ). It took a little bit of practice but I got the hang of it. Thank goodness for Pan and Zoom and copy and paste on the keyboard. The Save button also afforded me a little extra time too. All in all, it worked quite well in the pinch I was in. This is exactly what the Receiver for iPhone was created for.

Now if only Apple would create a cradle that could turn my iPhone into a thin client. That would be awesome!

Learn more at [http://citrix.com/iphone]. 

This past week, I took two days off to visit the happiest place on Earth... Disney World, of course. Well, the happiest place on Earth made me sick - so sick that the last day of our trip was nearly unbearable for me. We got home on Sunday and I felt worse with 102-degree fever.  My wife started getting the same symptoms as myself and now we're really worried because she is 4 months pregnant. My daughter had a little cough but nothing to worry about at the time. I dreaded having to wake up on Monday morning and getting back to work but I had some catching up to do. There's never a good time to take vacation but I took it now so being sick will have to take a back seat.

I don't want to be at work and infect any of my team with whatever I have so I decide to go into the office to pick up some things and work from home. On my way in, I pick up CNN Headline News and Robin Meade talking about a possible flu pandemic in Mexico with a few reported cases in other countries including the U.S. - mostly in areas with lots of international travelers.

My brain now makes a full STOP. Wasn't I was just in one of those places (aka Disney). My daughter took countless pictures with Minnie, Mickey, Donald, and all those other marketing gimmicks in Never-Never land. She kissed them all on the nose. The same nose that thousands of other kids kissed that day. Some of those kids were from Mexico. THen she kissed me, my wife and my mother-in-law. If that didn't get us, rubbing elbows with thousands of other internationals could have. President Obama said, "it's cause for concern but not alarm". Well, I really like the new guy but I am alarmed at this point.

All I can say is thank GOD for Citrix and our technology. It's exactly what a paranoid husband and father needs at a time like this. See, I put in an honest days work today thanks to Citrix XenApp, GoToMeeting and GoToMyPC. And guess what... My manager told me I should stay home tomorrow vs. coming in because I could still be contagious and could infect others. She has that option because we use Citrix technology. She has a virtual workforce. If she wanted me to work in Zimbabwe, I could. We have a virtual workforce enabled on a worldwide scale. Now, if you think letting your employees work from home leads to reduced productivity... think again. Look at the time on this posting. It's past 1am Eastern Standard Time and I feel compelled to work longer, not just to keep pace, but to surpass expectations.

For those not aware, this outbreak is being labeled as  Phase 4 by the World Health Organization. It hasn't gone beyond 3 since the Bird Flu. Whatever happens with this Swine Flu thing - pandemic or not - Citrix itself is vaccinated. Are you? Is your business ready? If you aren't sure, then you need to look at Citrix. Even if the Swine Flu turns out to be a bunch of bologna, ask yourself this... would you have been prepared? How could this have affected your business? What happens if the next pandemic or disaster is not so kind. To most, the answer is devastating. Imagine, people being quarantined at home, your workers calling in sick right and left, no one on premises. All of that can be avoided with a virtual workforce enabled by Citrix. And best of all, IT can do this TODAY... no marketing gimmicks, no magic. Even if you don't have an IT department because you're a small business, you can empower yourself with Citrix GoToMeeting and Citrix GoToMyPC.

As for me, my wife's fever spiked this afternoon and I was able to be home to help balance the load. Our little one is a handful even when sick but now she sings tunes from Disney movies like a broken record (Heaven help me). Anyway, the point I was trying to make is that I was home to take care of my wife and my daughter when they needed me most and I didn't have to sacrifice my work to do that. After 11 years at this company it's still amazing that I can tell that kind of story with ease. I'll work from home again tomorrow as we have some doctor's appointments scheduled just to be safe. Gosh I love being employed at a virtual workplace.

We've got a great lineup of events and podcast for you this month on the XenApp 5 Feature Pack. 3 events below.

XenApp 5 Feature Pack explained w/Doug Brown & Vinny Sosa

Date: (Available today) Wednesday, March 11, 2009

Register Here:  DABCC Radio at dabcc.com

Summary: Douglas Brown interviews Vinny Sosa, Senior Technical Marketing Manager at Citrix.   Vinny and Doug will discuss the recently released Citrix XenApp 5 Feature Pack. Vinny will discuss each new feature along with why this release is so important for you and your business, especially considering the current economic situation. This is a fun, engaging and transparent podcast where we'll also discuss Doug's pet peeves on Single sign-on, what the heck is that EasyCall stuff anyway, Mac and Microsoft preferences, and general techie diversions that always ensue.

Project Virtual Reality Check, a Geek Speak Virtual Webcast

Date: Thursday, March 26, 2009 1:00pm Eastern (DST) /10:00 Pacific

Register Here: wwww.citrix.com/geekspeakvirtual

Summary: With XenServer now a part of XenApp 5 Feature Pack, you'll want to join two renowned virtualization gurus - Ruben Spruijt, Solutions Architect at PQR and Jeroen van de Kamp , CTO at Log-in Consultants, as they discuss the results of Project Virtual Reality Check (VRC) - a joint research venture on optimal configuration for the different available hypervisors (hardware virtualization layers). The project arises from the growing demand for substantiated advice on how to virtualize and scale for Terminal Server and Virtual Desktop (VDI) workloads.  The first phase of Project VRC compares the performance of virtualizing Windows XP and 32-bit Windows 2003 Terminal Services on ESX, XenServer, Hyper-v, and bare-metal hardware.

TechTalk on XenApp 5 Feature Pack

Date: March 31, 2009

Time: 2:00pm Eastern/11:00am Pacific

Register Here: gotomeeting.com/register

Citrix has just released  XenApp 5 Feature Pack.  In this TechTalk session, we'll discuss the technical aspects of the new features, with focus on the following:

• Provisioning services, Load testing services and XenServer virtualization
• Profile Management
• Workflow Studio Orchestration
• Citrix Receiver, including iPhone plugin

You might have noticed our announcement last week on XenApp 5 Feature Pack. With all of its great new features and functions, it's easy to see the many cost savings opportunities it brings. One of these is the new freedom that customers get with Single sign-on.

Single sign-on is a XenApp Platinum edition feature. With it, you can enable Single sign-on for any hosted application you deliver – that is, apps that run on the server. Now, with XenApp 5 Feature Pack, you can also use it at the endpoint without having to purchase additional licenses at a cost of $150 per concurrent user. So, as an example, if your company has 3000 users who use XenApp and you bought 1000 XenApp Platinum licenses, with the new licensing policy change in Single sign-on, you can use it for all the 3000 users and for their end point use as well. This saves you from buying additional 2000 licenses. On top of those cost savings, it can potentially reduce password related helpdesk costs by 20-30% and increase user productivity (since they won't be calling the helpdesk about a frozen password or locked account). But Single sign-on isn't all you can do with this technology set.

First, as a best practice, you should deliver any password-protected application as a hosted application. Why? The first time the user tries to access any password protected application, Single sign-on will ask to store their credentials for that application. The user provides their credentials via the encrypted connection and it is stored in an active directory store or in an encrypted store. Simple enough. But here is where the magic begins.

You configure the application to ask the user to change their password after the first logon. This is standard practice in your high security organization, right? (wink wink) Normally the user would change their password by re-sending the password over the connection, not once, but twice to verify that it's correct. So, if there was a key logger on their side the new password has just been compromised even before it is accepted by your system as the new password. But with Single sign-on, this problem is eliminated. It can be configured such that whenever the application asks the user to change their password, Single sign-on will automatically respond with a new cryptic password that matches policies that you have set. And since single sign-on is doing it in the data center, then there's no way a key logger on the users device can capture it.

Another thing is that since single sign-on changed their password, the user doesn't know their application password anymore, nor do they need to because single sign-on will provide it to the application anytime they need access. But don't be worried - if you need to cut off their access, you can be confident that shutting down their active directory account will do the job because if they can't access the system, they can't access the password via single sign-on. With manual methods of logon, they would still be able to access the application with their application password using someone else's AD credentials. With single sign-on in XenApp, this problem is eliminated. This is called "maintaining the login chain". Basically, you ensure that the user that logged into the system is the same user that logged into the application. Great for compliance purposes.

Up to this point I've been talking about hosted applications. I did mention that XenApp 5 Feature Pack now adds the ability to use single sign-on at the end-point. This is a great solution when you have a password protected application that isn't hosted on XenApp. Maybe you have streamed it to the physical or virtual desktop. You get the same benefits of single sign-on. The only difference is that you're not protected from key loggers except from virus software and such. This is why I say that the best practice is to host and run any application that requires a logon from your XenApp servers. If you still need to do it at the desktop, the good part is that single sign-on still maintains the login chain and it still automatically changes passwords to make sure that they meet your organizational standards.

Now, as soon as I even mentioned single sign-on, you were probably thinking about that old "keys to the kingdom" argument. It's a valid one. But when implementing single sign-on you've got to do some things differently. First, using single sign-on means that you simplify your users' life by taking away their need to remember all those application passwords (or write them down on a post it note somewhere). This is just the proof you need to force users to create a stronger domain password via AD password policies. In addition, single sign-on with XenApp also lets you configure whether users have to prove who they are by logging in again before automatically logging them into their application.

And if you're really paranoid (which you should be), you can add multi-factor authentication (e.g. RSA Secure ID, Secure Computing Safeword, SmartCard authentication, etc.) to your primary credentials. Yes, multi-factor authentication can be a bit cumbersome, but you just made life easier for them. Surely a trade-off is in order. And since multi-factor authentication such as token-pin combinations or Smartcards are pretty much useless to key loggers (they use changing numbers or digital certs), you're much better off than having users enter every single application password for what they need to access.

Single sign-on with XenApp also includes self-service password reset (SSPR). With SSPR, if your users get locked out of their domain account, you can let them securely unlock it by answering security questions that you set up. You can customize the questions and users personalize the answers when they set up the service. You can then enable self-service password reset and account unlock from the Windows logon screen or even from XenApp Web interface. This feature is all about reducing helpdesk calls and increasing user productivity. Good stuff for sure, and best of all, you can use SSPR independently of whether you choose to use single sign-on for your applications.

So, just to boil this down, single sign-on reduces helpdesk costs, increases password strength, increases application security, and enhances compliance. Your ability to use single sign-on in your own environment will vary on a number of factors from company culture to the level of paranoia of your security architect to whether you're the CIA. However, if you can use it, you should – even if it's just for the self-service password reset and account unlock feature. In these economic times, anything that can save you money is worth checking out.

Want to learn more? Also, check out Citrix.com/upgradetoxenapp5. Stay tuned for weekly blogs on XenApp 5 Feature Pack. As always, let us know your thoughts, questions and feedback below.

This post is part of a multi-part series on XenApp 5 Feature Pack:

• Part 1: Citrix Releases its own Economic Stimulus Plan with XenApp 5 Feature Pack
• Part 2: Manage your entire server farm from a single image with XenApp 5 Feature Pack
• Part 3: Profile Management, new in XenApp 5 Feature Pack! When does it make sense for your business?
• Part 4: Single Sign-on for any user! New in XenApp 5 Feature Pack! 
• Part 5: XenApp 5 Feature Pack Transforms Server Sizing from an Art to an Exact Science!

By: Vinny Sosa with contributions from Pete Downing

On Monday, February 23rd, Citrix announced the release of XenApp 5 Feature Pack. This release includes a whole slew of features designed to save customers money. In total, XenApp 5 Feature Pack adds over $340 dollars of combined license and subscription advantage value. But one of the most beneficial things we added to our Platinum edition is Provisioning services.

Single Image Server Management

Prior to XenApp 5 Feature Pack, many customers scripted their installs or created multiple server images to help them manage their XenApp hosting server implementation. Scripted installs can be cumbersome to create and they're definitely not for everyone. Plus, they typically do not reduce implementation time, they just automate the process. Now, if you've got application silo's, scripting application installs can also add another layer of complexity on top of the server install automation process. Of course you could also use an ESD solution to get the apps on the server as well, but you get the point - layers of complication that don't really save time or effort.

Creating standardized server images helps address some of the server management issues by giving admins a standardized image to build XenApp servers from. If you're technical, you understand the process of generalizing a server image using such command line tools as "sysprep". This is a great solution for small implementations but with larger environments, application silo's tend to lead to multiple server images that need to be managed. With multiple server images come multiple updates and points of management when anything needs to be changed. This can include something as simple as tweaking an application setting or hotfixing a server. It's these small tweaks and changes that also make it difficult to maintain a scripted install type of solution over the long-term.

Enter XenApp Provisioning services.

Long awaited as a component of XenApp since as far back as I can remember, Provisioning services enables you to PXE-boot your servers from a single, generalized XenApp server image. It's cuts server implementation time because you can bring up a new XenApp server in the time it takes to boot up - no need for an install, no need for additional configuration. If you need to update your server configuration, no problem, and no need to modify an install script. Simply open your standard image, install the Hotfix and reboot your servers - it's that simple.As if that weren't enough, something really cool happens when you bring together the four key technologies included in XenApp 5 Feature Pack - the XenServer virtualization platform, Provisioning services, Load testing and Application streaming. I like to call it just-in-time server provisioning. You might also have heard it referred to as build-to-order server provisioning. Here's how it comes together:

• Create Physical and Virtual Images - Use vDisks to create physical server images and use XenServer to create virtual images for later provisioning. XenServer, now free, lets you virtualize your XenApp hosting servers (workloads). With this you can convert a single physical server with lots of idle capacity into two or more virtual servers that are running at full capacity. Hence, you can always give idle capacity to the users, apps or lines of business that need it most. This is very helpful in cases where server silos might still be necessary, since idle capacity is rampant in these kinds of deployments.
• Benchmark Your Images - Test the performance of your standard server image, both as a virtual server and as a physical server, using Load testing services. This will tell you how many users you can support so that you know exactly how much capacity you are adding or taking away every time you provision or deprovision servers.
• Provision Your Servers - Use Provisioning services to start-up new physical or virtual servers using your standardized server image(s) (the one(s) you already benchmarked with Load testing services).
• Stream Applications - Streaming applications to virtual servers means that you no longer have to maintain multiple server images for your server silos. In fact, it means that server silos are likely a thing of the past in your environment. Let's say you have a user trying to access SAP. You've added new servers because it's quarter-end and you need more capacity. The user get's load balanced to one of your new servers and SAP is automatically streamed to the new server the first time it is accessed. Every subsequent user that accesses SAP on that server will no longer have to stream it again. You've just completely bypassed the need to install applications all together.
• Self-heal Your Environment - Application self-healing is an automated benefit of streamed applications. Basically, if an application is corrupted or starts to misbehave, the next user to access it will start a repair request and it will be fixed for all users on the same server. If you continue to have problems with any of your servers, simply reboot them and Provisioning services delivers a squeaky-clean image in the time it takes to boot up.
• Fail-over Seamlessly and Gracefully - If you need to move your XenApp implementation to a DR site or you need to perform hardware maintenance, you now have two options. You can use XenMotion, included with XenServer for free, to seamlessly move your virtual servers between different physical servers without even shutting them down. You can also use Provisioning services to move physical or virtual servers to a new location or physical server as well.

Essentially, this all adds up to the most dynamic application delivery system on the market today. Want to learn more?. Download the XenAppPrep tool for Provisioning services,at CTX116063. Also, check out Citrix.com/upgradetoxenapp5. Stay tuned for weekly blogs on XenApp 5 Feature Pack. As always, let us know your thoughts, questions and feedback below.

• Part 1: Citrix Releases its own Economic Stimulus Plan with XenApp 5 Feature Pack
• Part 2: Manage your entire server farm from a single image with XenApp 5 Feature Pack
• Part 3: Profile Management, new in XenApp 5 Feature Pack! When does it make sense for your business?
• Part 4: Single Sign-on for any user! New in XenApp 5 Feature Pack! 
• Part 5: XenApp 5 Feature Pack Transforms Server Sizing from an Art to an Exact Science!

On June 20, 2008 the XenApp Technical Marketing team released the new version of the Evaluation Virtual Appliance (EVA) for Citrix XenApp (the new name for Presentation Server). This EVA lets you easily evaluate Presentation Server 4.5 with Feature Pack 1 and includes enhancements such as:

• Reduced file size and fewer files - just a single 8.6 GB file for XenApp Platinum Edition
• Managed download utility for increased download reliability anywhere in the world
• Faster downloads through Akamai hosting with Worldwide replication
• Updated and improved Quick Start Guide
• Addition of Hotfix Rollup Pack 2 and the latest Citrix client software for the most up-to-date evaluation experience

This kit is great and has come a long way. In previous releases you would have to download about 19 files which was just such a pain (albeit better than nothing). I personally felt it was such a burden but at the time it was our only option. in the past, it would have taken some folks a number of days to manage the downloads. With this release, we've optimized the EVA to take up just 8.6GB for Platinum Edition vs. 14.4GB which was the previous size. We've also hosted it on Akamai as a managed download and in our tests it has taken about 4 hours over a Broadband connection. This is obviously far better than a few days. Plus, Akamai mirrors globally so international downloads should be faster as well. In the kit, you get 3 servers - a domain controller, a Citrix services server and an application virtualization server. During installation and extraction you'll register for a license and registration code which you will receive in e-mail. Then you're free to use the machines for 30 days.

The EVA is a great tool for evaluations, demonstrations and even application testing. You can even use it to profile applications prior to rolling them out to production. There are lots of uses of this pre-packaged kit. You'll definitely want to check this new EVA out even if you have tried previous versions already.

Download and support links below...

• Download Site
• Quick Start Guide
• Support Forum

Let us know if you have any questions through the support forum. Comments, suggestions... post them to this blog post.

In the process of working on a project I had to gather all of the ports used by Citrix XenApp (the new name for Citrix Presentation Server). I had to look in a number of documents and KB articles. All I have to say is WHEW! I thought this might be useful for someone out there since I would have liked to have something similar. There are other ports too but I felt they weren't important (or perhaps I didn't understand how important they were so I left them out   ). Many of these are not Citrix ports but rather the service ports that we use to communicate into the infrastructure (such as LDAP). Hope this helps someone. If you find an obvious error or something omitted, please be sure to comment to this post. Enjoy!

Definitely nice to see that regardless of all of these ports, all clients/users need to connect are HTTP(S)-TCP ports 80 or 443.

NOTE: For more information on commonly known ports, visit http://www.iana.org/assignments/port-numbers. 

• Application Performance Monitoring (powered by Citrix EdgeSight)
  • EdgeSight Agent to Edgesight Server - TCP 80/443 (Payload and alerts)
  • EdgeSight Web console (non-IMA) to RSCorSvc on EdgeSight Agent - TCP 9035
  • EdgeSight Agent internal communication - TCP 9036 (client-side database) NOTE: After EdgeSight 4.5, replaced with IPC)
  • EdgeSight database - SQL 1433 (configurable)
• Client-side Application Virtualization -
  • Streaming Client to Application Hub (File Server/Share) - SMB 445
• EasyCall -
  • To client - HTTP(S)-TCP 8443 (PSync)
  • To Admin console (non-IMA) - TCP 443
  • To LDAP Directory- TCP 389
  • To PBX - port varies by vendor
• Independent Management Architecture (IMA) Services - TCP 2512, 2513
• Licensing Service - TCP 27000, 27009 (configurable)
• Server-side Application Virtualization
  • Management Console (Using IMA) - TCP 2512, 2513
  • Application requests - TCP XML 80, 8080 or 443 (configurable)
  • Access to Applications Virtualized on the Server - ICA-TCP 1494, 2598 (Session Reliability)
• Single Sign-on (powered by Citrix Password Manager)
  • Management Console (non-IMA) or Agent to Password Manager Service - TCP-443
  • Management Console (non-IMA), Agent or Service to credential store
    • Network File Share Credential Store - TCP/UDP 445 (CIFS) or TCP/UDP 135-139 (NetBIOS)
    • Active Directory Credential Store - TCP/UDP - 389, 636, TCP - 3268, 3269
    • Novell File Share Credential Store - TCP/UDP - 524  
• SmartAccess (powered by Citrix Access Gateway)
  • Standard and Advanced Edition
    • Client connections- TCP-SSL 443 (configurable)
    • Advanced Access Control (AAC) to Appliance communication - TCP 80 or 443 (configurable), 9001, 9002, 9005
    • Management Console
      • to Appliance (non-IMA) - 9001, 9002, 9005
      • to AAC - IMA-TCP-2513
  • Enterprise Edition
    • To client - SSL-TCP 443
    • To internal network - SSL-TCP 443, Native Authentication port (i.e. RADIUS 1812, LDAP 389), Native application ports (i.e. ICA-1494)
    • Management console (non-IMA) - SSH-TCP 22, HTTP(S)-TCP 80/443
• SmartAuditor -
  • Management (non-IMA) - Use local console on Agent or on Server.
  • Agent to Broker (Recording and Policy Check) - TCP 80/443 (configurable)
  • Player to Broker - TCP 80/443 (configurable)
  • Agent to Server (Metadata and Video)- Microsoft Message Queuing,
    • Default - TCP: 1801; RPC: 135, 2101*, 2103*, 2105*; UDP: 3527, 1801 (*These port numbers may be incremented by 11 if the initia choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.)
    • Over SSL- TCP 80,443
• WAN Optimizer -Guidance provided was to get it from Admin Guide
  • Appliance to Appliance - Pass-through native application port (e.g. ICA-1494, HTTP-80, LDAP-389)
  • Management Console (non-IMA) - TCP 80
  • Client to Appliance - TCP 443
• Web Interface
  • Client connections - TCP 80/443 (configurable)
  • Server-to-server - TCP XML 80/8080, 443 (using SSL Relay)
  • Management console (partially IMA) - DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443

Brian Madden created a webinar that helped to explain some core communications processes. That might also be useful and you can find it here (called Understanding and Designing Presentation Server Farms).